Re: Run a remailer, go to jail?

In message <[EMAIL PROTECTED]>, James M Galvin writes: >No way. The phrase "flatly ban" is overstating the words in the actual >bills. > >They both require that the use of such technologies be for the purpose >of committing a crime. Law enforcement would still have to show intent, >which is as i

Re: Who's afraid of Mallory Wolf?

> >That's using a questionable measuring stick. >The damages paid out in a civil suit may be very >different (either higher, or lower) than the true >cost of the misconduct. Remember, the courts are >not intended to be a remedy for all harms, nor could >they ever be. The courts shouldn't be a re

Re: Who's afraid of Mallory Wolf?

In message <[EMAIL PROTECTED]>, Ian Grigg writes: >Who's afraid of Mallory Wolf? > > >Even worse, there's not been any known MITM of >any aggresive form. The only cases known are >a bunch of demos, under laboratory conditions. >They don't count, and MITM remains a theoretical >attack, more the su

Re: Wiretap Act Does Not Cover Message 'in Storage' For Short Period (was Re: BNA's Internet Law News (ILN) - 2/27/03)

In message <[EMAIL PROTECTED]>, "R. A. Hettinga" wr ites: > >--- begin forwarded text > > >Status: RO >From: Somebody >To: "R. A. Hettinga" <[EMAIL PROTECTED]> >Subject: Re: Wiretap Act Does Not Cover Message 'in Storage' For Short Perio >d (was Re: BNA's Internet Law News (ILN) - 2/27/03) >Date:

Re: [Bodo Moeller ] OpenSSL Security Advisory: Timing-based attacks on SSL/TLS with CBC encryption

I'm struck by the similarity of this attack to Matt Blaze's master key paper. In each case, you're guessing at one position at a time, and using the response of the security system as an oracle. What's crucial in both cases is the one-at-a-time aspect -- that's what makes the attack linear in

Re: Columbia crypto box

In message <[EMAIL PROTECTED] m>, "Trei, Peter" writes: >> >If I recall correctly (dee3: Can you help?) WEP is actually derived >from the encryption system used in the Apple Mobile Messaging >System, a PCMCIA paging card made for the Newton in the mid-90s. >This used 40 bit RC4. > >Though only a

Re: Columbia crypto box

In message <[EMAIL PROTECTED]>, Greg Rose writes : >At 06:12 PM 2/10/2003 -0500, Steven M. Bellovin wrote: >> >In any case, WEP would clearly look very different if it had been designed >> >by cryptographers, and it almost certainly wouldn't use RC4. Look

Re: Columbia crypto box

In message <[EMAIL PROTECTED]>, "Paul A.S. Ward" writes: >Is it really fair to blame WEP for not using AES when AES wasn't around >when WEP was being created? > Of course they couldn't have used AES. But there are other block ciphers they could have used. They could have used key management.

Re: Columbia crypto box

In message <v03110708ba6df9a4efb3@[192.168.1.5]>, Bill Frantz writes: >At 4:29 PM -0800 2/10/03, Steven M. Bellovin wrote: >>In message <v03110705ba6dec92ddb0@[192.168.1.5]>, Bill Frantz writes: >> >>> * Fast key setup (Forget tossing the 256 bytes of key

Re: Columbia crypto box

In message , Bill Frantz writes: > * Fast key setup (Forget tossing the 256 bytes of key stream. >The designers weren't crypto engineers. Personally, I'd toss the >first 1024.) I reran my script assuming that the first 1024 bytes of each packet wer

Re: Columbia crypto box

In message , David Wagner writes: >Trei, Peter wrote: >>The weird thing about WEP was its choice of cipher. It used RC4, a >>stream cipher, and re-keyed for every block. . RC4 is >>not really intended for this application. Today we'd >>have used a block cipher with va

Re: Columbia crypto box

In message <[EMAIL PROTECTED]>, bear writ es: > >>It's one of those things, like re-using a pad. > >Actually, it is re-using a pad, exactly. It's just a pseudorandom >pad (stream cipher) instead of a one-time pad. > >And while WEP had problems, it didn't have that particular problem. >New message

