Slashdot Mirror

...in the February 15, 2002 issue of Crypto-Gram. They are the current residents of his Doghouse.

Those readers who submitted this obvious bullshit to Slashdot should be ashamed of yourselves. A little dose of cynicism is mandatory to cut through all of the bullshit would be tech companies spew out.

Those readers who submitted this obvious bullshit to Slashdot should be ashamed of yourselves. A little dose of cynicism is mandatory to cut through all of the bullshit would be tech companies spew out.

Those readers who submitted this obvious bullshit to Slashdot should be ashamed of yourselves. A little dose of cynicism is mandatory to cut through all of the bullshit would be tech companies spew out.

Those readers who submitted this obvious bullshit to Slashdot should be ashamed of yourselves. A little dose of cynicism is mandatory to cut through all of the bullshit would be tech companies spew out.

Those readers who submitted this obvious bullshit to Slashdot should be ashamed of yourselves. A little dose of cynicism is mandatory to cut through all of the bullshit would be tech companies spew out.

Look. This is a proprietary algorithm which was developed by a non-cryptographer, and which hasn't been peer-reviewed. It is snake-oil until it has been exposed to the light of peer-review.

Meganet <http://www.meganet.com/> has a beauty on their Web site: "The base of VME is a Virtual Matrix, a matrix of binary values which is infinity in size in theory and therefore have no redundant value. The data to be encrypted is compared to the data in the Virtual Matrix. Once a match is found, a set of pointers that indicate how to navigate inside the Virtual Matrix is created. That set of pointers (which is worthless unless pointing to the right Virtual Matrix) is then further encrypted in dozens other algorithms in different stages to create an avalanche effect. The result is an encrypted file that even if decrypted is completely meaningless since the decrypted data is not the actual data but rather a set of pointers. Considering that each session of VME has a unique different Virtual Matrix and that the data pattern within the Virtual Matrix is completely random and non-redundant, there is no way to derive the data out of the pointer set." This makes no sense, even to an expert.

No doubt it is the "anti terrorist yet homeland security friendly edition" this time around.

Don't interprete my writing with your knowledge.

Bruce Schneier covered this way back in February 1999:

http://www.counterpane.com/crypto-gram-9902.html

I think we can file this under "snake oil".

Professional cryptographer Bruce Schneier used these guys as the exemplar for "Pseudo-mathematical gobbledygook" in the February 1999 issue of his monthly crypto-gram newsletter:

"The base of VME is a Virtual Matrix, a matrix of binary values which is infinity in size in theory and therefore have no redundant value. The data to be encrypted is compared to the data in the Virtual Matrix. Once a match is found, a set of pointers that indicate how to navigate inside the Virtual Matrix is created. That set of pointers (which is worthless unless pointing to the right Virtual Matrix) is then further encrypted in dozens other algorithms in different stages to create an avalanche effect. The result is an encrypted file that even if decrypted is completely meaningless since the decrypted data is not the actual data but rather a set of pointers. Considering that each session of VME has a unique different Virtual Matrix and that the data pattern within the Virtual Matrix is completely random and non-redundant, there is no way to derive the data out of the pointer set." This makes no sense, even to an expert.

Professional cryptographer Bruce Schneier used these guys as the exemplar for "Pseudo-mathematical gobbledygook" in the February 1999 issue of his monthly crypto-gram newsletter:

"The base of VME is a Virtual Matrix, a matrix of binary values which is infinity in size in theory and therefore have no redundant value. The data to be encrypted is compared to the data in the Virtual Matrix. Once a match is found, a set of pointers that indicate how to navigate inside the Virtual Matrix is created. That set of pointers (which is worthless unless pointing to the right Virtual Matrix) is then further encrypted in dozens other algorithms in different stages to create an avalanche effect. The result is an encrypted file that even if decrypted is completely meaningless since the decrypted data is not the actual data but rather a set of pointers. Considering that each session of VME has a unique different Virtual Matrix and that the data pattern within the Virtual Matrix is completely random and non-redundant, there is no way to derive the data out of the pointer set." This makes no sense, even to an expert.

Bruce Schneier commented this "crypto" as early as 4 years ago in his newsletter under the title: "Pseudo-mathematical gobbledygook"...;-)

Counterpane had a little blurb on their website about it... Crypto stuff

This may have been where the original "Snake Oil" comment came from.

I'm no elite cryptographer; I just try to be an educated user. I rely on people far smarter, and with far more expertise than I'll ever have in the field of cryptography to give me an idea of whether something is reasonably good. That said, even a rank amateur like myself can detect marketing-speak...

I have no authoritative expertise with which to judge encryption algorithms, but outrageous claims tend to speak for themselves... in a negative way.

