Slashdot Mirror

http://www.schneier.com/blog/archives/2006/06/the_ doghouse_kr.html

Nough said.

http://www.schneier.com/blog/archives/2004/10/the_ legacy_of_d.html

Of course, this assumes that Bruce Schneier is not an NSA stooge.

Bruce Schnier wrote about this in the most recent Crypto-Gram. The reason is that there is tremendous lobbying pressure being applied to Congress to water down this legislation, and trump the more effective state laws in the process.

Write your Senators and Congresspersons.

F-Secures rootkit scanner detected Sonys rootkit as such from the very beginning, AFAIK. Also, Bruce Schneier said: "Perhaps the only security company that deserves praise is F-Secure, the first and the loudest critic of Sony's actions..

>They might, after all, be providing essential intelligence that is leading to the constant thwarting of a significant number of terrorist operations; on the other hand, they might not. We simply don't know.

We do know. When the FBI gets hold of this "intelligence" and investigates they invariably find it a waste of time. We know that the false alarms hurt our safety if the FBI agents were called away from investigating real crimes. We would know if any terrorists were arrested and brought to trial because that's public information.

I thought you were saying that a every company should hire people to build their own implementations, but I think what you're saying is that *when* they make their own implementations, only security experts should be allowed to do it (or, they should at least be heavily involved). That makes much more sense.

http://schneier.com/
http://schneier.com/blog/

Schneier's column at Wired is about security decisions, not just software. It is a regular feature.

Go to his blog to read the comments from the well-informed readers he attracts rather than the Slashdot monkey mob. Some of the readers there also ask where the beef is on vendor liability, and it turns out the question is not a new one to Schneier's body of work.
http://www.schneier.com/blog/archives/2006/06/alig ning_intere.html

The only thing I agree with in what you said is that the Slashdot article summary is misleading. Otherwise, you are at best grossly misinformed, at worst on a bit of an afternoon drunk yourself.

http://schneier.com/
http://schneier.com/blog/

Schneier's column at Wired is about security decisions, not just software. It is a regular feature.

Go to his blog to read the comments from the well-informed readers he attracts rather than the Slashdot monkey mob. Some of the readers there also ask where the beef is on vendor liability, and it turns out the question is not a new one to Schneier's body of work.
http://www.schneier.com/blog/archives/2006/06/alig ning_intere.html

The only thing I agree with in what you said is that the Slashdot article summary is misleading. Otherwise, you are at best grossly misinformed, at worst on a bit of an afternoon drunk yourself.

http://schneier.com/
http://schneier.com/blog/

Schneier's column at Wired is about security decisions, not just software. It is a regular feature.

Go to his blog to read the comments from the well-informed readers he attracts rather than the Slashdot monkey mob. Some of the readers there also ask where the beef is on vendor liability, and it turns out the question is not a new one to Schneier's body of work.
http://www.schneier.com/blog/archives/2006/06/alig ning_intere.html

The only thing I agree with in what you said is that the Slashdot article summary is misleading. Otherwise, you are at best grossly misinformed, at worst on a bit of an afternoon drunk yourself.

1. Don't connect SCADA systems to the internet without a damn good reason. If you must, put in high-grade security.
   
2. Terrorists with ANFO are a lot more dangerous, in general.
   
3. Don't panic. There are more likely threats.
   

Mind you, in 2005 people were still doing stupid things when it came to SCADA system security. Using a home computer to control the water supply of a city of 3 million people? Not smart.

1. Don't connect SCADA systems to the internet without a damn good reason. If you must, put in high-grade security.
   
2. Terrorists with ANFO are a lot more dangerous, in general.
   
3. Don't panic. There are more likely threats.
   

Mind you, in 2005 people were still doing stupid things when it came to SCADA system security. Using a home computer to control the water supply of a city of 3 million people? Not smart.

