gmane.comp.encryption.general

ADMIN: sending from a second account to the list

Perry E. Metzger — 2011-08-11T00:17:06

Several people have complained to me that they get their email for
the list sent from a different address than the one they send from
and that their mail has bounced as a result.

To take care of this, on your own, just add a second account using
the web interface and click the "no mail" option. You will then be
able to mail to the list from that address but you won't get mail to
it.

For those that asked, this isn't a normal Mailman feature -- I hacked
it in with a Postfix policy daemon so it happens at the MTA
dialog. It is necessary because the list gets hundreds and sometimes
thousands of spam attempts a day and I didn't want to deal with the
mail queues being clogged with thousands of bounce messages that
would never be delivered

Perry

Vulnerabilities (in theory and in practice) in P25two-way radios

Matt Blaze — 2011-08-10T16:06:48

Our (Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu and me) Usenix Security paper on vulnerabilities in the P25 two-way radio system (used by public safety agencies in the US and elsewhere) is out today.

See

   http://www.crypto.com/papers/p25sec.pdf

for the paper (pdf format) and

   http://www.crypto.com/p25

for a summary of mitigations.

-matt

_______________________________________________
The cryptography mailing list
cryptography< at >metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Today's XKCD is on password strength.

Perry E. Metzger — 2011-08-10T14:12:07

Today's XKCD is on password strength. The advice it gives is pretty
good in principle...

http://xkcd.com/936/

"India wants special monitoring access for Twitter,Facebook"

Perry E. Metzger — 2011-08-09T18:20:37

http://www.cio.com.au/article/396417/

Quoting. Crypto starts being mentioned in the fourth paragraph:

  India's communications ministry has been asked by the home ministry
  to monitor social networking websites such as Twitter and Facebook
  amid fears that the services are being used by terrorists to plan
  attacks.

  The request suggests that the Indian government is trying to broaden
  the scope of its online surveillance for national security.

  Telecommunications service providers in India provide facilities for
  lawful interception and monitoring of communications on their
  network, including communications from social networking websites
  such as Facebook and Twitter, in accordance with their license
  agreements,[...]

  But there are certain communications which are encrypted, Deora said
  Friday.

  The government did not provide details of what encrypted data they
  would like to have access to. A spokesman for the home ministry said
  on Monday that additional information can only be provided in
  Parliament while it is in session.

Perry

ADMIN: Please don't top post.

Perry E. Metzger — 2011-08-09T18:06:33

The list has been alive again only for a couple of days, but it
appears that I need to post this oldie again.

------------

A3: Please.
Q3: Should I avoid top posting on this mailing list?

A2: Because, by reversing the order of a conversation, it leaves the
    reader without much context, and makes them read a message in an
    unnatural order.
Q2: Why is top posting irritating?

A1: It is the practice of putting your reply to a message before the
    quoted message, instead of after the (trimmed) message.
Q1: What is top posting?

Top Posting FAQ:

Crypto being blamed in the London riots.

Perry E. Metzger — 2011-08-09T17:18:38

Quoting from the New York Times:

  David Lammy, Britain's intellectual property minister, also called
  for a suspension of Blackberry's encrypted instant message service.
  Many rioters, exploiting that service, had been able to organize mobs
  and outrun the police, who were ill-equipped to monitor it. "It is
  unfortunate, but for the very short term, London can't have a night
  like the last," Mr. Lammy said in a Twitter post.

  Officials at Research in Motion, the corporate parent of Blackberry,
  declined to comment on whether the service would be suspended. But
  the company, based in Waterloo, Ontario, issued a statement saying:
  "We feel for those impacted by recent days' riots in London. We have
  engaged with the authorities to assist in any way we can."

http://www.nytimes.com/2011/08/10/world/europe/10britain.html

[cryptography] OT: RSA's Pwnie Award

Eugen Leitl — 2011-08-09T11:52:09

----- Forwarded message from Jeffrey Walton <noloader< at >gmail.com> -----

From: Jeffrey Walton <noloader< at >gmail.com>
Date: Mon, 8 Aug 2011 20:00:56 -0400
To: Randombit List <cryptography< at >randombit.net>
Subject: [cryptography] OT: RSA's Pwnie Award
Reply-To: noloader< at >gmail.com,
Crypto discussion list <cryptography< at >randombit.net>

In case anyone is interested, RSA won a Pwnie for lamest vendor
response for its RSA SecurID token compromise:
http://pwnies.com/winners/
_______________________________________________
cryptography mailing list
cryptography< at >randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----

Homomorphic encryption prototype by microsoft

Ali, Saqib — 2011-08-08T19:37:15

Two years after Dr. Craig Gentry of IBM published the proof for fully
homomorphic encryption, Microsoft has come up with a prototype that
utilizes the technique:
http://www.technologyreview.com/computing/38239/page1/


saqib
http://redscarfvestpink.appspot.com/
_______________________________________________
The cryptography mailing list
cryptography< at >metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

sorry, one last test.

