Re: U.S. Drops 'E-Bomb' On Iraqi TV
at Tuesday, April 01, 2003 11:53 PM, Kevin S. Van Horn <[EMAIL PROTECTED]> was seen to say: > What's a legitimate government? One with enough firepower to make its > rule stick? One with real (not imagined) WMD to frighten off american presidents. NK being a good example...
Re: U.S. Drops 'E-Bomb' On Iraqi TV
at Thursday, March 27, 2003 6:36 AM, Sarad AV <[EMAIL PROTECTED]> was seen to say: > there is a lot of self imposed sensor ship in US on > the war.The Us pows's shown on al-jazeera were not > broadcasted over Us and those sites which had pictures > of POW's were removed as unethical graphics on web > pages. > May be the US itself might be stopping access to > al-jazeera networks. It certainly sounds probable. All the US and UK coverage is being very carefully stage-managed - all reporters are "embedded" into units for a reason - they are permitted to film what they are told, when they are told, and striking out on your own (or using a uplink to upload "raw" news to the newsroom carries the death penalty - as the ITN crew found out. Having a "raw" source of news - particularly one that carries pictures of young children being pulled from the rubble minus their legs - cannot possibly be tolerated. That isn't to say *that* source isn't biassed as well - try finding pro-COW coverage, and there must be at least some of the pro-COW coverage that our major media puts out that isn't faked.
Re: terror alert black
at Thursday, March 20, 2003 3:23 PM, Tyler Durden <[EMAIL PROTECTED]> was seen to say: > I've heard that for terror alert black we're all supposed to down a > few 100 milligrams of valium, and stay in our beds, butts-up. > For hidden weapons inspections, of course. *lol* might be close to the truth at that - At a recent incident in england, the police opened up the protester's *sandwiches* to check for concealed weapons in there. still, eggs can be lethal if not properly cooked :)
Re: I for one am glad that...
at Wednesday, March 19, 2003 3:39 AM, Keith Ray <[EMAIL PROTECTED]> was seen to say: > Which resolution took away any Member State's authority to "all > necessary means" to uphold resolution 690? I think the problem here is who gets to define what is "necessary" - the UN Security council thinks it is them, Bush thinks it is him personally.
Re: Journalists, Diplomats, Others Urged to Evacuate City
> About the threat to Washington: I think it's relatively high. A > nerve gas attack on buildings or the Metro seems likely. (The > Japanese AUM cult had Sarin, but was inept. A more capable, > military-trained operative has had many months to get into D.C. and > wait for the obvious time to attack. And he need not even be a > suicide bomber. A cannister of VX with a reliable timer is child's > play. Chemical weapons are legally dodgy - but under the Bush Doctorine, saddam could blow huge civilian areas of Washington away with missles, and just call it a "shock and awe" demonstration against a country that might attack it and that is known to have all three forms of WMD. I mean, that's reasonable isn't it? bush said it was
Re: Scientists question electronic voting
> > at Thursday, March 06, 2003 5:02 PM, Ed Gerck <[EMAIL PROTECTED]> was seen > > to say: > > > On the other hand, photographing a paper receipt behind a glass, which > > > receipt is printed after your vote choices are final, is not readily > > > deniable because that receipt is printed only after you confirm your > > > choices. > > as has been pointed out repeatedly - either you have some way to "bin" > > the receipt and start over, or it is worthless (and merely confirms you > > made a bad vote without giving you any opportunity to correct it) > > That given, you could vote once for each party, take your photograph, > > void the vote (and receipt) for each one, and then vote the way you > > originally intended to :) > No, as I commented before, voiding the vote in that proposal after the paper > receipt is printed is a serious matter -- it means that either the machine made > an error in recording the e-vote or (as it is oftentimes neglected) the machine > made an error in printing the vote. Or more probably, as seen in the american case - the user didn't understand the interface and voted wrongly. of course, you could avoid this by stating that the voting software displays the vote and gives a yes/no choice before printing the slip, but there is no reason to actually display the slip if there is no hope of voiding it short of storming out of the booth and demanding someone "fix" it.
Re: Trivial OPT generation method?
> There is no weakness in it that I could come up with (presuming the audio > input is sufficiently random, which in case of badly tuned station it > seems to be; white noise generator would be better, though). Sounds good to me. you should certainly get 16 good bytes from 128, and while assuming a higher entropy would be faster, it is better to be conservative if you can afford it.
Re: The burn-off of twenty million useless eaters and "minoritie s"
at Friday, February 21, 2003 4:44 PM, James A. Donald <[EMAIL PROTECTED]> was seen to say: > Highly capitalist nations do not murder millions. but their highly capitalist companies sometimes do. is this a meaningful distinction?
Re: Blood for Oil (was The Pig Boy was really squealing today
at Thursday, February 20, 2003 1:28 AM, Harmon Seaver <[EMAIL PROTECTED]> was seen to say: > No oil but lots of dope, especially lots of high grade opium and > the CIA and the US scum military has been just desperate to get > control of the world heroin trade again like they did in Vietnam days. They don't need to build a pipeline though Afganistan any more then? I know they were pretty annoyed when the taleban refused to let them, prior to 9/11
Re: School of the future
at Thursday, February 20, 2003 2:04 AM, Harmon Seaver <[EMAIL PROTECTED]> was seen to say: > The real school of the future won't have classrooms at all, and no > "teachers" as we now know them. Instead there will be workstations > with VR helmets and a number of software "gurus" in the machine > tailoring themselves to the individual students needs and > personality. The machine will never be tired or grumpy or just having > a bad day or serious personality problems like human teachers. They would if I wrote them :) Some days you need a kind, understanding, sympathetic teacher; others, you need the Scary kind :)
Re: Putting the "NSA Data Overwrite Standard" Legend to Death... (fwd)
at Monday, February 10, 2003 3:20 AM, Jim Choate <[EMAIL PROTECTED]> was seen to say: > On Sun, 9 Feb 2003, Sunder wrote: >> The OS doesn't boot until you type in your passphrase, plug in your >> USB fob, etc. and allow it to read the key. Like, Duh! You know, >> you really ought to stop smoking crack. > Spin doctor bullshit, you're not addressing the issue which is the > mounting of an encrypted partition -before- the OS loads (eg lilo, > which by the way doesn't really 'mount' a partition, encrypted or > otherwise - it just follows a vector to a boot image that gets dumped > into ram and the cpu gets a vector to execute it - one would hope it > was the -intended- OS or fs de-encryption algorithm). What does that > do? Nothing (unless you're the attacker). indeed. it usually boots a kernel image with whatever modules are required to get the main system up and running; > There are two and only two general applications for such an approach. > A standard workstation which isn't used unless there is a warm body > handy. The other being a server which one doesn't want to -reboot- > without human intervention. Both imply that the physical site is > -secure-, that is the weakness to all the current software solutions > along this line. The solution is only applicable to cold or moderately tamper-proofed systems, to prevent analysis of such systems if confiscated. It can only become a serious component in an overall scheme, but this is universally true - there is no magic shield you can fit to *anything* to solve all ills; this will add protection against the specified attacks and in fact already exists for windows (drivecrypt pluspack) - it is just non-windoze platforms that lack a product in this area.
Re: Putting the "NSA Data Overwrite Standard" Legend to Death... (fwd)
at Monday, February 10, 2003 3:09 AM, Jim Choate <[EMAIL PROTECTED]> was seen to say: > On Mon, 10 Feb 2003, Dave Howe wrote: >> no, lilo is. if you you can mount a pgpdisk (say) without software, >> then you are obviously much more talented than I am :) > Bullshit. lilo isn't doing -anything- at that point without somebody > or something (eg dongle) being present that has the -plaintext- key. > Without the key the disk isn't doing anything. So no, lilo isn't > mounting the partition. It -is- a tool to do the mount. I don't understand why this concept is so difficult for you - software *must* perform the mount; there is absolutely no way you could personally inspect every byte from the disk and pass decrypted data to the os at line speed yourself. lilo is the actor here. If you gave a program spec to a programmer and said "write this" you wouldn't be able to claim you wrote the code yourself, no matter how good or essential the program spec was. > As to mounting the disk without software, not a problem it could be > done all in hardware. Though you'd still need the passphrase/dongle. you couldn't *mount* a disk in hardware; you *could* decrypt on-the-fly and make the physical disk look like a unencrypted one, but you would still need non-crypto software to mount it. >> for virtual drives, the real question is at what point in the boot >> process you can mount a drive - if it is not until the os is fully >> functional, then you are unable to protect the os itself. if the >> bootstrap process can mount the drive before the os is functional, >> then you *can* protect the os. > No you can't. If the drive is mounted before the OS is loaded you can > put the system into a DMA state and read the disk (screw the OS) > since it's contents are now in plaintext. no, you can't. data from the hardware is *still* encrypted; only the output of the driver is decrypted, and a machine no longer running bootstrap or os is also incapable of decryption. you *could*, if good enough, place the processor in a halt state and use DMA to modify the code to reveal the plaintext, but it would be a major pain to do so and would require both physical access to the machine *while powered up and without triggering any anti-tamper switches* after the password has been supplied. This is actually a weakness in firmware cryptodrives (as I have seen advertised recently) - once the drive is "unlocked" it can usually be swapped over to another machine and the plaintext read. > You can also prevent the > default OS from being loaded as well. Indeed so, yes. however, usually that decision has to be made before the password would be entered - so making more awkward. you *could* finangle the bootstrap though; there must *always* be part of the code outside the crypto envelope (but of course this can be removable media such as the usb drive mentioned, and stored securely when not in use) > Clue: If you own the hardware, you own the software. indeed so. however, if that applied to machines not already running, the police wouldn't be so upset when they find encrypted files on seized hardware.
