Re: NYC events and cell phones

[Bill Stewart]

At 07:59 AM 09/13/2001 -0400, Angelos D. Keromytis wrote:

>An interesting bit of information: on Tuesday afternoon, to the extend that
>cellphones operated, GSM encryption was turned off throughout Manhattan. My
>GSM phone would repeatedly warn me of this on every call I made (or tried
>to make). As of Wednesday morning, things were back to normal.

Interesting.  For the most part, TDMA encryption in the US isn't turned on;
my Nokia phone always starts off calls by telling me
"Voice Privacy Not Active", even though the encryption is even lamer than
the GSM encryption.





-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Please make stable NON-US homes for strong crypto projects

[Udhay Shankar N]

-BEGIN PGP SIGNED MESSAGE-

 >From: John Gilmore <[EMAIL PROTECTED]>

 >It's clear that the US administration is putting out feelers to
 >again ban publication of strong encryption.


Just taking a minute to plug http://munitions.vipul.net/ -- it is a
collection of Open Source crypto software for Linux, mirrored at 10
different (non-US) sites.

Udhay

- --
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))
  God is silent. Now if we can only get Man to shut up.


-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.8 for non-commercial use 

iQEVAwUBO6Pc4KiP/rXKpnQVAQFtiwf+N0uFjZRnC+0ra8ORmBpUCZZpcMnGs1dP
4/wJHg/eSSvlB4UnTcqm4FP49kDbXGyWcwOcJILLLllUh6RL+FcYeRgRNKRVJiQZ
ZAwNQ2VZBB6u+Sl/mF6lrfskwx6PjHsWEQQKJU6j3aNSpg917pLV/+1JeQ09WfRK
3z9w9ZpUITh4wE+IJNTpShajpihgWl56mQW1CKBaZGwkA23Bn1FsEurwp+kQ5mya
A+7jJ/pHRkAFMRaI6X02bcfuBG1I2+ChMh2n8bFhFEbMAyIoUxRQgq76xu6VbVbN
+mVEVBx9Nt9i0GNKZIHM/ZTMVJ2xpleWI95Q9C6diWL/25r9cM0kdQ==
=KLmU
-END PGP SIGNATURE-




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Which internet services were used?

[Perry E. Metzger]

"Eric" <[EMAIL PROTECTED]> writes:
> > [Moderator: I've listened to virtually all the news conferences made
> > so far. The FBI has yet to make any such statement.
> >
> > In any case, however, why should we find this any more shocking or
> > unfortunate than terrorism being plotted using telephones, or paper
> > letters, or conversations? Why are there no hysterics noting "the
> > plotters travelled using AUTOMOBILES!"
> 
> 
> The claim is that automobiles or telephones do not evicerate the ability of
> law enforcement to effectively do their job, while the use of strong
> encryption and other electronic sundry do.  Therefore, it is argued that
> cars and certain phones are ok, while strong encryption is not.

This claim is, however, wrong.

First, lets look at the question of automobiles. Automobiles certainly
reduce the ability of law enforcement to do its job. The accomplices
of the hijackers almost certainly fled their locations in
automobiles. They would have been unable to go far without
automobiles. It has also been noted in some of the media that Ossama
bin Ladin left his location shortly after the attacks -- presumably in
an automobile. Not having automobiles would have made it easier to
bomb Mr. bin Ladin and to catch accomplices. However, no one would
suggest this for fear of looking foolish. The arguments about
encryption are virtually identical -- only people are unfortunately
not so afraid of looking like fools in public.

It can be argued that not requiring recordings of all phone
conversations "impedes law enforcement". Indeed, one would expect such
recordings to be necessary, given that even if made in the clear, it
would be impossible to go back in time to listen in on the
conversations of the hijackers. Would you like that done?

It can be argued that strong encryption made the deaths of these 4000
people possible. How it made it possible is never explained. Let us
try exploring that question, however.

If there were no strong encryption, what could have been done
differently? Perhaps without it law enforcement could systematically
listen in on every conversation everywhere and every email message
flowing worldwide and record them and listen for "threats". They would
have had to. After all, had they known who these people were in
advance, they could have simply targeted them for intense surveillance
including bugging their homes and computers. By definition they DID
NOT know who they were, so they would have needed to search
EVERYTHING.

Lets say such universal surveillance -- a horror I cannot imagine --
were both possible and practical. Would it have stopped anything?
No. In response, the hijackers would simply have visited each other in
person to coordinate their plot, and we have already established that
had the government known who they were so they could have bugged such
conversations, universal surveillance would not have been required in
the first place.

Would it have been so difficult for them to, say, go and visit each
other to pick a date to fly planes into the World Trade Center?

It is trivial to blame encryption here, but I can't see that it is
reasonable to blame it. There is no evidence at all -- NONE -- that in
the absence of encryption it would not be equally possible to carry
out such attacks. I repeat:

  There is no evidence at all that in the absence of encryption it
  would not be equally possible to carry out such attacks.

