We already have this for net banking. My debit card has a chip on it (which is also used for stored value smart card stuff) and to authenticate to the banks website, I use a reader supplied by the bank.
These are really cool and I wish they were more widespread, because they don't need any special software or drivers on your PC.
Using basic public key signing, the bank now knows that it's me.
One quibble: it is probably not a signing algorithm (which is asymmetric-key) in the widget, but a pseudorandom function. A PRF has a secret key (which your bank also knows) inside it, and returns a fresh "random-looking" string for every different input, even though the function is actually deterministic. Even given lots of PRF values at several points of its choosing, an adversary shouldn't be able to compute the PRF value at an unseen point (better than by random guessing). It's really an amazing primitive.
PRFs are perfect for this kind of authentication because they can be computed quickly, need no on-line randomness, and fresh challenges yield fresh authenticators.
Well, not trivially, anyway. Rivest showed that given a signing algorithm you can use "chaffing and winnowing" to effectively encrypt and decrypt a data stream.
Yeah, but "chaffing and winnowing" doesn't result in a public-key cryptosystem; it's best used as a symmetric-key system.
Even using (public-key) signatures, C&W doesn't yield a public-key cryptosystem: the sender is the one with the secret key, and the receiver holds the public key. That's flip-flopped.
Furthermore, C&W has never been formally proven to yield a secure cryptosystem (and I doubt that such a proof even exists). The point of C&W is just that, in the symmetric-key setting at least, the line between "authentication" and "encryption" is a little blurry.
The confusion stems from the fact that the RSA family is pretty good for both encryption and signatures, though it is used in a different way for the two applications.
One other standardized signature is DSA, which is based on the hardness of computing discrete logs. The DSA algorithm itself is not the inverse of any secure encryption scheme. (It's worth noting that there are some encryption schemes based on discrete log; they're just not the inverse of DSA.)
Re:Comprehensive list of unsolved codes and cipher
on
Intro to Encryption
·
· Score: 4, Informative
If after reading the intro to encryption you are so inspired to try to crack one, I highly recommend this list...
The problem with challenges like "crack this uncracked cipher" is that the challenge is not realistic.
Most of these codes/ciphers give you no idea the process behind how they were generated. That's unrealistic: usually an analyst will have the algorithm that does the encryption (if not the key itself), either via open-source, reverse engineering of a public binary, legitimate purchase, or espionage.
Most of these challenges only give you a tiny piece of ciphertext. That's not realistic: if you're trying to break, say, SSL, you'll be able to get your hands on megabytes of transcripts, and you'll even be able to generate ciphertexts that correspond to plaintexts of your choice.
Most of these "ciphers" don't generalize to arbitrary messages. That's unrealistic. Sure, someone can design some ad-hoc cipher to encrypt the location of his buried treasure using landmarks, clever puns, and weird symbols. That's a far cry from being able to efficiently encrypt an arbitrary TCP/IP stream.
There are other glaring inaccuracies, e.g.: An increasingly important use for asymmetric encryption is digital signing. A digital signature is the reverse of public key encryption.
This is sort-of true if you're talking about plain-vanilla RSA signatures (though even here, it's only about half-right). But in general, digital signatures have nothing to do with encryption. An encryption scheme does not always yield a useful signature scheme, nor vice-versa.
I thought about that too. But maybe they're encrypted not to protect them from being read but to protect them from being changed.
Encryption is the wrong tool for that job, which is why I said that this finding shows that Diebold has no clue about security design.
Encryption gives you no guarantees about whether data has been changed or not. That is what authentication is for. Diebold used a CRC for "authentication," which is trivial to forge (this was pointed out later on the slide in question).
Diebold was using NIST's Data Encryption Standard (DES) to encrypt votes and audit logs. DES was developed in 1976 was proven breakable by a "brute force" system in 1998. NIST proposed revoking DES's certification last July and recommends AES or at least 3DES.
Of all the things to critique about Diebold's machines, this isn't one of them.
In fact, there's absolutely no reasons why votes and audit logs need to be encrypted at all -- they aren't supposed to be secret!
Of course, this illuminates the fact that Diebold has no clue how to do proper security design. But that's got nothing to do with using DES vs. 3DES/AES.
Gee, almost sounds like a libertarian, right? Then you read stuff like this rant.
This "rant" makes the important distinction between (a) forcing states not to recognize gay marriage [as the proposed Constitutional amendment would do], and (b) allowing states not to recognize other states' gay marriages [as the Defense of Marriage Act does].
Paul's elected office is a federal one. He consistently votes to restrain the power of the federal government (where he actually has a say), leaving as much power as possible to the States and the People -- as the 9th and 10th Amendments require.
A "cultural conservative" can mean a lot of things to a lot of people, but I would posit that a true culteral conservative would be against federal intrusions into local or personal matters. So Paul's votes in both (a) and (b) above make sense and are consistent.