Re: Columbia crypto box

In message <[EMAIL PROTECTED]>, Pete Chown writes: >Bill Stewart wrote: > >> These days nobody *has* a better cryptosystem than you do They might >> have a cheaper one or a faster one, but for ten years the public's >> been able to get free planet-sized-computer-proof crypto ... > >I seem to rememb

Re: Columbia crypto box

In message <[EMAIL PROTECTED]>, Faust writes: >> Apparently some folks skipped class the day Kerchhoffs' >> Principle was covered. > >While this is obvious to the oldtimers, I had to look Kerkhoffs principle >( and found that it is the old injunction against security by obscurity ). > You can fin

Re: question about rsa encryption

In message <[EMAIL PROTECTED]>, "Scott G. Kelly" writes: >I have a question regarding RSA encryption - forgive me if this seems >amateur-ish -, but 'm still a beginner. I seem to recall reading >somewhere that there is some issue with directly encrypting data with an >RSA public key, perhaps some v

Re: DeCSS, crypto, law, and economics

In message <[EMAIL PROTECTED]>, "Perry E. Metzger" writes: > > >I don't know anyone who trades video files -- they're pretty big and >bulky. A song takes moments to download, but a movie takes many many >hours even on a high speed link. I have yet to meet someone who >pirates films -- but I know lo

Re: Did you *really* zeroize that key?

In message <[EMAIL PROTECTED]>, Peter Gutmann writes : >>[Moderator's note: FYI: no "pragma" is needed. This is what C's "volatile" >> keyword is for. > >No it isn't. This was done to death on vuln-dev, see the list archives for >the discussion. > >[Moderator's note: I'd be curious to hear a summ

Re: Windows 2000 declared secure

In message <[EMAIL PROTECTED]>, "Jonathan S. Shapi ro" writes: >I disagree. The problem is even more fundamental than that. The problem >today is the absence of liability for the consequences of bad software. >Once liability goes into place, CC becomes the industry-accepted >standard of diligent p

Re: Optical analog computing?

In message <[EMAIL PROTECTED]>, Greg Rose writes : >At 01:30 AM 10/2/2002 -0400, John S. Denker wrote: >>"R. A. Hettinga" wrote: >>... >> > "the first computer to crack enigma was optical" >>1) Bletchley Park used optical sensors, which were (and >>still are) the best way to read paper tape at hig

Re: What email encryption is actually in use?

In message <[EMAIL PROTECTED]>, John Saylor writes: >Hi > >( 02.10.02 12:50 -0500 ) Jeremey Barrett: >> but it's always better to encrypt than not, even if no additional >> trust is gained. > >While I generally am on board with this, I can see a situation where the >encryption overhead [and comple

Re: unforgeable optical tokens?

In message <[EMAIL PROTECTED]>, [EMAIL PROTECTED] .cmu.edu writes: >Perry E. Metzger wrote: >> An idea from some folks at MIT apparently where a physical token >> consisting of a bunch of spheres embedded in epoxy is used as an >> access device by shining a laser through it. > >I can't dig up the

Re: Quantum computers inch closer?

In message <[EMAIL PROTECTED]>, "John S. Denker" writes: > >So let's not guess about what quantum algorithms exist. >It is possible to construct such algorithms, but it >requires highly specialized skills. > Last time I asked Peter Shor about it, he said that the best known quantum algorithms

Re: Shortcut digital signature verification failure

In message <[EMAIL PROTECTED]>, Adam Back writes: >Doesn't a standard digital signature plus hashcash / client puzzles >achieve this effect? > >The hashcash could be used to make the client to consume more cpu than >the server. The hashcash collision wouldn't particularly have to be >related to t

Re: DOJ proposes US data-rentention law.