At the very best, the internet could have provided a convenience to
the plotters -- no more.

The killing of Israeli athletes at Munich involved no encryption --
nor did a thousand other attacks. Why would you need encryption to be
a terrorist?

The people who claim "such an attack could only be made possible
via coordination over the internet" obviously don't remember that
people managed to communicate dates to meet even before there were
phones or even post offices, let alone the internet.

These same people ignore the fact that the US economy, and indeed the
world economy, could no longer function without encryption. Encryption
is vital to PREVENTING crime, you see. It provides enormous and
powerful security to ordinary people conducting their ordinary
affairs. Most are unaware that they're using encryption, but they
are. Would you like it easier for people to break into computer
networks? Would you like your electrical power system or your local
hospital to be more vulnerable to remote attack?  Just ban
encryption. Your wishes will be made manifest.

Ultimately, what is unsaid is that if widespread encryption is used,
the NSA will be unable to vacuum-cleaner listen in on billions of
conversations and transactions and spot such things before they
happen. Ignoring the vast and horrific intrusion that such systematic
surveillance of all members of society implies, there is no evidence
that terrorists couldn't simply modify their methods in response to
this, just as communist terrorists in Germany did when they
systematically studied law en

Re: [free-sklyarov] Please make stable NON-US homes for strong crypto projects (fwd)

[Tom]

On Sat, Sep 15, 2001 at 02:28:40PM -0400, Jay Sulzberger wrote:
> Subject: Please make stable NON-US homes for strong crypto projects

lemuria.org has stood strong against the DeCSS censorship, and I am in
the position of working at the provider. complaints, even faxes from
the cops, arrive in the room next to mine. :)

I can take copies of anything that needs a home. I can't play
maintainer or invest much time as I'm already stretched thin, but I
hereby offer lemuria.org as an archive site.

please contact me directly if you need anything mirrored.

-- 
-- http://web.lemuria.org
--



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

RE: Which internet services were used?

[Eric]

> [Moderator: I've listened to virtually all the news conferences made
> so far. The FBI has yet to make any such statement.
>
> In any case, however, why should we find this any more shocking or
> unfortunate than terrorism being plotted using telephones, or paper
> letters, or conversations? Why are there no hysterics noting "the
> plotters travelled using AUTOMOBILES!"


The claim is that automobiles or telephones do not evicerate the ability of
law enforcement to effectively do their job, while the use of strong
encryption and other electronic sundry do.  Therefore, it is argued that
cars and certain phones are ok, while strong encryption is not.




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

ip: Collision with Civil Rights: A Wide, Aggressive Probe

[R. A. Hettinga]

--- begin forwarded text


Status:  U
Date: Sat, 15 Sep 2001 12:17:27 -0500
To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED] (by way of [EMAIL PROTECTED])
Subject: ip: Collision with Civil Rights: A Wide, Aggressive Probe

http://www.washingtonpost.com/wp-dyn/nation/A34046-2001Sep14.html

A Wide, Aggressive Probe Collides With Civil Rights
Innocent People May Face Questioning, Experts Say

By Serge F. Kovaleski
Washington Post Staff Writer
Saturday, September 15, 2001; Page A14

NEW YORK, Sept. 14 -- As the FBI pursues thousands of leads around the
country and widens its dragnet, agents have detained for questioning dozens
of people who, investigators eventually determined, had no role in
Tuesday's terrorist attacks.

Terrorism experts said that such measures are a necessary part of following
tips about possible accomplices and sympathizers and trying to develop
intelligence that might lead to those behind the deadliest act of terrorism
in American history. But the experts also cautioned that FBI agents risk
running roughshod over people's civil liberties as they face immense
pressure and an extremely difficult investigation.

"They have to follow leads, and some people will get sucked up into the
investigation who had nothing to do with the attacks. And a lot of them
will fit a certain profile of Arabs and Muslims," said Juliette Kayyem,
executive director of the program on domestic preparedness at the John F.
Kennedy School of Government at Harvard.

She added: "The challenge is how do you do all this without intimidating an
entire ethnic or religious population. First of all, there is incredible
pressure on the FBI, and when law enforcement agencies are under pressure
they tend to cut corners and . . . there may be ethnic or racial profiling
going on to narrow the pool of suspects."

Most recently, the FBI said today that all 13 people taken into custody on
Thursday at Kennedy and La Guardia airports had been released and that none
of them had any ties to the hijacking attacks. But Justice Department
spokeswoman Mindy Tucker said at least one remained in custody.

Authorities said they suspected that one of the detainees was carrying a
fake pilot's license. Today, however, officials said the man was a pilot
and that there were suspicions about him because of documents he was
carrying, including a visa issued under another name. The man was taking
the papers to his brother in Boston, who coincidentally lived in the same
building as three of the hijackers, officials said.

