"...I know companies like Sun and IBM have come around..."
They have? IBM say the right things (e.g. we're spending a billion on Linux, stenciling little Tux's everywhere etc), but are they really embracing the "open" mentality?
Is that why use North Americans can use 128-bit encryption, but only allowed to export 56-bit? I would have thought they'd have just told everybody to use 56-bit.
This information is out of date - companies can now export 128-bit encryption to non-embargoed countries (see for example here).
"it seems like the obvious next step for the the entertainment factories to lobby for would be a ban on all encrypted traffic for which no key is in escrow for easy policing."
Hang on: The NSA, FBI, CIA, DEA etc etc have lobbied congress for over a decade or so to try and get un-escrowed crypto banned and have failed miserably in all attempts. I'd recommend the excellent book Privacy on the Line by Diffie and Landau for a complete review of the history of escrow in America.
They also lobbied ANSI to get Clipper escrowed technology implemented in banking systems in place of triple-DES but failed miserably.
If the very influencial LEA and Intel agencies failed to convince the US legislature / ANSI using the Four Horsemen argument (e.g. that nuclear terrorists, child pornographers, money launderers, and drug dealers, would flourish if crypto remained freely available) then what makes you think RIAA / MPAA can succeed by persuading congress with the argument that the latest movies are being copied illegaly?
Kind of true: you can't universally compress random data using a single program, but this doesn't mean you can't compress a single instance of random data.
This competition is kind of "balanced" because:
The contestant can attempt and mount any number of different types of compression - all he has to do is find one instance that meets the requirements of the challenge.
The challenge owner can choose a file of the specified length that is "strong" against compression: Test the data with tools such as Diehard and Ent - if the file doesn't seem "strong enough" then create a new one.
Given a sufficiently large file (a couple of Gb would probably do) then I think virtually any file could be compressed with a specially crafted compressor and decompressor. Given a 2Gb file, you only need to achieve.0001% compression to have 2147 bytes to write the decompressor.
It's interesting to note that NAI have been involved for months with the project - see an NSA Press Release from January here.
An interesting techy overview is available from IBM here.
I'm a serious NSA-paranoid (in 98 I wrote the rhyme: "Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know."), but I for one think that NSA 'hardened' Linux is a VERY
good thing....Don't forget that, as well as being dirty spying bastards ,
the NSA (and the rest of the USG) are the largest consumers of secure
computing.
At the moment they pay through the nose for 'hardened' versions of AIX,
Solaris, HP-UX etc. They see that Linux is a 'free' alternative and would
like to cut costs. They see that Linux isn't secure enough (e.g. would
struggle to get c2 rating, let along B*), so they decide to start coding
themselves, adding functionality such as MAC.
Rather than keep the changes themselves, the NSA decide to share the source
code back with the community - this really embraces the Free Software /
Linux philosophy. Any code released will be scrutinized no end - a peer
review of the initial code for example uncovered a potential buffer overflow
vulnerability.
I appreciate that my comments may not be popular with the ultra-paranoid,
but if you can objectively view the facts this development really is a good
thing for Linux. Hell, if you don't want to use the changes, then don't
apply the diffs.
The bottom line: I strongly support NAI in their efforts to further develop
Linux.
3) Keep up-to-date software. Remember the pgp 6.5.1 problem ? (I don't know if I have the right version, but it was something to do with not generating sufficient random numbers - although someone will probably correct me)
Not sure what you're refering to. "Recent" bugs in PGP include:
PGP 5.0 for Linux bug (random number generation seriously flawed. GnuPG users were not susceptible.
The recent OpenPGP implementation flaws in private key storage. Write-up here. GnuPG users were susceptible.
ADK packet in public keys not signed bug. Effects 5.5.x to 6.5.3 and allows an adversary to add an ADK to an arbitrary key. See write-up here. GnuPG users were not susceptible.
The NSA (probably!) aren't specifically interested in you. They aren't going to break into your house to install bugs, or monitor your screen from a block away. They will however collect all of your messages sent over public networks.
PGP protects you from one form of monitoring - Echelon or other passive network sniffing. When your messages are captured by this global monitoring system, along with millions of other messages a day, the NSA can possibly decide to try and decode your message.
The most significant threat to PGP comes from user sloppiness. It is far easier to install a keylogger on your computer, install a trojan version of PGP, or bruteforce your passphrase than to break any of the cryptographic mechanisms employed by PGP.
