Slashdot Mirror

To brute force a blowfish password requires 500 or so encryptions to check each individual password rather than just one as with other methods. While thats not enough to stop brute-forcing it is enough to slow it down considerably.

I forget the exact numbers, have a look on Mr Schneiers homepage if you have the urge to be more precise :)

To quote Bruce Perens, if security really matters, you should base it on three things

Did you perhaps mean Bruce Schneier? He would be more relevant to security than Bruce Perens is.

Some people are concerned about e-voting because of security and/or reliability issues. And rightly so. If other people are concerned because fear of e-voting will reduce voter turnout, that concern is also valid. People will not want to use an unreliable voting system. Also, the total voter turnout is important for voting and democracy to work. This might well indicate that the issues concerning e-voting should be taken seriously. However, others might argue from this that few people are actually concerned about the process itself and that most concern is about others refusing to participate because of their fears. Hopefully, concerned voters will use alternative voting methods such as absentee ballots or they will find out about measures such as voter-verifiable paper trails.

Why are many individuals not concerned about security and reliability problems with e-voting? There are several possible reasons:

1. E-voting is impressive, like technology is often impressive. This could be particularly true for older people.
   
2. People have had bad experiences with paper ballots and e-voting will supposedly solve this problem.
   
3. Assumptions that "we trust technology for air-traffic control, etc." (see this response) or "we trust computers for billion-dollar transactions" (see this response) and so "e-voting should be easily secure". Securing an existing computer system, even something like a home PC, can be quite difficult.
   
4. Voting should be effortless, and even a paper receipt adds effort. This is similar to "instant gratification."
   
5. Voting should be accessible, and a paper ballot would interfere with that. Hopefully, voting can be made reliable and accessible (see this response.)

I was helping a user set up a new e-mail account last week. I got it set up to the point where it needed her to choose a password, gave her a brief refresher lecture on strong passowrds, and then stepped aside so she could enter one. I looked away from the keyboard.

As I started to hear keyboard clicks, I said "Remember, not your husband or child's name." I thought was kidding.

She stopped typing, and I looked over in time to see her deleting what she had. After a moment, she started typing again.

"Not pets, either" I said, mortified.

She stopped again.

I wasn't sure whether to laugh or cry. I know that people ignore password policies whenever possible, but still...

So I changed plans, and set up Password Safe for her, and showed her how to use it to generate and store passwords. Maybe if it's dead easy to use complex passwords, she might actually do it. She seemed grateful, so I'm hoping.

But I'm not holding my breath.

The $500 security guarantee is utterly irrelevant.

I not only have seen script kiddies trading private exploits for sums at least an order of magnitude greater than that, but they were selling it to multiple buyers. I am talking about script kiddies, not professionals, mind you. Even $100,000 would be laughable. $1,000,000 might start looking interesting for people not willing to make any serious usage (industrial espionage, etc.) of their exploits. But $500? Please don't mind if I die laughing. See also The Fallacy of Cracking Contests essay written by Bruce Schneier in bloody 1998.

BIND9... don't get your hopes up. The BIND company sells paches for their software. Meaning that if you don't pay them money then you're going to be running an errornouse DNS server. [original emphasis]

Still most people use BIND for two reasons: no one wants to learn the crusty details of DNS and 2) Linux comes with BIND as it's default name library.

Alternative like djbdns should be used.

I wish it was so simple. There are two most important problems with djbdns, though. Namely:

1. unlike BIND, djbdns does not follow RFCs 1034/1035
2. unlike BIND, djbdns is not free software

Don't get me wrong, it is quite a solid piece of software (the laughable cracking contest notwithstanding) but it is not a complete DNS implementation (zone transfers, anyone?) which wouldn'd be such a big deal if it was free software, because anyone (myself included) could make it RFC compatible in few weeks (months at most) but unfortunately it is not.

Also, you should learn about BIND9 (and even BIND8) in the context of cache poisoning. It is not as big of a problem as you seem to believe.

Most people use BIND for two reasons indeed, but those reasons are:

1. BIND is the most complete DNS implementation
2. BIND is free software
3. ("permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted..." etc.) contrary to what you are trying to imply with your patches-selling remark

I am sure many--if not all--GNU/Linux distos will come with djbdns as soon as it is released as free software, for--as I have already said--it is quite a good piece of software, for a one man project.

I haven't read anything about "HyperEncryption" but you may want to hear what Bruce Scheneier has to say about one-time pads. Although OTPs are proveably unbreakable, many cryptosystems that claim to be OTP actually generate the pads with stream ciphers, which invalidates the guarantee of OTP.

