Cryptographic Security Architecture

← Back to Stories (view on slashdot.org)

Cryptographic Security Architecture

Posted by ryuzaki0 on Monday March 29, 2004 @09:16AM from the trust-but-verify dept.

imaginaryNumber writes "Peter Gutmann distinguishes his renowned cryptographic library, cryptlib, from other security toolkits available by claiming it provides a 'coherent security model' that other toolkits omit. His criticism goes further to say that some security toolkits 'lack real security features altogether.' It comes as no surprise, then, that his recent book, Cryptographic Security Architecture: Design and Verification, is a 320-page paean documenting the coherence and the sure-footed construction of his security toolkit. I am a student of electronic privacy, cryptography, security, and mathematics, and I am an admirer of Peter Gutmann's work. He is prolific in the security field, and Gutmann's website at the University of Auckland is a good introduction to his work. I had the pleasure of meeting him recently in New Zealand, after he agreed to field some questions about his book. As you will read in my review, I highly recommend the book even though it has a handful of flaws. And while I have a great deal of respect for the author's work, I'm not ready to accept all of his ideas as gospel." Read on for the rest of imaginaryNumber's review. Cryptographic Security Architecture: Design and Verification author Peter Gutmann pages 320 publisher Springer-Verlag rating 8 reviewer imaginaryNumber ISBN 0387953876 summary A technical book about security architectures, verification techniques, and cryptographic software and hardware

Cryptographic Security Architecture is a technical book that focuses on security architectures, verification techniques, and cryptographic software and hardware. It is an excellent reference source that intricately captures the design process of a security toolkit that has been in use for several years across the globe. The security architecture presented in the book is platform-independent, but the book does touch on platform-specific issues when necessary, especially when cryptlib implementation details are described. The toolkit has been ported to a slew of platforms.

Even though the book and the toolkit benefit from each other's companionship, both can certainly stand alone. The reader doesn't have to be familiar with or even interested in cryptlib to gain from reading Cryptographic Security Architecture . In this review of the book I will keep toolkit discussion to a minimum. The semi-GPL cryptlib security toolkit is OSI-certified open source. The security toolkit includes an excellent user manual which is a formidable 310 pages.

The Passion of the Cryptographic Security Architecture

Cryptographic Security Architecture's first chapter covers the foundational software architecture and is a bit dull. I would hope that the target audience is familiar with basic subjects like object-oriented design and inter-object communications. Too much attention is given to what should have been prerequisite knowledge at the expense of security related matter. For instance, while Gutmann gives a lot of attention to basic object synchronisation (the Kiwi spelling, which is suitably preferred by him) he only alludes to a class of security issues involved with multi-threading. If you can make it through the first chapter, rest assured that Gutmann avoids this flaw in the rest of the book. To be fair, this back-to-basics review does well at underpinning the rest of the security architecture, even though it often reads like a software architecture primer.

The second chapter covers the security architecture, which features such things as permission-based access, least privilege and isolation, mediation, and other expected elements. The design goals include some common goals, like simplicity and efficient implementation. But three of the design goals represent the core philosophy of Gutmann's architecture: The separation of policy definition and enforcement mechanism, a verifiable design (practical vs. theoretical viability), and a flexible security policy.

The separation of the policy definition from the enforcement mechanism solves problems that exist in previous attempts at security architecture (e.g. some Orange Book-based systems hardcode the policy). One claimed benefit of separation is the reduction of complexity in the enforcement mechanism and the improved verifiability that simplicity brings. But I would argue that complexity has been shifted from the toolkit to the toolkit user, who can opt to configure their specialized security policy. What mechanism is going to be used to verify these user-defined policies? It's unlikely the toolkit user's policy will receive the scrutiny that the open source community bestows upon the factory bits.

But I may not fully understand the capabilities of the security policy scheme. Perhaps, when using Gutmann's cryptlib, it is impossible for the toolkit user to configure an incoherent policy. In George Orwell's 1984, the Party worked to deconstruct the English language so that only 'legal' speech could occur. As designed, Newspeak would make illegal statements unspeakable --- and in time, unthinkable. I'm unconvinced that Gutmann's security policy scheme is such a controlled means of expression, where only safe security policies can be spoken. Granted, one could always use the predefined policies, but this path undermines a chief design goal of the architecture: a flexible security policy.

Notwithstanding my nitpicking about the policy, the security architecture chapter is a good example of how the book shines. Gutmann covers in detail his design process and chocks the chapter full of references for the reader's further study. In all, there are almost 700 reference listings, which consume 15% of the book's 320 pages.

The policy definition scheme is followed by a detailed discussion of the security kernel implementation. (The kernel is the policy enforcement mechanism, referred to earlier.) Like most of the book, the writing is as dense as most detailed architectural designs and sometimes sleep-inducing. But Gutmann's writing style is clear, concise, and sometimes funny. Gutmann's writing talent makes even descriptions of "Access Control List for public-key/certificate access" and "Access Control List for an attribute that triggers an object state change" endurable.

Verification techniques for the security architecture are a major theme of the book. Anyone who has attempted to verify that software does what it was specified to do, especially in the security field, will find Gutmann's insights worthwhile reading. This is especially true for anyone who has ever done a Common Criteria-based evaluation, or a verification employing any of its ilk. Gutmann makes an excellent point about the semantic pitfalls of formal methods: "As with ISO 9000, it's possible to produce an arbitrarily bad product but still claim it's correct, since it complies with the paperwork."

Cryptographic Security Architecture also contains the obligatory chapter on random number generation. The chapter includes more of Gutmann's trademark insights. He discusses many software and hardware implementations, including the generators contained in: PGP (Pretty Good Privacy), /dev/random, ssh, Capstone / Fortezza, Intel Pentium III, Microsoft's CryptoAPI, cryptlib, and others. Random number generation flaws abound. For example, he discusses the flaws in the ssh and SSLeay/OpenSSL generators that make it possible to "...suck infinite amounts of state information out of [the random number generators] by repeatedly connecting to the server..."

Towards the end of the book, Gutmann includes a dessert-like discussion of hardware encryption modules. Gutmann's predilection for security hardware is evident as he writes about problems with crypto on end-user systems. This chapter includes all sorts of cryptographic hardware including the designed-for-hostile-environments HiDan embedded PC. One interesting technique to secure modules like the HiDan is to pour a hardening material (e.g. epoxy) into the chamber before sealing it shut.

Regarding the book's construction, while the references are excellent, the glossary and index are poor. Even if you rely on external sources for acronyms, as the author suggests, some of his acronyms are not included in the glossary. For instance, it took me awhile to determine that CMP stood for Certificate Mismanagement Protocol. The index is also oddly incomplete, considering Gutmann's otherwise good documentation habits.

Conclusion I expected Cryptographic Security Architecture to treat the topic of security architecture in a general way, offering many alternatives for designers to ponder while designing their own security architecture. The book does this, but often Gutmann whittles down the prudent design options to one, with most paths arriving at a single destination, namely Gutmann's cryptlib. Don't get me wrong: It's good to be decisive when faced with many architectural tradeoffs, and the ugly alternative is all too often design paralysis. And it's no surprise that cryptlib, according to Gutmann, contains the best architectural elements - he is the author of both the book and the toolkit. Still, the homage to cryptlib often made me unsure that a wide spectrum of design options had been considered: Did the security architecture spawn the cryptlib implementation, or did the implementation spawn the architecture?

