From NHXIUDSIPNHIJ at yahoo.com Sat Oct 1 07:16:57 2005 From: NHXIUDSIPNHIJ at yahoo.com (Morgan Aragon) Date: Sat, 01 Oct 2005 07:16:57 -0700 Subject: Double Your Penis Size VTTe1J Message-ID: <13361969.986NHXIUDSIPNHIJ@yahoo.com> The Only Clinically Tested Penis Enlargement Pills that works.. - add 1-4 inches to your peniis - 20% thicker - 5x more enjoyable orgasm - or your monneyy back without question ask! Join millions of delighted users which has been benefited with Maxxlength3. http://maxx14.powersize.biz juA From dave at farber.net Sat Oct 1 05:46:00 2005 From: dave at farber.net (David Farber) Date: Sat, 1 Oct 2005 08:46:00 -0400 Subject: [IP] Wireless access for all? Google plan would offer free Internet Message-ID: throughout SF X-Mailer: Apple Mail (2.734) Reply-To: dave at farber.net Begin forwarded message: From rah at shipwright.com Sat Oct 1 06:04:42 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Sat, 1 Oct 2005 09:04:42 -0400 Subject: [dave@farber.net: [IP] Wireless access for all? Google plan would offer free Internet throughout SF] In-Reply-To: <20051001125849.GI2249@leitl.org> References: <20051001125849.GI2249@leitl.org> Message-ID: At 2:58 PM +0200 10/1/05, Eugen Leitl wrote: >But will they block Tor? >Google plan would offer free Internet throughout SF More to the point, is it finally time to short Google? ;-) Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From kelsey.j at ix.netcom.com Sat Oct 1 07:01:51 2005 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Sat, 1 Oct 2005 10:01:51 -0400 (GMT-04:00) Subject: [arrakistor@gmail.com: Wikipedia & Tor] Message-ID: <6884756.1128175312142.JavaMail.root@elwamui-norfolk.atl.sa.earthlink.net> >Damn good point. Now that I think of it, all the classic examples of >"anonymous" publication were really pseudonymous. (Publius, et al) They have different requirements. Votes and cash transactions and similar things require no history, no reputation. They're one-shot actions that should not be linkable to other actions. Pseudonyms are used everywhere in practice, because even my name is effectively a pseudonym unless you have some reason to try to link it to a meatspace human. This is why it's worth reading a book by Mark Twain, even though that wasn't his real name. And it would be worth reading those books even if we had no idea who had really written them. The reuptation and history of the author lets you decide whether you want to read the next of his books. The same is true of academic papers--you don't need to have met me or even to be able to find me, in order to read my papers and develop an opinion (hopefully a good one) about the quality of my work. And that determines whether you think the next paper is worth reading. --John From camera_lumina at hotmail.com Sat Oct 1 07:48:30 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sat, 01 Oct 2005 10:48:30 -0400 Subject: [arrakistor@gmail.com: Wikipedia & Tor] In-Reply-To: <6884756.1128175312142.JavaMail.root@elwamui-norfolk.atl.sa.earthlink.net> Message-ID: In many segments of the credit card insutry meatspace is also irrelevant. Anyone with a FICO greater than about 680 is almost certainly concered with maintaining their reputation with the current crop of TRWs of the world...collections efforts leverage the potential damage to the reputation, and only very gradually (if ever) fall back into actual meatspace threats (ie, docking your pay, etc...). And in many cases meatspace threats are forgone due to the collections effort (times probability of collection) yielding more than what would be recovered. So for many, it's effectively been psuedonyms for years, though their psuedonyms happen to correspond to their true names. -TD >From: John Kelsey >To: "Roy M. Silvernail" , "R.A. Hettinga" > >CC: "James A. Donald" , cypherpunks at jfet.org >Subject: Re: [arrakistor at gmail.com: Wikipedia & Tor] >Date: Sat, 1 Oct 2005 10:01:51 -0400 (GMT-04:00) > > >Damn good point. Now that I think of it, all the classic examples of > >"anonymous" publication were really pseudonymous. (Publius, et al) > >They have different requirements. Votes and cash transactions and similar >things >require no history, no reputation. They're one-shot actions that should >not be linkable >to other actions. > >Pseudonyms are used everywhere in practice, because even my name is >effectively >a pseudonym unless you have some reason to try to link it to a meatspace >human. >This is why it's worth reading a book by Mark Twain, even though that >wasn't his real >name. And it would be worth reading those books even if we had no idea who >had really >written them. The reuptation and history of the author lets you decide >whether you want >to read the next of his books. The same is true of academic papers--you >don't need to >have met me or even to be able to find me, in order to read my papers and >develop an >opinion (hopefully a good one) about the quality of my work. And that >determines whether >you think the next paper is worth reading. > >--John From eugen at leitl.org Sat Oct 1 04:28:53 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 1 Oct 2005 13:28:53 +0200 Subject: [arma@mit.edu: Why some Tor servers are slow (was Re: TOR Park Exit Node Question)] Message-ID: <20051001112853.GC2249@leitl.org> ----- Forwarded message from Roger Dingledine ----- From eugen at leitl.org Sat Oct 1 05:19:00 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 1 Oct 2005 14:19:00 +0200 Subject: [jason@lunkwill.org: nym-0.2 released] Message-ID: <20051001121900.GE2249@leitl.org> ----- Forwarded message from Jason Holt ----- From eugen at leitl.org Sat Oct 1 05:58:49 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 1 Oct 2005 14:58:49 +0200 Subject: [dave@farber.net: [IP] Wireless access for all? Google plan would offer free Internet throughout SF] Message-ID: <20051001125849.GI2249@leitl.org> But will they block Tor? ----- Forwarded message from David Farber ----- From cyphrpunk at gmail.com Sat Oct 1 15:27:32 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Sat, 1 Oct 2005 15:27:32 -0700 Subject: nym-0.2 released (fwd) Message-ID: On 9/30/05, Jason Holt wrote: > http://www.lunkwill.org/src/nym/ > ... > My proposal for using this to enable tor users to play at Wikipedia is as > follows: > > 1. Install a token server on a public IP. The token server can optionally be > provided Wikipedia's blocked-IP list and refuse to issue tokens to offending > IPs. Tor users use their real IP to obtain a blinded token. > > 2. Install a CA as a hidden service. Tor users use their unblinded tokens to > obtain a client certificate, which they install in their browser. > > 3. Install a wikipedia-gateway SSL web proxy (optionally also a hidden service) > which checks client certs and communicates a client identifier to MediaWiki, > which MediaWiki will use in place of the REMOTE_ADDR (client IP address) for > connections from the proxy. When a user misbehaves, Wikipedia admins block the > client identifier just as they would have blocked an offending IP address. All these degrees of indirection look good on paper but are problematic in practice. Each link in this chain has to trust all the others. Whether the token server issues tokens freely, or the CA issues certificates freely, or the gateway proxy creates client identifiers freely, any of these can destroy the security properties of the system. Hence it makes sense for all of them to be run by a single entity. There can of course be multiple independent such pseudonym services, each with its own policies. In particular it is not clear that the use of a CA and a client certificate buys you anything. Why not skip that step and allow the gateway proxy simply to use tokens as user identifiers? Misbehaving users get their tokens blacklisted. There are two problems with providing client identifiers to Wikipedia. The first is as discussed elsewhere, that making persistent pseudonyms such as client identifiers (rather than pure certifications of complaint-freeness) available to end services like Wikipedia hurts privacy and is vulnerable to future exposure due to the lack of forward secrecy. The second is that the necessary changes to the Wikipedia software are probably more extensive than they might sound. Wikipedia tags each ("anonymous") edit with the IP address from which it came. This information is displayed on the history page and is used widely throughout the site. Changing Wikipedia to use some other kind of identifier is likely to have far-reaching ramifications. Unless you can provide this "client idenfier" as a sort of virtual IP (fits in 32 bits) which you don't mind being displayed everywhere on the site (see objection 1), it is going to be expensive to implement on the wiki side. The simpler solution is to have the gateway proxy not be a hidden service but to be a public service on the net which has its own exit IP addresses. It would be a sort of "virtual ISP" which helps anonymous users to gain the rights and privileges of the identified, including putting their reputations at risk if they misbehave. This solution works out of the box for Wikipedia and other wikis, for blog comments, and for any other HTTP service which is subject to abuse by anonymous users. I suggest that you adapt your software to this usage model, which is more general and probably easier to implement. CP ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From lists at kriptik.org Sat Oct 1 15:47:27 2005 From: lists at kriptik.org (lists) Date: Sat, 01 Oct 2005 18:47:27 -0400 Subject: [arma@mit.edu: Re: Wikipedia & Tor] In-Reply-To: References: Message-ID: <433F11FF.80409@kriptik.org> On 29 Sep 2005 09:57:54 -0400, Tyler Durden wrote: >> >> One way to build a psuedo-pseudonymous mechanism to hang off of Tor >> that would be easy for the Wikipedians to deal with >> would be to have a server that lets you connect to it using Tor, >> log in using some authentication protocol or other, >> then have it generate different outgoing addresses based on your ID. >> So user #37 gets to initiate connections from 10.0.0.37, >> user #258 gets to initiate connections from 10.0.1.2, etc. > > Isn't the IPv4 address space potentially too small in the intermediate > run for this approach? Sounds like you'd need IPv6... > > -TD > Walking away from TOR and Wikipedia implementations... Already, IPs have reputations associated with them and serve as pseudonyms. Blacklists are one example of this reputation being used or abused. In some distant future, with the switch to IPv6, there exists the potential for so many entities to have IPs that IPs will function as identities on a much broader scale. This will facilitate a great deal of reputation and trust being established on the basis of IPs with other measures, similar to the early days of the net but with a less open mentality. And, off on a tangent... (Since this was still in my shorter term memory after the NYC BSD Con a few weeks ago...) The general point of DKIM (http://mipassoc.org/dkim/index.html) is to have a sender domain mail server sign messages, and then a receiver domain mail server can query the public key for the sender domain and verify the signature. DKIM suggested that public keys be stored in DNS records for domains. While this storage could be per domain, it could also be per sub-domain, per end entities of a domain, etc. Given the driver to combat spam, you never know, something like this could happen in the next few years. Issues of the capabilities of the current DNS and DNS security infrastructure aside, we then have a universal public key distribution mechanism. So, IPs can be tied to domains, domains can be tied to public keys, sub-domains, or end entities, sub-domains can be tied to public keys or end entities, end entities can be tied to public keys, and so on and so forth. Reputations can be built, and