(PS: Probably a lot of "cultural conservatives" are extremely hawkish in the idiotic drug war, but not Paul.)
Siblings of my initial comment contain some good links pointing out all the candidates, in which states they are on the ballot, etc.
Re:Do you -know- how many candidates there are?
on
Real Presidential Debates
·
· Score: 5, Informative
Hell, I want full presidential debates. Every single candidate.
I know you're joking, but there is an easy answer to this: anybody who is on enough state ballots to have a mathematical chance of winning a majority under the Electoral College should be invited.
How many candidates would that include? Get ready for it...: 6. Including Bush and Kerry. That's half as many as some of the debates during primaries. It's entirely feasible.
My God, these stats are completely and utterly bat-guano bogus. Why? They assume that everyone would continue to earn exactly what they are currently earning, even though they know they'd have it all taken away!
This doesn't even remotely come close to making a shred of sense. Imagine you're an investment banker on Wall Street. You pull in $200-300K per year, but only because you bust your tail 80+ hours per week. Now the Greens step in, and tell you that you can keep at most $150K (actually much less, because that $150K is also being taxed at a very high rate as well). Suddenly that overtime isn't looking so good, is it? In fact, it looks a bit like the choice between leisure and slavery. Tough call.
Of course, its not very informative, but it will at least lead you to think about hackers as a concern for e-voting.
Hackers aren't the real concern for e-voting. Partisan election officials and machine manufacturers are. So in a way, this Dave Barry article both introduces a real concern, and at the same time disposes of it by implying that it's far-fetched.
But I think you're very right about comedy being a good way to point out important issues -- for example, The Daily Show is probably one of the best news sources out there.
Remeber, you don't have a right to complain if you don't participate in the democratic process.
He's right, you know. It says so right in the 1st Amendment: "Congress shall make no law... abridging the freedom of speech... [or] to petition the Government for a redress of grievances (unless one does not vote, in which case one has no right to complain)."
The theoretical reason why the reverse engg. was inevitable is the impossibility of obfuscating programs.
You're overselling the paper you cite. It says nothing affirmative about reverse engineering, nor does it disprove the existence of an obfuscated program. It does prove that there is no universal obfuscator, i.e. one which can obfuscate any program successfully. But it very well may be that there are some programs which can be obfuscated. And it may be that among other "unobfuscatable" programs, the code doesn't give any "useful" information. Personally I don't believe this, but it has yet to be proven.
But what I dont get is this still doesn't allow somebody to arbitrarily pick whatever sum they want for their code right? I mean still the chances of somebody writing some trojan'd program and magically somehow getting the sum's to match is extreemly small and/or really computationally expensive.
Right. The breaks that were announced of the variety: "Here are two totally contrived documents that hash to the same value (which I can't control)." The attack does not allow someone to "hit" a desired hash value. So for the use you described, MD5 is still OK (so far).
A good cryptographer does not give out free clues.
The point is, your adversary is going to get plaintext/ciphertext pairs, whether you give them out for free or not -- maybe he knows what your ciphertext means because he can see some side-effect in the real world (e.g., a stock sale), or he's got a DVD player that does decryption for him, or whatever.
So your crypto had better be secure even if the adversary has lots of pairs. It's dumb to depend on the "fact" that he won't.
Hi, this is MIT calling. Uh, we've decided to reconsider your eligibility for our Ph.D. program.
I'm in theory, where you live in math-world, computers don't crash, and you can't get hurt from touching a Turing machine -- in fact, the above story is probably some kind of credential...
running with the case off, and suddenly wondered... "I wonder how hot these things are?" Touched it with the tip of my finger - and immediately realized how hot a CPU can get.
I had seen in my BIOS that the CPU was running at about 65 degrees, with an auto-shutoff at 90... "and if the heatsink's on wrong, it won't get much hotter if it's off altogether, right..?? And, worst case, an upper limit of 90 doesn't sound too dangerous..."
In retrospect, one can see the flaws in that reasoning as easily as one can see the reversed burned-in AMD serial number in one's fingertip. Also, those measurements are in Celcius. Damn metric system.
Slashdot Mirror
We already have this for net banking. My debit card has a chip on it (which is also used for stored value smart card stuff) and to authenticate to the banks website, I use a reader supplied by the bank.
These are really cool and I wish they were more widespread, because they don't need any special software or drivers on your PC.
Using basic public key signing, the bank now knows that it's me.
One quibble: it is probably not a signing algorithm (which is asymmetric-key) in the widget, but a pseudorandom function. A PRF has a secret key (which your bank also knows) inside it, and returns a fresh "random-looking" string for every different input, even though the function is actually deterministic. Even given lots of PRF values at several points of its choosing, an adversary shouldn't be able to compute the PRF value at an unseen point (better than by random guessing). It's really an amazing primitive.