To be clear, the strong points of the book (and concepts therein) far outnumber the weak ones, and I highly recommend it to anyone interested in security architectures, verification techniques, and cryptographic software and hardware in general. Simply put, the book is excellent and it should expand most reader's knowledge of cryptographic security.

You can purchase Cryptographic Security Architecture: Design and Verification from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

134 comments

Min score:

Reason:

Sort:

Pests by Anonymous Coward · 2004-03-29 09:19 · Score: 0, Informative

Four comments, all troll. Somebody do something.
An interesting crypto library by WilliamsDA · 2004-03-29 09:20 · Score: 3, Informative

Tom St. Denis has a nice crypto library at libtomcrypt.org. I like it, anyway.. it's worth a look :)
1. Re:An interesting crypto library by Anonymous Coward · 2004-03-29 09:34 · Score: 2, Funny
  
  Dude! I just ran strings on it! Look: _DYNAMIC _GLOBAL_OFFSET_TABLE_ __gmon_s tart__ _fini __cxa_finalize _Jv_RegisterClasses CRYPTO_get_new_lockid sk_new_null BUF_strdup sk_push CRYPTO_free ERR_put_error CRYPTO_num_lo cks CRYPTO_get_new_dynlockid CRYPTO_lock CRYPTO _malloc sk_find CRYPTO_destroy_dynlockid Screw it, this hard, Just ROT13 everything ....
2. Re:An interesting crypto library by Anonymous Coward · 2004-03-29 10:14 · Score: 2, Interesting
  
  Before using libtomcrypt, read Tom St. Denis' postings to sci.crypt on various topics.
  
  Perhaps an immature wanker who flames in 3 out of 5 of his posts can write a really solid crypto library. Why bother, though, when there are solid libraries that already exist and you don't have to deal with the preening little 19 year old?
3. Re:An interesting crypto library by tomstdenis · 2004-03-29 10:18 · Score: 0, Offtopic
  
  Exactly my point! Stop using my library ya thieves!!!
  
  To nitpick though I'm a "preening little 21.99 yr old". I have been 19 since I was 19.
  
  --
  Someday, I'll have a real sig.
4. Re:An interesting crypto library by Anonymous Coward · 2004-03-29 15:41 · Score: 0
  
  Yes, but don't ask him any questions that aren't answered in a book or research paper somewhere, or derivable from mathematical axioms, or he'll flame the flying fuck out of you.
5. Re:An interesting crypto library by Bostik · 2004-03-30 01:35 · Score: 1
  
  I read sci.crypt regularly, even if I don't post there. Granted, Tom comes forward as someone who has certain attitude problems (yes, I'm willing to go on record saying this) but the library is still a marvelous piece of work. It's not like we haven't seen controversial personalities in this field before. Also, LTC is nothing but a simple building block, and you can actually verify its functionality and integrity by running the algorithms against any known and verifiable test vector sets. (Locating these is left as an exercise for those interested.) Memory checkers such as valgrind and NJAMD can be used to ascertain that the library routines themselves work without memory flaws. (Especially dangerous when working with crypto, we wouldn't want to overwrite wrong data...)
  
  The API is consistent, even if at times the need to return error codes means that the amount of bytes processed is written to a passed argument. And indeed, as another poster said, LTC is damn pretty and easy-to-use crypto library. Most of all, it's trivial to use only the parts you need and embed those to any program you're writing.
  
  --
  There is no such thing as good luck. There is only misfortune and its occasional absence.
Who worries about security these days anyway? by Anonymous Coward · 2004-03-29 09:21 · Score: 1, Funny

It's too much of a hassle at the computer level. You just need a guy checking the door at your work. We pay a high school kid (part timer) and it's been great for us.

I fail to see how this "cryptography" is anything more than another attempt at making nerds seem valuable. Self-promoting sons of bitches gonna get swirlies if they cross my path.
Paean by Anonymous Coward · 2004-03-29 09:22 · Score: 5, Funny

Had to look it up. Now I will never be quite sure if some is saying 'A pain in the ass' or a 'A paean in the ass'. They mean very different things.
Reverse Security by superpulpsicle · 2004-03-29 09:22 · Score: 0, Troll

What worries me all the time is security concepts being opened to the public.

If there are public information on how to build an ATM. Doesn't that technically make the ATM crackable from a reverse engineering standpoint. This pretty much can apply to anything.
1. Re:Reverse Security by DR+SoB · 2004-03-29 09:24 · Score: 1, Funny
  
  An ATM is crackable from a reverse engineering standpoint, just unscrew all the bolts, and take the money out. Now if those bolts were encrypted, you'd have a real hard time finding the proper screwdriver!!
  
  --
  Mod +5 Drunk
2. Re:Reverse Security by namidim · 2004-03-29 09:27 · Score: 5, Interesting
  
  Relying on secret design to ensure security is what is known as seucrity through obscurity and is generally frowned upon by the security community the first thing you do when designing a secure system is assume that the attacker knows exactly how it is set up. In the case of ATMs if one designs the security around the attacker not knowing the design what happens when an ex-employee decides to make a quick buck?
3. Re:Reverse Security by Anonymous Coward · 2004-03-29 09:29 · Score: 1, Informative
  
  One of the main concepts of cryptography is that security rests in the keys, not in the algorithm. Security through obscurity isn't a good thing.
4. Re:Reverse Security by Abcd1234 · 2004-03-29 09:31 · Score: 4, Insightful
  
  Umm, if you can reverse engineer a security device, and by doing this, defeat the security of that device, then the device wasn't secure to begin with.
  
  Okay, I'll put it another way. Everyone knows how to do DES. The math is quite well understood. However, this doesn't make DES any less secure. In fact, it makes it more secure, because people, due to the openness of DES, have been able to find flaws in the algorithm (such as weak key groups).
  
  Now, in the case of the ATM, if an ATM is designed such that breaking the machine open is sufficient to nullify the bank's security systems, then the bank needs to rethink how it's ATM's work, as their system isn't truly secure.
5. Re:Reverse Security by Anonymous Coward · 2004-03-29 09:33 · Score: 1, Funny
  
  Security through obscurity isn't a good thing.
  
  Oh yeah? Prove it: hack my (an AC's) box!
6. Re:Reverse Security by Anonymous Coward · 2004-03-29 09:34 · Score: 2, Interesting
  
  Actually there are stories of ATMs being cracked into, since ATMs invariably run on some kind of operating system. And yes, I get that it's just an example.
  
  However, to answer your question, the reason security concepts are being opened to the public is mainly because they have to be standardized rather than oligopolized. This allows the security concepts (like RSA algorithms, DES, Blowfish, PKI) to be used on various platforms with various tools. If it were closed, or discreet, it would be even more inconvenient for people to use, and thus people would be less likely to use it, thus rendering it useless.
7. Re:Reverse Security by mdfst13 · 2004-03-29 09:35 · Score: 2, Insightful
  
  Most of the people who have the foundation to understand how security principles work will have access to these concepts anyway. Or to put it another way: most of the people that only find this stuff out from books like these won't be able to apply what's here because they lack the necessary foundation.
  
  I am more concerned about people in the know making easy to use software that automates cracking functions than I am about them writing books. In general, the books require considerable knowledge to apply. A tool kit that includes things like "function brute_force($num_characters_to_try, $ip_number, $port)" can be used by the same kinds of idiots who write viruses (which are usually generated by tools).
  
