Re: Horseman Number 3: Osama Used 40 bits
- Original Message - From: "Jon Simon" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, January 18, 2002 8:00 PM Subject: Re: Horseman Number 3: Osama Used 40 bits > Can anyone else confirm or deny that this is the case? If it is so, > it would bring new meaning to the term "weak encryption." > Thanks, > Jon Simon For Win2K, it seems that the local administrator is the "default recovery agent" on that box; Microsoft EFS provides "built in data recovery"; this is a policy which must be configured before EFS will be available to users; a recovery certificate must exist; Microsoft recommends that it be removed from the recovery agent's personal store and only installed in case of necessity; it seems that there is no irreversible file encryption using Microsoft EFS. BTW their default strength is 56 bit DESX, upgradeable to 128 bit for North America. It is important to note that local settings are overridden by domain settings on a correctly configured network. The NT change password utility is AFAIK _not_ remotely exploitable; it provides write access to the SAM on any locally mountable NTFS. An attacker with floppy boot access to a Win2K system would get reverse access to that machine's encrypted files only if the recovery cert for the domain was locally available (unlikely), or if the machine was not part of a domain. There is quite possibly a general backdoor to the Microsoft EFS about which we do not know. The EFS is a deterrent to network interception or system theft. Users should be under no delusion about EFS and file readability. A bad guy might not be able to read your files, but the boss can. BTW, with encrypted file systems on linux, CFS and Transparent CFS files will not be readable by the sysadmin unless they run a sniffer or a keylogger to grab the passwords protecting the user's key. AFAIK there is no reversibility short of cryptanalysis with these utilities. Stefan Caunter, MCSE [Moderator's note: lots of trailing quoted material deleted. *Please* trim your messages before posting. --Perry] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: CFP: PKI research workshop
- Original Message - From: "Eric Rescorla" <[EMAIL PROTECTED]> To: "Stef Caunter" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; "SPKI Mailing List" <[EMAIL PROTECTED]> Sent: Monday, January 14, 2002 12:44 PM Subject: Re: CFP: PKI research workshop > "Stef Caunter" <[EMAIL PROTECTED]> writes: > > Does a user of ssl services care to know absolutely that they are > > communicating verifiably with whom they believe they have contacted, or does > > the user care to know absolutely that their communication is completely > > private? > These are inextricably connected. If you want to know that > your communications are private in the face of active attack > you need to know who you're talking to as well. They may be connected, but save and except in the case of active man-in-the-middle attack I maintain that ssl's confidentiality, which is free, is what sells certificates. I use a free Thawte email cert for confidential communication; my identity is verified through their notarization system, again free. > > > I believe that the latter is most important; transparency through > > certificate presentation is kept deliberately expensive and is, as has been > > noted, often disclaimed by CAs, and is compromisable. It's an artificial > > system of site security perpetuated by the interests of commercial browsers. > How exactly does the difficulty of getting certificates help browser > manufacturers? Browsers have CA root trust hard-coded into them. All commerce sites rely on their use and code with their use in mind. The commercial browser manufacturers also sell certificates. It is clearly difficult to engage in encrypted commerce without a major client browser development kit and a CA provided cert. The appearance of ease-of-use with a commercial certificate and commercial browser implies _greatly_ that thing which is explicitly _disclaimed_ by these people. > > Why can't self-verification be promoted? Why can't an nslookup call be built > > into certificate presentations? > What are you talking about? An nslookup call wouldn't help anything. Why not? A self-generated certificate correlating to an ns and whois record pointing to an active business with a human to answer inquiries seems reasonable and no more disclaimable than CA evasiveness. > The essential problem is establishing that the public key you receive > over the network actually belongs to the person you think it does. > In the absence of a prior arrangement, the only way we know how > to do this is to have that binding vouched for by a third-party. Yes. Trust can be earned and vouched for by other third parties. Trust "points" are a commonly used method on the big auction sites. The Thawte Web of Trust works without the blessing of a financial transaction. I'm interested; why do we feel we have to point at something we bought to facilitate ssl transactions? Commercial browser and commercial security interests often promulgate the anxiety they claim to alleviate. SC > > > -Ekr > > -- > [Eric Rescorla [EMAIL PROTECTED]] > http://www.rtfm.com/ > > > > - > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] > - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: CFP: PKI research workshop
Does a user of ssl services care to know absolutely that they are communicating verifiably with whom they believe they have contacted, or does the user care to know absolutely that their communication is completely private? I believe that the latter is most important; transparency through certificate presentation is kept deliberately expensive and is, as has been noted, often disclaimed by CAs, and is compromisable. It's an artificial system of site security perpetuated by the interests of commercial browsers. Why can't self-verification be promoted? Why can't an nslookup call be built into certificate presentations? Yeah I know there's no money in it and certs are one of the few things that actually makes money on the net, but sometimes the built-in dumbing of the commercial internet user by their browser goes too far. The pure truth of mathematical encryption is sold and packaged as a "certificate" to the internet user, when in fact its power and utility is free of charge, and it is only disclaimed with respect to future or unknown developments. Stef Caunter [EMAIL PROTECTED] ## $ find /self -ctime +1 ## - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
