gmane.comp.encryption.general

ADMIN: sending from a second account to the list

Perry E. Metzger — 2011-08-11T00:17:06

Several people have complained to me that they get their email for
the list sent from a different address than the one they send from
and that their mail has bounced as a result.

To take care of this, on your own, just add a second account using
the web interface and click the "no mail" option. You will then be
able to mail to the list from that address but you won't get mail to
it.

For those that asked, this isn't a normal Mailman feature -- I hacked
it in with a Postfix policy daemon so it happens at the MTA
dialog. It is necessary because the list gets hundreds and sometimes
thousands of spam attempts a day and I didn't want to deal with the
mail queues being clogged with thousands of bounce messages that
would never be delivered

Perry

Re: Today's XKCD is on password strength.

Chad Perrin — 2011-08-10T17:29:00

. . . unless the person trying to crack the password treats the password
as a "passphrase" like the user does, and uses combinations of common
words rather than strings of random letters to try to crack the password.
The problem is that "~44 bits of entropy" here assumes the person trying
to crack the password is using the simplest possible means of brute force
cracking, and is not clever enough to consider the possibility that there
may be patterns of character selection based on terms in the English
language.

The "correct horse battery staple" example imposes patterns on password
generation that do not exist in, say, "gCac2 RY9%sK%/3Q2!P}>p2?'H1q?".

I find it frankly shocking that most of the people in the world trying to
come up with a clever trick to get around using strong passwords simply
do not think about the fact that when the characters in your password
have predictable relationships to one another (e.g., Y9%sK as a pattern
appears in no natural language word, but horse certainly does appear, an

Re: Today's XKCD is on password strength.

Tim Dierks — 2011-08-10T16:17:45



FWIW,
http://tim.dierks.org/2007/03/secure-in-browser-javascript-password.html

 - Tim
_______________________________________________
The cryptography mailing list
cryptography< at >metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Re: Crypto being blamed in the London riots.

Steven Bellovin — 2011-08-10T18:35:56

More precisely, Blackberry email is encrypted from the recipient's
Exchange server to the mobile device.

The scenario is corporate email; the business case is that RIM could
claim that they *couldn't* read the email; they never had it in the
clear.  However, that's only true for that service.  For personal
Blackberries, there is no corporate-owned server doing the encryption.

The service in question here, though, is Blackberry Messenger.  There
seems to be some confusion about whether or not such messages are
encrypted, and if so under what circumstances.  One link
(http://www.berryreview.com/2010/08/06/faq-blackberry-messenger-pin-messages-are-not-encrypted/) says that they're not, in any meaningful form.  More
authoritatively, http://web.archive.org/web/20101221211610/http://www.cse-cst.gc.ca/its-sti/publications/itsb-bsti/itsb57a-eng.html
says that they aren't.

The most authoritative source is RIM itself.  P 27 of
http://docs.blackberry.com/16650/ confirms the CSE document.

Looking at things more abs

Re: Today's XKCD is on password strength.

Adam Fields — 2011-08-10T14:30:59

On Aug 10, 2011, at 10:12 AM, Perry E. Metzger wrote:


You still need a password manager to remember which of the dozens of easily-remembered passwords you used, so you might as well just use the 20-character random generator they all have. Not bad for a stopgap if you're caught needing to make one up on the fly though.

_______________________________________________
The cryptography mailing list
cryptography< at >metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Re: Crypto being blamed in the London riots.

Perry E. Metzger — 2011-08-10T16:19:53

Blackberry already more or less has that functionality, which
disproves your hypothesis.

Perry

Re: Crypto being blamed in the London riots.

Perry E. Metzger — 2011-08-10T16:13:32

On Wed, 10 Aug 2011 11:53:11 -0400 Ken Buchanan
<ken.buchanan< at >gmail.com> wrote:

Funny, that, since Sampo's proposal is more or less how Blackberry
chat actually works. (Various previous posters had the details wrong.)
Also all blackberry corporate services work without RIM having any
access to the content -- they only get access to email for individual
users for whom they terminate the encrypted tunnel.

Perry

Vulnerabilities (in theory and in practice) in P25two-way radios

Matt Blaze — 2011-08-10T16:06:48

Our (Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu and me) Usenix Security paper on vulnerabilities in the P25 two-way radio system (used by public safety agencies in the US and elsewhere) is out today.

See

   http://www.crypto.com/papers/p25sec.pdf

for the paper (pdf format) and

   http://www.crypto.com/p25

for a summary of mitigations.

-matt

_______________________________________________
The cryptography mailing list
cryptography< at >metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Re: Today's XKCD is on password strength.

Steve Furlong — 2011-08-10T14:22:46

For a single password on a system with flexible rules, it's good advice.

Real world, with a dozen non-reused passwords needed on systems with
limited password lengths, not so much. "correct stable horse battery"?

Today's XKCD is on password strength.

Perry E. Metzger — 2011-08-10T14:12:07

Today's XKCD is on password strength. The advice it gives is pretty
good in principle...

http://xkcd.com/936/

Re: Crypto being blamed in the London riots.

Sampo Syreeni — 2011-08-10T00:02:28


Thus, why not turn the Trusted Computing idea on its head? Simply make 
P2P public key cryptography available to your customers, and then bind 
your hands behind your back in an Odysseian fasion, using hardware 
means? Simply make it impossible for even yourself to circumvent the 
best cryptographic protocol you can invent, which you embed in your 
device before ever unveiling it, and then just live with it?