Background: I'm 42 and live in a pretty damn small rural city (75,000 people). That eliminates some of a big city's risk but not sicko abductions of kids and teens, which have always been around here in numbers enough to merit attention (a classmate of mine disappeared in '79 (one of several to disappear, whose remains were found years later by hunters and hikers). So, while I grew up in a similar relaxed era, I'm biased a bit but I think you're right and I've seen numbers to confirm your suspicion:

Stats I can google up and have read say the USA has a hundred thousand abductions per year. Just 600 of them are taken by strangers, according to ChildFind. 200 kids per year are abducted and killed by strangers. THE VAST MAJORITY OF ABDUCTIONS ARE NOT BY STRANGERS. They're custody-related.

At a conservative googling of 100k per year, abductions would be worrisome (that's 1 per couple thousand people, or 1 per 500 kids, assuming kids are 25% of the population). But at 1 in a million odds? For this, you're gonna deprive a kid from the outdoors and friends and such!? Heck, that's miniscule compared to the risk a kid faces from drowning, falling off a bike, being the one-in-several-hundred that dies tragically in high school (car wreck, suicide, drinking-related, etc).

We got a handbill several weeks ago (I forget from what official agency) that said 'Don't Talk to Strangers' isn't working. The focus needs to be on avoiding adults that act unusually, warning kids what an inappropriately-acting adult (friend of the family or otherwise) will say or do, who is more trustworthy, and how to run/holler/resist/tattle when an adult acts inappropriately.

So, I (absurdist that I am) take my guidance from Crush, the Sea Turtle in 'Finding Nemo'-- I try to reign in my irrational urge to overprotect, I look for reasonable opportunities to let my kids have more freedom, and my wife and I try to keep the kids outside as much as possible. If I had the time, I'd be subtly lobbying other parents in the neighborhood to do the same.

(links, including a nice geek-friendly Bruce Schneier... though I'd say you should look for something by Oprah if convincing your wife is the goal)

http://www.childfindofamerica.org/Information.htm
http://www.jfox.neu.edu/The_boogeyman_in_the_green _car.htm
http://www.schneier.com/blog/archives/2005/06/talk ing_to_stra.html
http://www.zmag.org/Sustainers/Content/2002-09/04p eters.cfm
http://www.childfindofamerica.org/prevention.htm

Oh, and my kids are too young for chemistry sets, but I bought one for my young-teen nephews on ebay. $40 for the same one we played with in '75, complete with a bunsen burner, meltable sulphur powder, iron and magnesium shavings, test tubes, and a dozen compounds that'd poison anyone dumb enough to ingest 'em. 40-some bottles of reagents... awesome.

What an hilarious coincidence ! Listen to this: Bruce Schneier is currently running a contest on his blog where people are asked to invent dumb movie-plot terrorist threats. The purpose of this contest is to demonstrate that such invented threats are only "good for scaring people, but it's just silly to build national security policy around them". And a recent suggestion (that predates TFA!) is precisely based on the idea that terrorists could build faulty parts into automobiles. I litteraly ROTFL when I heard the director of the U.S. Cyber Consequences Unit saying that terrorists could cause cars to explode :)

What an hilarious coincidence ! Listen to this: Bruce Schneier is currently running a contest on his blog where people are asked to invent dumb movie-plot terrorist threats. The purpose of this contest is to demonstrate that such invented threats are only "good for scaring people, but it's just silly to build national security policy around them". And a recent suggestion (that predates TFA!) is precisely based on the idea that terrorists could build faulty parts into automobiles. I litteraly ROTFL when I heard the director of the U.S. Cyber Consequences Unit saying that terrorists could cause cars to explode :)

Here is what Bruce Schneier thinks of Vista's UAC feature.

Vista is currently at Beta 2 (Build 5384) and Thurrott's opinion of Vista's UAC feature has changed. That link has a full review of Beta 2's current implementation of UAC and offers the following opinion:

Finally, I should note that UAC is evolving over the course of the Windows Vista beta. When I wrote When Vista Fails, the fifth part of my Windows Vista February 2006 CTP/Build 5342 review, UAC was popping up consent dialogs too frequently. Also, there was a bug in UAC that resulted in certain consent dialogs appearing repeatedly with no way to authenticate certain tasks. The proliferation of dialogs and aforementioned bug have been fixed in Windows Vista Beta 2. Better still, Microsoft also promises to make further changes to UAC over the remainder of the beta program to further reduce the number of times users will have to provide consent. In short, what was once aggravating is now quite bearable. The security benefits of UAC far outweigh whatever annoyances its dialogs might cause.

