Re: crypto camouflage in software

1999-10-08 Thread Ed Gerck 



"paul a. bauerschmidt" wrote:

> neat question:
>
> http://www.arcot.com/arcot_ieee.pdf
>
>  a method of protecting private keys using camouflage, in software, to
>  prevent dictionary attacks.
>
>  one password will decrypt correctly, many other passwords will produce
>  alternate, valid-looking keys to fool an attacker.
>
>  is this an example of security through obscurity (a thought which many
>  frown upon, it seems)?

No, it is IMO a valid example of security through ambiguity.  Side-tracking
attackers is a useful method employed for example in a more direct form
in the UNIX crypt salt method -- which also reduces the efficiency of dictionary
attacks.


Cheers,

Ed Gerck

Fourth and final announcement for ECC '99 (fwd)

1999-10-08 Thread M Taylor 


-- Forwarded message --
Subject: Fourth and final announcement for ECC '99
Date: Fri, 8 Oct 1999 10:52:15 -0400
To: [EMAIL PROTECTED]
From: Frances Hannigan <[EMAIL PROTECTED]>

=
The 3rd workshop on Elliptic Curve Cryptography (ECC '99)
=

University of Waterloo, Waterloo, Ontario, Canada
November 1, 2 & 3, 1999


FOURTH and FINAL ANNOUNCEMENTOctober 5, 1999


ECC '99 is the third in a series of annual workshops dedicated to the
study of elliptic curve cryptography. ECC '99 will have a broader
scope than ECC '98 and ECC '97, which focussed primarily on the
elliptic curve discrete logarithm problem. The main themes of
ECC '99 will be:
  - Provably secure discrete log-based cryptographic protocols for
encryption, signatures and key agreement.
  - Efficient software and hardware implementation of elliptic curve
cryptosystems.
  - The discrete logarithm and elliptic curve discrete logarithm problems.

It is hoped that the meeting will encourage and stimulate further
research on the security and implementation of elliptic curve
cryptosystems and related areas, and encourage collaboration between
mathematicians, computer scientists and engineers in the academic,
industry and government sectors.

There will be 15 invited lectures (and no contributed talks), with
the remaining time used for informal discussions.


SPONSORS:
 Certicom Corp.
 Communications and Information Technology Ontario (CITO, Canada)
 MasterCard International
 Mondex International Limited
 University of Waterloo


ORGANIZERS:
 Alfred Menezes (University of Waterloo)
 Scott Vanstone (University of Waterloo)


SPEAKERS:
 Michel Abdalla (University of California at San Diego, USA)
 Mihir Bellare  (University of California at San Diego, USA)
 Simon Blake-Wilson (Certicom Corp., Canada)
 Robert Gallant (Certicom Corp., Canada)
 Philippe Golle (Stanford University, USA)
 Dan Gordon (Centre for Communications Research, USA)
 Arjen Lenstra  (Citibank, USA)
 Reynald Lercier(Centre d'Electronique de L'Armement, France)
 Michele Mosca  (University of Waterloo, Canada)
 Christof Paar  (Worcester Polytechnic Institute, USA)
 Jerome Solinas (National Security Agency, NSA)
 Andreas Stein  (University of Waterloo, Canada)
 Jacques Stern  (Ecole Normale Superieure, France)
 Edlyn Teske(University of Waterloo, Canada)
 Stefan Wolf(ETH Zurich, Switzerland)


CONFERENCE PROGRAM:
 All lectures will take place in the Davis Centre, Room 1302,
 at the University of Waterloo

==
Monday, November 1
==

 8:00 -  9:00 am:  Coffee and registration

 9:00 - 10:00 am:  Arjen Lenstra: Selecting cryptographic key sizes.

10:00 - 10:30 am:  Mid-morning coffee break

10:30 - 11:30 am:  Reynald Lercier: State-of-the-art in implementing
   algorithms for the (ordinary) discrete logarithm problem.

11:30 -  1:00 pm:  lunch

 1:00 -  2:00 pm:  Andreas Stein: To be announced.

 2:00 -  3:00 pm:  Edlyn Teske: The parallelized kangaroo method.

