Slashdot Mirror

Bruce Schneier (as usual) has good insights on this.

Bruce Schneier's weblog has some thoughts on RealID and why it's a terrible idea and won't increase security. Highly recommended.

Yes MS did tell us what the key stood for, but of course you didn't want to know that (or you'd have done the obligatory Google search and found this or this or this). But you didn't bother to look; it would have messed up your 'M$ is teh evvil' arguments.

Of course you don't have to beleive them!

There is some useful discussion of this topic at EFF and Schneier.

The State Department is already going to be embedding RFID devices in passports

They're starting to consider some of the ramifications.

Read the Scheiner article, he explains far better than I (http://www.schneier.com/essay-034.html

Selective Quotes:

It doesn't really matter how well an ID card works when used by the hundreds of millions of honest people that would carry it. What matters is how the system might fail when used by someone intent on subverting that system: how it fails naturally, how it can be made to fail, and how failures might be exploited.

The first problem is the card itself. No matter how unforgeable we make it, it will be forged. And even worse, people will get legitimate cards in fraudulent names.

Two of the 9/11 terrorists had valid Virginia driver's licenses in fake names. And even if we could guarantee that everyone who issued national ID cards couldn't be bribed, initial cardholder identity would be determined by other identity documents ... all of which would be easier to forge. ...

But the main problem with any ID system is that it requires the existence of a database. In this case it would have to be an immense database of private and sensitive information on every American -- one widely and instantaneously accessible from airline check-in stations, police cars, schools, and so on.

The security risks are enormous. Such a database would be a kludge of existing databases; databases that are incompatible, full of erroneous data, and unreliable. As computer scientists, we do not know how to keep a database of this magnitude secure, whether from outside hackers or the thousands of insiders authorized to access it. ...

What good would it have been to know the names of Timothy McVeigh, the Unabomber, or the DC snipers before they were arrested? Palestinian suicide bombers generally have no history of terrorism. The goal is here is to know someone's intentions, and their identity has very little to do with that.

And there are security benefits in having a variety of different ID documents. A single national ID is an exceedingly valuable document, and accordingly there's greater incentive to forge it. There is more security in alert guards paying attention to subtle social cues than bored minimum-wage guards blindly checking IDs.

The problem is that there are many abuses possible with this system and for no gain. All of the 9/11 terrorists had valid id - if this system were in place then, they would have obtained valid "Real IDs".

Bruce Schneir has a good article here: http://www.schneier.com/essay-034.html

In short, if it's broken, that's valuable. If it isn't broken in the time allotted, on the other hand, that doesn't mean it's secure.

Schneier invites us all to move beyond fear and to start thinking sensibly about security. He tells us why security is much more than cameras, guards, and photo IDs, and why expensive gadgets and technological cure-alls often obscure the real security issues. Using anecdotes from history, science, sports, movies, and the evening news, Beyond Fear explains basic rules of thought and action that anyone can understand and, most important of all, anyone can use. The benefits of Schneier's non-alarmist, common-sense approach to analyzing security will be immediate.

It takes five passwords to boot up my laptop and check my e-mail.

He is a critic because there is so much bad security; futhermore security is always imperfect.

Bruce Schneier has made a number of positive contributions to the field of security. Among them are the Password Safe program (now moved to Sourceforge). He also wrote Applied Cryptography and other books.

He is a critic because there is so much bad security; futhermore security is always imperfect.

Bruce Schneier has made a number of positive contributions to the field of security. Among them are the Password Safe program (now moved to Sourceforge). He also wrote Applied Cryptography and other books.

Passwords just don't work anymore. As computers have gotten faster, password guessing has gotten easier. Ever-more-complicated passwords are required to evade password-guessing software. At the same time, there's an upper limit to how complex a password users can be expected to remember. About five years ago, these two lines crossed: It is no longer reasonable to expect users to have passwords that can't be guessed. For anything that requires reasonable security, the era of passwords is over.

Bruce Schneier discusses identity theft and more in his latest news letter.

Well, kinda..

It seems that lots of people here are behind on their crypto news.