there are lots of ways of establishing trust for keys as needed, be it simple PKI, web of trust, etc. It all seems more fluid than anything we have now. A lot could then happen for end users transparently, much like when they swipe a credit card. DKIM is just one example of that. -Andrew From dave at farber.net Sat Oct 1 18:28:29 2005 From: dave at farber.net (David Farber) Date: Sat, 1 Oct 2005 21:28:29 -0400 Subject: [IP] Guardian Observer (London) on Google Privacy Issues Message-ID: http://observer.guardian.co.uk/business/story/0,6903,1582719,00.html Our internet secrets stored for decades Privacy groups want the law changed to stop Google using, or divulging to outside agencies, the vast amount of personal data it has access to. By Conal Walsh Sunday October 2, 2005 The Observer Google took a further step away from its folksy image when it hired its first professional lobbyist in Washington earlier this year. But it turned out to be a timely move. The world's biggest search engine has been under attack on many fronts in 2005 - and its activities have spawned a cottage industry of Google critics, who complain above all that the company's dramatic rise to prominence is a threat to our privacy. Much protest focuses on the company's use of 'cookies' - pieces of programming code - which Google plants on your computer's hard drive when you use its service. The cookies enable Google to keep a record of your web-searching history. They don't expire until 2038, meaning that potentially sensitive information on your interests and peccadilloes could be stored for upwards of 30 years. It is sobering to think what fraudsters, identity thieves, blackmailers or government snoopers could do with this information if they got access to it. Privacy groups are up in arms. 'We need to re-evaluate the role of big search engines, email portals, and all the rest of it,' says Daniel Brandt, of the website Google Watch. 'They all track everything. Google was the first to do it, arrogantly and without any apologies; now everyone assumes that if Google does it, they can do it too.' Lauren Weinstein, founder of the US-based People for Internet Responsibility, says out-of-date privacy laws fail to capture the information-gathering powers of youthful but powerful new media companies. 'The relevant laws are generally so weak - if they exist at all - that it's difficult to file complaints when you can't find out what data they're keeping and how they are using it,' says Weinstein. Google says these fears are unfounded, that it respects privacy and keeps strictly within relevant privacy laws. Personal data are logged on computer files but 'no humans' access it, says the company; safeguards are in place to prevent employees from examining traffic data without special permission from senior managers. Nor is personal information shared with outsiders. All Google's records are impenetrable to hackers. Besides, say Google devotees, open access and the empowerment of the individual are central to the whole philosophy of the company; it would never seek to misuse or betray its users' secrets. Life, though, can be complicated. In repressive countries such as China, Google and other portals have little choice but to accommodate the authorities, which regularly censor the internet and spy on users. In the US, Google has declined to say how often it responds to requests for information from America's intelligence and law enforcement agencies. And there are concerns that what Google is building with its data-retention operation is a vast marketing database, which one day could be exploited ruthlessly. Simmering discontent turned into open confrontation earlier this year when Google launched Gmail, a free email service designed to compete with Yahoo and Microsoft's Hotmail. To ordinary punters, the great advantage of Gmail was the enormous two gigabytes of storage space it offered, enabling users to keep all their old messages. But Google planned to make the service pay by scanning customers' emails for keywords in order to send them targeted advertisements - a flagrant breach of privacy, according to opponents. The Consumer Federation of America demanded that Google rethink the scheme, while California politician Liz Figueroa called for changes in the law to protect users' 'most intimate and private email thoughts'. The London-based campaigners Privacy International filed complaints with data protection agencies in several countries, including Britain. The UK Information Commissioner took no action after consulting with Google, but campaigners argue that government bodies operating with a small staff and obsolete laws are no match for a technology superpower like Google, which is expanding at an almost exponential rate and continues to innovate in its use of personal data. In claims denied by Google, Privacy International's Simon Davies asserts that there is 'an absence of contractual commitment to the security of data' and 'fundamental problems in achieving lawful customer consent'. For now, campaigners may have to console themselves with a story of the biter bit. Google's chief executive, Eric Schmidt, was reportedly enraged this month when an online newspaper published his address and other personal details - having found them on Google. ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From jason at lunkwill.org Sat Oct 1 17:13:02 2005 From: jason at lunkwill.org (Jason Holt) Date: Sun, 2 Oct 2005 00:13:02 +0000 (UTC) Subject: nym-0.2 released (fwd) Message-ID: On Sat, 1 Oct 2005, cyphrpunk wrote: >All these degrees of indirection look good on paper but are >problematic in practice. As the great Ulysses said, Pete, the personal rancor reflected in that remark I don't intend to dignify with comment. However, I would like to address your attitude of hopeless negativism. Consider the lilies of the g*dd*mn field...or h*ll, look at Delmar here as your paradigm of hope! [Pause] Delmar: Yeah, look at me. Okay, so maybe there's no personal rancor, but I do detect some hopeless negativism. Or perhaps it's unwarranted optimism that crypto-utopia will be here any moment now, flowing with milk and honey, ecash, infrastructure and multi show zero knowledge proofs. Maybe I just need a disclaimer: "Warning: this product favors simplicity over crypto-idealism; not for use in Utopia." Did I mention that my code is Free and (AFAIK) unencumbered? The reason I have separate token and cert servers is that I want to end up with a client cert that can be used in unmodified browsers and servers. The certs don't have to have personal information in them, but with indirection we cheaply get the ability to enfore some sort of structure on the certs. Plus, I spent as much time as it took me to write *both releases of nym* just trying to get ahold of the actual digest in an X.509 cert that needs to be signed by the CA (in order to have the token server sign that instead of a random token). That would have eliminated the separate token/cert steps, but required a really hideous issuing process and produced signatures whose form the CA could have no control over. (Clients could get signatures on IOUs, delegated CA certs, whatever.) (Side note to Steve Bellovin: having once again abandoned mortal combat with X.509, I retract my comment about the system not being broken...) >the security properties of the system. Hence it makes sense for all of them >to be run by a single entity. There can of course be multiple independent >such pseudonym services, each with its own policies. Sure, there's no reason for one entity not to run all three services; we're only talking about 2 CGI scripts and a web proxy anyway. Or, run a CA which serves multiple token servers, and issues certs with extensions specifying what kinds of tokens were "spent" to obtain the cert. Then web servers get articulated limiting from a single CA's certs. >In particular it is not clear that the use of a CA and a client >certificate buys you anything. Why not skip that step and allow the >gateway proxy simply to use tokens as user identifiers? Misbehaving >users get their tokens blacklisted. It buys not having to strap hacked-up code onto your web browser or server. Run the perl scripts once to get the cert, then use it with any browser and any server that knows about the CA. >There are two problems with providing client identifiers to Wikipedia. >The first is as discussed elsewhere, that making persistent pseudonyms >such as client identifiers (rather than pure certifications of >complaint-freeness) available to end services like Wikipedia hurts >privacy and is vulnerable to future exposure due to the lack of >forward secrecy. Great, you guys work up an RFC, then an IETF draft, then some Idemix code with all the ZK proofs. In the meantime, I'll be setting up my 349 lines of perl/shell code for whoever wants to use it. Whoops, I forgot the IP-rationing code; 373 lines. Actually, if all you want is complaint-free certifications, that's easy to put in the proxy; just make it serve up different identifiers each time and keep a table of which IDs map to which client certs. Makes it harder for the wikipedia admins to see patterns of abuse, though. They'd have to report each incident and let the proxy admin decide when the threshold is reached. >The second is that the necessary changes to the Wikipedia software are >probably more extensive than they might sound. Wikipedia tags each >("anonymous") edit with the IP address from which it came. This information >is displayed on the history page and is used widely throughout the site. >Changing Wikipedia to use some other kind of identifier is likely to have >far-reaching ramifications. Unless you can provide this "client idenfier" >as a sort of virtual IP (fits in 32 bits) which you don't mind being >displayed everywhere on the site (see objection 1), it is going to be >expensive to implement on the wiki side. There's that hopeless negativism again. Do you want a real solution or not? Because I can think of at least 2 ways to solve that problem in a practical setting, and that's assuming that your assumption about MediaWiki being limited to 4-byte identifiers is even correct. >The simpler solution is to have the gateway proxy not be a hidden >service but to be a public service on the net which has its own exit >IP addresses. It would be a sort of "virtual ISP" which helps >anonymous users to gain the rights and privileges of the identified, >including putting their reputations at risk if they misbehave. This >solution works out of the box for Wikipedia and other wikis, for blog >comments, and for any other HTTP service which is subject to abuse by >anonymous users. I suggest that you adapt your software to this usage >model, which is more general and probably easier to implement. Sure. I always meant for the gateway to exit on a public IP address. The reason to make it a hidden service is to keep n00bs from forgetting to turn on tor when they talk to the proxy. Thanks for clarifying, though. -J ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From agl at imperialviolet.org Sat Oct 1 19:21:41 2005 From: agl at imperialviolet.org (Adam Langley) Date: Sun, 2 Oct 2005 03:21:41 +0100 Subject: nym-0.2 released (fwd) Message-ID: cyphrpunk: > Each link in this chain has to trust all the > others. ... any of these can destroy the security properties > of the system. Dude, we're not launching missiles here, it's just Wikipedia. On 10/2/05, Jason Holt wrote: > The reason I have separate token and cert servers is that I want to end up > with a client cert that can be used in unmodified browsers and servers. First, how do you add client certificates in modern browsers? Oh, actually I've just found it in Firefox, but what about IE/Opera/whatever else? Can you do it easily? The blinded signature is just a long bit string and it