yet another example of a secret signature
Always collecting examples of "secret signatures" that predate all the stuff we do, I offer this for your amusement/pleasure. --dan == "Marion Dorset," Progressive Farmer, November 1999, p31. His solution to hog cholera saved producers millions ... Besides contributing to the hog cholera vaccine, Dorset also invented the purple ink stamp that identifies USDA-inspected meat -- an ink that's used to this day. USDA won't reveal what's in Dorset's formula. It is kept secret to avoid replication of the stamp. ==
More on CSS
Earlier this week, I posted a note about an attack on the recently published CSS cipher, used for encrypting DVDs. I published my first attack here: http://livid.on.openprojects.net/pipermail/livid-dev/1999-October/000589.html It has a workload 2^16 and recovers the 40 bits CSS key with 6 known bytes. I then directed my efforts against the TitleKey generation: http://livid.on.openprojects.net/pipermail/livid-dev/1999-October/000609.html Here a secondary mangling cipher falls with a workload of 2^8, and as only 5 bytes of known plaintext is now needed, it is now possible to extract numerous 'player keys' by correalating a few DVD titles. It seems to have worked, for shortly afterwards there was a deluge of playerkeys: http://livid.on.openprojects.net/pipermail/livid-dev/1999-October/000657.html My last attack is outlined in: http://livid.on.openprojects.net/pipermail/livid-dev/1999-October/000671.html It is an attack on a hash that is used to verify that the correct player key has been used. This has was also weakness, and can be reversed with 2^25 work and 2^24 memory. A PIII/450 reverts such a hash in less than 20 seconds. This particular attack is interesting as it will allow a DVD to viewed without any known player key, or known / guessed plaintext. This should be of concern when trying to design 'secure distributions' of movies for In Flight Entertainment, such as is beeing discussed on: http://www.waea.org/public/specs/DVD-WG/DVDWG%20Index.html ( Movies can be released much earlier for IFE, and the security of these copies are a concern with regards to piracy. If they can be decrypted, they provide a Digital Master ) frank
CAPSTONE Specs
Thanks to Anonymous we offer the CAPSTONE (MYK-80) Specifications, August, 1995, about 1/3 redacted of parts still classified TOP SECRET UMBRA: http://cryptome.org/capstone.htm (40K text and 13 images) Or Zipped: http://cryptome.org/capstone.zip (text and images: 298K) This doc was released in August, 1999.
Thermal Imaging In-Home Surveillance OK Without Warrants
The actual decision is readable here. Personally I side with the dissent. http://www.ce9.uscourts.gov/web/newopinions.nsf/f606ac175e010d64882566eb00658118/b686f731840272eb882567e7005de14a?OpenDocument Forwarded-by: Jim Warren [EMAIL PROTECTED] From: [EMAIL PROTECTED] (Johnny King) WESTERN FEDERAL APPEALS COURT RULES POLICE MAY CONDUCT THERMAL IMAGING SURVEILLANCE ON PRIVATE HOMES WITHOUT WARRANT Court Reverses: No Warrant Needed for Thermal Imaging The 9th Circuit Court of Appeals reversed last week (9/10) by deciding that police need not obtain a warrant before turning thermal imaging technology on private homes. The new ruling delighted law enforcement, which uses the technology to look for indoor marijuana-grow operations or drug labs by detecting excess heat coming from within a residence. The original ruling, in August, 1998, said that the technology was intrusive enough to necessitate a warrant. Even as the government's motion for re-hearing was pending, however, one of the three panel judges retired, and the new judge, Melvin Brunetti, joined Judge Michael Hawkins, the lone dissenter in the first opinion, to overturn. Judge John Noonan, dissenting to the new ruling, likened the use of thermal imaging to a high-powered telescope looking into a home, an activity which would require a warrant. But Judge Michael Hawkins, who wrote the new majority opinion said that the technology "intrude(s) into nothing." Military analyst Joseph Miranda, however, told The Week Online that the technology is more invasive than the majority opinion lets on. "Thermal imaging technology involves infrared detectors which basically allow people to see through walls. It can determine changes in heat levels within a house. While the police might be using this technology to find marijuana grow lights, they can also determine which rooms have people in them and even what you are doing in your bedroom. In fact, the technology is getting to the stage that with the help of computer-enhancement, authorities could use the technology to get a pretty accurate picture of very personal activities." From: [EMAIL PROTECTED] (Blaine-Laura Katz) Subject: Court Reverses: No Warrant Needed for Thermal Imaging Date: Wed, 22 Sep 1999 04:40:29 -0400 The Federal 9th Circuit Court of Appeal covers most of the Western U.S. Cases are usually decided by a 3 judge panel. The first time this case was heard, two of the three judges voted that thermal imaging surveillance was so intrusive of privacy that it required a warrant. One judge ruled that it needed no warrant. One of the judges that ruled it needad a warrant retired, and the judge who took his place voted oppositely when the case was granted a rehearing at the government's (police's) request. It seem unlikely that this ruling will stand, but it will probably be the law of the land for the next year or so, until it is overturned. The next likely step will be a rehearing before the court "en banc", when all of the 23 or so judges who sit on the 9th Circuit Court of Appeal will hear and decide the case together. The next, and last step, is an appeal to the U.S. Supreme Court. -Johnny