PRFs are perfect for this kind of authentication because they can be computed quickly, need no on-line randomness, and fresh challenges yield fresh authenticators.
Well, not trivially, anyway. Rivest showed that given a signing algorithm you can use "chaffing and winnowing" to effectively encrypt and decrypt a data stream.
Yeah, but "chaffing and winnowing" doesn't result in a public-key cryptosystem; it's best used as a symmetric-key system.
Even using (public-key) signatures, C&W doesn't yield a public-key cryptosystem: the sender is the one with the secret key, and the receiver holds the public key. That's flip-flopped.
Furthermore, C&W has never been formally proven to yield a secure cryptosystem (and I doubt that such a proof even exists). The point of C&W is just that, in the symmetric-key setting at least, the line between "authentication" and "encryption" is a little blurry.
The confusion stems from the fact that the RSA family is pretty good for both encryption and signatures, though it is used in a different way for the two applications.
One other standardized signature is DSA, which is based on the hardness of computing discrete logs. The DSA algorithm itself is not the inverse of any secure encryption scheme. (It's worth noting that there are some encryption schemes based on discrete log; they're just not the inverse of DSA.)
If after reading the intro to encryption you are so inspired to try to crack one, I highly recommend this list...
The problem with challenges like "crack this uncracked cipher" is that the challenge is not realistic.
Most of these codes/ciphers give you no idea the process behind how they were generated. That's unrealistic: usually an analyst will have the algorithm that does the encryption (if not the key itself), either via open-source, reverse engineering of a public binary, legitimate purchase, or espionage.
Most of these challenges only give you a tiny piece of ciphertext. That's not realistic: if you're trying to break, say, SSL, you'll be able to get your hands on megabytes of transcripts, and you'll even be able to generate ciphertexts that correspond to plaintexts of your choice.
Most of these "ciphers" don't generalize to arbitrary messages. That's unrealistic. Sure, someone can design some ad-hoc cipher to encrypt the location of his buried treasure using landmarks, clever puns, and weird symbols. That's a far cry from being able to efficiently encrypt an arbitrary TCP/IP stream.
You're right.
There are other glaring inaccuracies, e.g.: An increasingly important use for asymmetric encryption is digital signing. A digital signature is the reverse of public key encryption.
This is sort-of true if you're talking about plain-vanilla RSA signatures (though even here, it's only about half-right). But in general, digital signatures have nothing to do with encryption. An encryption scheme does not always yield a useful signature scheme, nor vice-versa.
The montage in which Bob Parr works out at the train yard is definitely a shout-out to "Rocky."
Rocky pulls a big load of logs up a snowy hill; Bob pulls a train car along the track.
Rocky does flies on his back with ropes and pulleys to lift logs; Bob does flies on his back with chains to lift train cars.
I thought about that too. But maybe they're encrypted not to protect them from being read but to protect them from being changed.
Encryption is the wrong tool for that job, which is why I said that this finding shows that Diebold has no clue about security design.
Encryption gives you no guarantees about whether data has been changed or not. That is what authentication is for. Diebold used a CRC for "authentication," which is trivial to forge (this was pointed out later on the slide in question).
Diebold was using NIST's Data Encryption Standard (DES) to encrypt votes and audit logs. DES was developed in 1976 was proven breakable by a "brute force" system in 1998. NIST proposed revoking DES's certification last July and recommends AES or at least 3DES.
Of all the things to critique about Diebold's machines, this isn't one of them.
In fact, there's absolutely no reasons why votes and audit logs need to be encrypted at all -- they aren't supposed to be secret!
Of course, this illuminates the fact that Diebold has no clue how to do proper security design. But that's got nothing to do with using DES vs. 3DES/AES.
Gee, almost sounds like a libertarian, right? Then you read stuff like this rant.
This "rant" makes the important distinction between (a) forcing states not to recognize gay marriage [as the proposed Constitutional amendment would do], and (b) allowing states not to recognize other states' gay marriages [as the Defense of Marriage Act does].
Paul's elected office is a federal one. He consistently votes to restrain the power of the federal government (where he actually has a say), leaving as much power as possible to the States and the People -- as the 9th and 10th Amendments require.
A "cultural conservative" can mean a lot of things to a lot of people, but I would posit that a true culteral conservative would be against federal intrusions into local or personal matters. So Paul's votes in both (a) and (b) above make sense and are consistent.
(PS: Probably a lot of "cultural conservatives" are extremely hawkish in the idiotic drug war, but not Paul.)
Spyware by its nature already is illegal in many jurisdictions.
Then we don't need a new, (over-)broad federal law to prevent it.
Some "installers" are really just browser exploits.
Ditto.
Lastly, Ron Paul is richer than you and me and can easily pay someone to clean out his PC every so often.