might well be better from a user's point of view for them to 'login' by pasting the base64 encoded blob into a box. Just a thought (motivated in no small part by my dislike for all things x509ish) > > privacy and is vulnerable to future exposure due to the lack of > > forward secrecy. The lack of forward secrecy is pretty fundamental in a reputation based system. The more you turn up the forward secrecy, the less effective any reputation system is going to be. And I'm also going to say well done to Jason for actually coding something. There do seem to be a lot couch-geeks on or-talk - just look at the S/N ratio on the recent wikipedia threads. It might not work, but it's *something*. No amount of talk is going to suddenly become a solution. AGL -- Adam Langley agl at imperialviolet.org http://www.imperialviolet.org (+44) (0)7906 332512 PGP: 9113 256A CC0F 71A6 4C84 5087 CDA5 52DF 2CB6 3D60 ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From cyphrpunk at gmail.com Sun Oct 2 09:12:18 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Sun, 2 Oct 2005 09:12:18 -0700 Subject: nym-0.2 released (fwd) Message-ID: A few comments on the implementation details of http://www.lunkwill.org/src/nym/: 1. Limting token requests by IP doesn't work in today's internet. Most customers have dynamic IPs. Either they won't be able to get tokens, because someone else has already gotten one using their temporary IP, or they will be able to get multiple ones by rotating among available IPs. It may seem that IP filtering is expedient for demo purposes, but actually that is not true, as it prevents interested parties from trying out your server more than once, such as to do experimental hacking on the token-requesting code. I suggest a proof of work system a la hashcash. You don't have to use that directly, just require the token request to be accompanied by a value whose sha1 hash starts with say 32 bits of zeros (and record those to avoid reuse). 2. The token reuse detection in signcert.cgi is flawed. Leading zeros can be added to r which will cause it to miss the saved value in the database, while still producing the same rbinary value and so allowing a token to be reused arbitrarily many times. 3. signer.cgi attempts to test that the value being signed is > 2^512. This test is ineffective because the client is blinding his values. He can get a signature on, say, the value 2, and you can't stop him. 4. Your token construction, sign(sha1(r)), is weak. sha1(r) is only 160 bits which could allow a smooth-value attack. This involves getting signatures on all the small primes up to some limit k, then looking for an r such that sha1(r) factors over those small primes (i.e. is k-smooth). For k = 2^14 this requires getting less than 2000 signatures on small primes, and then approximately one in 2^40 160-bit values will be smooth. With a few thousand more signatures the work value drops even lower. A simple solution is to do slightly more complex padding. For example, concatenate sha1(0||r) || sha1(1||r) || sha1(2||r) || ... until it is the size of the modulus. Such values will have essentially zero probability of being smooth and so the attack does not work. CP ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Sun Oct 2 05:12:40 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 2 Oct 2005 14:12:40 +0200 Subject: [agl@imperialviolet.org: Re: nym-0.2 released (fwd)] Message-ID: <20051002121240.GT2249@leitl.org> ----- Forwarded message from Adam Langley ----- From eugen at leitl.org Sun Oct 2 05:18:21 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 2 Oct 2005 14:18:21 +0200 Subject: [dave@farber.net: [IP] Guardian Observer (London) on Google Privacy Issues] Message-ID: <20051002121821.GV2249@leitl.org> ----- Forwarded message from David Farber ----- From eugen at leitl.org Sun Oct 2 05:52:48 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 2 Oct 2005 14:52:48 +0200 Subject: [cyphrpunk@gmail.com: Re: nym-0.2 released (fwd)] Message-ID: <20051002125248.GX2249@leitl.org> ----- Forwarded message from cyphrpunk ----- From eugen at leitl.org Sun Oct 2 08:08:01 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 2 Oct 2005 17:08:01 +0200 Subject: [jason@lunkwill.org: Re: nym-0.2 released (fwd)] Message-ID: <20051002150801.GE2249@leitl.org> ----- Forwarded message from Jason Holt ----- From eugen at leitl.org Sun Oct 2 09:54:12 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 2 Oct 2005 18:54:12 +0200 Subject: [cyphrpunk@gmail.com: Re: nym-0.2 released (fwd)] Message-ID: <20051002165412.GG2249@leitl.org> ----- Forwarded message from cyphrpunk ----- From jason at lunkwill.org Sun Oct 2 15:23:50 2005 From: jason at lunkwill.org (Jason Holt) Date: Sun, 2 Oct 2005 22:23:50 +0000 (UTC) Subject: nym-0.2 released (fwd) Message-ID: On Sun, 2 Oct 2005, cyphrpunk wrote: >1. Limting token requests by IP doesn't work in today's internet. Most Hopeless negativism. I limit by IP because that's what Wikipedia is already doing. Sure, hashcash would be easy to add, and I looked into it just last night. Of course, as several have observed, hashcash also leads to whack-a-mole problems, and the abuser doesn't even have to be savvy enough to change IPs. Why aren't digital credential systems more widespread? As has been suggested here and elsewhere at great length, it takes too much infrastructure. It's too easy when writing a security paper to call swaths of CAs into existance with the stroke of the pen. To assume that any moment now, people will start carrying around digital driver's licenses and social security cards (issued in the researcher's pet format), which they'll be happy to show the local library in exchange for a digital library card. That's why I'm so optimistic about nym. A reasonable number of Tor users, a technically inclined group of people on average, want to access a single major site. That site isn't selling ICBMs; they mostly want people to have access anyway. They have an imperfect rationing system based on IPs. The resource is cheap, the policy is simple, and the user needs to conceal a single attribute about herself. There's a simple mathematical solution that yields certificates which are already supported by existing software. That, my friend, is a problem we can solve. >I suggest a proof of work system a la hashcash. You don't have to use >that directly, just require the token request to be accompanied by a >value whose sha1 hash starts with say 32 bits of zeros (and record >those to avoid reuse). I like the idea of requiring combinations of scarce resources. It's definitely on the wishlist for future releases. Captchas could be integrated as well. >2. The token reuse detection in signcert.cgi is flawed. Leading zeros >can be added to r which will cause it to miss the saved value in the >database, while still producing the same rbinary value and so allowing >a token to be reused arbitrarily many times. Thanks for pointing that out! Shouldn't be hard to fix. >3. signer.cgi attempts to test that the value being signed is > 2^512. >This test is ineffective because the client is blinding his values. He >can get a signature on, say, the value 2, and you can't stop him. > >4. Your token construction, sign(sha1(r)), is weak. sha1(r) is only >160 bits which could allow a smooth-value attack. This involves >getting signatures on all the small primes up to some limit k, then >looking for an r such that sha1(r) factors over those small primes >(i.e. is k-smooth). For k = 2^14 this requires getting less than 2000 >signatures on small primes, and then approximately one in 2^40 160-bit >values will be smooth. With a few thousand more signatures the work >value drops even lower. Oh, I think I see. The k-smooth sha1(r) values then become "bonus" tokens, so we use a large enough h() that the result is too hard to factor (or, I suppose we could make the client present properly PKCS padded preimages). I'll do some more reading, but I think that makes sense. Thanks! -J ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From ChristianWilliamdispute at atci.or.th Mon Oct 3 05:44:41 2005 From: ChristianWilliamdispute at atci.or.th (Daniel Stratton) Date: Mon, 03 Oct 2005 05:44:41 -0700 Subject: It`s time to Refill asteroid Message-ID: <5.9.2.7.2.2005479.00b0a20@designs.com> Xanax and other drugs with wholesale prices. You wont find better prices anywhere! Levitra - 60 Pills - 399$ Xanax - 60 Pills - 199$ Ambien - 60 Pills - 190$ Ultram - 60 PilIs - 85$ Viagra - 150 Pills - 269$ Valium - 180 Pills - 370$ Soma - 80 Pills - 79$ Please click below and check out our offer. http://www.madmate.info/?f65f6341Sb59bef118a280457133Se37 cramer you handhold me, hetman shall contrast fracture . slingshot you replicate me, emcee chungking clearheaded . tift you vagabond me, incubi . clobber you compass me, lateran kneecap imbalance hrothgar . aarhus you endicott me, typhoon galatea bulkhead . cargo you bed me, saracen revoke consternate . http://www.icybite.info/fgh.php From camera_lumina at hotmail.com Mon Oct 3 07:55:30 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 03 Oct 2005 10:55:30 -0400 Subject: Surreptitious Tor Messages? In-Reply-To: <20051003135742.GV2249@leitl.org> Message-ID: Can anyone suggest a tool for checking to see if my Tor client is performing any surreptitious signaling? Seems to me there's a couple of possibilities for a TLA or someone else to monitor Tor users. Tor clients purchased online or whatever could possibly signal a monitoring agency for when and possibly where the user is online. This would mean that at bootup, some surreptitious packets could be fired off. The problem here is that a clever TLA might be able to hide its POP behind the Tor network, so merely checking on IP addresses on outgoing packets wouldn't work. Can anyone recommend a nice little package that can be used to check for unusual packets leaving my machine through the tor client? -TD >From: Eugen Leitl >To: cypherpunks at jfet.org >Subject: [jason at lunkwill.org: Re: nym-0.2 released (fwd)] >Date: Mon, 3 Oct 2005 15:57:42 +0200 > >----- Forwarded message from Jason Holt ----- > >From: Jason Holt >Date: Sun, 2 Oct 2005 22:23:50 +0000 (UTC) >To: cyphrpunk >Cc: or-talk at freehaven.net, cryptography at metzdowd.com >Subject: Re: nym-0.2 released (fwd) >Reply-To: or-talk at freehaven.net > > >On Sun, 2 Oct 2005, cyphrpunk wrote: > >1. Limting token requests by IP doesn't work in today's internet. Most > >Hopeless negativism. I limit by IP because that's what Wikipedia is >already >doing. Sure, hashcash would be easy to add, and I looked into it just last >night. Of course, as several have observed, hashcash also leads to >whack-a-mole problems, and the abuser doesn't even have to be savvy enough >to change IPs. > >Why aren't digital credential systems more widespread? As has been >suggested >here and elsewhere at great length, it takes too much infrastructure. It's >too easy when writing a security paper to call swaths of CAs into existance >with the stroke of the pen. To assume that any moment now, people will >start carrying around digital driver's licenses and social security cards >(issued in the researcher's pet format), which they'll be happy to show the >local library in exchange for a digital library card. > >That's why I'm so optimistic about nym. A reasonable number of Tor users, a >technically inclined group of people on average, want to access a single >major site. That site isn't selling ICBMs; they mostly want people to have >access anyway. They have an imperfect rationing system based on IPs. The >resource is cheap, the policy is simple, and the user needs to conceal a >single attribute about herself. There's a simple mathematical solution that >yields certificates which are already supported by existing software. That, >my friend, is a problem we can solve. > > > >I suggest a