Chiasmus for Windows

2003-03-05 Thread t . c . jones 
http://www.bsi.de/fachthem/chiasmus/indexeng.htm

Interesting - the Germans are the ones that want everything to be open source?

no?  ..tom

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: double shot of snake oil, good conclusion

2003-03-05 Thread Tal Garfinkel 
> DRM can't really control what humans do and there is no commercial
> value in saying that a document that I see cannot be printed or
> forwarded -- because it can.

I believe you are overlooking the assumed threat model, and thus the
value of document control systems like the one that Microsoft is
proposing.

The benefit of systems like this is to aid in managing the huge amounts
of confidential internal documents that enterprises generate and would
like to keep out of paper form, thus out of the hands of dumpster divers
and not left around on desktops, to prevent accidental propagation of
internal documents, etc.

Imposing access controls that rely on users not being explicitly
mallicous are not "snake oil" and are not a new idea, nor is the
recognition of their limitations.  In systems that impose mandatory
access controls of the more traditional type (ala Bell LaPadula), the
user can always violate the *-property (i.e. no write down) by simply
typing information from a high level document into a lower level
document.  Clearly, you could do the same thing with the system
Microsoft is proposing, but preventing this type of attack is not the
objective.

The value of these type of controls that they help users you basically
trust who might be careless, stupid, lazy or confused to do the right
thing (however the right thing is defined, according to your company
security policy). 

--Tal

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Wiretap Act Does Not Cover Message 'in Storage' For Short Period(was Re: BNA's Internet Law News (ILN) - 2/27/03)

2003-03-05 Thread John S. Denker 
Steven M. Bellovin wrote:
The (U.S.) ban on wiretapping without judicial permission is rooted
in a Supreme Court decision, Katz v. United States, 389 U.S. 347
(1967) 
(http://caselaw.lp.findlaw.com/scripts/getcase.pl?navby=case&court=us&vol=389&invol=347)
 which held that a wiretap is a search which thus required a warrant.

I don't think there's ever been any doubt that seizing a stored
message required a warrant. But in an old case (OLMSTEAD v. U.S., 277
U.S. 438 (1928)) the Court had held that the Fourth Amendment only
protected material things, and therefore *not* conversations
monitored via a wiretap. That decision was overturned in Katz.
Well, there could have been one other slight source
of doubt, namely the theory that communications "with
no expectation of privacy" are not private and intercepting
them is free-for-all.  Talking out loud in a public
place, for instance.  US laws going back to 1934 if not
earlier made it clear that most wired transmissions
were to be considered private.
Wireless is a horse of a different color.  IANAL but
the last time I looked, there was no federal law
against intercepting most wireless signals, but you
were (generally) not allowed to disclose the contents
to anyone else.  I don't know what that means in
practice.  Perhaps I can act on the information, so
long as I don't "disclose" it?  Plus there is a welter
of state laws.  And cellphone transmissions are a more-
protected special case.
===

In the communication industry (e.g. for tariff purposes)
the usual test for whether something is a "stored"
message is whether the storage adds value to the service.
The delay that occurs in a store-and-forward network does
not make it a "storage" service.  This criterion has been
very closely examined in connection with fly-by-night
voice-over-IP telephony schemes, most of which are competitive
only if they don't have to pay the tariffs that phone
companies have to pay.  The tariffs distinguish IP from
telephony on the theory that IP is used to access "stored"
data -- but if IP is used for telephony that theory goes
out the window.  Big mess.
===

The reason why wiretap warrants are (were?) harder
to get is because they are insidious:  If somebody
comes to my house to sieze my papers I generally
know about it.  But if somebody siezes my bits
while they are entrusted to some third party's
wire, how am I supposed to know?
For this reason and others, I very much doubt that
Congress intended different treatment for
 -- data in transit on a wire versus
 -- data in transit in a store-and-forward switch.
The intention, I assume, was a distinction between
data in transit and data truly stored at the
endpoint, under control of the end user.
We should want the standards for siezing data in
transit to be just as high as the standards for
a "sneak and peek" search warrant, considerably higher
than for an ordinary above-board search warrant.
Since the Konop case didn't involve warrants or
government searches, I doubt anything that judge says
will have much effect on this issue.  I think we
should be much more worried about the USA PATRIOT
act and the son-of-PATRIOT act that Ashcroft's
aides say isn't being drafted.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Wiretap Act Does Not Cover Message 'in Storage' For Short Period

2003-03-05 Thread John S. Denker 
Tim Dierks wrote:

> In order to avoid overreaction to a nth-hand story, I've attempted to
> locate some primary sources.
>
> Konop v. Hawaiian Airlines:
>   http://laws.lp.findlaw.com/getcase/9th/case/9955106p&exact=1
[US v Councilman:]
>  http://pacer.mad.uscourts.gov/dc/opinions/ponsor/pdf/councilman2.pdf
Well done.  Thanks.