Meanwhile, about 60 miles north of Pittsburgh, the home of radiologist
Basem M. Hussein was searched and his car was later impounded after his
landlord called local authorities Tuesday saying she had not seen him after
the attacks. Hussein's apartment was searched and his car was impounded at
the Pittsburgh airport, while agents investigated the lead by, among other
things, reviewing hospital employment records at two Pennsylvania hospitals
where he had worked.

Hussein, whose home is in Neshannock Township, Pa., just outside New
Castle, was located Wednesday afternoon at the Indian Health Service in
Shiprock, N.M., where he has been working as a contracted medical doctor
since early September, the FBI said. Hussein was detained, cooperated with
the questioning and was not arrested, the FBI said in a statement.

In Boston, federal authorities detained three people on Sept. 12 for
several hours after law enforcement officials received a tip that led them
to a hotel in downtown. In the city's Copley Square area, local police and
agents from the FBI and Bureau of Alcohol, Tobacco and Firearms descended
on the Westin Copley Hotel with battering rams and shields, detaining a
Saudi businessman, his wife and his sister who were guests, officials said.

Two bomb squads and two SWAT teams were among the first into the building
after reports that at least one suspect was hiding in the hotel. About an
hour later, police evacuated not only the hotel but the adjacent shopping
mall. An FBI source subsequently confirmed that the tip was wrong, and
there was no connection between the family and the suspected  terrorists.

About 4,000 special FBI agents are involved in the attack investigation, as
are the bureau's 56 field offices around the country. The agency has
received an estimated 36,000 leads and has served more than 30 search
warrants and issued hundreds of subpoenas, but has made at least one
arrest. Officials said that teams of agents have also been deployed to
airports to assist in case suspicious questions are raised about particular
passengers.

"There is a fine line between a thorough investigation and violations of
civil liberties. The line gets crossed when agents intimidate, use
excessive questioning and rely on racial profiling," said Salam
Al-Marayati, director of the Muslim Public Affairs Council in Los Angeles.
"The fact that the American Muslim community is under increased scrutiny is
unfortunate but something we have to accept."

J

Re: crypto backdoors = terrorisms free reign

[Hadmut Danisch]

On Fri, Sep 14, 2001 at 08:34:09PM -0700, Jim McCoy wrote:
> 
> Incorrect.  You will weaken the absolute security of many, but the few who
> choose to use strong (non-GAK) crypto will be easily distinguished from
> those who comply with the rules. 


No. It cannot be easily distinguished. That's the mistake
almost all politicians do.

Hadmut







-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Rijndael in Assembler for x86?

[Helger Lipmaa]

First, my question was caused since Perry(?) did not originally specify
*why* he needs an assembly code; and secondly, since the referred 186
assembly code might be slower than the best C codes for Pentium. On the
other hand, the best (commercial) assembly implementation of Rijndael for
P3 is >50% faster (~230 cycles per block versus ~360 cycles per
block) than Brian Gladman's (free) C implementation. Brian's
implementation seems to be almost optimal for a C-code. The reasons why
assembly code achieves such a speedup was somewhat explained in

* Kazumaro Aoki, Helger Lipmaa, "Fast Implementations of AES Candidates",
  AES 3 conference, 2000.

Both this paper, and a compendium of AES implementations are available
from http://www.tcs.hut.fi/~helger/aes (if you have anything to add there,
feel free to email me!). I am *not* aware of any free Rijndael assembly
implementations that are faster than 300 cycles per block on P3. I know
that there exist some non-free (including mine) implementations that are
faster, though.

Helger

On 14 Sep 2001, Ian Goldberg wrote:

> >> > Does anyone have an open source implementation of Rijndael in
> >> > assembler for the Pentium?
> >> 
> >> Why just not to use a C code?
> >
> >Because it is typically slower by many times than hand tuned assembler.
> 
> Are you sure?  For general code, that certainly hasn't been true in a
> long time; optimizing compilers nowadays can often do *better* then
> hand-coded assembler.  However, for encryption code in particular,
> I can imagine the C primitives (which usually lack rotate, etc.
> instructions) may be suboptimal.
> 
> That being said, back when I wrote the 40-bit RC5 breaker for the RSA
> challenge, I thought the same thing.  I figured I would first write a C
> version, and then tune the resulting assembler.  When I looked at what
> gcc had output, it had already done all the tricks I had in mind.
> 
> I would severely doubt a slowdown of "many times".  I'm more likely to
> believe a few percent, and would not be surprised if the compiler's
> optimizer is smarter than most people's.
> 
>- Ian
> 
> [Moderator's note: The best DES implementations for i386s in assembler
> are several times faster than the best in C. I'm not sure about AES
> but I'd prefer to try and see. Perhaps it's a feature of DES's odd bit
> manipulation patterns, perhaps not. I have yet to see GCC produce code
> for almost anything that was just as fast as hand tuned assembler,
> though. --Perry]
> 
> -
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
> 




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: crypto backdoors = terrorisms free reign

[Matt Blaze]

[EMAIL PROTECTED] writes:
...
> 
> Incorrect.  While it is possible that such a backdoor can be found it is by
> no means as simple as you imply, particularly for non-state entities.  While
> such secrets can eventually leak out this task is not easy for even trained
> professionals, to claim that it is going to be a simple task for radicals
> and hostile countries is not consistent with the facts.  While some secrets
> are hard to protect (especially over time) it is possible to build a system
> for key scrow that makes abuse difficult, albeit not impossible, and still
> provides the law enforcement assistance that the public may demand.
...