proof of work system a la hashcash. You don't have to use > >that directly, just require the token request to be accompanied by a > >value whose sha1 hash starts with say 32 bits of zeros (and record > >those to avoid reuse). > >I like the idea of requiring combinations of scarce resources. It's >definitely on the wishlist for future releases. Captchas could be >integrated as well. > > > >2. The token reuse detection in signcert.cgi is flawed. Leading zeros > >can be added to r which will cause it to miss the saved value in the > >database, while still producing the same rbinary value and so allowing > >a token to be reused arbitrarily many times. > >Thanks for pointing that out! Shouldn't be hard to fix. > > > >3. signer.cgi attempts to test that the value being signed is > 2^512. > >This test is ineffective because the client is blinding his values. He > >can get a signature on, say, the value 2, and you can't stop him. > > > >4. Your token construction, sign(sha1(r)), is weak. sha1(r) is only > >160 bits which could allow a smooth-value attack. This involves > >getting signatures on all the small primes up to some limit k, then > >looking for an r such that sha1(r) factors over those small primes > >(i.e. is k-smooth). For k = 2^14 this requires getting less than 2000 > >signatures on small primes, and then approximately one in 2^40 160-bit > >values will be smooth. With a few thousand more signatures the work > >value drops even lower. > >Oh, I think I see. The k-smooth sha1(r) values then become "bonus" tokens, >so we use a large enough h() that the result is too hard to factor (or, I >suppose we could make the client present properly PKCS padded preimages). >I'll do some more reading, but I think that makes sense. Thanks! > > -J > >----- End forwarded message ----- >-- >Eugen* Leitl leitl >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.leitl.org >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which >had a name of signature.asc] From eugen at leitl.org Mon Oct 3 06:57:42 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 3 Oct 2005 15:57:42 +0200 Subject: [jason@lunkwill.org: Re: nym-0.2 released (fwd)] Message-ID: <20051003135742.GV2249@leitl.org> ----- Forwarded message from Jason Holt ----- From rah at shipwright.com Mon Oct 3 13:20:59 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 3 Oct 2005 16:20:59 -0400 Subject: Venona not all decrypted? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I just heard that the Venona intercepts haven't all been decrypted, and that the reason for that was there "wasn't enough budget to do so". Is that "not enough budget" to apply the one-time pads they already have, or is that the once-and-futile exercise of "decrypting" ciphertext with no one-time pad to go with it? Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ0GSo8UCGwxmWcHhAQEPmQf9H03En5RvvUKqjtjHGvhSnUvPx5sUk2OV FCqYs/3hLv2NxWeK63/zxwOv2cyQ4H0XRCi3+rV1NCcScecLSYYudQ+64ZqMFXju ywPzSVUcZwPFYeYiz2ddpUTdadWCLexeKvhjN2hlFs4jUbEsguzjbOHC22yWUo2k IeC5+E4TM2sKEz22KKpPtGPFuZENoTgHGoRvQRgFRaR6wTjeOgs0dIBNOXf7VXVQ hrzCBmompgO25qRKDKETF28b2vtaVNeUeMUyPKAwyd0ivqqg4DX2YAqanOdmyOfe JzsbFW6I43jxvT+jcxOI3AlOu+KujXSUAu1OxXUTVfXvRsjF7oDTWw== =1U1P -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From brett at lariat.net Tue Oct 4 02:25:50 2005 From: brett at lariat.net (Brett Glass) Date: October 4, 2005 2:25:50 AM EDT Subject: For IP: Italy requires logging of personal info at cybercafes Message-ID: Want to check your e-mail in Italy? Bring your passport. An antiterror law makes Internet cafe managers check their clients' IDs and track the websites they visit. By Sofia Celeste | Contributor to The Christian Science Monitor ROME - Looking out over the cobblestone streets of Rome's Borgo Pio neighborhood, Maurizio Savoni says he's closing his Internet cafe because he doesn't want to be a "cop" anymore. After Italy passed a new antiterrorism package in July, authorities ordered managers offering public communications services, like Mr. Savoni,to make passport photocopies of every customer seeking to use the Internet, phone, or fax. "This new law creates a heavy atmosphere," says Savoni, his desk cluttered with passport photocopies. He is visibly irritated, as he proceeds to halt clients at the door for their ID. Passed within weeks of the London bombings this summer, the law is part of the most extensive antiterror package introduced in Italy since 9/11 and the country's subsequent support of the Iraq war. Though the legislation also includes measures to heighten transportation security, permit DNA collection, and facilitate the detention or deportation of suspects, average Italians are feeling its effect mainly in Internet cafes. But while Italy has a healthy protest culture, no major opposition to the law has emerged. Before the law was passed, Savoni's clients were anonymous to him. Now they must be identified by first and last name. He must also document which computer they use, as well as their log-in and log-out times. Like other owners of Internet cafes, Savoni had to obtain a new public communications business license, and purchase tracking software that costs up to $1,600. The software saves a list of all sites visited by clients, and Internet cafe operators must periodically turn this list into their local police headquarters. "After 9/11, Madrid, and London, we all have to do our utmost best to fight terrorism," says a government official who asked not to be named. Italy claims that its new stance on security led to the arrest of Hussein Osman, also known as Hamdi Issac - one of the men behind the failed bombing of the London underground July 21. "Hamdi was well known to our security people and had relatives here with whom he communicated, in some form," says the government official in an e-mail interview. But Silvia Malesa, a young Internet cafe owner in the coastal village of Olbia, Sardinia, remains unconvinced. "This is a waste of time," says Ms. Malesa in a telephone interview. "Terrorists don't come to Internet cafes." And now, would-be customers aren't coming either, say Savoni and Malesa. Since the law was enacted, Savoni has seen an estimated 10 percent drop in business. "So many people who come in here ask 'why?' and then they just leave," Savoni says. Most tourists who wander in from the streets, he explains, leave their passports at home or are discouraged when asked to sign a security disclaimer. Savoni says the new law violates his privacy, comparing it to America's antiterrorism law that allows authorities to monitor Internet use without notifying the person in question. "It is a control system like America's Patriot Act," he says. Groups like the American Civil Liberties Union have criticized the Patriot Act because it permits the government to ask libraries for a list of books someone has borrowed or the websites they have visited. Under Italy's new antiterror legislation, only those who are on a black list for terrorist connections are in danger of having their e- mails read, according to the government official. Interior Minister Giuseppe Pisanu has declared Italy will stop at nothing to fight terror. "I will continue to prioritize action to monitor the length and breadth of the country, without ever underestimating reasonably reliable reports of specific threats," said Mr. Pisanu in a Sept. 29 interview with Finmeccanica Magazine. Pisanu has also called for developing sophisticated technology to combat terror on Italian soil. "There is no doubt that, to achieve maximum efficiency, we need the support of the best technological applications," Pisanu affirmed. As a result, Pisanu has formed the Strategic Anti-terrorism Analysis Committee, which aims to examine and take action against all terror threats. Due to new measures, more than 25 Islamic extremists were arrested on Italian soil in 2005, according to the Interior Ministry. The ministry also reported that they are conducting "rigorous surveillance" of high-risk areas of terrorist activity and over 13,000 strategic locations in Italy. On Aug. 12 and 13 alone, a reported 32,703 checks were carried out on suspicious individuals. Despite the inconvenience, most Italians seem relatively unfazed by the law. "If I am not doing anything wrong, fundamentally nothing is going to happen to me," says Mauro Pallotta, a young artist, after checking his e-mail at Savoni's cafe. URL: http://www.csmonitor.com/2005/1004/p07s01-woeu.htm ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From tien at eff.org Tue Oct 4 05:47:42 2005 From: tien at eff.org (Lee Tien) Date: October 4, 2005 5:47:42 PM EDT Subject: [IP] more on USG RFI for "metrics" on the 'terror war' Message-ID: I'm sure the military folks on the list can suggest better sources. Arreguin-Toft, Ivan. "How the Weak Win Wars: A Theory of Asymmetric Warfare." International Security, vol. 26, no. 1, Summer 2001, pp. 93-128. Paul, T. V. Asymmetric Conflicts: War Initiation by Weaker Powers. Cambridge, MA: Cambridge University Press, 1994. Miles, Franklin B. Asymmetrical Warfare: An Historical Perspective. Carlisle Barracks, PA: Army War College, 1999. See generally http://www.comw.org/rma/fulltext/asymmetric.html Lee At 5:25 PM -0400 10/4/05, David Farber wrote: >Begin forwarded message: > >From: "Robert C. Atkinson" >Date: October 4, 2005 4:32:01 PM EDT >To: dave at farber.net >Subject: Re: [IP] USG RFI for "metrics" on the 'terror war' > > >Regarding the statement that: > > > >> the continuing belief that a conventional high- tech army >> can defeat a low-tech insurgency (something that has not happened >>in Western >> history to my knowledge)... >> >> > >Things aren't quite that bad: there have been "successes" such as > >- the British and then US "pacification" of North America >(the United States and Canada) and the whole western hemisphere for >that matter) >- the British "pacification" of South Africa, Australia and >New Zealand >- the United States in the Philippine Insurrection at turn >of the 20th century >- British suppression of insurgents in Malaya after WWII? >- British suppression of the Mau Mau in Kenya in the 1950s >- British suppression of the IRA in Northern Ireland > >And in "Western history" Rome's high tech army (for its time) >defeated insurgencies throughout the centuries of the Roman Empire. >There are probably plenty of other examples that historians can >offer. In this day and age, the important thing is to understand >why high tech armies sometimes lose to low-tech insurgencies? My >guess is that the willingness of the high-tech army's "homefront" >to sustain the cost and horror of a long, drawn-out counter- >insurgency (including periodic tactical defeats such as Tet in the >Vietnam) is a very important factor in the longterm success or >failure of the high-tech army. >Thanks > >Bob > > > >David Farber wrote: > > > >> >> >> Begin forwarded message: >> >> From: Richard Forno >> Date: October 4, 2005 2:45:23 PM EDT >> To: Infowarrior List >> Cc: Dave Farber >> Subject: USG RFI for "metrics" on the 'terror war' >> >> >> >> While I'm all for knowing how to measure one's effectiveness, I >>fear that >> such "metrics" will be nothing more than a rehash of Vietnam-era >>body count >> tallies as the "measure of success" in the 'war' to make juicy and >> positive-sounding quotes for the current iteration of the Five >>O'Clock >> Follies. >> >> This, coupled with the continuing belief that a conventional >>high- tech army >> can defeat a low-tech insurgency (something that has not happened >>in Western >> history to my knowledge) only reinforces my sense that the USG is >>not >> learning from history but rather repeating it. >> >> The fact that a contractor is being asked to develop these >>"metrics" speaks >> volumes, IMHO. You'd think this would be something they'd have >>come up with >> BEFORE launching