> I'd be interested in any opinions on how this affects the government's
> need to get specific wiretap warrants; I don't know if the law which
> makes illicit civilian wiretapping illegal is the same code which
> governs the government's ability (or lack thereof) to intercept
> communications.
0) IANAL.  But as to the question of "same code", the
answer is clearly "no".
1) As to government-authorized intercepts, see

http://www.eff.org/Privacy/Surveillance/Terrorism_militias/20011031_eff_usa_patriot_analysis.html

which gives a plain-language discussion of at least
eight different standards under which some sort of
authorization could be obtained.
Also note that neither Konop nor Councilman involved
government intercepts, so you can't learn anything about
authorized intercepts by studying them.  Also note that
post-9/11 laws have superseded everything you might
previously have known on the subject.
2) As to intercepts by civilians, it's wrong, and it
may be punishable under many different theories and
standards, including invasion of privacy, copyright
infringement, computer trespass, computer vandalism,
simple theft of things of value, and who-knows-what
else.
3) As to unauthorized intercepts by government agents,
in "theory" it is exactly the same as item (2), but
in practice your chance of seeing anybody punished
for it is comparable to your chance of seeing a State
Trooper ticketed for speeding, tailgating, weaving,
and failing to signal turns enroute to the donut shop.
They're doing God's work, you know;  why should mere
laws and bills of rights apply to them?  About the
best you can realistically hope for is the exclusionary
rule (illegally siezed evidence can't be used against
you) but I wouldn't necessarily count on that.
4) Crypto-related sidelight: I wonder what would
have happened if Konop had encrypted his sensitive
data. (eBook format or the like. :-)  Then could he
have used the draconian provisions of the DMCA
against his opponent (Hawaiian Airlines)?
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Wiretap Act Does Not Cover Message 'in Storage' For Short Period (was Re: BNA's Internet Law News (ILN) - 2/27/03)

2003-03-05 Thread Tim Dierks 
At 02:30 PM 3/5/2003 -0500, Steven M. Bellovin wrote:
>From: Somebody
>
>Technically, since their signal speed is slower than light, even
>transmission lines act as storage devices.
>
>Wire tapping is now legal.
The crucial difference, from a law enforcement perspective, is how hard
it is to get the requisite court order.  A stored message order is
relatively easy; a wiretap order is very hard.  Note that this
distinction is primarily statutory, not (as far as I know)
constitutional.
Furthermore, it's apparently not illegal for a non-governmental actor to 
retrieve stored information which they have access to, although it might be 
illegal for them to wiretap a communication even if they had access to the 
physical medium over which it travels.

I disagree with "Somebody"'s claim; I don't think that claim would go 
anywhere in court, since a transmission clearly falls under the category of 
"wire communication", and it's clear that transmission lines are the very 
entities the wiretap act has always been intended to protect, so Congress' 
intent is quite clear, regardless of any argument about "storage".

 - Tim



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Wiretap Act Does Not Cover Message 'in Storage' For Short Period (was Re: BNA's Internet Law News (ILN) - 2/27/03)

2003-03-05 Thread Steven M. Bellovin 
In message <[EMAIL PROTECTED]>, "R. A. Hettinga" wr
ites:
>
>--- begin forwarded text
>
>
>Status: RO
>From: Somebody
>To: "R. A. Hettinga" <[EMAIL PROTECTED]>
>Subject: Re: Wiretap Act Does Not Cover Message 'in Storage' For Short   Perio
>d (was Re: BNA's Internet Law News (ILN) - 2/27/03)
>Date: Sun, 2 Mar 2003 14:09:05 -0500
>
>Bob,
>
>Technically, since their signal speed is slower than light, even
>transmission lines act as storage devices.
>
>Wire tapping is now legal.
>

No, that's not waht the decision means.  Access to stored messages also 
requires court permission.  The (U.S.) ban on wiretapping without judicial
permission is rooted in a Supreme Court decision, Katz v. United States,
389 U.S. 347 (1967) 
(http://caselaw.lp.findlaw.com/scripts/getcase.pl?navby=case&court=us&vol=389&invol=347)
which held that a wiretap is a search which thus required a warrant.  I 
don't think there's ever been any doubt that seizing a stored message 
required a warrant.  But in an old case (OLMSTEAD v. U.S., 277 U.S. 438 (1928))
the Court had held that the Fourth Amendment only protected material 
things, and therefore *not* conversations monitored via a wiretap.  
That decision was overturned in Katz.

The crucial difference, from a law enforcement perspective, is how hard 
it is to get the requisite court order.  A stored message order is 
relatively easy; a wiretap order is very hard.  Note that this 
distinction is primarily statutory, not (as far as I know) 
constitutional.  

--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Applied Cryptography: question on skid3

2003-03-05 Thread David Hopwood 
MindFuq wrote:
> I have a question on what seems to be a defect in the Applied
> Cryptography book, and I couldn't get an answer out of Schneier or the
> cypherpunks mailing list.  Could any of you please clarify my issue?
> 
> My question is regarding Schneier's write up of SKID3 on page 56.  He
> states that the protocol is not secure against man-in-the-middle
> attacks because no secrets are involved.  I'm finding this hard to
> accept, because SKID3 uses a MAC, which requires a shared secret key
> between the two parties.  I played out the scenario, and cannot see
> how a man in the middle could attack w/out knowing the secret key used
> in the MAC.

You're correct, AFAICS.

-- 
David Hopwood <[EMAIL PROTECTED]>

Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5  0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

M209B

2003-03-05 Thread Owen Williams 
Hi,

My M209-B is on EBay with a start price of £200 and a low reserve of 
£800.

http://cgi.ebay.co.uk/ws/eBayISAPI.dll?ViewItem&category=135&item=3211600913&;
rd=1
Anyone interested?

Dr. Owen Williams
Faculty of Applied Design and Engineering,
Swansea Institute of Higher Education,
Mount Pleasant Campus,
Swansea,
SA1 6ED


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: NSA being used to influence UN votes on Iraq

2003-03-05 Thread John Gilmore 
JI questioned:
> Why is this even newsworthy?  It's the NSA's responsibility to provide
> sigint and comint.  Furthermore, if the delegates are not US citizens,
> and at least one end of the communication is outside the US, they are
> not even breaking any laws in doing so.

