Re: How to ban crypto?

[Peter Gutmann]

"Steven M. Bellovin" <[EMAIL PROTECTED]> writes:

>The basic [GAK] argument is complexity.  Cryptographic software and key
>exchange protocols are very hard to get right even in simple cases.  If we now
>try to add a new feature, we have to add complexity.  Worse yet, this new
>feature is designed to do something that is not only brand-new, it's something
>that more conventional protocols and implementations are designed to avoid, at
>virtually all costs:  export a copy of the key.  Why do you think we can get
>this right?

There is strong empirical evidence to support the fact that we can't get this
right.  Let's say a GAK infrastructure is two orders of magnitude more
difficult to establish than a PKI (it may be even worse than that, but let's
take that as an estimate - to get a GAK infrastructure going you need, as a
minimum, a fully functional PKI to build on top of).

After 10 years of effort we haven't even managed to get a basic PKI going yet
(what's being practiced today could best be described as "certificate
manufacturing").  I can't see how a GAK infrastructure will ever be practical.

(I once heard a story about a someone in the military who suggested that
 security researchers develop a program which could analyse another program to
 see if it would do something malicious.  The response was that the military
 should fund the research and they'd let them know when they had a solution.
 Perhaps this is a way to get funding for further PKI/GAK research).

Peter.



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: FC: Majority of Americans want anti-encryption laws, poll says

[Hadmut Danisch]

On Tue, Sep 18, 2001 at 01:08:39AM -0400, R. A. Hettinga wrote:
> 
> Also note that 72 percent of those surveyed said anti-encryption laws would
> be "somewhat" or "very" helpful in preventing similar terrorist attacks.
> 

An emotional anti-crypto-campaign seems to have started.

Yesterday I saw a special issue of a german TV news magazine
("Report aus München"), one of their main themes were the
communication methods of the terrorists. 

The level of the report was poor. Though they had
interviews with an american and a german security expert
(I know the latter one personally, he's really an expert),
they did not manage to understand what the experts said
(the german one explained steganography).

They confused encryption and steganography several times.

The conclusion was, that cryptography enabled this kind
of attack. Not that they had any kind of encrypted message
or any hint that cryptography was actually used. Their
simple logic is that such an attack is not possible without
cryptography, therefore the attackers must have used cryptography.

Some time ago, a arabian man who i said to be one of 
Bin Laden's agents, was taken under arrest in germany.
The police confiscated some CDROMs he was carrying, but they
didn't find anything except harmless arabian texts on these cdroms.
The TV magazine took this as an evidence that they must have
used cryptography.

What a kind of logic: We didn't find any suspicious 
messages -> he must have used cryptography -> guilty.

These kind of magazines are the ones which influence
people's and politician's opinion.

Hadmut








-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: chip-level randomness?

[Pawel Krawczyk]

On Mon, Sep 17, 2001 at 01:44:57PM -0700, Bram Cohen wrote:

> > What is important, it *doesn't* feed the built-in Linux kernel PRNG
> > available in /dev/urandom and /dev/random, so you have either to only
> > use the hardware generator or feed /dev/urandom yourself.
> That's so ... stupid. Why go through all the work of making the thing run
> and then leave it unplugged?

It's not that stupid, as feeding the PRNG from i810_rng at the kernel
level would be resource intensive, not necessary in general case and
would require to invent some defaults without any reasonable arguments
to rely on. Like how often to feed the PRNG, with how much data etc.

On the other hand, the authors provide a `rngd' daemon, running in
userland, that reads the i810_rng device and feeds the data into kernel
PRNG. It seems to be reasonably written, with all the possible caveats
in mind, and you can control the feeding interval, block size and other
parameters.

URI: http://sourceforge.net/project/showfiles.php?group_id=3242&release_id=28349

-- 
Paweł Krawczyk *** home: 
security:   *** fidonet: 2:486/23



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

ip: Disposable phones--a security risk?

[R. A. Hettinga]

--- begin forwarded text


Status:  U
Date: Mon, 17 Sep 2001 23:39:20 -0500
To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED] (by way of [EMAIL PROTECTED])
Subject: ip: Disposable phones--a security risk?

http://www.zdnet.com/zdnn/stories/news/0,4586,5097046,00.html?chkpt=zdnnp1tp02

 Disposable phones--a security risk?

 <#talkback>TalkBack! By <'mailto:[EMAIL PROTECTED]'>Ben Charny
 September 17, 2001 5:15 PM PT

   Hop-On Wireless Chief Executive Peter Michaels and the rest of the
nascent disposable cell phone industry are scrambling to defend a product
that hasn't made it into the United States yet, but is a target of the
nation's top crime fighters as they crack down on terrorism.