 3:00 -  3:30 pm:  Afternoon coffee break

 3:30 -  4:30 pm:  Michele Mosca: Capabilities and limitations of quantum
   computers.

 6:00 pm:  Conference Reception and Banquet at the Waterloo Inn

===
Tuesday, November 2
===

 8:00 -  9:00 am:  Morning coffee

 9:00 - 10:00 am:  Mihir Bellare: Practice-oriented provable security.

10:00 - 10:30 am:  Mid-morning coffee break

10:30 - 11:30 am:  Jacques Stern: Secure design of discrete log signature
   schemes.

11:30 -  1:00 pm:  lunch

 1:00 -  2:00 pm:  Stefan Wolf: How secure is the Diffie-Hellman protocol?

 2:00 -  3:00 pm:  Michel Abdalla: DHAES: An encryption scheme based on
   the Diffie-Hellman problem.

 3:00 -  3:30 pm:  Afternoon coffee break

 3:30 -  4:30 pm:  Simon Blake-Wilson: Key establishment protocols and the
   Diffie-Hellman problem.

 4:30 -  6:00 pm:  Cocktail Reception in DC 1301

=
Wednesday, November 3
=

 8:00 -  9:00 am:  Morning coffee

 9:00 - 10:00 am:  Philippe Golle: Authenticating streamed data in the
   presence of random packet loss.

10:00 - 10:30 am:  Mid-morning coffee break

10:30 - 11:30 am:  Dan Gordon: Fast exponentiation methods.

11:30 -  1:00 pm:  lunch

 1:00 -  2:00 pm:  Jerome Solinas: Efficient implementation of Koblitz
   curves and generalized Mersenne arithmetic.

 2:00 -  3:00 pm:  Christof Paar: Implementation options for finite field
   arithmetic for elliptic curve cryptosystems.

 3:00 -  3:30 pm:  Afternoon coffee break

 3:30 -  4:30 pm:  Robert Gallant: Efficient multiplication on curve

Re: Is SSL dead?

1999-10-08 Thread Steven M. Bellovin 

In message <[EMAIL PROTECTED]>, Bill Stewart writes:
> At 04:35 PM 10/6/99 , Phillip Hallam-Baker wrote:
> 
> That means that you can only succeed against web-users whose browsers
> still accept SSL2.0, which is most Netscape users by default;
> I don't know if IE also defaults to that, but it probably does.
> Even if the https://www.target.com uses SSL3.0, the user isn't talking to it 
> -
> they're talking to https://www.attacker.com, which can use 2.0 if it wants.

Right -- and as long as sites like amazon.com -- to pick a real-world, 
just-verified example -- accept only SSL 2.0, asking folks to turn it off just 
isn't real.

--Steve Bellovin

Re: graphical authentication

1999-10-08 Thread evan . cordes 

> From: Julian Assange <[EMAIL PROTECTED]>

> Mention was made recently of a graphical keying method out of stanford (?) for
> palm-pilots. Does anyone have a reference or url for the paper/code involved?

The paper was presented at USENIX's security '99, and available in
ps/pdf on Avi Rubin's webpage, here:

http://cs.nyu.edu/rubin/vita.html

ciao,
Evan

Re: Is SSL dead?

1999-10-08 Thread EKR 

Bill Stewart <[EMAIL PROTECTED]> writes:

> At 04:35 PM 10/6/99 , Phillip Hallam-Baker wrote:
> >>This is a problem with SSL 2.0 first discovered by Simon Spero then at EIT.
> >>It was fixed in SSL 3.0, that must be almost three years ago.
> >>The server certificate now binds the public key to a specific Web server
> >>address.
> 
> That means that you can only succeed against web-users whose browsers
> still accept SSL2.0, which is most Netscape users by default;
Actually, this really isn't an SSL version issue. Rather it's
an issue about how the browser checks the cert chain. I don't
know for certain, but I believe that Netscape and IE both check
the chain correctly both for SSLv2 and v3.