If the US found a similar memo from the French government, you can be
sure it would be published immediately as newsworthy.  At least in the
lapdog US press.

NSA's instructions to find tidbits usable to sway Security Council
members were newsworthy in the UK, because the UK government is
warmongering to suck up to the US, while the UK populace is opposed to
the war.  So "dirty tricks" being played by the US and UK governments
to impose their will on the world are interesting to the UK populace.

Most people regard wiretapping their opponents as an evil act,
violative of privacy norms.  Some people condone it in international
relations on self-defense grounds; if your own life is threatened,
then you gouge the other guy's eyes out, or chop off his hand, despite
being revolted by doing that in normal life.  But when wiretapping is
used to overturn a legitimate sovereign government, which poses no
obvious threat, then wiretapping is not justifiable on self-defense
grounds.  Civilized morality, rather than brute survival, becomes the
defining standard.  And the US is violating the standards of civilized
morality by wiretapping its opponents (and its allies and neutrals) in
an attempt to start a war of aggression.

> If the delegations can't be bothered to protect their own
> communications, it's their tough luck if they get intercepted.

Tell me, how well have the cypherpunks done, after a decade, at
protecting their own communications?  We're still mostly talking in
the clear, as far as I can tell.  And no cypherpunk, to my knowledge,
is well defended against the kinds of miniature bug that would
routinely be planted in every suit jacket laundered anywhere near the
UN Building.

What was most interesting for me about that NSA message was that it
said they needed to add "surge capacity" on some countries on the
Security Council.  Notably absent from the list was Mexico, which is
on the Security Council.  I guess NSA is already monitoring Mexican
diplomatic communications so well that they didn't need to add any
capacity.

John

PS: I spent a few weeks in Mexico last month.  The majority of
Mexicans want peace, as does their populist leader.  Spain tried to
sway Mexican president Vicente Fox from the peace position, and got
nowhere.  People who have recently experienced war first-hand tend to
view it as more of a last resort, compared to people who have only
experienced war via TV, videogames, and economic downturns.

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Report of plans by U.S. to spy on U.N. states questioned

2003-03-05 Thread R. A. Hettinga 
http://dynamic.washtimes.com/twt-print.cfm?ArticleID=20030303-14680312

The Washington Times 
www.washingtontimes.com 

Report of plans by U.S. to spy on U.N. states questioned 

Published March 3, 2003 

 From combined dispatches 
 LONDON - A British Sunday newspaper reported yesterday that the United States is 
waging a "secret" campaign to eavesdrop on U.N. Security Council delegations in New 
York in its battle to win votes in favor of war against Iraq. 
 The London Observer said it had obtained a memo describing what it called a 
"dirty tricks" surveillance operation that involves interception of the home and 
office telephone calls and the e-mail of U.N. delegates. 
 However, the authenticity of the memorandum was called into question and it was 
not clear from the text published by the newspaper that "secret" surveillance, 
interception of telephone calls and e-mail, or other extraordinary measures were 
suggested. 
  The Observer story was widely reported throughout the Middle East and Europe and 
could complicate U.S. and British efforts to win a new resolution in the Security 
Council. 
 The Observer said the memo was written by a top official at the National Security 
Agency (NSA), the U.S. agency that intercepts communications around the world, and 
circulated by e-mail to senior agents in the organization and to a friendly foreign 
intelligence agency. 
 The newspaper said the memo was directed at senior NSA officials and advises them 
that the agency is "mounting a surge" aimed at gleaning information not only on how 
delegations on the Security Council will vote on any second resolution on Iraq, but 
also "policies," "negotiating positions," "alliances" and "dependencies" - the "whole 
gamut of information that could give US policymakers an edge in obtaining results 
favourable to U.S. goals or to head off surprises." 
 The Observer identifies "Frank Koza" as chief of staff in the "Regional Targets" 
section of the NSA. Citing sources in Washington that it did not identify, the 
newspaper said the NSA initiative was backed by National Security Adviser Condoleezza 
Rice and had sparked divisions within the Bush administration. 
 The newspaper said that it had shown the memo to three former intelligence 
operatives, whom it also did not identify, who judged its "language and content" as 
authentic. The newspaper also said it had confirmed that a man named Frank Koza does 
work for the NSA at a senior post in the "Regional Targets" division of the 
organization. 
 The memo's authenticity was questioned by Internet reporter Matt Drudge, who 
cited several misspellings - including the name of the memo's author - on the document 
as published by the Observer, and an incorrect version of the agency's "top secret" 
stamp. 
 Mr. Drudge, in an article posted on his Web site (www.drudgereport.com), noted 
that the memo used British spellings such as "favourable," "emphasise" and "recognise" 
instead of the American use of the letter "z" in the spellings, and that the spelling 
of the author of the memo was changed from "Frank Koza" to "Frank Kozu" on the 
Observer Web site (www.observer.co.uk) 
 The Observer posted a footnote late Sunday after receiving "many queries from the 
United States," saying it changed the spellings for the convenience of its British 
audience. The newspaper attributed other errors to typographical mistakes. 
 A later version of the Observer Web site spelled the author's name correctly as 
"Frank Koza," but printed it all in upper case, followed by three question marks. 
 The memo describes orders to staff at the NSA to step up surveillance 
"particularly directed at ... U.N. Security Council members" to provide 
up-to-the-minute intelligence on their voting intentions. 
 The memo, dated Jan. 31, makes clear that the targets of the heightened 
surveillance effort are the delegations from the so-called "middle six" delegations at 
the U.N. headquarters in New York, according to the British weekly. The six are 
Angola, Cameroon, Chile, Mexico, Guinea and Pakistan. 
 The United States, Britain and Spain have sponsored a new U.N. resolution 
declaring Iraq in noncompliance with earlier U.N. demands that it disarm, which would 
in effect authorize the use of force. 
 Nine votes are required to adopt the resolution to avoid a veto by one of the 
five permanent members: the United States, Britain, China, France and Russia. The 
United States and Britain are lobbying for support while France and Russia are 
lobbying to defeat the resolution without having to use their vetoes. 