Bruce Schneier touched on this very subject in his September 2003 cryptogram in response to Nachi (or Blast.D), you can find his original article in the cryptogram archives.

Automatically installing code on a user's system without their consent is never a good idea. Virally propegated code, no matter the intent, still generates network traffic, just because the payload is different doesn't mean the virus/worm/whathaveyou isn't adding to the problem of conjested networks. And as someone else pointed out, even if the 'white hat' programmer has good intentions, that doesn't mean they won't make mistakes in their code which could have adverse effects on the systems they are attempting to patch.

While I don't think users should have to directly interface with security protocols/techniques, I do think they should be aware of them. If they are made fully aware of the damages that can be done to them, they're more likely to patch, or back away from the internet in fear, either way, there is a reduction in exploitable hosts.

>Remember the NSA keys in the Windows NT crypto
>libraries?

I agree with the rest of your post, but I gotta call bullshit on this part.

This article explains more about "NSA Key" in Windows NT and leading cryptologists such as Bruce Schneier have debunked the possiblity of the NSA using it for spying on users. (As there are much easier ways to go about doing it)

Approximately 8.2 GB of data was stolen from Acxiom Corp...

Beyond the fact that a national ID card wouldn't provide any additional security, putting that much private information in one place is just asking for trouble. As this latest debacle shows, and as Schneier points out in the article I referenced.

From the CNN article:

"We will aggressively pursue those who steal private information from computer networks and make it clear that there are serious consequences for such crimes," [Assistant Attorney General Christopher Wray] said.

Lesson learned: if I am a terrorist then don't declare my firearm. Seems like the security theater just encourages people to not disclose information. Like the case of the guy in Rhode Island who got deported after reporting a murder.

Reminds me of an article in Schneier's Crypto-Gram:

I tried to argue the point, but eventually gave up. Then I said something like: "I can hardly wait for Bluetooth to become universal, because I really want a wireless keyboard and mouse with the "base station" built into my computer." He said: "Yes, but you really probably don't want to use Bluetooth for that, because then somebody could stuff keystrokes or mouse clicks into your system." I didn't know whether to laugh or cry. Talk about not getting it.

The problem is, Bluetooth involves no authentication. So look out for people who walk 8 feet next to your car and mess with your onboard audio system - like turning volume to the max, and playing some ear splitting, deafening noise.

Hope your car audio system doesn't have enough power to make you deaf.

I am regularly asked what the average Internet user can do to ensure his security...

6. Browsing. ... If at all possible, don't use Microsoft Internet Explorer.

11. General. ... If possible, don't use Microsoft Windows.

It's either a joke or the best info ever to happen. Bruce Schneier being the crypto guru who wrote Beyond Fear (I encourage you to buy it asap).

We just announced the addition of renowned computer security expert Bruce Schneier to our speaker schedule!

I can offer $10K to the first person who successfully breaks into my home and steals a book off my shelf. If no one does so before the contest ends, that doesn't mean my home is secure. Maybe no one with any burgling ability heard about my contest. Maybe they were too busy doing other things. Maybe they weren't able to break into my home, but they figured out how to forge the real-estate title to put the property in their name. Maybe they did break into my home, but took a look around and decided to come back when there was something more valuable than a $10,000 prize at stake. The contest proved nothing.

It's not about mistakes. Those are easily minimized. Just make sure there are always two people looking at ballots and sorting them etc. It's about tampering. Tampering is just ridiculously easy with the current machines and the lack of process.

See last month's Crypto-Gram for an account of the stakes.

The VerifiedVoting.org Web site explains the issue of mission-critical computers versus electronic voting machines. Basically, voting machines are not designed and built with the same care as mission-critical systems. Also, voting machines have to be able to resist deliberate tampering in addition to accidental crashes or failure. (Electronic vote tampering could come from inside individuals or those close to the voting systems, as opposed to an attack by someone outside.)

With respect to financial systems, security expert Bruce Schneier has talked about financial transactions versus electronic voting. There is a difference in securing the two because financial transactions have identifiers associated with them but votes have to be anonymous. With respect to electronic financial transactions, both parties know (or can find out) the identity of the other to resolve the issue if something does go wrong.

The ability for votes to be counted accurately and to represent the will of the voters comes close to affecting the existence of a democratic government and freedom for the people.

I just recently started using a similar app on Windows to store my password details, Password Safe. It uses Blowfish for its encryption, has versions for Linux and PocketPC and has had its security verified by Counterpane Labs (Bruce Schneier's company).

