Re: Historical PKI resources
[EMAIL PROTECTED] said:
I have found significant information about PKI as it exists today,
but am looking for some background information. I'm looking for
information about the history of PKI, how and where it started, how it
developed, etc.
good question. I don't have an answer offhand but know one place to start
searching.
Here's the BibTeX entry for the paper that apparently "started it all"..
@misc{ diffie76new,
author = "W. Diffie and M. Hellman",
title = "New Directions in Cryptography",
text = "W. Diffie and M. E. Hellman,
New Directions in Cryptography, IEEE Trans.
Info. Theory IT-22, Nov. 1976, pp. 644-654",
year = "1976"
}
If I was doing the brute-force approach, I'd use http://citeseer.nj.nec.com/
(aka www.researchindex.com) to chase down other papers referencing this one
from the late 1970's and early-to-mid 1980's.
Alternatively, other's on this list may know of other available resources
where someone's already done this work.
regards,
JeffH
Where John Ashcroft stands on technology and encryption
http://www.wired.com/news/politics/0,1283,41008,00.html Top Cop Arrives With Mixed Bag by Declan McCullagh ([EMAIL PROTECTED]) 2:00 a.m. Jan. 5, 2001 PST For liberal Democrats, John Ashcroft is a maddening symbol of everything wrong with a George W. Bush presidency -- from the former senator's staunch opposition to abortion to his alleged insensitivity regarding race. To conservatives, Bush's nominee for attorney general represents precisely the opposite extreme: A respected leader who will restore integrity to a Justice Department brought low by the Clinton administration. Ashcroft opposes background checks at gun shows, supports increased penalties for drug offenses and would not prohibit discrimination based on sexual orientation. On technology issues, Ashcroft's record as a Missouri governor and senator is mixed. He seems genuinely to believe in privacy rights and economic liberty, and has taken a moderate position on intellectual property and fair-use rights. But free-speech groups already are girding themselves for the legal equivalent of trench warfare, predicting that newly emboldened Department of Justice prosecutors will launch an assault on sexually explicit material online. And Microsoft foes fret that the antitrust division's commitment to the high-profile antitrust case may wane. On one point everyone can agree: More than any other Cabinet member, the next attorney general will be in a position to make crucial decisions with far-reaching effects on antitrust enforcement, privacy protections and free speech rights. "An Ashcroft DOJ could be a decidedly mixed bag for the high-tech sector since he will be engaged in a constant balancing act on most industry issues," says Adam Thierer, an analyst at the free-market Cato Institute who's well connected in Republican technology circles. "While Ashcroft has a very strong record of support for loosening encryption controls, he may be faced with pressure from GOP law-and-order types to moderate his views on this and also be willing to continue, or even expand FBI efforts like Carnivore," Thierer said. Make that a near certainty. It's a fair bet that pro-law enforcement conservatives in the mold of wiretap-happy Rep. Bill McCollum of Florida, who unsuccessfully ran for the state's open Senate seat, will view a Republican DOJ as an opportunity to expand government surveillance and wiretapping powers. Liberal Democrats have vowed opposition to Ashcroft's nomination -- People for the American Way even assembled a detailed criticism of the nominee -- but privately confide that they don't expect to successfully block his confirmation by the Senate. Wiretapping and Carnivore: Under Attorney General Janet Reno, a DOJ panel has reviewed the FBI's controversial Carnivore surveillance system and extended a tentative blessing. But critics panned the review board as uniformly pro-government, as first reported by Wired News, and independent researchers refused to participate in the process. Ashcroft is the former two-term attorney general and two-term governor of Missouri. During his time there, he cemented his reputation as a solid conservative eager to lower taxes and build new prisons. [...] Encryption: More than almost any other senator, Ashcroft has been a foe of the Clinton administration's restrictions on encryption products. He convened at least one key hearing on the subject and consistently took a pro-privacy point of view. Under federal law, a president has the power to levy export restrictions punishable by fines and jail time. The Clinton administration recently relaxed the regulations, against DOJ and FBI opposition, but did not remove them. The attorney general has no direct authority over encryption regulations, but the DOJ under Reno has lobbied Congress for more stringent controls, and is a key participant in administration decisions on the topic. Also, Ashcroft's position on encryption could indicate how he views broader privacy matters. "The great thing about working for him is he truly understands technology," says Bartlett Cleland, a former Ashcroft aide who is now a vice president at the Information Technology Association of America. "I'd rather have someone there who's thoughtful and considerate rather than a knee-jerk person." "John has a record in the Senate that says he stood up very strongly on encryption, including holding hearings and defending the Fourth Amendment against Louis Freeh," Cleland says. Lisa Dean, vice president of the conservative Free Congress Foundation, said in a statement on Thursday: "Privacy was always a top concern and as a result, (Ashcroft) did a lot of good for the country and the protection of our
Hush Communications gets silly patent
"DUBLIN, Ireland--(BUSINESS WIRE)--Jan. 8, 2001-- Hush Communications (www.hush.com), a leading global provider of managed security solutions and encryption key serving technology, today announced it has been granted a patent for its revolutionary key pair management technology that enables personal computer users to send and receive fully encrypted electronic communications. Hush Communications, the category leader in key pair management technology, now has the exclusive intellectual ownership of its core technology, the Hush Encryption Engine(TM). " Full PR in http://biz.yahoo.com/bw/010108/hush_commu.html US Patent 6154543. It seems to be nothing more than store the private key on a server, give it out when the user presents the hash of their initial passphrase. Similar technology was part of DCE in 1996, cf http://www.opengroup.org/rfc/mirror-rfc/rfc94.1.txt Sigh... /r$
Re: Perfect compression and true randomness
I don't think Chaitin/Kolomogorv complexity is relevant here. In real
world systems both parties have a lot of a priori knowledge. Your
probably_perfect_compress program is not likely to compress this
sentence at all, but PKZIP can. The probably_perfect_compress
argument would work (ignoring run time) if Alice first had to send
Bob the entire PKZIP program, but in reality she doesn't. Also
discussing "perfect compression" doesn't make sense in the absence of
a space of possible messages and a probability distribution on that
space.