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Em

Scientists question electronic voting

2003-03-05 Thread Ed Gerck 

Henry Norr had an interesting article today at
http://sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2003/03/03/BU122767.DTL&type=business

Printing a paper receipt that the voter can see is a proposal that addresses
one of the major weaknesses of electronic voting. However, it creates
problems that are even harder to solve than the silent subversion of e-records.

For example, using the proposed system a voter can easily, by using a
small concealed camera or a cell phone with a camera, obtain a copy of
that receipt and use it to get money for the vote, or keep the job. And
no one would know or be able to trace it.

Of course, proponents of the paper ballot copy, like Peter Neumann and
Rebecca Mercuri, will tell you the same thing that Peter affirmed in an official
testimony  before the California Assembly Elections & Reapportionment Committee
on January 17, 2001, John Longville, Chair, session on touch-screen (DRE)
voting systems, as recorded by C-SPAN (video available):

  "...I have an additional constraint on it [a voter approved paper ballot produced
  by a DRE machine] that  it  is behind reflective glass so that if you try to
  photograph it with a little secret camera hidden in your tie so you can go out and
  sell your vote for a bottle of whiskey or whatever it is, you will get a blank image.
  Now this may sound ridiculous from the point of view of trying to protect the
  voter, but this problem of having a receipt in some way that verifies that what
  seems to be your vote actually was recorded properly, is a fundamental issue."

I was also in Sacramento that same day, and this was my reply, in the next panel,
also with a C-SPAN videotape:

  ".. I would like to point out that it is very hard sometimes to take opinions, even
  though from a valued expert, at face value. I was hearing the former panel [on
  touch screen DRE systems] and Peter Neumann, who is a man beyond all best
  qualifications, made the affirmation that we cannot photograph what we can see.
  As my background is in optics, with a doctorate in optics, I certainly know that is
  not correct. If we can see the ballot we can photograph it, some way or another."

But, look, it does not require a Ph.D. in physics to point out that what Peter says is
incorrect -- of course you can photograph what you see. In other words, Peter's
"solution" goes as much of this DRE discussion has also gone -- it's paying lip service
to science but refutes basic scientific principles and progress.  After all, what's the
scientific progress behind storing a piece of paper as evidence? And, by the way, are
not paper ballots what were mis-counted, mis-placed and lost in Florida?

Finally, what we see in this discussion is also exactly what we in IT security
know that we need to avoid. Insecure statements that create a false sense of
security -- not to mention a real sense of angst. This statement, surely vetted by
many people before it was printed, points out how much we need to improve in
terms of a real-world model for voting.

This opinion is my own, and is not a statement by any company.

Cheers,
Ed Gerck

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Comments/summary on unicity discussion

2003-03-05 Thread Ed Gerck 
List:

The recent thread on "AES-128 keys unique for fixed plaintext/ciphertext
pair" included a discussion on unicity, with some broken dialogues. I wrote
-up a summary that I'm sending to this list as a possible seed for further
comments. I apologize for any mistakes or imprecision, as I'm not
trying to be as exact as possible -- just sufficiently exact for the purpose
at hand. I also provide below the online references for Shannon's  works
[Sha48, Sha49] that are important to this discussion.

The AES thread discussion is NOT included here.

1. WHAT IS UNICITY?
There are three different contexts to answer to this question!

1.a. Unicity Definition: Shannon [Sha49, page 693] defined "unicity
distance" (hereafter, "n") as the least amount of plaintext which can be
uniquely deciphered from the corresponding ciphertext, allowing one to
determine, without doubt, the key that was used for encryption. The
"amount" of plaintext (i.e., "n") can be measured in any units the user
may find convenient, such as bits, bytes, letters, symbols, etc. Actually,
Shannon used "letters" in his paper.

NOTE 1: This is a definition. There is no proof involved here.

1.b. Unicity Model: As first given by Shannon [Sha49] under some restrictive
assumptions, specially the "random cipher" assumption, the mathematical
expression for unicity can be cast in the following unfolded expression
(his original expression was  n = H(K)/D, where D is the redundancy):

n = H(K)/[|M| - H(M)]

where the quantities are:

n = unicity; least message length that can be uniquely deciphered
H(K) = entropy of keys used in encryption
|M| = maximum possible entropy for the plaintext
H(M) = entropy of actual message, the plaintext

and the entropies are calculated accordingly to the desired units (bits,
bytes, letters, symbols, etc.), which also define the unit for n.

NOTE 1: The model for unicity has no probability error with a tail
to infinity because only entropy values are used in the formula of n
and by *definition* of  entropy the entropy is already a limit to
infinity.

