Slashdot Mirror

Try out Password Safe available through Counterpane. It's from Bruce Schneier's company. Bruce Schneier is the author of Applied Cryptography, Secrets and Lies, CryptoGram newsletter, and the blowfish and twofish algorithms (one of which was an AES finialist). He has personally code audited the software, so I trust it.

Have one password for the Password Safe and have it store the root passwords for your other computers. If you are very paranoid, keep the database on a floppy and lock the floppy in a safe when not in use.

One downside, only Windows. But, a Linux version is coming Any Day Now (tm) (it'll be Open Source to boot!).

Dave

the mobiles then use a 128 bit key to encrypt the channel. One of the technicians is quoted as saying that "A thousand pentium computers would need over 10 years to decrypt a 10 minute phone-call

As outlined in Cracking DES, an algorithm can take years to crack using a conventional computer. However, if you custom design a computer from the ground up (not as difficult as it might sound) to specifically attack the algorithm, the encryption can fall quite quickly, as it does with DES. *

I think that encryption should be evaluated on the strength of the algorithm, not on how many brute force attacks it would take to defeat it. (This is what is mentioned by Schneier in Applied Cryptography.)

* For those of you who doubt this, read the book.

Bruce Schneier pointed out this "small comfort," as one of the principal flaws in digital security in Secrets and Lies.

Theory and application thereof, come rushing Slashback, Like the Hot Kiss at the end of a Wet Fist

Jeremaih Cornelius

Also as I said before, mentioning security will remind people that they have no idea if it is secure. After all anything claiming to be secure in the past seems to have had later announcements about how it's not exactly as secure as first claimed...

Ok, if they spin their own silicon they might be able to do it, I don't own one of those things, so I can't check to see if it is all off the shelf parts, or has any custom ICs, or even FPGAs.

I'm assuming these small area designs have been openly published and withstood attack? Or are small area designs of real cyphers...

You need long term storage to hold the key (FLASH, NVRAM, whatever),...

...and if it is battery backed you will need that cable again in a few years, or there is another 800 call.

Hmm...I sense a business plan. All these little gizmos, like remote controls, garage door openers, Bluetooth cards and telephones, game controllers, SPIKE gizmos, and so forth have one thing in common: for proper security, they need a hardware key-exchange system. Which means a cable. Which means an enormous business selling cables. Which means that cable companies could give away strong encryption as a loss-leader, and make it up with a captive market for synchonization cables.

Cryptogram March 2001 has an article about it, for example.

--

Crispin - Where have you guys been? I was wondering when you would re-release the 7.0 version.

• Dell is now shipping a WireX product.
• Counterpane has licensed Immunix security technology for their internal use.
• We have two papers that will appear this summer at USENIX Security describing "FormatGuard" and "RaceGuard".

Does this release take care of the compilation problems of RH7?

Can I build a 2.4 kernel with this?

I would really like to use XF86 4.03

Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Now available for purchase

Bruce's argument is that the possibility of an exploit puts all known security holes into the script kiddie category in this cryptogram newsletter

Marcus Ranum gave an interesting talk on intrusion detection systems and security including physical threats at ALS last year. I'd also recommend secrets and lies by Schneier. It also takes an interesting look at physical security issues. As for crisis week the last one I can think of was Y2K but that wasn't really a mock up type thing. The only other crisis preparedness we were trained for was 'fire'.

Five letter sequences are the key. Perhaps someone less lazy than I will try a password. I'd start with "This is good." Then try "Slashdot", "Anonymous Coward", and variations. That person is not only less lazy but has more time than me.

Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.

Under the Street Performer Protocol, the teaser is the only thing released to anyone before the minimum-orders threshold is reached. Once the threshold is reached, the product is released, or in other words, all orders for the product are executed at once, and the content provider gets their specified minimum revenue. They're not guaranteed a revenue stream proportional to usage of the content, but the SPP paper essentially discounts this idea as impractical in the existing tech environment and explores alternatives.

Bruce Schneier wrote this about Authentica.

Why did Kerchkhoff made such a radical statement? Because over the last, oh roughly 500 years, history has told the sad tale of bold cryptographers who sold their systems as unbreakable, and grossly underestimated the inventiveness of their enemies.

Ciphers (encryption algorithms) need to be designed to withstand the most cunning of oppositions. Who's main method is thinking "out of the box" to come up with diffierental cryptanalysis, timing attacks -- timing how long an encryption takes, differential power analysis -- measuring the power consumption, impossible cryptanalysis -- figuring which differentials aren't possible).

Bruce Schneier at Counterpane Labs and Ross Anderson at Security Group at Cambridge University have several essays about how security systems fail because the enemy "breaks the rules". (Why Cryptosystems Fail, Why Cryptography Is Harder Than It Looks, etc.)

To understand more about how "security through obsurity" does more harm than good, read any one of the dozen accounts about the Engima used during World War II, and the Anglo-American (and Polish) effort which successfully analysed this "unbreakable" system. Like Code Breaking, The Code Breakers, or The Code Book.

Why did Kerchkhoff made such a radical statement? Because over the last, oh roughly 500 years, history has told the sad tale of bold cryptographers who sold their systems as unbreakable, and grossly underestimated the inventiveness of their enemies.

Ciphers (encryption algorithms) need to be designed to withstand the most cunning of oppositions. Who's main method is thinking "out of the box" to come up with diffierental cryptanalysis, timing attacks -- timing how long an encryption takes, differential power analysis -- measuring the power consumption, impossible cryptanalysis -- figuring which differentials aren't possible).

Bruce Schneier at Counterpane Labs and Ross Anderson at Security Group at Cambridge University have several essays about how security systems fail because the enemy "breaks the rules". (Why Cryptosystems Fail, Why Cryptography Is Harder Than It Looks, etc.)

To understand more about how "security through obsurity" does more harm than good, read any one of the dozen accounts about the Engima used during World War II, and the Anglo-American (and Polish) effort which successfully analysed this "unbreakable" system. Like Code Breaking, The Code Breakers, or The Code Book.

But the Commission also proposes that Dutch citizens get the possibility to store other information in their digital safe-deposit, like medical and financial information. Citizens can decide to whom they will give access to these types of information. The digital safe-deposit should be located at the web sites of the municipialities. For the protection of the safe-deposits the commission suggests to give each Dutch citizen an electronic identity card with biometrics information. Citizens who are not on-line should get access to their digital safe-deposit through public terminals at the municipal hall.

The Commission thinks that the introduction of the system will give a boost to the digitalisation of Dutch society. New developments like electronic commerce and payment systems for driving have a clear need for the availability of reliable personal data that easily can be transferred and checked.

Open Source creates as much wealth as proprietary products do. The difference is that there is not a huge chunk of that wealth siphoned off to a vendor in the process. Now that in and of itself isn't as bad as it first sounds, because what goes around, comes around. However, when you have to fund the vendor through this mechanism, and if the vendor has a say in how the product behaves, then they will end up putting forth a lot of effort to make the product do certain things strictly to enhance that siphoning. Software vendors like Microsoft have to ensure that customers pay for the products and services and not steal them. The problem is that so much effort is expended to ensure that revenue stream as opposed to other innovations that actually benefit everyone. In the past we have not seen a great deal of this because as the computer market grew, Microsoft's corporate value grew along with it. Now that there is saturation (virtually every office and most homes now have a computer, and the vast majority of them run Microsoft OS products), Microsoft has to find other means to not just ensure a revenue stream, but to also make it grow.

One big difference between Microsoft Windows and Open Source systems like BSD and Linux (the distributions) is what and who the designers are focusing on. I can assure you that for whatever goals Microsoft has in terms of value growth and value siphoning, they are indeed focusing on making software for others. The BSD and Linux community still come across as making something more for themselves than for others. However, that may not be as bad as it sounds. Read on.

With the technology of software becoming ever more complex, it still takes people with intense technical backgrounds to deal with the issues. I'm often quoting Bruce Schneier when he says "Security is not a thing, it is a process" and I keep wondering if that shouldn't also apply to virtually everything else in computers and technology, as well.

Business is shifting more and more to a service strategy. Microsoft clearly knows this and are working to position themselves to provide these services. Others will do so as well. It will happen over a broad scale from the largest (Microsoft, IBM, Sun, Oracle, etc) to the smallest (your local contractor). Many new business ideas will come not as products, but as services. The technical community will be the source of a lot of that, if not most of it.

Where Open Source and free software comes into this, and where BSD and Linux have their advantage, is that they are oriented more to the technical person who is deploying these services. They will then be the embedded components not of a product, but of a service, where the particulars matter only to the service provider, not the customer. When businesses stop buying computer systems as products, and start subscribing to them as services, they will be less and less involved in the roles of administering them. The service provider will be doing that, and the focus on making the administrative interfaces easy for the technically inept will become less and less important.

Why should someone, even a sales guy in an ISP, be administering a system? They shouldn't. It will be done for them as part of the service when they shift from buying a product to subscribing to a service. Services are where it's at, and those who do have the tools handy (your collection of free software) are in the some of the best positions to create and offer those services.

I think this RFC is actually a parody of SOAP, as chronicaled in Bruce Schneier's June 2000 Crypto-Gram.

-"Zow"

Try http://www.counterpane.com/crypto-gram-0103.html

It appears to be blocked from direct linking.
Go here and check out the latest version:
http://www.counterpane.com/crypto-gram.html

Sorry,
Jason

http://www.counterpane.com/crypto-gram-103.html#10

The Warner Bros. studio has tried to get Harry Potter fan sites taken down. Warner Bros. is currently backing off on this.

Fake fan sites are eerily reminiscent of Bruce Schneier's Semantic Attacks, except that the movie industry is doing it so damn clumsily, and in public.

I agree that fake fan sites are dopey, and won't work. I mean, what attracted Joe Sixpack to The Internet in 1996 and 1997? Was it slick, pre-digested Corporate Ad Collateral? No just "No", but "Hell, NO". What attracts people to The Internet is what other individuals have put out there, whether it be Harry Potter fan sites, Hollywood Bitchslap movie reviews, or AmIHotOrNot. The current upper leadership of mass media outlets just doesn't get it.

Well, one of my personal heros -- Bruce Schneier -- said waaaaay back in November 1999 why this is pretty trivial. He said in the November 1999 issue (and I quote):

Every DVD player, including hardware consoles that plug into your television and software players that you can download to your computer, has its own unique unlock key. (Actually, each has several. I don't know why.) This key is used to unlock the decryption key on each DVD. A DVD has 400 copies of the same unique decryption key, each encrypted with every unlock code. Note the global secret: if you manage to get one unlock key for one player, you can decrypt every DVD.

He goes on to explain that this isn't even the point -- that the DVD 'security' mechanism is fundamentally flawed because you have unadaulterated access to the 'plaintext' (or the video being shown).

Just my $.02

Dan

-----------------------------

Someday, I hope to live in a world

And here's Zico plugging alternative Microsoft technology.

Jacco (to e-mail me, please remove all yourclothes)
---
# cd /var/log

If the Cryptonym `Chief Scientist who reported this had any confidence in his claims, he would probably not have removed them. On the whole, this sounds like a storm in a teacup caused by a naïve `scientist who cried wolf upon seeing the word NSA, then decided to slink away by removing his announcement rather than apologising to those he had needlessly worried.

Many security people, including Bruce Schneier consider SOAP to be a horrible idea. Think about it. Your simple stateful packet filter (i.e. linux 2.4 kernel) will no longer be enough to build a firewall. If applications use XML over port 80 as an API, we will have to put application level proxies on things that used to be simple services. All firewalls will have to include an analytical engine as strong as that of an IDS for each service they want to run. That makes them much more expensive and complex.

Complex firewalls generally aren't as trusted as simple ones. Things are going to get ugly, and SOAP won't help.

If Napster can't list music that RIAA owns, it's pointless for them to list music that it doesn't. Indy labels in Napster are like the little CD in the bin next to the 500 copies of something popular. You might grab the little CD because it looks interesting, but you never would've come to the store if the 500 copies of something popular weren't there.

Besides, it's pointless. Copyright is dead. If Napster doesn't survive, something else will. It's like making laws against picking your nose or spitting on the sidewalk. You can scream like howler monkeys every time someone does it and maybe even try to arrest people for it, but you'll never actually make any significant dent in the number of people doing it.

The only solution is to realized that copyright based models for paying artists are dead and think of something better. Here are some links to a couple I've seen:

• The potlach protocol
• The streetperformer protocol
• One of my own that I haven't written up on the web yet

None of those guarantee money to an artist for every person who gets a copy of a work. My suggestion as to how to deal with this is to get over it. I think many of them will work well enough that decent artists will make a good living. All of them significantly diminish the role of the middleman.

I disagree completely and wholeheartedly.

I see banner ads as an assault on my psyche, trying to extract from me things ($$$) which I want to keep.

IF banner ads work, then I am paying to look at free sites one way or another (TANSTAAFL, and all that). I would rather be subjected to an earnest plea to support the site than I would subject myself to the creations of people whose very job is to subtly manipulate my psyche in the favor of their company.

A number of the online comics I frequently read have shifted in the direction of a PBS model - if you like it, send us a few bucks. If we get enough bucks we'll run some kind of special feature (not too unlike the Street Performer Protocol). It is not anywhere near as obtrusive as your example - one of the reasons at least Penny-Arcade shifted to this model is that ad banners were too obtrusive and disruped their site. (their network kept sneaking popups in, plus just vibrating windows and stuff)

A fairly recent CryptoGram had a link to an answer very close to this question. On counterpane Schneier goes through a good description of what is called the "unicity distance" of plaintext. In order to test how good an algorithm is, you try and break it with known plaintext attacks. (Or even more intrusive attacks that you will rarely see in the wild, such as chosen plaintext attacks, or chosen ciphertext attacks) If you can't break these, then it's unlikely that you can break the algorithm with an unknown unchosen plaintext/ciphertext pair. If you're attacking a ciphertext in the wild, then the more you know about your target, the easier it is. With english text, you can brute force attack it if you have more than the unicity distance of ciphertext to work with. Your brute force cracking engine should look for several things, including the headers (such as the magic numbers for jpg files) and things that "look" like english (or some other language) text, and probably even apply some of the tests of randomness that one poster earlier mentioned. Of course the interesting thing is that truly random data has an infinite unicity distance, so to make decrypting your messages to someone@host.net really frustrating you might add a cron job something like:
*/5 * * * * if [-f $HOME/message-to-send.txt]; (gpg -$OPTIONS &lt $HOME/message-to-send.txt | mail -s "message" someone@host.net); else (dd if=/dev/urandom bs=1024 count=1 | gpg -$OPTIONS | mail -s "message" someone@host.net); fi
(please pardon if this won't actually run... I'm on a windows box and don't have my man pages handy - but you get the general idea...) Just make sure your message is exactly 1k, set up the appropriate procmail on the other end and... probably nothing. Chances are no one will care, and if they care enough, they'll just put a keyboard sniffer on your machine, find out your password, log in as you, and read your mail anyway. Always remember, you can't win, but sometimes it's fun to try and think of interesting ways to try.

ObKarmaWhoring: if you haven't read this already then Bruce Schnier and Carl Ellison's "Ten Risks of PKI" is essential background reading: http://www.counterpane.com/pki-risks.html
--

The AES finalists were:

MARS (IBM) (their case)
RC6 (RSA) (their case)
Rijndael (their case) (how to pronounce it)
Serpent (their case)
Twofish (Counterpane) (their case)

DirecTV scored a direct hit against pirates. Over the course of a few months it surreptitiously broadcast, byte by byte, a program that allowed it to permanently disable pirate DirecTV access cards. On January 21st, they triggered the program. Supposedly this knocked out 98% of cracked cards. My favorite tidbit is that they wrote "GAME OVER" into an affected area of memory. The pirate community is already working on hardware workarounds and, supposedly, the cracked cards that use emulation are easy to fix. So while DirecTV won this battle, the war goes on.

Some people would argue that musicians should give away their music as MP3s (or "Ogg", since said people are usually against proprietary algorithms as well) and then set up a virtual "tip jar" on their website where people can give them a buck or two via a PayPal account if they like the song. There have even been formal proposals for such things, like the Street Performer Protocol. I've yet to hear of an instance of such a thing actually allowing someone to become successful musician. Note: I don't mean that someone should eclipse the Beatles in terms of riches and fame before such a scheme can be declared a success -- I just would have though that by now there would have been at least one or two minor success stories. As far as I know, no one has yet been able to so much as just pay the rent by producing writing, art, or music and giving it out using the Street Performer Protocol (or any similar schemes). Sure, there was Stephen King's "The Plant", but that's not a fair test, since he's already the most successful novelist of all time. How about a "nobody" just starting out being able to pay their bills based on "tips" or "donations" that come in as a result of their art?

I don't mean to be a black helicopter type, but the only reason the SS/CIA/FIB/Police/(put your favorite citizen protection group here) try to outlaw (or ask the legislators to) encryption is that they know if it gets mass acceptance it will be very hard to monitor stuff using fun tools like Carnivore (which we all know is only used to save us from terrorists. Neal Stepehnson in Cryptonomicon showed how an individual using a deck of cards could create easy one-time pad. My $00.02

Go here for instructions on how to use Solitare (an encryption scheme using a deck of cards).

----------
No army can withstand the strength of an idea whose time has come.

Really, it's that good. Even the often-critical Slashdot reviews found it to be "Outstanding". If you have even a passing interest in cryptography, I'd highly recommend picking up this book. Just don't buy it from Amazon, please :).

Alex Bischoff
---

I first heard about the Stockholm situation (which I'm certain is no different from that of NYC, London, Paris (if you read French :-), &c.) from this copy of Bruce Schneier's Crypto-gram newsletter. It's near the bottom---search for ``anecdote''.

Makes me wish I had a WaveLAN...

I first heard about the Stockholm situation (which I'm certain is no different from that of NYC, London, Paris (if you read French :-), &c.) from this copy of Bruce Schneier's Crypto-gram newsletter. It's near the bottom---search for ``anecdote''.

Makes me wish I had a WaveLAN...

I have just finished reading Secrets and Lies. This book talks about how security problems used to be handled through an organization that would keep the problems from the public until the manufacturer created a patch. The upshot was that manufacturers often did not take the problem seriously. The book also talks about how software and hardware manufactures have no significant liabilities for security faults. This leads to a bad situation in which the only tool the cosumer can use to effect a fix is the publicity attack.

Additionally, by limiting the distribution of information, one is implicitly limiting the amount of brainpower available to solve the problem. One cannot assume that all of these qualified security experts are going to belong to every closed list. Although open sourcing the code does allow such people the opportunity to look at the code, hiding a problem may not make best use of the available resources.

Having a secure mailing list for product security defect does not make the product more secure. Have a closed mailing list does not make the loss of personal data any less harmful. A closed list of security defects merely allows security products manufacturers to exaggerate the security of the product to an uneducated populous.

And not even Microsoft would be stupid enough to have two verification keys, one of which wasn't used normally, but was used if the first one failed, so it could be replaced by an attacker to get their code accepted without stopping code signed with the first key running. Well actually, Microsoft were that stupid, but I think even they won't be stupid enough to do it twice.

See e.g. here or here.
--

Don't trust anything that keeps you from looking inside.

Definately. But IE has been getting a lot of 'attention' ;) from security analysts lately,
and I have yet to see any evidence of covert data collection. I consider it relatively safe and the benefits outweigh the drawbacks at this time.

>Ever heard of a packet sniffer? Or a personal firewall?

The difference here is that you choose to put (and setup) these on your machines. If you decide you want to log certain transfers, so be it. At least you got the choice.

If your ISP is doing it, well, that's no good. I'd get the heck away from them and get on a real ISP that respects your privacy.

Agreed.
I am in NO way saying covert logging is acceptable.
I was stating that you don't NEED something to be open to see if it's sending out covert packets, you can use any common network tools to check.

Hell, I think I'd rather check open products with the packet sniffer than reading the code....
Certainly takes less time than wading through 10k lines of network code looking for evil write()s.
(And if you ever HAVE looked at Mozilla code, you'll know what I mean...)
Having the source does make it easier to PROVE there is a problem tho.

Three words: Bell Phone Book. :-) Just because you have lots of money already and are a monopoly doesn't stop you from getting even more greedy.

True, although I see service providers tend to be more insidious than companies that ship actual products (even if those products are intangible).
This is part of the reason I find AOL to be scarier than M$.

I still remember the "old days" [not so old, really]. Before MS quit wasting their time going after friends sharing software. The days where Microsoft threatened (and, I believe, implemented in early betas) to include a phone home feature in Chicago that would report a scan of the users hard drive. I don't think I kept the magazines that discussed it (stuff from '94 is just a little out of date).

Oh, they haven't stopped with this yet. They're trying to get a similar anti-'piracy' 'feature' into Whistler.
BUT, this thread isn't about Windoze OS, it's about IE, and more specifically, Mac IE.
M$ is evil and controlling - we already know this.

And lets not forget the NSA key.

The NSA Key is probably not:
Here's what Schneier has to say about it.

While Microsoft is better than AOL, it's sort of like comparing being stamped on by an elephant and mauled by a bear. They both suck.

Very true, but just because a company puts out turds 98% of the time doesn't mean they CAN'T put out an acceptable, even useful, product.

I'm actually using Mozilla 0.7 right now. It's great. It feels like Netscape 4 (which was easy to use, when it worked), and is really fast. Plus it renders HTML quite well.

Mozilla isn't bad. It's getting there, but I still like IE better for daily browsing.
Maybe in three months it'll be good enough for daily use.
Konqueror, on the other hand, is prolly the best one for freenixes right now.

Just a sidenote: Any particular reason why your website just forwards you to slashdot? Just wondering... :)

Just a bit of satirical commentary about blind linux and open source zealotry.
The attitude of 'Linux is the be-all end-all One True OS for Every Purpose' just grates after a while.
My real site will be here.
(No, it's not a redirect to goatse.cx, either.)

--K

Basically, he says they are a dangerous thing ...

The comforts you demanded are now mandatory -- Jello Biafra
--

Well, Bruce Schneier has a nice story about somebody pretending to work in a dotcom without anobody noticing he's there without being employed there at all! Read it at http://www.counterpane.com/crypto-gram-0012.html#3 , scroll down to Social engineering at its finest..

On the other hand, go over to SourceForge and do a search for Napster to see how many people are trying to build on the idea. It's only a matter of time before:

1. Napster gets fat and complacent on its subscription fees, and lets its quality of service fall to shit
2. Some hacker adds some great new feature to some part of the system, and tells eir friends about it
3. Napster is blissfully ignorant of the feature, or just ignores the feature, hoping it will never catch on
4. The feature catches on, tons of people switch over to the open-source alternative
5. The easy revenue stream for musicians disappears again.

Putting copyright protection on the HD, presumably requiring the participation of the OS (not likely in the case of Free software anyway), essentially means that the PC must become a trusted client when running software.

Bruce Schneier (the very same) speaks to the idea of trusted clients in the 15 May 2000 Crypto-Gram. Here he says:

Other companies claim to sell rights-management software: audio and video files that can't be copied or redistributed, data that can be read but cannot be printed, software that can't be copied. The common thread in all of these "solutions" is that they postulate a situation where the owner of a file can control what happens to that file after it is sent to someone else.

It's complete nonsense.

Controlling what the client can do with a piece of data assumes a trusted (from the point of view of the initial owner of the file) piece of software running on the client. Such a thing does not exist, so these solutions don't work.

Besides, such a thing would put such a damper on PC sales as to make the last quarter look like a windfall...

I meant to say: explanation of key stretching, and the paper about it.
--

SSH is as secure as you make it. If you validate server keys rigorously, MIM attacks are impossible. If you regenerate your keys frequently, it's even less likely that you will be compromised. Until quantum-based encryption becomes reality, the 'perfect' security system is just theory. Until then, SSH is certainly good enough for me.

TCP/IP and UDP provide no built-in encryption or authentication, and it will be a very long time before there is widespread use of IPSec.

IPSec isn't a solution either. Well, Bruce Schneier certainly doesn't think so, anyway. Check out this at Counterpane.

Sample quote:
We strongly discourage the use of IPsec in its current form for protection of any kind of valuable information, and hope that future iterations of the design will be improved. However, we even more strongly discourage any current alternatives, and recommend IPsec when the alternative is an insecure network. Such are the realities of the world.

What do you think about Bruce Schneier saying "Security is a process, not a product." Is OpenBSD a secure product?

If you're going to go through that much trouble, why not just do it by hand?

It wouldn't be too terribly difficult if you used some sort of stream generator like Solitaire. I guess that your only problem, then would be to find a way to distribute the keys. But it would be a stap in the right direction for the truly paranoid.

3. Even if watermarking works, it does not solve the content-protection problem. If a media player only plays watermarked files, then copies of a file will play. If a media player refuses to play watermarked files, then analog-to-digital copies will still work. If a watermark is designed to identify the legitimate owner of the file, it still doesn't prove who copied the file or provide the copyright owner with a party worth suing.

You write "The song file will be viewable if you decode it with your private key." Well, just decode it with your private key and then distribute the decoded song to all your friends around the world, no real magic here.

..since the gamasutra url has the date 20000724 embededded in it it should be a hint that this is old news..

Truly. But I just had the latest issue of Crypto-Gram land in my mailbox, with.. a link to this article! What's the bet that whoever submitted it to Slashdot found it the same way, and therefore thought it was new..?

Is there any way to do this securely w/o a physical record of the vote?

Yes.

In Applied Cryptography, Bruce Schnieir describes several possible protocols for secure elections.

None are perfect though, something we should remember before we go installing MicroSoft Vote v2.04 everywhere and end up with more problems than we started with.

The most interesting variant is "Voting without a Central Tabulating Facility" where each voter does some cryptographic gymnastics on their vote, and passes the result around so everything is counted in the open, no secret counting agency necessary. No one can tell who voted for who, it will tell you if someone tries to vote twice, or if you try to change someone else's vote. Incredible!

In another example, each voter encrypts their vote with a random serial number such that when the vote is over, each voters # is published and individual voters can confirm who they voted for, but who anybody else did, and the Central Counting Agency cannot identify voters from their vote.

Again, the protocols are not perfect, but they're an excellent starting point if you're interested in secure voting.