No Subject
It was said: -- begin quote -- Now that the PGP key management "bug" is public, I'd like to comment on some source code issues and follies. -- end quote -- The quotes around "bug" are quite appropriate. After reviewing Senderek's paper, I can only conclude that the addition of non-hashed subpackets was a design decision intended to facilitate exactly this type of attack. The capability of contaminating existing keys with unhashed ADKs is particularly disgusting, given that this, too, must have been a criterion of the design decision. Now that the "bug" has been outed, some points come to mind: Will some enterprising cypherpunk create a tool that can simply and easily disclose the presence of an unhashed ADK in a public key? Can the popular keyservers' keyrings be downloaded in toto? Given the above, it should be possible to download the major keyrings and scan them for compromised keys. A list of such keys could (and should) be published. The keys' owners could (and should) be notified. It would also be possible, I think, to clean such keys of unhashed ADKs and resubmit them, although I'm not sure about the propriety of this (since there could be some key owners that approve of, or at least do not object to, the unhashed ADK's presence). It also seems that the keyservers themselves, given they already posess the input data, would benefit from taking the above actions themselves. It would earn them good karma in the crypto community. And not taking any action is sure to earn them bad karma, especially if a simple detection and reporting tool is created and made available (open source, of course). Now... where'd I put that GPG source?
Re: deriving yarrow test vectors
X-Loop: openpgp.net From: "Tim May" <[EMAIL PROTECTED]> > >Speaking of which - does anybody have any hints on how to determine the > >entropy of an input string? [Needed in Yarrow, and so far I don't know how > >to do it - my implementation multiplies the length of the input string (in > >bits) with a constant, which is way too "crude".] > > Easy method: run the string through a standard compression algorithm, > e.g., Lempel-Ziv. To the extent it compresses, it's not random, > i.e., it has less entropy per bit than a random string would have. I've read about that; however, I'm talking about very short strings here - like 128 bits. > In other words, one cannot say that there is not some _compression_ > (shorter description) of a string of bits. Yep. Got that. > Despite this, a rough measure of the _apparent_ entropy is to run the > string, or image, or whatever, through a compressor. Ahem. I think I'll go with a combination here - I'll try to find a compressor suitable for small bit strings, let the source also indicate the maximum entropy, and maybe multiply the minimum of those two with a constant. At least I don't make the "1 bit of source = 1 bit of entropy" mistake... Mark
Re: Why Cops and Cypherpunk Meetings Don't Go Together
X-Loop: openpgp.net From: "Tim May" <[EMAIL PROTECTED]> > Had the Second Amendment not been as explicit as it was, guns in the > U.S. would have been heavily regulated and/or confiscated a long, > long time ago. The Second is far from perfect, but history shows that > the Second was a useful deterrent against regulation and/or > confiscation. You mean confiscation would have been *attempted* a long time ago. I still hope *some* americans will react violently to that... > Your point that there should be no "Bill of Rights," as it is not > needed, is valid up to a point, but naive. The point of the BOR was > to make it clear, just so there would be no debate in the future, > about what some of the rights are. And this is exactly the problem - the (tenth? whatever) ammendment notwithstanding, the enumeration of those rights was interpreted *exactly* to mean that other rights don't exist, or are reserved for the state / fedgov / national guard / whatever. "Anything not mentioned here is forbidden to the gov't" would have been more clear, IMO. > (BTW, you may be one of those Xtians who argues that "rights" emanate > from God or Baal or Shiva or whomever, God. > and that there is no need to > spell out rights explicitly in a human document. Bullshit. There's no connection between the first and the second statement. The second is a fallacy on its own :) There's no *need* for anything (all needs are contingent), and the number of "rights" is practically infinite. My point is specifically proven by the second ammendment, which was twisted and turned even by its alleged defenders (NRA), to mean everything from "assault weapons aren't covered" to "saturday night special aren't covered" to whatever. My point was: if the constitution doesn't say "the government has the right to own and use nukes", then the gov't doesn't have that right, period. [Yeah, I know I'm dreaming, but we're talking fiction here, it's not like what I say will make Clinton change his ways...] > Well, unless you > know how to channel Baal or the Big Bunny or whomever runs the > cosmos, humans cannot rely on some claim that rights don't have to be > made explicit because Yag Sotteth gives them to us! Rights don't have to be made explicit because that's impossible. "You have the right to pick your nose, to wash your feet with 90% alcohol, to bake your own cakes...". If you want to write all the rights down, be my guest. > There are many > well-meaning folks who claim that a "right to decent housing and > adequate medical care" is a God-given right. Never let the Jesus > freaks define what rights are.) I don't remember that in the Bible. I only remember "thou shalt not kill", "thou shalt not worship other gods", and so on. [Taking care of the poor is an *obligation* for the Christian churches, not a right.] [I'm getting tired of fighting American idiocy... even Romanian schools are better than this. We at least knew that anything "they" said was to be reversed. They said "capitalism is bad" - that was a sure sign that it's good. They said "Christianity is evil" - well, I fell for that until I was 23 or something...] Mark
