Since posting, I got a better web page:
http://www.iit.nrc.ca/~patricka/CHI2003/HCISEC/index.html
Adam
On Mon, Nov 11, 2002 at 09:54:51AM -0500, Adam Shostack wrote:
| I think that the intersection of usability and security is of
| tremendous import, and wanted to share an under-advertised sort
I think that the intersection of usability and security is of
tremendous import, and wanted to share an under-advertised sort of
workshop announcement:
http://www.acm.org/sigchi/
The conference home page is
http://www.chi2003.org/
The workshop page is
http://www.iit.nrc.ca/~patricka/CHI_2003/H
t the dissemination of this kind of info.
A full police state can't prevent anything, it can just make some
things less common. For example, samizdat in the USSR still got
copied and passed around. Drug use is a problem in US prisons. Etc.
Adam
--
"It is seldom that liberty of any k
over SSH published a while back -- don't have the reference
handy, probably google could find it).
Another related type of risk is that SSL does not necessarily obsecure
the page requested as the request and/or response may have unique,
predictable and publicly measurable size uni
h the mailers, newsreaders, or OS
changes that are outside developers control.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
email would be encrypted after someone sent me an NDA. The
person cares about confidentiality, but doesn't know how to achieve
it, and doesn't understand why its not in their mailer.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
be interested to hear how often email content is protected by any
form of crypto, including IPsec, Starttls, ssh delivery, or PGP or
SMIME. There's probably an interesting paper in going out and looking
at this.
Adam
--
"It is seldom that libe
rs might be in the way of a hijacking attempt. Air
marshalls or otherwise.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
he Brands reference also -- it seems like an obvious
construction for a limited hashing based form of selective disclosure.
Adam
--
[1] Niels Ferguson, "Single Term Off-Line Coins", eurocrypt 93.
[2] Stefan Brands, "Rethinking Public Key Infrastructures and Digital
Certificates; B
e apocalypse. I guess the horseman of
| terror has become the meta-horseman.
I stand by Hume. Such losses are indeed seldom. Little insidious
losses are far more common.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
e/distribute the key, and then you put goons with AKs around the
| boxes and pray that no one fucked with the microprocessor ... this may
| mean buying the components at random.
Look at NCipher, and host in the Bunker.
Adam
--
"It is seldom that libe
ing went a long way.
PS:
http://www.apfa.org/public/articles/News-Events/STUPID_RULES.HTML
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
On Fri, Oct 25, 2002 at 02:37:32AM +0100, Adam Back wrote:
| Seems to me this would pass current IP laws because it is like a radio
| station which broadcast the name of a song and the user is expected to
| insert the CD in his player and play along to keep up with the
| commentary, only
the user is expected to
insert the CD in his player and play along to keep up with the
commentary, only automated and with open APIs for the "load and play
this CD track" instructions so people can hook it up to whatever is
convenient to them.
Adam
tch software security given software complexity
issues.
Adam
--
http://www.cypherspace.net/
user present test in the
same way that the TOR and SCP functions can be configured by the user
(but not by hostile software).
For example why not a local user present function to lie about TOR
hash to allow debugging (for example).
> Adam Back wrote:
> >- isn't it quite w
ion is the
assumption that the user won't make simple hardware modifications.
Adam
Original Message
Subject: LCS/CIS Talk, OCT 18, TOMORROW
Date: Thu, 17 Oct 2002 12:49:01 -0400
From: Be Blackburn <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Ope
ck less likely to work.
(If authentication is centralized, searching backwards may not be a
security risk.)
I think the most interesting part of this is the unit looks cool, and
its spun slightly differently than other tokens have been.
Adam
--
"It is seldom that liberty of a
is
worth 10-70 pounds per year..For that price you can get securid cards,
which aren't nearly as pretty, but that's nothing Ideo couldn't fix in
a week.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
teforce to recover messages.