I guess it would be safer to keep all my password details in my head alone, but this is a damn sight better than sticky notes or text files. It also made me go through and change the weak or repeated passwords, too.

Funny... gator...

Here's another excellent password utility, from Bruce Schneier called Password Safe, which stores the passwords in a file and uses Blowfish to encrypt it. Very lightweight (requires only the executable -- no installation) but has the features everybody needs.

So now people will have to send digital photographs of their fingerprint together with digital content, so people could reproduce it Tsutomu Matsumoto style:

"His more interesting experiment involves latent fingerprints. He takes a fingerprint left on a piece of glass, enhances it with a cyanoacrylate adhesive, and then photographs it with a digital camera. Using PhotoShop, he improves the contrast and prints the fingerprint onto a transparency sheet. Then, he takes a photo-sensitive printed-circuit board (PCB) and uses the fingerprint transparency to etch the fingerprint into the copper, making it three-dimensional. (You can find photo-sensitive PCBs, along with instructions for use, in most electronics hobby shops.) Finally, he makes a gelatin finger using the print on the PCB. This also fools fingerprint detectors about 80% of the time."

I wonder how long before the first universal fingerprint starts circulating like proprietary software activation codes do today.

In practical terms, VeriTouch's breakthrough in anti-piracy technology means that no delivered content to a customer may be copied, shared or otherwise distributed because each file is uniquely locked by the customer's live fingerprint scan.

Let me guess... Those geniuses from VeriTouch haven't read this 1998 essay by Bruce Schneier, have they? So... They have finally invented a working copy-prevention technique. Bravo. I've been waiting for literally decades. Have they also invented a lossless compression of random data by any chance? Because it would be great if they had. It would make my network faster. Also, I would like a pony. My God, what a waste of time...

So now people will have to send digital photographs of their fingerprint together with digital content, so people could reproduce it Tsutomu Matsumoto style:

"His more interesting experiment involves latent fingerprints. He takes a fingerprint left on a piece of glass, enhances it with a cyanoacrylate adhesive, and then photographs it with a digital camera. Using PhotoShop, he improves the contrast and prints the fingerprint onto a transparency sheet. Then, he takes a photo-sensitive printed-circuit board (PCB) and uses the fingerprint transparency to etch the fingerprint into the copper, making it three-dimensional. (You can find photo-sensitive PCBs, along with instructions for use, in most electronics hobby shops.) Finally, he makes a gelatin finger using the print on the PCB. This also fools fingerprint detectors about 80% of the time."

I wonder how long before the first universal fingerprint starts circulating like proprietary software activation codes do today.

In practical terms, VeriTouch's breakthrough in anti-piracy technology means that no delivered content to a customer may be copied, shared or otherwise distributed because each file is uniquely locked by the customer's live fingerprint scan.

Let me guess... Those geniuses from VeriTouch haven't read this 1998 essay by Bruce Schneier, have they? So... They have finally invented a working copy-prevention technique. Bravo. I've been waiting for literally decades. Have they also invented a lossless compression of random data by any chance? Because it would be great if they had. It would make my network faster. Also, I would like a pony. My God, what a waste of time...

Speaking of movie references, that gelatin exploit sounds like something out of the movie Gattaca. Except IIRC his defeated a pinprick blood checker as well.

Finally we have something which is not vulnerable to the rubber-hose cryptanalysis. Now the attackers can brute-force me as hard and as long as they want and I will not be able to tell them my password even if I want to! Now I feel totally safe, because even in the case of the most inhumane torturing, I will take my password to my grave. It's like using fingerprints in ATMs so the thief has to cut my finger off instead of taking my ATM card in order to steal my money, except for the lack of gelatin exploit. This is great news. I can stop recommending Password Safe to my users now.

Personally, I use one called djbdns. It's extremely small and basically bug free! The author actually will pay $50,000 to whoever finds the first exploit in it or something.

You might want to read the first line of the djbdns security guarantee:

"I offer $500 to the first person to publicly report a verifiable security hole in the latest version of djbdns."

$500 is hardly $50,000 but even if it was $50,000, please keep in mind that a hypothetical non-public exploit of tinydns would be worth much more than $50,000 for anyone who would want to use it seriously. Please remember that by compromising DNS server you can effectively control mail and websites, even without compromising the mail and web servers themselves. I have already seen web traffic for compromised domains routed through proxy servers controlled by attackers (or smtp traffic redirected via external relays, for that matter). This might be very powerful and can be quite hard to detect, especially when you provide correct dns info to internal network.