If you are seriously worried about Intelligence Agencies actively monitoring you, then the last thing you should be worried about is them cryptographically attacking your PGP crypto implementation!
I'm currently working on a new version, and the ToDo list is here.
In the UK a pitiful number of users have broadband access. The lucky ones get 512kb/s async access. The rest are stuck with modem access that's supposed to give 56kb/s but often provides just 33.6.
Essentially, we have two offerings (though you have to be lucky to get either!):
ADSL. Offered by our single, monopolistic telephone provider. Available in tiny amounts of the country.
Cable. A better, and cheaper offering, but still only async. 512kb/s. Availability is limited to large towns.
The Register had a good story on how the uk and europe trailed the US and Canada.....
I'm connected to Cable via NTL and am very happy. Sure, the 2mb/s link at work is nice - but 512kb/s is plenty for SSH;)
Doh, I was halfway through writing my own review!
on
Crypto
·
· Score: 4
I guess I'll drop that idea now;) Anyway, I think the reviewers missed out on a couple of things I found most interesting:
Prof Donald Knuth (of Art of Computer programming fame) suggested to Diffie that a possible one way function was factoring, but Diffie and Hellman didn't pursue this strategy and it was independently discovered by Rivest, Shamir and Alderman.
Prof Larry Hoffman was presented with Merkle's paper containing the first ever public realisation of a Public Key system, but couldn't understand the maths involved, so ignored it!
Ericsson turned down the offer to buy ownership of RSA.
If you haven't got this book, and you're interested in crypto then I'd highly recommend it. It mentions the contributions of virtually every well known personality involved with modern cryptography: Tuchman, Horst Feistel, Coppersmith, Rivest, Diffie, Hellman, Chaum, Meyer, Gilmore, Schnorr, Eli Biham, Bruce Schneier, Jeff Schiller, Adam Back, Daniel Bernstein, Matt Blaze, Dorothy Denning, PRZ etc etc etc
I've read most decent crypto books, and Crypto is like a more up to date version of The Code by David Kahn...Coverage on the NSA follows neatly on from Bamfords The Puzzle Palace.
What's to stop some bastard group of lawyers employing a consultant in another country to review what's being swapped on the network and reporting this back to previously mentioned bastard lawyers?
Surely this evidence could then be submitted in the US?
Just read on the cryptography@c2.net mailing list that the Fressh package has a security hole - when a/dev/urandom is not present the code falls back to an awful 'random number generator'.
See the message original message below:
Date: Wed, 14 Feb 2001 14:29:00 +0000
From: Charles M. Hannum
To: cryptography@c2.net
Subject: Bad PRNGs revisted in FreSSH
The newly announced FreSSH, when there is no/dev/urandom available,
uses a `fallback' to seed its PRNG that consists of:
[Fucking code snipped coz Slashdot filter no longer accepts C source code because it detects 'junk characters' - WTF!?!?!]
I don't think I need to tell people on this list why that's absolutely
horrible; I'm just pointing out that code is still released today with
crap like this. I would have thought we'd learned this lesson years
ago with the AFS, krb4, Netscape, et al vulnerabilities.
From the site "Build and Launch a Satellite For Less than a Sport Utility Vehicle!". Well, I think I'd rather launch a Utility Vehicle into space, if it's all the same with you!
I think I'll get one of these little satellite things in space, as long as I can control its attitude and velocity - then I'm gonna take pot shots at NSA satellites;)
'I chose -- once again -- IBM's Netfinity 5100 server. This one is a dual CPU system with PentiumIII 900-MHz processors and 768 GBs of RAM. The disks are under a RAID controller, letting the five 18.2-GB disks be visible under RAID5.'
Why isn't there a Redhat/BSD release, or a Debian/BSD release, or a Suse/B....Anyway, you get the idea...There are releases using the Linux kernel (DUH!), and releases using the Hurd kernel, so why don't I see distributions using the Open/Free/Net/Whatever BSD releases as the kernels in distributions?
IMHO, it's a shame....Although Linux 2.4.x seems to be a vast improvement over 2.2.x and is claimed to be more scalable than BSD, I like the security ethos that seems to go with the BSD projects....
I guess the question is: Is there a real reason that BSD isn't offered as a kernel choice?
Slashdot Mirror
It's always been Linux / GNU / OSS advocates frothing at the mouth complaining about Microsoft licensing etc.
Now it's MS exec's frothing at the mouth about the GPL.
"...I know companies like Sun and IBM have come around..."