The NSA's backdoor public key is at the URL below.
http://www.cypherspace.org/~adam/hacks/lotus-nsa-key.html
(The public key had an Organization name of "MiniTruth", and a Common
Name of "Big Brother" -- both Orwell "1984"
Has anyone done any research into how much better new cryptosystems
with proofs of security do, as opposed to their unproven cousins? It
seems that having a proof of security doesn't actually improve the
odds that a system will survive attacks. But thats my intuition, not
a proven fact. ;)
Has
> Prosecutors also argued that one of the suspects, Shafal Mosed, was
> suspicious because he had 11 credit cards in different names and two
> social security cards in different names in his wallet when
> arrested.
>
> His attorney, Patrick Brown, said Mosed merely had his own social
> security ca
regular correspondants are authenticated, while anyone
else is opportunisticly encrypted.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
On Wed, Oct 02, 2002 at 09:12:47PM +0100, Ben Laurie wrote:
| Adam Shostack wrote:
| >On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote:
| >| Lucky Green wrote:
| >| >I also agree that current MTAs' implementations of STARTTLS are only a
| >| >first step. At lea
D and XRCD. I'd never dug into how
they're recorded, being much more interested in playing with things
closer to the output stage, like speaker resonance control and
electrical hum elimination...
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
ent
economy becomes unsolvent, the economic devastation would be unparalleled!
The damage to the american economy at large would be horrific. Clearly,
only a terrorist would want to possess unlicensed eyes.
-adam
so the information is useless."
| >
| > As a resident of Ontario, Canada, I'm quite surprised to learn that
| > Ontario has been annexed by the United States.
| >
|
|
| ACTUALLY, not to split hairs or anything, but Ontario's also a city in
| Southern California. (Eas
(Mike Freedman,
Joan Feigenbaum, Tomas Sander and I did a paper which touches on the
power imbalance between the companies that offer DRM technology and
their customers...same analysis applies
here... http://www.homeport.org/~adam/privacyeng-wspdrm01.pdf )
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
n that
| Ontario has been annexed by the United States.
Randomized geography. :)
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
m? A few million dollars. If the cost on the
50th patent was a million bucks, then perhaps they'd abuse the system
less. I don't think Edison ever got 50 patents in a year, and lord
knows he was more inventive than all of IBM. :)
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
n, but this is highly inefficient).
(Anonymous can continue on cypherpunks if Perry chooses to censor his
further comments.)
Adam
--
http://www.cypherspace.net/
> Some efforts focus on reducing the volume of anonymous mail, which
> now constitutes about 17 percent of the daily flow of some 680
> million items.
> For example, the Postal Service plans eventually to change most
> stamps from uniform bits of sticky paper to personalized, encrypted
> records
Anyone played with it?
Adam
- Forwarded message from Dave Aitel <[EMAIL PROTECTED]> -
Subject: Unmask 1.0 Release Party at My House!
From: Dave Aitel <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Mailer: Ximian Evolution 1.0.8
Date: 09 Sep 2002 12:23:57 -0400
X-Spam-Stat
http://news.bbc.co.uk/2/hi/uk_news/education/2229196.stm
> Thousands of teachers will not be able to take classes at the start
> of the new term because character checks on them will not have been
> completed, the government has admitted.
[...]
> Leicestershire was one of the first areas of the c
On Sat, Aug 31, 2002 at 12:12:16AM -0700, Meyer Wolfsheim wrote:
| On Fri, 30 Aug 2002, Adam Shostack wrote:
|
| > I'd like to suggest that while this may be fun, usability and getting
| > millions of users to see that remailers are useful to them is a more
| > useful goal
apear people as part of their attacks against the
remailers.
Oh, yeah, and incidentally, if you build this system, the attacker can
simply add a bit of rubber hosing to their remop elimination program.