Must-read capabilities paper
--- begin forwarded text Date: Sun, 31 Oct 1999 16:29:20 -0800 From: Lucky Green [EMAIL PROTECTED] Old-Subject: Must-read capabilities paper To: "cypherpunks@Algebra. COM" [EMAIL PROTECTED] Subject: Must-read capabilities paper Sender: [EMAIL PROTECTED] Reply-To: Lucky Green [EMAIL PROTECTED] This is probably the most significant and insightful CS paper I have read in years. The paper didn't actually teach me something fundamentally new, having paid close attention to capabilities ever since a fateful Cypherpunks meeting at Stanford a few years back, but I have never seen such synthesis between so many seemingly disjoint important topics. From OS design to PKI, this paper touches on it all. What impressed me about this paper is that it made me think in new ways about stuff I already well understood. http://www.erights.org/elib/capability/ode/index.html --Lucky Green [EMAIL PROTECTED] "Among the many misdeeds of British rule in India, history will look upon the Act depriving a whole nation of arms as the blackest." - Mohandas K. Gandhi, An Autobiography, pg 446 http://www.citizensofamerica.org/missing.ram --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
DVD cracks
[from ntk] Just when you thought you'd wait forever for a free DVD player, along come two cracks at once. The first was the leaking onto the Linux LIVID player mailing list of the DVD Content Scrambling System code used by the Jon Johansen's cracker for Windows, DeCSS. Bits of the code was already written and GPL'd by Derek Fawcus - which means that the rest of the code could end up under GPL - hence the leak. More importantly, though, it also meant that the CSS decryption algorithm was now open to public scrutiny. It only took a few hours to confirm what everyone's been suspecting for a while. The CSS decryption system sucks. It works by storing a whole bunch of keys on each DVD. Industry overseers, the DVD Forum, hand out one matching decryption key to each manufacturer: if any of these company's equipment got cracked, future DVD disc's were to be pressed without this key, making the crack (and that company's hardware) unusable with new movies. Quite whether the Forum would ever dare to carry out this threat against its own licensees is unclear. It's a bit moot now, though, since open cryptanalysis of the CSS algorithm showed that it was possible to brute force *all* of the current keys in a few days. In order to preserve the system, the DVD Forum would have to disable all keys, turning every hardware player sold so far into a pile of scrap iron. Boy, these Hollywood guys are *smart*, aren't they? http://livid.on.openprojects.net/pipermail/livid-dev/1999-October/000548.html - the story in a nutshell http://livid.on.openprojects.net/pipermail/livid-dev/1999-October/000430.html - next round: let me see you wobble those tracks
Lie in X.509, Go to Jail, Pt. III (Was Re: Edupage, 29 October1999)
At 1:55 PM -0600 on 10/29/99, EDUCAUSE wrote: ACTIVISTS DECRY BILLS ON 'DIGITAL SIGNATURE' Consumer groups are up in arms over two bills in Congress, the Millennium Digital Commerce Act and the Electronic Signatures in Global and National Commerce Act, that would give digital signatures equal legal footing with traditional signatures. The bills, one in the House and one in the Senate, undermine the effectiveness of state consumer-protection laws and do not provide the same consumer protections as those given to traditional paper records. The Senate bill leaves out key state and federal consumer protections and interferes "with a state's rights to protect its own consumers, without imposing any protections against misuse, mistake, or fraud," says a letter from the National Consumer Law Center. The White House has soured on the Senate bill due to the effect it will have on consumer protections and regulations, while Commerce Department General Counsel Andrew J. Pincus says both the House and Senate versions would have a devastating effect on state and federal consumer protections. "Unscrupulous people" will be able to use the bills to their advantage by preying on online consumers, leading to a loss of consumer confidence in the Internet, predicts Pincus. (Washington Post 10/29/99) - Robert A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
New digital encryption company?