NOTE 2: It does not matter how the attacker may try to decipher
the message. The attacker can of course use brute-force and try
out all keys or he can use short-cuts, it is his choice and he is entirely
free to use any method he desires.  The work involved may be small,
quite large or even unbounded -- the amount of work is actually
unspecified.

NOTE 3: Shannon's definition of "random cipher" was that "all
decipherments must produce a random flat distribution over all
bits in the plaintext space."

1.c. Unicity Value:  The numerical value of n. It is important not to
confuse a model with a measurement. Models predict measurements,
and do so within an error range. What is the the error range for
measuring n?

First, note that the model works for any ciphertext, any plaintext.
And for any such pairs, the result "n" is predicted by the model
even if an attacker has unbounded resources, including infinite time.
The value of "n" depends on the maximum possible entropy for the
plaintext, the plaintext entropy, the entropy of the keys and the
assumption that the cipher is a random cipher. Since all good
ciphers should be a random cipher, for those ciphers the model
provides a good approximation to what "n" actually is. The practical
difficulty of reliably estimating the plaintext entropy and even the key
entropy (which errors contribute to an error in "n") has nothing to
do with the model itself or its error for "n", but on the errors
for the quantities  on which it depends -- however, it's not so
hard to obtain good estimates and several are well-known.

NOTE 1: Estimating the entropy of English (and other languages)
has been the subject of considerable study. Various authors have
measured H(M) for English texts and found values that lie between
1.0 and 1.5. The standard value quoted is 1.2, close to average of
the extreme values. Even though  each author has a different text,
different preferred words, and different style preferences, we all
come pretty close to the  entropy value of 1.2. However, XML text
(which is in English) is more redundant than natural English and should
have a lower entropy. On the other hand, English text that is sent
by SMS in cell phones has messages such as "Chk tat 4 u 2",
where the redundancy is reduced and the entropy should be higher.

NOTE 2: The benefit of compression is to increase unicity even
if the compression algorithm is fully known to the attacker. If the
plaintext is compressed before encipherment, then we rightly
expect its entropy per compressed character to increase -- even
though its entropy per English character does not increase. This
is often confusing and may provide the wrong impressions that
nothing is gained by compression or that we may need to "hide"
the compression algorithm from t

Re: double shot of snake oil, good conclusion

2003-03-05 Thread Ed Gerck 

"A.Melon" wrote:

> Ed writes claiming this speculation about Palladium's implicatoins is
> mis-informed:
>
> > while others speculated on "another potentially devastating effect",
> > that the DRM could, via a loophole in the DoJ consent decree, allow
> > Microsoft to withhold information about file formats and APIs from
> > other companies which are attempting to create compatible or
> > competitive products
>
> I think you misunderstand the technical basis for this claim.  The
> point is Palladium would allow Microsoft to publish a file format and
> yet still control compatibility via software certification and
> certification on content of the software vendor who's software created
> it.

We are in agreement. When you read the whole paragraph that I wrote,
I believe it is clear that my comment was not whether the loophole existed
or not. My comment was that there was a much more limited implication
for whistle-blowing because DRM can't really control what humans do
and there is no commercial value in saying that a document that I see
cannot be printed or forwarded -- because it can.

> Your other claims about the limited implications for whistle-blowing
> (or file trading of movies and mp3s) I agree with.

And that's what my paragraph meant.

Cheers,
Ed Gerck


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Delta Air Lines Boycott Underway (note revised URL:www.boycottdelta.ORG)

2003-03-05 Thread R. A. Hettinga 

--- begin forwarded text


Status: RO
To: [EMAIL PROTECTED]
From: Bill Scannell <[EMAIL PROTECTED]>
Date: Mon, 03 Mar 2003 03:32:58 -0600
Subject: Delta Air Lines  Boycott Underway (note revised URL: www.boycottdelta.ORG)

In response to Delta Air Line's utter lack of concern with the privacy of
their customers demonstrated by their participation in a test of the CAPPS
II system, a Delta disinvestment campaign has been launched at:

http://www.boycottdelta.org .

In the event that the name servers have not yet propagated, the site can be
reached at:

http://216.240.45.67

The idea of citizens having to undergo a background investigation that
includes personal banking information and a credit check simply to travel in
his or her own country is invasive and un-American.  The CAPPS II system
goes far beyond what any thinking citizen of this country should consider
reasonable.

If enough people refuse to fly Delta, then it is likely that other airlines
will refuse to implement this sadly misguided and anti-democratic system.
The boycott will remain in full effect until Delta Air Lines publicly
withdraws from any involvement with the testing of CAPPS II.

Press Contact:  Bill Scannell ([EMAIL PROTECTED])

--- end forwarded text


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Columbia crypto box

2003-03-05 Thread Bill Frantz 
At 11:32 AM -0800 3/2/03, [EMAIL PROTECTED] wrote:
>UHF AM frequencies: 296.8 MHz, 259.7 MHz, 243.0 MHz (emergencies only)
>and 279.0 MHz (EVA only)
>
>Now it's certainly possible that this is misinformation, except for
>the UHF frequencies 296.8 and 259.7, which many hams (including
>myself) have personally verified.

IIRC, 243.0 is the military flight emergency frequency.  (Corresponding to
121.5 for civilian use).  I would expect the shuttle to have that frequency
available.