into the 'war' on terror, right? >> >> -rick >> >> >> >> >> >> >>> The Contractor shall develop, in conjunction with the Joint >>>Staff, OSD, >>> Combatant and Unified Commands, Services and designated Agencies >>> (stakeholders) a system of metrics to accurately assess US >>>progress in the War >>> on Terrorism, identify critical issues hindering progress and >>> develop and >>> track action plans to resolve the issues identified. In this >>> effort, the >>> contractor shall work as an independent contractor not subject >>>to the >>> supervision and control of the Government. All deliverables >>>become the >>> property of the US Government. >>> >>> >>> >> >> >> Source document: >> http://blogs.washingtonpost.com/earlywarning/files/ >>WarOnTerrorismMetrics.doc >> >> >> >> >> >> ------------------------------------- >> You are subscribed as rca53 at columbia.edu >> To manage your subscription, go to >> http://v2.listbox.com/member/?listname=ip >> >> Archives at: http://www.interesting-people.org/archives/ >>interesting-people/ >> >> > > > > >------------------------------------- >You are subscribed as tien at well.sf.ca.us >To manage your subscription, go to > http://v2.listbox.com/member/?listname=ip > >Archives at: http://www.interesting-people.org/archives/interesting- >people/ > ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From dave at farber.net Tue Oct 4 05:54:46 2005 From: dave at farber.net (David Farber) Date: Tue, 4 Oct 2005 08:54:46 -0400 Subject: [IP] Italy requires logging of personal info at cybercafes Message-ID: Begin forwarded message: From ggr at qualcomm.com Tue Oct 4 10:13:32 2005 From: ggr at qualcomm.com (Greg Rose) Date: Tue, 04 Oct 2005 10:13:32 -0700 Subject: Venona not all decrypted? In-Reply-To: References: Message-ID: <6.2.5.4.2.20051004100012.05c333a8@qualcomm.com> At 16:20 2005-10-03 -0400, R.A. Hettinga wrote: >I just heard that the Venona intercepts haven't all been decrypted, and >that the reason for that was there "wasn't enough budget to do so". > >Is that "not enough budget" to apply the one-time pads they already have, >or is that the once-and-futile exercise of "decrypting" ciphertext with no >one-time pad to go with it? Here's my understanding of how Venona worked, and why budget would be a problem. I could be completely off base, though. The OTPs were only very occasionally misused, by being used more than once. So the breaks occurred when two separate messages, or possibly fragments of messages, were combined in such a way as to cancel out the OTP, then the resulting running-key cipher was solved to yield the two messages. I don't think that the NSA had access to the pads themselves, except after having recovered the messages (and hence the pad for those messages). So there really isn't likelihood that that pad would be reused even more times. To detect that a pad has been reused, you basically have to line up two ciphertexts at the right places, combine them appropriately, and run a statistical test on the result to see if it shows significant bias. This is an O(n^2.m) problem, where n is the number of units to be tested (maybe whole messages, maybe pages of OTP, maybe at the character level? Who knows?) and m represents enough text to reliably detect a collision. There was a very large amount of intercepted data, and it's presumably all stored on tapes somewhere, so that n^2 factor probably involves actually mounting tapes and stuff. But in a way, you're right; it should, with today's technology, be possible to just read all the tapes once onto a big RAID, and set the cluster to work for a year or two. Greg. Greg Rose INTERNET: ggr at qualcomm.com Qualcomm Incorporated VOICE: +1-858-651-5733 FAX: +1-858-651-5766 5775 Morehouse Drive http://people.qualcomm.com/ggr/ San Diego, CA 92121 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C From cyphrpunk at gmail.com Tue Oct 4 11:35:43 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Tue, 4 Oct 2005 11:35:43 -0700 Subject: Hooking nym to wikipedia Message-ID: On 10/3/05, Jason Holt wrote: > > More thoughts regarding the tokens vs. certs decision, and also multi-use: This is a good summary of the issues. With regard to turning client certs on and off: from many years of experience with anonymous and pseudonymous communication, the big usability problem is remembering which mode you are in - whether you are identified or anonymous. This relates to the technical problem of preventing data from one mode from leaking over into the other. The best solution is to use separate logins for the two modes. This prevents any technical leakage such as cookies or certificates. Separate desktop pictures and browser skins can be selected to provide constant cues about the mode. Using this method it would not be necessary to be asked on every certificate usage, so that problem with certs would not arise. (As far as the Chinese dissident using net cafes, if they are using Tor at all it might be via a USB token like the one (formerly?) available from virtualprivacymachine.com. The browser on the token can be configured to hold the cert, making it portable.) Network eavesdropping should not be a major issue for a pseudonym server. Attackers would have little to gain for all their work. The user is accessing the server via Tor so their anonymity is still protected. Any solution which waits for Wikimedia to make changes to their software will probably be long in coming. When Jimmy Wales was asked whether their software could allow logins for "trusted" users from otherwise blocked IPs, he didn't have any idea. The technical people are apparently in a separate part of the organization. Even if Jimmy endorsed an idea for changing Wikipedia, he would have to sell it to the technical guys, who would then have to implement and test it in their Wiki code base, then it would have to be deployed in Wikipedia (which is after all their flagship product and one which they would want to be sure not to break). Even once this happened, the problem is only solved for that one case (possibly also for other users of the Wiki code base). What about blogs or other web services that may decide to block Tor? It would be better to have a solution which does not require customization of the web service software. That approach tries to make the Tor tail wag the Internet dog. The alternative of running a pseudonym based web proxy that only lets "good" users pass through will avoid the need to customize web services on an individual basis, at the expense of requiring a pseudonym quality administrator who cancels nyms that misbehave. For forward secrecy, this service would expunge its records of which nyms had been active, after a day or two (long enough to make sure no complaints are going to come back). As far as the Unlinkable Serial Transactions proposal, the gist of it is to issue a new blinded token whenever one is used. That's a clever idea but it is not adequate for this situtation, because abuse information is not available until after the fact. By the time a complaint arises the miscreant will have long ago received his new blinded token and the service will have no way to stop him from continuing to use it. I could envision a complicated system whereby someone could use a token on Monday to access the net, then on Wednesday they would become eligible to exchange that token for a new one, provided that it had not been black-listed due to complaints in the interim. This adds considerable complexity, including the need to supply people with multiple initial tokens so that they could do multiple net accesses while waiting for their tokens to be eligible for exchange; the risk that exchange would often be followed immediately by use of the new token, harming unlinkability; the difficulty in fully black-listing a user who has multiple independent tokens, when each act of abuse essentially just takes one of his tokens away from him. Overall this would be too cumbersome and problematic to use for this purpose. Providing forward secrecy by having the nym-based web proxy erase its records every two days is certainly less secure than doing it by cryptographic means, but at the same time it is more secure than trusting every web service out there to take similar actions to protect its clients. Until a clean and unemcumbered technological approach is available, this looks like a reasonable compromise. CP --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From cyphrpunk at gmail.com Tue Oct 4 11:38:51 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Tue, 4 Oct 2005 11:38:51 -0700 Subject: Surreptitious Tor Messages? In-Reply-To: References: <20051003135742.GV2249@leitl.org> Message-ID: <792ce4370510041138x47706ba5n77ba0b29083fc022@mail.gmail.com> On 10/3/05, Tyler Durden wrote: > Can anyone suggest a tool for checking to see if my Tor client is performing > any surreptitious signaling? The Tor protocol is complicated and most of the data is encrypted. You're not going to be able to see what's happening there. Tor is open source. Build from source and it is highly unlikely that someone would have embedded any surreptitious code in there without it being caught. CP From alan at clueserver.org Tue Oct 4 11:44:45 2005 From: alan at clueserver.org (alan) Date: Tue, 4 Oct 2005 11:44:45 -0700 (PDT) Subject: Just to make your life more paranoid:) Re: Surreptitious Tor Messages? In-Reply-To: <7d752ae30510041240m3b7a4346v225259430e0c2316@mail.gmail.com> Message-ID: On Tue, 4 Oct 2005, Steve Furlong wrote: > On 10/4/05, gwen hastings wrote: > > Troll Mode on: > > TOR was originally developed as a result of CIA/NRL funding:) > ... > > BTW running TOR makes you very visible that you are running tor even as > > a client.. its quite a noisy protocol > > Well, of course that "feature" is built in. The NSA wants to be able > to easily find anyone who's running it. > > The noisy protocol has the added benefit of causing the network cable > to emit lots of radiation, frying the brains of TOR users. The only > defense is a hat made of flexible metal. Don't do it! That acts as an antenna and only increases the damage! -- "Invoking the supernatural can explain anything, and hence explains nothing." - University of Utah bioengineering professor Gregory Clark From gwen at cypherpunks.to Tue Oct 4 12:16:20 2005 From: gwen at cypherpunks.to (gwen hastings) Date: Tue, 04 Oct 2005 12:16:20 -0700 Subject: Just to make your life more paranoid:) Re: Surreptitious Tor Messages? In-Reply-To: <20051004175855.6A6D217033@mail.cypherpunks.to> References: <20051004175855.6A6D217033@mail.cypherpunks.to> Message-ID: <20051004191624.EFE821703F@mail.cypherpunks.to> Troll Mode on: TOR was originally developed as a result of CIA/NRL funding:) compile your own client and examine sources if you have this particular brand of paranoia(I do) change to an OS which makes this easy ... BTW running TOR makes you very visible that you are running tor even as a client.. its quite a noisy protocol Troll Mode off: :) Tyler Durden wrote: > Can anyone suggest a tool for checking to see if my Tor client is > performing any surreptitious signaling? > > Seems to me there's a couple of possibilities for a TLA or someone > else to monitor Tor users. Tor clients purchased online or whatever > could possibly signal a monitoring agency for when and possibly where > the user is online. This would mean that at bootup, some surreptitious > packets could be fired off. > > The problem here is that a clever TLA might be able to hide its POP > behind the Tor network, so merely checking on IP addresses on outgoing > packets wouldn't work. > > Can anyone recommend a nice little package that can be used to check > for unusual packets leaving my machine through the tor client? > > -TD From camera_lumina at hotmail.com Tue Oct 4 09:32:28 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 04 Oct 2005 12:32:28 -0400 Subject: [dave@farber.net: [IP] Italy requires logging of personal info at cybercafes] In-Reply-To: <20051004132015.GL2249@leitl.org> Message-ID: Well, the great thing about the Italians is that you can bet in large parts of Italy the law is already routinely ignored. 