Anybody know more? http://www.wired.com/news/print/0,1294,32267,00.html Nov 1: Marc Collins-Rector, 39, stepped down as chairman of DEN last week, citing a desire to devote more time to his new startup, a digital encryption firm.
Re: 56 Bits?????
On Mon, 1 Nov 1999, Arnold G. Reinhold wrote: Key lengths are perhaps the easiest parameter for a manufacturer to change at a later date. Incorporating a useful and usable cryptographic architecture is much harder. Apple deserves credit for taking a serious stab at the later. I realize this, and I also realize that once a piece of software gets out and widely used, its a real pain in the ass to get everyone to switch; meaning if we laid down a 56-bit crypto architecture, and the export regs vanished the world over 10 years from now, after our arch had taken off .. we'd still have to live with weak crypto for a number of years just to maintain backward compatibility. The other problem I have with this is that it legitimizes 56-bit crypto. When big name companies put out security packages, people trust them .. on name recognition. Walk up to the average guy and ask him if he'd trust an e-commerce solution by IBM or Counterpane and he'd likely choose IBM. Most people reading this would probably choose Counterpane. People will believe that 56-bits is fine.. and then we'll never get the damn export regs changed, and it will only get worse .. once the people believe that 56-bits is ok, and that they don't need 128-bits .. 128+ can easily get outlawed "Why do you need a tank, guys? A hunting rifle is good enough." .. its a persuasive argument to lots of people. Now, IF corporations like IBM, MS and Apple were at the forefront of battling the export regulations, then I'd change my tune. If they sold 56-bit solutions, all the the while battling export laws in court, or at least making it publicly known they favor change and expressing that in their docs and ad campaigns, then that sends a different message to Joe User. Our goal: 256-bit crypto, worldwide, NOW! Just having 256 bit keys does not mean that a program is secure. There are many other vulnerabilities that have to be addressed. Also, how many users are prepared to memorize and use a 256-bit strong passphrase (e.g. 20 Diceware.com words)? Sure. Security is always more than just the crypto.. and whether 256 bit passphrases are usable is irrelevant: the day will come when we need to key at least 128 bit ciphers, and even that is beyond the memory of most.. so we'll need another method of passphrase generation, or, another way of getting secret entropy from the user. There are schemes other than mere words. On the specific complaint that seems to have started this thread, the lack of a wipe option in the file encryption, I would just like to point out that wiping the original file when you encrypt it is nowhere near enough. Many popular applications, such as MS Word, create temp files all over the place. A better approach is to wipe all disk free space regularly. This can be easily automated in the MacOS using shareware utilities and Applescript. This approach works reasonably well. I like an encrypted filesystem. Basically everything encrypted. Much of the OS, temp directories, the whole nine yards. If someone sits down at the machine, or steals it, not only don't they get your data, they don't even know what apps you were running. I run Linux. I have a minimal non-encrypted partition with the kernel and enough stuff to get booted, /tmp, /usr and everything else sit on an encrypted volume (sysadmin enters key). User home dirs are individually encrypted by the user if they choose (there are only 3 users, of which I am the primary). If the machine is stolen or whatever, the only thing they learn is that I run linux. They won't know even know what apps I have installed. Though they can make a good guess that /usr/bin/perl exists.. :) Michael J. Graffam ([EMAIL PROTECTED]) "Let your life be a counter-friction to stop the machine." Henry David Thoreau "Civil Disobedience"