With all due respect to D. J. Bernstein, even though I do believe that his name server is probably the most secure one in use today, his cracking contest is hardly meaningful. There is an interesting article, The Fallacy of Cracking Contests by Bruce Schneier, published in the December 1998 issue of The Crypto-Gram Newsletter:

You see them all the time: "Company X offers $1,000,000 to anyone who can break through their firewall/crack their algorithm/make a fraudulent transaction using their protocol/do whatever." These are cracking contests, and they're supposed to show how strong and secure the target of the contests are. The logic goes something like this: We offered a prize to break the target, and no one did. This means that the target is secure.

It doesn't.

Contests are a terrible way to demonstrate security. A product/system/protocol/algorithm that has survived a contest unbroken is not obviously more trustworthy than one that has not been the subject of a contest. The best products/systems/protocols/algorithms available today have not been the subjects of any contests, and probably never will be. Contests generally don't produce useful data. There are three basic reasons why this is so.

1. The contests are generally unfair.

Cryptanalysis assumes that the attacker knows everything except the secret. He has access to the algorithms and protocols, the source code, everything. He knows the ciphertext and the plaintext. He may even know something about the key.

And a cryptanalytic result can be anything. It can be a complete break: a result that breaks the security in a reasonable amount of time. It can be a theoretical break: a result that doesn't work "operationally," but still shows that the security isn't as good as advertised. It can be anything in between.

Most cryptanalysis contests have arbitrary rules. They define what the attacker has to work with, and how a successful break looks. Jaws Technologies provided a ciphertext file and, without explaining how their algorithm worked, offered a prize to anyone who could recover the plaintext. This isn't how real cryptanalysis works; if no one wins the contest, it means nothing.

Most contests don't disclose the algorithm. And since most cryptanalysts don't have the skills for reverse-engineering (I find it tedious and boring), they never bother analyzing the systems. This is why COMP128, CMEA, ORYX, the Firewire cipher, the DVD cipher, and the Netscape PRNG were all broken within months of their disclosure (despite the fact that some of them have been widely deployed for many years); once the algorithm is revealed, it's easy to see the flaw, but it might take years before someone bothers to reverse-engineer the algorithm and publish it. Contests

So, let me summarize. One-time pads are useless for all but very specialized applications, primarily historical and non-computer. And almost any system that uses a one-time pad is insecure. It will claim to use a one-time pad, but actually use a two-time pad (oops). Or it will claims to use a one-time pad, but actually use a steam cipher. Or it will use a one-time pad, but won't deal with message re-synchronization and re-transmission attacks. Or it will ignore message authentication, and be susceptible to bit-flipping attacks and the like. Or it will fall prey to keystream reuse attacks. Etc., etc., etc.

One-time pads may be theoretically secure, but they are not secure in a practical sense. They replace a cryptographic problem that we know a lot about solving -- how to design secure algorithms -- with an implementation problem we have very little hope of solving. They're not the future. And you should look at anyone who says otherwise with deep and profound suspicion.

In the original poster's defence, I don't actually see him using the term "one time pad" anywhere other than the headline, which may have been put in by the Slashdot staff. In any case, the term is almost certainly being misused here.

So, let me summarize. One-time pads are useless for all but very specialized applications, primarily historical and non-computer. And almost any system that uses a one-time pad is insecure. It will claim to use a one-time pad, but actually use a two-time pad (oops). Or it will claims to use a one-time pad, but actually use a steam cipher. Or it will use a one-time pad, but won't deal with message re-synchronization and re-transmission attacks. Or it will ignore message authentication, and be susceptible to bit-flipping attacks and the like. Or it will fall prey to keystream reuse attacks. Etc., etc., etc.

One-time pads may be theoretically secure, but they are not secure in a practical sense. They replace a cryptographic problem that we know a lot about solving -- how to design secure algorithms -- with an implementation problem we have very little hope of solving. They're not the future. And you should look at anyone who says otherwise with deep and profound suspicion.

In the original poster's defence, I don't actually see him using the term "one time pad" anywhere other than the headline, which may have been put in by the Slashdot staff. In any case, the term is almost certainly being misused here.

Do you remember to wipe the sensor after use?

I am reminded of an article several months ago on spoofing fingerprint readers. The gelatin technique is likely the one most Slashdotters remember, but for some, it was sufficient to blow on the detector. c't has lots more fun details, but these have both been on Slashdot before.

Mostly, because Bruce Schneier says it isn't.