  It's like with nuclear weapons. The basics of building a bomb are relatively well known (used to be available at the local library in some places). The problem is generating the enriched plutonium (requires a nuclear reactor).
8. Re:Reverse Security by taniwha · 2004-03-29 09:43 · Score: 3, Interesting
  
  Everyone knows how to do DES. The math is quite well understood. However, this doesn't make DES any less secure.
  exactly - in fact suppose I want to hack into an ATM - if I'm bright I'll certainly look at the open source ATM code ... and if it is indeed well designed and protected by lots of lovelly large primes that I don't know I'll probably look elsewhere. On the other hand Diebold's recent voting machine snafu's would probably have me looking long and hard at any ATM they make (or in my case be looking for a different bank to put my money in should my bank start using them)
9. Re:Reverse Security by Neil+Blender · 2004-03-29 09:51 · Score: 5, Funny
  
  I'm halfway there. Your IP is 127.0.0.1, right? I'm about to fuck your box to high heaven.
10. Re:Reverse Security by Anonymous Coward · 2004-03-29 10:09 · Score: 0
  
  Everyone knows how to do DES. The math is quite well understood.
  
  Not by me, it isn't..
11. Re:Reverse Security by Saeed+al-Sahaf · 2004-03-29 10:12 · Score: 1
  
  protected by lots of lovelly large primes
  And exactly WHICH of these primes is not know to the public? Perhap, and JUST perhaps, the NSA has been hording big primes, but I seriously don't think Diebold has access to them. If its prime factors that prevent you from cracking the system, you have bigger problems than knowing how to do DES.
  
  --
  "Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
12. Re:Reverse Security by quetzalc0atl · 2004-03-29 10:20 · Score: 3, Insightful
  
  this may be true of algorithms, but you may still want to keep the implementation secret.
  
  most practical attacks utilize flaws in the implementation, not the algorithms.
  
  to use the atm analogy, most atms use hardware that is protected by anti-reverse engineering schemes such as X-ray detectors, temperature detectors (to prevent someone from freezing the memory cells - which can sometimes keep data around for up to several weeks!), and a +-ground mesh that has been potted in polymer resin. a short in any of the things will erase the keying material in SRAM.
  
  in other words...alot of work and money has gone into keeping the hardware secure, not the kind of thing that is "open source"! altho the crypto algorithms themselves, as you have pointed out, are better served by having peer review and full disclosure.
13. Re:Reverse Security by djbrums · 2004-03-29 10:33 · Score: 1
  
  It's not clear to me that the "mathematics" of DES *is* understood. It's clear what it's doing, but designing the s-boxes still is a black-art, AFAIK.
  
  Also, from the post, the goal of crypto is to make the *only* secret the secret key. The goal is not to make the *algorithm* secret. There is work on code obfuscation where the goal is to make the code secret. It's okay to compare reverse engineering ATM's to crypto, but realize that the goals are different. One is an academic disciple, abstract in many ways, one is an engineering effort.
  
  (And another reason crypto is often published is it's so hard to get right, people need to check each other's work. So publishing to some extent is a sanity check that you didn't do something stupid.)
14. Re:Reverse Security by pjt33 · 2004-03-29 10:51 · Score: 1
  
  It's not clear to me that the "mathematics" of DES *is* understood. It's clear what it's doing, but designing the s-boxes still is a black-art, AFAIK.
  You can analyse robustness against differential and linear attacks. See for example notes on the S-box generation of Tiger.
  (And another reason crypto is often published is it's so hard to get right, people need to check each other's work. So publishing to some extent is a sanity check that you didn't do something stupid.)
  There's also the "Publish or die" aspect of academic security research.
15. Re:Reverse Security by djbrums · 2004-03-29 11:28 · Score: 1
  
  You can analyse robustness against differential and linear attacks. See for example notes on the S-box generation of Tiger.
  Robustness against diff/lin attacks is not the same as understanding the mathematics of an sbox. this only shows security against a few known attacks, but does not reduce the security of the sbox to intractiblity or information-theoretic limits.
  Good link, though.
16. Re:Reverse Security by timeOday · 2004-03-29 11:37 · Score: 2, Funny
  
  And exactly WHICH of these primes is not know to the public? Perhap, and JUST perhaps, the NSA has been hording big primes
  Good news, there's an INFINITE supply!
17. Re:Reverse Security by Saeed+al-Sahaf · 2004-03-29 12:22 · Score: 1
  
  Of course, but the ones that are "known" are known.
  
  --
  "Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
18. Re:Reverse Security by Medieval_Thinker · 2004-03-29 12:51 · Score: 1
  
  It is understood well enough that high school kids have written programs to crack 32 bit DES in real time through a web interface. He has a fairly good explanation on the site.
  Josh
  Now... I will confess that he uses a restricted key space and requires MS documents to be encrypted for the real time crack so he can take advantage of formatting clues, but still.
19. Re:Reverse Security by Anonymous Coward · 2004-03-29 14:57 · Score: 0
  
  Would have been slightly better if you weren't logged in?
20. Re:Reverse Security by Anonymous Coward · 2004-03-29 16:35 · Score: 0
  
  It's not a matter of knowing the prime, it's a matter of knowing which prime.
  
  Let me put it this way: If you know that the solution is one in a set of only 100, but it takes you a week to try each one, you can expect to be waiting for about a year before you crack it.
ubercrypto by Anonymous Coward · 2004-03-29 09:23 · Score: 0

He is prolific in the security field, and Gutmann's website at the University of Auckland ...

has just been hacked.
quick synopsis by spangineer · 2004-03-29 09:27 · Score: 4, Informative

Quick synopsis of the book (if you don't have time to read the whole review):

"A cryptographic security architecture constitutes the collection of hardware and software that protects encryption keys and other related security parameters from misuse. If the process used to generate the cryptographic code is insecure then even the most sophisticated protection mechanics will not do any good. This topic is extremely important, especially for "embedded"-hardware products and services like smart cards. The author offers a novel design that allows for a great deal of customization."
Re:Dear Gibson/Gutmann by grub · 2004-03-29 09:31 · Score: 3, Funny

Isn't it The Passion of the Christ Security Architecture?

J.C. was very well secured; those fancy nails has large, flat heads on them so he couldn't slip off. Rumour has it they were going to resort to washers before they found those.

--
Trolling is a art,
Re:Dear Gibson/Gutmann by Anonymous+Crowhead · 2004-03-29 09:39 · Score: 0, Offtopic

"If you were plowing a field, which would you rather use? Two strong oxen or 1024 chickens?"

I'd go with the chickens, but then again, I'm a dirty hippy.
Re:MOD PARENT DOWN [Re:An interesting crypto libra by PhilippeT · 2004-03-29 09:42 · Score: 0

LOL Moderator didnt look at the posters name... Tom St Denis... or LibTomCrypt

--
A psychopath can't tell the difference between right and wrong. A sociopath knows the difference - he just doesn't care.
warning! LibTomCrypt highly insecure! by Anonymous Coward · 2004-03-29 09:44 · Score: 0

Tom St. Denis si teh incompetant programer!

Also, I would avoid any of his works until the allegations of child/dog rape are resolved. Search google news for more on this.
1. Re:warning! LibTomCrypt highly insecure! by tomstdenis · 2004-03-29 09:59 · Score: 1
  
  Hey hey hey, those were "allegations" I haven't been convicted!
  
