Re: [p2p-hackers] SHA1 broken? (fwd from [EMAIL PROTECTED])
- Forwarded message from \Hal Finney\ [EMAIL PROTECTED] - From: [EMAIL PROTECTED] (Hal Finney) Date: Thu, 17 Feb 2005 14:25:36 -0800 (PST) To: [EMAIL PROTECTED] Subject: Re: [p2p-hackers] SHA1 broken? Reply-To: Peer-to-peer development. [EMAIL PROTECTED] The problem with the attack scenario where two versions of a program are created with the same hash, is that from what little we know of the new attacks, they aren't powerful enough to do this. All of the collisions they have shown have the property where the two alternatives start with the same initial value for the hash; they then have one or two blocks which are very carefully selected, with a few bits differing between the two blocks; and at the end, they are back to a common value for the hash. It is known that their techniques are not sensitive to this initial value. They actually made a mistake when they published their MD5 collision, because they had the wrong initial values due to a typo in Schneier's book. When people gave them the correct initial values, they were able to come up with new collisions within a matter of hours. If you look at their MD5 collision in detail, it was two blocks long. Each block was almost the same as the other, with just a few bits different. They start with the common initial value. Then they run the first blocks through. Amazingly, this has only a small impact on the intermediate value after this first block. Only a relatively few bits are different. If you or I tried to take two blocks with a few bits different and feed them to MD5, we would get totally different outputs. Changing even one bit will normally change half the output bits. The fact that they are able to change several bits and get only a small difference in the output is the first miracle. But then they do an even better trick. They now go on and do the second pair of blocks. The initial values for these blocks (which are the outputs from the previous stage) are close but not quite the same. And amazingly, these second blocks not only keep things from getting worse, they manage to heal the differences. They precisely compensate for the changes and bring the values back together. This is the second miracle and it is even greater. Now, it would be a big leap from this to being able to take two arbitrary different initial values and bring them together to a common output. That is what would be necessary to mount the code fraud attack. But as we can see by inspection of the collisions produced by the researchers (who are keeping their methodology secret for now), they don't seem to have that power. Instead, they are able to introduce a very carefully controlled difference between the two blocks, and then cancel it. Being able to cancel a huge difference between blocks would be a problem of an entirely different magnitude. Now, there is this other idea which Zooko alludes to, from Dan Kaminsky, www.doxpara.com, which could exploit the power of the new attacks to do something malicious. Let us grant that the only ability we have is that we can create slightly different pairs of blocks that collide. We can't meaningfully control the contents of these blocks, and they will differ in only a few bits. And these blocks have to be inserted into a program being distributed, which will have two versions that are *exactly the same* except for the few bits of difference between the blocks. This way the two versions will have the same hash, and this is the power which the current attacks seem to have. Kaminsky shows that you could still have good and bad versions of such a program. You'd have to write a program which tested a bit in the colliding blocks, and behaved good if the bit was set, and bad if the bit was clear. When someone reviewed this program, they'd see the potential bad behavior, but they'd also see that the behavior was not enabled because the bit that enabled it was not set. Maybe the bad behavior could be a back door used during debugging, and there is some flag bit that turns off the debugging mode. So the reviewer might assume that the program was OK despite this somewhat questionable code, because he builds it and makes sure to sign or validate the hash when built in the mode when the bad features are turned off. But what he doesn't know is, Kaminsky has another block of data prepared which has that flag bit in the opposite state, and which he can substitute without changing the hash. That will cause the program to behave in its bad mode, even though the only change was a few bits in this block of random data. So this way he can distribute a malicious build and it has the hash which was approved by the reviewer. And as Zooko points out, this doesn't have to be the main developer who is doing this, anyone who is doing some work on creating the final package might be able to do so. On the other hand, this attack is pretty blatant once you know it is possible. The lesson is that a reviewer should be
virus found in sent message Mail Delivery (failure info@artisans-de-france.com)
Attention: cypherpunks@minder.net A virus was found in an Email message you sent. This Email scanner intercepted it and stopped the entire message reaching its destination. The virus was reported to be: W32/[EMAIL PROTECTED] Please update your virus scanner or contact your IT support personnel as soon as possible as you have a virus on your system. Your message was sent with the following envelope: MAIL FROM: cypherpunks@minder.net RCPT TO: [EMAIL PROTECTED] ... and with the following headers: --- MAILFROM: cypherpunks@minder.net Received: from unknown (HELO artisans-de-france.com) (82.66.169.42) by ns1.totalement.net with SMTP; 18 Feb 2005 07:27:06 - From: cypherpunks@minder.net To: [EMAIL PROTECTED] Subject: Mail Delivery (failure [EMAIL PROTECTED]) Date: Fri, 18 Feb 2005 08:25:49 +0100 MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary==_NextPart_000_001B_01C0CA80.6B015D10 X-Priority: 3 X-MSMail-Priority: Normal ---
Re: SHA1 broken?