A solution that works for many is PasswordSafe. This is a small application that keeps all passwords encrypted (using the Blowfish algorithm). Entries are presented either as a flat list or tree, and double-clicking an entry decrypts the password and copies it to the clipboard. The project originally came from Counterpane, Bruce Schneier's company, and is regarded as a useful and secure application.
PasswordSafe has random password generation that can be customized rather nicely.
Of course, the PasswordSafe database itself needs to protected by a passphrase...

[Disclaimer: I'm currently the project admin for PasswordSafe.]

Biometrics cannot be shared

Yes, they can.

What's a public key?
A key you make public so that others can send messages to you. Likewise, others make their own public key known to you (or to the public in general) so you can encrypt messages to them.

A private key?
The key you need in order to decode the messages others have encrypted using your public key.

What do I do if my private key is compromised?
Generate a new private and public key. Send a revocation notice to the public keys server(s) you use and notify all your correspondents of your public key change.

I use an older version of a free program called Password Safe and keep lots of backup copies of it's data file on floppies, etc. With the (ugly) newer version you can also print out a hardcopy.

cryptogram article talks about an american ID card in the works (and why its a bad thing )

Why should any regular individual be worried about these systems? From the best essay on privacy and 9/11 laws I've seen (from the former privacy czar of Canada- warning Canadians not to lose rights Americans have already lost):

"...But there also will be tangible, specific harm. The more information government compiles about us, the more of it will be wrong. That's simply a fact of life.

"But if our privacy becomes ever more systematically invaded by the state for purposes of assessing our behavior and making judgments about us, wrong information and misinterpretations will have potential consequences.

"If information that is actually about someone else is wrongly applied to us, if wrong facts make it appear that we've done things we haven't, if perfectly innocent behavior is misinterpreted as suspicious because authorities don't know our reasons or our circumstances, we will be at risk of finding ourselves in trouble in a society where everyone is regarded as a suspect. By the time we clear our names and establish our innocence, we may have suffered irreparable financial or social harm...

"Decisions detrimental to us may be made on the basis of wrong facts, incomplete or out-of-context information or incorrect assumptions, without our ever having the chance to find out about it, let alone to set the record straight...

"The bottom line is this: If we have to live our lives weighing every action, every communication, every human contact, wondering what agents of the state might find out about it, analyze it, judge it, possibly misconstrue it, and somehow use it to our detriment, we are not truly free. That sort of life is characteristic of totalitarian countries, not a free and open society like Canada...

" Compiling dossiers on the private activities of all law-abiding citizens is the sort of thing the Stasi secret police used to do in the former East Germany. It has no place in a free and democratic society."

"...When people are worried about their safety, when we have seen the horrors of which today's breed of terrorists are capable - and there may be more - it's easy to lose perspective. It's easy to fall into the trap of thinking that security is all that matters and that human rights such as privacy are a luxury. But such extremes can only reward and encourage terrorism, not diminish it. They can only devastate our lives, without commensurately safeguarding them. Of course we all want to be safe. But we could be safer from terrorism - perhaps - if we permanently evacuated all the high-rise office towers, if we closed down the subways, if we forever grounded all airplanes. Yet no reasonable person would be likely to argue for adopting such measures. We'd say, "We want to be safe, yes - but not at the price of sacrificing our whole way of life." The same reasoning should apply, in my view, to arguments that privacy should indiscriminately be sacrificed on the altar of enhanced security..."

Uh-oh, did I just make TIA work? Bruce is gonna kill me.
-l

This is very interesting. I have read Secrets & Lies: Digital Security in a Networked World by Bruce Schneier and now I am reading New Top Level Domains Considered Harmful by Timothy John Berners-Lee and the later seems to be quite interestingly related to the former. According to Berners-Lee, "The Internet is a net, and the WWW is a Web, but WWW and email use DNS which is a tree, which has a single root." But according to Schneier I also know that security product is a process layered like an onion which is a chain only as secure as the weakest link. Now, I am starting to wonder what would be the weakest link in the chain of onion layers which are the branches of a tree in the web of our network and how could it be related to the "single root" compromise universal vulnerability and if my conclusions are correct then securing the Interweb network is impossible.

What's wrong about having a national ID as long as you're not involved in something criminal or illicit?

Read Pierre Honeyman's blurb to find out why.

And what's this 'national ID stamped on your forehead' BS all about?

That's a biblical reference. This is where you're supposed to reject all of my arguments entirely because I referenced the Bible.

That every looney can keep and bear arms and possibly use it to shoot other people?