Re: CDR: source code does nothing for crypto
Anonymous wrote: > > Now that the PGP key management "bug" is public, I'd like to comment > on some source code issues and follies. > > The source for versions in question (starting from 5.*) has been available > for more than two years. > > While many crypto experts intensely bullshit about the importance > of the source code to counter "security through obscurity", it appears > than none really looked at the sources closely. A-Yup. But those who hid, overlooked it. One thing that I have found weird about PGP 6.x is that it insists on installing itself as both a network driver and as one of those windows cute toys that lives in the system tray. The big problem with this is that I store my ring on an encrypted disk which isn't mounted when NT starts up anyway, so it fails to start up. I suppose if I wanted to bother, I could buy a Windblows compiler and "fix" this. While the VPN functionality of PGPNet might be useful, I find it a bit cumbersome. This might be why it was thrown in. Perhaps so as to force you to install it on a normal drive, so your keyring might be accessible. So for me, the net result is that I don't use the VPN features. The usual warnings about trusiting binaries apply of course. How does anyone know that the binary called PGP 6.5 Freeware or 6.5i doesn't contain backdoors or key generation flaws? But we've discussed that to death already. -- --Kaos-Keraunos-Kybernetos--- + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\ \|/ :aren't security. A |share them, you don't hang them on your/\|/\ <--*-->:camera won't stop a |monitor, or under your keyboard, you \/|\/ /|\ :masked killer, but |don't email them, or put them on a web \|/ + v + :will violate privacy|site, and you must change them very often. [EMAIL PROTECTED] http://www.sunder.net
pgp bug forest for the trees?
At 02:00 AM 8/25/00 -0400, Anonymous wrote: >While many crypto experts intensely bullshit about the importance >of the source code to counter "security through obscurity", it appears >than none really looked at the sources closely. A lot of metallurgists inspected a lot of beams and bolts but the overall architecture was not reviewed for weaknesses when new features were added? Anything to learn? 1. They were right about the dangers of key escrow 2. Adding features to security products can be dangerous 3. Security reviews are really really hard and have to be repeated when new features are added. Marketing: Building insecure systems from secure components.. -Feinkost Paranoia
Re: deriving yarrow test vectors
At 06:26 PM 8/24/00 -0400, Tim May wrote: >At 3:08 PM -0400 8/24/00, Marcel Popescu wrote: >> >>Speaking of which - does anybody have any hints on how to determine the >>entropy of an input string? [Needed in Yarrow, and so far I don't know how >>to do it - my implementation multiplies the length of the input string (in >>bits) with a constant, which is way too "crude".] > > >Easy method: run the string through a standard compression algorithm, >e.g., Lempel-Ziv. To the extent it compresses, it's not random, >i.e., it has less entropy per bit than a random string would have. You could also use Shannon's formula directly to compute informational quantity. This might work better for short strings. More appropriate for testing RNG outputs: Ueli Maurer has a compression-like algorithm which is sensitive to the order of symbols, not just their frequency, but it needs too much data. The Diehard suite of tests requires even more, and is the most thorough. > > >There is no general method for determining the entropy of a string. >To see this, imagine some apparently random string of apparently >great entropy. A program might much on this N bit string and report >that there are "0.99N" bits of entropy. Then a person comes along and >says "No, that apparently random string is actually just the sequence >of digits on page 42 of the RAND Corporation's "A Million Random >Digits" book." > >In other words, one cannot say that there is not some _compression_ >(shorter description) of a string of bits. > >Despite this, a rough measure of the _apparent_ entropy is to run the >string, or image, or whatever, through a compressor. > > >--Tim May > >-- >-:-:-:-:-:-:-: >Timothy C. May | Crypto Anarchy: encryption, digital money, >ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero >W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, >"Cyphernomicon" | black markets, collapse of governments. > > >
FBI admits cellphone gps not for 911
TMI phones also had to be equipped with geo-positioning technology so the FBI could pinpoint a suspect's location when he made a call. This was crucial, as Deputy Attorney General Eric Holder wrote in a June 14, 1999, letter to FCC Chairman William Kennard. "Finding out that a drug deal, murder or bombing is about to occur, without having any indication of the location of the criminal is only marginally useful," he wrote. Unless TMI addressed the shortcomings, Mr. Holder wrote, its phones would become "a communication tool of choice among drug dealers, organized crime and terrorist groups." http://cryptome.org/carnivore-mega.htm So much for the "its for 911" sham..