But my biometric identity is part of my keypair, and if the keypair is validated with each transaction, how does he fake my biometric identity?

The attacker doesn't fake your biometrics. He bribes a government clerk to produce a genuine government card with your stolen details such as SSN, bank accounts, credit card numbers, medical records, etc. and his fingerprint or retinal print. Similar to current credit card cloning, jus t a different procedure to produce the cloned card.

BTW using your biometrics as the actual public/private key data is very bad, and hopefully no system uses it. Because nearly every biometrics system is thought of as producing a small amount of random data, ie. a shared secret, which cannot withstand attacks if the validation system is compromised. A organized crime owned storefront could gather biometric data/keys as well as legimate banking details for the valid customer transaction.

More common designs involve the biometrics info as a symmetric (key-wrapping) key to protect the private key as it is stored on the smartcard. This means the biometrics never leave the smartcard if the smartcard can collect the biometrics directly itself.

There is also the issue that biometrics are harder (and limited) to revoke in the event of a compromise. You have a very small finite number of fingers and eyes.

If your argument is based on the fact that the computer system is compromisable and my entire identity record (public keys) is replaced with a fake identity record, I'll notice within the day and/or hour that this has taken place and can quickly stop it. Plus I don't believe that a public keyserver that stores biometrically authenticated data would necessarily be so easily compromisable. Not impossible, but very difficult.

The forged card is an duplicate, not a replacement. Your card is still valid, and you will be able to withdraw from the ATM as long as there is still money in your bank account / credit limit. Like a forged plastic credit card with magstrip, your card is still accepted as long as your account is less than your credit limit.

This is where I get lost in all this. The system is always attackable, always will be, but shouldn't the parts of the system make those attacks far more expensive, complicated and difficult?

Give the professional criminal some credit, they will use the path of least resistance, and often of least sophistication.

It doesn't matter if the front side of your house has reinforced armoured doors and windows, if the burgular can simply go in the unlocked patio door in the backyard. So why expect any less of the forger / identity thief?

This is covered in the archives if RISKS digest, Secrets and Lies, and Security Engineering.

You are right, the human factor is often ignored in building secure systems, though Schneier's Secrets and Lies and Anderson's Security Engineering (Chapter 3 I believe) deals with building entire systems that are secure including making them usable to the human users.

Having a central repository of all citizens with their biometric data may be a problem, but thats another story

Read this paper to see why 40-bit keys are so bad.

However, to point to where the "military grade" security claim is coming from is the fact that in many military situations information is only needed to remain secure for minutes or a few hours. Unfortunately for FW Depot, that generally applies to wireless communications, not data stored on hard drives.

Maybe they are hoping that people will use it to courier sensitive data...but then they could just hire Johnny Mnemonic.

Yeah, bad product trying to meet ITAR regulations so they can export.

can anyone explain to me a better method, since even thy mighty god linux is subject to the need occassionally along with every other major OS i can think of?

I can't. But Bruce Schneier can

The people who designed this hard disk are confused about how DES works. First of all, DES has a 56-bit, not a 64-bit key. Second of all, the days of being forced to use 40-bit encryption are, thankfully, over.

If one is going to all of the effort to encrypt a hard disk, why will they encrypt it using only Single DES? It is possible to build a single-DES cracker for under $10,000 US; the 56-bit key which single DES has to offer is just not long enough.

They would have been much better off encrypting this unit with AES, which uses Rijndael to encrypt files. Rijndael has a key size between 128 and 256 bits long, which can not be brute forced with current technology. Rijndael is also more efficient than DES when implemented in software.

Also, security is only as strong as its weakest link. If the hard disk is always readable when the key card is attached, then great care must be taken to detatch and hide the key card. Far better security can be obtained by a system which asks for a passphrase. Ideally, have a system which needs both the key card and the passphrase.

While I think this is a good idea, I think one is better off with the kernel patches which allow one to encrypt filesystems in Linux.

(For windows and Mac users, sorry, I use neither so can not help you)

- Sam

Schneier has been talking about this for years. See: Secrets & Lies

But if you ever have a change of heart, all you need to do is make a daemon that will respond to a 1434 UDP packet with an 04 in the first byte by sending a one-byte UDP 1434 response with an 08 as the data.

• And you want to do this because many ISPs might consider there is some value to a static IP and charge you more for it?

* Specifically, it should drop down to the cost of production/maintenance, which should be exceedingly small and inseperable from the general cost of providing a cable/DSL connection to you.