Adam
On Fri, Aug 30, 2002 at 06:14:32PM -0700, Meyer Wolfsheim wrote:
| Operating an anonymity servi
On Sun, Aug 18, 2002 at 04:58:56PM +0100, Adam Back wrote:
> [...] "Also relevant is An Efficient System for Non-transferable
> Anonymous Credentials with Optional Anonymity Revocation", Jan
> Camenisch and Anna Lysyanskaya, Eurocrypt 01
>
> http://eprint.iacr
hat I've seen mix3 (pgptest app) is the closest to providing a
command line. There was also Tom Zerucha's reference openPGP code,
which is command line but it's alpha level code I think and no longer
maintained.
Adam
On Tue, Aug 20, 2002 at 09:28:47PM -0500, Anonymous wrote:
>
ould do this. May be
1-5% or whatever. I think it makes sense to just live with this, and
of course not make it illegal. Credentials which are shared are
easier to revoke -- knowledge of the private keys typically will
render most schemes linkable and revocable. This leaves only online
lending
ore engineering work to fix?
As Eric used to say, all security is economics.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
blic can't distinguish between
well implemented and poorly implemented crypto; the snake oil faq has
helped a lot, but now you need to distinguiish between well and poorly
coded AES. Is there a business case for doing so, or should you just
ship crap?
AdamS
On Fri, Aug 16, 2002 at 02:23:0
evelopers.
Microsoft is really good at this one. The number of times they
re-used RC4 keys in different protocols is amazing!
Other explanations? Statistics? Sample-of-one stories?
Adam
--
yes, still employed in sofware security industry; and in addition have
been doing crypto consulting since
spec).
Adam
--
http://www.cypherspace.org/adam/
vate key, but rather that the issued certificate is encrypted with
the endorsement public key and so could only be decrypted by the TPM
which contains the corresponding private endorsement key. (I suppose
the motivation might have been that then the privacy CA couldn't prove
to third parties th
motivation might have been that then the privacy CA couldn't prove
to third parties that your endorsement key and identity key are bound
together.)
Adam
--
http://www.cypherspace.org/adam/
On Wed, Aug 14, 2002 at 03:10:44PM -0700, Joseph Ashwood wrote:
> - Original Message -
>
ful for DRM,
eg. limited deployment, other;
- would the user-positive aspects of remote-attestation still be
largely available with only limited-deployment -- eg could interesting
peer-to-peer and privacy systems be built with a mixture of
remote-attestation able and non-remote-attestation ab
ing
of the associated patent "DRM-OS".
Adam
- Forwarded message from "R. A. Hettinga" <[EMAIL PROTECTED]> -
Date: Wed, 14 Aug 2002 08:13:48 -0400
To: Digital Bearer Settlement List <[EMAIL PROTECTED]>
From: "R. A. Hettinga" <[EMAIL PROTECTED]&
d Agent APIs flexible,
so we'll see how that works out.
Adam
--
http://www.cypherspace.org/adam/
On Mon, Aug 12, 2002 at 04:32:05PM -0400, Tim Dierks wrote:
> At 09:07 PM 8/12/2002 +0100, Adam Back wrote:
> >At some level there has to be a trade-off between what you put in
> >tru
ties to do with code
complexity being inversely proportional to auditability and security,
but the extra ring -1, remote attestation, sealing and integrity
metrics really do offer some security advantages over the current
situation.
Adam
On Mon, Aug 12, 2002 at 03:28:15PM -0400, Tim Dierks wrote:
feasibility in the case of Palladium; in the
case of TCPA your conclusions are right I think).
On Mon, Aug 12, 2002 at 10:55:19AM -0700, AARG!Anonymous wrote:
> Adam Back writes:
> > +---++
> > | trusted-agent | user mode |
> > |space | app spac
x27;s integrity measured by the TOR. Of course given
the rate of OS exploits especially in Microsoft products, it seems
likley that the aspect of the OS that checks integrity of loaded
applications could itself be tampered with using a remote exploit.
Probably the latter problem is the reason Micr
Of course, the paranoid amonsgt us now believe that Mr. Back wrote the
code, and is engaging in a little misdirection below.
"Thanks for making the analysis easy!"