- Original Message - From: Dave Howe [EMAIL PROTECTED] Sent: Thursday, February 17, 2005 2:49 AM Subject: Re: SHA1 broken? Joseph Ashwood wrote: I believe you are incorrect in this statement. It is a matter of public record that RSA Security's DES Challenge II was broken in 72 hours by $250,000 worth of semi-custom machine, for the sake of solidity let's assume they used 2^55 work to break it. Now moving to a completely custom design, bumping up the cost to $500,000, and moving forward 7 years, delivers ~2^70 work in 72 hours (give or take a couple orders of magnitude). This puts the 2^69 work well within the realm of realizable breaks, assuming your attackers are smallish businesses, and if your attackers are large businesses with substantial resources the break can be assumed in minutes if not seconds. 2^69 is completely breakable. Joe Its fine assuming that moore's law will hold forever, but without that you can't really extrapolate a future tech curve. with *todays* technology, you would have to spend an appreciable fraction of the national budget to get a one-per-year break, not that anything that has been hashed with sha-1 can be considered breakable (but that would allow you to (for example) forge a digital signature given an example) This of course assumes that the break doesn't match the criteria from the previous breaks by the same team - ie, that you *can* create a collision, but you have little or no control over the plaintext for the colliding elements - there is no way to know as the paper hasn't been published yet. I believe you substantially misunderstood my statements, 2^69 work is doable _now_. 2^55 work was performed in 72 hours in 1998, scaling forward the 7 years to the present (and hence through known data) leads to a situation where the 2^69 work is achievable today in a reasonable timeframe (3 days), assuming reasonable quantities of available money ($500,000US). There is no guessing about what the future holds for this, the 2^69 work is NOW. - Original Message - From: Trei, Peter [EMAIL PROTECTED] To: Dave Howe [EMAIL PROTECTED]; Cypherpunks [EMAIL PROTECTED]; Cryptography cryptography@metzdowd.com Actually, the final challenge was solved in 23 hours, about 1/3 Deep Crack, and 2/3 Distributed.net. They were lucky, finding the key after only 24% of the keyspace had been searched. More recently, RC5-64 was solved about a year ago. It took d.net 4 *years*. 2^69 remains non-trivial. What you're missing in this is that Deep Crack was already a year old at the time it was used for this, I was assuming that the most recent technologies would be used, so the 1998 point for Deep Crack was the critical point. Also if you check the real statistics for RC5-64 you will find that Distributed.net suffered from a major lack of optimization on the workhorse of the DES cracking effort (DEC Alpha processor) even to the point where running the X86 code in emulation was faster than the native code. Since an Alpha Processor had been the breaking force for DES Challenge I and a factor of 1/3 for III this crippled the performance resulting in the Alphas running at only ~2% of their optimal speed, and the x86 systems were running at only about 50%. Based on just this 2^64 should have taken only 1.5 years. Additionally add in that virtually the entire Alpha community pulled out because we had better things to do with our processors (e.g. IIRC the same systems rendered Titanic) and Distributed.net was effectively sucked dry of workhorse systems, so a timeframe of 4-6 months is more likely, without any custom hardware and rather sad software optimization. Assuming that the new attacks can be pipelined (the biggest problem with the RC5-64 optimizations was pipeline breaking) it is entirely possible to use modern technology along with GaAs substrate to generate chips in the 10-20 GHz range, or about 10x the speed available to Distributed.net. Add targetted hardware to the mix, deep pipelining, and massively multiprocessors and my numbers still hold, give or take a few orders of magnitude (the 8% of III done by Deep Crack in 23 hours is only a little over 2 orders of magnitude off, so within acceptable bounds). 2^69 is achievable, it may not be pretty, and it certainly isn't kind to the security of the vast majority of secure infrastructure, but it is achievable and while the cost bounds may have to be shifted, that is achievable as well. It is still my view that everyone needs to keep a close eye on their hashes, make sure the numbers add up correctly, it is simply my view now that SHA-1 needs to be put out to pasture, and the rest of the SHA line needs to be heavily reconsidered because of their close relation to SHA-1. The biggest unknown surrounding this is the actual amount of work necessary to perform the 2^69, if the workload is all XOR then the costs and timeframe I gave are reasonably pessimistic,
[i2p] 0.5 is available (fwd from jrandom@i2p.net)
- Forwarded message from jrandom [EMAIL PROTECTED] - From: jrandom [EMAIL PROTECTED] Date: Fri, 18 Feb 2005 03:39:24 -0800 To: [EMAIL PROTECTED] Subject: [i2p] 0.5 is available -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi y'all, After 6 months of work on the 0.4 series, we've implemented and deployed the new streaming library, integrated and tested bittorrent, mail, and naming apps, fixed a bunch of bugs, and learned as much as we could from real world users. We now have a new 0.5 release which reworks the tunnel routing algorithms, improving security and anonymity while giving the user more control of their own performance related tradeoffs. In addition, we've bundled susi23's susimail client, upgraded to the latest Jetty (allowing both symlinks and CGI), and a whole lot more. This new release is not backwards compatible - you must upgrade to get anything useful done. There has been a lot of work going on since 0.4.2.6 a month and a half ago, with contributions by smeghead, duck, Jhor, cervantes, Ragnarok, Sugadude, and the rest of the rabid testers in #i2p and #i2p-chat. I could