Here is what Bruce Schneier thinks of Vista's UAC feature.

This NCS analysis supports the SWG's finding that viruses and worms prevalent across the Internet at the time of the outage did not have any significant impact on power generation and delivery systems.

Their definition of "significant" should be examined, but that's not the conclusion I was quoting. It was entirely possible that the systems were overloaded by network traffic and that's what caused them to not trigger miss alarms. That's why the issue was investigated. Whether or not that would constitute a "significant" impact or not is something only the report writers can answer. What's not denied by the above is that critical communications between operators and management were impeded. The lack of human operators to get what they needed is a significant problem.

This is not some opinion I pulled out of my ass. Schneier came up with it and the accident report does little to refute his notions. Specifically (pages 50 and 51), the number one cause of the accident is "inadequate system understanding". Remote terminals then the main system failed along with it's alarms. As Schneier noted the report states:

14:54 EDT. However, for over an hour no one in FEs control room grasped that their computer systems were not operating properly, even though FEs Information Technology support staff knew of the problems and were working to solve them

You can take it back further to the first failures of the State Estimators due to network communications problems. It was this problem that had IT people fooling with the system to begin with. Later, the alarm system stalled. I imagine both of these problems can be traced back to the blaster worm then tearing through corporate networks the world over. They did not get their contingency planning systems back till 16:04 (p49). The report, for one reason or another, does not mention the exact reason for the SE failures so all we have is strong coincidence.

For the second time in two weeks, I've had to correct you when you blamed an operating system you don't like for errors in somebody else's software.

Your compulsions and ideas are entirely your own, but I'm flattered by your close attention to my writing.

I don't trust any encryption system that isn't open and well-analyzed, regardless of the country of origin.

That said, I'm sure that some Chinese people are capable of developing strong cryptography. They broke SHA-1, after all.

I don't see these specific points being made, although the Nazi Star of David requirement for Jews has been mentioned. If someone else has said them, my apologies.

Genetic heritage. My mother still has the leather satchel containing all the family documents my family compiled to prove to the Nazis' satisfaction there was no Jewish blood in the family. Naturally the officials in question were concerned about forgery. Think how much easier things might have been for the Nazis if only they could have used genetic markers to determine who stayed and who went! A bit ironic a Jewish American is suggesting this plan. When we were locking up Japanese Americans in WWII, and more recently registering & detaining Arab and Muslims, don't you think the gov. would have valued a genetic database?

Crime and punishment. Bruce Schneier has pointed out that one of the balancing acts played out between government and citizen is balancing the level of punishment with not just the severity of the crime, but the ease of solving it. He was speaking in reference to automated, camera-recorded traffic tickets, but a national genetic database is also part of this discussion. It's not possible the gov. would not put such a database to further use; the implications need to be considered beforehand.

Misuse in the business world. The potential for misuse by the business world is pretty awful. If there's a database of workers, then the hiring process gives access to the information. Businesses could use genetics to weed out employees who ran a higher risk of illness, or were an ethnic background the employer found undesirable. And since the medical, insurance, and pharmaceutical companies all hire, they would be able to use the information for their own purposes: for example, deciding which disease/genetic "disorder" to target by its frequency in the database. I say "disorder" because there are many current disorders which were nothing of the kind twenty years ago, but are being classified now as such because it sells drugs and treatment. How much easier to associate this with a genetic marker and use the database to pick markers that are widespread?

The first time I used WIndows NT, I tried out several obvious attacks on the privilege model, and succeeded more often than I failed. I was even able to boost Power User to Local System, which actually has more privileges than Administrator.

Windows NT is at least 3 versions behind Vista, probably 4. I know MS's reputation as well as anyone, but it really does look to me like they are making attempts to fix up the user model with Vista.

If it turns out that it's as easily broken as you say, I'll concede defeat; but, I think that considering it a foregone conclusion that it's broken is unfair and very possibly wrong.