-- 
[Eric Rescorla   [EMAIL PROTECTED]]
  PureTLS - free SSLv3/TLS software for Java
http://www.rtfm.com/puretls/

crypto camouflage in software

1999-10-08 Thread paul a. bauerschmidt 


neat question:

http://www.arcot.com/arcot_ieee.pdf

 a method of protecting private keys using camouflage, in software, to
 prevent dictionary attacks.

 one password will decrypt correctly, many other passwords will produce
 alternate, valid-looking keys to fool an attacker.

 is this an example of security through obscurity (a thought which many
 frown upon, it seems)?


 please feel free to mail me personally if you want to shred/shed light.

.paul bauerschmidt

graphical authentication

1999-10-08 Thread Julian Assange 


Mention was made recently of a graphical keying method out of stanford (?) for
palm-pilots. Does anyone have a reference or url for the paper/code involved?

Cheers,
Julian.

[SFBCA] SF Bay Area Cypherpunks 09 October 1999 Meeting

1999-10-08 Thread Bill Stewart 

SF Bay Area Cypherpunks 
October 1999 Physical Meeting Announcement

General Info:

  Sat 9 October 1999
  1:00 - 6:00 PM
  Mrs. Fields' Cookies shop, near the payphones*
  Embarcadero 4, Embarcadero Center complex
   - Ground floor, North side, a few paces east of Drumm and Washington St.
   - (* Ever been to a 2600 meeting? Same location. Follow your nose.)

   The October Physical Meeting of the San Francisco Bay Area Cypherpunks
   will be held on Saturday 9 October 1999 from 1-6 PM.
   
   "The court shall enter such orders and take such other action as may be 
necessary and appropriate to preserve the confidentiality of the
technique 
used by the governmental entity..."
  -- Section 2716 of the proposed Cyberspace Electronic Security Act
   
   As usual, this is an "Open Meeting on US Soil" and, as always, members 
   of the Public and any interested inteligence agency are welcome to attend
   (preferably in person).

Meeting Agenda:

   "Our agenda is a widely-held secret."

 1:00-2:00
   Informal pre-meeting gathering
- Accepting cookies from strangers, etc.

 2:00-6:00

   Ian Goldberg - Hushmail, and probably other topics
   Cypherpunk Legislation-of-the-Month Club: "CESA, the Cyberspace
Electronic Security Act of 1999
   "Jamming ECHELON Day" (22 Oct)
   "Disappearing, Inc." mail shredding?
   The Switzerland of the Net? The Bermuda Monetary Authority and Entrust
   Cypherpunk Book-of-the-Month Club: "Cryptonomicon"

   (Additional agenda items TBD on-the-fly at the meeting)
   
 6:00-?
   Dinner at a nearby restaurant usually follows the meeting (see 
   meeting notes below).
   
Featured Speakers:

   Ian Goldberg will be consulting in Montreal for the next N months.


Meeting Notes:

   The Weather Underground predicts warm weather and
moderate chance of earthquakes

Location Info:

   Southbound on Market St. from the Embarcadero/Steuart.
   HARD RIGHT on Drumm St. (not left on Spear).
   BEAT IT down to Washington St. (a block or two).
   RIGHT on Washington, into cul-de-sac.
You can almost smell us from there. (The cookies, that is.)
   The best way to get to Mrs. Fields' is to park _under_ it in the
   Embarcadero 4 parking lot, accessible from the cul-de-sac.
   NOTE: Get your PARKING VALIDATED and it's FREE!
   
   Food (non-magic cookies) and beverages are available at Mrs. Fields'.
   There are several other places nearby to grab a snack during the meeting.

Mass Transit

   From the East Bay, take BART to Embarcadero in SF.

   From the South, take Caltrain.  Due to Construction, trains may
leave 10 minutes earlier or later than the www.caltrain.com schedule,
and the last few stops are really a shuttle bus.
Weekend Caltrain Pass is $5.

Location Map(s):

   Mrs. Fields' Cookies:
   
 (red star over Mrs. Fields)



Collateral Damage, Known Parties, etc.

URBAN WASTELAND ENCORE - Sameer Parekh and friends - East Bay 10pm-dawn
Call 510.594.4000x217 after 10 for directions.