Cheers - Bill


-
Bill Frantz   | Due process for all| Periwinkle -- Consulting
(408)356-8506 | used to be the | 16345 Englewood Ave.
[EMAIL PROTECTED] | American way.  | Los Gatos, CA 95032, USA



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: double shot of snake oil, good conclusion

2003-03-05 Thread A . Melon 
Ed writes claiming this speculation about Palladium's implicatoins is
mis-informed:

> while others speculated on "another potentially devastating effect",
> that the DRM could, via a loophole in the DoJ consent decree, allow
> Microsoft to withhold information about file formats and APIs from
> other companies which are attempting to create compatible or
> competitive products

I think you misunderstand the technical basis for this claim.  The
point is Palladium would allow Microsoft to publish a file format and
yet still control compatibility via software certification and
certification on content of the software vendor who's software created
it.

Your other claims about the limited implications for whistle-blowing
(or file trading of movies and mp3s) I agree with.

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Columbia crypto box

2003-03-05 Thread Dave Emery 
On Sun, Mar 02, 2003 at 11:32:36AM -0800, [EMAIL PROTECTED] wrote:
> Interestingly enough, the public references long ago published the
> shuttle comm frequencies. Summarizing from:
> 

The frequencies have never been secret, but in recent years some
or perhaps even almost all of the Ku band TDRSS relayed telemetry and TV
and a good bit of the S band relayed traffic has been encrypted.   This
was, I have been given to understand, part of the upgrades to the comms
and TV systems on the shuttle completed in the last few years which 
converted analog TV transmission to digital TV.

This encryption was originally publicly justified in part on the
grounds that medical information was passed between crew and physicians
on the ground and that federal privacy laws required protection of this
information.

And as far as I know, NASA while publishing link frequencies
(which I have no particular reason to believe are wrong), has never
released full details of modulation, multiplexing, error correction
coding,  randomization, interleaving, frame sync formats, channel
assignments and scale factors for the data even for those links and
modes that aren't encrypted.  And actual link frequencies are but a
small part of the  data base of information one would need to
successfully intercept useful information from the shuttle links - even
1980s to early-90s era digital telemetry signals are pretty complex and
non trivial to deal with even if you know the frequency.

Finally, the TDRSS spacecraft are also used for relaying
information from NRO spacecraft and other classified military missions,
and there is a significant chance that at least some of the details of
the access protocols and signal formats used with these spacecraft are
classified in order to protect sensitive military links.

-- 
Dave Emery N1PRE,  [EMAIL PROTECTED]  DIE Consulting, Weston, Mass. 
PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2  5D 27 BD B0 24 88 C3 18


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: NSA being used to influence UN votes on Iraq

2003-03-05 Thread Adam Back 
Why is US secret service eavesdropping and dirty tricks against UN
votes on Iraq news worthy?

Because it's an attempt to pervert the political process, and sabotage
the political representation of other UN member countries.

I'm sure it is a little more than delegations bothering to protect
their comms; there is plenty of room in physical bugs, black bag jobs,
political bribery, and even potentially individual blackmail whatever
crypto the delegates may be using.

Adam

On Sun, Mar 02, 2003 at 01:49:53PM -0500, John Ioannidis wrote:
> Why is this even newsworthy?  It's the NSA's responsibility to provide
> sigint and comint.  Furthermore, if the delegates are not US citizens,
> and at least one end of the communication is outside the US, they are
> not even breaking any laws in doing so.
> 
> If the delegations can't be bothered to protect their own
> communications, it's their tough luck if they get intercepted.

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Wiretap Act Does Not Cover Message 'in Storage' For Short Period (was Re: BNA's Internet Law News (ILN) - 2/27/03)

2003-03-05 Thread R. A. Hettinga 

--- begin forwarded text


Status: RO
From: Somebody
To: "R. A. Hettinga" <[EMAIL PROTECTED]>
Subject: Re: Wiretap Act Does Not Cover Message 'in Storage' For Short   Period (was 
Re: BNA's Internet Law News (ILN) - 2/27/03)
Date: Sun, 2 Mar 2003 14:09:05 -0500

Bob,

Technically, since their signal speed is slower than light, even
transmission lines act as storage devices.

Wire tapping is now legal.



- Original Message -
From: "R. A. Hettinga" <[EMAIL PROTECTED]>
To: Clippable <[EMAIL PROTECTED]>
Sent: Sunday, March 02, 2003 3:04 PM
Subject: Re: Wiretap Act Does Not Cover Message 'in Storage' For Short
Period (was Re: BNA's Internet Law News (ILN) - 2/27/03)