Confirmation and approval dialogs are almost worthless from a security standpoint. They operate at the application level, and the component that generates them has to have the privileges they're allegedly protecting

Not the ones I'm talking about. See this comment, this blog (and keep in mind that the number of things that trigger warnings was reduced in Beta 2, though not by enough, and there's still discussion going on in MS about to what degree to require confirmation), and probably plenty of other sources.

At any rate, you still can't infer ANYTHING about the user model just by the fact that IE runs in a sandbox. MS may not deserve much credit when it comes to security, but doing so is grossly unfair to even them.

Well, 2(a) specifically excludes mathematical methods from the scope of patentability. A computer program that does something useful is almost certainly based around a mathematical method. In fact, things like compression and encryption algorithms are mathematical methods. A person with crayons, graph paper and plenty of time on their hands could look at a hex dump of a GIF file and draw the picture it described. There is no doubt in my mind that they would be performing a mathematical operation, which is rightly unpatentable. A person with enough paper and enough patience might even be able to study a hex dump of an MP3 file and write out a set of numbers which would form a corresponding raw PCM file. Writing it out in musical notation would be pushing it some.

Likewise, encryption is a mathematical operation and so not patentable. Look at Bruce Schneier's Solitaire for an example of non-computerised data encryption.

[Please mod my previous reply down. It's botched.]

There is some information about the algorithms they're using here. That page says that they're using 1024-bit DH to negotiate a 128-bit AES key, then they XOR the output of the AES algorithm with the voice data.

Frankly, I don't trust it.

First of all, neither 1024-bit DH nor 128-bit AES actually give you 128-bit security (i.e. 2^128 complexity). For AES, you need at least 256 bits of key material to get 128 bits of security. I don't know specifically about Diffie-Hellman, but it's similar in structure to RSA, and experts have been recommending at least 2048-bit keys for new designs using RSA for years, and that's not even to get a 128-bit security level. For a true 128-bit security level, you need something like 6100 bits (if I remember correctly), which most people don't use because it's very slow to do in software.

The "XOR" part of the description, while somewhat scary-sounding, might actually be counter mode, which is considered secure for AES and is actually recommended by Bruce Schneier in his book, Practical Cryptography. Or, it might just be XORing the output of a single repeating AES ciphertext block with the entire plaintext datastream, which would be trivially insecure. We really have no way of knowing.

As for authentication, which is often more important than confidentiality (and which may be required for confidentiality)? This is all I could find:

Additional security and integrity is ensured by a calculated HASH checksum that is indicated on the display.

There is no mention of what hash function is being used, nor of what is being hashed. Furthermore, people who talk about "HASH" -- in all-caps, as if HASH is an algorithm itself -- clearly don't know what they're doing. It might just be Vecrotel's marketing department messing things up. Or, it could be a more fundamental lack of expertise within the company. Who knows?

Have a look at the Vecrotel FAQ:

VECTROTEL IS BASED ON WHICH SW PLATFORM? IS THERE A SECURITY RISK?
The software is proprietary. There is no security risk.

...

KNOWING AND CHECKING THE SOURCE CODE IS VERY IMPORTANT. IS EVERYBODY ABLE TO REVIEW THIS SOURCE CODE?
No, we do not release the source code. Too much know-how would be at stake.

Totally unacceptable.

If those really are "frequently-asked questions", those responses are simply arrogant. The company has clearly adopted a "trust us" mentality. If I was willing to blindly trust other companies, I wouldn't be looking for a secure phone!

Crypto products are like voting machines. If their operation is not independently verifiable, then they simply cannot be trusted.

As an interesting side note, I don't see any FIPS certifications.

I smell snake oil.

Frankly, I don't trust it.

First of all, neither 1024-bit DH nor 128-bit AES actually give you 2^128 complexity. For AES, you need at least 256 bits of key material to get 128 bits of security. I don't know specifically about diffie-hellman, but it's very similar in structure to RSA, and experts have been recommending at least 2048-bit keys for RSA for years now.