Re: A secure government
at Thursday, February 06, 2003 4:48 PM, Chris Ball <[EMAIL PROTECTED]> was seen to say: > Another point is that ``normal'' constables aren't able to action the > request; they have to be approved by the Chief Constable of a police > force, or the head of a relevant Government department. The full text > of the Act is available at: at least in theory. It was only a massive public "FaxYourMP" campaign that aborted the attempt to extend the "people able to authorise" list for interception to the head of any local government department (and a few other groups). I have no reason to believe that a similar paper would not have extended authority to demand keys right down to the dogcatcher general too :)
Re: A secure government
at Thursday, February 06, 2003 3:44 PM, Peter Fairbrother <[EMAIL PROTECTED]> was seen to say: > David Howe wrote: > a) it's not law yet, and may never become law. It's an Act of > Parliament, but it's two-and-a-bit years old and still isn't in > force. No signs of that happening either, except a few platitudes > about "later". Indeed - and the more FaxYourMP can do to keep that ever coming into force the better :) > b) Plod would have to prove you have the key, and refused to give it, > before you got convicted. Kinda hard to do. Not true - they have to prove you *had* the key at some point in the past. having lost the key isn't a defense > c) you already know this!!! probably - it was an oversimplification of a complex legal situation. the law *is* on the books, and as far as I can see, all that is stopping the first part of it coming into force is the desire of the HO to add a shopping list of new people to the list already defined in the act. I am assuming that the part we are discussing here is "held up in the queue" until the bits before it come into effect.
Re: Putting the "NSA Data Overwrite Standard" Legend to Death... (fwd)
at Thursday, February 06, 2003 2:34 PM, Tyler Durden <[EMAIL PROTECTED]> was seen to say: > I've got a question... > >> If you actually care about the NSA or KGB doing a low-level >> magnetic scan to recover data from your disk drives, >> you need to be using an encrypted file system, period, no questions. > > OK...so I don't know a LOT about how PCs work, so here's a dumb > question. > > Will this work for -everything- that could go on a drive? (In other > words, if I set up an encrypted disk, will web caches, cookies, and > all of the other 'trivial' junk be encrypted without really slowing > down the PC?) Provided the drive is mounted, yes. and there is no "without slowing down the pc" - obviously it *will* cost CPU time (you are doing crypto on each virtual disk sector on the fly), but it shouldn't impact on bandwidth unless you have a really slow pc. Virtual drives occupy a drive letter like a normal drive. most (including pgpdisk) have to be "mounted" while windows is already running - ie, there is nothing at that disk letter until you run a program and type a password. Some (like DriveCrypt Pluspack) allow the boot volume to be a virtual volume and be mounted *before* windows starts running. Easiest way to find out what you can and can't do is download Scramdisk or E4M, and play :)
Re: A secure government
at Thursday, February 06, 2003 11:21 AM, Pete Capelli > Then which one of these groups does the federal government fall > under, when they use crypto? In the feds opinion, of course. Or do > they believe that their use of crypto is the only wholesome one? Terrorism of course, using their own definition - they use force or the threat of force to achieve their political aims :)
Re: A secure government
> No, the various provisions of the Constitution, flawed though it is, > make it clear that there is no "prove that you are not guilty" > provision (unless you're a Jap, or the government wants your land, or > someone says that you are disrespectful of colored people). Unfortuately, this is not true in the UK - the penalty for non-decryption of encrypted files on request by an LEA (even if you don't have the key!) is a jail term.
Re: "Touching shuttle debris may cause bad spirits to invade your body!"
at Monday, February 03, 2003 3:48 AM, Sunder <[EMAIL PROTECTED]> was seen to say: > Think upgrading of circuit boards. Remove old board, insert new > board for example. Leaving the old board circling around may not be > a good thing. Just for example. Yeah, makes sense. ok, I withdraw my objections to the conspiracy theory :)
Re: Sovereignty issues and Palladium/TCPA
at Friday, January 31, 2003 2:18 AM, Peter Gutmann <[EMAIL PROTECTED]> was seen to say: > More particularly, governments are likely to want to explore the > issues related to potential foreign control/influence over domestic > governmental use/access to domestic government held data. > In other words, what are the practical and policy implications for a > government if a party external to the government may have the > potential power to turn off our access to its own information and > that of its citizens. And indeed - download patches silently to change the "disable" functionality to "email anything interesting directly to the CIA" functionality.
Re: the news from bush's speech...H-power
at Wednesday, January 29, 2003 11:18 PM, Bill Frantz <[EMAIL PROTECTED]> was seen to say: > Back a few years ago, probably back during the great gas crisis (i.e. > OPEC) years, there were a lot of small companies working on solar > power. As far as I know, they were all bought up by oil companies. > Of course, only a paranoid would think that they were bought to > suppress a competing technology. Actually, Oil companies are all in favour of competing technologies - provided they get to control them. Solar may be an exception though; wind is ok as the massive installations, land usage permissions and nature of the output fluctuations mean you really can't start off small (they are fine to feed into a large system where the overall average would be fairly level, though) but solar is just too easy to reduce down to individual installations in individual homes or businesses; only technologies that permit a service based business model (delivery of electricity and/or production of fuels that can't be done without massive plant) are encouraged :(
Re: [IP] Open Source TCPA driver and white papers (fwd)
at Friday, January 24, 2003 4:53 PM, Mike Rosing <[EMAIL PROTECTED]> was seen to say: > Thanks Eugen, It looks like the IBM TPM chip is only a key > store read/write device. It has no code space for the kind of > security discussed in the TCPA. The user still controls the machine > and can still monitor who reads/writes the chip (using a pci bus > logger for example). There is a lot of emphasis on TPM != Palladium, > and TPM != DRM. TPM can not control the machine, and for DRM to work > the way RIAA wants, TPM won't meet their needs. TPM looks pretty > useful as it sits for real practical security tho, so I can see why > IBM wants those !='s to be loud and clear. Bearing in mind though that DRM/Paladium won't work at all if it can't trust its hardware - so TPM != Paladium, but TPM (or an improved TPM) is a prerequisite.
Re: Singularity ( was Re: Policing Bioterror Research )
at Tuesday, January 07, 2003 1:14 AM, Michael Motyka <[EMAIL PROTECTED]> was seen to say: > financial resources, > other than those that pass through verified identity > gatekeepers; That's an odd way to spell "Campaign Fund Contributing Corporations"
Re: Correction of AP-CIA Disinfo.
at Monday, December 23, 2002 7:29 PM, Mike Rosing <[EMAIL PROTECTED]> was seen to say: > On Tue, 24 Dec 2002, Matthew X wrote: > >> The containment vessel may survive a jet impact but the control room >> and/or temporary pools of spent fuel lying outside the containment >> vessel might not survive. A nuclear core without monitored control >> because everything outside the containment vessel is incinerated can >> cause a modern day China Syndrome or Chernobyl disaster. > > Bwah haha ha ha heee "China syndrome" huh? go watch jane in > barberella, you'll learn more physics. This is what i get for > bypassing the kill file :-) but it is mighty funny! It isn't that wildly inaccurate - losing both control rooms would be (and has been on at least one occasion) an absolute nightmare. on that occasion, technicians had to get a five-year batch of radiation in ten minutes by going in, operating *one* valve by hand, then getting the hell out before they reached a lethal dose. >From *that* one they learnt that having two control rooms doesn't do jack if you run both sets of wire along the same trays - and have flamable insulation on the wires.
Re: Libel lunacy -all laws apply fnord everywhere
at Monday, December 16, 2002 8:34 AM, Major Variola (ret) <[EMAIL PROTECTED]> was seen to say: > "The network?" Sorry, its one wire from here to there. Even a router > with multiple NICs only copies a given packet to a single interface. That is unfortunately too much of a generalisation - although I would accept "normally" in that sentence. there are plenty of setups (broadcast domains, egmp etc) where a single packet is echoed out of multiple interfaces, and in fact some amplification attacks rely on that.