MD5 is done. Put a fork in it. SHA-1 is down for the count. These are not theoretical results but actual collisions. There is little doubt that a billion dollar industry can afford to generate these collisions, if they believe it will protect their revenue stream.

For example, you send the company a copy of the .mp3 file you want to drive out of circulation. They feed it to a computation cluster and eventually out comes another file which has the same hash. You then publish this new file with the same filename on the victim P2P network and hope that it spreads enough to poison the P2P well, so to speak. There are a number of problems with this scheme (assuming of course that this is the sort of scheme that they offer):

1. The new 'collision' file might have the same MD5 hash, but is it a valid MP3 file?
2. All it takes to beat this scheme is for P2P software to use more than one hash function, for example

   hash (data)
   {
   return concatenate(md5(data), sha1(data));
   }

   After all, even though we now know how to find collisions in MD5 and SHA-1 (quite slowly) we don't yet know an efficient way to find a single file that is a hash collision for both of them.
3. If the company paying the money for the 'collision' file is doing so because somebody has spread their material around the P2P network, then the file must be quite prevalent. So why would they expect the 'collision' file to preferentially spread around the network enough to displace the original file?

The Bittorrent protocol uses SHA1 hashing.

Yes, there was recently a paper presented that "broke" SHA1, but the result is 2**69 operations instead of 2**80 to find a SHA1 collision. 2**69 is still a very large number of operations... a lot less than a full 2**80, but still a prohibitively large number (more costly than the actual realized losses the entertainment industry is suffering).

But since some large portion of the orgs that use SSNs use them as secrets, they would also be asking for your secret under a uid/password system.

So now you've still got tons of busted systems out there that have seen your secret. Plus, someone has to manage passwords. That's annoying enough at our 500 person company.

Public key cryptography could do it without requiring you to expose your secret every time someone wants to ID you, but then someone would have to manage those public keys. That could be less secure, because when someone's private key gets stolen, it might be even more difficult to cope with the resulting identity theft.

Two-factor authentication would be vulnerable to all this stuff, so I don't think it's a fool-proof improvement either.

I've never heard of a scheme that would fix our issues with SSN, or even count as an upgrade.

It's an externality. The invisible hand of the market isn't going to fix things for you

I don't see why they didn't just burn it (cryptographically signed) onto a business card sized CD inserted into a pocket of the passport folder.

After all, US passports already have a mag stripe containing everything but the picture. And with the absolute refusal to place any safeguards whatsoever on the RFID data, there can only be one reasonable explanation. The USG wants the ability to do that which they so stridently deny can be done: sniff passport RFID from a surreptitious distance.

The question of motive is left as an exercise for the reader.

• No, we don't need better band-aids, we need cures. It starts with the credit bureaus and ends with them moving to a better system of identifying people that doesn't make identity theft so fucking easy.

A federal law on accidential data disclosure is a start. Unfortunately, it may be the best you'll get, given the lobbying power of the industry groups that would campaign against the real cure.

The real cure is to create an economic incentive for the data holders, e.g. the public institutions, banks, credit bureaus, etc., that imposes costs associated with improper disclosure. Once there is an economic incentive, better procedures will be developed and enforced by the data holders themselves. BTW: This should also include an incentive to encourage data holders to fix incorrect data.

Bruce Schneier has written extensively on the subject. A good quote taken from this article is:

• The only way to fix this problem is for vendors to fix their software, and they won't do it until it's in their financial best interests to do so.

Another part of the real cure is to have authentication associated with the use of personal records about you. A key part of this is proper vetting of entities changing your data, which should, in some cases, include your direct authorization.

• No, we don't need better band-aids, we need cures. It starts with the credit bureaus and ends with them moving to a better system of identifying people that doesn't make identity theft so fucking easy.

A federal law on accidential data disclosure is a start. Unfortunately, it may be the best you'll get, given the lobbying power of the industry groups that would campaign against the real cure.

The real cure is to create an economic incentive for the data holders, e.g. the public institutions, banks, credit bureaus, etc., that imposes costs associated with improper disclosure. Once there is an economic incentive, better procedures will be developed and enforced by the data holders themselves. BTW: This should also include an incentive to encourage data holders to fix incorrect data.