Right, because everybody sane knows that only looneys keep and use firearms. Since you think guns should be banned because people could ``possibly use it'' to shoot other people, I think Windex should be banned because children might drink it, pencils should be banned because people might possibly poke each other's eyes out, computers should be banned because they do cause RSI, CRTs should be banned because they might cause cancer, and doorlocks should be banned because they might hinder emergency personnel in the event of them having to come into your house to shock your heart back to life after two thugs with baseball bats broke into your house, beat the shit out of you, raped your wife, and killed your children, all because you didn't have a way to protect your family inside your own home against two thugs with baseball bats.

Security expert Bruce Schneier has talked about what he calls the trojan defense. He mentions several cases in which an illegal action was traced to a specific computer system, but the individual who was at the system claimed that a trojan horse was responsible for the action. In one case, an individual was suspected of launching a distributed denial of service attack, but they were acquitted after arguing that a trojan was responsible. In two other cases, individuals were charged with downloading illegal porn but were able to get the charges cleared via the trojan defense. Bruce Schneier supports the idea of this defense, but others might not.

You are right to notice that facial recognition != facial detection. The latter is a much harder problem, but the Slashdot introduction for this article implies they are one in the same. What they've done is like talking about a computer program that can bring about world peace, then link to an article on Eliza (see: http://www.manifestation.com/neurotoys/eliza.php3) . If anything, this research just shows how difficult the problem of face recognition is. The research endeavor that is facial recognition is a blackhole for funding. Smart security analysts think that the research money would be better spent on paying more human analysts to do intelligence work. Here is what technology security pundit Bruce Schneier wrote on the subject after September 11th: http://www.schneier.com/crypto-gram-0109a.html#3.

Thank you, unknown moderators, for verifying my point: Semantic attacks like e.g. phishing are easily carried out; it only takes a moderate understanding of the victim's expectations. Fit your attack to something they know and believe they understand, and they will react as desired, clicking first and thinking never.

That's the current line from the Irish Government, anyway. They're hoping the commission which damned the e-voting system will come to its senses when they complete more tests, and that they will turn around and give it a big wet seal of approval.

Of course, since they've wasted^H^H^H^H^H^Hinvested over EUR50 million on the system already, and our country is small enough that this isn't small change, they're not exactly likely to own up and admit that they're guilty of misappropriating public funds. At least not until after the elections this June.

But anyway. My advice is to keep pushing the fact that computer security experts are united and unequivocal in rejecting e-voting systems unless they involve a voter-verified paper ballot (also called a voter-verified audit trail). This is what seemed to have the most effect in Ireland. Start with the Association for Computing Machinery, then Dr Rebecca Mercuri, then Bruce Schneier, and so on...

--Adrian.

If you think this is Informative, then I should quote Biometrics: Truths and Fictions from August 1998 issue of Crypto-Gram Newsletter by Bruce Schneier:

Biometrics are seductive: you are your key. Your voiceprint unlocks the door of your house. Your retinal scan lets you in the corporate offices. Your thumbprint logs you on to your computer. Unfortunately, the reality of biometrics isn't that simple.

Biometrics are the oldest form of identification. Dogs have distinctive barks. Cats spray. Humans recognise each other's faces. On the telephone, your voice identifies you as the person on the line. On a paper contract, your signature identifies you as the person who signed it. Your photograph identifies you as the person who owns a particular passport.

What makes biometrics useful for many of these applications is that they can be stored in a database. Alice's voice only works as a biometric identification on the telephone if you already know who she is; if she is a stranger, it doesn't help. It's the same with Alice's handwriting; you can recognize it only if you already know it. To solve this problem, banks keep signature cards on file. Alice signs her name on a card, and it is stored in the bank (the bank needs to maintain its secure perimeter in order for this to work right). When Alice signs a check, the bank verifies Alice's signature against the stored signature to ensure that the check is valid.

There are a bunch of different biometrics. I've mentioned handwriting, voiceprints, and face recognition. There are also hand geometry, fingerprints, retinal scans, DNA, typing patterns, signature geometry (not just the look of the signature, but the pen pressure, signature speed, etc.), and others. The technologies behind some of them are more reliable than others, and they'll all improve.

"Improve" means two different things. First, it means that the system will not incorrectly identify an impostor as Alice. The whole point of the biometric is to prove that Alice is Alice, so if an impostor can successfully fool the system it isn't working very well. This is called a false positive. Second, "improve" means that the system will not incorrectly identify Alice as an impostor. Again, the point of the biometric is to prove that Alice is Alice, and if Alice can't convince the system that she is her then it's not working very well, either. This is called a false negative. In general, you can tune a biometric system to err on the side of a false positive or a false negative.