PENSFA at Howard Davidson's in San Carlos

10/16 will have an all-weekend Party at Ian's Friends' Place
and a Revel Alliance party in Felton.


If you have any questions, please send them to the co-organizers of the mtg:
 Bill Stewart Cell +1-415-307-7119 <[EMAIL PROTECTED]>
 Dave Del Torto <[EMAIL PROTECTED]> 

List-Subscribe:

List-Digest:

List-Unsubscribe:
But I blasted this to the usual suspects mailing lists as well -- Bill

"Disappearing, Inc."

1999-10-08 Thread Dave Del Torto 

In the news today: another unknown entity purporting to create secure email.

Company Name: "Disappearing, Inc." (cute...)
Angle: "shredding" email so it can't linger forever (nothing new to 
PGP users who've forgotten their passphrase ;).
Technology: unknown.
Technical Team: unknown.
Source Code: unreviewed?
Cost: unknown.
Customers: unknown.
FAQ:  (very lightweight)

Let's see if someone from DI is willing to step up and explain the 
details of the protocol, and if they're ready to release sources for 
review and play with the big kids.

Definitely on the Agenda for Saturday's Cypherpunks meeting...

dave

RE: Is SSL dead?

1999-10-08 Thread Bill Stewart 

At 04:35 PM 10/6/99 , Phillip Hallam-Baker wrote:
>>This is a problem with SSL 2.0 first discovered by Simon Spero then at EIT.
>>It was fixed in SSL 3.0, that must be almost three years ago.
>>The server certificate now binds the public key to a specific Web server
>>address.

That means that you can only succeed against web-users whose browsers
still accept SSL2.0, which is most Netscape users by default;
I don't know if IE also defaults to that, but it probably does.
Even if the https://www.target.com uses SSL3.0, the user isn't talking to it -
they're talking to https://www.attacker.com, which can use 2.0 if it wants.

Thanks! 
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639

Disappearing Inc. "Universally Deletes"

1999-10-08 Thread fibonacci 

>From the website FAQ of Disappearing Inc.  (www.disappearing.com/faq3.thtml)


  >Deletion:  Finally, at the end of the message lifecycle,
  >Disappearing Inc. Universally Deletes? the message from
  >the local PC, the mail server, and backup tapes so that
  >nobody can ever read it again.

Lessee,  the backup tapes are across the room by the coffee maker.  No matter, 
Diappearing Inc.
messages simply contain self actualizing code which, drawing energy from nudged quanta 
in the 
mylar substrate, initialize a virtual processor and irretreivably wipe the message and 
the executable 
to DoD standards, leaving only a bad smell and a greasy feeling between your fingers.

God, I love the smell of snakeoil in the morning

Lucas

 
wipe   
   
Get HushMail. The world's first free, fully encrypted, web-based email system.
Speak freely with HushMail http://www.hushmail.com

TIPEM compatible lib?

1999-10-08 Thread Lucky Green 

I am looking for a TIPEM 2.x API compatible free crypto library. Any
pointers?

Thanks,
--Lucky Green <[EMAIL PROTECTED]>

Re: Is SSL dead?

1999-10-08 Thread Steve Reid 

On Wed, Oct 06, 1999 at 06:28:45PM -0700, Greg Broiles wrote:
> This deserves further explanation. In order to begin an SSL session, the 
> server must present its public key and its site certificate to the client. 

I think you're missing the point of the article. The issue is, what
happens when the imposter site simply doesn't use SSL?

It looks perfectly normal, like the thousands of other sites out there
that don't use SSL.

The "Location:" field shows http instead of https. How many people
would think twice about seeing "http://" in the Location field?

The little lock icon in the lower left corner of Netscape stays
unlocked, like it does 99% of the time. You wouldn't notice unless
you're savvy and alert enough to specificly check for it.

The only warning message that might appear is the "You are submitting
a form insecurely" dialog. But with all of the web forms out there
(search engines, web-based email, useless chrome, etc) that dialog is
quickly disabled on many systems- I'd bet nearly all of them.

No warnings about certificates because there just aren't any
certificates to warn about.

Anybody who doesn't make a point of ritualisticly checking security
information would likely be taken in.