Bruce Schneier has written extensively on the subject. A good quote taken from this article is:

• The only way to fix this problem is for vendors to fix their software, and they won't do it until it's in their financial best interests to do so.

Another part of the real cure is to have authentication associated with the use of personal records about you. A key part of this is proper vetting of entities changing your data, which should, in some cases, include your direct authorization.

No but he is perfectly capable, and qualified, on commenting on the systems in place, and their quality, which is what he was asked to do.

For refrences please see:
Do Terror Alerts Work? Olympic Security U.S. 'No-Fly' List Curtails Liberties A National ID Card Wouldn't Make Us Safer

Your confusing Bruce Schneier with Counterpane security. There is a connection obviously, but wheras Counterpane concentrates on the computer security area, Schneier does not limit himself to that.

As to no realation between physical and electronic security. Ponder this. If a Gain physical access to your computer I also have access to your network. Mitnick showed us that the two are not as seperate as people would like to think.

No but he is perfectly capable, and qualified, on commenting on the systems in place, and their quality, which is what he was asked to do.

For refrences please see:
Do Terror Alerts Work? Olympic Security U.S. 'No-Fly' List Curtails Liberties A National ID Card Wouldn't Make Us Safer

Your confusing Bruce Schneier with Counterpane security. There is a connection obviously, but wheras Counterpane concentrates on the computer security area, Schneier does not limit himself to that.

As to no realation between physical and electronic security. Ponder this. If a Gain physical access to your computer I also have access to your network. Mitnick showed us that the two are not as seperate as people would like to think.

No but he is perfectly capable, and qualified, on commenting on the systems in place, and their quality, which is what he was asked to do.

For refrences please see:
Do Terror Alerts Work? Olympic Security U.S. 'No-Fly' List Curtails Liberties A National ID Card Wouldn't Make Us Safer

Your confusing Bruce Schneier with Counterpane security. There is a connection obviously, but wheras Counterpane concentrates on the computer security area, Schneier does not limit himself to that.

As to no realation between physical and electronic security. Ponder this. If a Gain physical access to your computer I also have access to your network. Mitnick showed us that the two are not as seperate as people would like to think.

No but he is perfectly capable, and qualified, on commenting on the systems in place, and their quality, which is what he was asked to do.

For refrences please see:
Do Terror Alerts Work? Olympic Security U.S. 'No-Fly' List Curtails Liberties A National ID Card Wouldn't Make Us Safer

Your confusing Bruce Schneier with Counterpane security. There is a connection obviously, but wheras Counterpane concentrates on the computer security area, Schneier does not limit himself to that.

As to no realation between physical and electronic security. Ponder this. If a Gain physical access to your computer I also have access to your network. Mitnick showed us that the two are not as seperate as people would like to think.

Well, I think it is on his resume actually.

"I am participating in a working group to help evaluate the effectiveness and privacy implications of the TSA's Secure Flight program."

There are two links in the post:
1. The .pdf
On the very first page in the title, it says: "Review of the Transportation Security Administration's Role in the Use and Dissemination of Airline Passenger Data".

2. Schnieider's blog
The very first paragraph: "The Transportaion Security Administration misled the public about its role in..."

"We prove that our design is immune to differential and linear cryptanalysis"

See Bruce Schneier's "Snake Oil", Warning Sign #8: Security proofs.

"Secure Science will be offering a challenge at the end of April, introducing the cipher to the public."

See: Warning Sign #9: "Cracking contests" and "The Fallacy of Cracking Contests"

All of this may be well and good, but I don't any real engineers are going to be choosing this over AES anytime soon. AES was a competition backed by NIST to replace the current encryption standard (3DES). Most of the world's top cryptographers submitted thier algorithm. Only after a very long and very thourogh peer review process did the NIST declare Rijandel's submission to be the winner, and therefore the new AES standard.

"We prove that our design is immune to differential and linear cryptanalysis"

See Bruce Schneier's "Snake Oil", Warning Sign #8: Security proofs.

"Secure Science will be offering a challenge at the end of April, introducing the cipher to the public."