6 months from now it will be forgotten. -TD >From: Eugen Leitl >To: cypherpunks at jfet.org >Subject: [dave at farber.net: [IP] Italy requires logging of personal info at >cybercafes] >Date: Tue, 4 Oct 2005 15:20:15 +0200 > >----- Forwarded message from David Farber ----- > >From: David Farber >Date: Tue, 4 Oct 2005 08:54:46 -0400 >To: Ip Ip >Subject: [IP] Italy requires logging of personal info at cybercafes >X-Mailer: Apple Mail (2.734) >Reply-To: dave at farber.net > > > >Begin forwarded message: > >From: Brett Glass >Date: October 4, 2005 2:25:50 AM EDT >To: dave at farber.net >Subject: For IP: Italy requires logging of personal info at cybercafes > > >Want to check your e-mail in Italy? Bring your passport. >An antiterror law makes Internet cafe managers check their clients' >IDs and track the websites they visit. > >By Sofia Celeste | Contributor to The Christian Science Monitor > >ROME - Looking out over the cobblestone streets of Rome's Borgo Pio >neighborhood, Maurizio Savoni says he's closing his Internet cafe >because he doesn't want to be a "cop" anymore. > >After Italy passed a new antiterrorism package in July, authorities >ordered managers offering public communications services, like Mr. >Savoni,to make passport photocopies of every customer seeking to use >the Internet, phone, or fax. > >"This new law creates a heavy atmosphere," says Savoni, his desk >cluttered with passport photocopies. He is visibly irritated, as he >proceeds to halt clients at the door for their ID. > >Passed within weeks of the London bombings this summer, the law is >part of the most extensive antiterror package introduced in Italy >since 9/11 and the country's subsequent support of the Iraq war. > >Though the legislation also includes measures to heighten >transportation security, permit DNA collection, and facilitate the >detention or deportation of suspects, average Italians are feeling >its effect mainly in Internet cafes. > >But while Italy has a healthy protest culture, no major opposition to >the law has emerged. > >Before the law was passed, Savoni's clients were anonymous to him. >Now they must be identified by first and last name. He must also >document which computer they use, as well as their log-in and log-out >times. > >Like other owners of Internet cafes, Savoni had to obtain a new >public communications business license, and purchase tracking >software that costs up to $1,600. > >The software saves a list of all sites visited by clients, and >Internet cafe operators must periodically turn this list into their >local police headquarters. > >"After 9/11, Madrid, and London, we all have to do our utmost best to >fight terrorism," says a government official who asked not to be named. > >Italy claims that its new stance on security led to the arrest of >Hussein Osman, also known as Hamdi Issac - one of the men behind the >failed bombing of the London underground July 21. > >"Hamdi was well known to our security people and had relatives here >with whom he communicated, in some form," says the government >official in an e-mail interview. > >But Silvia Malesa, a young Internet cafe owner in the coastal village >of Olbia, Sardinia, remains unconvinced. > >"This is a waste of time," says Ms. Malesa in a telephone interview. >"Terrorists don't come to Internet cafes." > >And now, would-be customers aren't coming either, say Savoni and >Malesa. Since the law was enacted, Savoni has seen an estimated 10 >percent drop in business. > >"So many people who come in here ask 'why?' and then they just >leave," Savoni says. > >Most tourists who wander in from the streets, he explains, leave >their passports at home or are discouraged when asked to sign a >security disclaimer. > >Savoni says the new law violates his privacy, comparing it to >America's antiterrorism law that allows authorities to monitor >Internet use without notifying the person in question. > >"It is a control system like America's Patriot Act," he says. > >Groups like the American Civil Liberties Union have criticized the >Patriot Act because it permits the government to ask libraries for a >list of books someone has borrowed or the websites they have visited. > >Under Italy's new antiterror legislation, only those who are on a >black list for terrorist connections are in danger of having their e- >mails read, according to the government official. > >Interior Minister Giuseppe Pisanu has declared Italy will stop at >nothing to fight terror. > >"I will continue to prioritize action to monitor the length and >breadth of the country, without ever underestimating reasonably >reliable reports of specific threats," said Mr. Pisanu in a Sept. 29 >interview with Finmeccanica Magazine. Pisanu has also called for >developing sophisticated technology to combat terror on Italian soil. > >"There is no doubt that, to achieve maximum efficiency, we need the >support of the best technological applications," Pisanu affirmed. > >As a result, Pisanu has formed the Strategic Anti-terrorism Analysis >Committee, which aims to examine and take action against all terror >threats. > >Due to new measures, more than 25 Islamic extremists were arrested on >Italian soil in 2005, according to the Interior Ministry. The >ministry also reported that they are conducting "rigorous >surveillance" of high-risk areas of terrorist activity and over >13,000 strategic locations in Italy. On Aug. 12 and 13 alone, a >reported 32,703 checks were carried out on suspicious individuals. > >Despite the inconvenience, most Italians seem relatively unfazed by >the law. > >"If I am not doing anything wrong, fundamentally nothing is going to >happen to me," says Mauro Pallotta, a young artist, after checking >his e-mail at Savoni's cafe. > >URL: http://www.csmonitor.com/2005/1004/p07s01-woeu.htm > > >------------------------------------- >You are subscribed as eugen at leitl.org >To manage your subscription, go to > http://v2.listbox.com/member/?listname=ip > >Archives at: http://www.interesting-people.org/archives/interesting-people/ > >----- End forwarded message ----- >-- >Eugen* Leitl leitl >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.leitl.org >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which >had a name of signature.asc] From eugen at leitl.org Tue Oct 4 06:20:15 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 4 Oct 2005 15:20:15 +0200 Subject: [dave@farber.net: [IP] Italy requires logging of personal info at cybercafes] Message-ID: <20051004132015.GL2249@leitl.org> ----- Forwarded message from David Farber ----- From demonfighter at gmail.com Tue Oct 4 12:40:33 2005 From: demonfighter at gmail.com (Steve Furlong) Date: Tue, 4 Oct 2005 15:40:33 -0400 Subject: Just to make your life more paranoid:) Re: Surreptitious Tor Messages? In-Reply-To: <20051004191624.EFE821703F@mail.cypherpunks.to> References: <20051004175855.6A6D217033@mail.cypherpunks.to> <20051004191624.EFE821703F@mail.cypherpunks.to> Message-ID: <7d752ae30510041240m3b7a4346v225259430e0c2316@mail.gmail.com> On 10/4/05, gwen hastings wrote: > Troll Mode on: > TOR was originally developed as a result of CIA/NRL funding:) ... > BTW running TOR makes you very visible that you are running tor even as > a client.. its quite a noisy protocol Well, of course that "feature" is built in. The NSA wants to be able to easily find anyone who's running it. The noisy protocol has the added benefit of causing the network cable to emit lots of radiation, frying the brains of TOR users. The only defense is a hat made of flexible metal. -- There are no bad teachers, only defective children. From camera_lumina at hotmail.com Tue Oct 4 14:36:49 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 04 Oct 2005 17:36:49 -0400 Subject: Just to make your life more paranoid:) Re: Surreptitious Tor Messages? In-Reply-To: <7d752ae30510041240m3b7a4346v225259430e0c2316@mail.gmail.com> Message-ID: Steve Furlong wrote... >The noisy protocol has the added benefit of causing the network cable >to emit lots of radiation, frying the brains of TOR users. The only >defense is a hat made of flexible metal. More than that, I'd bet they engineered that noise to stimulate the very parts of the brain responsible for Wikipedia entries... -TD From dave at farber.net Tue Oct 4 15:19:18 2005 From: dave at farber.net (David Farber) Date: Tue, 4 Oct 2005 18:19:18 -0400 Subject: [IP] more on USG RFI for "metrics" on the 'terror war' Message-ID: Begin forwarded message: From roy at rant-central.com Tue Oct 4 17:14:56 2005 From: roy at rant-central.com (Roy M. Silvernail) Date: Tue, 04 Oct 2005 20:14:56 -0400 Subject: Surreptitious Tor Messages? In-Reply-To: <792ce4370510041138x47706ba5n77ba0b29083fc022@mail.gmail.com> References: <20051003135742.GV2249@leitl.org> <792ce4370510041138x47706ba5n77ba0b29083fc022@mail.gmail.com> Message-ID: <43431B00.8050503@rant-central.com> cyphrpunk wrote: >On 10/3/05, Tyler Durden wrote: > > >>Can anyone suggest a tool for checking to see if my Tor client is performing >>any surreptitious signaling? >> >> > >The Tor protocol is complicated and most of the data is encrypted. >You're not going to be able to see what's happening there. > > What about a trojan that phones home directly, then phones home when the Tor tunnel is set up, giving its owner a correlation between your True IP and Tor IP? Useful, in a black-hatted way? -- Roy M. Silvernail is roy at rant-central.com, and you're not "It's just this little chromium switch, here." - TFT SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com From eugen at leitl.org Tue Oct 4 12:17:57 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 4 Oct 2005 21:17:57 +0200 Subject: [cyphrpunk@gmail.com: Re: Hooking nym to wikipedia] Message-ID: <20051004191757.GB2249@leitl.org> ----- Forwarded message from cyphrpunk ----- From eugen at leitl.org Tue Oct 4 23:48:29 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 5 Oct 2005 08:48:29 +0200 Subject: [dave@farber.net: [IP] more on USG RFI for "metrics" on the 'terror war'] Message-ID: <20051005064829.GR2249@leitl.org> ----- Forwarded message from David Farber ----- From thomas at northernsecurity.net Wed Oct 5 14:20:14 2005 From: thomas at northernsecurity.net (Thomas Sj?gren) Date: Wed, 5 Oct 2005 23:20:14 +0200 Subject: Handbook for bloggers and cyber-dissidents Message-ID: Reporters Without Borders (Reporters sans fronti?res, RSF) has released a "Handbook for bloggers and cyber-dissidents": http://www.rsf.org/rubrique.php3?id_rubrique=542 Topics include: How to blog anonymously Technical ways to get around censorship Ensuring your e-mail is truly private Internet-censor world championship >From the chapter "How to blog anonymously": "Step five - Onion Routing through Tor [...] Given the complexity of the technology, Sarah is pleasantly surprised to discover how easy it is to install Tor, an onion routing system. She downloads an installer which installs Tor on her system, then downloads and installs Privoxy, a proxy that works with Tor and has the pleasant side benefit of removing most of the ads from the webpages Sarah views. After installing the software and restarting her machine, Sarah checks noreply.org and discovers that she is, in fact, successfully "cloaked" by the Tor system - noreply.org thinks shes logging on from Harvard University. She reloads, and now noreply thinks shes in Germany. From this she concludes that Tor is changing her identity from request to request, helping to protect her privacy. This has some odd consequences. When she uses Google through Tor, it keeps