The "XOR" part of the description, while somewhat scary-sounding, might actually be counter mode, which is considered secure for AES and is actually recommended by Bruce Schneier in his book, Practical Cryptography. Or, it might just be XORing the output of a single AES ciphertext block with the entire plaintext datastream. We really have no way of knowing.

Have a look at the Vecrotel FAQ:

VECTROTEL IS BASED ON WHICH SW PLATFORM? IS THERE A SECURITY RISK?
The software is proprietary. There is no security risk.

... KNOWING AND CHECKING THE SOURCE CODE IS VERY IMPORTANT. IS EVERYBODY ABLE TO REVIEW THIS OURCE CODE?
No, we do not release the source code. Too much know-how would be at stake.

Totally unacceptable.

If those really are "frequently-asked questions", those responses are simply arrogant. The has clearly adopted a "trust us" mentality, which just doesn't work with people who want strong security. I also don't see any FIPS certifications anywhere.

I smell snake oil.

The EU passed a law a while back that you couldn't sell a mobile phone without providing the gov with some method of eavesdropping on it. The thing is if they have weakened security to do this then they have also made it easier for the crooks to get in.

Back Doors, Export, and the NSA

I also recall reading where the No Such Agency bugged the VIP lounge on the world's favourite airline. The information gathered here and elsewhere being passed on to the top fortune 100.

Right. I think this is key. The anti-spyware and anti-virus software business is all about trust, and it's fairly obvious to me that Microsoft are not strong competitors in that arena.

For example, does Spy Sweeper identify World of Warcraft as the piece of intrusive spyware it is? Does Microsoft's anti-spyware software?

Personally, I would think that no closed-source application should ever be used in a secure network environment. That includes the OS, obviously. There's just too much stuff that a closed-source application could be doing that isn't good, even if there was no malicious intent.

Sure, but as Bruce Schneier says, open source does not mean "fewer bugs", necessarily. It does mean the potential of wider expert peer review.

An interesting question I have is whether the non-OSI "shared source" licenses would be sufficient to meet the needs of an organization's security? Open source values the number of eyeballs, but the eyeballs evaluating security challenges needs to be expert eyeballs, thus de-emphasizing the need for a freer license....

Fortunately, there are (some) competent and skilled security people we can point to as good eamples.

Blowfish was developed by Bruce Schneier and frineds. Not the spooks.

"Another advanced defense method that is possible, although unlikely, is to create an in-house encryption algorithm to use for encoding your network's data."

No, no, no, no, NO

As Bruce Schneier says "Public security is always more secure than proprietary security"

http://www.schneier.com/crypto-gram-9909.html#Open SourceandSecurity

Also, why don't they mention WPA? ( http://en.wikipedia.org/wiki/Wi-Fi_Protected_Acces s )

http://www.schneier.com/crypto-gram-0412.html#11 http://techaos.blogspot.com/2004/05/indian-evm-com pared-with-diebold.html This subject came up before, on cryptogram. I wrote a reply (first link above), referring a pretty nice paper (second link above). Summary: the Indian EVMs are much better, as much for non-technical reasons as for technical reasons!

Which the govt people can nicely exploit in recruiting new agents ("rat on your friends, or else..."), such kind of pressure was commonly used by various State Security forces in the communist bloc.

...then fear grips them as they realize the government has records of all those calls to their drug dealer...

Which aims the limelight at the insanities of the Drug War. What's wrong on an occassional joint once per a while, when even presidents did it, inhaling or not - and why another enjoyable and similarly dangerous substance, eg. whiskey, remains legal? Why the cowboyish belief that if the problem can not be pushed away with force, the only thing required is more force?