See: Warning Sign #9: "Cracking contests" and "The Fallacy of Cracking Contests"

All of this may be well and good, but I don't any real engineers are going to be choosing this over AES anytime soon. AES was a competition backed by NIST to replace the current encryption standard (3DES). Most of the world's top cryptographers submitted thier algorithm. Only after a very long and very thourogh peer review process did the NIST declare Rijandel's submission to be the winner, and therefore the new AES standard.

This whole market share angle is mostly bogus. There is what, about 10 million OS X users? Why hasn't there been a worm (or trojan, anything!) attacking them? Witty has a very successful worm: it hit all 12,000 vulnerable hosts.

How can you say 10 million is too small? The population of Canada (where I live) is about 33 million. The installed OS X based is then (about) 1/3 the population of Canada. That's not far from the population of New York city (~15M).

If a worm can hit only 12,000 hosts like Witty did and be called "successful" (it was basically a 100% infection rate), then surely the OS X population is vulnerable.

John Gruber has some articles on this.

Obligatory Neal Stephenson reference ...

Sure, the solitaire cipher has a bias, but it's still good enough to keep your little black book interesting.
(that and paper doesn't crash)

Seriously, though, it would be funny if all the gov. office drones started bringing a deck of cards to work and leaving them in plain site :-D

The great Linux guru winner: no one.
After the 96 hours, the machine was still safe and sound.
Distro on the target machine: Adamantix.

What was proved: nothing.
Time: wasted.

And in the US you have no data protection rights. California's laws are advanced for f***'s sake!

sorry to reply to my own post, but the link didn't work, here it is again:

http://www.schneier.com/crypto-gram-current.html

These tokens have been around for at
least two decades, but it's only recently
that they have gotten mass-market attention.
AOL is rolling them out. Some banks are issuing
them to customers, and even more are talking about
doing it. It seems that corporations are
finally waking up to the fact that passwords don't
provide adequate security, and are
hoping that two-factor authentication
will fix their problems.

Wow, you really don't know much about Bruce Schneier.

If all he ever did was to write Applied Cryptography, he would be considered one of the best contributors to security. Never mind Secrets and Lies, Beyond Fear and his Crypto-gram newsletter. He also founded Counterpane, a company that helps with security. Bruce is doing a lot of positive work to bring improvements, but he isn't shy about pointing out the really stupid things people are doing in the name of security.

right on topic: bruce shneier, my favourite security wonk, just wrote a great piece about the failure of two-factor identification, especially when it comes to fishing. a very worthwhile read, as is all his stuff that i've read :-)

In other words, the new Crypto-Gram is out.

Though I did find the whole SHA-1 article mostly unreadable because of broken quotation.

Before anyone points out that now we'll find out the truth about the infamous NSAKEY in Windows or some dirty little secrets of Bush administration, I would like to remind you that according to Bruce Schneier "algorithms from the NSA are considered a sort of alien technology: They come from a superior race with no explanations." The most important implication of declassifying NSA would be a better understanding of the mysterious rationale of many of NSA decisions in crypto algorithms, because even many aspects of DES remain a mystery to this day. So please stop the explosion of crackpot conspiracy theories and focus on the most important issue: cryptoanallysis.

> Actually, this is a very good test at the security of the system, and one that I believe we should welcome. The more of these contests we have, the more security bugs that will be found and then promptly patched.

Bruce Schneier begs to differ: http://www.schneier.com/crypto-gram-9812.html#cont ests

It's focused on crypto, but the principle applies to any system.

See also Bruce Schneier's The Fallacy of Cracking Contests.

Now there's probably a Marketing Department that put them up to it, and some PHB's may be impressed, but it sure announces to the security community, "Hey, we have no idea how to think about security - buy our stuff!"

The Fallacy of Cracking Contests (Bruce Schneier)

Contests are a terrible way to demonstrate security. A product/system/protocol/algorithm that has survived a contest unbroken is not obviously more trustworthy than one that has not been the subject of a contest. The best products/systems/protocols/algorithms available today have not been the subjects of any contests, and probably never will be. Contests generally don't produce useful data. There are three basic
reasons why this is so. [see link for explanations]

NSA, Crypto AG, and the Iraq-Iran Conflict

Breaking Iranian Codes

I consider The Art of Deception to be up there with Bruce Schneier's two books, Secrets and Lies, and Beyond Fear. It is a real eye-opener on the techniques a social engineer can use, and should be mandatory reading for anybody entering the infosec field. You can be pretty sure that he has used all the techniques described, just that the names, places and times have been changed to protect the innocent.