Re: deriving yarrow test vectors
On Thu, Aug 24, 2000 at 09:53:05PM -0400, Adam Back wrote: > > > Tim writes: > > At 3:08 PM -0400 8/24/00, Marcel Popescu wrote: > > > > > >Speaking of which - does anybody have any hints on how to determine the > > >entropy of an input string? > > > [...] > > Traditionally CPRNGs pass this problem on the implementor. Ie the > person collecting the keystrokes, mouse movements and so on. > > There is for example code in PGP which looks at inter key press > timings, and constructs 1st and 2nd order differentials to try to > avoid stuck keys, people pressing the same key repeatedly etc. There's also the code in the linux /dev/random implementation, which keeps a running estimate of the entropy that's beeing added to the random pool, a byte at a time. -- Eric Murray http://www.lne.com/ericm ericm at lne.com PGP keyid:E03F65E5 Consulting Security Architect
Re: deriving yarrow test vectors
X-Loop: openpgp.net From: "David Honig" <[EMAIL PROTECTED]> > You could also use Shannon's formula directly to compute informational > quantity. This might work better for short strings. Can you give me more info on that one? > More appropriate for testing RNG outputs: Ueli Maurer has a > compression-like algorithm which is sensitive to the order of symbols, not > just their frequency, but it needs too much data. The Diehard suite of > tests requires even more, and is the most thorough. Yeah, I'm using Diehard to test the output. Mark
Re: Why Cops and Cypherpunk Meetings Don't Go Together
On Thu, 24 Aug 2000, Tim May wrote: > At 6:26 PM -0400 8/24/00, Matt Elliott wrote: > > >Never let the Jesus freaks define what rights are. > > > >Why? Is there something inherent in believing in Christ Jesus, that makes > >one incapable of rational thought on the issue of rights? > > I never said they can't contribute to the debate, or, more > importantly, accept the Constitution. My comment was in the context > of whether we even _need_ a BOR, given the fact (according to Xtians) > that rights come from God. > > Though the founding documents make nebulous references to some God or > Supreme Fascist or Whatever, none of the particulars of the C or BOR > come from any religious scripture. > I believe the phrase was "nature and nature's god". These are very specific phrases that invoke the whole system of "natural law" that was popular with the Deists (of which Jefferson and Franklin were members). If memory serves (and sometimes, frankly, it doesn't). jim
Xtians vs. XORtians
At 9:12 AM -0400 8/25/00, Marcel Popescu wrote: > > > There are many > > well-meaning folks who claim that a "right to decent housing and > > adequate medical care" is a God-given right. Never let the Jesus >> freaks define what rights are.) > >I don't remember that in the Bible. I only remember "thou shalt not kill", >"thou shalt not worship other gods", and so on. [Taking care of the poor is >an *obligation* for the Christian churches, not a right.] A very good reason to keep the Jesus freaks out of the business of defining rights. Left up to them, "worshipping other gods" would indeed be a crime. (It almost was, in the U.S.) > >[I'm getting tired of fighting American idiocy... even Romanian schools are >better than this. We at least knew that anything "they" said was to be >reversed. They said "capitalism is bad" - that was a sure sign that it's >good. They said "Christianity is evil" - well, I fell for that until I was >23 or something...] You still haven't learned to think critically, then. You admit that your earlier thinking was reactive: "If they said capitalism was bad, then it must be good." "If they said Christianity was a crock, then it must instead be the true path." Too bad you were not exposed to more critical thinking earlier in your life. If you discovered Christianity at age 23, as a reaction against Communist doctrine, it's probably too late for you in general. From an information theory sort of point of view, saying that you believe the opposite of whatever the authorities tell you is not any more interesting than believing what they tell you. Instead of calling you a Xtian, perhaps I should call you an XORtian. --Tim May -- -:-:-:-:-:-:-: Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
Re: family of russion sub victims drugged
X-Loop: openpgp.net From: "Tim May" <[EMAIL PROTECTED]> > (P.S., the Russkies have been drugging their political dissenters for > many decades. "Psychiatric prisons" were and are common over there. I was going to point that out. My first wife had a cousin who was caught trying to (illegally, of course) cross the border. After being released, he had to be spoon-fed (he didn't survive much). Sometimes, she hated the communists more than I did. [Note: that happened in Romania; I suspect all the communist countries - all dictatorships, actually - implemented this on a large scale.] > I keep telling this to the liberal simp-wimps who moan about > how "Reagan emptied out the mental hospitals" in California. I ask > them if they are advocating forcible treatment of folks who may be > slightly crazy but who have not been given due process in a court of > law and given defined sentences. Which is why I despise anybody even remotely related to psychology (not to mention doctors in general). But I digress (as usual, some might say ). Mark