Biometrics are great because they are really hard to forge: it's hard to put a false fingerprint on your finger, or make your retina look like someone else's. Some people can mimic others' voices, and Hollywood can make people's faces look like someone else, but these are specialized or expensive skills. When you see someone sign his name, you generally know it is him and not someone else.

Biometrics are lousy because they are so easy to forge: it's easy to steal a biometric after the measurement is taken. In all of the applications discussed above, the verifier needs to verify not only that the biometric is accurate but that it has been input correctly. Imagine a remote system that uses face recognition as a biometric. "In order to gain authorization, take a Polaroid picture of yourself and mail it in. We'll compare the picture with the one we have in file." What are the attacks here?

Easy. To masquerade as Alice, take a Polaroid picture of her when she's not looking. Then, at some later date, use it to fool the system. This attack works because while it is hard to make your face look like Alice's, it's easy to get a picture of Alice's face. And since the system does not verify that the picture is of your face, only that it matches the picture of Alice's face on file, we can fool it.

Similarly, we can fool a signature biometric using a photocopier or a fax machine.

"Good morning Doctor, this evil genius Tsutomu Matsumoto has compromised the great security of my biometric ID card again... I really think that this so called 'gelatin' circumvention substance should be outlawed! Anyway, could you please transplant me a new set of fingers?"

If you think this is Funny, then you should read Fun with Fingerprint Readers from May 2002 issue of Crypto-Gram Newsletter by Bruce Schneier:

Tsutomu Matsumoto, a Japanese cryptographer, recently decided to look at biometric fingerprint devices. These are security systems that attempt to identify people based on their fingerprint. For years the companies selling these devices have claimed that they are very secure, and that it is almost impossible to fool them into accepting a fake finger as genuine. Matsumoto, along with his students at the Yokohama National University, showed that they can be reliably fooled with a little ingenuity and $10 worth of household supplies.

Matsumoto uses gelatin, the stuff that Gummi Bears are made out of. First he takes a live finger and makes a plastic mold. (He uses a free-molding plastic used to make plastic molds, and is sold at hobby shops.) Then he pours liquid gelatin into the mold and lets it harden. (The gelatin comes in solid sheets, and is used to make jellied meats, soups, and candies, and is sold in grocery stores.) This gelatin fake finger fools fingerprint detectors about 80% of the time.

His more interesting experiment involves latent fingerprints. He takes a fingerprint left on a piece of glass, enhances it with a cyanoacrylate adhesive, and then photographs it with a digital camera. Using PhotoShop, he improves the contrast and prints the fingerprint onto a transparency sheet. Then, he takes a photo-sensitive printed-circuit board (PCB) and uses the fingerprint transparency to etch the fingerprint into the copper, making it three-dimensional. (You can find photo-sensitive PCBs, along with instructions for use, in most electronics hobby shops.) Finally, he makes a gelatin finger using the print on the PCB. This also fools fingerprint detectors about 80% of the time.

Gummy fingers can even fool sensors being watched by guards. Simply form the clear gelatin finger over your own. This lets you hide it as you press your own finger onto the sensor. After it lets you in, eat the evidence.

Matsumoto tried these attacks against eleven commercially available fingerprint biometric systems, and was able to reliably fool all of them. The results are enough to scrap the systems completely, and to send the various fingerprint biometric companies packing. Impressive is an understatement.

There's both a specific and a general moral to take away from this result. Matsumoto is not a professional fake-finger scientist; he's a mathematician. He didn't use expensive equipment or a specialized laboratory. He used $10 of ingredients you could buy, and whipped up his gummy fingers in the equivalent of a home kitchen. And he defeated eleven different commercial fingerprint readers, with both optical and capacitive sensors, and some with "live finger detection" features. (Moistening the gummy finger helps defeat sensors that measure moisture or electrical resistance; it takes some practice to get it right.) If he could do this, then any semi-professional can almost certainly do much much more.

More generally, be very careful before believing claims from security companies. All the fingerprint companies have claimed for years that this kind of thing is impossible. When they read Matsumoto's results, they're going to claim that they don't really work, or that they don't apply to them, or that they've fixed the problem. Think twice before believing them.

Interesting, isn't it? See also: T. Matsumoto, H. Matsumoto, K. Yamada, S. Hoshino, "Impact of Artificial Gummy Fingers on Fingerprint Systems," Proceedings of SPIE Vol. #4

The outcomes of the 20 closest [House of Reps] races would have changed by swinging an average of 2,593 votes each.

Bruce Schneier covered why quantum cryptography doesn't solve any security/secrecy problems in his December 15, 2003 Crypto-Gram.