Spybot Search & Destroy (and other spyware-removal software) costs nothing. A 10-second google search of "spyware" will tell you about it.
This is an unnecessary law to clumsily address a problem to which there are many good technical solutions.
What's strange, is the cats outcomes has been reflective of the state of their namesakes.
My cat's name is Qusay.
From the moment I named her, she started running my household like a brutal dictatorship.
It's uncanny.
Siblings of my initial comment contain some good links pointing out all the candidates, in which states they are on the ballot, etc.
Hell, I want full presidential debates. Every single candidate.
I know you're joking, but there is an easy answer to this: anybody who is on enough state ballots to have a mathematical chance of winning a majority under the Electoral College should be invited.
How many candidates would that include? Get ready for it...: 6. Including Bush and Kerry. That's half as many as some of the debates during primaries. It's entirely feasible.
My God, these stats are completely and utterly bat-guano bogus. Why? They assume that everyone would continue to earn exactly what they are currently earning, even though they know they'd have it all taken away!
This doesn't even remotely come close to making a shred of sense. Imagine you're an investment banker on Wall Street. You pull in $200-300K per year, but only because you bust your tail 80+ hours per week. Now the Greens step in, and tell you that you can keep at most $150K (actually much less, because that $150K is also being taxed at a very high rate as well). Suddenly that overtime isn't looking so good, is it? In fact, it looks a bit like the choice between leisure and slavery. Tough call.
The Green Party isn't left leaning. They are free enterprise until it hurts somebody else.
This must be why they advocate a 100% tax on income over 10 times the minimum wage (i.e., about $160K / year). Sounds like "free enterprise" to me!
Of course, its not very informative, but it will at least lead you to think about hackers as a concern for e-voting.
Hackers aren't the real concern for e-voting. Partisan election officials and machine manufacturers are. So in a way, this Dave Barry article both introduces a real concern, and at the same time disposes of it by implying that it's far-fetched.
But I think you're very right about comedy being a good way to point out important issues -- for example, The Daily Show is probably one of the best news sources out there.
As somebody who almost always votes Libertarian...
What needs to be done is polls need to be eliminated. All polls. They need to be made illegal.
Better take another pass over your Libertarian handbook. Start with index entries "Force, Initiation of" and "Government, Big."
Remeber, you don't have a right to complain if you don't participate in the democratic process.
... [or] to petition the Government for a redress of grievances (unless one does not vote, in which case one has no right to complain)."
He's right, you know. It says so right in the 1st Amendment: "Congress shall make no law... abridging the freedom of speech
The theoretical reason why the reverse engg. was inevitable is the impossibility of obfuscating programs.
You're overselling the paper you cite. It says nothing affirmative about reverse engineering, nor does it disprove the existence of an obfuscated program. It does prove that there is no universal obfuscator, i.e. one which can obfuscate any program successfully. But it very well may be that there are some programs which can be obfuscated. And it may be that among other "unobfuscatable" programs, the code doesn't give any "useful" information. Personally I don't believe this, but it has yet to be proven.
Not to worry; the cookbook's title is "How to Cook for 40 Humans."
But what I dont get is this still doesn't allow somebody to arbitrarily pick whatever sum they want for their code right? I mean still the chances of somebody writing some trojan'd program and magically somehow getting the sum's to match is extreemly small and/or really computationally expensive.
Right. The breaks that were announced of the variety: "Here are two totally contrived documents that hash to the same value (which I can't control)." The attack does not allow someone to "hit" a desired hash value. So for the use you described, MD5 is still OK (so far).
A good cryptographer does not give out free clues.
The point is, your adversary is going to get plaintext/ciphertext pairs, whether you give them out for free or not -- maybe he knows what your ciphertext means because he can see some side-effect in the real world (e.g., a stock sale), or he's got a DVD player that does decryption for him, or whatever.
So your crypto had better be secure even if the adversary has lots of pairs. It's dumb to depend on the "fact" that he won't.
Hi, this is MIT calling. Uh, we've decided to reconsider your eligibility for our Ph.D. program.
I'm in theory, where you live in math-world, computers don't crash, and you can't get hurt from touching a Turing machine -- in fact, the above story is probably some kind of credential...
running with the case off, and suddenly wondered ... "I wonder how hot these things are?" Touched it with the tip of my finger - and immediately realized how hot a CPU can get.
I had seen in my BIOS that the CPU was running at about 65 degrees, with an auto-shutoff at 90... "and if the heatsink's on wrong, it won't get much hotter if it's off altogether, right..?? And, worst case, an upper limit of 90 doesn't sound too dangerous..."
In retrospect, one can see the flaws in that reasoning as easily as one can see the reversed burned-in AMD serial number in one's fingertip. Also, those measurements are in Celcius. Damn metric system.
So, it's probably a good thing you're in Comp. Sci. theory instead of engineering, eh?
That was my conclusion as well.