SFS for anonymity
Given: an online Steganographic Filing System database based on the second construction of Anderson, Needham and Shamir*, with many users. Users write email to the data base, with random cover writes. They read from the database to collect their mail, reads are covered by random cover reads, and random reads/writes when they have no mail. Assumptions include: Messages are encrypted. Users would prefer to lose their mail than have it compromised. All communications and alterations to the database are intercepted, and the database itself is compromised. Shared secret keys between users are allowed. Stored hashes of the database state are allowed, to ensure that it has changed enough. The database/userbase can be split into groupwrite/anyread and anywrite/groupread segments (group membership is random and not secret). The point is to foil traffic analysis without a distributed network or trusted third party. Any ideas/insuperable objections? (Could datarates be optimised to implement untraceable internet telephony as well as email on a DSL/cable-type connection?) Comments? -- Peter * http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/sfs3.ps.gz - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Welcome to Vegas, You're Under Arrest (fwd)
-- Eugen* Leitl http://www.lrz.de/~ui22204/";>leitl __ ICBMTO : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Wed, 18 Jul 2001 11:50:30 -0400 From: Matthew Gaylor <[EMAIL PROTECTED]> To: Matthew Gaylor <[EMAIL PROTECTED]> Subject: Welcome to Vegas, You're Under Arrest Welcome to Vegas, You're Under Arrest According to "Midnight Express," hashish trafficking can earn you a few decades in a Turkish prison. And according to U.S. law, making software that decrypts Adobe's eBook format can get you up to five years in an American one. Maybe Dmitry Sklyarov, who was busted by the FBI for "trafficking in software to circumvent copyrighted materials," can recoup some of his legal costs by selling the movie rights. Sklyarov was arrested in Las Vegas a day after giving a speech on digital book security at the hacker conference Def Con, but we think that's just a coincidence. Free speech is still legal in America, but his company's software defies the Digital Millennium Copyright Act. The Moscow-based company ElcomSoft makes the Advanced eBook Processor, a program that cracks the encryption on Adobe eBooks and converts them to the Adobe PDF format. This is all squeaky clean in Russia, but since some of the software made it to the U.S., Adobe wasn't amused. The New York Times and Wired detailed the recent back-and-forth between Adobe and Elcom, including Adobe's successful attempts to get Elcom booted from several ISPs - and get the feds involved.. ZDNet's Robert Lemos appeared to be the only writer to credit Planetebook.com with breaking the story. Planet eBook also posted the affidavit (ominously referring to "United States of America v. Dmitry Sklyarov"), court documents indicating that Adobe itself bought and tested a copy of the forbidden software, and other tidbits for the legal-minded. A few outlets noted that Sklyarov is being held without bail; some pointed to the rarity of criminal charges for copyright infringement. "I thought maybe I would be arrested because I am the owner and the president of the company, but not Dmitry," said Elcom's head honcho, who also attended Def Con. "But I think this is the easiest way to send a message that it is a single Russian hacker at work, but really it is the entire encryption that is flawed." If Adobe or the FBI intended to plant hysteria about a "Russian hacker," it didn't work too well. Journalists usually referred to Sklyarov as an expert, cryptographer or programmer. True, one Wired News headline called him a hacker, but from those folks, that's a compliment. - Jen Muehlbauer Index of ElcomSoft, Dmitry Sklyarov, Adobe, US Government and DMCA-related articles from around the Web http://www.planetebook.com/mainpage.asp?webpageid=170 FBI nabs Russian expert at Def Con http://www.zdnet.com/zdnn/stories/news/0,4586,5094266,00.html U.S. Arrests Russian Cryptographer as Copyright Violator http://www.nytimes.com/2001/07/18/technology/18CRYP.html (Registration required.) Russian Adobe Hacker Busted http://www.wired.com/news/politics/0,1283,45298,00.html eBook security debunker arrested by Feds http://www.theregister.co.uk/content/55/20444.html Hacker Arrested at Def Con http://www.techtv.com/cybercrime/digitaldisputes/story/0,23008,3337541,00.html FBI Arrests Russian Creator Of E-Book-Decoding Software http://www.newsbytes.com/news/01/168042.html ### Excerpted = THE INDUSTRY STANDARD'S M E D I A G R O K A Commentary on What the Press Is Reporting and Why = | http://www.thestandard.com | Wednesday, July 18, 2001 ** Subscribe to Freematt's Alerts: Pro-Individual Rights Issues Send a blank message to: [EMAIL PROTECTED] with the words subscribe FA on the subject line. List is private and moderated (7-30 messages per week) Matthew Gaylor, (614) 313-5722 ICQ: 106212065 Archived at http://groups.yahoo.com/group/fa/ ** - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