In message <[EMAIL PROTECTED]>, "David G. Koontz" writes: >Trei, Peter wrote: >> - start quote - >> >> Cyber Security Plan Contemplates U.S. Data Retention Law >> http://online.securityfocus.com/news/486 >> >> Internet service providers may be forced into wholesale spying >> on their customers

Re: Commercial quantum crypto product - news article

In message <2F1A38DC0413D311A7310090273AD527042023F8@dthrexch01>, "Kossmann, Bi ll" writes: >Anybody familiar with this product? > > >A Swiss company has announced the commercial availability of what it says >are the first IT products which exploit quantum effects rather than >conventional physi

Re: FC: Hollywood wants to plug "analog hole," regulate A-D conve rters

In message <[EMAIL PROTECTED] m>, "Trei, Peter" writes: >Actually, it's unlikely that anyone would embed watermarks in billboard >ads, or in ads in general. Copying an ad is usually a Good Thing from >the advertiser's point of view - more exposure. It's only the program >material which needs prote

Re: Gartner supports HK smart ID card use

Folks on this list might be interested in a National Research Council report on nationwide identity systems: http://books.nap.edu/html/id_questions/ --Steve Bellovin, http://www.research.att.com/~smb Full text of "Firewalls" book now at http://www.wilyhacker.com

Re: Where's the smart money?

In message <[EMAIL PROTECTED] m>, "Trei, Peter" writes: >That's the scenario which is (semi) worrying. As >the tagged bills wear, some fraction of the RFID >transponders will inevitably fail. When this happens, >is the bill declared invalid? Will merchants regularly >check all incoming cash for a

Re: password-cracking by journalists... (long, sorry)

Another point -- the law protects "encryption" research, not "cryptographic" research. Watermarking or DRM systems do not appear to be covered by the statute's definition of "encryption". --Steve Bellovin, http://www.research.att.com/~smb Full text of "Firewalls

Re: password-cracking by journalists...

In message <[EMAIL PROTECTED]>, Sampo Syreeni writes: >On Thu, 17 Jan 2002, Steven M. Bellovin wrote: > >>For one thing, in Hebrew (and, I think, Arabic) vowels are not normally >>written. > >If something, this would lead me to believe there is less redundancy in &

Re: password-cracking by journalists...

In message , "Arnold G. Reinhold" writes: >At 9:15 AM -0500 1/16/02, Steve Bellovin wrote: >>A couple of months ago, a Wall Street Journal reporter bought two >>abandoned al Qaeda computers from a looter in Kabul. Some of the >>files on those machines were enc

Re: (A)RC4 state leakage

In message <[EMAIL PROTECTED]>, Damien Miller writes: >The common wisdom when using (A)RC4 as a PRNG seems to be to discard >the first few bytes of keystream it generates as it may be correlated >to the keying material. > >Does anyone have a reference that describes this in more detail? Or >am I

Re: [DailyRotten] FBI requests worm-built password log

In message , "Jay D. Dyson" w rites: >On Mon, 17 Dec 2001, Will Rodger wrote: > >> > > But the interplay with MagicLantern and PatriotAct issues is >> > > thought-provoking... >> > >> > Actually, this is nothing new. The boys at the Bureau have a long >> > history of requesting data to which they

Re: MS Patent for DRM OS

In message <[EMAIL PROTECTED]>, John Young writes: >Microsoft's patent for a Digital Rights Management >Operating System was awarded yesterday: > > http://cryptome.org/ms-drm-os.htm > My first reaction was to yawn -- that patent seems to be useful on insecure systems, since on a secure system y

Re: What's the state of the art in one-pass integrity/encryption?

In message <[EMAIL PROTECTED]>, Greg Rose writes: >All of the early schemes were broken, as was the NSA's submission to the >AES Modes of Operation workshop. However, three schemes, all similar in >principal, have not only survived, but have proofs of correctness. The >first was Charanjit Jutla

Re: Proving security protocols

Also see the National Research Council report "Trust in Cyberspace" (I served on that committee). The section on formal methods can be found at http://www.nap.edu/readingroom/books/trust/trust-3.htm#Page 95 (yes, there's a blank in the URL...) --Steve Bellovin, http://www.resea

Security Research (Was: Scarfo "keylogger", PGP )

In message <[EMAIL PROTECTED]>, Ben Laurie writes: >"Trei, Peter" wrote: >> Windows XP at least checks for drivers not signed by MS, but >> whose security this promotes is an open question. > >Errr ... surely this promotes MS's bottom line and no-one's security? It >is also a major pain if you hap

Re: Scarfo "keylogger", PGP

In message <9qftr6$23i$[EMAIL PROTECTED]>, David Wagner writes: >It seems the FBI hopes the law will make a distinction between software >that talks directly to the modem and software that doesn't. They note >that PGP falls into the latter category, and thus -- they argue -- they >should be permi

