Re: IBMIntel push copy protection into ordinary disk drives
The Register has broken a story of the latest tragedy of copyright mania in the computer industry. Intel and IBM have invented and are pushing a change to the standard spec for PC hard drives that would make each one enforce "copy protection" on the data stored on the hard drive. You wouldn't be able to copy data from your own hard drive to another drive, or back it up, without permission I suppose the limitations of these would have to be stated when offered for sale to keep within (to quote from another web page) [n]ational (and international) consumer law, especially that of the UK and that promulgated by the EC The Trades Descriptions Act (in the UK) The general concept of "fitness for purpose" -- ###### # Antonomasia [EMAIL PROTECTED] # # See http://www.notatla.demon.co.uk/# ##
Re: migration paradigm (was: Is PGP broken?)
From: Rick Smith at Secure Computing [EMAIL PROTECTED] Does anyone have a citation as to the source of this 1.33 bits/letter estimate? In other words, who computed it and how? It's in Stinson's crypto book, but he didn't identify its source. I remember tripping over a citation for it in the past 6 months, but can't find it in my notes. According to Kahn's "The Codebreakers", 1996, ISBN 0-684-83130-9 pp 759-762 Shannon did frequency counts of 1, 2 and 3 letter n-graphs and asked people to guess the next letter in incomplete passages of English. -- ###### # Antonomasia [EMAIL PROTECTED] # # See http://www.notatla.demon.co.uk/# ##
First Quarterly Cryptuk Meeting on 29Nov2000
Wed 29 Nov 2000: Ben Laurie on programming with OpenSSL "The Old English Club" on the first floor of "F.T.'s Free House" in Savage Gardens, EC3. Savage Gardens is between Crutched Friars and Pepys Street and about opposite the Novotel found on your left when leaving Fenchurch St station and your right (round a corner) when leaving Tower Hill tube. It can be seen on http://www.streetmap.co.uk . We have the 1st floor bar area from 7-9pm. I would be interested in suggested topics and speakers for future meetings. -- ###### # Antonomasia [EMAIL PROTECTED] # # See http://www.notatla.demon.co.uk/# ##
my notes on the International Forum on Surveillance by Design
Last Friday's conference in London has an agenda published at http://www.cs.ucl.ac.uk/staff/I.Brown/ifsd.html My notes are at http://www.notatla.demon.co.uk/MISC/interception_con.txt -- ## # Antonomasia [EMAIL PROTECTED] # # See http://www.notatla.demon.co.uk/# ##
Re: Arcbot
coderpunks and cryptography archive example usage: mail [EMAIL PROTECTED] EOF grep arcot get [EMAIL PROTECTED] get [EMAIL PROTECTED] EOF ArcotSign was discussed in 1998 and http://www.arcot.com in 1999 and 2000. I haven't read everything to remind myself of any conclusions that were reached. -- ## # Antonomasia [EMAIL PROTECTED] # # See http://www.notatla.demon.co.uk/# ##
Re: New Encryption Regulations have other gotchas
[EMAIL PROTECTED] (Peter Gutmann): I was reading an early-80's paper on OS security and it mentioned some work from the 1950's on this. I've heard comments about knowledge of Tempest issues during this time from various people, but this is the earliest reference I've found in a published article. If I can re-locate the source I'll post a reference to it. Edited by Lance J Hoffman of UCB Security and Privacy in Computer Systems Wiley 1973 ISBN 0471 40611 2 This book covers publicly-available crypto of the period (looks very weak now) and "rings" by Robert Graham and civil liberties threats involving data storage and aggregation. Page 77 Passive infiltraton may be accomplished by wiretapping or by electomagnetic pickup of the traffic at any point in the system. Although considerable effort has been applied to counter such threats to defense communications, nongovernmental approaches to information privacy usually assume that communication lines are secure, when in fact they are one of the most vulnerable parts of the system. Page 84 In addition to the spectrum of threats arising from wiretapping, electro- magnetic radiation from terminals myst be considered.[12] Electromagnetic radiation characteristics will depend heavily on the type of terminal, and may in some cases pose serious shielding and electrical-filtering problems. More advanced terminals using cathode ray tube for information display may create even greater problems in trying to prevent what has been called "tuning in the terminal on Channel 4." 12. R.L. Dennis, Security in computer environment, SP2440/000/01, System Development Corporation, August 18, 1966 Another chapter has (starting on page 101) a section called "THE PARADOX OF THE SECRECY ABOUT SECRECY" where it says: It should be noted that this Memorandum has been purposely written to be unclassified ... the only background information used is that found in the unclassified literature ... So can anyone say whether there are interesting things in that ref 12 ? -- ###### # Antonomasia [EMAIL PROTECTED] # # See http://www.notatla.demon.co.uk/# ##