I don't agree that the assumption of randomness in OTP's is on the
same footing as "perfect" compression. The laws of physics let you
put a lower bound on the entropy per bit for practical noise
generators. You can then distill the collected bits to produce fewer
bits which are completely random.
In any case, as I tried to point out before, perfect compression,
what ever it may be, does not prevent a know-plaintext attack. If
Malfoy knows the plaintext and the compression algorithm, he has
every thing he needs to guess or exhaust keys. If he has a large
number of plaintexts or can choose plaintexts he might be able to
effect more sophisticated attacks attacks.
Arnold Reinhold
At 9:20 PM -0800 1/4/2001, Nick Szabo wrote:
Anonymous wrote (responding to the idea of "perfect compression"):
... Once you have specified
such a probability distribution, you can evaluate how well a particular
compression algorithm works. But speaking of absolute compression or
absolute entropy is meaningless.
These ideas have on a Turing machine the same meaning as the idea of
"truly random numbers", and for the same reason. The assumption of
randomness used in proving that OTPs and other protocols are
"unconditionally" secure is very similar to the assumption that a string
is "perfectly compressed". The problem is that determining the absolute
entropy of a string, as well as the equivalent problem of determining
whether it is "real random", is both uncomputable and language-dependent.
Empirically, it seems likely that generating truly random numbers is much
more practical than perfect compression. If one has access to certain
well-observed physical phenomena, one can make highly confident, if
still mathematically unproven, assumptions of "true randomness", but
said phenomena don't help with perfect compression.
If we restrict ourselves to Turing machines, we can do something *close*
to perfect compression and tests of true randomness -- but not quite.
And *very* slow. From a better physical source there is still the problem
that if we can't sufficiently test them, how can we be so confident
they are random anyway? Such assumptions are based on the extensive and
various, but imperfect, statistical tests physicists have done (has
anybody tried cryptanalyzing radioactive decay? :-)
We can come close to testing for true randomness and and doing perfect
compression on a Turing machine. For example, here is an algorithm that,
for sufficiently long but finite number of steps t, will *probably* give you
the perfect compression (I believe the probability converges on
a number related to Chaitin's "Omega" halting probability as t grows,
but don't quote me -- this would make an interesting research topic).
probably_perfect_compress(data,t) {
for all binary programs smaller than data {
run program until it halts or it has run for time t
if (output of program == data AND
length(program) length(shortest_program)) {
shortest_program = program
}
}
print "the data: ", data
print "the (probably) perfect compression of the data", shortest_program
return shortest_program
}
(We have to makes some reasonable assumption about what the binary
programming language is -- see below).
We can then use our probably-perfect compression algorithm as a statstical
test of randomness as follows:
probably_random_test(data,t) {
if length(probably_perfect_compress(data,t)) = length(data)
then print "data is probably random"
else print "pattern found, data is not random"
}
We can't *prove* that we've found the perfect compression. However,
I bet we can get a good idea of the *probability* that we've found the
perfect compression by examining this algorithm in terms
of the algorithmic probability of the data and Chaitin's halting
probability.
Nor is the above algorithm efficient. Similarly, you can't prove
that you've found truly random numbers, nor is it efficient to
generate such numbers on a Turing machine. (Pseudorandom
numbers are another story, and numbers derived from non-Turing
physical sources are another story).