Re: Xtians vs. XORtians
X-Loop: openpgp.net From: "Tim May" <[EMAIL PROTECTED]> > Instead of calling you a Xtian, perhaps I should call you an XORtian. You can call me anything you like, Tim. I am tired of explaining you that words aren't things / actions, together with many other points too subtle for a super-human like you. [I became a Christian because I wanted to, just like I became a libertarian because I wanted to, or an anarchist, or a capitalist, or a programmer. Duh...] Mark
tempest and caves
http://www.users.skynet.be/avalon/avalonuk/technical/radio1.htm Describes radios that can go through 500 m of rock. (This is not easy with conventional RF; they use an 87 Khz carrier.) Of passing interest for TEMPEST afficionados, it indicates how far certain whispers carry.
Re: CDR: Re: Re: family of russion sub victims drugged
On Fri, 25 Aug 2000, Phaedrus wrote: > This happens, for certain... I'm not sure if mindfreedom picked it up (I > usually only catch it once or twice a month or so, but it's on my > regularly read list) but within the last few days a woman in Missouri was > being gack! I knew there was something I missed.. ...being 'treated' with electroshock therapy against her wishes and the wishes of her son. She had originally voluntarily checked herself into the hospital because she was depressed. The 'treatments' stopped only after people innundated the hospital with letters about it (her son apparently talked to the media) Ph.
Anonymous
> To: Multiple recipients of list <[EMAIL PROTECTED]> > Subject: CDR: Re: Black Hoes screw Disney, trample free speech > From: Anonymous <[EMAIL PROTECTED]> > Date: Thu, 24 Aug 2000 17:48:49 -0400 > Reply-To: [EMAIL PROTECTED] > Sender: [EMAIL PROTECTED] > >Just because someone has the right to do something doesn't mean they should. > Unless they, for reasons not requiring explanation or justification, choose to. >Mike, whether or not I believe that you are one, I can call you an asshole. >But why would I do that? It would just make for bitter and angry conversation. > Generally an insult is used because : A) it is felt that it is an accurate and informative piece of information or, B) it is richly deserved or, C) it is a weak last resort when no topical material can be located in the synaptic morass >Sure, it feels to sometimes anonymously swear at people. > >But when I'm feeling full of vitriol, I'd rather do a Day of the Jackal and go shoot >a few melons than swear >on this list. > >(yes, that was a tip of the hat to A.Melon) > A waste of time and not even fun. >Likewise, continually telling people that they should be killed doesn't engender >learning or quality >conversation. > You ought to think a little more deeply about why someone might use that phrase. I think it often comes from a feeling of powerlessness or of having been unjustly threatened with force. However it may be expressed the visceral reaction to official wrongdoing is a sound one. Consider Cohen's recent statement : "... and we have to be very, very concerned about how we are empowering our citizens, our businessmen and women and our consumers. We also have to be concerned that it is not turned and used against us." He has the plot figured out but he has reversed the players. Forget that he was likely referring to the possibility that there may be a hostile third party who takes advantage of our domestic empowerment, I call this a massive Freudian slip that is indicative of our government's attitude towards its cattle^H^H^H^H^Hitizens. Those in power who have this attitude deserve...what? A big bonus? A cushy early retirement? A smile and a handshake as they voluntarily remove themselves from office when they realize the profound error of their ways? >I'm not here to hone my ridiculing skills: I'm here to learn something and to keep >myself abreast of what >government and the private sector are doing that effects my >privacy and my rights. > You could say that you're learning something from seeing how others react to the political activities of our dirty birds in DC. Be open-minded. Some of what you see may be performance art but that has value too. Heartfelt political discussions tend to get rough. And in the end it is possible that the politics are more important than the technology. I'd say they're neck and neck right now. I'm not sure how to bet. >So stop fucking swearing all the time. It's really tiring. > Who's swearing? Besides. isn't cursing one of the 10 commandments? Thou shalt bare thine teeth and curseth upon thine enemy. Or is it one of the Ammendments : Ammendment 2A An animated political discourse being necessary to the agitation of an intoxicated state, the right of the people to concoct and hurl insults shall not be infringed. I forget. I think I like the second fucking choice. I think I'll rewrite the BOR in this vein. Going home to eat, swim. The pool is up to 92. Got work work to do this weekend too.