;)
On Fri, Aug 09, 2002 at 08:11:15PM +0100, Adam Back wrote:
| Very nice.
|
| Nice plausible set of candidate au
part of the system tools to obscure his own
identity in attacking the system. DoSers of Kazaa or gnutella would
likely be more easily identified which is some deterrence.
I also agree that the TCPA/Palladium attested closed world computing
model could likely more simply address some of these
to audit
d. Demand the ability to audit information out-flows, where there are
unauditable in-flows or sensitive user data processed by the
application; similarly demand that this is implemented in a way which
allows code under user control to audit
e. Demand cryptographically assured anonymity p
some of these people would know it died. I think
that points more at Colin.
Other potential avenue might be implementation mistake leading to
failure of the scheme to robustly make undecidable which of the set is
the true author, given alpha code.
Adam
On Fri, Aug 09, 2002 at 03:52:56AM
e interesting to try estimate the entropy provided by the
current mixmaster network. A number of nodes publish their parameter
choices, and traffic volume over time (in hourly increments).
Adam
--
http://www.cypherspace.org/adam/
[1]
@inproceedings{Serjantov:02:info-theoretic-anon,
author = "An
affic inflation -- servers can _act_ as
multiple clients and simply generate the claimed traffic themselves,
or contract other parties to do this for them.)
Adam
[1]
@article{Naor:98:secure-and-efficient-metering
author = "Moni Naor and Benny Pinkas",
title = "Secure an
izable hashcash addresses this problem.
There is also some discussion of it here:
http://archives.neohapsis.com/archives/crypto/2000-q1/0440.html
Adam
On Wed, Jul 31, 2002 at 04:25:30PM +0200, Eugen Leitl wrote:
> It should use scarce resources (e.g. crunch) to generate a trust
> c
bsson, RSA Laboratories, USA
Brian Levine, University of Massachusetts at Amherst, USA
David Martin, University of Massachusetts at Lowell, USA
Andreas Pfitzmann, Dresden University of Technology, Germany
Matthias Schunter, IBM Zurich Research Lab, Switzerland
Andrei Serjantov, University of Cambridge, En
t spending comes
from increased future debt?
Adam
in fees, plus all the setup work. If I can buy a
slightly used Ncipher box whose public key bits are in the browsers
for a 10th to a 5th of that, the extra copies of the bits aren't all
that worrisome to me.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
expat tax rates. Cf. the IRS site, tax regs, etc. for
| details.
It seems that it may be similar to that for Green Card holders as
well:
http://www.techvisas.com/taxation.htm
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
ation as perhaps it would then become
easier for an insider (a theatre projectionist for example) to convert
the content into MPEG4/DIVX format and retain good quality.
Adam
On Mon, Jul 08, 2002 at 12:45:31PM -0700, Tim May wrote:
> There's a flaw in this argument:
>
> [...]
>
&
e society individuals would be able to employ the
services of security firms protection services to defend themselves
from the media cartels thugs, as the media cartels would not have the
benefit of a force monopoly they have the lobbying power to bribe to
obtain enforcement subsidies).
Adam
and distribution comapnies surive which new business
models emerge, and then we can avoid the Orwellian power-grab which
will have many freedom destroying and negative societal costs.
Adam
--
http://www.cypherspace.org/adam/
Just curious, but what was the rationale under which private posession
of gold was made illegal in the US? It boggles the mind...
Adam
On Tue, Jul 02, 2002 at 08:46:46PM +0300, Marcel Popescu wrote:
> Now, I love hyperbole as much as the next guy, but you have no idea what a
> Chines
powerful
adversary).
Also I note an slip in my earlier post [of Bear's post]:
| First post on this long thread that got it right.
Ross Anderson's comments were also right on the money (as always).
Adam
On Wed, Jun 26, 2002 at 09:51:58AM -0400, Donald Eastlake 3rd wrote:
| "Privacy", according to the usual definitions, involve controlling the
| spread of information by persons autorized to have it. Contrast with
| secrecy which primarily has to do with stopping the spread of
| information through
the users of file-sharing for
unauthorised re-distribution to also _use_ the software anonymsouly.