>
> --- begin forwarded text
>
>
> Status: RO
> Date: Sun, 02 Mar 2003 14:27:00 -0500
> To: Tim Dierks <[EMAIL PROTECTED]>, "R. A. Hettinga" <[EMAIL PROTECTED]>,
>[EMAIL PROTECTED]
> From: "Ronald L. Rivest" <[EMAIL PROTECTED]>
> Subject: Re: Wiretap Act Does Not Cover Message 'in Storage' For Short
>   Period (was Re: BNA's Internet Law News (ILN) - 2/27/03)
>
>
> Yes, I was amazed at this ruling as well.
>
> This ruling seems to fly in the face of the likely intent of
> Congress when it passed Wiretap Act.
>
> If things continue in this direction, we will soon have
> rulings and regulations that say:
>
>  -- Carriers must put all calls in storage for a minimum
> period of time, sufficient to allow wiretapping.
> (Indeed, regulation may not be necessary, as digitization and
>  buffering of communications is common practice; the
>  transient use of storage to effect communications
>  efficiency and reliability should not provide a wiretap
>  loophole.)
>
>  -- Wiretapping is OK for any phone calls that are routed
> through a satellite.
>
>  -- It is OK for the government to house soldiers in your
> house, as long as there is even the tiniest opening somewhere in
> your house (e.g. a window open, or a chimney flue)
> so that "inside" and "outside" connect.
>
>  -- Etc.
>
> I can also see a market developing for "storage-free" communications
> carriers.  What happens when you inquire of your carrier as to
> whether it can provide such a guarantee or option?
>
>  Cheers,
>  Ron
>
> At 09:42 PM 3/1/2003, Tim Dierks wrote:
> >At 01:39 PM 2/27/2003 -0500, R. A. Hettinga wrote:
> >>At 9:01 AM -0500 on 2/27/03, BNA Highlights wrote:
> >> > WIRETAP ACT DOES NOT COVER MESSAGE 'IN STORAGE' FOR SHORT
> >> > PERIOD
> >> > BNA's Electronic Commerce & Law Report reports that a
> >> > federal court in Massachusetts has ruled that the federal
> >> > Wiretap Act does not prohibit the improper acquisition of
> >> > electronic communications that were "in storage" no matter
> >> > how ephemeral that storage may be. The court relied on Konop
> >> > v. Hawaiian Airlines Inc., which held that no Wiretap Act
> >> > violation occurs when an electronic communication is
> >> > accessed while in storage, "even if the interception takes
> >> > place during a nanosecond 'juncture' of storage along the
> >> > path of transmission."  Case name is U.S. v. Councilman.
> >> > Article at
> >> > 
> >> > For a free trial to source of this story, visit
> >> > http://web.bna.com/products/ip/eplr.htm
> >
> >This would seem to imply to me that the wiretap act does not apply to any
> >normal telephone conversation which is carried at any point in its
transit
> >by an electronic switch, including all cell phone calls and nearly all
> >wireline calls, since any such switch places the data of the ongoing call
> >in "storage" for a tiny fraction of a second.
> >
> >  - Tim
> >
> >
> >
> >-
> >The Cryptography Mailing List
> >Unsubscribe by sending "unsubscribe cryptography" to
> >[EMAIL PROTECTED]
>
> Ronald L. Rivest
> Room 324, 200 Technology Square, Cambridge MA 02139
> Tel 617-253-5880, Fax 617-258-9738, Email <[EMAIL PROTECTED]>
>
> --- end forwarded text
>
>
> --
> -
> R. A. Hettinga 
> The Internet Bearer Underwriting Corporation 
> 44 Farquhar Street, Boston, MA 02131 USA
> "... however it may deserve respect for its usefulness and antiquity,
> [predicting the end of the world] has not been found agreeable to
> experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
>

--- end forwarded text


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMA

Re: Wiretap Act Does Not Cover Message 'in Storage' For Short Period

2003-03-05 Thread Tim Dierks 
At 01:47 PM 3/2/2003 +, MindFuq wrote:
* Tim Dierks <[EMAIL PROTECTED]> [2003-03-02 12:27]:
>
> This would seem to imply to me that the wiretap act does not apply to any
> normal telephone conversation which is carried at any point in its transit
> by an electronic switch, including all cell phone calls and nearly all
> wireline calls, since any such switch places the data of the ongoing call
> in "storage" for a tiny fraction of a second.
I believe the reason behind the 'in storage' rule is that someone
could protect non-transmitted information under the Wiretap Act by
transmitting it needlessly.  Then they could say that because the
information was transmitted, law enforcement now needs the more
difficult to obtain wiretap permit just to search the premesis.
You may be correct as to intent, but the originally forwarded article says:

> The court relied on Konop
> v. Hawaiian Airlines Inc., which held that no Wiretap Act
> violation occurs when an electronic communication is
> accessed while in storage, "even if the interception takes
> place during a nanosecond 'juncture' of storage along the
> path of transmission."  Case name is U.S. v. Councilman.
which includes the phrase "along the path of transmission."

In order to avoid overreaction to a nth-hand story, I've attempted to 
locate some primary sources.

Konop v. Hawaiian Airlines:
  http://laws.lp.findlaw.com/getcase/9th/case/9955106p&exact=1
My understanding is that Konop v. Hawaiian Airlines was a lawsuit by Robert 
Konop against his former employer, Hawaiian Airlines. Mr. Konop had 
operated a website where he published a variety of allegations about 
Hawaiian, and he restricted access to that site by username and password. A 
manager at Hawaiian gained the permission of two other employees of the 
airline to use their names in accessing the website; Konop found out about 
the access and sued Hawaiian. Among other grounds, he claimed that 
management viewing his site constituted an "interception" of electronic 
communications in violation of the wiretap act.

I won't go into any argument about the plausibility of this claim; I'll 
just summarize the legal proceedings thereafter. The federal district court 
which heard the case granted summary judgement against Konop on the wiretap 
claims; the 9th circuit court of appeals then reversed the district court's 
decision on the wiretap claims. Thereafter, the 9th circuit withdrew that 
opinion, then affirmed the district court's original judgement against 
Konop. Thus, the end result is that the wiretap claim does not hold. Why?

Amid other reasoning, the court refers to an old friend, Steve Jackson 
Games, Inc. v. United States Secret Service. In summary, the fifth circuit 
court determined that e-mail stored on a machine was not protected by the 
wiretap act, because an "electronic communication" cannot be "intercepted" 
in the same way that a "wire communication" can be. This reasoning has been 
upheld with respect to voicemail messages.