  Stupid AC misleading the others.
  
  --
  Someday, I'll have a real sig.
Encryption / circumvention by Anonymous Coward · 2004-03-29 09:47 · Score: 1, Insightful

Looks to be a good book. I'm planning on getting a copy ASAP ... no doubt the DMCA will censor this book (it has provisions against crypto technology) before too long. In these times of censorship and technological tyranning, I feel sad to be an American :-(
Re:Paean (yes it is funny) by fishybell · 2004-03-29 09:47 · Score: 4, Informative

For all of those moderators out there that are unaware, the above post is indeed funny.

From Dictionary.com:

paean also pean
n.

1. A song of joyful praise or exultation.
2. A fervent expression of joy or praise: "The art... was a paean to paganism" (Will Durant).
3. An ancient Greek hymn of thanksgiving or invocation, especially to Apollo.

So "A paean in the ass" or "A [fervent expression of joy] in the ass" is indeed very different from "a pain in the ass."

--
><));>
Cryptlib contains code that violates GPL by Puzzleer · 2004-03-29 09:48 · Score: 4, Interesting

The funny thing is that Cryptlib is supposedly GPL, but it contains cryptography code by Eric Young (author of the original ssleay that became OpenSSL). Eric Young's code has an advertising clause. Hence, some of the code in the supposedly GPL'd cryptlib violates the GPL.
1. Re:Cryptlib contains code that violates GPL by irokitt · 2004-03-29 09:54 · Score: 2
  
  Apache (No, really, we're still compliant!), XFree86 (F*ck you Linux!), and now cryptlib (Shhh! Noone else knows...). Now I'm depressed. What next? WINE?
  
  --
  If my answers frighten you, stop asking scary questions.
2. Re:Cryptlib contains code that violates GPL by tomstdenis · 2004-03-29 10:04 · Score: 1
  
  What's the problem? Just use gnupg [see this memo for more info].
  
  --
  Someday, I'll have a real sig.
3. Re:Cryptlib contains code that violates GPL by Amon+Re · 2004-03-29 10:36 · Score: 1
  
  Crypto++ seems like a better alternative then.
4. Re:Cryptlib contains code that violates GPL by Anonymous Coward · 2004-03-29 10:40 · Score: 0
  
  What's the problem? Just use gnupg [see this memo for more info].
  
  Translation: Waaah! People just keep using gnupg and pgp and openssl and not myyyyyy libraryyyy! Mommy! Get them!
5. Re:Cryptlib contains code that violates GPL by tomstdenis · 2004-03-29 10:43 · Score: 1
  
  Actually more like
  
  "waah! I wanted to contribute patches and the developers ignored me outright!!!! mommmmy!"
  
  And also, as of tonight your services are no longer required. /. has enough assholes.
  
  --
  Someday, I'll have a real sig.
6. Re:Cryptlib contains code that violates GPL by Anonymous Coward · 2004-03-29 10:47 · Score: 0
  
  No wonder they ignored you. No need to reply, I'll just assume you said something equally insightful.
7. Re:Cryptlib contains code that violates GPL by Anonymous Coward · 2004-03-29 10:49 · Score: 0
  
  Funny how you are the only one who hasn't been able to get patches in. Could it be... a conspiracy?!?!?!
  
  By the way, I'm just an AC lameass who posts with a score of 0. By replying to me, you elevate my posts. If you ignored me, nobody would even see this. Moron.
8. Re:Cryptlib contains code that violates GPL by tomstdenis · 2004-03-29 10:51 · Score: 2, Interesting
  
  Wonder no longer... This is what I wrote [and yes you may now feel stupier than you already are...] ----------------- Hello, I'm new to the GNUPG devel scene and would like to contribute some patches http://iahu.ca:8080/mygpg_patches .tar.bz2 [MD5SUM 8b2da885281114a5c0275ed7f954c878] The patches are to the files in the /cipher/ directory. A quick summary of the changes - Clean up the code, use portable load/store macros - Added test vectors to the hashes - Made all ciphers/hashes call test routine in their register function - Re-placed Rijndael with a much cleaner [and slightly more flexible] version - Added load/store macros to algorithms.h - removed burn_stack from each file and made one global copy The patches add two new files /ciphers/aes_tab.c and /ciphers/burn_stack.c, the latter has to be added [I dunno how] to the make system [I did it manually to test the build myself]. I'd like to also contribute the following [depending on interest] - Fixed up Tiger with test vectors - WHIRLPOOL hash function - Cleanup to the MPI code. Tom
  
  --
  Someday, I'll have a real sig.
9. Re:Cryptlib contains code that violates GPL by tomstdenis · 2004-03-29 10:54 · Score: 1
  
  Maybe others have tried and were rejected too? I'm just louder than the average net-peon.
  
  That and your mother is a loose whore. Stupid bitch.
  
  --
  Someday, I'll have a real sig.
10. Re:Cryptlib contains code that violates GPL by Anonymous Coward · 2004-03-29 10:56 · Score: 0
  
  So, yeh, that makes sense. Let's make huge changes to the crypto engine of a stable product just because Tom St. Dickless says he wants to contribute. Whee! Lets even add a brand new hash that violates the rfc standard! All because Tom said so! All hail Tom! I spread my butt cheeks for Tom!
11. Re:Cryptlib contains code that violates GPL by tomstdenis · 2004-03-29 10:59 · Score: 1
  
  Um did you read the msg? I *added* test vectors to the code. So if anything my code is less likely to fail. Not only that but um, I do happen to have my own set of crypto functions which you have failed to find bugs in.
  
  So if I'm such a weak developer get a copy of libtomcrypt and let loose with the bug reports [in any public forum to show how bad I am].
  
  Fucktard, learn to read before you become a critic.
  
  --
  Someday, I'll have a real sig.
12. Re:Cryptlib contains code that violates GPL by Anonymous Coward · 2004-03-29 11:00 · Score: 0
  
  Maybe others have tried and were rejected too? I'm just louder than the average net-peon.
  
  $ wc -l gnupg/THANKS
  240
  
  Crikey! 200+ people didn't seem to have a problem.
  
  That and your mother is a loose whore. Stupid bitch.
  
  Ah, the hallmark of someone losing an argument.
13. Re:Cryptlib contains code that violates GPL by Anonymous Coward · 2004-03-29 11:02 · Score: 0
  
  I do happen to have my own set of crypto functions which you have failed to find bugs in.
  
  You do realize this is not how secure code works, right? Oh wait, in Tom-land it does because shouting and cursing loud enough makes it true.
14. Re:Cryptlib contains code that violates GPL by tomstdenis · 2004-03-29 11:04 · Score: 2, Interesting
  
  Well I can't think of a valid reason to ignore my patches. And those 200+ people how many were oh I noticed 1 char is out of whack... how many contributed more than 10 lines of code?
  
  Just like allegro for instance [which is a wicked coo package] has a whole slew of "authors" [I'm one of them] who have mostly just contributed a line or two at most. [IIRC I contributed about 7 lines or so to a 3d clipping function... ;-)].
  
  As I say in sci.crypt if you find fault with my ideas, posts, projects, packages, etc, then actually post what exactly is at fault. Hand waving and wild accusations make not for good argument.
  
  BTW I hardly doubt 240 people worked on the /cipher dir. Cuz the code is really horrible and not that big to begin with..
  