Re: Libel lunacy -all laws apply fnord everywhere
at Tuesday, December 17, 2002 5:33 AM, the following Choatisms were heard: > Nobody (but perhaps you by inference) is claiming it is identical, > however, it -is- a broadcast (just consider how a packet gets routed, > consider the TTL for example or how a ping works). ping packets aren't routed any differently from non-ping packets - they bounce up though your ISPs idea of best route to the recipient's ISP, who then use their idea of best route to the target (leaving aside the via IP flag). The reply bounces up their ISP's idea of best route to your ISP, and down though your ISP's best route to you. There isn't a sudden wave of "ping packet" travelling out across the internet like a radar pulse, and reflecting back to you - it is a directed transfer of a single discrete packet. The best analogy (made by someone else here earlier) is a telephone call; each call follows a routing path defined by the phone company's best idea of pushing comms one step closer to the destination at that time; it may be that a longer route (bouncing via a third country to get to a second, rather than using the direct line) has a lower "cost" due to the usage at that time, so that route is used.
Re: CNN.com - WiFi activists on free Web crusade - Nov. 29, 2002 (fwd)
at Monday, December 02, 2002 8:42 AM, Eugen Leitl <[EMAIL PROTECTED]> was seen to say: > No, an orthogonal identifier is sufficient. In fact, DNS loc would be > a good start. I think what I am trying to say is - given a "normal" internet user using IPv4 software that wants to connect to someone "in the cloud", how does he identify *to his software* the machine in the cloud if that machine is not given a unique IP address? few if any IPv4 packages can address anything more complex than a IPv4 dotted quad (or if given a DNS name, will resolve same to a dotted quad) > The system can negotiate whatever routing method it uses. If the node > doesn't understand geographic routing, it falls back to legacy > methods. odds are good that "cloud" nodes will be fully aware of geographic routing (there are obviously issues there though; given a node that is geographically "closer" to the required destination, but does not have a valid path to it, purely geographic routing will fail and fail badly; it may also be that the optimum route is a longer but less congested (and therefore higher bandwidth) path than the direct one. For a mental image, imagine a circular "cloud" with a H shaped hole in it; think about routing between the "pockets" at top and bottom of the H, now imagine a narrow (low bandwidth) bridge across the crossbar (which is a "high cost" path for traffic). How do you handle these two cases?
Re: New Wi-Fi Security Scheme Allows DoS (fwd)
at Thursday, November 21, 2002 1:52 PM, Jim Choate <[EMAIL PROTECTED]> was seen to say: > http://www.extremetech.com/article2/0,3973,717170,00.asp LOL! which references - the archive of this list for bibliography :)
Re: Psuedo-Private Key -Methodology
at Thursday, November 21, 2002 2:26 PM, Sarad AV <[EMAIL PROTECTED]> was seen to say: > 'A' uses a very strong crytographic algorithm which > would be forced out by rubber horse cryptanalysis > Now if Aice could give another key k` such that the > cipher text (c) decrypts to another dummy plain > text(D) > the secret police gets to read > the dummy plain text(D) using the surrendered key k` > without compramising the real plain text(P). Depends on what (c) looks like and how it is obtained. if it is a random jumble of characters (like a scramdisk) then you might get away with claiming a key 'k is the otp key for it (and of course given (c) and the required plaintext, 'k is trivial to construct) if (c) is self-evidently in the format of a known encryption package (pgp, smime, lots of others) then your attackers are not going to believe they are really OTP encrypted if the message is intercepted, not sniffed (ie, you never receive a copy yourself) then you cannot construct 'k
Re: Did you *really* zeroize that key?
at Thursday, November 07, 2002 6:13 PM, David Honig <[EMAIL PROTECTED]> was seen to say: > Wouldn't a crypto coder be using paranoid-programming > skills, like *checking* that the memory is actually zeroed? That is one of the workarounds yes - but of course a (theoretical) clever compiler could realise that int myflag; myflag=0; if (myflag!=0) { do stuff } ; can be optimised away entirely as the result is constant. the problem isn't so much a question of what would work now, but "is it possible that your zeros could be optimised away by a theoretical future compiler, and how do we make portable code that nevertheless can't be optimised away?"
Re: What email encryption is actually in use?
On Sun, Nov 03, 2002 at 11:23:36AM -0800, Tim May wrote: > - -- treat text as text, to be sent via whichever mail program one > uses, or whichever chatroom software (not that encrypted chat rooms > are likely...but who knows?), or whichever news reader software Hmm. I know of at least one irc server (and nntp server, as it happens, on the same box) that only allows access by ssh tunnel...
Re: What email encryption is actually in use?
at Monday, November 04, 2002 3:13 PM, Tyler Durden > This is an interesting issue...how much information can be gleaned > from encrypted "payloads"? Usually, the VPN is an encrypted tunnel from a specified IP (individual pc or lan) to another specified IP (the outer marker of the lan, usually the firewall/vpn combo box but of course that function can be split if needs be) sniffers can usually catch at least some of the initial login - normally a host name or user name is passed unencrypted as part of the setup - but any actual mail traffic will be indistinguishable from any other traffic; it is encapsulation of IP packets in an outer encrypted wrapper. similar statements can usually be made for Zeb, SSH and other similar tunnels - each encapsulates a low level (almost raw in the case of strict tunnels like zeb or ssh) packet passing tunnel in a crypto skin.
Re: What email encryption is actually in use?
at Monday, November 04, 2002 2:28 AM, Tim May <[EMAIL PROTECTED]> was seen to say: > Those who need to know, know. Which of course is a viable model, provided you are only using your key for private email to "those who need to know" if you are using it for signatures posted to a mailing list though, it just looks silly. > You, I've never seen before. Even if you found my key at the Liberal > Institution of Technology, what would it mean? it would at least give us a chance to check the integrity of your post (what a sig is for after all) and anyone faking your key on the servers would have to prevent you ever seeing one of your own posts (so that you can't check the signature yourself) > Parts of the PGP model are ideologically brain-dead. I attribute this > to left-wing peacenik politics of some of the early folks. The Web-of-Trust model is mildly broken - all you can really say about it is that it is better than the alternatives (X509 is not only badly broken, but badly broken for the purpose of hierachical control and/or profit) In the current case, one reason to sign important posts is to establish a pattern of ownership for posts, independent of real-world identity. If I know that posts a,b & c sent from nym x are all signed, I will be reasonably confident that key y is owned by the normal poster of nym x. that I don't know who that is in meatspace is pretty irrelevant. Where both systems break down is when trying to assert that key y is tied to anything but an email address (or possibly a static IP). There is little to bind a key to anything or anyone in the real world, unless you meet in person, know each other reasonably well (if only via third parties that can identify you both) and exchange fingerprints. in fact, WoT is simply an attempt to automate this process offline, so that you can be "introduced" to someone by a third party without all three of you having to meet; you still have to make a value judgement based on how sure you are about the third party's reliability and how confident they seem about the identity of x - however in the real world, both of those are vague, hard-to-define values and in the WoT they are rigid (you have a choice of two levels of trust for an introducer, and no way to encode how much third parties should rely on your identification)
Re: Is password guessing legal?
at Monday, October 28, 2002 9:34 PM, Major Variola (ret) <[EMAIL PROTECTED]> was seen to say: > Did that Wired reporter just admit to a crime? Does it matter that > the site is overseas? That they're "Evil(tm)"?? nope, hacking into overseas servers is officially not a crime in the US - after that fbi-russia thing. well, you have a precident anyhow :)
Re: Office of Hollywood Security, HollSec
at Saturday, October 26, 2002 1:18 AM, Tim May <[EMAIL PROTECTED]> was seen to say: > Yes, but check very carefully whether one is in violation of the > "anti-hacking" laws (viz. DMCA). By some readings of the laws, merely > trying to break a cipher is ipso fact a violation. IIRC, you can't be arrested for cracking a cypher unless that cypher is in use to protect a copyrighted work
Re: more snake oil? [WAS: New uncrackable(?) encryption technique]
at Friday, October 25, 2002 6:22 PM, bear <[EMAIL PROTECTED]> was seen to say: > The implication is that they have a "hard problem" in their > bioscience application, which they have recast as a cipher. The temptation is to break it, *tell* them you have broken it (and offer to break any messages they encrypt in it just to demonstrate) but dont' tell them how you did it. That would probably be even more fustrating for them than the problem was :)
Re: The Register - UK firm touts alternative to digital certs (fwd)
at Monday, October 21, 2002 4:20 PM, Eric Murray <[EMAIL PROTECTED]> was seen to say: > Looking at their web site, they seem pretty generic about > what it's for, but I did not see any mention of using it for payments. > So I assume it's for logins. well, I was working from: "The Quizid registry The Quizid registry is a database that translates the customer profile information required to facilitate secure online payment. Once a customer has been authenticated by the Quizid vault, the payment transaction is completed between the registry and the acquiring bank using the appropriate payment protocols. The bank then performs the necessary clearing between acquirers and issuers. As well as storing credit and debit card details the registry can be used to securely hold any personal information you would rather not enter over the Internet. So you can pre-load your delivery address, details of loyalty cards or even your seating preference for airline tickets. As well as being more secure this makes shopping online faster and simpler as you don't have to enter in the same information time after time." plus the two of their demo sites I checked offer it only as a checkout payment option. > They do say that their servers are "benchmarked at 300 > transactions/sec". That's pretty darn slow for single des. Not sure that 1Des is the bottleneck. From my (perhaps incorrect) idea of the process: 1. user "checks out" with QuizID code 2. Website opens link to QuizID and presents *its* credentials 3. QuizID checks database, confirms valid login for the website 4. Website presents user ID and Quizid code 5. QuizID checks database, verifies that QuizID code was recently generated, the sequence number is in a reasonable range, and that the user hasn't closed his account or something 6. QuizID returns to Website any site-specific data held in its registry for that Website+Customer pair, plus any data that the user has marked of general accessability (such as delivery address) 7. Website requests payment of $amount 8. QuizID retrieves bank details from database for user, signs onto merchant services, and gets a authorization for the amount; signs on again and commits the payment; gets the account details for the Website owner from the database; signs on to the merchant services *again* and makes a payment of equal amount (presumably minus their fees) into the Website owner's account 9. QuizID sends a success (or fail) message to the Website there are probably enough individual comms and database lookup tasks there to slow things down quite a bit, even leaving aside the crypto aspects.