 During the weekend, U.S. Attorney General John Ashcroft and FBI Director
Robert Mueller indicated that disposable phones are one of the reasons they
want to give the U.S. law enforcement community more legal power to fight
terrorism, using techniques such as tapping phones.

 Disposable cell phones come pre-loaded with a finite number of calling
minutes, and are meant to be used, then tossed in the trash. The phones
themselves are stripped-down versions of their more expensive
brethren--offering in the case of some phones just the ability to make a
single phone call. Voice mail and other amenities standard for most
wireless phones are not part of the disposable phone's package of services.

 Whether disposable phones were used to help orchestrate Tuesday's attack
on the Pentagon and the World Trade Center hasn't been made public. But the
mere mention of them in connection with the Tuesday attacks has the
industry scrambling to explain the safeguards that retail outlets like
Target, Kmart and 7-Eleven might be taking in mid-October when they begin
selling these phones.

 Ashcroft thinks law enforcement officials should be able to eavesdrop on
any phone used by a suspect in a foreign intelligence case, even without a
wiretap warrant signed by a judge. The nation's most powerful law
enforcement officials then singled out disposable cell phones, saying on
the CBS television show "Face the Nation" that the current set of wiretap
regulations are useless if terrorists and criminals use these phones.

 "It simply doesn't make sense to have the surveillance authority
associated with the hardware, or with the phone, instead of the person or
the terrorist," Ashcroft said on the Sunday morning news program.

 A series of proposed laws backed by Ashcroft and FBI Director Robert
Mueller are expected to reach Capital Hill by week's end.

 Michaels said calling cards are more of a threat to U.S. security than
disposable phones.

 The phones also aren't as anonymous as Ashcroft and other government
officials think, he said. When someone buys a Hop-On phone, they are asked
to provide a name and address, ostensibly so the company can contact them
when they set up a program to recycle these devices.

 Michaels also said the phones that he sells only work in the United
States, making it impossible for a foreign terrorist to reach someone
outside the country.

 Also, calls made from these phones can be tracked through phone logs, he
said.

 "If Ashcroft said disposable phones aren't good for our country, how about
free e-mail, or calling cards?" Michaels said. "If someone really wants to
hide from the government, they will use a calling card at a pay phone."

 A representative from Dieceland Technologies, a New Jersey-based company
that has inked a distribution deal for its $10 talk-and-toss phone with GE
Capital, the investment arm of General Electric, did not return an e-mail
seeking comment.

 The phones will sell for $30 and will be offered in less than a month,
said Michaels.

 Wireless analysts like Paul Dittner, of analyst firm Gartner, think they
could catch on in the United States, but among the set of people "with poor
credit ratings, no credit histories or transient lifestyles, or people such
as seniors and vacationers who simply want to have a phone available for
emergencies."

--- end forwarded text


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Which internet services were used?

[Michael Shields]

In article <[EMAIL PROTECTED]>,
"Perry E. Metzger" <[EMAIL PROTECTED]> wrote:
> These same people ignore the fact that the US economy, and indeed the
> world economy, could no longer function without encryption.

I am not sure that it is accurate to say that the world economy will
grind to a halt without encryption.  It would suffer massive truly
fraud losses, just as credit cards currently experience massive fraud
due to their use of a single fixed account number.  But given the
current mood in the US, the public might even be prepared to accept
huge economic losses -- if it made them feel safer.

An effective argument against crypto restrictions must be on the
grounds that new laws would not help fight terrorism.  It is very
difficult to convince people with a cost-side argument, because the
effects of a successful terrorist attack can be viewed as nearly
infinite.  The public will only be strongly opposed to new measures if
they feel that they are ineffective.
-- 
Shields.



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[FYI] FITUG Statement on Crypto Policy

[Axel H Horns]

http://www.fitug.de/news/crypto-long-010918.html

--- CUT --- 
FITUG Statement on crypto policy 2001-09-18

FITUG expresses its deepest sympathy for the victims of the heinous
attacks in the U.S.  

FITUG calls upon the governments around the world to ensure combating
of terrorism and other forms of crime on the basis of proper law
enforcement on the basis of law and justice in order to protect those
basic values constituting a free and democratic world.

The tragic events have sparked off an increasing debate on 
legislative measures suitable to help preventing future acts of 
terrorism, in particular with regard but not limited to potential
future casualties including utilisation of weapons of mass destruction
(WMD).

One option recently proposed by various circles concerned comprises a
re-strengthening of the signal intelligence (SIGINT) capabilities of
the intelligence services and measures to facilitate the communication
eavesdropping of law enforcement agencies in order to be able to
uncover and monitor communication links of distributed groups of
terrorists or other criminals. When following this argumentation, the
availability of strong "unckrackable" encryption products to everybody
can be identified as a major obstacle blocking further progress in
anti-terrorism and anti-crime policy.   