They have? IBM say the right things (e.g. we're spending a billion on Linux, stenciling little Tux's everywhere etc), but are they really embracing the "open" mentality?
Have a look at the latest Kernel Traffic, item number 7 IBM Lumbering near open source.
Does that sound like a company that has come around to you?
Rather than using Kylix / Delphi, consider the Free Pascal based Lazarus project.
Currently Linux appears to be the main development platform, but the front page mentions WIN32 builds.
For god sake Jim, I DON'T HAVE THE POWER!
Considering that the European Community is very suspicious of the so-called Epsilon system spying on its businesses...
BTW, it's Echelon not Epsilon.
Is that why use North Americans can use 128-bit encryption, but only allowed to export 56-bit? I would have thought they'd have just told everybody to use 56-bit.
This information is out of date - companies can now export 128-bit encryption to non-embargoed countries (see for example here).
"it seems like the obvious next step for the the entertainment factories to lobby for would be a ban on all encrypted traffic for which no key is in escrow for easy policing."
Hang on: The NSA, FBI, CIA, DEA etc etc have lobbied congress for over a decade or so to try and get un-escrowed crypto banned and have failed miserably in all attempts. I'd recommend the excellent book Privacy on the Line by Diffie and Landau for a complete review of the history of escrow in America.
They also lobbied ANSI to get Clipper escrowed technology implemented in banking systems in place of triple-DES but failed miserably.
If the very influencial LEA and Intel agencies failed to convince the US legislature / ANSI using the Four Horsemen argument (e.g. that nuclear terrorists, child pornographers, money launderers, and drug dealers, would flourish if crypto remained freely available) then what makes you think RIAA / MPAA can succeed by persuading congress with the argument that the latest movies are being copied illegaly?
Suddenly my permanent .sig is on-topic ;)
Kind of true: you can't universally compress random data using a single program, but this doesn't mean you can't compress a single instance of random data.
This competition is kind of "balanced" because:
Given a sufficiently large file (a couple of Gb would probably do) then I think virtually any file could be compressed with a specially crafted compressor and decompressor. Given a 2Gb file, you only need to achieve .0001% compression to have 2147 bytes to write the decompressor.
As stated in my story, a copy of the paper is at: http://cryptome.org/sdmi-attack.htm
Happy mirroring :)
I'd install this version in a flash, but I understand there is still no ReiserFS as an install option :(
And "no" - I'm not bright enough to install with ext2 and convert! ;)
It's interesting to note that NAI have been involved for months with the project - see an NSA Press Release from January here.
An interesting techy overview is available from IBM here. I'm a serious NSA-paranoid (in 98 I wrote the rhyme: "Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know."), but I for one think that NSA 'hardened' Linux is a VERY good thing....Don't forget that, as well as being dirty spying bastards , the NSA (and the rest of the USG) are the largest consumers of secure computing.
At the moment they pay through the nose for 'hardened' versions of AIX, Solaris, HP-UX etc. They see that Linux is a 'free' alternative and would like to cut costs. They see that Linux isn't secure enough (e.g. would struggle to get c2 rating, let along B*), so they decide to start coding themselves, adding functionality such as MAC.
Rather than keep the changes themselves, the NSA decide to share the source code back with the community - this really embraces the Free Software / Linux philosophy. Any code released will be scrutinized no end - a peer review of the initial code for example uncovered a potential buffer overflow vulnerability.
I appreciate that my comments may not be popular with the ultra-paranoid, but if you can objectively view the facts this development really is a good thing for Linux. Hell, if you don't want to use the changes, then don't apply the diffs.
The bottom line: I strongly support NAI in their efforts to further develop Linux.
Hey - I'm involved with Scramdisk - I'm not going to help you ;)))
3) Keep up-to-date software. Remember the pgp 6.5.1 problem ? (I don't know if I have the right version, but it was something to do with not generating sufficient random numbers - although someone will probably correct me)
Not sure what you're refering to. "Recent" bugs in PGP include:
Hope this helps?
Interesting story - you may like to look at my PGP DH vs PGP RSA FAQ.
To quote the FAQ:
8.2. Get the threat in perspective!
The NSA (probably!) aren't specifically interested in you. They aren't going to break into your house to install bugs, or monitor your screen from a block away. They will however collect all of your messages sent over public networks.
PGP protects you from one form of monitoring - Echelon or other passive network sniffing. When your messages are captured by this global monitoring system, along with millions of other messages a day, the NSA can possibly decide to try and decode your message.