Re: The Register - UK firm touts alternative to digital certs (fwd)
at Monday, October 21, 2002 3:14 PM, Trei, Peter <[EMAIL PROTECTED]> was seen to say: > I'd be nervous about a availability with centralized servers, > even if they are "triple redundant with two sites". DDOS > attacks, infrastructure (backhoe) attacks, etc, could all > wreck havoc. Indeed so, yes. I suspect (if it ever takes off) that they will have to scale their server setup in pace with the demand, but to be honest I think 600/sec is probably quite a high load for actual payments - we aren't talking logins or web queries, but actual real-money-payment requests. I suspect that, if it became the dominant payment method for amazon or ebay, they would need a much more hefty server, but at this stage I suspect a heavy load would be two auths per second :)
Re: One time pads
at Wednesday, October 16, 2002 7:17 PM, David E. Weekly <[EMAIL PROTECTED]> was seen to say: > As for PKI being secure for 20,000 years, it sure as hell won't be if > those million-qubit prototypes turn out to be worth their salt. I wasn't aware they even had a dozen-qbit prototypes functional yet - but even so - assuming that each qbit is actually a independent complete machine (it isn't - you need to build a machine bigger than one bit) and you had a million-unit module built - this would be equivilent to building one million (2^20, I'll be generous and give you the extra few thousand) machines each able to cross-check their results instantly (so identify if one of the million has a correct answer) This will mean you can brute force a key as though it were 20 bits shorter in keylength. even assuming you can use the usual comparison (3Kbit RSA=128 bit symmetric) this leaves you the equivilient of a 108 bit key to break - and even assuming a quantum virtual machine ran as fast as a real world one, that would take a while. Of course, if you have a machine that will break a 108 bit key in under a hundred years, I am sure the NSA would like to make you an offer.. I can't remember the last time I used an asymmetric key as small as 3Kbits. my current key is 4K and has been for some years, and my next will probably be 6K just to be sure.
Re: XORing bits to eliminate skew
at Thursday, October 17, 2002 4:38 PM, Sarad AV <[EMAIL PROTECTED]> was seen to say: > He wanted to know how I was able to do XOR on P(0) and > P(1) when xor is defined only on binary digits. you don't. P(x) is a probability of digit x in the output. ideally, P(0)=P(1)=0.5 (obviously in binary, only 0 and 1 are defined, so they are the only two possible outcomes. Now assume that one output (1 say) is more probable than the other. If this is true, you can define some value of probability (e) that is the amount a given outcome is more or less probable than the ideal. Now add a second bit. assume that the bits are (i) and (ii) so we know that the probability of (i) being 1 is 0.5-e and and being 0 is 0.5+e (there isn't a bias btw in that notation - e could be negative) so all the possible combinations are P(i=1, ii=1) =(0.5-e)(0.5-e) P(i=1, ii=0) =(0.5-e)(0.5+e) P(i=0, ii=1) =(0.5+e)(0.5-e) P(i=0, ii=0) =(0.5+e)(0.5+e) but of course if you XOR (i) and (ii) together, then (i=1, ii=1) = 0 (i=1, ii=0) = 1 (i=0, ii=1) = 1 (i=0, ii=0) = 0 collecting identical outputs allows you to say P(0)=P(i=1, ii=1)+P(i=0, ii=0) = (0.5-e)(0.5-e)+(0.5+e)(0.5+e) P(1) P(i=1, ii=0) + P(i=0, ii=1) = (0.5-e)(0.5+e)+(0.5+e)(0.5-e) reducing P(0) as in the example you gave gives you the probability of P(0) being 0.5+(2*(e^2)) so the answer is - you don't ever apply XOR to anything but binary - you do straight algebraic math on the *probabilities* of a given output (0 or 1)
Re: One time pads
at Wednesday, October 16, 2002 6:13 PM, Bill Frantz <[EMAIL PROTECTED]> was seen to say: > OTP is also good when: > (1) You can solve the key distribution problem. Its certainly usable provided key distribution isn't an issue - if it is also worth the trouble and expense is another matter. > (2) You need a system with a minimum of technology (e.g. no computers) it certainly does shine in this context - few decent encryption methods can be done with pencil and paper, and certainly by protecting the key with extra (discarded) characters, you can make the key document look innoculous indeed. Of course, indicating those characters then becomes a problem (unless you use some simplistic scheme like the second and second from last characters of each word in a specified book, but the odds of a random distribution from such is low)
Re: commericial software defined radio (to 30 Mhz, RX only)
at Thursday, October 17, 2002 4:54 AM, Morlock Elloi > Also, if regular cheapo PC sounboards can digitize 30 MHz (and > Nyquist says this requires 60 MHz sampling rate) then some product > managers need ... flogging. If I am reading this correctly, they don't need to - a fixed-frequency first mixer "bandshifts" a frequency block down to khz (with presumably a bandpass filter for selectivity), and the soundcard samples down in the ranges it is designed for. I could be reading it wrong though, DSP is nowhere near being my field :)
Re: One time pads
at Wednesday, October 16, 2002 7:17 PM, David E. Weekly <[EMAIL PROTECTED]> was seen to say: > Naive question here, but what if you made multiple one time pads > (XORing them all together to get your "true key") and then sent the > different pads via different mechanisms (one via FedEx, one via > secure courier, one via your best friend)? Unless *all* were > compromised, the combined key would still be secure. Pretty much, yes. at least one "real world" OTP system assumes you will be using three CDRW disks; the three are xored (as you say) together, the message sent, and after the keyfiles are exhaused (or the panic button hit) all three disks are automatically wiped and overwritten (several times) with random data. this isn't a new key (although it could be used as such I suppose) but cleanup before the disks are disposed of (the docs say to incinerate the disks, or in case of an emergency, microwave them on high. There is usually a good excuse for a microwave next to the machine, which is handy for the duty guy to heat his lunch without leaving his desk :)
Re: One time pads
at Thursday, October 17, 2002 2:20 AM, Sam Ritchie <[EMAIL PROTECTED]> was seen to say: > ACTUALLY, quantum computing does more than just halve the > effective key length. With classical computing, the resources > required to attack a given key grow exponentially with key length. (a > 128-bit key has 2^128 possibilities, 129 has 2^129, etc. etc. you all > know this...) With quantum computing, however, the complexity of > an attack grows only polynomially. Is this actually true or is it that it can scale proportionally in time and in number of qbits required? if you assume that a classic machine takes x^2 operations to break a key, but a quantum machine will take x operations with x qbits, that would have the same effect, provided you can create that many qbits. I haven't seen any papers that say that it is polynomial at all though - can you provide a reference or two?