Thus the need for credible precommitment, TC-style, at the hardware 
level..

Re: Crypto being blamed in the London riots.

Nick — 2011-08-09T20:59:42

IIRC this came up last year when a Middle Eastern country (I forget 
which) were threatening to not let RIM operate unless they could 
intercept blackberry messages.

However, as was pointed out then, apparently the encryption is to & 
from RIM's servers, not the recipient. So RIM have access to all the 
'secret' messages. I expect GCHQ & the Met will make sure said 
systems are patched in to their surveillance programme in no time.

Unfortunately the present climate in England is such that I can't 
imagine such measures being anything but lauded.
_______________________________________________
The cryptography mailing list
cryptography< at >metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

"India wants special monitoring access for Twitter,Facebook"

Perry E. Metzger — 2011-08-09T18:20:37

http://www.cio.com.au/article/396417/

Quoting. Crypto starts being mentioned in the fourth paragraph:

  India's communications ministry has been asked by the home ministry
  to monitor social networking websites such as Twitter and Facebook
  amid fears that the services are being used by terrorists to plan
  attacks.

  The request suggests that the Indian government is trying to broaden
  the scope of its online surveillance for national security.

  Telecommunications service providers in India provide facilities for
  lawful interception and monitoring of communications on their
  network, including communications from social networking websites
  such as Facebook and Twitter, in accordance with their license
  agreements,[...]

  But there are certain communications which are encrypted, Deora said
  Friday.

  The government did not provide details of what encrypted data they
  would like to have access to. A spokesman for the home ministry said
  on Monday that additional information can only be prov

ADMIN: Please don't top post.

Perry E. Metzger — 2011-08-09T18:06:33

The list has been alive again only for a couple of days, but it
appears that I need to post this oldie again.

------------

A3: Please.
Q3: Should I avoid top posting on this mailing list?

A2: Because, by reversing the order of a conversation, it leaves the
    reader without much context, and makes them read a message in an
    unnatural order.
Q2: Why is top posting irritating?

A1: It is the practice of putting your reply to a message before the
    quoted message, instead of after the (trimmed) message.
Q1: What is top posting?

Top Posting FAQ:

Crypto being blamed in the London riots.

Perry E. Metzger — 2011-08-09T17:18:38

Quoting from the New York Times:

  David Lammy, Britain's intellectual property minister, also called
  for a suspension of Blackberry's encrypted instant message service.
  Many rioters, exploiting that service, had been able to organize mobs
  and outrun the police, who were ill-equipped to monitor it. "It is
  unfortunate, but for the very short term, London can't have a night
  like the last," Mr. Lammy said in a Twitter post.

  Officials at Research in Motion, the corporate parent of Blackberry,
  declined to comment on whether the service would be suspended. But
  the company, based in Waterloo, Ontario, issued a statement saying:
  "We feel for those impacted by recent days' riots in London. We have
  engaged with the authorities to assist in any way we can."

http://www.nytimes.com/2011/08/10/world/europe/10britain.html

[cryptography] OT: RSA's Pwnie Award

Eugen Leitl — 2011-08-09T11:52:09

----- Forwarded message from Jeffrey Walton <noloader< at >gmail.com> -----

From: Jeffrey Walton <noloader< at >gmail.com>
Date: Mon, 8 Aug 2011 20:00:56 -0400
To: Randombit List <cryptography< at >randombit.net>
Subject: [cryptography] OT: RSA's Pwnie Award
Reply-To: noloader< at >gmail.com,
Crypto discussion list <cryptography< at >randombit.net>

In case anyone is interested, RSA won a Pwnie for lamest vendor
response for its RSA SecurID token compromise:
http://pwnies.com/winners/
_______________________________________________
cryptography mailing list
cryptography< at >randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----

Re: Homomorphic encryption prototype by microsoft

Jonathan Katz — 2011-08-09T01:46:14

Here's the accompanying technical article: http://eprint.iacr.org/2011/405

They only implemented a "somewhat-homomorphic" encryption scheme, though.
_______________________________________________
The cryptography mailing list
cryptography< at >metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Homomorphic encryption prototype by microsoft

Ali, Saqib — 2011-08-08T19:37:15

Two years after Dr. Craig Gentry of IBM published the proof for fully
homomorphic encryption, Microsoft has come up with a prototype that
utilizes the technique:
http://www.technologyreview.com/computing/38239/page1/


saqib
http://redscarfvestpink.appspot.com/
_______________________________________________
The cryptography mailing list
cryptography< at >metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Re: The Cryptography and Security mailing list has been resurrected.

Perry E. Metzger — 2011-08-08T01:59:33

On Mon, 8 Aug 2011 03:31:00 +0200 "R. Hirschfeld" <ray< at >unipay.nl>
wrote:

If you had the stuff in mbox format it would be great -- that's what
Mailman slurps in for old archives. Is it a complete archive though?

Perry

sorry, one last test.

Perry E. Metzger — 2011-08-08T00:31:21

Please ignore.

(For those that don't ignore these thins, hopefully VERPs should now
be on. No, you have no reason to know what that means if you're not
someone who runs mailing lists.)

One more test, please ignore.

Perry E. Metzger — 2011-08-08T00:16:12

Please ignore, I am testing bounce processing.