The most significant threat to PGP comes from user sloppiness. It is far easier to install a keylogger on your computer, install a trojan version of PGP, or bruteforce your passphrase than to break any of the cryptographic mechanisms employed by PGP.
If you are seriously worried about Intelligence Agencies actively monitoring you, then the last thing you should be worried about is them cryptographically attacking your PGP crypto implementation!
I'm currently working on a new version, and the ToDo list is here.
In the UK a pitiful number of users have broadband access. The lucky ones get 512kb/s async access. The rest are stuck with modem access that's supposed to give 56kb/s but often provides just 33.6.
Essentially, we have two offerings (though you have to be lucky to get either!):
The Register had a good story on how the uk and europe trailed the US and Canada.....
I'm connected to Cable via NTL and am very happy. Sure, the 2mb/s link at work is nice - but 512kb/s is plenty for SSH ;)
(JOKE!): How can you sleep at night? ;)
I guess I'll drop that idea now ;) Anyway, I think the reviewers missed out on a couple of things I found most interesting:
If you haven't got this book, and you're interested in crypto then I'd highly recommend it. It mentions the contributions of virtually every well known personality involved with modern cryptography: Tuchman, Horst Feistel, Coppersmith, Rivest, Diffie, Hellman, Chaum, Meyer, Gilmore, Schnorr, Eli Biham, Bruce Schneier, Jeff Schiller, Adam Back, Daniel Bernstein, Matt Blaze, Dorothy Denning, PRZ etc etc etc
I've read most decent crypto books, and Crypto is like a more up to date version of The Code by David Kahn...Coverage on the NSA follows neatly on from Bamfords The Puzzle Palace.
What's to stop some bastard group of lawyers employing a consultant in another country to review what's being swapped on the network and reporting this back to previously mentioned bastard lawyers?
Surely this evidence could then be submitted in the US?
See the message original message below:
Date: Wed, 14 Feb 2001 14:29:00 +0000
From: Charles M. Hannum
To: cryptography@c2.net
Subject: Bad PRNGs revisted in FreSSH
The newly announced FreSSH, when there is no
uses a `fallback' to seed its PRNG that consists of:
[Fucking code snipped coz Slashdot filter no longer accepts C source code because it detects 'junk characters' - WTF!?!?!]
I don't think I need to tell people on this list why that's absolutely
horrible; I'm just pointing out that code is still released today with
crap like this. I would have thought we'd learned this lesson years
ago with the AFS, krb4, Netscape, et al vulnerabilities.
From the site "Build and Launch a Satellite For Less than a Sport Utility Vehicle!". Well, I think I'd rather launch a Utility Vehicle into space, if it's all the same with you!
I think I'll get one of these little satellite things in space, as long as I can control its attitude and velocity - then I'm gonna take pot shots at NSA satellites ;)
"Useful, fast-loading website replaced with nested-tables monstrosity, story at 11."
You're just upset because Konqueror /Mozilla can't render it correctly? ;))))
Interesting: The head of the CIA complaining to the US Senate about foreign nationals using crypto.....
Does he really expect the Senate to be able to prevent terrorists in another country from being able to use crypto?
How? Ban exports from the US? {Sarcasm!}Yeah, that worked so well in the decade....{/Sarcasm!}
Or maybe this is just a concerted effort by US Intel & Law enforcement agencies to re-assert some authority in a new administration?
WTF do I care, I live in the far more oppresive UK.....
From the article:
'I chose -- once again -- IBM's Netfinity 5100 server. This one is a dual CPU system with PentiumIII 900-MHz processors and 768 GBs of RAM. The disks are under a RAID controller, letting the five 18.2-GB disks be visible under RAID5.'
Damn. Makes my half a gig of RAM look very sad :)
[Good interview BTW - very informitive!]
Why isn't there a Redhat/BSD release, or a Debian/BSD release, or a Suse/B....Anyway, you get the idea...There are releases using the Linux kernel (DUH!), and releases using the Hurd kernel, so why don't I see distributions using the Open/Free/Net/Whatever BSD releases as the kernels in distributions?
IMHO, it's a shame....Although Linux 2.4.x seems to be a vast improvement over 2.2.x and is claimed to be more scalable than BSD, I like the security ethos that seems to go with the BSD projects....
I guess the question is: Is there a real reason that BSD isn't offered as a kernel choice?
From http://www.catalog.com/hopkins/unix-haters/handboo k.html:
"With Forward by Donald Norman, Apple Computer".
The same people that use a UNIX variant in their new OS....Now that is irony ;)