  --
  Someday, I'll have a real sig.
15. Re:Cryptlib contains code that violates GPL by tomstdenis · 2004-03-29 11:09 · Score: 2, Interesting
  
  Um, squatard I have audited my code quite a bit [you will note that most bugs in the LTC changelog are attributed to myself].
  
  I *think* my code is secure [or at least statically secure]. Hey, you think otherwise? That's good, you want to scream about it in public? Why not prove it?
  
  --
  Someday, I'll have a real sig.
16. Re:Cryptlib contains code that violates GPL by Anonymous Coward · 2004-03-29 11:16 · Score: 2, Informative
  
  I *think* my code is secure [or at least statically secure]. Hey, you think otherwise? That's good, you want to scream about it in public? Why not prove it?
  
  Funny how you feel so persecuted. Look back at my messages. Did I ever once say your code wasnt good? I have never looked at it, and don't really care to, so I have no way to tell if it is good or not. My complant is that you're an asshole. I don't think someone who acts as unprofessionally as you is worth dealing with. Your behavior does not fill me with the necessary amount of trust to use code you have written. I'd rather use openssl.
17. Re:Cryptlib contains code that violates GPL by tomstdenis · 2004-03-29 11:21 · Score: 4, Insightful
  
  oh, sorry my bad. You're right I am an asshole.
  
  --
  Someday, I'll have a real sig.
18. Re:Cryptlib contains code that violates GPL by Anonymous Coward · 2004-03-29 12:14 · Score: 2, Informative
  
  The funny thing is that Cryptlib is supposedly GPL
  Is not.
  I know this is slashdot, but is it too much to expect 6 seconds of research?
19. Re:Cryptlib contains code that violates GPL by Anonymous Coward · 2004-03-29 15:45 · Score: 0
  
  Most. Insightful. Post. Ever.
20. Re:Cryptlib contains code that violates GPL by tomstdenis · 2004-03-29 15:49 · Score: 1
  
  I thought so. It had like words and I think a verb or two.
  
  More importantly your mother is a whore.
  
  --
  Someday, I'll have a real sig.
21. Re:Cryptlib contains code that violates GPL by alex_tibbles · 2004-03-29 20:36 · Score: 1
  
  I am impressed - you called yourself an arsehole (modulo spelling) and got moderated insightful - ouch!
  
  --
  Posters recognized by their sig,
Here's a different viewpoint: by Anonymous Coward · 2004-03-29 09:49 · Score: 0, Flamebait

I think all the crypto-books are wrong. One-time pad is only secure based on the assumption that random numbers do exist.
1. Re:Here's a different viewpoint: by tomstdenis · 2004-03-29 09:55 · Score: 0, Flamebait
  
  Oh how cute. I know you were trying to be a smartass but you fail it.
  
  "random numbers" do not exist at all [ever]. At best "random number *generators*" [relatively speaking] may exist.
  
  So next time how about you get a clue before you grab hold of the big wide internet and try to speak in the big-boy voice.
  
  --
  Someday, I'll have a real sig.
2. Re:Here's a different viewpoint: by tomstdenis · 2004-03-29 10:14 · Score: 0, Offtopic
  
  I don't have an ego problem, I just think I'm smarter than most /. idiots. Which isn't saying much as I graudated from public school.
  
  --
  Someday, I'll have a real sig.
3. Re:Here's a different viewpoint: by Anonymous Coward · 2004-03-29 11:03 · Score: 0
  
  I think all the crypto-books are wrong. One-time pad is only secure based on the assumption that random numbers do exist.
  
  According to the Handbook of Applied Cryptography (definition 1.39): "If the key string is randomly chosen and never used again, the Vernam cipher is called a one-time system or a one-time pad."
  
  So one-time pads are secure - but they don't actually exist if random numbers don't exist.
Re:Any comparisions using different compilers? by Anonymous Coward · 2004-03-29 09:51 · Score: 0

Yes, the Fedora Core binaries are all developed under GNU/Linux tools, like "vi" and "gcc", then ported to Visual Studio Pro dotNET and built/tested under Windows 2K before the final release. This enhances the user experience and decreases download time.
Re:Good FUCKING Lord! by Anonymous Coward · 2004-03-29 09:58 · Score: 0

True. Security through obscurity as a bad practice only means one thing. When designing crytographic algorithms, you should not bank on the obscurity of the algorithm giving you security. Kertchoff's Law is that you should assume the attacker has full details of the algorithm. All the security should rely in the key. That is, knowledge of the algorithm shouldn't be why you think your system is secure. That's all it means!
Re:i got stoned with my mom... by Anonymous Coward · 2004-03-29 09:58 · Score: 0

"Mother's day weekend" isn't that sweet?!!! Guess the little punks shoulda gotten her something better than a homemade card with "mommy" on in in macaroni.
Self Promotion, and Incoherent Policies by Sensitive+Claude · 2004-03-29 09:59 · Score: 5, Insightful

His criticism goes further to say that some security toolkits 'lack real security features altogether.' It comes as no surprise, then, that his recent book... is a 320-page paean documenting... his (own) security toolkit.

Wouldn't it be more helpful, not to mention better motivation to purchase his own security toolkit, if he were to go into more detail of what is wrong with other toolkits than just saying they 'lack real security features altogether.'

Why not write a short critique of other toolkits, ideally explaing advantages and disadvantages each one has..... or is this not supposed to be a book on Security in general, but just documentation on his own toolkit?

I suppose even if you don't want to buy his toolkit you can get ideas from reading about it.

But I may not fully understand the capabilities of the security policy scheme. Perhaps, when using Gutmann's cryptlib, it is impossible for the toolkit user to configure an incoherent policy. In George Orwell's 1984, the Party worked to deconstruct the English language so that only 'legal' speech could occur. As designed, Newspeak would make illegal statements unspeakable --- and in time, unthinkable. I'm unconvinced that Gutmann's security policy scheme is such a controlled means of expression, where only safe security policies can be spoken. Granted, one could always use the predefined policies, but this path undermines a chief design goal of the architecture: a flexible security policy.

Problem with this is that Managment who don't understand the software are often making the decisions, and that is why there are incoherent policies. Maybe if you have pre-defined policies to work with, all of which will work, then Management can choose from the pre-defined policy, resulting in much less hair pulling frustration to the admin.

--
Promote Sensitivity on Slashdot, make me your friend.
1. Re:Self Promotion, and Incoherent Policies by SiliconEntity · 2004-03-29 19:11 · Score: 1
  
  Wouldn't it be more helpful, not to mention better motivation to purchase his own security toolkit...
  
  Cryptlib is GPL'd, although you can buy a commercial license as well. But you don't have to pay anything if you are using it in a GPL project.
  