www.boycottadobe.com
It appears an Adobe boycott is in progress. See: http://www.boycottadobe.com/ -- Perry E. Metzger[EMAIL PROTECTED] -- NetBSD Development, Support & CDs. http://www.wasabisystems.com/ - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Criminal conduct and "cryptography." (Adobe vs. Sklyarov)
"Jay D. Dyson" <[EMAIL PROTECTED]> writes: > As Weld Pond of @stake (formerly the l0pht) has noted, the dire > predictions made on the quality of digital content protection in the > age of DMCA have come to fruition. Where there could have been honest and > accurate peer review, we now have little but more snake oil being pawned > off as "secure." > > To review Sklyarov's presentation on how trivial it is to bust > Adobe's "encryption," please see the following URL: > > http://www.treachery.net/~jdyson/ebooks/ > > Take a look at the findings there. You will be amazed as well as > sickened that any self-respecting company could call this tripe > "protection." > > It's a sad day when it's cheaper to make a shoddy product and rely > on law enforcement to protect your product than it is to make a decent > product in the first place. Bottom line is thus: all of us -- regardless > of whether we use Adobe's products -- are now paying fees (taxes) to > assure that their product is protected. It seems to me that the quality of the encryption is a side issue in this case. In general, DRM systems of this type need to be concerned with two classes of attacks: (1) content recovery by unauthorized users (i.e. random individuals who get access to the encrypted content) (2) content recovery by authorized users (i.e. people who are authorized to view the content in some authorized device but not to extract the raw plaintext, etc.) The quality of the encryption being used only applies to attackers of type (1) since attackers who have the key will be able to recover the plaintext no matter what the encryption algorithm is, provided that they know the algorithm. It's not in principle any more difficult to reverse engineer a binary implementing a strong algorithm than one implementing a weak one. As far as I can tell, ElcomSoft's decryption utility requires the user to input the password. Therefore it would only be of use to attackers in class (2). While the encryption is admittedly bad the situation wouldn't be any better from Adobe's perspective if the encryption were good. Similar comments apply to CSS--although it uses a weak algorithm which could in principle be exhaustively searched, this isn't necessary since a key has been recovered by reverse engineering an authorized decoder. Why bother to make this distinction? Because eventually we'll run into a DRM system which uses a strong encryption algorithm. It will still be breakable since we don't know how to protect against attackers of class (2) but we won't be able to say "hey, these losers are using ROT13". We might as well start fighting that battle because we'll need to soon enough in any case. -Ekr - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: I'm looking for FSE2001 proceedings
Helger Lipmaa <[EMAIL PROTECTED]> writes: > If you want to get final versions, contact the authors. It is also mostly > up to them to put their papers on their homepages - some authors do, some > don't: mind that not all of them have time or possibilities to maintain a > homepage. Two of the papers are on my web pages: Scott Fluhrer's on breaking my cipher Mercy, and Stefan Lucks and mine on breaking Leviathan: http://www.cluefactory.org.uk/paul/mercy/fluhrer-dc.html http://www.ciphergoth.org/leviathan -- __ Paul Crowley \/ o\ [EMAIL PROTECTED] /\__/ http://www.cluefactory.org.uk/paul/ "Conservation of angular momentum makes the world go around" - John Clark - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
I'm looking for FSE2001 proceedings