However, as you may be a teetotaller, other concerns may be closer to home for you. Investigative journalists, working on causes unfriendly to the govt people or their cronies. Offshore corporations with trade secrets that would benefit other corporations, this time within the US (cue ECHELON, and the two publicized affairs involving Boeing and Raytheon as beneficiaries). All sorts of critics of the status quo who would be better silenced. Figuring out who was a whistleblower in just-another-highprofile-affair and unleashing revenge upon his head - with suitable publicity, so his would-be followers won't succumb to the temptation. Finding out how to discredit that little old lady who valiantly fights the attempts to oust her from her house (which so inconveniently stands in the approximate location of the cheeses section of a WalMart-to-be), and gains unhealthy popularity with her neighbors. Or finding in the future that you called that shady dealer and bought a HDCP stripper so you could watch new movies on your old plasma TV. Or that you cheated on your taxes by conveniently omitting listing those barters with your neighbors as taxable income.

It's by far not only about drugs.

Or do you believe your government will never abuse these resources? That J. Edgar Hoover, or Richard Nixon, or Joe McCarthy and the droves of their ilk were just a historical fiction?

...the final straw however, is the US Government spying on.. Europe!

Which is absolutely none of their business. If the US wants to meddle into affairs of European citizens, then I, a European, demand to have at least a partial vote in the next US elections, and the right to issue FOIA requests. Either don't meddle in my affairs, or let me vote there. Why should there be any middle ground?

That whole terrorism thing tho? Just a jewish conspiracy! Ignore it!

That whole terrorism thing is overblown by both the politicians, whom it gives scared population that is easier to manipulate to allow being more easily controlled and/or sent to unnecessary wars, and the media, whom it gives scared population that is easier to manipulate to consume more junk news and enjoy the ultimate reality show known as "war".

Besides, who paid the Contras in Nicaragua, supported the death squads in El Salvador, and armed UNITA in Angola? If these organizations aren't terrorists, why it is not a double standard?

Terrorism is pretty much at the rock bottom of the list of death causes. The level of resources spent on fighting it already went over the point of diminishing returns, and the money wasted there would be better spent on setting up and maintaining more robust and redundant infrastructure, especially in the current age of angry weather, and better health care. Because my family, despite of the unremitting drumming of the Mass Media, enjoys a significantly higher risk of a flood, car crash, or a cardiovascular issue than of coming within visual contact with anything remotely resembling terrorism. Tell me, please, why should I be scared?

For further elaboration of the issue I suggest the book "Beyond Fear", by Bruce Schneier.

Since the program will waste investigative resources it will *harm* national security. No, I do not see good and legitimate reasons to hurt my country's safety.

>taste the wrath of /. for daring to question the mindthink

Yes, there is a lot of "mindthink" on Slashdot. Most of us think with our minds. There are exceptions.

"Identity-Theft Disclosure Laws"
(about half way down the page)

We are not weighing security against privacy here.

This is not a security vs. privacy question because progams like this don't improve security.

All this poll proves is that there are many people living in the US who may have American phone numbers, addresses, and passports, but who have no idea what it means to be American.

Yes, I believe that. Cryptanalysis is an international science - take the recent SHA-1 collision attack, for example. I'm sure the NSA would love a backdoor into the world's encryption systems, but luckily the NSA realises that there are plenty of talented cryptographers in other countries who would be able to find and exploit any such backdoor, damaging the business and military interests of America and its allies.

As long as a significant fraction of the world's cryptanalysts are located outside of Fort Meade, the NSA's best bet is to recommend the strongest cryptosystems it knows about.

Yep, consider the 'fingerprint is your key' story about someone losing a finger...

It's about time to put an user-transparent version of GPG (or symmetric encryption) in about every open source project, which uses communication or stores something. I'm already wondering, why it's not included in Thunderbird by default (I know, the provided GPG plugin is one of the best available for mail systems see http://enigmail.mozdev.org/ ).

Good programs would be:

- encrypted storage for torrent files (F*** off RIAA)
- Generate and upload GPG key when you install Thunderbird by default
- Encryption for VoIP (yeah, Skype has it and it pisses of the feds)
        http://www.schneier.com/blog/archives/2006/04/voip _encryption.html
        or zfone http://www.philzimmermann.com/EN/zfone/index.html
- GPG encryption in HTTP traffic (no more snooping on forms)
- ...

Do everyone a favor, call it identity fraud. Victims of the crime are being impersonated, not stolen. Identity is intrinsic to a person, not conferred upon them by their various credentials.