Most consumers not ready to manage secure email
By CNET News.com Staff August 25, 2000, 2:20 p.m. PT URL: http://news.cnet.com/news/0-1005-200-2613005.html By William Spernow, Gartner Analyst Encrypted-email services for consumers, such as the remote services Yahoo will provide through ZixIt, target people's concerns over Internet privacy and security, which continue to grow. Nevertheless, it is not clear that many consumers have run into trouble with unauthorized people intercepting their regular email or that consumers are up to challenge of managing an encrypted-email service. ZixIt says that its SecureDelivery.com service "enables users worldwide to easily send and receive encrypted and digitally signed communications," an obvious solution to a perceived problem. However, the chances of someone intercepting an email message in transit are nil. For example, no one has ever had a credit card number stolen while it was being transmitted over the Internet. The real risk comes when the unencrypted email is stored on someone's desktop or laptop--and especially on the vendor's email server. In effect, remote email services offer enticing targets for malicious hackers, who will know exactly where to go when looking for sensitive communications. Accordingly, using remote email store-and-forward services makes sense only if the strictness with which a vendor protects its servers and the content of the emails awaiting delivery outweighs the added risk of using such a highly visible service. Properly weighing those risks can prove extremely difficult because it involves addressing several issues. The vendor must publish its policies for securing its email servers. It must make clear how thoroughly it has assessed security threats and what steps it has taken to mitigate these risks. The risks include the physical security at the actual location of the server as well as the location itself--whether in the United States or abroad. More importantly, the vendor must restrict the number of employees that have access to the server and ensure their trustworthiness. All of those issues apply to sites where backup tapes are stored, too. The vendor must also bring in an independent auditor--preferably several outside firms--to validate that the vendor is following its stated security policy. Finally, the vendor must plan in case its security measures are not as tight as it believes and unauthorized users do somehow obtain access to consumers' secure email. The vendor must accept liability if a consumer suffers economic loss because of a compromised communication. It is difficult enough for a midsize enterprise to manage encrypted-email systems adequately. Gartner believes that most consumers will not be able to do so using today's methods. The most technically savvy consumers that need email encryption will likely continue to use digital certificates (e.g., Pretty Good Privacy's) to communicate securely among a handful of contacts. Gartner believes that few people who are knowledgeable about information security will allow their sensitive email messages to sit on someone else's email server unless their vendor has made extraordinary efforts to educate consumers about its internal security controls and has documented them through an ongoing security assessment by external information-security professionals.
Yahoo to offer encrypted email option
By Paul Festa Staff Writer, CNET News.com August 25, 2000, 4:00 a.m. PT URL: http://news.cnet.com/news/0-1005-200-2605437.html Yahoo plans to let its email account holders use data scrambling to protect the privacy of their messages, marking a potentially significant advance for the mainstream use of encryption. The Web portal and ZixIt, an encryption company based in Dallas, confirmed that they have inked an agreement to provide encryption to Yahoo Mail users but declined to comment further. The companies did not disclose a start date for the service. Yahoo Mail began carrying a link to ZixIt's ZixMail page this week but said that link was part of its regular advertising. When the system launches, it will let Yahoo Mail account holders send messages through ZixIt's SecureDelivery.com site, scrambling messages so only sender and recipient can read them, even if the message is intercepted en route. ZixIt's SecureDelivery site this quarter will launch software add-ons for use with Lotus Notes and Microsoft's Outlook email application. The deal will make Yahoo the first major portal to offer encrypted email. So far, data scrambling has been the province of tech-savvy computer users willing to use products that require a software download, such as Network Associates' Pretty Good Privacy. Yahoo's competition in the free, Web-based encrypted email arena comes from smaller players including Hushmail and ZipLip. ZipLip, which offers a variety of secure messaging products in addition to its free mail site, said Yahoo's move shows that mainstream encryption's time is coming. "Yahoo has gotten an understanding that consumers do need more privacy," said ZipLip chief executive Kon Leong. "They are addressing the consumer market, so the timing is right."