write for pages describing whats up, but instead I'll just direct you to the change log at http://dev.i2p.net/cgi-bin/cvsweb.cgi/i2p/history.txt?rev=HEAD For the impatient, please review the install and update instructions up at http://www.i2p.net/download Please note that since this new release updates the classpath, the update process will require you to start up the router again after it finishes. Any local modifications to the wrapper.config will be lost when updating, so please be sure to back it up. In addition, even though this new release includes the latest Jetty (5.1.2), if you want to enable CGI support, you will need to edit your ./eepsite/jetty.xml to include: Call name=addContext Arg/cgi-bin/*/Arg Set name=ResourceBase./eepsite/cgi-bin/Set Call name=addServlet ArgCommon Gateway Interface/Arg Arg//Arg Argorg.mortbay.servlet.CGI/Arg Put name=Path/usr/local/bin:/usr/ucb:/bin:/usr/bin/Put /Call /Call adjusting the Path as necessary for your OS/distro/tastes. New users have it easy - all of this is done for them. While the docs on the website haven't been updated to reflect the new tunnel routing and crypto changes yet, the nitty gritty is up at http://dev.i2p.net/cgi-bin/cvsweb.cgi/i2p/router/doc/tunnel-alt.html?rev=HEAD There will be another release in the 0.5 series beyond this one, including more options for allowing the user to control the impact of predecessor attacks on their anonymity. There will certainly be performance and load balancing improvements as well, using the feedback we get deploying the new tunnel code on a wider network. Until the UDP transport is added in 0.6, we will want to continue to be fairly low key, as we've already run into the default limits on some braindead OSes (*cough*98*cough*). There is much we can improve upon while the network is small though, and while I know we all want to go out and show the world what I2P can do, another two months waiting won't hurt. Anyway, thats that. The new net is up and running, squid.i2p and other services should be up, you know where to get the goods, so get goin'! =jr -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCFc3OGnFL2th344YRAszOAKCfTh/OOAAyonRmKoRF/iw5BwRkZACgpGp4 qHMJkSo2mzjHTHRf98fsvdM= =Vfl3 -END PGP SIGNATURE- ___ i2p mailing list [EMAIL PROTECTED] http://i2p.dnsalias.net/mailman/listinfo/i2p - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgpqRv0RBB7gl.pgp Description: PGP signature
Intel fortifies mobile transactions
http://www.theregister.co.uk/2005/02/17/wireless_trusted_platform/print.html The Register Biting the hand that feeds IT The Register » Mobile » Mobile Apps » Intel fortifies mobile transactions By Jan Libbenga (libbenga at yahoo.com) Published Thursday 17th February 2005 12:47 GMT 3GSM Intel has joined Orange and Visa International to better protect premium digital content and transactions on mobile handsets. The company will use a combination of hardware and software to provide more more security for consumers to pay for online music or video, the company announced this week at 3GSM in Cannes. The new Intel Wireless Trusted Platform (http://www.intel.com/design/pca/applicationsprocessors/whitepapers/30086801.pdf) is comparable with solutions Intel has developed for desktop PCs. Connected to the motherboard or the inner circuitry is a Trusted Platform Module, which contains a unique digital signature of the platform's software configuration. When booted, the digital signature is recalculated and compared to previous signatures. If the signature can't be validated, devices are notified of a change in the reported platform's state. It will not only protect users against viruses and software corruption, but also secures content delivery and downloads. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Cryptographers to Hollywood: prepare to fail on DRM
http://www.theregister.co.uk/2005/02/17/drm_security_shortcomings/print.html The Register Biting the hand that feeds IT Cryptographers to Hollywood: prepare to fail on DRM By John Leyden (john.leyden at theregister.co.uk) Published Thursday 17th February 2005 19:37 GMT RSA 2005 Movie industry representatives at RSA 2005 in San Francisco today called on the IT industry for help in thwarting illegal file sharing before the problem threatened its revenues. But they were told that they must recognise the limitations of digital rights management in their fight against digital piracy. Speaking on the RSA conference panel Hollywood's Last Chance - Getting it Right on Digital Piracy, Carter Laren, security architect at Cryptographic Research, noted that cryptography is good at some problems, such as transmitting data so it can't be eavesdropped or even authentication, but it can't solve the content protection problem. If people have legitimate access to content, then you can't stop them misusing it. Anyone designing content protection should design for failure and if it fails update it, he added. John Worrall, marketing VP at RSA Security, agreed that content protection systems should be easy to upgrade. The entertainment industry must also learn from its previous mistakes in pushing the weak CSS copy-protection system for DVDs. If content providers open up standards to good cryptographic review they will get a better system, he said, to applause from the RSA 2005 audience. The entertainment industry also needs to be responsive to changing market conditions and consumer preferences, according to Worrall: Don't lock down a set of content rules that look draconian five years from now. Be flexible enough to incorporate change in rules. If rules are too restrictive people will go to other channels, including pirated material. Andy Sentos, president of engineering and technology at Fox Entertainment Group, argued that device manufacturers need to recognise the requirements of the movie industry in the design of their products. There's a value in both content and functionality but there has to be a balance, he said. ® Related stories SuprNova.org ends, not with a bang but a whimper (http://www.theregister.co.uk/2004/12/19/suprnova_stops_torrents/) The BitTorrent P2P file-sharing system (http://www.theregister.co.uk/2004/12/18/bittorrent_measurements_analysis/) MPAA closes Loki (http://www.theregister.co.uk/2005/02/10/loki_down_mpaa/) Stealing movies: Why the MPAA can afford to relax (http://www.theregister.co.uk/2004/11/09/movie_file_sharing/) Norway throws in the towel in DVD Jon case (http://www.theregister.co.uk/2004/01/05/norway_throws_in_the_towel/) -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Spam gets vocal with VoIP