Perry E. Metzger — 2011-08-08T00:31:21

Please ignore.

(For those that don't ignore these thins, hopefully VERPs should now
be on. No, you have no reason to know what that means if you're not
someone who runs mailing lists.)

One more test, please ignore.

Perry E. Metzger — 2011-08-08T00:16:12

Please ignore, I am testing bounce processing.

The Cryptography and Security mailing list has beenresurrected.

Perry E. Metzger — 2011-08-08T00:08:20

0) Many of you were asking me about the mailing list quite
regularly. My apologies to everyone for how long it took me to get
enough free time to get things going again.

1) We are now running on Mailman instead of on the long obsolete
Majordomo. This gives us both online archives and the ability for
other people to take over for me when I'm too busy (see 3 and 4,
below).

2) As list was dead for a large fraction of a year, if you don't want
to be on it any more, click on the link at the bottom and
unsubscribe.

3) I'm expecting my time will continue to be limited, a side effect of
being a doctoral student. To make sure the list does not fall silent
again, I'll be announcing at least one (and hopefully more)
co-moderators shortly, who will take over for me when I'm too busy.

4) We now have archives back to early 2001 online. They may be a bit
mangled -- let me know if you catch any problems. Also, if you have
archives dating back before that, let me know -- I'd like to slurp
them in.

5) For years, I've considered splitting the list into a technical
cryptography only list and a list that discusses the wider range of
security and security related politics. This would allow people
interested only in cryptography qua cryptography to get an even lower
noise environment -- let me know if you have an opinion on the topic.

Perry

testing

Perry E. Metzger — 2011-08-07T23:08:53

Assuming this gets out, the list has been successfully resurrected,
now using Mailman instead of the long since unsupportable Majordomo.

Expect an administrative message later tonight.

Disk encryption advice...

Perry E. Metzger — 2010-10-08T20:27:57

I have a client with the following problem. They would like to
encrypt all of their Windows workstation drives, but if they do that,
the machines require manual intervention to enter a key on every
reboot. Why is this a problem? Because installations and upgrades of
many kinds of Windows software require multiple reboots, and they
don't want to have to manually intervene on every machine in their
buildings in order to push out software and patches.

(The general threat model in question is reasonably sane -- they
would like drives to be "harmless" when machines are disposed of or if
they're stolen by ordinary thieves, but on the network and available
for administration the rest of the time.)

Does anyone have a reasonable solution for this?

Photos of an FBI tracking device found by a suspect

Perry E. Metzger — 2010-10-08T15:21:16

My question: if someone plants something in your car, isn't it your
property afterwards?

http://gawker.com/5658671/dont-post-pictures-of-an-fbi-tracking-device-you-find-on-a-car-to-the-internet

Anyone know anything about the new AT&T encrypted voice service?

Perry E. Metzger — 2010-10-06T22:19:01

AT&T debuts a new encrypted voice service. Anyone know anything about
it?

http://news.cnet.com/8301-13506_3-20018761-17.html

(Hat tip to Jacob Applebaum's twitter feed.)

English 19-year-old jailed for refusal to disclose decryption key

Ray Dillinger — 2010-10-06T18:57:26

a 19-year-old just got a 16-month jail sentence for his refusal to 
disclose the password that would have allowed investigators to see 
what was on his hard drive.  

I suppose that, if the authorities could not read his stuff 
without the key, it may mean that the software he was using may 
have had no links weaker than the encryption itself -- and that 
is extraordinarily unusual - an encouraging sign of progress in 
the field, if of mixed value in the current case.

Really serious data recovery tools can get data that's been 
erased and overwritten several times (secure deletion being quite
unexpectedly difficult), so if it's ever been in your filesystem
unencrypted, it's usually available to well-funded investigators 
without recourse to the key.  I find it astonishing that they 
would actually need his key to get it. 

Rampant speculation: do you suppose he was using a solid-state 
drive instead of a magnetic-media hard disk?

http://www.bbc.co.uk/news/uk-england-11479831

Bear

Computer "health certificate" plan indistinguishable from DenialOf Service attack.