Really I think copyright protections as being exploited by media
cartels need to be substantially modified to reduce or remove the
existing protections rather than further restrictions and powers
awareded to the media cartels.
Adam
ne's transaction costs pushed up that high.
I can get very high quality baseline software today. What I need for
my cypherpunk wet dreams is ecash, and a nice anonymizing network.
What I also need is that the general purpose computing environment
stay free of control points, in Lessig sense.
Adam
For all our lurkers, agents provocateur, prosecutors and fellow
travellers looking to take in a few extra bucks.
Those outside said category should perhaps worry that the government
agency charged with infosec has to contract out like this...
Adam
- Forwarded message from Jennifer Drury
ubscribe cypherpunks-moderated" to
[EMAIL PROTECTED]
it's archived here:
http://www.mail-archive.com/cypherpunks-moderated@minder.net/
Adam
m. For example gold with sudden shortage of gold
supply, or similar.
Adam
On Thu, Jun 06, 2002 at 05:31:28PM +0300, Marcel Popescu wrote:
> From: "Adam Back" <[EMAIL PROTECTED]>
>
> > So this would be the argument for a closed supply of money in the
> > system,
crypt. I don't really want to have to enter a password each time I
look at my schedule and todo lists.
Someone suggested YAPS
(http://www.palmblvd.com/software/pc/Yaps-2000-11-7-palm-pc.html) are
there others I should look at?
Adam
--
--
"It is seldom that liberty of any
;t need to upgrade my software to deal with them. Looking at
PGP as a protocol gives you a different perspective. (I also see
.doc, .xls and .ppt as protocols, and bad ones)
Adam
On Fri, May 24, 2002 at 01:44:53AM -0700, Lucky Green wrote:
| You may be asking yourself: where, oh where, has all
extension is deployed. I view
the chances of such an extension getting deployed as close to nil.
The S/MIME MUA / PKI library / CA cartel has a financial incentive to
not deploy it -- as they view it as competition to the CAs business.
Adam
On Thu, May 23, 2002 at 03:05:49PM -0400, Adam Shostack wrote:
> So what if we create the Cypherpunks Root CA, which (either) signs
> what you submit to it via a web page, or publish the secret key?
This won't achieve the desired effect because it will just destroy the
S/MIME trust me
On Thu, May 23, 2002 at 07:10:01PM +0100, Adam Back wrote:
| Certificate authorities also can forge certificates and issue
| certificates in fake names if asked by government agencies. S/MIME is
| too much under central control by design to be a sensible choice for
| general individual use.
So
ou wish to interact with and so not need to trust some
untrustworthy and generally incompetent organisation. (Verisign for
example issued someone a microsoft code signing cert).
Adam
On Thu, May 23, 2002 at 09:46:34AM -0700, Curt Smith wrote:
> Although I also hope for widespread e-mail encry
On Thu, May 23, 2002 at 12:24:00AM -0700, Lucky Green wrote:
| Adam wrote:
| > Which is too bad. If NAI-PGP went away completely, then
| > compatability problems would be reduced. I also expect that
| > the German goverment group currently funding GPG would be
| > more willin
I-PGP went away completely, then compatability
problems would be reduced. I also expect that the German goverment
group currently funding GPG would be more willing to fund UI work for
windows.
Adam
--
"It is seldom that liberty of any kind is l
;ve done 3 of them so far, the other parties solicitors don't like
it, but then they don't have to.
Adam
and they keep the interest on your money while it's
moving.
Adam
On Tue, May 14, 2002 at 01:56:05PM -0400, Duncan Frissell wrote:
> On Tue, 14 May 2002, Richard Fiero wrote:
>
> > As the article points out, $1 million fits in a briefcase
> > nicely but the Euro's largest
sh. I want ecash for
privacy; why do the merchant and bank want it?
That financial instruments are an N>2 party problem, unlike, say fax
machines or email, make it that much harder.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
of records
possible, and the failure of the government to protect those
identifiers. Thats exactly the same underlying enabling technology
that's led to identity theft.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
e multiparty
| distributed computation paper that nobody except other researchers will ever
| read.
|
| (Did I miss offending anyone? :-).