Although the subtleties of the problem may not be completely obvious, the
security risks introduced by key escrow mechanisms are quite significant.
See, e.g., our 1998 report:

http://www.crypto.com/papers/escrowrisks98.pdf

If anything, the risks we studied three years ago would be amplified
considerably today, given that encryption is now increasingly used as a
central component of the security of many critical services and systems.






-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

RE: crypto backdoors = terrorisms free reign

[Caspar Bowden]

> [mailto:[EMAIL PROTECTED]] On Behalf Of Jim McCoy
...
> [EMAIL PROTECTED] at [EMAIL PROTECTED] wrote:
...
> > 1) Weaken the ability of the free world to combat things such as 
> > terrorism due to the miss-assumption that criminals and terrorists 
> > will actually obey the law thereby causing lack of 
> preparedness.  You 
> > only restrict the rights of the law-abiding citizen, not 
> the lawless.
> 
> Incorrect.  You will weaken the absolute security of many, 
> but the few who choose to use strong (non-GAK) crypto will be 
> easily distinguished from those who comply with the rules.  

I've wondered about this in case of key escrow.

Isn't the only way of telling whether a blob of data is double-encrypted
(once with unauthorised/undeclared key, once with escrowed key), to open
up the blob with the escrowed key and have a look ? 

Of course the contents could be stegoed, but that appears not to matter
to govts. (in the memorable words of a British official "only criminals
will use stego" - as if that was a refutation.)

So presumably (unless the escrow was a sham) there would have to be some
kind of random-sampling at rate p, so that after N times, probability of
getting caught (1-p)^N would be adjusted to act as sufficient deterrent.

Is anyone aware of any paper written on operational/policy side of this
- I guess it's the sort of thing people wouldn't have been worrying
about for several years.

--
Caspar Bowden   www.fipr.org
Director, Foundation for Information Policy Research
Tel: +44(0)20 7354 2333 





-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Congress mulls crypto restrictions in response to attacks

[Carl Ellison]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

At 12:23 AM 9/15/2001 -0700, Bram Cohen wrote:
>People in cells probably forego electronic communications completely
>for highly sensitive information - face to face communication works
>fine and doesn't involve anywhere near the risks.

According to the author of a biography on bin Laden, interviewed on
this morning's NPR coverage, he uses only person-to-person
communication with people bound to him by blood.

That interview should be available on the archive soon.


-BEGIN PGP SIGNATURE-
Version: PGP 6.5.8

iQA/AwUBO6OP4nPxfjyW5ytxEQKMWgCgj60RzQP02W5lS/J8B9MImZ16SAsAoJe8
gcvEl1R25DOydLW917wte62D
=yin5
-END PGP SIGNATURE-


+--+
|Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme |
|PGP: 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: crypto backdoors = terrorisms free reign

[Carl Ellison]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

At 07:46 PM 9/14/2001 -0500, [EMAIL PROTECTED] wrote:
>
>I don't understand why anyone would choose to vote for an individual
>that doesn't understand the above logic.  
>

I wish people voted for people who understood any kind of logic.

As Matt Blaze pointed out at USENIX Security this year, politicians
aren't scientists.  We value logic and truth.  Politicians value
getting people to agree.  A scientist's pursuit of logic and truth
uses disagreement.  To a politician, disagreement is a tool of
attack.


 - Carl

-BEGIN PGP SIGNATURE-
Version: PGP 6.5.8

iQA/AwUBO6OOyXPxfjyW5ytxEQKrDwCeLml5tYeixa75g1KGndS7g7jyv1UAoJzz
ppmtNzb9h3DKVUpbiX/hBQfW
=Gswr
-END PGP SIGNATURE-


+--+
|Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme |
|PGP: 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: chip-level randomness?

[Carl Ellison]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

At 09:51 AM 9/14/2001 -0400, R. A. Hettinga wrote:
>I'm rooting around for stuff on hardware random number generation.
>
>More specificially, I'm looking to see if anyone has done any
>entropy-collection at the chip-architecture level as part of the
>logic of a chip.
>
>I saw somewhere the intel had done it as part of the Pentium, for
>instance, but I can't find out whether it's an actual entropy
>collector, or just a PRNG.

http://developer.intel.com/design/security/rng/rngfaq.htm

The Intel generator is not built into the Pentium but rather into the
Intel chipset (specifically, a part called the Firmware Hub).  It is
available in the 800-series chipsets/motherboards.  Roughly, you can
find these on Intel Pentium III and P-4 motherboards.  To find
whether a particular system has the RNG, you can try loading the
Intel RNG driver (under Windows) and you'll be told whether the
system has the hardware.