Such view is, however, misleading, and any resulting legislative
activity based thereon will inevitably fail to reach its goal but
instead undermine the basic values of freedom and democracy which we
all do need to protect against terrorism in these grievous times.

In particular, FITUG issues a number of observations as set out 
below:

- Over-reliance of intelligence services and law enforcement agencies
on technology-based surveillance may well lead to a lack of awareness
of relevant facts. It has come to be known that frequently in
terrorist or other criminal groups some of the most important
information is relayed non-technologically, often carried by human
couriers. Oftenly, the communications methods employed by such
organisations are designed to defy technological surveillance.   

- Hence, the proper way to enhance the capabilities of the 
intelligence services and law enforcement agencies is to effect a
major reform of these institutions, abandoning contemporary visions of
defeating terrorism and other crime by monitoring the outside world by
masses of officials staring on countless computer screens installed
within high-security fortresses and displaying data gathered by SIGINT
techniques. The SIGINT hybris has to be stopped. What the services
actually need isn't more and more electronic access to private raw
information but more brain power in order to derive proper
conclusions. Let them then get out to mess with real terrorists and
other criminals in real life. This is where a solution of the current
crisis can be found.

- Cryptography is now well established as a basic technology for
countless products of the emerging Information Society and, hence, a
complete ban thereof is deemed to be completely infeasible. Moreover,
in the late 90ies of the past centuries many recognised experts in the
field of cryptography have demonstrated that mandatory GAK is not a
real option on a technical level; countless technical problems of
large-scale GAK systems are still completely unresolved. 

- Some have said that the tragic events in the U.S. are an example of
high-tech terrorism. This is completely wrong. Although the captured
planes surely are high-tech, the way of capturing them by rogue
brutality exercised with knifes is absolutely low-tech. By no means
society should forget that there is a real risk of a very severe high-
 tech assault on the data networks of the wired world. However, 
widespread use of strong cryptography is a crucial brick in a 
framework to protect the sensitive technical network infrastructure of
the Information Society against attacks. Obstruction of free usage of
strong cryptography means irresponsibly weakening the infrastructual
framework of the emerging Information Society. 

- Last but not least, the right to privacy of the ordinary citizen is
one of the core values of a free democracy. Destroying the technical
basis for preserving privacy in the Information Society means to
deteriorate one of the essential characteristics of the free world.   

Whatever legislative steps are taken in response to the recent 
attacks, terrorists and other criminals will come up with effective
techniques to conceal what and with whom they communicate from where
to where, or even whether they store and communicate at all. Thus, if
legal restrictions are placed on the privacy permitted by the IT
infrastructure, only criminals will enjoy unrestricted privacy.   

In the current situation, law enforcement agencies should only be
allowed and enabled to exploit security weaknesses of IT s

[FYI] FITUG urges political leaders to defend citizens' freedoms

[Axel H Horns]

http://www.fitug.de/news/pes/fitug-010918.en.html

--- CUT -

FITUG e.V.  

Förderverein Informationstechnik und Gesellschaft  

FITUG urges political leaders to defend citizens' freedoms  

Tuesday's terrorist attacks were not only targeting human lives, but 
also the basic values of open societies. In these dark hours of grief 
and wrath, political leaders are called upon to protect both: 
Citizens' lives and citizens' freedom.  

Terrorists' attack on open societies cannot be completed but with 
help from ourselves, and from our political leaders. This must not 
happen.  

In the ongoing debate on how terrorism is best fought, one option 
proposed by certain circles comprieses strenghtening signal 
intelligence capabilities. According to these circles, the 
eavesdropping capabilities available to law enforcement and the 
intelligence community are insufficient for uncovering and monitoring 
communication of today's distributed and highly organized groups of 
terrorists and criminals.  

Availability of virtually unbreakable encryption products to the 
general public is perceived as a major obstacle in the current battle 
against terrorism.  

This perception is highly misleading. Any legislative activity based 
on it will inevitably fail to reach its goal. Instead, such activity 
would undermine basic values of free and open societies, such as 
citizens' right to privacy and private communication.  

Such legislative activity would ignore the ample evidence that the 
problem of today's intelligence is not a lack of signal intelligence, 
but a lack and neglection of human intelligence and intelligent 
interpretation of the material collected.  

Even the most sophisticated signal interception technology available 
will hardly be able to thwart stone age style secure channels used by 
terrorists, such as human couriers and confidential face-to-face 
meetings.  

Cryptography is a key enabling technology for a safe information 
society. Obstructing the use of practically unbreakable encryption as 
a means of securing electronic communications will make our modern, 
information-based economies and societies even more susceptible to 
cyber criminals' and terrorists' attacks.  