Re: One time pads
at Wednesday, October 16, 2002 2:01 PM, Sarad AV <[EMAIL PROTECTED]> was seen to say: > Though it has a large key length greater than or equal > to the plain text,why would it be insecure if we can > use a good pseudo random number generators,store the > bits produced on a taper proof medium. because you have replaced a OTP (provably secure) with a PRNG stream cypher (only as secure as the PRNG). he isn't saying that stream cyphers can't be secure - just that they aren't OTP. There is also no point in distributing the output of a PRNG as a tamperproof tape - you just run the PRNG at both sides, in sync. if you use a *real* RNG, then you can do the tape disribution thing and it *will* be a OTP - but its the tape distribution that is the difficult bit (as he points out in the article) > why do we always have to rely on the internet for > sending the pad?If it is physically carried to the > receiver we can say for sure if P or R is intercepted. two obvious points are 1. it isn't aways possible to ensure secure delivery - if a courier is compromised or "falls asleep" and the tape is substituted with another, a mitm attack can be made transparently. 2. if the parties are physically remote, they may not have time to exchange tapes securely; unless there is a airplane link directly or indirectly between the sites, it may be days or weeks in transit. > can some one answer the issues involved that one time > pads is not a good choice. OTP is the best choice for something that must be secret for all time, no matter what the expense. anything that "secure for 20,000 years" will be sufficient for, go for PKI instead :)
Re: UK Censors, Shayler, Bin Laden
at Saturday, October 12, 2002 2:01 AM, Steve Furlong <[EMAIL PROTECTED]> was seen to say: > On Thursday 10 October 2002 13:13, Tim May wrote: > There are two advantages of web-based discussion fora over usenet: > propagation time and firewalls. Not sure about that - propagation time is a issue of course, but a web interface to nntp isn't that hard (dejanews offered it for years) and the propagation issue is "fixed" only by limiting the web forum to a single server or local cluster of servers - if you were setting up a web-based interface anyhow, you could get all the benefits of a single server node while not preventing users not using the web interface from participating. yes, NNTP submissions from other usenet servers might take a while to propagate to the "Master" server (or vice versa) but that wouldnt' affect the web interface users amongst themselves or indeed, anyone using nntp directly to that server. > On the other hand, few discussions are > so urgent that they need near-real-time reparte, and participants > shouldn't be cruising usenet from work. depends on the forum. there are groups I *only* read at work - technical ones of course, related to my job. Usenet is a resource, and at times a good one (provided you can live with the low signal-to-noise ratio). >> More generally, I've been watching the migration of many discussion >> groups over to "Web-based forums" (or fora). Usually the migration >> does not improve the discussion...it just puts dancing ads and cruft >> all over the pages. probably more to the point - *profit-making* dancing ads. > Something like...Google? You can't count on their sweep schedule, but > it does most of what you're looking for. deja-google is ok, but a lot of the more interesting threads include x-no-archive headers (which google respects, and rightly so) somewhere in them, so you have gaps...
Re: Echelon-like...
"Trei, Peter" <[EMAIL PROTECTED]> wrote: > It was Sweden. They didn't really have an excuse - over a year earlier, > Lotus announced their "International" version with details of the "Work > Factor Reduction Field" at the RSA Conference. I immediately invented > the term 'espionage enabled' to describe this feature, a term which has > entered the crypto lexicon. Indeed so, yes - If my memory isn't failing me though, their "excuse" was that the lotus salesdroid they had awarded the contract to hadn't disclosed it to them in his bid and in fact, the original tender had specified *secure* encryption, not *secure, except for the american spy industry*. I don't know enough sweedish to even attempt a google on it though :)
Re: Echelon-like...
On Wednesday, October 9, 2002, at 07:28 PM, anonimo arancio wrote: > The basic argument is that, if good encryption is available overseas > or easily downloadable, it doesn't make sense to make export of it > illegal. Nope. The biggest name in software right now is Microsoft, who wasn't willing to face down the government on this. no export version of a Microsoft product had decent crypto while the export regulations were in force - and the situation is pretty poor even now. If microsoft were free to compete in this area (and lotus, of notes fame) then decent security *built into* the operating system, the desktop document suite or the email package - and life would get a lot, lot worse for the spooks. I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email?
Re: Echelon-like...
>> "I assume everyone knows the little arrangement that lotus >> reached with the NSA over its encrypted secure email?" > I'm new here, so do tell if I am wrong. Are you referring to the two levels > of Encryption available in Bogus Notes? More or less, yes. Lotus knew nobody would buy a 40 bit version of their crypto, so there is a two-level encryption all right, but not along those lines - in the export version, some of the session key is encrypted using a PKI "work reduction factor" key in the message header; this section of header is important, as lotus gateways won't accept messages that have had it disturbed. by decoding this block, the NSA have the actual keysize they need to block reduced to the legal export level of 40 bits; one government found this out *after* rolling it out to all their billing and contract negotiation departments... belgum or sweden by memory . Lotus thought it would be ok if only the NSA (and other US government orgs) could break the key, rather than letting everyone have an equal chance (and indeed, letting their customers know their crypto was still only 40 bit vs USA intel agencies) Still, even the domestic version was only 64 bits, which is painfully small even by the standards of the day. certainly, even "strong" lotus could have been crackable by the NSA, who after all own their own fab plant to make custom VLSI cracking chips.
Re: Optimal solution
> In the case of algorithms is the best algorithm always > the best solution to the problem,be the algorithm with > a constant run time or randomised algorithm. > i.e is the best solution always the optimal solution > for a problem. > how can we argue -either way? There is a field of mathematics (Algorithmics) dedicated to this question. I would try and answer, but I don't understand it well enough, and in any case it is a year-long course :)
Re: why bother signing? (was Re: What email encryption is actually in use?)
at Friday, October 04, 2002 9:07 PM, Major Variola (ret) <[EMAIL PROTECTED]> was seen to say: > In an environment where spoofing was common, folks would > sign (which is not incompatible with retaining anonymity, of course). It *is* possible to sign in the name of a nym; there is no reason why a nym can't build an independent reputation without having a known "handler"
Re: What email encryption is actually in use?
at Wednesday, October 02, 2002 3:13 AM, Peter Gutmann <[EMAIL PROTECTED]> was seen to say: > As opposed to more conventional encryption, where you're protecting > nothing at any point along the chain, because 99.99% of the user base > can't/won't use it. That is a different problem. if you assume that relying on every hop between you and your correspondent to be protected by TLS *and* the owner of that server to be trustworthy (not only in the normal sense, but resistant to legal pressure, warrants from LEAs and financial "incentives" from your competitors) then you are in for a rude awakening at some point. S/Mime isn't wonderful, but it is built-in to the M$oft email packages and you can trivially generate a key *for* your correspondents to be delivered to them out-of-band. installing is double-clicking a file, and decryption automatic. More security aware users will obviously want their own, a key from a recognised CA or prefer pgp, but that is upgrades to the basic security you can provide by five minutes work with a copy of OpenSSL. > In any case most email is point-to-point, which > means you are protecting the entire chain (that is, if I send you > mail it may go through a few internal machines here or there, but > once it hits the WAN it's straight from my gateway to yours). Depends on the setup. Few home users can afford always-up connections, and most dialup ranges are blocked from direct delivery anyhow. the typical chain goes Sender-->Sender's ISP-->Recipient's ISP-->Mailspool-->Recipient for a corporate user, a typical chain might go Sender-->sender's internal email system-->sender's outbound gateway-->recipient's firewall-->recipients inbound gateway-->recipient's email system-->recipient assuming *everyone* at both companies is trustworthy (or IT is on the ball and preventing sniffers from running on their lans; I will pause while everyone laughs and then drafts replies pointing out that is impossible) then you can get away with TLS-protecting just the link gateway-->firewall. Yes, crypto should be transparent and enabled *by default* in those M$ corporate products; no, the US government wasn't (and still isn't even under the more relaxed regime) willing to wear on-by-default unbreakable, easy crypto in mass-market products.
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- at Tuesday, October 01, 2002 9:04 PM, Petro <[EMAIL PROTECTED]> was seen to say: > Well, it's a start. Every mail server (except mx1 and > mx2.prserv.net) should use TLS. Its nice in theory, but in practice look how long it takes the bulk of the internet to install urgent patches - how long is it going to take to get people to install an upgrade to privacy that actually causes more problems for them? Besides the core here is that 1) everyone with a server enroute can read the mail 2) you are relying on every other link in the chain to protect your privacy clientside crypto fixes both these problems, reduces the total crypto load on the chain (encryption/decryption is only ever done once) and allows use of digital signatures. > Once you start using it, it becomes part of hte pattern by wich > other people identify you. Exactly the intention, yes :) Just for the sake of it (anyone who cares will have seen my signature enough times by now) I will sign this one :) -BEGIN PGP SIGNATURE- Version: PGP - Cyber-Knights Templar iQIVAwUBPZqzpWDKt9Hjj5SVAQFlwA//cQYGFRb3sJEM695lWJ+rUhymcS5lTSEV vG3eRUvxpbhLcAS+QsdMXX3pDlu60UzOhxubpQch9E59yE/+uaeU+5AzkfDQjc2q jQ8SppCqf56+uevoZlH1RiKkBT6Hx7ctPimEIlq3FXWsaqA3ocPVghZwFhMaxA1G twCtBxR7Q3y6VePzCzeealx7TDgcoS7hoBKNTsueAIWd/9xB9JYjFvS8OecOMdZG B+yvSLHZn1YJG62JfZ8EWXr1xKh5BZxdRVxLVzhaumtyAFr2hCDQffDiz5UtyGSa JdMoJAzmZZZ5EvcHc0rMDVs5BiDr5/EaSU+xecPz/YxY4BWxGFprqsRi7IapTkb1 26zgJQ4miGylFlmZM30cxKYudi5PdSJ4VUWpuoHRg9clZlH9KzC7f0suYAnACDXC bzr5Fgp3+bvRnziMD65NT4G1hxA5pYPl+4IudVSKcaMsHLWSTE8Lnf0US283MdeR VXKbINvyEr0p0zrl7lVmHZbmuLjdUHrgAoyQEKcaMelE+Q8suXynDYtSV7LCfdAE CjKBz2RxAiNhi1vAq6NuFOMx+R9c23Sxg2uUUbpYeRbl5fPbjamDzIhK2ccNNmpU euuWj3O9e6YMtW0KPezYbJ/9fMMkOAv3KnfdeAgcjSnipMqVvqgJ4sWil3gfUADY X0TKznTghWs= =3uOF -END PGP SIGNATURE-
Re: What email encryption is actually in use?