Any discussion of certificate authority isn't complete without a review of Schneier's view on security certificates.

http://www.counterpane.com/crypto-gram-9904.html

He goes into further detail in "Secrets and Lies," but the essential message is the same, need for a top-level authority basically debunks the notion.

This is evident in the legal mumbo-jumbo of the cert authorities and e-commerce in general. No one is selling non-repudiation with a certificate. The only way to achieve a truly legally-binding non-repudable(sp?) connection is to escrow it to a third-party. All the third party does is run the risks and shoulder the liability in case of a fraud. Thought this was straight crack the first time I looked at it, but my boss explained it very well, "encryption keys and trust chains have been broken."

Guess it would be nice to have a cheaper solution for matching certs to names, but I guess for me that is to self-sign the damn thing and tell my users to deal with it.

Applied Cryptography has a couple thousand references. Some are old NSA publications. It's a good book to have anyway.

Actually, The January '03 CryptoGram (mailed out yesterday) has an article discussing AES, RMAC and 3DES discussing how "secure" it is, and in reality, why it is not secure. Check it here.

The moral of the story? I suppose it's just this: the "many eyeballs" theory quickly breaks down in the face of esoteric algorithms.

Use a design that is simple to understand. This will facilitate analysis and increase the confidence in the algorithm. In practice, this means that the algorithm will be a Feistel iterated block cipher.

I agree with WD's theme, but his defense of Open Source has a weak/irrelevant point.

But all this does not mean that there is no group responsible for the car. At a level different from the mechanic, the manufacturer follows the repair history of each car model, then issues repair advisories and occasionally recalls a model for maintenance if a serious fault is found.

I think auto-manufacturer responsibility is anchored in legal liability. If the wheels come off, the builder is sued, no matter whether the engineering diagrams are freely available to the car's owner.

Moreover, just because a program is open-source software does not mean that no one is responsible for it.

Yes, but it doesn't mean someone is. He's arguing in favour of a (legally liable) vendor.

As noted by other posters, the basic arguments have been written in more detail by people like Bruce Schneier -- see his Cryptogram newsletters for some well-thought-out writing.

A nice little article, suitable for sharing with less-technical coworkers.

In his Dec 15th Cryptogram Bruce Schneier provides his argument against counter-attack, and there are some interesting reader responses to this in today's issue.

In his Dec 15th Cryptogram Bruce Schneier provides his argument against counter-attack, and there are some interesting reader responses to this in today's issue.

There is a good justification in Mullen's letter as to why this proposal is different from the RIAA's proposed attacks on computers that they suspect of hosting unauthorised copyrighted material.

to quote from cryptogram: "If you have ever wondered how the special anti-shoplifting tags you see on merchandise work, this article is a real eye-opener!"

I seem to recall a story about another young Irish student who had developed a "revolutionary" encryption engine a while back. That was largely all claim and no solid documentation as well, and what has become of her efforts since then? Not much, not even a single update.

Bullshit. Get your facts straight before you malign someone. Sarah Flannery

• won the Ireland's Young Scientist of the Year, and
• the European Young Scientist of the Year awards,
• was awarded a third-place Karl Menger Memorial Award from the American Mathematical Society and a fourth-place Grand Award in Mathematics,
• won Intel Fellows Achievement Award,
• wrote a paper on her algorithm, with a postscript exposing a successful attack,
• wrote a book, In Code: A Mathematical Journey, on her experiences (5 stars, 13 reviews, sales rank=35K).

She used Mathematica, so the Wolfram website has review of the book.

Here's a quote from Bruce Schneier in his 15 Dec 99 newsletter .

To me, this makes Flannery even more impressive as a young cryptographer. As I have said many times before, anyone can invent a new cryptosystem. Very few people are smart enough to be able to break them. By breaking her own system, Flannery has shown even more promise as a cryptographer. I look forward to more work from her.

All of this was easily found with a Google search that garned 24,000 hits.

All I really need is available at my local radioshack, as discussed here

No. This is wrong.

Discrete hash functions have an avalance effect. A small change in input yeilds a dramatically different hash value. Because a fingerprint scanner has to deal with slight variations in your fingerprint (due to the angle of your finger on the sensor, sweat, temperature, etc.) it can't use a discrete hash function. It has to use a continuous function instead. One of the fundamental properties of continuous functions is that they are invertable (you can at least approximate the inverse with as much accuracy as you want). Given a fingerprint 'hash', it will be trivial to generate an 'image' which can be printed and turned into a gelatin fingerprint with the same techniques used for etching circuit boards. Matsumoto used similar circuit etching techniques to make gelatin molds from latent fingerprints (Link, 3rd paragraph).