See http://developer.intel.com/design/security/rng/rngres.htm for the
driver ("Security Driver")

BTW, that RNG is really hot -- very high speed, very high entropy. 
The post-processing in hardware is relatively simple.  The driver
post-processes by running batches through a hash.

I'm told that the LINUX 2.4 kernel comes with the RNG driver
built-in, but I haven't tried that.

 - Carl

-BEGIN PGP SIGNATURE-
Version: PGP 6.5.8

iQA/AwUBO6OM6nPxfjyW5ytxEQI5oQCfUBWT4vuM59G+vMciLZepFgkazG0AoMFN
sbkT+UGB5EbZ68VciHGIXB6S
=udQC
-END PGP SIGNATURE-


+--+
|Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme |
|PGP: 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Which internet services were used?

[Paul Cardon]

Hadmut Danisch wrote:
> 
> A german TV news magazine (ZDF spezial) just mentioned that
> the terrorists prepared and coordinated
> also by using the internet, but no details were told.
> 
> Does anyone know more about this?
> 
> Hadmut
> 
> [Moderator: I've listened to virtually all the news conferences made
> so far. The FBI has yet to make any such statement.



On Wednesday, CNN reported that AOL handed over information on several
accounts to investigators.

-paul



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

DCSB: Jean Camp; Trust and Risk in Digital Commerce

[R. A. Hettinga]

--- begin forwarded text


Status:  U
Date: Sat, 15 Sep 2001 12:16:57 -0400
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
From: "R. A. Hettinga" <[EMAIL PROTECTED]>
Subject: DCSB: Jean Camp; Trust and Risk in Digital Commerce
Cc: Jean Camp <[EMAIL PROTECTED]>
Sender: [EMAIL PROTECTED]
Reply-To: "R. A. Hettinga" <[EMAIL PROTECTED]>

-BEGIN PGP SIGNED MESSAGE-

[The Harvard Club is now "business casual". No more jackets and ties,
but see below for details. While it lasts, anyway. Since last year's
dot-bomb, the suit-ratio in the main dining room has been
asymptotically approaching unity. :-). --RAH]



 The Digital Commerce Society of Boston

  Presents

 Jean Camp,
Kennedy School of Government

  Trust and Risk in Digital Commerce


 Tuesday, October 2nd, 2001
 12 - 2 PM
 The Downtown Harvard Club of Boston
One Federal Street, Boston, MA



Trust is the critical variable in Internet Commerce. Trust
requirements differentiate Internet from other forms of commerce.
Trust has three primary components: reliability, security, and
privacy.

There is trust in routing, trust in encryption, and trust in
applications. The layers of trust, the areas of risk, the power of
cryptography, and the limits to security are all explained for the
general audience in this text.

When a business obtains customer data, the customer trusts that the
data are used to improve service for her, and not used in a manner
that harms her. The business is not necessarily violating privacy but
is certainly requiring some extension of trust from the customer.
This talk examines that trust relationship and examines the types of
data that are most immediately useful but the least used.

This talk contains explanations of fault tolerance and the components
of reliability. Most transactions today are not fault tolerant. If a
transaction is not reliable (in the sense of being fault tolerant)
someone is at risk when the transaction fails. It is therefore
important to be able to read a transaction-based Internet commerce
standard and understand from that the risks involved in using the
standard.


Jean Camp is an Assistant Professor at the Kennedy School of
Government, a Senior Member of the IEEE, and an elected Director of
CPSR. Prof. Camp's core interest is in the interaction of technology,
society, and the economy. Her interest usually fits within the design
for values rubric or under the electronic civil liberties umbrella.
It was this interest that led Prof. Camp from graduate electrical
engineering research in North Carolina to the Department of
Engineering and Public Policy at Carnegie Mellon, and it remained her
core research interest at Sandia National Laboratories, and continues
at the Kennedy School. Prof. Camp's expertise are in Internet
commerce and design for values. She is the author of "Trust and Risk
in Internet Commerce" (2000, MIT Press). She is the author of more
than thirty peer-reviewed publications on technical issues of social
importance (e.g., privacy, reliability) and social issues with
critical technical elements (e.g., content selection).



This meeting of the Digital Commerce Society of Boston will be held
on Tuesday, October 2nd, 2001, from 12pm - 2pm at the Downtown
Branch of the Harvard Club of Boston, on One Federal Street. The
price for lunch is $37.50. This price includes lunch, room rental,
A/V hardware if necessary, and the speakers' lunch. The Harvard Club
has relaxed its dress code, which is now "business casual", meaning
no sneakers or jeans. Fair warning: since we purchase these luncheons
in advance, we will be unable to refund the price of your meal if the
Club finds you in violation of what's left of its dress code.