RE: PGP Granted Worldwide Export License
Noah Salzman writes: NAI/PGPinc has never entered into an agreement with the U.S. Government in which we have traded features in PGP software for an export license, nor would we ever do so. We have never built a weakened version of PGP. Good. But why does PGP 5.5.3 for business (Windows) does not actually wipe files when told to but leaves them visible and unaltered in the same place to a binary editor pointed at the disk. I'm afraid I missed this if it has been covered before. -- ## # Antonomasia [EMAIL PROTECTED] # # See http://www.notatla.demon.co.uk/# ##
RE: more re Encryption Technology Limits Eased
Jay Holovacs [EMAIL PROTECTED]: I would like to see some discussion of what are the actual possible CPU subversions. All the obvious subversions would seem to require a cooperating OS... Pure speculation, but what if copying a certain 256-bit string caused the program counter to pick up execution after that string ? Then practically every program would have an exploitable buffer overflow detectable and useable only by those with the secret key. Combine that with disabling protected memory in the processor and all those overflows are remote root exploits, perhaps triggered by a single ICMP packet. -- ## # Antonomasia [EMAIL PROTECTED] # # See http://www.notatla.demon.co.uk/# ##
RE: more re Encryption Technology Limits Eased
From: Lucky Green [EMAIL PROTECTED] after he began talking about some very curious, very complex, very undocumented instruction he discovered in late-model CPU's. Instructions that will put the processor into a mode that makes OS protections irrelevant. This is scary. It could be time to hoard antique computers. " Protect sensitive investigative techniques and industry trade secrets from unnecessary disclosure in litigation or criminal trials involving encryption, consistent with fully protecting defendants' rights to a fair trial." Having just read the proposed bill, what this paragraph refers to is that under the proposed bill, LE will be able to enter evidence gathered by means of factory-installed backdoors, intrusion, and other means without needing to disclose to the defense or the Jury how this evidence was obtained. But how new is this in real practical terms ? Suppose an incriminating message is produced in evidence as a set of ciphertext, plaintext and key. "We found this on Mr Green's disk, and you can see the files yourselves on his disk which we've been holding for several months. And he can't produce an alternative decryption." "That was not on my disk at or before the moment you seized it." "What ? It's here visible isn't it ? We have all the forms signed by officers showing this never left the sealed bag from time X to now." That conversation seems possible to me even before the recent announcement. (I could rant about audit trails and the difference between error and dishonesty in the context of ISO 9000 audits. Many of the auditors I have met had no idea what was really evidence of (non)compliance and didn't always understand what they were auditing against.) -- ###### # Antonomasia [EMAIL PROTECTED] # # See http://www.notatla.demon.co.uk/# ##
Re: crypto file system for Linux: which?
Eugene Leitl [EMAIL PROTECTED]: To prevent this in future I'd like to establish a (physically secured) Linux SMB server running a cryptographic file system. Also, I'm unsure how authentication is accomplished. Are passwords/phrases required at each access/session? Do passwords go encrypted over the network? Also, in future I'd like to use soft RAID (at least mirroring) and XFS. It would be nice to have a crypto file system which can be mounted over that. I have tested that samba and cfs under linux will work together, i.e. you serve plaintext across the net and it's magnetic home is as cyphertext where CFS directories have been made. It's the cyphertext that you get backed up on tape. I've recommended this arrangement to someone. (cfs is available from replay.com.) I have not tried soft RAID and how it might interact with the above. Hobbit has an article at {www,ftp}.avian.org called "CIFS" on the traffic visible when SMB shares are in use. For the problem of hardware theft that is not the main concern. -- ###### # Antonomasia [EMAIL PROTECTED] # # See http://www.notatla.demon.co.uk/# ##
RE: US export restrictions - a travellers guide ?
"Rodger, William" [EMAIL PROTECTED]: Don't sweat it, Frank. There are no laws against import of crypto into the US. There is also an export exemption that lets people take out single copies of heavy-duty crypto software on their laptops for their personal use. You're covered. Isn't that true only for US citizens ? Peter Gutmann erased his floppy. from: [EMAIL PROTECTED] (peter gutmann) Date: 09aug1998 Subject: My life as a Kiwi arms courier -- ###### # Antonomasia [EMAIL PROTECTED] # # See http://www.notatla.demon.co.uk/# ##