at Tuesday, October 01, 2002 6:10 PM, James A. Donald <[EMAIL PROTECTED]> was seen to say: > Not so. It turns out the command line is now different in PGP > 6.5.8. It is now pgp -sta to clearsign, instead of pgp -sa. > (Needless to say the t option does not appear in pgp -h *nods* its in the 6.5 Command Line Guide, but as "identifies the input file as a text file" The CLG is the best reference for this though - as it explictly lists sta as the correct option in section Ch2>Common PGP Functions>Signing Messages>Sign a plaintext ASCII file. I could email you a copy of the PDF of that (its about 500K) if you wish. > The clearsigning now seems to work a lot better than I recall > the clearsigning working in pgp 2.6.2. They now do some > canonicalization, or perhaps they guess lots of variants until > one checks out. its canonicalization - again according to the CLG (CH3>Sending ASCII text files to different machine environments) > Perhaps they hid the clear signing because it used not to work, > but having fixed it they failed to unhide it? its just an evolution. IIRC the command line tool was based at least partially on the unix version of pgp, which always had different command line switches. It would be nice if behaviour was more backwards compatable, but they *did* document it in the official M that you should RTF :)
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- at Tuesday, October 01, 2002 9:04 PM, Petro <[EMAIL PROTECTED]> was seen to say: > Well, it's a start. Every mail server (except mx1 and > mx2.prserv.net) should use TLS. Its nice in theory, but in practice look how long it takes the bulk of the internet to install urgent patches - how long is it going to take to get people to install an upgrade to privacy that actually causes more problems for them? Besides the core here is that 1) everyone with a server enroute can read the mail 2) you are relying on every other link in the chain to protect your privacy clientside crypto fixes both these problems, reduces the total crypto load on the chain (encryption/decryption is only ever done once) and allows use of digital signatures. > Once you start using it, it becomes part of hte pattern by wich > other people identify you. Exactly the intention, yes :) Just for the sake of it (anyone who cares will have seen my signature enough times by now) I will sign this one :) -BEGIN PGP SIGNATURE- Version: PGP - Cyber-Knights Templar iQIVAwUBPZrB22DKt9Hjj5SVAQF3eBAAh8RK5LgLIPv8JhBwX6kdj2x0c6NsrtdA xiH45Zb+bCNO07ac07n+qyKRZ5UiTGjekjQXjnSOczDFUgCyUymexqif7SnDZ04P S/55rQ31wfUWNRVrO/ULjdq4TVYHMsAUFKhrYgwvYyqJNOg2C+sBwgNsLM3gedm2 R0KRY6pO/wqpVsvki3c27h7wszfvCkmsRrqtuKTwktm23XdbmAs+21YWbThbqc3Y r1gtmH8QrJuUzhPXfE/L104reFo5yi2BMuY/ac1G7uXNc+6yAhy61q4z0v17OMcS glEASE0AO+XrtYFfq/3VXk1SN5S3x44GazHvKo9NgqpJn8pvoNq9TsXhXIa9c1/u hchVahwsuZ6rooMxur8ekLP86zTn8mfI+lFKd1n+LuFzcVbzezzKRH3PM+TjDMTF p0TzHsrDOeUkrYJ2ImznpJ1019oDPBVvDCwRyCqOeLZ9MvARTXLtO9gwjt1NAh2E h7WBYhQyMdlKeUMh6mUwIG7DOoitOnf/mQkmQWybPK7NT2tOhx9uHEWE92iWUxc+ AQF4UywdSvFpTskVBkQIQESsYWGs92A350zEapogB2+cDJxytqtRDN2mLGG6tPPt u+60lj65OQUdc0D91e2W3yif9mF7ul3aztt2Ca5qziyMRVwnoceSwbejDyr1fZLO 8MgGBffIDis= =jz44 -END PGP SIGNATURE- resent - with broken line wrap fixed. damned lousy MS email client :) Next time I *check* first before sending and don't look so clueless in a worldwide list :)
Re: What email encryption is actually in use?
at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann <[EMAIL PROTECTED]> was seen to say: > For encryption, STARTTLS, which protects more mail than all other > email encryption technology combined. See > http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf > (towards the back). I would dispute that - not that it isn't used and useful, but unless you are handing off directly to the "home" machine of the end user (or his direct spool) odds are good that the packet will be sent unencrypted somewhere along its journey. with TLS you are basically protecting a single link of a transmission chain, with no control over the rest of the chain. > For signing, nothing. The S/MIME list debated having posts to the > list signed, and decided against it: If I know you, I can recognise a > message from you whether it's signed or not. Signing has a limited application - I wouldn't use it routinely other than to establish an association (key-->poster) early in a conversation, and then omit it except for things whose source *I* would want verified if I was receiving it. It is unusual for me to use a sig outside of encrypt+sign. > If I don't know you, > whether it's signed or not is irrelevant. Depends on the definition of "know". If a poster had a regular habit of posting at least one signed message every week, and had never protested that the sigs were faked, then you could assume that the poster whose sig just cleared is the same as the poster who has been posting for that time period - mapping that to any real-world individual is more problematic, but mostly you don't need to. There are plenty of people I only know online from email exchanges, and in some cases am not even sure what sex they are :)
Re: What email encryption is actually in use?
at Monday, September 30, 2002 7:52 PM, James A. Donald <[EMAIL PROTECTED]> was seen to say: > Is it practical for a particular group, for > example a corporation or a conspiracy, to whip up its own > damned root certificate, without buggering around with > verisign? (Of course fixing Microsoft's design errors is > never useful, since they will rebreak their products in new > ways that are more ingenious and harder to fix.) Yup. In fact, some IPSec firewalls rely on the corporate having a local CA root to issue keys for VPN access. from there it is only a small step to using the same (or parallel issued) keys for email security. The problem there really is that the keys will be flagged as faulty by anyone outside the group (and therefore without the root key already imported), and that will usually only work in a semi-rigid hierachical structure. There *is* an attempt to set up something resembling a Web of trust using x509 certificiates, currently in the early stages at nntp://news.securecomp.org/WebOfTrust > I intended to sign this using Network Associates command line > pgp, only to discover that pgp -sa file produced unintellible > gibberish, that could only be made sense of by pgp, so that no > one would be able to read it without first checking my > signature. you made a minor config error - you need to make sure clearsign is enabled. > I suggest that network associates should have hired me as UI > design manager, or failing, that, hired the dog from down the > street as UI design manager. It's command line. Most cyphergeeks like command line tools powerful and cryptic :)
Re: thinkofthechildren.co.uk censored
at Thursday, September 26, 2002 7:14 PM, Major Variola (ret) <[EMAIL PROTECTED]> was seen to say: The original fax from the Met is now online http://www.thinkofthechildren.co.uk/metfaxbig.shtml
Re: Best Windows XP drive encryption program?
at Monday, September 23, 2002 10:35 PM, Curt Smith <[EMAIL PROTECTED]> was seen to say: > http://www.drivecrypt.com/dcplus.html > DriveCrypt Plus does everything you want. I believe it may > have descended from ScramDisk (Dave Barton's disk encryption > program). It has. Basically, the author of Scramdisk took the NT version, added some XP support, a couple of new algos and launched it as a commercial, closed source product. The boot-time protection was requested repeatedly on the SD usenet forum (with several good discussions of different approaches) and it wasn't much of a surprise that it turned up in the commercial product. Personally, I think it is excellent and completely trustworthy - I just won't use it on principle as I don't run closed-source crypto. I am sticking with my (purchased) copy of SD4NT for now on W2K, and waiting on the SD4Linux project to produce something usable for that boot partition.
Re: Best Windows XP drive encryption program?
at Monday, September 23, 2002 10:35 PM, Curt Smith <[EMAIL PROTECTED]> was seen to say: > http://www.drivecrypt.com/dcplus.html > DriveCrypt Plus does everything you want. I believe it may > have descended from ScramDisk (Dave Barton's disk encryption > program). As an aside - Dave Barton? Shaun Hollingworth was the author of SD as far as I know. I can't remember exactly, but seem to recall Dave Barton did a delphi wrapper around some of the SD function calls...