We need to receive a company check, or money order, (or, if we
*really* know you, a personal check) payable to "The Harvard Club of
Boston", by Saturday, September 29th, or you won't be on the list for
lunch. Checks payable to anyone else but The Harvard Club of Boston
will be returned.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The
Harvard Club of Boston", in the amount of $37.50. Please include your
e-mail address so that we can send you a confirmation

If anyone has questions, or has a problem with these arrangements
(we've had to work with glacial A/P departments more than once, for
instance), please let us know via e-mail, and we'll see if we can
work something out.


Upcoming speakers for DCSB are:

November TBA
December TBA
January  TBA


As you can see, :-), we are actively searching for future speakers.
If you are in Boston on the first Tuesday of the month, are a
principal in digital commerce, and would like to make a presentation
to the Society, please send e-mail to the DCSB Program Committee,
care of

Re: Rijndael in Assembler for x86?

[jamesd]

--
 Perry E. Metzger <[EMAIL PROTECTED]> wrote:
> >Because it is typically slower by many times than hand
> >tuned assembler.

On 14 Sep 2001, at 14:24, Ian Goldberg wrote:
> Are you sure?  For general code, that certainly hasn't been
> true in a long time; optimizing compilers nowadays can
> often do *better* then hand-coded assembler.

So say compiler writers.

I have not found this to be true.  Perhaps it is true of some
compilers and some people's assembler, and some code.

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 R+xhXGtvscaNbOpfLSnwjeziDpDOv2XtF4/h1ST9
 4Haf1Gw4kSOsLRysU1Atpc78QFbNBjP0Dr0J4Ji3I




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Which internet services were used?

[Hadmut Danisch]

A german TV news magazine (ZDF spezial) just mentioned that
the terrorists prepared and coordinated
also by using the internet, but no details were told.

Does anyone know more about this?

Hadmut

[Moderator: I've listened to virtually all the news conferences made
so far. The FBI has yet to make any such statement.

In any case, however, why should we find this any more shocking or
unfortunate than terrorism being plotted using telephones, or paper
letters, or conversations? Why are there no hysterics noting "the
plotters travelled using AUTOMOBILES!"

If the plotters used encryption, well, literally hundreds of millions
of law abiding people do so every day as well. Most of the ignorant
reporters saying things about encryption use it too, even if they
aren't aware of it.  --Perry]


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: chip-level randomness?

[Sandy Harris]

"R. A. Hettinga" wrote:
> 
> I'm rooting around for stuff on hardware random number generation.

RFC 1750 is a standard reference. There's a draft of a rewrite on ietf.org.
 
> More specificially, I'm looking to see if anyone has done any
> entropy-collection at the chip-architecture level as part of the logic of a
> chip.
> 
> I saw somewhere the intel had done it as part of the Pentium, for instance,
> but I can't find out whether it's an actual entropy collector, or just a
> PRNG.

http://www.cryptography.com/intelRNG.pdf



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Please make stable NON-US homes for strong crypto projects

[John Gilmore]

It's clear that the US administration is putting out feelers to
again ban publication of strong encryption.  See:
  http://www.wired.com/news/politics/0,1283,46816,00.html

The evil gnomes who keep advancing unconstitutional US anti-crypto
policies know that the current hysteria in Congress and the
Administration will not last forever.  So they will probably move very
quickly -- within a week is my guess -- to re-control encryption,
either by a unilateral action of the Administration (by amending
the Export Administration Regulations), or by stuffing a rider onto
some so-called "emergency" bill in Congress.

They maneuvered very carefully in the Bernstein case such that there
is no outstanding injunction against violating the Constitution this
way -- and even no binding 9th-Circuit precedent that tells them it's
unconstitutional to do so.  They know in their hearts that numerous
judges have found it unconstitutional, but they have proven throughout
the seven-year history of the case that they don't give a damn about
the Constitution.  Which means it may take weeks, months or years for
civil liberties workers to get a judge to roll back any such action.
Not just days.  We won the case, but they squirmed out of any
permanent restrictions -- so far.

The US government has a new mania for wiretapping everyone in case
they might be a terrorist.  There's already two bills in Congress to
make it trivial for them to wiretap anybody on flimsy excuses, and to
retroactively justify their precipitous act of rolling Carnivore boxes
into major ISPs this week and demanding, without legal authority, that
they be put at the heart of the networks.  See:
  http://www.politechbot.com/docs/cta.091401.html

Even more than before, we will need good encryption tools, merely to
maintain privacy for law-abiding citizens, political activists, and
human rights workers.  (In the current hysteria, mere messages
advocating peace or Constitutional rights might best be encrypted.)
The European Parliament also recently recommended that European
communications be routinely encrypted to protect them from pervasive
US Echelon wiretaps.