We could generate (non-cryptographic) probably-random numbers as follows:
probably_random_generate(seed,t) {
return probably_perfect_compress(seed,t)
}
For cryptographic applications there are two important ideas,
one-wayness and expanding rather than contracting the seed, that
are
Re: Fwd: from Edupage, December 22, 2000
On Thu, 04 Jan 2001 18:35:44 -0800 Bill Stewart [EMAIL PROTECTED] writes: Its just yet another 'secure' scheme that uses quantum theory (here, discrete photons; elsewhere, entangled photons) to detect or prevent leaking bits. More elegant than gas-pressurized, pressure-monitored 'secure' cables, but the same idea. Except that eavesdropping on the quantum key distribution channel is _always_ detected (by `laws of nature'), which is not true for these pressure-monitored cables. The theoretical difference _is_ there, but from a practical perspective, both are so inconvenient or expensive that even the very paranoid won't use them, and the moderately paranoid can use multiple encryption algorithms and overly-long keys. If you suppose that quantum crypto hardware becomes medium-cheap, people who are connecting RF-shielded cages together over distances of a hundred meters to a hundred kilometers (if the quantum crypto can go that far unamplified, otherwise ~2km) may find it more practical than pressurized cable. If you're going less than a hundred meters, stick to pressurized cable and armed guards :-) Actually, `classical' quantum key distribution by polarised or phase-shifted photons can be achieved up to distances of 100km. This appears to be the limit of what these systems can achieve. Using a different technique based on EPR pairs, this limit can be overcome using repeaters. I believe there is an application for these techniques. Perheps not to secure mass market e-commerce transactions. But if the hot line between Moskou and Washingtom was (supposedly) protected by a one-time pad, why not use quantum cryptography for such an application in the future? Jaap-Henk -- Jaap-Henk Hoepman | Come sail your ships around me Dept. of Computer Science | And burn your bridges down University of Twente | Nick Cave - "Ship Song" Email: [EMAIL PROTECTED] === WWW: www.cs.utwente.nl/~hoepman Phone: +31 53 4893795 === Secr: +31 53 4893770 === Fax: +31 53 4894590 PGP ID: 0xF52E26DD Fingerprint: 1AED DDEB C7F1 DBB3 0556 4732 4217 ABEF
History Channel television show on NSA
The 'History Channel' cable TV network will air a show about the NSA tomorrow night January 8, at 8 pm Eastern. Their website says this about it: America's Most Secret Agency The National Security Agency, America's most secret and controversial agency, is charged with safeguarding the nation's strategic intelligence information and decoding the secret communications of our enemies. For only the second time in its nearly 50 year history, the N.S.A. allowed cameras inside its Ft. Meade, Maryland, headquarters, and the director, Lt. General Michael V. Hayden, sits for a rare interview and addresses issues such as privacy. Tune in and find out if Big Brother is watching you!
Re: sniff tool that can crack SSL?
On Fri, 5 Jan 2001, Alex Alten wrote: I guess things would get real interesting if the private key to a trusted intermediate or root certificate authority got stolen and published. It might take a while to update all the browsers out there to not accept it as a valid signer of server certificates. Yeah, lots of web sites would start signing their own certificates because they'd see no reason to fork over the $700 or whatever it is to Verisign, then Verisign would start threatening to sue all of them for violating trade secrets and copyright on the root key. Ironically, it probably wouldn't have any effect on security whatsoever - you can MITM web sites just fine anyway and just make client connections unencrypted, hardly anyone would notice. The real security behind credit card transactions is in the difficulty of cashing in on a whole bunch of credit card numbers anonymously. -Bram Cohen "Markets can remain irrational longer than you can remain solvent" -- John Maynard Keynes
Re: NSA abandons some cool stuff
At 01:27 PM 1/7/01 -0500, Arnold G. Reinhold wrote: "Every inch of floor in more than four buildings was covered with two-by-two-foot squares of bleak brown carpet. When the astronomers tried to replace it, they discovered it was welded with tiny metal fibers to the floor. The result, they eventually realized, is that the rugs prevent the buildings from conducting static electricity. Even the regular lighting looks different, covered by sleek metal grids that prevent the light bulbs from giving off static interference. " Sounds more like TEMPEST shielding. It resembles TEMPEST, but shielding works both ways. The spooks chose the site because it was RF quiet, but had to run their computers in the same area as sensitive dishes. It makes sense that the shielding was to quiet their own emissions to help their receiving. After all, fluorescent bulbs don't leak much intelligence :-) but they sure cause electrical noise. I'd bet the large amount of fiber that was reported was also used for that reason.
Re: Perfect compression and true randomness
"Arnold G. Reinhold" [EMAIL PROTECTED] writes: In any case, as I tried to point out before, perfect compression, what ever it may be, does not prevent a know-plaintext attack. Actually it does: if the compression is perfect with respect to the document model of the attacker, and the plaintext is known, then it compresses down to zero bits so the attacker learns nothing. This supports your main point: perfect compression is a *much* less realistic idea than true randomness! -- __ \/ o\ [EMAIL PROTECTED] /\__/ http://www.cluefactory.org.uk/paul/