The voting folks? ;)
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
thousand pounds sterling on the maximum
> 'purse' value; the e-money must be redeemable within five days and
> the currency must be usable for at least one year."
What does the redeemable within five days mean -- that this is the
maximum processing time for in-transfers or for out-transfers?
Adam
--
http://www.cypherspace.org/adam/
On Mon, Apr 29, 2002 at 11:58:46AM +1200, Peter Gutmann wrote:
> Adam Back <[EMAIL PROTECTED]> writes:
> >| [RFC3211 mode]
> >
> > are you sure it's not vulnerable to splicing attacks (swapping
> > ciphertext blocks around to get a partial plaintext c
y-brake,
and typically worse being sucked into the deals and favors for trade
lobbying and bribing-fest.
Adam
On Sun, Apr 28, 2002 at 04:32:09PM +0200, Jan Dobrucki wrote:
> Greetings,
> I've been reading the list for a while now, and what I find annoying
> is that there are mostly
al-purpose solution which works
> with any block cipher. It's a solved problem, and has been so for
> about a decade).
What is Colin's design and where is it described?
Adam
text choices to create
values equal to the suspected differences between plaintext and
predicatable IVs.
How do you salt the random number generator? Is it resistant to the
above type of attack do you think?
Adam
On Sat, Apr 27, 2002 at 11:19:04AM +1000, Julian Assange wrote:
> > You cou
Joseph Ashwood wrote:
> Adam Back Wrote:
> > > This becomes completely redoable (or if you're willing to sacrifice
> > > a small portion of each block you can even explicitly stor ethe IV.
> >
> > That's typically not practical, not possible, or anywa
better
than eg AES with double CBC, and it means you can use ECB mode per
block and key derived with a key-derivation function salted by the
block-number (the cipher includes such a concept directly in it's
key-schedule), or CBC mode with an IV derived from the block number
and only one block, so you don't get the low-tide mark of edits you
get with CBC.
But Mercy as a set of design criteria is very interesting for this
application.
Adam
--
http://www.cypherspace.org/adam/
ther than trying pretty much
ineffectivley and hopelessly to stop people trading virtual platinum.
Adam
On Thu, Apr 11, 2002 at 10:29:39AM -0700, Tim May wrote:
> On Thursday, April 11, 2002, at 06:37 AM, Adam Back wrote:
> > - deployment / chicken and egg problem (merchants want lots of users
> > before they're interested users want wide merchant acceptance before
> > t
On Thu, Apr 11, 2002 at 02:37:50PM +0100, Adam Back wrote:
| - deployment / chicken and egg problem (merchants want lots of users
| before they're interested users want wide merchant acceptance before
| their interested)
I think its worse than that. The normal technology adoption curve is
sh
beta-bucks like scheme for real money paying with paypal with bidding
on ebay as for the everquest internal currency.
That might be an interesting experiment. Or better yet for everquest
or other popular VR gaming thing to replace their currency by digicash
currency server, privacy for VR characters and their real-life
players.
Adam
--
http://www.cypherspace.org/adam/
key for that purpose. So that would be at least Okahmoto et
al, I think Ferguson's off-line-variant of Chaum's plus of course
Brands'.
Adam
--
http://www.cypherspace.org/adam/
On Wed, Apr 10, 2002 at 06:41:52PM -0700, Mike Rosing wrote:
> On Wed, 10 Apr 2002, Adam Back wrote:
> > btw I did a google search for PKILAB and Brands to see if I could find
> > anything along the lines you mention and look what it said:
> >
> > Mar 2001 "
hat they, or
someone with the technical background necessary can not examine. A
smart card is such a closed system. The framework allows the use of
smartcards to resist fraud while not making it necessary to for the
users to trust the smart-card with their privacy. Privacy is
controlled by the mo
101 - 200 of 218 matches
Mail list logo