Some US developers, who thought such a reversal would never happen,
have built or maintained a number of good open source encryption tools
in the United States, and may not have lined up solid foreign
maintainers or home sites.

LET'S FIX THAT!  We need volunteers in many countries to mirror
current distributions, CVS trees, etc.  We need volunteers to also
act as maintainers, accepting patches and integrating them into
solid releases.

(Note that too many countries have pledged to stand toe-to-toe with the
US while they march off to make war on somebody they can't figure out
who it is yet.  If you live in one of those countries, you may
suddenly find that your own crypto regs have been sneakily altered.
Take care that each useful package has maintainers and distribution
points in diverse countries.)

I haven't kept close track of which packages are in danger.  I
suggest that people nominate packages on this mailing list, and that
others immediately grab mirror copies of them as they are nominated.
And that some of those who mirror them keep quiet, in case hysterical
governments make a concerted effort to stamp out all copies and/or all
major distribution sites.  If you aren't the quiet type, then *AFTER*
IMMEDIATELY PULLING A COPY OF THE CODE OUTSIDE US JURISDICTION,
announce your mirror on this mailing list.

We freedom-loving US citizens have had to rely on the freedom-loving
citizens of saner countries, to do the work of making strong
encryption, for many years.  We had a brief respite, which we will
eventually resume for good.  In the meantime, please let me apologize
for my countrymen and for my government, for asking you to shoulder
most of the burden again.  Thank you so much.

John Gilmore

PS: Companies with proprietary encryption packages might consider
immediately open-sourcing and exporting their encryption add-ins, so
their customers can still get them from overseas archives.  Or taking
other actions to safeguard the privacy and integrity of their
customers' data and their society's infrastructure.  I also advise
that they lobby like hell to keep privacy and integrity legal in the US.



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Congress mulls crypto restrictions in response to attacks

[Bram Cohen]

On Fri, 14 Sep 2001, Jim McCoy wrote:

> It is well known and documented that these cells use PGP and stego tools
> when necessary

The only cases I've ever read of crypto being used by illegal cells has
been encrypting of hard drives - certainly a use of crypto, but not one
which might have helped the world trade center terrorists avoid getting
caught - encrypting hard drives is for damage mitigation, and we don't
have any evidence so far that intelligence was onto them in the least.

People in cells probably forego electronic communications completely for
highly sensitive information - face to face communication works fine and
doesn't involve anywhere near the risks.

-Bram Cohen

"Markets can remain irrational longer than you can remain solvent"
-- John Maynard Keynes




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Senate votes to permit warrantless Net-wiretaps, Carnivore use

[Declan McCullagh]

At 10:57 PM 9/14/01 -0400, Steven M. Bellovin wrote:
>This is seriously misleading.  Although there are a fair number of
>objectionable items in the bill (the worst of which are likely
>unconstitutional, though you'd have to explain protocol layering to a
>judge to make that point clear), the bill is concerned with pen
>registers and trap-and-trace devices.  It does not legalize
>"warrantless wiretaps".  And yes, Carnivore can be used more freely
>under this bill, but only in its pen register mode.

Steve,
I recognize that you may be going through a lot of mail, but the article is 
hardly "seriously misleading."

I made precisely the point you made myself (it doesn't appear that you read 
the article in its entirety, and based your comments on a brief excerpt):

http://www.wired.com/news/politics/0,1283,46852,00.html
>Warrantless surveillance appears to be limited to the addresses of 
>websites visited, the names and addresses of e-mail correspondents, and so 
>on, and is not intended to include the contents of communications. But the 
>legislation would cover URLs, which include information such as what Web 
>pages you're visiting and what terms you type in when visiting search engines.

Pardon me for not taking much comfort from your assurance that Carnivore 
and its progeny can be used "only in its pen register mode." The URLs to 
web pages I visit, which can include search terms, and the identities of 
the people with whom I correspond, are important items that many people 
would consider private enough to require a court order.

Also, as a seperate note, Senate Judiciary committee aides told me they 
believe the wording of the bill -- apparently hastily-drafted -- may cover 
content of the communications, not just origin-desination information. If 
they're not sure, and they've had a full day to read it, how can you be so 
remarkably positive your interpretation is correct?

And even if you think it's unobjectionable, these sorts of measures might 
well deserve full, reasoned debate rather than being rushed through late in 
the night during a national emergency, two days after a brutal terrorist 
attack, and attached to a spending bill. (The spending bill doesn't even 
take effect for weeks, so clearly we could wait until next week and, gasp, 
convene a hearing.) Senators were given just half an hour or so to read a 
complicated wiretap bill before a scheduled vote.

