Re: Weak user keys, strong servers.
-- At 12:15 PM 7/22/2000 -0700, [EMAIL PROTECTED] wrote: > You could have a slightly simpler system by just letting G^q be the > user's public key, Which gives the server unlimited power to read the users mail and impersonate the user, even if the user is using a high entropy passphrase. > It's a little unclear what your security model is, whether the > client is trusted or not. That is because I am looking for both belt and braces to keep the users pants up. I want a system that is invulnerable to outsiders who have no knowledge of the passphrase and infrequent and limited access to the user's machine and no power over the server, even if the user chooses a weak passphrase, and a system that is also invulnerable to outsiders with power over the server if the user chooses a strong passphrase and they have no access to the user's machine. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG fBygsLvIO8PYdMDoivJRJg6J1OvIXDR+USrBa0Ou 4HRCExGCubrGiwhyIUJmf2QkOYOTYuvZsh/AXJjyA
Re: Weak user keys, strong servers.
-- At 02:36 PM 7/22/2000 -0400, David Jablon wrote: > James, > > The approach of splitting the key into low and high entropy parts is > obvious, but you're solution is probably not obvious to very many > people. At least it wasn't to me. > > Can you elaborate on the points below? At 09:50 PM 7/21/00 -0700, James A. Donald wrote: > > On reflection, the obvious solution to this is for the user to > > have his possibly low entropy key p, and the server to keep for > > him a high entropy key q. > > > > The public key is G^(p+q). > > The secret key is p+q, and the user never seeks to find out q. > > The server establishes the user's identity by verifying that he > > knows p corresponding to the shared secret G^p. It then, on a > > secure channel established by DH, provides the user with P^q, > > where P is whatever the user requests, as often as the user > > requests it. > 1) How does the server establish the user's identity? > > 2) Is the DH channel secure against a middle-man because it's > authenticated? I made the following up myself, on the spur of the moment, so unless it corresponds to something someone else has already done, it may well be snake oil. When the user created his account, he informed the server of G^q through https. He knows he gave this information to the real server thanks to the usual https mechanism, and since the primary job of the public key is to perform a function similar to that of a video answering machine, the server does not need to verify the users true name, merely establish that the user is the same person as created the account. The object of the protocol is to ensure that the client knows he is communicating with someone who knows G^p, and the server knows it is communicating with someone who knows p In this it differs from SPEKE, where both know p. In subsequent logons the user sends the server his logon name in the clear, The server responds generates a random number b, and sends the user G^b. The client similarly generates a random number c and sends the server G^c The client then generates the secret number (G^b)^(c+p) The server then generates the secret number [(G^c)* (G^p)]^b This number is then used as the symmetric secret key for client server communications until the user logs off. James A. Donald: > > If the user chooses a low entropy key, he is secure from attack by anyone > > except the server, and if he chooses a high entropy key, he is secure from > > attack from anyone. > That p+q trick might be nice, where I suppose the user interacts with > the server to get a partial "signature". But there seem to be a wide > variety of other ways to split a key into low and high entropy parts. > Is there an advantage in your scheme over simply delivering q to > the user? My concern is that if the user access and localy stores q on a variety of machines, sooner or later q may be revealed, even if q is only stored in memory and ony for the duration of the logon session. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Ip1QfP2znuppVC0+6om+LoS5kstSqZVb3EZ5gQIR 4q7yZSBMti4TtaST3n0eS90EpGqfMM+HQhPfk1LhY
Re: UK searching traveler's disk drives for pornography (fwd)
>Wasn't there a story very much like this, a year or two ago, that turned >out to be a hoax? Not that I have heard about. Ken Cukier's original story was confirmed by a UK Customs spokesperson: http://www.sightings.com/political/laptops.htm 'A spokesman for Customs and Excise said officials would routinely scan laptops for illegal material such as pornography. Encrypted files will be treated in the same way as a ordinary luggage. "So far as we are concerned, there is no difference between an encrypted file and a locked suitcase," said the spokesman. "All travellers entering the country should be prepared to have their equipment scanned."' >I suspect the Customs people could get away with all >kinds of nonsense, but is there any independent documentation that they >really are getting away with it right now? I haven't heard anything further since Ken's report, but it may just be they've avoided journalists more effectively since then ;) Ian :)
RE: Self Decrypting Archive in PGP
Perry wrote: >Am I the only person left on earth who finds "self-extracting" bundles >to be a menace to security? --Perry] Obviously not from the other comments. I view self extracting archives (SEAs) as being no different from any other executable. If you are comfortable running the program on your computer, then do so. I personally am willing to run programs which I have downloaded from reputable providers. That's what happens when you buy software online. We could make an email SEA system safe if we could check the hash of the executable part of the archive against a list of "known safe" routines before we ran it. Such a system might usefully encourage people to compress files for transmission, rather than watch them expand as MIME encoded attachments. Cheers - Bill - Bill Frantz | Microsoft Outlook, the | Periwinkle -- Consulting (408)356-8506 | hacker's path to your | 16345 Englewood Ave. [EMAIL PROTECTED] | hard disk. | Los Gatos, CA 95032, USA
Re: UK searching traveler's disk drives for pornography (fwd)
this may well be an echo of an earlier story and that may or may not have been a hoax. If Ken Cukier really wrote the story, even if 2 years ago, there's a good chance it is accurate since Ken is usually pretty careful. vint At 10:51 PM 7/21/2000 -0500, John Kelsey wrote: >Wasn't there a story very much like this, a year or two ago, that turned >out to be a hoax? I suspect the Customs people could get away with all >kinds of nonsense, but is there any independent documentation that they >really are getting away with it right now? > >--John = I moved to a new MCI WorldCom facility on Nov 11, 1999 MCI WorldCom 22001 Loudoun County Parkway Building F2, Room 4115, ATTN: Vint Cerf Ashburn, VA 20147 Telephone (703) 886-1690 FAX (703) 886-0047 "INTERNET IS FOR EVERYONE!" See you at INET2000, Yokohama, Japan July 18-21, 2000 http://www.isoc.org/inet2000