"It's like defending yourself against an approaching attacker by putting a huge stake in the ground. It's useless to argue about whether the stake should be fifty feet tall or a hundred feet tall, because the attacker is going to go around it. Even quantum cryptography doesn't "solve" all of cryptography: the keys are exchanged with photons, but a conventional mathematical algorithm takes over for the actual encryption."

It's called IPSEC, it's secure on the IP level up so TCP is encrypted over it.
Correct, for suitable levels of 'secure'. Schneier and Ferguson's evaluation of IPSec. It's no panacea... But nothing is :)

The best defence against this? Simply check for a stream of RST packets. They dont come in huge bundles with incrementing sequence numbers often. Detect that signature, block IP, sorted.
What would your preferred way of implementing this defence be? Is it easy to automate on linux (firewalls?)?

Party-appointed technical representatives can audit the whole system. false. The OS was not audited (nor the VirtuOS version 1 electronic ballot box nor the WindowsCE version 2). Other parts of the system were not audited, either.
If there is some flaw in the diskette driver or in the flash memory driver, for example, it could be exploited; it does not seem practical to me, altough, because of the distributed responsabilities in our electoral process (I probably mentioned it before, here or in k5, but I can't find it now). The case is that a Judge is in charge of the machines for each 10k-100k voters (each machine is used in the range of 600-10000 votes).
Many tests are conducted in the machines, by the electoral judges and party officials.
Besides, for the electronic ballots in a machine to be considered valid (-- is this a valid English construct? --) the machine must be reset, and a special ballot report called the "zerésima" (zeroth) has to be taken from it just before the first vote is entered.
India and Brazil have other things in common: illiteracy and poverty. Most of the users of the electronic ballots in Brazil cannot understand what they read on the screen. Electoral candidates in small towns "teach" people to vote on them, by making them memorize the key sequences. false. The photograph of the person you're voting shows up in the screen. The sequence of keys is numeric, and even with our high illiteracy rate, people normally can read numbers. Besides, voting is not mandatory to illiterate people and to people over 65 (as it is for the others [except teens in 16-18 range]), which are the people who have more difficulty with the machines.
I just wonder if these countries couldn't be spending time, money, and minds on more relevant issues. The items above are of fact; this is one of my personal opinion: there is no issue more important than democracy. Here in Brasil, the machines make for a relatively safe (*) electoral process, and smooth to boot (last presidential election took less than 48 hours to count 100M+ votes).
(*) I had the opinion that it was safer than the paper-based process -- that has a lot of security issues, too; thanks to Bruce Schneier, I am less certain now. in here, he shows how few percent of the votes should be swinged to reverse the result of an election. I am still curious how would this apply to our electoral system (**)
(**) Here, for presidential elections, the elections are "direct", "majoritary", in "two rounds" (?! don't know if those are the correct English terms) Meaning: the candidates are voted; if one of them makes >50% of the valid votes, it's the next president; else, new elections 15 days from now with only the two most voted candidates (one of them will make >50% of the valid votes). For parlament elections, the system is of "parties lists", meaning you can vote for a candidate or for a party; the quota of the party in the house is separated and filled with the most voted candidates in that party.

finally, this will be an important concern in the future: already we are able to shop online and the future where all transactions go via the internet is near. one account (a la .NET) will be enough to deal with fueling up a car or buying a bunch of roses. probably then the attitute will change, when some smart scammers burn some people's fingers...

This is exactly the same problems that Bruce Schneier has been trying to warn us about. In the end, we are all responsible for our own security. The illusion of security is extremely dangerous. A significant number of people will choose to believe in the illusion, reducing real security.

Looking at the archives, Crypto-Gram had started to widen its scope to general computer security by the second issue (news item: "The L0pht, a hacker group from Boston, testifies before Congress").

And Crypto-Gram definitely serves a purpose not served by eg Slashdot. The /. editors don't have a fucking clue about crypto or security.

See Bruce Schneier's comments about Magiq and quantum cryptography at Schneier.com:

To quote:

This isn't new. The basic science was developed in the early 1980s, and there have been steady advances in engineering since then. I describe how it all works--basically--in Applied Cryptography, 2nd Edition (pages 554-557).

I don't have any hope for this sort of product. I don't have any hope for the commercialization of quantum cryptography in general; I don't believe it solves any security problem that needs solving. I don't believe that it's worth paying for, and I can't imagine anyone but a few technophiles buying and deploying it.

It's not that quantum cryptography might be insecure; it's that we don't need cryptography to be any more secure.