switching language on her. One search, its in English - another, Japanese. Then German, Danish and Dutch, all in the course of a few minutes. Sarah welcomes the opportunity to learn some new languages, but shes concerned about some other consequences. Sarah likes to contribute to Wikipedia, but discovers that Wikipedia blocks her attempts to edit articles when shes using Tor. Tor also seems to have some of the same problems Sarah was having with other proxies. Her surfing slows down quite a bit, as compared to surfing the web without a proxy - she finds that she ends up using Tor only when shes accessing sensitive content or posting to her blog. And shes once again tied to her home computer, since she cant install Tor on a public machine very easily. Most worrisome, though, she discovers that Tor sometimes stops working. Evidently, her ISP is starting to block some Tor routers - when Tor tries to use a blocked router, she can wait for minutes at a time, but doesnt get the webpage shes requested." -- ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Wed Oct 5 23:28:06 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 6 Oct 2005 08:28:06 +0200 Subject: [thomas@northernsecurity.net: Handbook for bloggers and cyber-dissidents] Message-ID: <20051006062806.GJ2249@leitl.org> ----- Forwarded message from Thomas Sj?gren ----- From extropy at unreasonable.com Thu Oct 6 10:53:10 2005 From: extropy at unreasonable.com (David Lubkin) Date: Thu, 06 Oct 2005 13:53:10 -0400 Subject: [extropy-chat] Worldwide SOS system Message-ID: Kevin Freels wrote: >This is a nice, productive thread, but one thing in missing - >infrastructure. When my father was building mini-RPVs in our living room in the 1970's for the Israelis, he was also figuring out how to use them. Low-cost was inherent in his concept. He could turn a profit selling them for a few thousand each. They were essentially light-weight wooden planes powered by lawn mower engines, and could heft a 75 kg payload. As the ideas morphed into Pentagon procurement, the vehicle requirements became gold-plated, and the price tag went up 200x or more. I haven't looked at the specifics of the current generation of drones to see how useful the add-on requirements are, but there's clearly great value in having many thousands of throw-away drones. The simplest warfare use is to carry 75 kg of explosives, fly around until you spot something more valuable, and then crash into it. The sticky point for your enemy is that a SAM or AAM to shoot it down could itself cost more than the drone. There are also civilian uses that fold into our thread. There are many search and rescue scenarios where it is too dangerous to send a flight crew out, where one could instead load a drone with 75 kg of emergency supplies. Perhaps we could take the comm ideas and add an assistance component, a la a network of long-duration blimps that serve as airborne hangers for a drone fleet. Just add uniforms, jerky movement, and Lady Penelope, and we have an international rescue operation. -- David Lubkin. _______________________________________________ extropy-chat mailing list extropy-chat at lists.extropy.org http://lists.extropy.org/mailman/listinfo/extropy-chat ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From nickm at freehaven.net Thu Oct 6 11:51:09 2005 From: nickm at freehaven.net (Nick Mathewson) Date: Thu, 6 Oct 2005 14:51:09 -0400 Subject: TOR in Java? Message-ID: On Thu, Oct 06, 2005 at 08:21:20PM +0200, Oliver S. wrote: > I think that TOR-servers don't need to be that performant as their > usage is currently and will in future be very uncommon. So it would > be easier to deveop TOR in Java (or maybe even C#?). This would also > reduce the probability of security-issues like buffer-overflows (may- > be it would be even possible to go back the TOR-chain through chai- > ned buffer-overflows, i.e. BOs that go from one gate in the chain > from the previous). > What do you think of my idea. I think your idea is a fine one for somebody's spare time; we always need more implementations for the Tor protocol, and Java is a popular choice these days. You might want to start with the code from the Java Anon Proxy people; I don't know their current status here, but for a while, they had a working Tor *client* written in Java. Of course, a server is significantly more complicated, so there would be a lot more work. As for the performance issue: you are completely wrong about Tor servers not needing CPU; at reasonable bandwidth, the requirements are high. Fortunately, most of the CPU is used for AES, DH, and RSA, all of which any sane implementation will implement in native code, so one might stand a chance of having a compatible implementation of the Tor protocol written in a less performance critical language. In other words: if you want to clone Tor in Java, feel free! We look forward to your work. Note, however, that I keep talking about "compatible implementations" here. Tor is 49 thousand lines right now[1], and we're trying to strengthen incrementally it all the time. Throwing out the implementation that we've been working on for the last four years and starting again from scratch is not likely to work for us. As for the rest of this thread: language choice is a classical bike-shed problem[2]. Please, tread lightly, and consider whether what you're saying needs to be said. If you're worried about Java: there's no risk we'll switch the main Tor implementation to it in the foreseeable future. If you want Java: great, get some programmers together and bang out an implementation. [1] Tor has about 37.6 klines of code, and 11.4 klines of comments. [2] On bikesheds: http://www.unixguide.net/freebsd/faq/16.19.shtml yrs, -- Nick Mathewson ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From camera_lumina at hotmail.com Thu Oct 6 12:28:29 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 06 Oct 2005 15:28:29 -0400 Subject: [thomas@northernsecurity.net: Handbook for bloggers and cyber-dissidents] In-Reply-To: <20051006062806.GJ2249@leitl.org> Message-ID: There's also some very nice advice for nontechnical people about things like Mixmaster, checking IP addresses, and how to DO a lot of stuff making use of the tools that are out there. It's a great little book. Oh yeah...I think Gilmore wrote a section in it. -TD >From: Eugen Leitl >To: cypherpunks at jfet.org >Subject: [thomas at northernsecurity.net: Handbook for bloggers and >cyber-dissidents] >Date: Thu, 6 Oct 2005 08:28:06 +0200 > >----- Forwarded message from Thomas Sj?gren >----- > >From: Thomas Sj?gren >Date: Wed, 5 Oct 2005 23:20:14 +0200 >To: or-talk at freehaven.net >Subject: Handbook for bloggers and cyber-dissidents >User-Agent: Mutt/1.5.9i >Reply-To: or-talk at freehaven.net > >Reporters Without Borders (Reporters sans fronti?res, RSF) has >released a "Handbook for bloggers and cyber-dissidents": >http://www.rsf.org/rubrique.php3?id_rubrique=542 > >Topics include: > How to blog anonymously > Technical ways to get around censorship > Ensuring your e-mail is truly private > Internet-censor world championship > >From the chapter "How to blog anonymously": >"Step five - Onion Routing through Tor >[...] > >Given the complexity of the technology, Sarah is pleasantly surprised to >discover how easy it is to install Tor, an onion routing system. She >downloads an installer which installs Tor on her system, then downloads >and installs Privoxy, a proxy that works with Tor and has the pleasant >side benefit of removing most of the ads from the webpages Sarah views. > >After installing the software and restarting her machine, Sarah checks >noreply.org and discovers that she is, in fact, successfully "cloaked" >by the Tor system - noreply.org thinks shes logging on from Harvard >University. She reloads, and now noreply thinks shes in Germany. From >this she concludes that Tor is changing her identity from request to >request, helping to protect her privacy. > >This has some odd consequences. When she uses Google through Tor, it >keeps switching language on her. One search, its in English - another, >Japanese. Then German, Danish and Dutch, all in the course of a few >minutes. Sarah welcomes the opportunity to learn some new languages, but >shes concerned about some other consequences. Sarah likes to contribute >to Wikipedia, but discovers that Wikipedia blocks her attempts to edit >articles when shes using Tor. > >Tor also seems to have some of the same problems Sarah was having with >other proxies. Her surfing slows down quite a bit, as compared to >surfing the web without a proxy - she finds that she ends up using Tor >only when shes accessing sensitive content or posting to her blog. And >shes once again tied to her home computer, since she cant install Tor on >a public machine very easily. > >Most worrisome, though, she discovers that Tor sometimes stops working. >Evidently, her ISP is starting to block some Tor routers - when Tor >tries to use a blocked router, she can wait for minutes at a time, but >doesnt get the webpage shes requested." >-- > > > >----- End forwarded message ----- >-- >Eugen* Leitl leitl >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.leitl.org >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which >had a name of signature.asc] From eugen at leitl.org Thu Oct 6 11:53:28 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 6 Oct 2005 20:53:28 +0200 Subject: [nickm@freehaven.net: Re: TOR in Java?] Message-ID: <20051006185328.GG2249@leitl.org> ----- Forwarded message from Nick Mathewson ----- From jason at lunkwill.org Fri Oct 7 00:57:11 2005 From: jason at lunkwill.org (Jason Holt) Date: Fri, 7 Oct 2005 07:57:11 +0000 (UTC) Subject: Wikipedia proposal Message-ID: I just posted this to wikitech-l: There has been a lot of discussion lately on the or-talk list about how to let tor and other anonymizing proxy users edit wikipedia without allowing vandals free rein. Several straightforward approaches have been proposed, such as holding edits in escrow pending approval by a trusted user, and requiring anonymizing network users to login before posting. The latter idea in particular could easily be abused, since abusers can create a new account for each edit. Roger Dingledine, tor's author, suggested creating a pseudonym service using a cryptographic construction called blind signatures: http://www.rsasecurity.com/rsalabs/node.asp?id=2339 Basically, Alice can generate a token, mathematically blind it (obscuring its value), have it signed, then unblind the signature. Anyone can verify that the signature on the token is valid, but nobody, including the signer, can link the blinded value Alice had signed with her unblinded token. I implemented such a scheme which works as follows: * Alice creates and blinds a token, then submits it to a token server for signing. Optionally, the token server may have a list of IPs banned from wikipedia, and refuse to sign Alice's token if her IP is on the list. * The token server signs the blinded token, then records what IP address Alice used so that she can't obtain multiple tokens per IP address. Later, this will allow us to block Alice's IP address if she misbehaves, just as Wikipedia admins currently do, except that now it'll work even when she connects via tor. Token rationing could also be done based on other (more or less) scarce resources, including email addresses, captchas, CPU-intensive tasks or even money, just as I'm sure has been proposed for the vanilla wikipedia. The advantage of blind signatures is that tokens can be recorded and blocked without revealing the potentially sensitive underlying resource (such as a personal email address or IP address). * Alice can now turn on tor and present her token to wp, without revealing her actual IP address. This token takes the place of the IP address record currently stored along with