Re: Challenge to TCPA/Palladium detractors
> Same version of compiler on same source using same build produces > identical binaries. It doesn't though - that is the point. I am not sure if it is simply that there are timestamps in the final executable, but Visual C (to give a common example, as that is what the windows PGP builds compile with) will not give an identical binary, even if you hit "rebuild all" twice in close succession and compare the two outputs, nothing having changed.
Re: Tunneling through a hostile proxy?
John Kozubik <[EMAIL PROTECTED]> was seen to declaim: > SSH java applets exist: > http://www.appgate.com/ag.asp?template=products&level1=product_mindterm > http://javassh.org/ And indeed are very useful - but I think you miss the whole point of a java applet. the applet downloads to (and runs on) the local pc, therefore the SSH connection will be outbound from the local pc - and no better than just running up a copy of puTTY, but with half the features.
Re: Tunneling through a hostile proxy?
Roy M. Silvernail <[EMAIL PROTECTED]> was seen to declaim: > Given internet access from a private intranet, through an HTTP > proxy out of the user's control, is it possible to establish a secure > tunnel to an outside server? I'd expect that ordinary SSL > connections will secure user <-> proxy and proxy <-> server > separately, with the proxy able to observe cleartext. Could an SSH > connection be made under these conditions? Not sure if it is what you are asking - but a HTTP proxy doesn't handle the SSL; it simply forwards the packets to the destination site, and forwards the reply back to you; the SSL encryption is handled by your machine and the server (the proxy doesn't touch it) In theory, if your corporate force-included its own root key into your browser, they could generate their own certificates on the fly and have it work transparently - but checking who issued the cert would show that up.
Re: Virtuallizing Palladium
Ben Laurie <[EMAIL PROTECTED]> was seen to declaim: > Albion Zeglin wrote: >> Similar to DeCSS, only one Palladium chip needs to be reverse >> engineered and it's key(s) broken to virtualize the machine. > If you break one machine's key: > a) You won't need to virtualise it > b) It won't be getting any new software licensed to it I would think it would be more likely to match the "mod" chips that address this very issue in the Gaming world - a replacement chip that tells the OS "yeah, everythings ok" even when it isn't :)
Re: IP: SSL Certificate "Monopoly" Bears Financial Fruit
[EMAIL PROTECTED] <[EMAIL PROTECTED]> was seen to declaim: > IE comes preloaded with about 34 root certificate authorities, and > it is easy for the end user to add more, to add more in batches. > Anyone can coerce open SSL to generate any certificates he > pleases, with some work. > Why is not someone else issuing certificates? Mostly because of the alarming things IE/NS/Whatever says if you haven't already got the root cert in your browser when you visit a site relying on a "homebrewed" cert. Certainly some time ago, the OpenCA project were giving away ssl certs for free to all comers; the software they produced is open source (and at sourceforge) so anyone could open their own CA with whatever authentication criteria they wish (and indeed, the owner of news.securecomp.org (nntp) is in the early stages of a X509-based CA on a hierachical but distributed model (ie, regional CAs you can apply personally to with proof of ID) Doesn't help much when the sheeple won't trust anything that doesn't come pre-installed by microsoft though.
Re: When encryption is also authentication...
Mike Rosing <[EMAIL PROTECTED]> wrote: > Having it be "transparent" where the user doesn't need to know > anything about how it works does not have to destroy the > effectiveness of digital signatures or crypto. When people sign a > document they don't know all the ramifications because few bother to > read all of any document they sign - most of it won't apply as long > as you keep your part of the bargin, so why bother? Partially agreed - a user doesn't have to know *how* it works, but must have to take a positive step (eg, type in a password, answer "yes" to a "are you really sure you want to do this" message, that sort of thing) for it to be binding under most e-sig legislation. However, the law of contract assumes every dotted i and crossed t is read and fully understood to the full measure of the law. Enough people get caught out this way each year (they find the contract they signed isn't what they negotiated but (eg) binds them to a full term of service (say, two years) when they wanted a three month trial... There is a balance to be had here. it should be impossible for a random user to walk up to their powered off pc, power it on, then sign a document. It should be extremely difficult for a random user to walk up to a pc that has been left logged on (but which hasn't been used to sign documents for five minutes or so) and sign a document; it should be easy for the user to sign a large number of documents in rapid succession, without having to type in a complex password every single time. If this involves remembering the password for a specified "idle" time, or using a smartcard to auth (rather than a manual password or in addition) that the user can remove when he takes a coffee break then fine - but whatever you do must almost certainly use no other hardware than is already fitted to the machine, so a usb dongle could be ok for a home user but a credit-card style smartcard almost certainly won't be (although if anyone knows a decent floppy-adaptor for smartcards, I would love to know about it)
Re: When encryption is also authentication...
Mike Rosing <[EMAIL PROTECTED]> wrote: > Having it be "transparent" where the user doesn't need to know > anything about how it works does not have to destroy the > effectiveness of digital signatures or crypto. When people sign a > document they don't know all the ramifications because few bother to > read all of any document they sign - most of it won't apply as long > as you keep your part of the bargin, so why bother? Partially agreed - a user doesn't have to know *how* it works, but must have to take a positive step (eg, type in a password, answer "yes" to a "are you really sure you want to do this" message, that sort of thing) for it to be binding under most e-sig legislation. However, the law of contract assumes every dotted i and crossed t is read and fully understood to the full measure of the law. Enough people get caught out this way each year (they find the contract they signed isn't what they negotiated but (eg) binds them to a full term of service (say, two years) when they wanted a three month trial... There is a balance to be had here. it should be impossible for a random user to walk up to their powered off pc, power it on, then sign a document. It should be extremely difficult for a random user to walk up to a pc that has been left logged on (but which hasn't been used to sign documents for five minutes or so) and sign a document; it should be easy for the user to sign a large number of documents in rapid succession, without having to type in a complex password every single time. If this involves remembering the password for a specified "idle" time, or using a smartcard to auth (rather than a manual password or in addition) that the user can remove when he takes a coffee break then fine - but whatever you do must almost certainly use no other hardware than is already fitted to the machine, so a usb dongle could be ok for a home user but a credit-card style smartcard almost certainly won't be (although if anyone knows a decent floppy-adaptor for smartcards, I would love to know about it)
Re: Open-Source Fight Flares At Pentagon Microsoft Lobbies Hard Against Free Software
>Microsoft also said open-source software is inherently less secure >because the code is available for the world to examine for flaws, >making it possible for hackers or criminals to exploit >them. Proprietary software, the company argued, is more secure because >of its closed nature. Presumably the contrast between this and their other recent declaration (that their code is so insecure releasing it would be a national security risk) doesn't occur to them? Or maybe they think the two compliment each other (eg "look, our code is so insecure that we can't release it, and we can't believe anyone is any better than us, so theirs must be so insecure it can't be released too")
Re: More weirdness from Choate Prime
> Bullshit Tim. The card holder (person paying) has an interest rate > tacked on their payments -EVERY MONTH-. It's right there at > the bottem of your statement. I would switch to a better card provider then if I were you - here in the UK, that interest payment only kicks in if you don't clear the balance when making your payment - ie it is the cost of the *loan* they are providing you not the cost of the purchase (if nothing else, if it were the cost of the purchase then it would be a one-shot rather than ongoing cost) > Now, let's talk about the 1-3% transaction charge and who > -actually- pays it. How do you explain 'cash discounts'? I'll > tell you how chucklehead, the individual vendors crank their > prices up 2-5% to compensate. Indeed so - and in the UK, the CC "merchant account" provider *will* yank your account if you do that and they catch you. obviously, the big players wouldn't have this happen to them - but then, the big players won't give you a cash discount as a policy either (although individual branch managers often will) However, the fact that many merchants choose to "work around" the restriction if the customer pushes for a discount, does not alter the fact that a) the 1-3% is SUBTRACTED from the payment they receive, not ADDED to the bill of the customer b) the CC companies frown on even a HINT that a CC is more expensive for the customer than cash, and have enough tame lawyers to make it very expensive for any merchants they catch doing it. > Independence of transactions. There is no such thing, outside of very theoretical models. every time you are offered a bundle deal, a loyalty card, a special discount - anything - you break the model. Item pricing will commonly vary based on a lot of factors - the customer-merchant relationship, the quantity of stock, expected value of stock, recent sales, and of course the true value of the offered payment. However, it is a convenient fiction, as almost all of the transactions will go ahead at the offered price; usually, anything but a tiny retailler (or a medium sized one offered a big transaction) will refuse to treat - either you take the offered price or you don't. Enough choose "don't" though, and the price will drop, which of course is in itself a negotiation of sorts.
Re: Bad guys vs. Good guys
> > The problem with paying for anything over $100 is > > having the money with you at that time. > Most such purchases are not 'off the cuff'. They are planned. Oh? so presumably all these "special promotions" you regularly see on medium-to-large ticket items are worthless unless they can be advertised four or five days in advance so that their purchase can be planned? Impulse buying of medium-ticket items (usually electrical goods or luxury items) is a major factor. > No it doesn't. A credit card in and of itself gives you access > to somebody elses money. You have to pay them back with > your own (preferably w/o a credit card - funny that, no?). Debit cards? or don't they exist over there? > What -will- replace credit cards and checks and other stuff > is a better network and a protocol that will allow one person > to -directly- transfer funds from their bank to the buyers bank Ah. you mustn't have debit cards over there then.
Re: Bad guys vs. Good guys
> > Nope, Usually credit card transactions are free for the payer > Bullshit, they charge interest on the loans and such. You should > read your credit card bills closer. Not sure if the rules are different over there then - after all, you add on extra charges to the ticket price when you reach the paypoint :) in the UK, almost all credit cards charge *no* interest at all on payments made with it provided you clear your balance when the bill comes in, and most charge no annual fee for usage either. A "handling charge" is applied if you use a cashpoint to withdraw money, but that is sensible as there there isn't a vendor to gouge :) > > The CC contract insists on no surcharge (to the customers) for CC payments > ??? I guess the vendor who pays the fees to use credit cards > just pulls the money out of thin air...not hardly. *shrug* I am not responsible for for your problems there. In my experience (limited to the uk, admittedly) card usage is free, and vendors are under a contractual obligation (and I know this because I have signed such a contract) to the CC "swipe" box supplier (the "merchant account provider") not to add a surcharge for use of the card to pay; this leads to some strange situations, where companies will accept CCs to purchase goods, but will *not* accept them to pay bills. Mind you, if you wave a bundle of cash and mutter "discount for cash payment?" to a lot of companies, you can get a discount. but then, this is true *anyhow* particularly for payments over 100ukp to anything but the biggest of the high street names - and even then, usually a store manager has the discretionary power to apply discounts (usually booked as "shop soiled" (ie ex-display model) or "manager's special promotion")
Re: Bad guys vs. Good guys
"Jim Choate" <[EMAIL PROTECTED]> gave us the benefit of the following opinion: > It makes no sense to talk about 'cheapness of payment' from the recipients > view. It costs them nothing to get paid (outside of whatever service or > labor was involved in the exchange). You have your cognates reversed > (ie payer v payee). Nope, Usually credit card transactions are free for the payer (provided they pay their bill at the end of the month) while a percentage of that money is lost if you are the payee to the credit card company (if it were a flat fee for the service, it could be a business expense; as it is, it is a cost of handling the payment). The CC contract insists on no surcharge (to the customers) for CC payments for the very good reason that most businesses would want to pass that handling fee onto the customer, and the CC company's business model wouldnt' survive that happening.
Re: Cypherpunks Europe
> I don't think you get freelance IRA guys. Not with both > kneecaps, anyway. might be surprised - donations from the states have apparently tailled off (having been the subject of a terrorist attack themselves they seem less willing to fund them) and they could do with the revenue - but you are probably better off talking with the dodgier firms in london - the prices will be better and they will do a more professional/painful job. The price improvement is because reusable sledgehammers are cheaper than having to dispose of a gun ;) > L** G*** is a nice man. He wrote that the Cult of the Dead Cow > were a "bunch of barely literate mindless American teenage delinquents". > If they lived in England they could possibly sue him for that :-) Maybe they could anyhow - juristiction shopping isn't exclusive to LG. In fact, I am sure half the list will chip in a tenner or so each to help out the legal fees ;)
Re: Cypherpunks Europe
On Sunday, April 28, 2002, at 07:32 AM, Jan Dobrucki wrote: > Greetings, > I've been reading the list for a while now, and what I find annoying > is that there are mostly American news and little about what's > happening in Europe. As little as I respect America, America is not > all of the world. Come on Cypherpunks from Europe, make your presence > noticed! Not sure about the rest of europe - but we have a targetted crypto list in the UK (UKCrypto, sensibly enough) so already have a forum for uk-specific issues. Thats not to say some of it wouldn't be better here - but I am sure our problems with Godfrey would bore you all to tears anyhow :)
Re: Two ideas for random number generation
<[EMAIL PROTECTED]> wrote: > On 24 Apr 2002 at 17:41, David Howe wrote: > > its probably a better (if much slower) stream cypher than most currently in > > use; I can't think of any that have larger than a 256 internal state, and > > that implies a 2^256 step cycle at best; for pi to be worse, it would have > > to have less than 2^256 digits. > This is putting sillines on top of silliness. It's true that in principle > that the decimal expansion of pi has an infinite number of digits, > but any practical implementation of a PRNG based on pi > would still have to have a finite number of accessable states. Indeed my point (the mentioned hardware implimentation limitations) - however, you don't need an infinite pi - a prng based on a subset that has 2^257 bits of the sequence has by definition a longer cycle time than a 256 state prng. > Conversely, a PRNG whose cycle is "only" 2^256 bits long > will never repeat itself during the lifetime of the device, or > the lifetime of the universe for that matter. which is why a subset is sufficient.
Re: Two ideas for random number generation
> No it isn't. You -want- a RNG but you can't have one. Nobody > -wants- a PRNG, they -settle- for it. I think there is some confusion here - if you are using a PRNG as a stream cypher, the last thing in the world you want is for it to be truely random - you need to sync up two prngs in order to decrypt the message, and randomness would defeat that (I can see a case where you introduce a little randomness and use some redundant method to strip it out before encryption, but that's only a second layer of obscurity of little value if the mainstream crypto is borken. > What one wants is a bit sequence which is > -random-. if you want random numbers, get a rng - a prng is never going to be a rng, and everyone knows it. given you are using a prng in any case, does it matter if the prng sequence being used happens to be a sequence of pi, or any other fixed sequence? > > any subset of the digits of pi is as close to RNG output as you would > > need to satisfy any entropy tests - unless you *knew* you had derived it > > from pi you couldn't distinguish it from a true random string of the same > > size. > Satisfying an -entropy test- is -not- equivalent to -being- a RNG. It only > says that within a particular error margin you're -close enogh-. indeed so. but if someone has said a prng is truely a rng, I must have missed it. > Really? The offset into the sequence is a fixed width and the result is > alaways a single character. Where do you add a bit? what makes you think the offset is a fixed width? pi is of infinite length (or so I am told) so any offset is also at least potentially of infinite size. speed and physical construction constraints limit that, but not enough to fit your claims of it being easily defeatable. > > the single-digit-of-pi formula is too slow to form a good stream cypher, but > > is otherwise ok; > Maybe for you, I sure as hell wouldn't use it either as a key or as a > seed into a known hashing/whiting algorithm. its probably a better (if much slower) stream cypher than most currently in use; I can't think of any that have larger than a 256 internal state, and that implies a 2^256 step cycle at best; for pi to be worse, it would have to have less than 2^256 digits. > Let me ask you a more pointy question. Are you selecting some offset and > then taking the sequence of digits from pi, or are you selecting the > digits out of order? In either of these cases it isn't the sequence of pi > that is providing the randomness (which is apparently the claim) but > rather the selection process; which is both undescribed at this point > -and- simply moves the argument from one area to another - this -proving- > nothing. no, you are using a subset of a pseudo-random stream of infinite length; there is little benefit in selecting digits at random, if you are relying on the pseudorandomness of the stream itself. I am at a loss to see what you are driving at, so am forced to assume we are considering radically different cases.
Re: Two ideas for random number generation
"Jim Choate" <[EMAIL PROTECTED]> wrote: > But that changes the game in the middle of play, the sequence of digits > in pi is fixed, not random. You can't get a random number from a constant. > Otherwise it wouldn't be a constant. PRNG output is fixed/repeatable too - that is a properly you *want* from a PRNG. any subset of the digits of pi is as close to RNG output as you would need to satisfy any entropy tests - unless you *knew* you had derived it from pi you couldn't distinguish it from a true random string of the same size. > You can't stop them from using their tables. Slow them down, not stop > them. You can't use that huge a seed, hardware limitations. They can match > you. *shrug* given that adding a bit to the seed doubles the quantity of data they would have to cache in their tables, it can quickly become unworkable; the single-digit-of-pi formula is too slow to form a good stream cypher, but is otherwise ok; if you aren't constrained to matching a real world sequence (pi in this case) but are happy with *any* non-repeating but deterministic stream, you can probably find something much faster.
Re: Biometrics helping privacy: excerpt from Salon article on fo rensics
Peter Trei wrote: > Encrypted files on a portable device that you keep with you would > seem to be the best of all worlds. any of the usb "mini drives" can manage that - just set them to autorun Scramdisk Traveller and mount a SD volume from the device. just don't forget to dismount it before you remove the drive :)