Such a system relies on two major assumptions:

• Your finger is unique and physically secure (hopefully true)
• There's no "your finger" equivalent that someone could use (patently false and hopelessly naive)

The problems with such a system:

1. It's easy to falsify. It's actually almost trivially easy to fool a fingerprint reader and fake someone else's fingerprint. (note that the type of gelatin Matsumoto used is seaweed based -- a little stiffer and a bit different than what we use in the states, but I'm sure you can find it here in an asian grocery store or similar)
2. It's not verifiable. There is no challenge-response method possible with your finger to verify that it's even your finger, unless you want to add an embedded subcutaneous microchip, as in a smart card (but then why a fingerprint at all?). Worse, no such system actually checks your fingerprint; it computes a numeric hash of some sort from key features. Any hackery that can get you into the system behind the fingerprint reader means you just use the numeric hash (VERY easy to copy!) instead of a fingerprint. Consequently, it's no more secure than a credit card number in this respect.
3. It's not unique. Two words: hash collisions. Not such a big deal for authentication, but a real problem for identification.
4. It's not revokable. Given the above, if someone steals either your fingerprint or its hash, it's not like you can just get a new one, like you can a credit card number. You'd better hope the system at least allows you to switch to a new finger (and hope you don't run out of fingers). In the worst case, then, it's actually LESS secure than a credit card.

Here is a good article from Bruce Schneier that describes how Biometrics can be easily fooled, $10 worth of household supplies. Just go read the article.

Here is a good article from Bruce Schneier that describes how Biometrics can be easily fooled, $10 worth of household supplies. Just go read the article.

I for one would not trust this system with my credit card or atm card. The system can be quite easily fooled with some super-glue, a pcb board, and gelatin.

Bruce Schneier wrote an article about the process and which also has link to the presention given by the Japanese professor who came up with and tested the process.

However, ultimately, the success of a business depends on it's customers. If we buy RIAA CDs, even as used products, we support their methods. If we go out, find other music, and purchase those non-RIAA CDs, we support an alternate model that depends on quality and personal customer service, not mass appeal and copy protection. There is no way to legislate the RIAA from destroying the right of fair use anymore than there was a way to legislate Wal-Mart from destroying main street. In both cases, the presence of customers determines success.

Bruce Schneier has an excellent article in his newsletter [counterpane.com] called "Counterattack". He discusses vigilantism and why it is the wrong solution to problems on the internet. SPEWS is the wrong solution, especially because it deliberately blocks mail from innocent sources.

You obviously mis-read Bruce's article or don't understand how SPEWS works.

SPEWS works just as Bruce suggests, no vigilante "counterattack" on the a spamming abusers. It just lists the ISPs who have decided to take money to host spamming abusers.

And for the record, SPEWS blocks nothing. It is my own private mailserver which is blocking mail from SPEWS listed spam havens. No, that is not a "counterattack", it's just a shun, or boycott.

Bruce Schneier has an excellent article in his newsletter called "Counterattack". He discusses vigilantism and why it is the wrong solution to problems on the internet. SPEWS is the wrong solution, especially because it deliberately blocks mail from innocent sources.

Not necessarily.

The civil service seem very eager for there to be a national identity card, and keep proposing it as a solution for a variety of different problems.

To be fair, this is largely due to the Two Great Beauracratic Myths, "More Data Is Good" and "More Centralization Is Good". Note the lack of qualifiers on those statements; while they are true in some instances, a Beauracracy (with a capital B, which fits most/all government agencies) sees them as always good, even when they are totally, transparently untrue.

You already mentioned that they are drowning in information, which is why the first myth is wrong in this case, and see the latest Cryptogram for a good discussion of why the second myth (centralizing everything, especially security) is wrong.

Note that all beauracracies can be expected to produce those myths after a certain size. Part of the challenge of building a truly dynamic company is trying to keep the beauracracy to a minimum, lest it strangle you. I know hating Microsoft is standard around here, but they're actually a fairly admirable example of a company becoming huge and yet managing to keep the beauracracy largely in check. (Whether they can keep that going once they cease growing like wildfire is an open and interesting question.)

The point here being, for what it's worth, trying to convince the government itself that these things are wrong is trying to make the government into something it can never be. Our only hope is to get this killed by Congress or perhaps better yet, the Supreme Court (although the latter case means that someone has to be hurt enough by the system to sue, which means lots of other people will be hurt but not sue).

The cynic in me says this is going to happen no matter what and the best thing we can do is stop spending energy fighting it and spend it sensitizing everybody around us to the consequences, so they see it when it happens. I think it's obvious that us civil rights folks don't have the power to stop this directly; we will need people voting in Congressfolk or Presidents based on whether they will promise to dismantle the Normal American surveillance machinery.