Re: Cisco VPN password recovery program
On Wed, Oct 19, 2005 at 10:29:19AM -0400, Perry E. Metzger wrote: * * Via cryptome: * * http://evilscientists.de/blog/?page_id=343 * *The Cisco VPN Client uses weak encryption to store user and group *passwords in your local profile file. I coded a little tool to *reveal the saved passwords from a given profile file. * * If this is true, it doesn't sound like Cisco used a particularly smart * design for this. * Only for information, here is Cisco reply as passed on full-disclosure@lists.grok.org.uk and bugtraq@securityfocus.com Andrea From: Clayton Kossmeyer <[EMAIL PROTECTED]> Subject: Re: [Full-disclosure] Ciscos VPN-Client-Passwords can be decrypted Date: Tue, 18 Oct 2005 16:06:05 -0400 To: full-disclosure@lists.grok.org.uk Cc: bugtraq@securityfocus.com, [EMAIL PROTECTED] Hello - The Cisco PSIRT is aware of reports that claim the Cisco VPN Client password encryption uses a breakable algorithm to encrypt user passwords. We are aware of reports at the following sites: http://www.heise.de/newsticker/meldung/64954 http://evilscientists.de/blog/?page_id=339 http://evilscientists.de/blog/?page_id=343 This issue is related to a Security Notice that the Cisco PSIRT released in October of 2004. Cisco's public announcement can be found here: http://www.cisco.com/warp/public/707/cisco-sn-20040415-grppass.shtml The Cisco VPN 3000 Series has a configuration option that does not allow the storage of the user password in the VPN client. For customers that are concerned about the recovery of the user password, the following option can be disabled to prevent local storage of the user password. http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00803ee1f0.html#wp2477015 - - - Cisco Client Parameters Allow Password Storage on Client - Check this box to allow IPSec clients to store their login passwords on their local client systems. If you do not allow password storage (the default), IPSec users must enter their password each time they seek access to the VPN. For maximum security, we recommend that you not allow password storage. - - - Note that the default configuration of the VPN 3000 Series does not allow client password storage. Additionally, this attack only affects passwords that are static and reused for login to the VPN network. Customers using one-time passwords (OTP) and certificates to connect are unaffected. We do greatly appreciate the opportunity to work with researchers on security vulnerabilities, and welcome the opportunity to review and assist in product reports. Regards, Clay Cisco PSIRT -- Andrea Pasquinucci [EMAIL PROTECTED] PGP key: http://www.ucci.it/ucci_pub_key.asc fingerprint = 569B 37F6 45A4 1A17 E06F CCBB CB51 2983 6494 0DA2 pgpOUn01KQ4HV.pgp Description: PGP signature
Re: "Study shows how photonic decoys can foil hackers"
msg.pgp Description: PGP message
Re: free e-voting software available?!
I am working on the implementation of a system which should fit your requirements based on some work of mine and on "A Protocol for Anonymous and Accurate E-Polling", Danilo Bruschi, Igor Nai Fovino, Andrea Lanzi, E-Government: Towards Electronic Democracy, International Conference, TCGOV 2005, Bolzano, Italy, March 2-4, 2005, Proceedings. Lecture Notes in Computer Science 3416 Springer 2005, ISBN 3-540-25016-6 I am planning to release the first version together with docs etc, in september (the system is already working, but I prefer not to release preliminary test versions). Andrea PS. In case for the moment contact me in private for more infos. -- Andrea Pasquinucci [EMAIL PROTECTED] PGP key: http://www.ucci.it/ucci_pub_key.asc fingerprint = 569B 37F6 45A4 1A17 E06F CCBB CB51 2983 6494 0DA2 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Quantum RNG (was: Use of TPM chip for RNG)
About RNG, does someone in the list have any comment, ideas on this http://www.idquantique.com/products/quantis.htm "Quantis is a physical random number generator exploiting an elementary quantum optics process. Photons - light particles - are sent one by one onto a semi-transparent mirror and detected. The exclusive events (reflection - transmission) are associated to "0" - "1" bit values." Just curious of your opinion. Andrea -- Andrea Pasquinucci [EMAIL PROTECTED] PGP key: http://www.ucci.it/ucci_pub_key.asc fingerprint = 569B 37F6 45A4 1A17 E06F CCBB CB51 2983 6494 0DA2 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: analysis and implementation of LRW
On Tue, Jan 23, 2007 at 05:56:29PM +0200, Alexander Klimov wrote: * On Tue, 23 Jan 2007, Peter Gutmann wrote: * > >The IEEE P1619 standard group has dropped LRW mode. It has a vulnerability * > >that that are collisions that will divulge the mixing key which will reduce * > >the mode to ECB. * > * > Is there any more information on this anywhere? I haven't been able to find * > anything in the P1619 archives (or at least not under an obvious heading). wikipedia has some infos and links: http://en.wikipedia.org/wiki/IEEE_P1619#LRW_issue Andrea -- Andrea Pasquinucci [EMAIL PROTECTED] PGP key: http://www.ucci.it/ucci_pub_key.asc fingerprint = 569B 37F6 45A4 1A17 E06F CCBB CB51 2983 6494 0DA2 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Intuitive cryptography that's also practical and secure.