As far as reducing identity fraud, the easiest way to do it would be to pass laws increasing the liability of financial institutions that issue accounts to the criminals, or even making them pay penalties. At the moment, fraudulent accounts are no different than any other business for the financial institutions, so they issue accounts willy-nilly. Bruce Schneier writes about this quite a bit.

Moving the consequences of identity frad where they belong has much of the good of a stronger credential system, with little or none of the potential bad.

http://www.schneier.com/crypto-gram-0404.html#1

I'd throw in my opinion, but I'll defer to Bruce.

why not just create a Certificate Authority for the Federal Government? Then mandate that all driver's licenses and passports have a smart chip with a certificate signed by the government and your own personal public key, also signed by the government. A separate card could be issued with your private key on it. As a backup, encode the certificate for the ID card in a barcode on the back, so your ID can be verified even if the chip fails.

If you want to get rid of the separate card for the private key, come up with an algorithm for hashing other biometric data to make a private key: retinal scan and/or thumbprint.

If properly implemented, there would be two virtues to this system. The first is, after the initial check by the issuer that the issuee is who they say they are, no central database query is need to authenticate the ID. Each ID reader just needs a copy of the government's public key. After almost 10 years of Web Browser PKI experience, this system should be well-understood. The second virtue is, if every citizen has a public and private key pair, then check and credit card fraud could be eliminated. Those systems currently rely on insecure methods like written signatures, very short pins, or codes on the back of the physical cards. It would also be possible to easily encrypt e-mail, keep phone calls private, and transmit legally binding electronic documents.

Bruce Schneier points out that any ID card system will be flawed from the start because there is a human element in issuing and checking ID's. Biometrics and PKI would help, but perhaps not enough. At the very least, my proposal wouldn't be a worse ID system then we currently have, and actually provides two possible benefits we didn't have before. On the other hand, governments don't like strong encryption in the hands of citizens, so we would have to watch for backdoors in the system. There may also be a concern with the fact that your public key can now tie you to your various activities. Of course, this is pretty much the case now. Though, there are many virtues to a world where PKI is widely used.

Bruce Schneier wrote an op-ed a couple years back on why a national ID doesn't offer any more security. Interesting reading, to say the least: http://www.schneier.com/essay-034.html

Except Schneier says (on the page to which you linked):

These changes address most of the major security weaknesses of the orginal protocol. However, the revised protocol is still vulnerable to offline password-guessing attacks from hacker tools such as L0phtcrack. At this point we still do not recommend Microsoft PPTP for applications where security is a factor.

Microsoft has improved PPTP to correct the major security weaknesses described in [SM98]. However, the fundamental weakness of the authentication and encryption protocol is that it is only as secure as the password chosen by the user.

You do realise that that Schneier article about flaws in Microsoft's PPTP is eight years old, right?

Microsoft released a patch/upgrade (DUN 1.3) for Windows 95, Windows 98 and Windows NT 3.51 which Schneier agreed fixed most of the problems.

I really like OpenVPN. It works as a client or a server on Windows, Linux, FreeBSD, Mac OS X, and other operating systems, and it is pretty easy to install, configure, and run. I just followed the how-to. It operates over UDP or TCP, you can tunnel it through HTTP or SOCKS proxies, and the server can use any cipher or hash available in the OpenSSL library. PPTP is ubiquitous, but it has serious flaws. IPSEC is supposed to be standard, but interoperability is a configuration nightmare (especially if you try to do something complex, like use X.509 certificates, or something non-standard, like authenticate users against RADIUS). Firewall/NAT traversal can present serious challenges in some cases as well, as some firewalls can't handle non-TCP/UDP protocols. CIPE requires special support in the operating system kernel and only works on Linux and Windows, and tunneling TCP over TCP (when running PPP over SSH) is a really bad idea.

I'm using OpenVPN to tie routers running OpenWRT (Linux), routers running FreeBSD, and workstations/laptops running Windows, FreeBSD, and Mac OS X together. It works flawlessly.

The price of the substitute product would have to include the price for a substitute for the hardware as well.