Ray Dillinger — 2010-10-06T18:13:36

Microsoft is sending up a test balloon on a plan to 'quarantine' 
computers from accessing the Internet unless they produce a 'health
certificate'  to "ensure that software patches are applied, a firewall
is installed and configured correctly, an antivirus program with current
signatures is running, and the machine is not currently infected with
known malware."

Apparently in a nod to the fact that on technical grounds this is
effectively impossible, the representative goes on to say 

"Relevant legal frameworks would also be needed."

as though that would make lawbreakers stop spoofing it.  Existing 
malware already spoofs antivirus software to display current patches,
in order to prevent itself from being uninstalled.

It is hard to count the number of untestable and/or flat out wrong
assumptions built into this idea, and harder still to enumerate all the
ways it could go wrong.

The article is available at:

http://www.bbc.co.uk/news/technology-11483008

Bear

FY;) Stick Figure Guide to AES

Eugen Leitl — 2010-10-06T13:29:02

Not new, but some probably have missed it. 

http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

Tahoe-LAFS developers' statement on backdoors

Zooko O'Whielacronx — 2010-10-06T05:31:29

http://tahoe-lafs.org/trac/tahoe-lafs/browser/trunk/docs/backdoors.txt

Statement on Backdoors

October 5, 2010

The New York Times has recently reported that the current U.S.
administration is proposing a bill that would apparently, if passed,
require communication systems to facilitate government wiretapping and
access to encrypted data:

 http://www.nytimes.com/2010/09/27/us/27wiretap.html (login required;
username/password pairs available at
http://www.bugmenot.com/view/nytimes.com).

Commentary by the  Electronic Frontier Foundation
(https://www.eff.org/deeplinks/2010/09/government-seeks ),  Peter
Suderman / Reason
(http://reason.com/blog/2010/09/27/obama-administration-frustrate ),
Julian Sanchez / Cato Institute
(http://www.cato-at-liberty.org/designing-an-insecure-internet/ ).

The core Tahoe developers promise never to change Tahoe-LAFS to
facilitate government access to data stored or transmitted by it. Even
if it were desirable to facilitate such access—which it is not—we
believe it would not be technically feasible to do so without severely
compromising Tahoe-LAFS' security against other attackers. There have
been many examples in which backdoors intended for use by government
have introduced vulnerabilities exploitable by other parties (a
notable example being the Greek cellphone eavesdropping scandal in
2004/5). RFCs  1984 and  2804 elaborate on the security case against
such backdoors.

Note that since Tahoe-LAFS is open-source software, forks by people
other than the current core developers are possible. In that event, we
would try to persuade any such forks to adopt a similar policy.

The following Tahoe-LAFS developers agree with this statement:

David-Sarah Hopwood
Zooko Wilcox-O'Hearn
Brian Warner
Kevan Carstensen
Frédéric Marti
Jack Lloyd
François Deppierraz
Yu Xue
Marc Tooley

Formal notice given of rearrangement of deck chairs on RMS PKItanic

Peter Gutmann — 2010-10-06T03:52:46

From https://wiki.mozilla.org/CA:MD5and1024:

  December 31, 2010 - CAs should stop issuing intermediate and end-entity
  certificates from roots with RSA key sizes smaller than 2048 bits [0]. All
  CAs should stop issuing intermediate and end-entity certificates with RSA
  key size smaller than 2048 bits under any root.

  Under no circumstances should any party expect continued support for RSA key
  size smaller than 2048 bits past December 31, 2013. This date could get
  moved up substantially if necessary to keep our users safe. We recommend all
  parties involved in secure transactions on the web move away from 1024-bit
  moduli as soon as possible.

Right, because the problem with commercial PKI is all those attackers who are
factoring 1024-bit moduli, and apart from that every other bit of it works
perfectly.

Peter.

[0] This is ambiguously worded, but it's talking about key sizes in EE certs.

ADMIN: Don't Top Post. Trim Quoted Material.

Perry E. Metzger — 2010-10-01T00:50:22

Moderator's note:

I hate to ask this yet again, but PLEASE do not top post,
and PLEASE trim the message you are replying to.

Multiple messages sent to the list recently have had only a couple of
lines sitting above a long original message quoted in its entirety.

Taking the time to follow reasonable conventions for replying to
email means that the people reading your missive will have a much
easier and faster time understanding what you're writing.

Perry