Does anyone know where I could purchase or get the papers submitted to the Fast Software Encryption Workshop 2001? Springer-Verlag does not have it available for purchase yet. I looked at the Web site (url below) and emailed the 2 Japanese fellows apparently running it but they have yet to respond. Any pointers or help would be most appreciated. I'm cc'ing cyperpunks and cryptography mailing lists as well. http://www.venus.dti.ne.jp/~matsui/FSE2001/ Thanks, - Alex -- Alex Alten [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: I'm looking for FSE2001 proceedings
>It's been a while since looking at the Springer-Verlag copyright notice. I >remember that it allows authors to publish papers on their web pages. Is >this correct? > >What are the ACM and IEEE copyright terms like? Do they also allow >publication on the web? I believe these terms also apply for ACM publications (but you might want to check), not sure about IEEE. -- Dean Povey, | e-m: [EMAIL PROTECTED] | JCSI: Java Crypto Toolkit Research Scientist | ph: +61 7 3864 5120 | uPKI: C PKI toolkit for embedded Security Unit, DSTC | fax: +61 7 3864 1282 | systems Brisbane, Australia | www: security.dstc.com | - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: I'm looking for FSE2001 proceedings
Alex Alten wrote: > Does anyone know where I could purchase or get the papers submitted > to the Fast Software Encryption Workshop 2001? Springer-Verlag > does not have it available for purchase yet. It's annoying that crypto papers hardly ever seem to be made available online. I wonder if there is any chance of crypto researchers joining the scientific journal boycott... The boycott is described here among other places: http://www.scientificamerican.com/explorations/2001/042301publish/ http://slashdot.org/science/01/04/24/149257_F.shtml Basically the researchers, who are currently mostly in the life sciences, want papers published freely on the web after six months. So if you need completely up to date information, you buy the journal. If you aren't bothered you can look on the web. According to the Scientific American article they have 15,000 researchers including several Nobel prize winners. This wouldn't help Alex, though... :-( -- Pete - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: I'm looking for FSE2001 proceedings
On Wed, 18 Jul 2001, Pete Chown wrote: > > to the Fast Software Encryption Workshop 2001? Springer-Verlag > > does not have it available for purchase yet. It also doesn't seem to be on Springer LINK yet. > It's annoying that crypto papers hardly ever seem to be made available > online. I wonder if there is any chance of crypto researchers joining > the scientific journal boycott... For what it's worth, this is not my experience. While not every paper is online, a large number of people make papers available from their web pages. Plus I'm very lucky in that my library subscribes to the online Springer LINK service. > Basically the researchers, who are currently mostly in the life > sciences, want papers published freely on the web after six months. It's been a while since looking at the Springer-Verlag copyright notice. I remember that it allows authors to publish papers on their web pages. Is this correct? What are the ACM and IEEE copyright terms like? Do they also allow publication on the web? Computer science might have it better than the life sciences in this regard. de facto if not de jure. -David - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: I'm looking for FSE2001 proceedings
On Wed, 18 Jul 2001, Alex Alten wrote: > Does anyone know where I could purchase or get the papers submitted > to the Fast Software Encryption Workshop 2001? Springer-Verlag > does not have it available for purchase yet. I looked at the Web > site (url below) and emailed the 2 Japanese fellows apparently > running it but they have yet to respond. Any pointers or help > would be most appreciated. I'm cc'ing cyperpunks and cryptography > mailing lists as well. > > http://www.venus.dti.ne.jp/~matsui/FSE2001/ I am one of the authors of one of the papers there. As far as I know, only preproceedings are available until now - the deadline to send the final version to Matsui was at the end of May. It is no wonder it takes time to publish the final proceedings. On the other hand, preproceedings were (I think) printed in a small quantity and mostly for the conference participants. You may still inquery Matsumoto Matsui about their availability, but doubt in it. Moreover, preproceedings *really* contained *prefinal* versions of the papers. If you want to get final versions, contact the authors. It is also mostly up to them to put their papers on their homepages - some authors do, some don't: mind that not all of them have time or possibilities to maintain a homepage. Helger http://www.tcs.hut.fi/~helger - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