  Another thing not noted in the review, the book is actually Peter's PhD thesis. It's pretty technical; I looked through a draft at a crypto conference. I don't think it would be of interest other than to the kind of person who might be wanting to implement a crypto library. Just my opinion.
2. Re:Self Promotion, and Incoherent Policies by ronys · 2004-03-29 20:59 · Score: 2, Insightful
  
  The book may be flawed in that it doesn't look at other toolkits, but I don't think that his motivation is to sell cryptlib, which is available "under the GPL-compatible Sleepycat dual license, which means you can use it under the GPL terms or under standard commercial terms, depending on your preference." [http://www.cs.auckland.ac.nz/~pgut001/]
  
  --
  Ubi dubium ibi libertas: Where there is doubt, there is freedom.
3. Re:Self Promotion, and Incoherent Policies by abulafia · 2004-03-29 21:10 · Score: 1
  
  Hi, just jumping in as someone who does this for a living. I doubt that Gutmann could make any sane statements of policy. He clearly thinks his libs are great, as I would expect. Wouldn't you? Policy means asking about your environment. What do you need? how much do you lose if you don't hit your security targets? What does your enterprise lose if you're exposed? Hell, what is exposure? As far as policy goes... sorry, security is not a thing you buy, it is a behaviour. You _do_ have it or not, but it doesn't come from buying something; it comes from acting in a risk-aware fashion. And that's from the phone-monkey on up to the exec-monkeys, only at some points touching the code-monkeys. If anything, the IT execs are normally doomed, because everything has already been decided, and security is supposed to be a check-list item. This, for an environment that has never had a security evaluation. (First questions: what is at risk? What is dangerous if disclosed? I have not read the book yet, but I will. Gutmann has been a great resource in the past, and I can only hope he will continue to be one. -j, wishing security notices were normally as sensible as Gutmanns.
  
  --
  I forget what 8 was for.
Crypto only as safe as the math under it by G4from128k · 2004-03-29 10:00 · Score: 5, Informative

Having not read this book, I don't know if the author addresses the issue, but one key potential weakness in many crypto systems is the math at the core of them. Although the difficulating in cracking many crypto systems scales exponentially with the number of bits in the key, no one can gaurantee that a given size key is intractable. The formula for the time required is a*b^N, but nobody can gaurantee that a and b aren't small numbers.

If some mathematician creates an easy way to factor large numbers (and they have been finding better and better ways to do this), then systems like RSA become vulnerable even if they use umpteen bits. Any math-based crypto system faces this challenge. Ironically, the strength of the system is, in part, based on the weakness of out understand of the math. Unless someone can prove that a lower bounds exists, the system is of unknown uncrackability.

--
Two wrongs don't make a right, but three lefts do.
1. Re:Crypto only as safe as the math under it by Coryoth · 2004-03-29 10:24 · Score: 2, Interesting
  
  If some mathematician creates an easy way to factor large numbers (and they have been finding better and better ways to do this), then systems like RSA become vulnerable even if they use umpteen bits.
  
  In fact, if the factoring is sufficiently efficient the whole system comes to bits. Yes you can just double the key size to make it unfactorable, but you can only do that so many times before
  
  (1) The key gets so large that it is hard to manage (this is certainly at the upper end, but large keys can be problematic).
  (2) The key gets so large that the encryption process is too slow (faster computers mean faster encryption, but also faster cracking).
  
  Oddly enough, there are upper bounds on key size, as well as the lower bounds provided by how easily the problem can be solved. Once these bounds overlap, the system is effectively compromised.
  
  Jedidiah
  
  --
  Craft Beer Programming T-shirts
2. Re:Crypto only as safe as the math under it by Anonymous Coward · 2004-03-29 12:18 · Score: 0
  
  You know, I've been wondering about just how many large prime numbers we're talking about. Does anyone have a link to an exhaustive list of large primes covering any slice of the the 512..2048 bit space?
  
  is a huge number space and me wants to know _just how many primes live there! ... are there, like 5? or more like 5e55 to pick from?
3. Re:Crypto only as safe as the math under it by Findus+Krispy · 2004-03-29 12:36 · Score: 1
  
  Well in a way that is not really intersting for a crypto person, only a mathematician. A crypto person need only know what a given class of algorithims do, whether they are currently known to be unbreakable, and then use the right one appropiately.
  
  I have a very basic understanding of crypto, so for example I know what a secure hashing algorithim does, but I may be tempted to use it for a hash where the reverse transform is not actually important, but where some properties of a hash like that may actually introduce a vulnerability.
  
  Provided I am able to determine the features an algorithm must exhibit, I can then choose one that has those features which is known to be safe at the present time using a given key length.
4. Re:Crypto only as safe as the math under it by Coryoth · 2004-03-29 13:44 · Score: 2, Informative
  
  I believe the number of primes less than n tends asymptotically toward n/log(n) as n increases. Given how big 2048 bit numbers are, I would suggest we can take n/log(n) as a pretty accurate count for ballpark work.
  
  So, working sketchily, we're talking roughly 2^2040 primes in that range (note, that's pure ballpark, but it does give a rough order of magnitude - we're talking LOTS of primes, not just a few).
  
  Jedidiah.
  
  --
  Craft Beer Programming T-shirts
Re:I used to work with PETER GRUBMANN by tomstdenis · 2004-03-29 10:01 · Score: 1

Um jackass, you replied to the wrong thread. This thread was about the crappy full of bugs LibTomCrypt library.

--
Someday, I'll have a real sig.
Re:Good FUCKING Lord! by Anonymous Coward · 2004-03-29 10:04 · Score: 0

Good FUCKING Lord, you're arrogant and stupid. The top-level post is correct, ignoramus.
So what the heck do I do? by e9th · 2004-03-29 10:05 · Score: 1, Insightful

I'm not a number theorist. I don't have the time to audit every line of code (even if it's open source) in a library.
So how can I trust anybody's crypto code?
1. Re:So what the heck do I do? by Anonymous Coward · 2004-03-29 10:16 · Score: 2, Funny
  
  Hello, I'm from Microsoft and I'm here to help you.
2. Re:So what the heck do I do? by tomstdenis · 2004-03-29 10:30 · Score: 1
  
  Um no. Everyone is out to get you specifically.
  
  --
  Someday, I'll have a real sig.
3. Re:So what the heck do I do? by Coryoth · 2004-03-29 10:30 · Score: 2, Insightful
  
  I'm not a number theorist. I don't have the time to audit every line of code (even if it's open source) in a library.
  
  So how can I trust anybody's crypto code?
  
  You presume that as long as the code is openly published, and at least somewhat widely used, that there are number theorists and crypto experts picking through it. As far as popular open crypto code goes, that is certainly true.
  
  That's not to say people couldn't slip a backdoor in, but if you're publishing your code openly, there's always a chance you'll get caught - and after that happens people will be much slower to trust any of your code thereafter. So in that sense, it's not even the fact that people are looking at the code that counts, but rather the mere threat that someone might.
  
  Jedidiah.
  
  --
  Craft Beer Programming T-shirts
4. Re:So what the heck do I do? by e9th · 2004-03-29 10:44 · Score: 1
  
  If only I were that worthy of being targetted...
5. Re:So what the heck do I do? by tomstdenis · 2004-03-29 10:46 · Score: 1
  
  Step 1. Be generous and give something out.
  
  Step 2. Sit back and watch people flame you for no reason other than they wish they had a 1/100th of your talent.
  
  Step 3. Laugh all the way to the corner store where you will work the rest of your life living in a van down by the fucking river!
  
  --
  Someday, I'll have a real sig.
6. Re:So what the heck do I do? by mmusson · 2004-03-29 10:59 · Score: 1
  
  Try reading Practical Cryptography by Niels Ferguson and Bruce Schneier.
  
  Good security is much more about implementation than number theory. A good cypher is very hard to break. Will a smart attacker, attack the cypher which is very hard to break or some implementation mistake which is probably much easier to exploit?
  