article edits, and can be blacklisted just the same way that IPs are banned. * However, I implemented an intermediary step which has several advantages. Instead of presenting her token to wp, Alice generates an essentially empty client certificate and presents it via the tor network to a certificate authority (CA) for signing, along with the signed token. The CA records that the token has been "spent" (preventing her from receiving multiple certs per token), then signs her cert just as Verisign would sign a server SSL certificate. Since she connects via tor, the CA doesn't learn her real IP address. * Alice installs the client certificate in her browser, then connects to a special wp server running an SSL server that demands valid client certificates from our CA. That configuration takes only 4 lines in my apache-ssl server's httpd.conf. Apache automatically sets environment variables which identify the client certificate, and which can be used in place of the REMOTE_ADDR variable currently used to record users' incoming IP addresses when marking page edits. Blocking a client cert would then be just as easy as blocking an IP address. All of Alice's edits will be marked with that identifier unless she obtains a new IP address (or other scarce resource) and repeats the process to obtain another certificate. Later, features can optionally be added which will allow her to have separate identifiers for each edit (protecting her in case, say, her repressive government confiscates her computer in order to find out if she wrote a particular article they disagree with). I have already released code to implement this system, with the exception of the wp-specific code. I sent the proposal to both the or-talk lists and the cryptography list at metzdowd.com on Monday. Next I'd like your comments, before I dive into the mediawiki code (or find someone willing to help with this part). Once the feature is complete, we can set up a live test wiki for people to bang on, before we consider implementation on the live wp servers. -J ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Fri Oct 7 01:55:27 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 7 Oct 2005 10:55:27 +0200 Subject: [jason@lunkwill.org: Wikipedia proposal] Message-ID: <20051007085527.GQ2249@leitl.org> ----- Forwarded message from Jason Holt ----- From eyv at cs.umn.edu Fri Oct 7 13:07:23 2005 From: eyv at cs.umn.edu (Eugene Y. Vasserman) Date: Fri, 07 Oct 2005 15:07:23 -0500 Subject: Low-Cost Traffic Analysis of Tor Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi, Probabilistic guarantee is a timeliness guarantee - delivery is still guaranteed, but the time within which this delivery is made is not guaranteed. (We could provide a weaker guarantee - say, this will be delivered before the TCP session times out. However, a complex guarantee policy might introduce an unacceptable performance hit.) The point is that round-robin scheduling (as Tor does now) is too easy to predict. What I suggest does not require changing anything expect the mixing strategy (which right now is round-robin - no mixing at all). I still haven't had a chance to look at the mixing code to see if this could be done with low-enough overhead as to not be noticeable by end-users. I don't want to make the argument on the performance/penalty tradeoff yet because I'm hoping there won't be any significant performance hit. I suspect it's possible, and can only be determined through testing. I'll report on my progress, if and when when there is some. Thanks, Eugene Thus spake Paul Syverson: > Hi Andrei, > > Who is this from? > > Question from a two second glance, which is all I can spare at the > moment: probabilistic throughput guarantee? Does this imply > probabilistic guarantee of delivery? If so, you're talking UDP or > something not TCP in any case. In which case you're talking > substantial change from current Tor. Thus maybe an interesting design > theory suggestion, but something that will not be implementable in the > system for years if ever. > > Gotta run, > Paul > > > On Fri, Oct 07, 2005 at 08:08:27PM +0100, Andrei Serjantov wrote: >>> Greetings. Let me introduce myself. I'm a grad student and the U of MN >>> in computer science. I've been working on anonymous network systems. I >>> also had a chance to play with Tor, and read the "Low-Cost Traffic >>> Analysis of Tor" paper (mentioned below). >>> I have a general question: this may or may not decrease performance, but >>> wouldn't locking and/or randomizing bandwidth per flow through a Tor >>> server solve this problem? This attack seem comparable to a variant on >>> SSL (and general crypto) timing attacks. Similar solutions could be >>> applied. Also, since this attack relies on a malicious node being able >>> to estimate its flow's likely performance through an honest node at any >>> given time, Tor could apply a somewhat more complex mixing approach, >>> making this attack more difficult. I was thinking of something like >>> lottery scheduling, which is really easy to implement and, if done >>> right, will not impose any noticeable CPU overhead, and still provide >>> the same (albeit probabilistic, not deterministic) throughput guarantees >>> for every flow. Please let me know your thoughts. I will hopefully have >>> some time to spend implementing this in the near future, if there is a >>> consensus that some of these suggestions would help. >> Before you start hacking, I would advocate writing down your mixing >> strategy and trying to show (or at least argue) that what you are >> doing has a reasonable anonymity/performance tradeoff. It's probably >> worth sticking my nose out and saying that Tor does not really want to >> do any mixing for performance reasons -- lower performance means lower >> number of users and hence lower anonymity sets against weaker >> adversaries..... (hmm is this strictly true?? I suppose the anonymity >> set is the set of all people if you don't observe the entire network) >> >> A. - -- Eugene Y. Vasserman http://www.cs.umn.edu/~eyv/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFDRtV74S3hfPlRZlkRA6KaAJ9v64LJ5OrqA22POcfZGu7gBNtrBQCbBLJ4 ovdIV2Q1EDDKF5G2/Hv9Y3A= =0/lG -----END PGP SIGNATURE----- ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From arma at mit.edu Fri Oct 7 15:26:23 2005 From: arma at mit.edu (Roger Dingledine) Date: Fri, 7 Oct 2005 18:26:23 -0400 Subject: Tor 0.1.1.8-alpha is out Message-ID: This is the eighth development snapshot for the 0.1.1.x series. The main changes are that clients now use the new directory protocol, that servers that are tight on resources stop advertising their DirPort, and that we use OpenSSL's AES if it's available. http://tor.eff.org/download.html Changes in version 0.1.1.8-alpha - 2005-10-07 o New features (major): - Clients don't download or use the directory anymore. Now they download and use network-statuses from the trusted dirservers, and fetch individual server descriptors as needed from mirrors. See dir-spec.txt for all the gory details. - Be more conservative about whether to advertise our DirPort. The main change is to not advertise if we're running at capacity and either a) we could hibernate or b) our capacity is low and we're using a default DirPort. - Use OpenSSL's AES when OpenSSL has version 0.9.7 or later. o New features (minor): - Try to be smart about when to retry network-status and server-descriptor fetches. Still needs some tuning. - Stop parsing, storing, or using running-routers output (but mirrors still cache and serve it). - Consider a threshold of versioning dirservers (dirservers who have an opinion about which Tor versions are still recommended) before deciding whether to warn the user that he's obsolete. - Dirservers can now reject/invalidate by key and IP, with the config options "AuthDirInvalid" and "AuthDirReject". This is useful since currently we automatically list servers as running and usable even if we know they're jerks. - Provide dire warnings to any users who set DirServer; move it out of torrc.sample and into torrc.complete. - Add MyFamily to torrc.sample in the server section. - Add nicknames to the DirServer line, so we can refer to them without requiring all our users to memorize their IP addresses. - When we get an EOF or a timeout on a directory connection, note how many bytes of serverdesc we are dropping. This will help us determine whether it is smart to parse incomplete serverdesc responses. - Add a new function to "change pseudonyms" -- that is, to stop using any currently-dirty circuits for new streams, so we don't link new actions to old actions. Currently it's only called on HUP (or SIGNAL RELOAD). - On sighup, if UseHelperNodes changed to 1, use new circuits. - Start using RAND_bytes rather than RAND_pseudo_bytes from OpenSSL. Also, reseed our entropy every hour, not just at startup. And entropy in 512-bit chunks, not 160-bit chunks. o Fixes on 0.1.1.7-alpha: - Nobody ever implemented EVENT_ADDRMAP for control protocol version 0, so don't let version 0 controllers ask for it. - If you requested something with too many newlines via the v1 controller protocol, you could crash tor. - Fix a number of memory leaks, including some pretty serious ones. - Re-enable DirPort testing again, so Tor servers will be willing to advertise their DirPort if it's reachable. - On TLS handshake, only check the other router's nickname against its expected nickname if is_named is set. o Fixes forward-ported from 0.1.0.15: - Don't crash when we don't have any spare file descriptors and we try to spawn a dns or cpu worker. - Make the numbers in read-history and write-history into uint64s, so they don't overflow and publish negatives in the descriptor. o Fixes on 0.1.0.x: - For the OS X package's modified privoxy config file, comment out the "logfile" line so we don't log everything passed through privoxy. - We were whining about using socks4 or socks5-with-local-lookup even when it's an IP in the "virtual" range we designed exactly for this case. - We were leaking some memory every time the client changes IPs. - Never call free() on tor_malloc()d memory. This will help us use dmalloc to detect memory leaks. - Check for named servers when looking them up by nickname; warn when we'recalling a non-named server by its nickname; don't warn twice about the same name. - Try to list MyFamily elements by key, not by nickname, and warn if we've not heard of the server. - Make windows platform detection (uname equivalent) smarter. - It turns out sparc64 doesn't like unaligned access either. ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Fri Oct 7 13:12:10 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 7 Oct 2005 22:12:10 +0200 Subject: [extropy@unreasonable.com: Re: [extropy-chat] Worldwide SOS system] Message-ID: <20051007201210.GA12349@leitl.org> ----- Forwarded message from David Lubkin ----- From eugen at leitl.org Fri Oct 7 13:14:42 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 7 Oct 2005 22:14:42 +0200 Subject: [eyv@cs.umn.edu: Re: Low-Cost Traffic Analysis of Tor] Message-ID: <20051007201442.GY2249@leitl.org> ----- Forwarded message from "Eugene Y. Vasserman" ----- From eugen at leitl.org Sat Oct 8 00:56:57 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 8 Oct 2005 09:56:57 +0200 Subject: [arma@mit.edu: Tor 0.1.1.8-alpha is out] Message-ID: <20051008075657.GB2249@leitl.org> ----- Forwarded message from Roger Dingledine ----- From rah at shipwright.com Sat Oct 8 14:01:25 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Sat, 8 Oct 2005 17:01:25 -0400 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems Message-ID: --- begin forwarded text From: iang at iang.org To: undisclosed-recipients: ; Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems Sender: fc-discuss-admin at ifca.ai Date: Sat, 8 Oct 2005 18:30:56 +0100 (BST) (( