Slashdot Mirror

Maybe soon for really secure accounts, we'll have a fairly painless set of layers, ala: something you have - the random PIN cards, something you know - pword, something you i.d. - (handwriting/picture/word)?

• Something you are (e.g. fingerprint or retinal pattern, DNA sequence, biometrics)
• (variant:) Something you do (e.g. signature)
• Something you have (e.g. driver's license, credit card, cell phone, software token)
• Something you know (e.g. a password, personal identification number)
• (there's also a paper on) Somebody you know
• or a combination of the above (e.g. a credit card with a PIN number)

I think you miss the point. It is the bank's responsibility to ensure the authorised person and only the authorised person access the account. What this is, is the equivalent of saying that some how that is now the customers responsibility. It is just so wrong, if the bank chooses to offer a service, than it is the banks responsibility to ensure that the service can be offered securely, not the customers.

I've always thought it's partly the user's responsibility to ensure that authorization information is secured.

If that means not installing malware like a blithering idiot, maybe that's something they should stop doing.

For example how many banks were only accessible via IE even when there were warnings about using IE and that everybody should be using Firefox, no whose fault is that. If banks are serious, then what they should simply do is force everyone to dual boot and only access the bank services via Firefox running on top of Linux.

Firefox and Linux won't fix "stupid". Unless you're saying that phishing emails are a Windows only problem. I won't touch Windows unless I'm being paid to, but in this case, I don't think it's the problem.

Or more realistically they can demand the use of a hardware security device, like a usb based device combined with user name and password, but of course the buggers are way to greedy and cheap to do something like that.

That I agree with. RSA keyfobs would be nice, but I doubt it'll happen any time soon.

"it wasn't corporate policy to allow IT workers to access systems after termination" LOL My organization is implementing RSA two factor authentication http://www.rsa.com/node.aspx?id=1156 to ensure that network admins can't get access once they leave the company. Without controls like this you just need one digruntled admin to cause you some big headaches.

IIRC, for SecurID, It is possible to emulate the harware token in software if the certificate is available.

If it could desceretly be extracted from the device in some manner, that would really break the system

Many banks ARE rolling them out in this form: http://www.rsa.com/node.aspx?id=3019

Likely, by a small lithium battery. However, the power requirements are small enough that a solar cell/capacitor arrangement or a very small mechanism that generates a small current from motion (think Eco-drive watches) would be feasible solutions in the future.

See how RSA SecurID works here.

Replace it. The server should resync with the unit after one failed attempt (it will just ask you to enter the next code).

I don't know that guy's parents, but thinking of my own parents, or my wife, they want to be able to use computers well, but they aren't in that world all the time. Most people who read slashdot know a lot about computers. We have taken them apart, upgraded them, built new ones. We've looked through the Windows Device Manager (or lspci). We know what all the different parts of a PC are, and how they interact with each other.

For everyone else, it's a magic black box. They know files are kept in there, and maybe that it has fans and gets hot. Oftentimes, they don't know that RAM is the working space for running programs, and that it's a lot faster to access RAM than the hard drive. They don't know the difference between IDE and SATA and SCSI, and they probably haven't even heard those words before. They know how to plug in an iPod, but only if their PC case has USB ports on the front.

Even when someone wants to learn, they'll get beaten down with marketing confusions like 1GB = 1,000,000,000 bytes (why wouldn't that be true, as far as they know?), 3 Mb/s = 384kB/s, and 802.11a/b/g/n (these letters are assigned by standards bodies made up of engineers, not by marketing people). In the market for security products, customers really have to pay attention to realize that security by obscurity is very poor security (or worse than none at all in many cases), and even to be able to recognize when obscurity is even being used as the main form of security. The many different encryption algorithms available today are confusing at best (how are my parents supposed to remember that DES, not AES is the one that has been cracked). And then consider the fact that even a very secure algorithm like 256-bit AES can be completely worthless if it is not implemented very carefully. RC4, the algorithm used in the easy to crack WEP wireless encryption scheme, can actually be pretty secure, if it is implemented correctly, which it wasn't for WEP.

In TFA, Schneier points out that even he has a tough time telling if if some of these products are implemented well or not. Computer security is a very complex subject. "Is that a thumbprint reader? That must be secure, I saw one in a high-tech spy movie in the 80's!" Movies and TV don't help, either.

Why isn't the data encrypted with some sort of strong schema during the transit?

It's like a bank machine gives you money because you HAVE your bank card and KNOW your pin.

See two-factor authentication devices from RSA SecurID, VASCO, or Secure Computing.

Microsoft has had a tight partnership with RSA for several years. Any word if MS will roll their own?

Sam

RSA SecurID authenticators are as simple to use as entering a password, but much more secure. Each end user is assigned an RSA SecurID authenticator which generates a new, unpredictable code every 60 seconds. The user combines this number with a secret PIN to log into protected resources.(from here)

wrong problem...
rsa requires factoring...this isn't rsa

Are we talking RSA-ECC or DLP-ECC? (See: RSA Labs FAQ)

When I was ([post sponsored by Politrix) writing this I was thinking ([Sponsor) thinking about how much money ([Symantec) product placements generate. Maybe ([Pepsi) Slashdot should look into this for ([RSA) revenue generation?

The best solution to the password problem are authentication tokens like Cryptocard or SecurID.

jon.sable@sympatico.ca

According to RSA Security's website, while Dobbertin's work did find weaknesses in the compression function of MD5, it did not provide collisions for the hash function in its entirety. This seems to be at odds with your first statement, but you are welcome to take that one up with RSA Labs if you feel like it.

Potentially the most worrisome (at least to the general public), but least covered in the press of the recent cracker attacks against major websites, early Sunday crackers managed to replace the main page of www.rsa.com with their own message.

Here is the Newsbytes story.

There seems to be a bit of confusion about exactly what this software offers over the standard SSH. Hopefully I can help clear it up a bit.

• Licensing

  SSH1 comes with a license which is rather ambiguous about commercial use. The most common interpretation is that it's OK to use it commercially so long as one isn't making a profit directly off it. (e.g. charging people for the software.) SSH2 is much clearer-- in order to use SSH2 in a business you must use the closed-source, $400-a-server version from DataFellows.

  Here is the vague portion of the SSH1 license:

  Companies are permitted to use this program as long as it is not used for revenue-generating purposes. For example, an Internet service provider is allowed to install this program on their systems and permit clients to use SSH to connect; however, actively distributing SSH to clients for the purpose of providing added value requires separate licensing.

• Compatibility

  SSH2 clients cannot talk to SSH1 servers. This was by design in an attempt to drive people to upgrade to the new protocol. SSH1 clients are able to talk to SSH2 servers.

• Patents

  The IDEA (default) algorithm is patented and requires a license to use commercially. The RSA algorithm is also patented, but that patent has either expired or is about to expire. If one can find a copy of "rsaref", formerly offered freely from RSA's FTP site, then one can use it instead of the internal RSA algorithm to work around this little hurdle.

One reason there is demand for another implementation of the SSH protocol is so that people in small businesses can continue to use SSH while still maintaining access to the source code and also staying $400/server closer to being profitable.

Given the incompatibility of the clients, upgrading from SSH1 to SSH2 requires a flag day upon which day every client and server must be simultaneously upgraded to SSH2. Trying to upgrade in stages results in those with SSH2 unable to connect to SSH1 servers. It is possible to install both versions of the client, but the user will have to be the one "failing over" to the other version. Irritating at best, costly and time-consuming at worst.

For more information about SSH implementations, check out the Open Directory Project's SSH Category.

What other open source project would you expect Netscape Communications Corp (or AOL) to be involved with?

The fact that it has taken a whopping long time for the (marginally usable) M10 release to arrive is not a clear example of failure; the project has had to labour under several significant constraints:

• In order to release Mozilla as Open Source(tm), Netscape had to tear out a whole lot of code that they didn't own. Java, VisiBroker, RSA stuff, ObjectStore, TrueDoc, Full Circle Talkback, Inso Proofreader, and others.

  This left gaping holes in the source code tree, things that had to be reimplemented.

• Mozilla has essentially been rearchitected.

  What with the above gaping holes, and other things that had grown into being ill-designed, it made huge sense to rebuild a whole lot of the functionality from scratch.

If a version that is of "production quality" is released in the next 4 months, which is not inconceivable, that essentially means that Mozilla has been recreated in two years, which is certainly not a monumental failure.

If your site is a commercial site in the US, then there is no way around it--you must license the RSA algorithm from RSA (unless you want to challenge the RSA patent in court!). If you call up RSA they will give you a price quote in the thousands (I tried this once). A far cheaper way to get an RSA license is to buy RedHat Secure Web Server (now repackaged as RedHat Linux Professional).

IANAL, but I have read the "Advanced Cryptography License" that comes with Secure Web Server and I believe that the license does in fact allow you to legally run an implementation RSA using any SSL server software you want on your site. That means you can buy Secure Web Server and then legally run mod_ssl on your web site. That's what I would do if I were in your position, since mod_ssl is a quality free software product.

While state-of-the-art improvements such as the number field sieve obscure the details, the basic quadratic sieve is not hard to understand. One way to factor n = s * t is to find two numbers x and y whose squares are equal. x*x == y*y (mod n) implies that x == +/- y (mod s) and x == +/-y (mod t). Half the time, the individual +/- choices are the same, so x == +/- y (mod n), which is not very informative. But the other half, x == +y (mod s) and x == -y (mod t), so x+y is a multiple of s but not a multiple of t, so t = GCD(x+y, n) is easily computed.

To find those numbers x and y, the quadratic sieve steps through possible x values, and tries to factor x*x (mod n). If you're lucky, its factors are all small primes less than some bound B, and the factorization produces one row in that giant matrix to be solved, called a relation.

Choosing the correct bound B is very tricky. The higher it is, the faster you will find relations, but it also determines the number of columns in your matrix, and you need as many rows (relations) as you have columns.

To do the search efficiently, you set up a sieve (does anybody remember the sieve of Eratosthenes?) with slots for a great many possible values x, then, for each prime p less than B, it turns out that there is a simple repeating pattern (two numbers out of every p values) of which values of x*x mod n are divisible by p. So you multiply the slot by the prime p for every applicable slot, and when you're done with all the primes p, look for slots whose values are high enough to be a relation.

Now, multiplying 512-bit numbers are slow, so actually, you use logarithms. For each slot, you add log(p) and see if the result exceeds log(x*x mod n). Furthermore, you use a rough approximation (like 32 bits long) and double-check any accumulators that get close enough.

An important thing to note is that it is fairly easy to double-check results, so an approximation is adequate, as long as the number of false hits doesn't get too high. Also, missing a few relations is fine, if it helps the search rate enough to increase the number of relations that you do find.

TWINKLE basically automates this process using optics. The design uses a whole gallium arsenide wafer studded with LEDs (one per prime p), each with a filter that adjusts its intensity to be proportional to log(p). The trick to making it work is to not worry about making the filter perfect, but to measure the intensity of the LEDs and then assign them to primes accordingly. Each one is programmed to blink on at the appropriate times in a pattern of length p.

Anyway, you aim all the LEDs at a photosensor, clock the whole thing at 10 GHz and record whenever the intensity exceeds log(x*x). The receiver circuitry is tricky, but 10 Gbps fiber-optic receivers exist.

The paper is available as a postscript file in http://jya.com/twinkle.zip. Bob Silverman wrote up an overview at http://www.rsa.com/rsalabs/html/twinkl e.html .

So, we have from IBM a chip that is supposed to make transactions "secure". My best guess is that it uses some proprietary encryption algorithm to do this. The problem here is that word "proprietary." Attempting to keep the crypto algorithms secret only ensures that there will be bugs and weaknesses, because the algorithm was not subject to a massive review in the way that PGP was. Can't IBM learn from Microsoft's mistakes in the field of encryption? I would be much more impressed if IBM made these computers with chips designed to quickly do PGP or some other public-key algorithm known to be secure. I don't trust proprietary encryption, and neither should you. If you really want more info, check out the RSA Labs Crypto FAQ. It's an excellnt source of information on all aspects of crypto and security.

Um, no. A 1024-bit key will take 6 to 7 million months to do with TWINKLE (that 500,000 years for y'all without calculators in your skulls), according to RSA Labs.

The announcement at RSA.

The top of the most active thread on sci.crypt at DejaNews
--

To the best of my knowledge, more intellectual energy is being thrown at the problem of factoring in the mathematical community than the NSA and friends can probably muster. For that reason I doubt that they can get, let alone maintain, a significant lead for very long on the theoretical side.

However on the practical side using routine application of current theory and sufficient money (ie hardware) you can indeed get better results than are publically available. It is a safe bet that various 3 letter agencies have made this investment and can crank through tremendous volumes of material encrypted with legally exportable encryption.

Incidentally anyone with any questions on encryption should wander over to the RSA folks.

Cheers,
Ben

Quick! Run, don't walk, and find yourself a copy of Applied Cryptography!!!

Read read read read it! Right before bed every night, and right when you wake up in the morning. Peruse the web in search of information (searches for terms like PGP, RSA, Diffie, Public Key, Key Server, Cryptography, Cryptanalysis, security, privacy and other related terms will probably yield some more helpful info...

Counterpane is probably one of the best places to start. Read the white papers there. Subscribe to the newsletter. Check out the links. You might want to check out RSA as well. They've got a bunch of FAQ's on their website, most of which will answer your questions. You may also want to check out PGP (that link's only if you're not a business... The PDF manual has a lot of info as to how the product works. Verisign will probably have some more information... I haven't been there recently, but i'm sure you can unearth something...

Anyone else want to pile on some more resources for this guy (or girl)?

(That was still a lot less typing than answering all those questions, and will probably supply better information that I could type in an hour...)

... if for no other reason than a lack of information.

A paper from the first announcement of this back in May is available in a couple of places (zipped eps and postscript), as well as an analysis by RSA. see also the RISKS posting.

If you meant just that the design is untried, I suppose this won't convince you, though optical computers of this sort have been build (on a much smaller scale) before. Anyway, we have this thing called "engineering" for figuring out if something's going to work or not. :)

I don't seen any new information on the web. Can someone from the conference let us know what progress has been made on the design front?

man, am I good at remembering past stories:
The description of the original device has been posted here (slashdot discussion: here).
an analysis of the device by the RSA Labs has been posted here (related slashdot posting).

I've been to the linked site and read around a bit - it seems full of nothing but marketroid-drivel., but then again I think e-commerce == hype + forms + hype + ssl + hype
+ CGI, so what do I know? ;)

Well,

a) Red Hat provides technical support.

b) To use RSA (required for SSL) for
commercial usage you need to license it from
RSA Data Security Inc. - which is worth $100.

c) It's one package, making it easy for something who wants to use existing tools to setup their own e-store. Time is money, so by including all these products and demos together in one place it can save a lot of time. There is no need to spend time looking at lame solutions or NT-only solutions.

d) Most real e-commerce solutions include credit card processing software or micro-payments, something you can't "roll-you-own" and expect your local bank to let you interface with them.

e) Some people have mentioned Stronghold as if it was free, it's not free for commercial usage! Again, due to the RSA patent issue (b).

f) No one said you had to buy it.

Can be found at: http://www.rsa.com/pressbox/html/990 119-1.html

Zachary Kessin wrote:

No one has ever proved that RSA is secure.

Depends on how you define "secure". I define secure encryption as being more costly for an unauthorized person to decrypt the information than:
A) the information is worth; and
B) gathering the information through other means

RSA can be applied in such a way that it meets both of these requirements. Most, although not all, of this is mathematically provable.


It has not been proven (as of last I looked) that you need to factor the number to break RSA.

Of course it hasn't been proven that you need to factor the number to break RSA. It's been proven that you need to either factor n or compute the eth roots mod m. For more details, you can go here. I understand the formal proof is given in Applied Cryptography, by Bruce Schneier, but I have not personally examined this.


nor that there is not a fast way to factor a large number. Its just that no one has found a good method for doing it.

There is, of course, no proof that we have the fastest method possible to factor a large number. To quote RSA, "Factoring is widely believed to be a hard problem, but this has not yet been proven." We do have some pretty good factoring methods (see What are the best factoring methods in use today?, from RSA's FAQ), but who knows if someone will come up with a better way next year or even next week. In fact it has been proven that a hypothetical quantum computer could be able to do the factoring problem in polynomial time, one just hasn't been built yet.

Zachary Kessin wrote:

No one has ever proved that RSA is secure.

Depends on how you define "secure". I define secure encryption as being more costly for an unauthorized person to decrypt the information than:
A) the information is worth; and
B) gathering the information through other means

RSA can be applied in such a way that it meets both of these requirements. Most, although not all, of this is mathematically provable.


It has not been proven (as of last I looked) that you need to factor the number to break RSA.

Of course it hasn't been proven that you need to factor the number to break RSA. It's been proven that you need to either factor n or compute the eth roots mod m. For more details, you can go here. I understand the formal proof is given in Applied Cryptography, by Bruce Schneier, but I have not personally examined this.


nor that there is not a fast way to factor a large number. Its just that no one has found a good method for doing it.

There is, of course, no proof that we have the fastest method possible to factor a large number. To quote RSA, "Factoring is widely believed to be a hard problem, but this has not yet been proven." We do have some pretty good factoring methods (see What are the best factoring methods in use today?, from RSA's FAQ), but who knows if someone will come up with a better way next year or even next week. In fact it has been proven that a hypothetical quantum computer could be able to do the factoring problem in polynomial time, one just hasn't been built yet.