Stopping the spread of strong cryptography would amount to blasting 
holes into the civilized world's already-thin defense shield against 
digital harm.  

We therefore urge political leaders and policy-makers not to restrict 
citizens' and businesses' freedom to communicate privately, using the 
best technology available.  

Our societies and economies need this technology and its widespread 
use in order to defend against tomorrow's digital attacks.  

About FITUG  

FITUG creates connections to the virtual world of new media and data 
networks. From our statues: "The association's purpose is the 
fostering of the integration of new media with society, public 
education about technologies, risks, and dangers of these media, and 
the fostering of human rights and consumer interests with respect to 
computer networks." FITUG is a member of the Global Internet Liberty 
Campaign (GILC).  

--- CUT -




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: FC: Majority of Americans want anti-encryption laws, poll says

[John W Noerenberg II]

At 10:47 AM -0700 9/18/01, Jay D. Dyson wrote:
>   But the press props it up as justification for the gradual erosion
>of our liberties.  The academic and civil-rights-minded crowds will
>protest, but the emotional appeals of those promising greater security
>will likely drown them out.

Jay, beware of making such sweeping statements as "the press 
props"  This is no more true than all Arabs are terrorists.

Does Princeton Survey Research Associates have a particular political 
agenda - or did they just blow it with this survey?
-- 

john noerenberg
[EMAIL PROTECTED]
   --
   While the belief we  have found the Answer can separate us
   and make us forget our humanity, it is the seeking that continues
   to bring us together, the makes and keeps us human.
   -- Daniel J. Boorstin, "The Seekers", 1998
   --



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: FC: Majority of Americans want anti-encryption laws, poll says

[Declan McCullagh]

On Tue, Sep 18, 2001 at 01:02:47PM -0700, John W Noerenberg II wrote:
> Does Princeton Survey Research Associates have a particular political 
> agenda - or did they just blow it with this survey?

I understand the survey may have been commissioned by Newsweek, but I
hesitate to state this as fact without checking. Alas, the magazine's
website is offline, and I don't have time to call them or PSRA (which
does not appear to list it on their website):

http://www.msnbc.com/news/NW-front_Front.asp
File not found
Our Web servers cannot find the page or file you asked for:

-Declan



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: FC: Majority of Americans want anti-encryption laws, poll says

[Declan McCullagh]

The survey was commissioned by Newsweek. An explanation from Princeton
Survey Research Associates and the exact wording of the question asked
(which did cover privacy and business impact) is here:

http://www.politechbot.com/p-02530.html

-Declan


On Tue, Sep 18, 2001 at 04:34:45PM -0400, Declan McCullagh wrote:
> On Tue, Sep 18, 2001 at 01:02:47PM -0700, John W Noerenberg II wrote:
> > Does Princeton Survey Research Associates have a particular political 
> > agenda - or did they just blow it with this survey?
> 
> I understand the survey may have been commissioned by Newsweek, but I
> hesitate to state this as fact without checking. Alas, the magazine's
> website is offline, and I don't have time to call them or PSRA (which
> does not appear to list it on their website):
> 
> http://www.msnbc.com/news/NW-front_Front.asp
> File not found
> Our Web servers cannot find the page or file you asked for:
> 
> -Declan
> 
> 
> 
> -
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [FYI] Did Encryption Empower These Terrorists?

[lynn . wheeler]

you may then also find "The Thread Between Risk Manaement and Information
Security" interesting

http://www.garlic.com/~lynn/aepay3.htm#riskm
http://www.garlic.com/~lynn/aepay3.htm#riskaads

somewhat more from the risk manager's perspective ... than either straight
cryptography or computer security.




Lynn,
   Thanks for the references.  I  looked at an online trading system about
a year ago, more from a strategic planning perspective really (this is not
my normal role either).  What I found intriguing was the interaction
between protocols and market structure, particularly in the fixed income
and foreign exchange markets.  This market are far larger than than the
equity markets with individual trades often well into the hundreds of
millions of dollars (your point abouth security commensuarate with the risk
is well taken), but unlike the equity or futures markets they are not open
outcry markets.  The structure of these markets is rather complicated with
a variety of institutions playing several different, fairly well defined
roles.  Depending upon the protocols chosen the resulting electronic
"exchange" canbenefit one or more classes of market participants at the
expense of others.  Hence the plethora of different system trying to
establish themselves, at one point there were more than three dozen
different systems with a vide variety of protocols and security features
depending on whose interests and what information they were trying to
protect.  As you point out the issues go well beyond the problems of a
merchant protecting a customers credit card number when that customer buys
a book online.  Anyway thanks for the references.

Jim Windle
--






-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]