  --
  SYS 49152
7. Re:So what the heck do I do? by Anthony · 2004-03-29 13:07 · Score: 1
  
  Tom I hope that isn't completely autobiographical. Part 1. and 2. are true. If part 3. is true, then you truly are "suffering for your art". Hang in there.
  
  --
  Slashdot: Where nerds gather to pool their ignorance
8. Re:So what the heck do I do? by tomstdenis · 2004-03-29 13:28 · Score: 1
  
  So far I don't have a van so that part of #3 doesn't look likely.
  
  As for "suffering for my art" I'd like to think I'm more humble than that. Sure I contributed stuff but it wasn't earth shattering can't live without. I helped a few people. That's what I was looking for [and maybe a job down the line].
  
  See I don't "work/think" like the average person. I can't live in the world where you basically have to lie to your customers because everyone else does it. This is how it started... nice warm day in the 1950s somewhere in the USA...
  
  Two competing lawn mower companies...
  
  Company A: Our mower gets 30 mins per gallon!
  Company B: So does ours now!
  Company A: Um, our mower cost 17$
  Company B: Ours is now 16.99$ with the mail in rebate!
  Company A: [aside] Holy crap batman we gotta outthink these people...
  
  Meanwhile in the evil lair of Company A HQ newly formed marketting department...
  
  Market Droid A: Well we have the same product so we have to distinguish ourselves or the "consumers" will mistakenly buy the equally capable Company B mower.... hmmm oh I know, Slap a "made in America" on the side.
  
  Market Peon A: Don't we import from Taiwan because of their slack child labour laws?
  
  [5 mins later....]
  
  Pogey Peon A: Damn, honesty sucks.
  
  [2 weeks later on channel 2 "cable"]
  
  NOW FROM COMPANY A!!! A genuine whole gourmet quality made in america 100% guaranteed multiple gear lawn mower. Yes, you will certainly impress the commie spy next door pushing around your own 250lbs "snapper" lawn mower! .... 54 years later....
  
  Now with AOL NetSpeed DSL Turbo you can download things upto 200 times faster [compared to the TCP pigeon...]. So drink young, have fun enjoy coke-cola while you look smart driving your 3,500 lbs land-yacht seal killer "sports utility vehicle" down to some latte sipping yuppy establishment.
  
  blah blah blah.
  
  Anyways moral of story is I'm Peon A. I don't "buy" marketting and because of that I also don't push it either. That makes me a hell of a liability for any company... and why? Because I believe in integrity, honesty and responsibility. It got me fired from my first job [cloakware], kept me from my second [entrust] and is the reason my only jobs now are for the AMC movie theaters and freelance software companies.
  
  Anyways point is I don't want to be all mellowdramatic. I'll plug along as best as I can. Doesn't mean it won't get me down once in a while though.
  
  Peace!
  
  --
  Someday, I'll have a real sig.
9. Re:So what the heck do I do? by CodeBuster · 2004-03-29 16:11 · Score: 1
  
  The answer is that you cannot trust anybody's crypto code. Remember that it is always worse than you think and THEY are out to get you.
Ain't kidding by Effugas · 2004-03-29 10:11 · Score: 2, Interesting

For what it's worth, LTC is a fantastically architected crypto library. The utter simplicity of what Tom puts together is disarming, compared to the utter horror that ships with (say) OpenSSL. Both Dropbear (a very small SSH server) and MatrixSSL (a very small SSL server) have been built on LTC.

Plus, you get a crypto lib with Makefile.gba. That's Gameboy Advance. Yup.

--Dan
Working on it... by Coryoth · 2004-03-29 10:17 · Score: 4, Informative

The second chapter covers the security architecture, which features such things as permission-based access, least privilege and isolation, mediation, and other expected elements. ... But three of the design goals represent the core philosophy of Gutmann's architecture: The separation of policy definition and enforcement mechanism, a verifiable design (practical vs. theoretical viability), and a flexible security policy.

It is worth noting that this is exactly what SELinux from the NSA was seeking to apply to Linux at a kernel level. The principle is to confine all user programs and system daemons to an absolute minimum required level of access. That is there is an access manager in the kernel that mediates requests. In turn, there is a policy manager (seperate from the access manager) that maintains policy. Effectively the access manager queries the policy manager and then applies whatever access decision the policy manager returns. This means buffer overflows don't get you anywhere - there is no root account with universal access to exploit!

The system is, in fact, even more flexible than that - seperate access managers exist for processes, filesystem access, and IPC (socket or System V), but the hooks are provided in a way that this is completely modular, and new access managers can be added/written for whatever else you want to control (database access for instance).

The point is, a very fine, well thought out, secure system for access conrol has already been implemented for Linux (and has been folded into the 2.6 kernel). People ought to be using it! If you're running a 2.6 kernel, see if you've got LSM compiled in, if not, do a recompile to include it. Example policies can be found here, and policy management tools (even GUI ones) can be found here. If you're serious about security, the you ought to to be using this stuff. If you're not serious about security, use it anyway and help make Linux as secure as we like to pretend it is.

Jedidiah.

--
Craft Beer Programming T-shirts
Ok, so is there a product industry can buy today? by Mengoxon · 2004-03-29 10:33 · Score: 0, Troll

There's no point in criticizing today's solutions if he cannot offer a competing product which can be bought and implemented today.

Most people in industry (who would presumably be the most interested target market for encryption) want a crypto solution which is safe against the neighbor competitor and does not have to be safe against NSA or CIA. They want to buy ready-made, easy-to-implement solutions at good price - he does not seem to offer one?
Other crypto resources by hey · 2004-03-29 10:36 · Score: 2, Interesting

Other crypto resources.
OK, I admit it I just wanted to use Google Sets for something.
1. Re:Other crypto resources by bhima · 2004-03-29 18:20 · Score: 1
  
  Well Done!
  It's been a while since I tinkered with sets!
  
  --
  Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
Well, now... by Kjella · 2004-03-29 10:43 · Score: 2, Insightful

Having not read this book, I don't know if the author addresses the issue, but one key potential weakness in many crypto systems is the math at the core of them.

Symmetric cryptography hardly suffers from any weakness in this area. Even an instant factorization or quantum computing would do little to change that.

Public cryptography on the other hand, must by definition rely on some mathematical relationship between the public and private key. Like e.g.multiplicationfactorization, but that is not the only option.

If some mathematician creates an easy way to factor large numbers (and they have been finding better and better ways to do this), then systems like RSA become vulnerable even if they use umpteen bits.

Not really. Say I have a trivial function like multiplication, which is theoretically O(1) (will take a little longer once you have a real bit-limited computer), while factorization is say O(N^2).

Now you invent a new O(N*ln N) factorization, or an O(N). Does it matter? Not really. You need a longer key, yes. But it's a finite improvement. Unless they can find a O(1) factorization, the system still works. And that, is very unlikely.

The only thing that has held promise of O(1) is quantum computers. But anything we've been able to make in a lab has about 10 qbits at most. I seriously doubt they can keep the quantum effects effective over the thousands of bits required.

Overall mathematics has hardly ever been the problem in any modern cryptosystem, there's literally dozens of them and I can't think of one remotely popular one that has been broken (except for CSS, but whoever designed and implemented that must have flunked out of any cryptography class...)

Kjella

--
Live today, because you never know what tomorrow brings
1. Re:Well, now... by The+Ego · 2004-03-29 17:52 · Score: 1
  
  Now you invent a new O(N*ln N) factorization, or an O(N). Does it matter? Not really. You need a longer key, yes. But it's a finite improvement. Unless they can find a O(1) factorization, the system still works. And that, is very unlikely.
  