There is a footnote that specifically addresses the interesting question: 
that all electronic messages involve storage at some point, so the wiretap 
act is meaningless with respect to electronic communication. The crucial 
conclusion is:

While this argument is not without appeal, the language and structure of 
the ECPA demonstrate that Congress considered and rejected this argument. 
Congress defined "electronic storage" as "any temporary, intermediate 
storage of a wire or electronic communication incidental to the electronic 
transmission thereof," 18 U.S.C. § 2510(17)(A), indicating that Congress 
understood that electronic storage was an inherent part of electronic 
communication. Nevertheless, as discussed above, Congress chose to afford 
stored electronic communications less protection than other forms of 
communication.


United States of America vs. Bradford S. Councilman:
  http://pacer.mad.uscourts.gov/dc/opinions/ponsor/pdf/councilman2.pdf
The Government charged Mr. Councilman with conspiracy to violate the 
wiretap act. Apparently, they claim that he used the contents of electronic 
mail passing through his service for commercial gain.

The judge seems quite aware of the implications of the decision and the 
effect of the Konop precedent, but dismisses the charge.

Based upon this rationale, it seems that one cannot be convicted of 
violating the wiretap act unless one actually taps into electric signals. 
For example, it would seem to continue to be illegal to intercept 802.11 RF 
signals, but possible not be illegal to plug a cable into an ethernet hub 
and copy all traffic on the subnet (since most hubs "store" packets 
internally for transmission), and perfectly OK to subvert a router to 
forward copies of all packets to you.

I'd be interested in any opinions on how this affects the government's need 
to get specific wiretap warrants; I don't know if the law which makes 
illicit civilian wiretapping illegal is the same code which governs t

Some good words needed...

2003-03-05 Thread Greg Rose 
After a long effort, I finally got agreement from my company to make our 
encryption algorithms freely available. (See 
http://www.qualcomm.com/press/pr/releases2003/press1161.html if you care.) 
Somewhat unexpectedly, we now have a number of queries saying basically 
"That's unpatriotic, giving it away to the terrorists!" Note that they were 
already *available* to them, it just wasn't free for all uses! So I guess 
it's unpatriotic to fail to make money from these terrible weapons. I won't 
even get into the issue of me being a furriner in the first place. Anyway.

I'm perfectly capable of writing my own words on the subject, but I also 
know that they've been written many times before. What are people's 
"favourite", succinct expressions of why it's OK to give away encryption 
algorithms?

To keep the list uncluttered, I suggest people send me suggestions, and 
I'll compile, collate, and report back to the list.

thanks and regards,
Greg.
Greg Rose   INTERNET: [EMAIL PROTECTED]
Qualcomm Australia  VOICE:  +61-2-9817 4188   FAX: +61-2-9817 5199
Level 3, 230 Victoria Road,http://people.qualcomm.com/ggr/
Gladesville NSW 2111232B EC8F 44C6 C853 D68F  E107 E6BF CD2F 1081 A37C
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Roger Needham Died - from The Register

2003-03-05 Thread Matt Blaze 
Sad, sad news.

Roger's pioneering contributions to our art speak (volumes) for
themselves, and our field is diminished by the loss of his future
insights.

But I will miss him most for his enormous generosity, his sharp wit,
and his personal integrity.

-matt



> 
> Obit: Roger Needham
> By Guy Kewney, Newswireless.net
> Posted: 02/03/2003 at 12:13 GMT
> 
> Sadly, we record the death of Roger Needham, computer pioneer...
> 
> There isn't much more to say, except that the man who was the reason 
> Microsoft set up its research centre in Cambridge, England, has had to lay 
> down his life's work. Cancer ended a legend.
> 
> He once told me that it was his idea that Microsoft stopped spending money 
> on patenting its research ideas, and instead, to make the results available 
> to other researchers. I wish I'd known him long enough to have some other 
> stories to pass on myself; he left a long legacy of people who attributed 
> their inspiration to having worked with him.
> 
> Here's what his CV at Microsoft Research says:
> 
> Roger M Needham, born 1935, was in computing at Cambridge since 1956. His 
> 1961 PhD thesis was on the application of digital computers to problems of 
> classification and grouping. In 1962 he joined the Computer Laboratory, 
> then called the Mathematical Laboratory, and has been on the faculty since 
> 1963. He took a leading role in Cambridge projects in operating systems, 
> time sharing systems, memory protection, local area networks, and 
> distributed systems over the next twenty years.
> 
> Roger worked at intervals on a variety of topics in security, (his main 
> research interest while with Microsoft) being particularly known for work 
> with Schroeder on authentication protocols (1978) and with Burrows and 
> Abadi on formalism for reasoning about them (1989).
> 
> Roger graduated from the University of Cambridge in Mathematics and 
> Philosophy in 1956, and then took the Diploma in Numerical Analysis and 
> Automatic Computing in 1957. He had been in computing at Cambridge ever 
> since. He succeeded Maurice Wilkes as Head of the Computer Laboratory from 
> 1980 to 1995, was promoted Professor in 1981, elected to the Royal Society 
> in 1985 and the Royal Academy of Engineering in 1993. He was appointed 
> Pro-Vice-Chancellor in 1996.
> 
> I only met him a couple of times, both times when Microsoft was doing 
> corporate hospitality to publicise the work it was doing in the Cambridge 
> research facility. He was as knowledgeable as any rumour could have 
> suggested; and as tolerant of an ignorant journalist as any academic could 
> ever be. And I shall never get to know him, now.
> 
> Guy Kewney is the editor/publisher of Newswireless.Net
> 
> ---
> 
> 
> -
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]





-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]