Senator Patrick Leahy, who chairs the Judiciary committee and is not known 
for exaggerating privacy threats, was concerned enough to denounce the bill 
on the Senate floor during the late-night debate. Here's what he said:

http://www.fas.org/sgp/congress/2001/s091301.html
>LEAHY: Maybe the Senate wants to just go ahead and adopt new abilities to 
>wiretap our citizens. Maybe they want to adopt new abilities to go into 
>people's computers. Maybe that will make us feel safer. Maybe. And maybe 
>what the terrorists have done made us a little bit less safe. Maybe they 
>have increased Big Brother in this country.

We can disagree about how concerned we should be about broader warantless 
surveillance powers -- one DC privacy group has already said this bill is 
the most disturbing change to wiretap laws since CALEA -- but dismissing 
concerns as "only pen register mode" seems a bit much.

-Declan




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: chip-level randomness?

[Eric Rescorla]

"R. A. Hettinga" <[EMAIL PROTECTED]> writes:
> I'm rooting around for stuff on hardware random number generation.
> 
> More specificially, I'm looking to see if anyone has done any
> entropy-collection at the chip-architecture level as part of the logic of a
> chip.
> 
> I saw somewhere the intel had done it as part of the Pentium, for instance,
> but I can't find out whether it's an actual entropy collector, or just a
> PRNG.
It's  physical noise generator feeding into some postprocessing.

See: http://www.cryptography.com/intelRNG.pdf

-Ekr



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Congress mulls crypto restrictions in response to attacks

[Jim McCoy]

Bram Cohen at [EMAIL PROTECTED] wrote:

> On Thu, 13 Sep 2001, Bill Frantz wrote:
> 
>> So the honorable gentlemen are proposing unilateral crypto disarmament?  Or
>> perhaps a world where many governments can read the business plans and
>> strategies of US companies?  Or perhaps a world where the terrorists
>> themselves can read the travel plans of their targets?
> 
> Preliminary indications are that the terrorists communicated on perfectly
> ordinary cell phones - it's dubious that they used any crypto at all.

It is well known and documented that these cells use PGP and stego tools
when necessary, probably because they are relatively easy and available.
While the information needed to build such tools can be found on the web, Al
Qaeda does not need to because people like us have already made them widely
available.  Sad, but true.

jim




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: crypto backdoors = terrorisms free reign

[Jim McCoy]

[EMAIL PROTECTED] at [EMAIL PROTECTED] wrote:
[...]
> If you weaken technology for secure communication and transmission in any
> manner you must realize that at the same time you will...

After seeing several people preach to the choir here (while at the same time
trying to wash their hands of any culpability for their own small role in
enabling terrorists) it strikes me that most here just have not come to
terms with the fact that the rules have changed.  It does not help that
everyone is bringing out the weak arguments

> 1) Weaken the ability of the free world to combat things such as terrorism due
> to the miss-assumption that criminals and terrorists will actually obey the
> law thereby causing lack of preparedness.  You only restrict the rights of the
> law-abiding citizen, not the lawless.

Incorrect.  You will weaken the absolute security of many, but the few who
choose to use strong (non-GAK) crypto will be easily distinguished from
those who comply with the rules.  Being able to do this sort of first-pass
discrimination and then link up relationships between those who are using
strong crypto (you called them and they called someone else, follow the
links) is a key task in SIGINT.

> 2) Weaken the safety of dissidents and human rights organizations that exists
> in hostile countries.  Reason being that any backdoor can be found by anyone
> with the resources.  Many hostile countries have or could buy such resources.

Posssibly, but U.S. legislators don't really care (nor should they) about
the safety of dissidents and NGOs that are breaking the laws in other
countries (if those countries also restrict crypto.)  Your premise that any
backdoor can be found is rather weak as well.  In most cases the "backdoor"
is not hidden; its existence is well known and its main advantage to law
enforcement is that it cuts down the size of the keyspace to be searched.

> 3) Create another tool for Terrorism against our financial (and other types
> of) institutions that rely on secure communications.  Again, this is possible
> because any backdoor can be found by anyone with the resources.  Radicals and
> hostile countries have such resources.

Incorrect.  While it is possible that such a backdoor can be found it is by
no means as simple as you imply, particularly for non-state entities.  While
such secrets can eventually leak out this task is not easy for even trained
professionals, to claim that it is going to be a simple task for radicals
and hostile countries is not consistent with the facts.  While some secrets
are hard to protect (especially over time) it is possible to build a system
for key scrow that makes abuse difficult, albeit not impossible, and still
provides the law enforcement assistance that the public may demand.

> And lastly, and perhaps this is just a personal statement...
> 4) You turn law abiding citizens that realize the above facts into lawless
> one's as they say:
> I will protect myself, my company, my organization and will use encryption
> tools and methods, which I feel, are COMPLETELY.

Not sure what you were trying to say here, but the rest of the country is
currently of the mind that if you want to do so and go to jail, so be it.
Don't expect people to shed too many tears for "pushing" you into breaking
the law.

While your arguments have passion, they lack the logical consistency that
you seem to want to claim.  Sorry.

jim




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]