  I don't quite have the time to refute this in depth, but this is completely wrong. Security of cyphers based on prime factorization depends on this operation being a very hard problem. A O(N) or O(N*ln N) (or even N^2 or N^p for smallish values of p) algorithm would make breaking those codes trivial for any practical key length. Remember that N is typically the size of the key, generally with an order of magnitude of a few thousands. We are not talking one-time pads here (where the key is at least as long as the data encoded, often longer since you want some padding to avoid leaking information).
  
  I would advise anyone in doubt to go (back?) and (re-?) read Applied Cryptography from Bruce Schneier. Warning: it's not a page-turner !
Re:Dear Gibson/Gutmann by spood · 2004-03-29 11:00 · Score: 1

Yet another case for the +1, Sacriligious mod.

--
---- Just another spud server.
The logical implication... by Anonymous Coward · 2004-03-29 11:05 · Score: 0

I just think I'm smarter than most /. idiots
... but not 'all'. That would seem to indicate that you are not smarter (as smart as, or even less smart) than some idiots. Tell us, Rain Man, how many toothpicks on the floor?
1. Re:The logical implication... by tomstdenis · 2004-03-29 11:13 · Score: 1
  
  Well let's venn this up. All /. posters are idiots. I'm smarter than most idiots.
  
  Therefore, I'm smarter than most /. posters.
  
  With me so far?
  
  So then if I'm smarter than most /. posters, chances are good your mother is a whore.
  
  --
  Someday, I'll have a real sig.
Re:Paean (yes it is funny) by CodeWheeney · 2004-03-29 11:15 · Score: 1

So "A paean in the ass" or "A [fervent expression of joy] in the ass" is indeed very different from "a pain in the ass."

Of course, the one could lead to the other.

--
C8H10N4O2 | Developer > Code
Crypto++ by Josh · 2004-03-29 11:36 · Score: 1

I don't believe that any software library is anything like a security architecture.

But when I looked around 2 years ago for the best crypto library to actually write code with, I settled on Wei Dai's Crypto++

http://www.eskimo.com/~weidai/cryptlib.html
Re:Good FUCKING Lord! by Jeremi · 2004-03-29 11:37 · Score: 2

GOD how I hate BUZZ WORDS and PHRASES like "security through obscurity", and the stupid people that use them.

Wow, you should really switch to decaf. If you get this worked up over a technical discussion, I can't imagine trying to discuss something controversial with you. I'd probably be beaten to death by your jerking knees.

That said, nobody ever said it was bad to have obscurity in the system, only that is was bad to rely on that obscurity to provide security. To use your example, it's okay that the protocol used in the microchip in your ID card isn't published on a web site somewhere -- as long as the act of publishing the protocol wouldn't make the chip insecure.

And yes, there are a lot of systems out there that DO rely on "security through obscurity". That does not make security through obscurity a good idea. (and yes, I am purposely repeating the phrase "security through obscurity", just to annoy you ;^))

--

I don't care if it's 90,000 hectares. That lake was not my doing.
Solving abstract problems? no one will see this ;) by asbestos_tophat · 2004-03-29 12:11 · Score: 1, Interesting

"One interesting technique to secure modules like the HiDan is to pour a hardening material (e.g. epoxy) into the chamber before sealing it shut."

Solving abstract problems with implemented ideas first??? Shame on you sir...

0.) post so late, no one will ever see this ;)
1.) Epoxy potting compounds are NOT SECURE and only add to design and calibration problems during manufacture. See 1980's...
2.) Hardware Data encryption? Only possible with embedded recursive encryption algorithms that are dependent on unique internal protected key registers.
3.) Embedded security? If you mean Harvard architecture that's immune to overflows will prevent a privileged User from doing something stupid... lol
4.) Hardware communication security? Any discriminating algorithm must have a probable solution. However, the most secure systems I've seen use high speed synchronized internal clock offsets (not possible for satellite comm. For obvious reasons) and polymorphic encryption modules that mutate when exchanged between two nodes.
5.) Wireless comm.? Antenna-load-sensitive auto-adapting scatter-band UHF SAW based comm.

Hardware and software will always be vulnerable. Any programmer can tell you that Users never do what they are expected to do. Any hardware designer can tell you people rarely know what they want, never alone what the consumer will actually need or tolerate
No it doesn't by Anonymous Coward · 2004-03-29 14:16 · Score: 1, Informative

Peter has permission/licensing rights for all the code contributed.

The fact some might also be available elsewhere under the GPL in irrelevant.
A logical fallacy... by Anonymous Coward · 2004-03-29 14:17 · Score: 0

Oh the pain... I'm still not sure if you are trying to be funny or are just a "fucktard" like all the other respondents seem to think you are...
You do see the logical fallacy in this "logical implication" right? Nope, I think not - so much for humour.
Being a moderately competent programmer who can follow a spec. is all very nice, but arrogant posing (complete with self-belittling errors) makes you seem nothing but a fool.
I do not respect false modesty, but false conceit engenders universal contempt.
Q.
1. Re:A logical fallacy... by tomstdenis · 2004-03-29 14:22 · Score: 1
  
  um gah?
  
  Maybe you're the one who doesn't understand the logical implication of it?
  
  Of which there is none. Point is your mother is whore.
  
  --
  Someday, I'll have a real sig.
Yes by Anonymous Coward · 2004-03-29 14:21 · Score: 0

Yes, you can buy this.

In fact looking the some of the users on the cryptlib list many very large multinationals do use it.
Re:Working on it... - if you are up to it by Anonymous Coward · 2004-03-29 17:08 · Score: 0

If you're not serious about security, use it anyway and help make Linux as secure as we like to pretend it is.

Add the condition: and are up to the problems related to it.

Imagine helping some newbie getting some "modprobe foo: access denied" errors; (s)tracing a problem might be a lot more complex, if distros ship "really-secure" by default.

Though I agree; it would be 'a good idea(tm)'.
Re:Working on it... - if you are up to it by Coryoth · 2004-03-29 17:31 · Score: 1

Well, that one is really down to the distributions, and what sort of security policy they ship with (presuming they were defaulting to having all this stuff on and working). I admit that the default NSA policy is not one you want to be throwing on an average desktop PC. Then again, it should be entirely possible to build appropriate policies. I hear Fedora Core 2 will be shipping with SELinux on by default, and a default policy set up, which makes good sense.

Put it this way, right now when you do a linux install many of the distributions ask a few questions along the lines of "Are you setting up a Server/Desktop/Workstation?" and "The level of security on this box should be Low/Medium/High/Paranoid?". All you have to do is have a few policies written, and install an appropriate policy according to how those questions were answered. Even a nice lenient SELinux policy will leave you much better off security wise than a relatively hardened standard box.

Jedidiah.

--
Craft Beer Programming T-shirts
Re:Paean (yes it is funny) by alex_tibbles · 2004-03-29 20:32 · Score: 1

For all of those moderators out there that are unaware, the above post is indeed funny.

No offence meant, but this made me chuckle. It's the star trek approach to humour: "the computer has analyzed your claim and detected a trace of sarcasm. this is entirely illogical. capt. kirk will now beat the sh*t out of you."
I'm not so sure that whether something is funny is something that research and analysis uncovers...

--
Posters recognized by their sig,