Re: New encryption technology closes WLAN security loopholes

In message <[EMAIL PROTECTED]>, Bill Stewart writes: > >One interesting issue with radio networks is Man-in-the-middle attacks, >because nobody can intercept a request and forward it >faster than you can receive it directly, unless there are >distances that are too far for the two parties to reac

Re: [FYI] Antiques man guilty of Enigma charge

In message <[EMAIL PROTECTED] m>, "Trei, Peter" writes: >> Axel H Horns[SMTP:[EMAIL PROTECTED]] >> >> >> http://news.bbc.co.uk/hi/english/uk/england/newsid_1564000/1564878.stm >> >> -- CUT - >> >> Wednesday, 26 September, 2001, 15:25

Re: [FYI] Did Encryption Empower These Terrorists?

In message , Bill Frantz writes: >At 10:11 AM -0700 9/24/01, [EMAIL PROTECTED] wrote: >>as mentioned in the various previous references ... what is at risk ... >>effectively proportional to the aggregate of the account credit limits ... >>for all accounts t

Re: Op-ed on encryption: Privacy is no longer an argument

In message <[EMAIL PROTECTED]>, Declan McCullagh writes: > > >http://www.wartimeliberty.com/article.pl?sid=01/09/21/0450203 > > Crypto Op-Ed: Privacy No Longer an Argument > posted by admin on Thursday September 20, @11:39PM > > M. W. Guzy has a provocative and not entirely coherent essay >

Re: How to ban crypto?

In message <[EMAIL PROTECTED]>, John Denk er writes: ... >. > >The two most common anti-GAK arguments are: > 1a) It can't be done well. > 1b) If it can't be done well, it shouldn't be done at all. > 1c) Specifically, the risk of wholesale key-compromise is too great. > > 2a) It won't rea

Re: Senate votes to permit warrantless Net-wiretaps, Carnivore use

In message <[EMAIL PROTECTED]>, Declan McCullagh writes: >May be relevant, given the new focus in DC on restricting privacy and crypto.. >. > >Text of the Hatch-Feinstein "Combating Terrorism Act of 2001": >http://www.politechbot.com/docs/cta.091401.html > >Discussion of the CTA: >http://www.fas.

Re: Field slide attacks and how to avoid them.

In message <[EMAIL PROTECTED]>, John Kelsey writes: >-BEGIN PGP SIGNED MESSAGE- > >[ To: Perry's Crypto List ## Date: 09/08/01 07:35 pm ## > Subject: Field slide attacks and how to avoid them. ] > >Guys, > >I've been noticing a lot of ways you can mess up a cryptographic >protocol due to

Re: Criminalizing crypto criticism

In message <[EMAIL PROTECTED]>, Declan McCullagh writes: > >One of those -- and you can thank groups like ACM for this, if my >legislative memory is correct -- explicitly permits encryption >research. You can argue fairly persuasively that it's not broad >enough, and certainly 2600 found in the D

Re: archives?

In message <[EMAIL PROTECTED]>, max curious writes: >Hello, I remember there was a thread regarding cracking the enigma machine and > how >the code breakers did not want to consider the simplest cases and as a result >it >took several years longer to 'crack' it. I think it was an article, but whe

Re: NSA tapping undersea fibers?

In message <[EMAIL PROTECTED]>, Peter Fairbrother wr ites: > >Wholesale consensual tapping of these cables by the NSA could not reasonably >be expected to be kept secret from eg European Parliamentary Investigators, >at least to the extent of a quiet word in someone's ear, if senior staff in >the

Re: Requesting feedback on patched RC4-variant

In message <[EMAIL PROTECTED]>, Greg Rose writes: > >Anyway, as a lover of stream ciphers, I just get upset when people point >out the bit-twiddling attack, without realising that they are implicitly >endorsing using block ciphers without robust integrity protection instead. >If it needs integ

Re: secure hash modes for rijndael

In message <[EMAIL PROTECTED]>, Pete Chown writes: >On the subject of these hash functions... I looked at some benchmark >figures and SHA-256 is not substantially faster than Rijndael-256 with >Davies-Meyer. I wonder why there was so much energy put into the AES >process, and then SHA-256 was g