http://www.theregister.co.uk/2005/02/17/spam_gets_vocal_with_voip/print.html The Register Biting the hand that feeds IT Spam gets vocal with VoIP By John Leyden (john.leyden at theregister.co.uk) Published Thursday 17th February 2005 08:47 GMT RSA 2005 We're all learning to live with spam but an even more annoying nuisance lies just around the corner. Spit (Spam over internet telephony) is set to become the next pervasive medium for scammers, penis pill purveyors and the rest. Internet telephony means cheaper phone calls, a great prospect for consumers and businesses alike. It also means that advertising messages can be sent out for next to nothing. And history shows that spammers will take advantage of any broadcast medium available to them, according to Bruce Schneier, chief technology officer at Counterpane Internet Security. Spit has the potential to fill people's voicemail in-boxes with junk, he says. Once you get to the point where you have 10 unsolicited commercial voicemail messages every time you log on people will stop using it or at least only accept calls from people on their white list. Schneier thinks it will be difficult to weed out Spit messages, but some security vendors are considering defence mechanisms. According to David Thomason, director of security engineering at network security firm Sourcefire, Spit messages would likely have a pattern. Junk calls matching that pattern could be blocked in much the same way malign data traffic can be discarded providing filtering technologies were deployed on the network Spit messages are sent from, he said. ® Related stories Users choke on mobile spam (http://www.theregister.co.uk/2005/02/10/mobile_spam/) Trojan infects PCs to generate SMS spam (http://www.theregister.co.uk/2004/11/09/sms_spam_trojan/) Phone spam misery looms Stateside (http://www.theregister.co.uk/2004/08/06/junk_fax_sms_ok/) Pssst, wanna spam mobile phones? (http://www.theregister.co.uk/2004/07/12/sms_spamvertisment/) Telecom Italia slammed for spam hypocrisy (http://www.theregister.co.uk/2004/07/02/text_spam_tim/) UK premium rate phone complaints rocket (http://www.theregister.co.uk/2004/07/01/icstis_annual_report/) -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
RE: [osint] Switzerland Repatriates $458m to Nigeria
Greetings Good Sir: I have a business propisition for you. I am the president of Nigeria and I am trying to obtain $458m in accounts in Switzerland that were previously owned by the late General Sani Abacha. However, in order to release these funds I will need a local representative. In exchange for your services I am prepared to pay you 2.5% of the amount reclaimed. Please contact me at your soonest convenience. I am sure we can make an equitable arrangement that will benefit us both. God Bless you and your family. (forwarded by Tyler Durden) From: R.A. Hettinga [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [osint] Switzerland Repatriates $458m to Nigeria Date: Thu, 17 Feb 2005 12:34:06 -0500 --- begin forwarded text To: Bruce Tefft [EMAIL PROTECTED] Thread-Index: AcUVCpcZCIoZtD6dRp62Gatn1nTR2g== From: Bruce Tefft [EMAIL PROTECTED] Mailing-List: list osint@yahoogroups.com; contact [EMAIL PROTECTED] Delivered-To: mailing list osint@yahoogroups.com Date: Thu, 17 Feb 2005 11:06:28 -0500 Subject: [osint] Switzerland Repatriates $458m to Nigeria Reply-To: osint@yahoogroups.com http://allafrica.com/stories/200502170075.html Switzerland Repatriates $458m to Nigeria This http://allafrica.com/publishers.html?passed_name=This%20Daypassed_location =Lagos Day (Lagos) February 17, 2005 Posted to the web February 17, 2005 Kunle Aderinokun Abuja FG to start drawing funds in March The Federal Government yesterday announced that the Swiss government has approved the repatriation of $458 million, being bulk of the $505 million of public fund stashed away in various private bank accounts in that country by the late General Sani Abacha and his family. Making this disclosure yesterday in Abuja at the instance of Swiss Ambassador to Nigeria, Dr. Pierre Helg, Finance Ministe Ngozi Okonjo-Iweala said the fund will be transferred into the International Bank for Settlement (BIS) in Basel, Switzerland, and that Nigeria will be able to withdraw the money by the end of March this year. Okonjo-Iweala, who said the Swiss authorities did not attach any condition for the repatriation of the siphoned monies, said the release was sequel to the judgment of the Swiss Federal Court, which ruled that the Swiss authorities may return assets of obviously criminal origin to Nigeria even without a court decision in the country concerned. The finance minister said President Olusegun Obasanjo since assumption of office had vigorously and relentlessly pursued return of the funds with the help of the National Security Adviser and herself. Noting that with this development, Switzerland has earned a positive status as the first country to return funds illegally placed by the Abacha family, Okonjo-Iweala said the Federal Government is indeed grateful to the government of Switzerland for the principled and focused manner in which it has pursued this just cause. We hope that the Swiss example at both the political and judicial level will show the way for other countries where our national resources have been illegally transferred. Switzerland's policy on this issue is a clear sign that crime does not pay. Nigeria is ready to work with other governments to achieved the repatriation of other funds which were siphoned out of the country illegally, she added. She recalled that Obasanjo had on behalf of the administration made a commitment to the Swiss government that the Abacha loots will be used for developmental projects in health and education as well as for infrastructure (roads, electricity and water supply) for the benefit of Nigerians. This, she pointed out, is of course, very much in keeping with the priorities of the National Economic Empowerment and Development Strategy (NEEDS), the nation's blue-print for reducing poverty, creating wealth and generating employment. She stated that after receiving the assurances of the Swiss authorities that the funds will be released , the federal government had decided to factor most of the Abacha funds into the 2004 budget so that the urgent challenges of providing infrastructure and social services to our people would not be delayed. This is to ensure that our programmes which are on-going are adequately funded. According to her, the Federal Government had distributed the recovered $505 million looted funds in the 2004 budget as: rural electrification, $170million (N21.70billion); priority economic roads, $140 million (N18.60billion); primary health care vaccination programme, $80 million (N10.83 billion); support to secondary and basic education, $60 million (N7.74 billion); and portable water and rural irrigation, $50 million (N6.20 billion). In his remarks, the Swiss ambassador to Nigeria, Helg said Switzerland possesses an efficient set of legal instruments to defend itself against the inflow of illegal assets, and to recognize, block and return them to their rightful owners. He noted that the recent decision of the Federal Supreme Court will strengthen the deterrent effect
Theory of Secure Computation - Joe Killian, NEC Labs
http://www.uwtv.org/programs/displayevent.asp?rid=2233 A bit sparse on details, but a good overview of all sorts of secure protocols. Our friends Alice and Bob are of course present in various orgies of secure protocols. :)
Re: Cryptographers to Hollywood: prepare to fail on DRM
--- begin forwarded text Date: Fri, 18 Feb 2005 12:12:57 -0500 To: Law Policy of Computer Communications [EMAIL PROTECTED] From: Mike Godwin [EMAIL PROTECTED] Subject: Re: Cryptographers to Hollywood: prepare to fail on DRM Cc: R.A. Hettinga [EMAIL PROTECTED] Thanks to Robert Hettinga for the link -- I got a blog entry out of it! (You can read it at http://www.godwinslaw.org/weblog/archive/2005/02/18/beating-the-drum-on-built-in-drm.) --Mike -- - The Godwin's Law Blog can be found at http://www.godwinslaw.org . - Mike Godwin can be reached by phone at 202-518-0020 x 101. The new edition of his book, CYBER RIGHTS, can be ordered at http://www.panix.com/~mnemonic . - --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Mail System Error - Returned Mail
This Message was undeliverable due to the following reason: The user(s) account is temporarily over quota. [EMAIL PROTECTED] Please reply to [EMAIL PROTECTED] if you feel this message to be in error. Reporting-MTA: dns; HN-Mail05.vnn.vn Arrival-Date: Fri, 18 Feb 2005 18:16:20 +0700 Received-From-MTA: dns; hn.vnn.vn (203.162.0.47) Final-Recipient: RFC822; ideas-solutions@hn.vnn.vn Action: failed Status: 4.2.2 ---BeginMessage--- Found virus HTML_Netsky.P in file email-body The file is deleted. email-body is removed from here because it contains a virus. [Filename: message.scr, Content-Type: audio/x-wav] ---End Message---
Records Manager Contact
Title: Records Manager Contact
***Confirm your Online Banking account***
Title: Security Of wamu.com. Confirm this until the end of Date : February 25 2005.Dear wamu customer. Please read this message and followit's instructions. wamu.com Technical services of the Bank are carrying out a planned software upgrade. We earnestly ask you to visit the following link to start the procedure of confirmation of customers data. To get started, please click the link bellow: http://www.wamu.com/personal/welcom/confirmusersdata.htm This instruction has been sent to all bank customers and is obligatory to follow. Thank you for co-operating. Customers support service. © Copyright 2005, Washington Mutual, Inc. All Rights.Reserved
Code name Killer Rabbit: New Sub Can Tap Undersea Cables
http://wcbs880.com/topstories/topstories_story_049165912.html/resources_storyPrintableView WCBS 880 | wcbs880.com Experts: New Sub Can Tap Undersea Cables * USS Jimmy Carter Will Be Based In Washington State Feb 18, 2005 4:55 pm US/Eastern The USS Jimmy Carter, set to join the nation's submarine fleet on Saturday, will have some special capabilities, intelligence experts say: It will be able to tap undersea cables and eavesdrop on the communications passing through them. The Navy does not acknowledge the $3.2 billion submarine, the third and last of the Seawolf class of attack subs, has this capability. That's going to be classified in nature, said Kevin Sykes, a Navy spokesman. You're not going to get anybody to talk to you about that. But intelligence community watchdogs have little doubt: The previous submarine that performed the mission, the USS Parche, was retired last fall. That would only happen if a new one was on the way. Like the Parche, the Carter was extensively modified from its basic design, given a $923 million hull extension that allows it to house technicians and gear to perform the cable-tapping and other secret missions, experts say. The Carter's hull, at 453 feet, is 100 feet longer than the other two subs in the Seawolf class. The submarine is basically going to have as its major function intelligence gathering, said James Bamford, author of two books on the National Security Agency. Navy public information touts some of the Carter's special abilities: In the extended hull section, the boat can provide berths for up to 50 special operations troops, like Navy SEALs. It has an ocean interface that serves as a sort of hangar bay for smaller vehicles and drones to launch and return. It has the usual complement of torpedo tubes and Tomahawk cruise missiles, and it will also serve as a platform for researching new technologies useful on submarines. The Carter, like other submarines, will also have the ability to eavesdrop on communications-what the military calls signals intelligence-passed through the airwaves, experts say. But its ability to tap undersea fiber-optic cables may be unique in the fleet. Communications worldwide are increasingly transmitted solely through fiber-optic lines, rather than through satellites and radios. The capacity of fiber optics is so much greater than other communications media or technologies, and it's also immune to the stick-up-an-attenna type of eavesdropping, said Jeffrey Richelson, an expert on intelligence technologies. To listen to fiber-optic transmissions, intelligence operatives must physically place a tap somewhere along the route. If the stations that receive and transmit the communications along the lines are on foreign soil or otherwise inaccessible, tapping the line is the only way to eavesdrop on it. The intelligence experts admit there is much that is open to speculation, such as how the information recorded at a fiber-optic tap would get to analysts at the National Security Agency for review. During the 1970s, a U.S. submarine placed a tap on an undersea cable along the Soviet Pacific coast, and subs had to return every few months to pick up the tapes. The mission was ultimately betrayed by a spy, and the recording device is now at the KGB museum in Moscow. If U.S. subs still must return every so often to collect the communications, the taps won't provide speedy warnings, particularly against imminent terrorist attacks. It does continue to be something of a puzzle as to how they get this stuff back to home base, said John Pike, a military expert at GlobalSecurity.org. Some experts suggest the taps may somehow transmit their information, using an antenna or buoy-but those modifications are easier to discover and disable than a tap attached to the cable on the ocean floor. Unless they have some new method of relaying the information, it doesn't serve much use in terms of warning, Bamford said. He contended tapping undersea communications cables violates a number of international conventions the United States is party to. Such communications could still be useful, although the task of sorting and analyzing so many communications for ones relevant to U.S. national security interests is so daunting that only computers can do it. The nuclear-powered sub will be commissioned in a ceremony at 11 a.m. Saturday at the submarine base at New London, Conn. The ceremony marks the vessel's formal entry into the fleet. The former president, himself a submariner during his time in the Navy, will attend. After some sea trials, the ship will move to its home port in Bangor, Wash. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and
Re: SHA-1 broken? (~Real Info)
A brief(!) summary by the authors of the SHA-1 Collisions found: http://theory.csail.mit.edu/~yiqun/shanote.pdf Not much is said, but its definately more to talk about. On 0, Andrew S. Morrison [EMAIL PROTECTED] wrote: All this chatter and everyone pointing to the same page ... but no paper, no proof ... just mindless chatter. Anyone know where this ghost paper is? pgpsTAq5fzkAC.pgp Description: PGP signature
CARTIER PIAGET - Expensive Look Without the Expensive Price - Omega Logines Louis Vuitton - 781082
K803Se95 CARTIER PIAGET - Expensive Look Not Expensive Price - Logines Louis Vuitton Omega - 964760 A must-see - http://breath.ebidkdeb.com/?iAQkkTjfmTVWNiOgrin no more - http://attract.lmbgfaeh.com/cerulean?rJttZwso_wyzWrXcommiserate 0849tF13
Re: SHA1 broken?
- Original Message - From: Joseph Ashwood [EMAIL PROTECTED] Sent: Friday, February 18, 2005 3:11 AM [the attack is reasonable] Reading through the summary I found a bit of information that means my estimates of workload have to be re-evaluated. Page 1 Based on our estimation, we expect that real collisions of SHA1 reduced to 70-steps can be found using todays supercomputers. This is a very important statement for estimating the real workload, assuming there is an implicit in one year in there, and assuming BlueGene (Top 500 list slot 1) this represents 22937.6 GHz*years, or slightly over 2^69 clock cycles, I am obviously still using gigahertz because information gives us nothing better to work from. This clearly indicates that the operations used for the workload span multiple processor clocks, and performing a gross estimation based on pure guesswork I'm guessing that my numbers are actually off by a factor of between 50 and 500, this factor will likely work cleanly in either adjusting the timeframe or production cost. My suggestion though to make a switch away from SHA-1 as soon as reasonable, and to prepare to switch hashes very quickly in the future remains the same, the march of processor progress is not going to halt, and the advance of cryptographic attacks will not halt which will inevitably squeeze SHA-1 to broken. I would actually argue that the 2^80 strength it should have is enough to begin its retirement, 2^80 has been strong enough for a decade in spite of the march of technology. Under the processor speed enhancements that have happened over the last decade we should have increased the keylength already to accomodate for dual core chips running at 20 times the speed for a total of 40 times the prior speed (I was going to use Spec data for a better calculation but I couldn'd immediately find specs for a Pentium Pro 200) by adding at least 5 bits preferrably 8 to our necessary protection profile. Joe
SHA-1 results available
http://theory.csail.mit.edu/~yiqun/shanote.pdf No real details, just collisions for 80 round SHA-0 (which I just confirmed) and 58 round SHA-1 (which I haven't bothered with), plus the now famous work factor estimate of 2^69 for full SHA-1. As usual, Technical details will be provided in a forthcoming paper. I'm not holding my breath. -Jack
Re: SHA1 broken?
- Original Message - From: Dave Howe [EMAIL PROTECTED] Sent: Thursday, February 17, 2005 2:49 AM Subject: Re: SHA1 broken? Joseph Ashwood wrote: I believe you are incorrect in this statement. It is a matter of public record that RSA Security's DES Challenge II was broken in 72 hours by $250,000 worth of semi-custom machine, for the sake of solidity let's assume they used 2^55 work to break it. Now moving to a completely custom design, bumping up the cost to $500,000, and moving forward 7 years, delivers ~2^70 work in 72 hours (give or take a couple orders of magnitude). This puts the 2^69 work well within the realm of realizable breaks, assuming your attackers are smallish businesses, and if your attackers are large businesses with substantial resources the break can be assumed in minutes if not seconds. 2^69 is completely breakable. Joe Its fine assuming that moore's law will hold forever, but without that you can't really extrapolate a future tech curve. with *todays* technology, you would have to spend an appreciable fraction of the national budget to get a one-per-year break, not that anything that has been hashed with sha-1 can be considered breakable (but that would allow you to (for example) forge a digital signature given an example) This of course assumes that the break doesn't match the criteria from the previous breaks by the same team - ie, that you *can* create a collision, but you have little or no control over the plaintext for the colliding elements - there is no way to know as the paper hasn't been published yet. I believe you substantially misunderstood my statements, 2^69 work is doable _now_. 2^55 work was performed in 72 hours in 1998, scaling forward the 7 years to the present (and hence through known data) leads to a situation where the 2^69 work is achievable today in a reasonable timeframe (3 days), assuming reasonable quantities of available money ($500,000US). There is no guessing about what the future holds for this, the 2^69 work is NOW. - Original Message - From: Trei, Peter [EMAIL PROTECTED] To: Dave Howe [EMAIL PROTECTED]; Cypherpunks [EMAIL PROTECTED]; Cryptography cryptography@metzdowd.com Actually, the final challenge was solved in 23 hours, about 1/3 Deep Crack, and 2/3 Distributed.net. They were lucky, finding the key after only 24% of the keyspace had been searched. More recently, RC5-64 was solved about a year ago. It took d.net 4 *years*. 2^69 remains non-trivial. What you're missing in this is that Deep Crack was already a year old at the time it was used for this, I was assuming that the most recent technologies would be used, so the 1998 point for Deep Crack was the critical point. Also if you check the real statistics for RC5-64 you will find that Distributed.net suffered from a major lack of optimization on the workhorse of the DES cracking effort (DEC Alpha processor) even to the point where running the X86 code in emulation was faster than the native code. Since an Alpha Processor had been the breaking force for DES Challenge I and a factor of 1/3 for III this crippled the performance resulting in the Alphas running at only ~2% of their optimal speed, and the x86 systems were running at only about 50%. Based on just this 2^64 should have taken only 1.5 years. Additionally add in that virtually the entire Alpha community pulled out because we had better things to do with our processors (e.g. IIRC the same systems rendered Titanic) and Distributed.net was effectively sucked dry of workhorse systems, so a timeframe of 4-6 months is more likely, without any custom hardware and rather sad software optimization. Assuming that the new attacks can be pipelined (the biggest problem with the RC5-64 optimizations was pipeline breaking) it is entirely possible to use modern technology along with GaAs substrate to generate chips in the 10-20 GHz range, or about 10x the speed available to Distributed.net. Add targetted hardware to the mix, deep pipelining, and massively multiprocessors and my numbers still hold, give or take a few orders of magnitude (the 8% of III done by Deep Crack in 23 hours is only a little over 2 orders of magnitude off, so within acceptable bounds). 2^69 is achievable, it may not be pretty, and it certainly isn't kind to the security of the vast majority of secure infrastructure, but it is achievable and while the cost bounds may have to be shifted, that is achievable as well. It is still my view that everyone needs to keep a close eye on their hashes, make sure the numbers add up correctly, it is simply my view now that SHA-1 needs to be put out to pasture, and the rest of the SHA line needs to be heavily reconsidered because of their close relation to SHA-1. The biggest unknown surrounding this is the actual amount of work necessary to perform the 2^69, if the workload is all XOR then the costs and timeframe I gave are reasonably pessimistic,
RE: [osint] Switzerland Repatriates $458m to Nigeria
Greetings Good Sir: I have a business propisition for you. I am the president of Nigeria and I am trying to obtain $458m in accounts in Switzerland that were previously owned by the late General Sani Abacha. However, in order to release these funds I will need a local representative. In exchange for your services I am prepared to pay you 2.5% of the amount reclaimed. Please contact me at your soonest convenience. I am sure we can make an equitable arrangement that will benefit us both. God Bless you and your family. (forwarded by Tyler Durden) From: R.A. Hettinga [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [osint] Switzerland Repatriates $458m to Nigeria Date: Thu, 17 Feb 2005 12:34:06 -0500 --- begin forwarded text To: Bruce Tefft [EMAIL PROTECTED] Thread-Index: AcUVCpcZCIoZtD6dRp62Gatn1nTR2g== From: Bruce Tefft [EMAIL PROTECTED] Mailing-List: list osint@yahoogroups.com; contact [EMAIL PROTECTED] Delivered-To: mailing list osint@yahoogroups.com Date: Thu, 17 Feb 2005 11:06:28 -0500 Subject: [osint] Switzerland Repatriates $458m to Nigeria Reply-To: osint@yahoogroups.com http://allafrica.com/stories/200502170075.html Switzerland Repatriates $458m to Nigeria This http://allafrica.com/publishers.html?passed_name=This%20Daypassed_location =Lagos Day (Lagos) February 17, 2005 Posted to the web February 17, 2005 Kunle Aderinokun Abuja FG to start drawing funds in March The Federal Government yesterday announced that the Swiss government has approved the repatriation of $458 million, being bulk of the $505 million of public fund stashed away in various private bank accounts in that country by the late General Sani Abacha and his family. Making this disclosure yesterday in Abuja at the instance of Swiss Ambassador to Nigeria, Dr. Pierre Helg, Finance Ministe Ngozi Okonjo-Iweala said the fund will be transferred into the International Bank for Settlement (BIS) in Basel, Switzerland, and that Nigeria will be able to withdraw the money by the end of March this year. Okonjo-Iweala, who said the Swiss authorities did not attach any condition for the repatriation of the siphoned monies, said the release was sequel to the judgment of the Swiss Federal Court, which ruled that the Swiss authorities may return assets of obviously criminal origin to Nigeria even without a court decision in the country concerned. The finance minister said President Olusegun Obasanjo since assumption of office had vigorously and relentlessly pursued return of the funds with the help of the National Security Adviser and herself. Noting that with this development, Switzerland has earned a positive status as the first country to return funds illegally placed by the Abacha family, Okonjo-Iweala said the Federal Government is indeed grateful to the government of Switzerland for the principled and focused manner in which it has pursued this just cause. We hope that the Swiss example at both the political and judicial level will show the way for other countries where our national resources have been illegally transferred. Switzerland's policy on this issue is a clear sign that crime does not pay. Nigeria is ready to work with other governments to achieved the repatriation of other funds which were siphoned out of the country illegally, she added. She recalled that Obasanjo had on behalf of the administration made a commitment to the Swiss government that the Abacha loots will be used for developmental projects in health and education as well as for infrastructure (roads, electricity and water supply) for the benefit of Nigerians. This, she pointed out, is of course, very much in keeping with the priorities of the National Economic Empowerment and Development Strategy (NEEDS), the nation's blue-print for reducing poverty, creating wealth and generating employment. She stated that after receiving the assurances of the Swiss authorities that the funds will be released , the federal government had decided to factor most of the Abacha funds into the 2004 budget so that the urgent challenges of providing infrastructure and social services to our people would not be delayed. This is to ensure that our programmes which are on-going are adequately funded. According to her, the Federal Government had distributed the recovered $505 million looted funds in the 2004 budget as: rural electrification, $170million (N21.70billion); priority economic roads, $140 million (N18.60billion); primary health care vaccination programme, $80 million (N10.83 billion); support to secondary and basic education, $60 million (N7.74 billion); and portable water and rural irrigation, $50 million (N6.20 billion). In his remarks, the Swiss ambassador to Nigeria, Helg said Switzerland possesses an efficient set of legal instruments to defend itself against the inflow of illegal assets, and to recognize, block and return them to their rightful owners. He noted that the recent decision of the Federal Supreme Court will strengthen the deterrent effect
Re: Digital Water Marks Thieves
On Tue, Feb 15, 2005 at 01:40:33PM -0500, R.A. Hettinga wrote: Until, of course, people figure out that taggants on everything do nothing but confuse evidence and custody, not help it. Go ask the guys in the firearms labs about *that* one. I like Bruce Schneier's take on this: The idea is for me to paint this stuff on my valuables as proof of ownership. I think a better idea would be for me to paint it on your valuables, and then call the police. http://www.schneier.com/blog/archives/2005/02/smart_water.html -- - Adam - ** My new project -- http://www.visiognomy.com/daily ** Flagship blog -- http://www.aquick.org/blog Hire me: [ http://www.adamfields.com/Adam_Fields_Resume.htm ] Links: [ http://del.icio.us/fields ] Photos: [ http://www.aquick.org/photoblog ]
RE: SHA1 broken?
Actually, the final challenge was solved in 23 hours, about 1/3 Deep Crack, and 2/3 Distributed.net. They were lucky, finding the key after only 24% of the keyspace had been searched. More recently, RC5-64 was solved about a year ago. It took d.net 4 *years*. 2^69 remains non-trivial. Peter -Original Message- From: [EMAIL PROTECTED] on behalf of Dave Howe Sent: Thu 2/17/2005 5:49 AM To: Cypherpunks; Cryptography Subject: Re: SHA1 broken? Joseph Ashwood wrote: I believe you are incorrect in this statement. It is a matter of public record that RSA Security's DES Challenge II was broken in 72 hours by $250,000 worth of semi-custom machine, for the sake of solidity let's assume they used 2^55 work to break it. Now moving to a completely custom design, bumping up the cost to $500,000, and moving forward 7 years, delivers ~2^70 work in 72 hours (give or take a couple orders of magnitude). This puts the 2^69 work well within the realm of realizable breaks, assuming your attackers are smallish businesses, and if your attackers are large businesses with substantial resources the break can be assumed in minutes if not seconds. 2^69 is completely breakable. Joe Its fine assuming that moore's law will hold forever, but without that you can't really extrapolate a future tech curve. with *todays* technology, you would have to spend an appreciable fraction of the national budget to get a one-per-year break, not that anything that has been hashed with sha-1 can be considered breakable (but that would allow you to (for example) forge a digital signature given an example) This of course assumes that the break doesn't match the criteria from the previous breaks by the same team - ie, that you *can* create a collision, but you have little or no control over the plaintext for the colliding elements - there is no way to know as the paper hasn't been published yet.
Theory of Secure Computation - Joe Killian, NEC Labs
http://www.uwtv.org/programs/displayevent.asp?rid=2233 A bit sparse on details, but a good overview of all sorts of secure protocols. Our friends Alice and Bob are of course present in various orgies of secure protocols. :)