As would the cost of any substitute hardware needed to run Vista *cough* bloat *cough* in an equally productive manner. Also, it is funny the added cost of upgrades down the road never gets counted, or the value of freedom subtracted... ;-)

"it doesn't solve the security problem. One way to look at encryption is that it takes very long secrets--the message--and turns them into very short secrets: the key. With a one-time pad, you haven't shrunk the secret any. It's just as hard to courier the pad to the recipient as it is to courier the message itself...Any product that claims to use a one-time pad is almost certainly lying. And if they're not, the product is almost certainly unusable and/or insecure." --Secrets and Lies

My brother developed a 2-document crypto version: you use one document to encode or decode the other.

Sounds suspicously like a one-time pad, which was developed long before your brother came up with it. It's also horribly insecure (your brother's implementation, that is). Read any basic cryptography text to understand why. Real one-time pads are 100% secure if implemented properly, with the caveat that the key has to be at least as large as the message. Poorly-implemented one-time pads can actually be worse than no cryptography at all, because they present the illusion of security that's not really there. In reality they're not so very different than the simple substitution described in the article - they're targeted at keeping your kid sister out, not a dedicated professional.

he says that in terms of increasing effectiveness, crypto should:

Rather than relying on someone related to you who clearly doesn't have a grasp of simple cryptographic theory, why don't you read a little from a recognized expert?

(1) Make it difficult to read (writing in mirror images).

If my little brother can decipher your message by holding it up to a mirror, that's not cryptography, that's a cereal-box game.

(2) Make it difficult to break (cryptoquotes on up to PGP)

Ahh, the single relevant point of the bunch. This is the SOLE point of cryptographic techniques - to encipher a message such that only the intended recipient can recover said message. Well, one out of four's not bad.

(3) Make it difficult to detect that communication is even going on (watermarking a photo with encrypted text, or photocopiers printing copy information in very light yellow ink)

Well, see, now we've stepped out of the realm of cryptography and into another discipline: steganography. This is the art of hiding the very existence of a message - not a method of securing that message from other potentially interested parties. Though the two are related (and, clearly, easily confused), they serve different purposes. Repeat after me: Security through obscurity is no security at all.

(4) Convert the decryption agents to your own side.

Wow, that one really came out of left field. Not sure I've ever heard that one described as a design point of cryptography, much less the most effective one. If you want people to read your manifesto, surely publishing it outright would be more effective than obscuring it and hoping the enemy has smart cryptographers. (Unless, I suppose, your alternate universe values cryptographer's souls some order of magnitude more than regular folk, but in that case I'm willing to bet that there are still several more effective techniques one would employ first.)

Cryptography is one of those areas where (unlike, say, brain surgery) it's quite easy to convince yourself you have developed some new expert technique. Even the crypto experts are cautious about making such statements - flaws are found in our very best efforts sometimes decades later. If you're interested in it at all, may I recommend any of Bruce Schneier's writings. His book Applied Cryptography is the gold standard in the field, and he maintains a fascinating blog at www.schneier.com.

Do you have any information on the break? I just did some searching and couldn't find anything about it. At the bottom of Bruce Schneier's page on Solitaire there is a link to an article Problems with Bruce Schneier's "Solitaire" by Paul Crowley, but it's dead. Is this what you're referring to?

(The article does exist in the Internet Archive at
http://web.archive.org/web/20050206214237/http://w ww.ciphergoth.org/crypto/solitaire/
It does describe what sound like they might be some problems with the randomness of the keystream, but it doesn't seem like a complete break. Sorry for pasting the address, but Slashdot doesn't seem to like IA links much.)

Anyway, I'd be curious in knowing what the problems with it are.

For more information concerning the solitaire encryption algorithm, see either http://www.schneier.com/solitaire.html or read Cryptonomicon.

To see all of the problems concerning the solitaire algorithm, see http://www.ciphergoth.org/crypto/solitaire/

The point has been already been made by Bruce Schneier somewhere in 2001.

http://www.schneier.com/crypto-gram-0105.html#3

It's really not hard to come up with if you have a basic understanding of cryptography.

PS: I'm not the AC