If you choose to get it, look for the "lost" Chapter 1 on the Internet.

I've also noticed that his new book, The Art of Intrusion has just been released. I'm sure I'll get it in the near future.

I consider The Art of Deception to be up there with Bruce Schneier's two books, Secrets and Lies, and Beyond Fear. It is a real eye-opener on the techniques a social engineer can use, and should be mandatory reading for anybody entering the infosec field. You can be pretty sure that he has used all the techniques described, just that the names, places and times have been changed to protect the innocent.

If you choose to get it, look for the "lost" Chapter 1 on the Internet.

I've also noticed that his new book, The Art of Intrusion has just been released. I'm sure I'll get it in the near future.

Where I live, voters would receive an invitation by mail, letting them know when an election is held, together with a list of candidates to study in advance. Voters would go to the voting location, present that invitation (and possibly ID themselves), then receive a paper ballot, with all candidates/parties printed on it. Mark a circle next to the desired candidate with a red pencil, drop the ballot in a box, and you're done. How much easier can you make it? But here's the important thing: ANYONE (maybe even non-voters) CAN VERIFY EVERY SINGLE STEP IN THE PROCESS.

Before the election, there's plenty time to correct mistakes like voters not registered (that should have been), arrange to vote at another location, etc. At election day, anyone can verify that the box receiving the ballots, is empty at the start. You can hang around and see for yourself, that every voter drops only 1 ballot in the box, and that voters aren't excluded, harassed, or pressured into voting something other than their own choice. At the end of the day, you can watch the box being emptied, ballots (hand-)counted, re-counted if needed, and see that correct totals are recorded, and reported to city hall. And I'm pretty sure you could verify the totals being calculated at city hall, and verify that national results match the totals recorded for each city/village. In short: convince yourself, that there is not a SINGLE step in the process, where results could be compromised/f**ked up.

AFAIK, using paper ballots and hand-counting, is still:

• The most reliable: paper & ink don't fail, and when folks are watching, you need magic to make paper ballots change/appear/disappear.
• The most accurate: you just may need to re-count a couple of times to be sure.
• Cheap: election officials/count people are either volunteers or civil servants that were paid anyway. Paper & pencils cost nothing.
• Fast. If organised properly, millions of votes can be counted in hours.

Using OSS for voting machines doesn't assure you anything. Can you verify the compiler used to turn the source code into binary? Can you verify it is fed the same source code that is published? Can you verify that the machine it runs in, is built according to (published) schematics? Can you verify that IC's used, are what their markings say? Can you verify yourself, that eg. a Flash ROM contains the verified binary? Can you be sure of all that BEFORE elections begin, and be sure that machines will operate 100% reliable until elections are done? And that totals are added accurately, when results are transmitted over wires, and processed in an all-electronic manner? I don't think so, too many variables. For reliable results, ALL these things would have to work flawless, and verifiable.

I never understood why voting machines were allowed to undermine this voter-verification, and IMHO machines do nothing to improve the process, or the results.

If it were up to me, voting machines would never be used, or retired right now as a failed experiment. In fact, a Robert X. Cringely makes a strong case for just that: "Follow the Money: Why the Best Voting Technology May Be No Technology at All".

Sadly, where I live, voting machines were introduced as well... ;-((

That reasoning is flawed, as Bruce Schneier explains here:

Some have argued in favor of touch-screen voting systems, citing the millions of dollars that are handled every day by ATMs and other computerized financial systems. That argument ignores another vital characteristic of voting systems: anonymity. Computerized financial systems get most of their security from audit. If a problem is suspected, auditors can go back through the records of the system and figure out what happened. And if the problem turns out to be real, the transaction can be unwound and fixed. Because elections are anonymous, that kind of security just isn't possible.

I've actually made the heretical argument about password security that you should write your password down (though of course some place smarter than the monitor).