On Fri, Jan 26, 2007 at 05:58:16PM -0500, Matt Blaze wrote: * * It occurs to me that the lack of secure, practical crypto primitives and * protocols that are intuitively clear to ordinary people may be why * cryptography has had so little impact on an even more important problem * than psychic debunking, namely electronic voting. I think "intuitive * cryptography" is a very important open problem for our field. I can bring you my personal experience on this. I have been working for the last 2 years on a project about web-voting (http://eballot.ucci.it/), the system is now up and running and one election has been already done with it. I tried the best I could to make it simple and understandable, but people reactions have been worse than what I expected. Even if I tried to explain how the system works, how is the protocol, where cryptography enters etc.etc., I received comments like: - please remove all these comments about digital certificates etc., just write in the first page "protected by 128bit SSL" as everybody else does - there are too many pages, can't you give in the first page the form to vote and ask the credentials for voting, and a second page of acknowledgment that the vote has been received? - this receipt stuff and checking the votes are dangerous, please give only the totals at the end and no receipts and so on (I spare you the 'graphical design is lousy', which it is, and similar). After having talked with some people, my feeling is that the averge guy feels more confident to vote in a web-site "protected by 128bit SSL", a lot of logos, javascripts, moving objects etc. (the more stuff there is on the web site, the more impressive are the guys who made it) and a big database (better if Oracle) to store your votes. Unfortunately the voting experience on my system is exactly the opposite :-( Andrea PS. any comment on my protocol/system is greatly appreciated. -- Andrea Pasquinucci [EMAIL PROTECTED] PGP key: http://www.ucci.it/ucci_pub_key.asc fingerprint = 569B 37F6 45A4 1A17 E06F CCBB CB51 2983 6494 0DA2 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Intuitive cryptography that's also practical and secure.
On Sat, Feb 03, 2007 at 08:52:35PM -0800, Joseph Ashwood wrote: - Original Message - From: "Andrea Pasquinucci" <[EMAIL PROTECTED]> To: "Cryptography" Sent: Tuesday, January 30, 2007 12:33 PM Subject: Re: Intuitive cryptography that's also practical and secure. * >I have been working for * >the last 2 years on a project about web-voting * >(http://eballot.ucci.it/) * * >PS. any comment on my protocol/system is greatly appreciated. * * If I'm reading the design correctly, the biggest failure I see is that it * is open to coersion. It is possible to hold someone's family or other * personally important stuff for ransom for a receipt that reflects voting * "correctly." *Joe Yes it is by design, and I state it very clearly. Even if I would use biometrics for authentication I cannot prevent a voter at home in front of her PC to take a picture of the screen when she is voting as a proof of what she has voted for, or to sit next to a coercer with a gun watching her voting. The fact that the voter is remote and outside a controlled location makes it impossible to guarantee incoercibility and no-vote-selling. This is not a crypto or IT problem. I do not think (correct me if I am wrong) that it is possible to design a web-voting system where you can vote from any PC in the world which guarantees against this. Consider that in Italy in normal political elections with only paper ballots (no voting machines) it happened that the mafia gave voters mobile phones with cameras or mini cameras to take a picture of the paper ballot when the voter was in the booth as a proof of the vote. And this with armed police just outside the booth. What can I do when it is possible to vote from home? Concerning a technical point on my system, the receipt that my system gives to the voter has data which allow easily to learn the vote, actually this is part of the procedure to check the correctness of the result. I know that there are protocols which aim to give receipts such that: 1. the voter can check that her vote has been counted correctly 2. she cannot prove to a third person how she has voted (see for example Rivest "Three-ballot voting system") but I haven't found one which fits in with my system and at the same time is easy enough so that people can use it (they complain already that my system is too complicated...). Andrea -- Andrea Pasquinucci [EMAIL PROTECTED] - http://www.ucci.it/ - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
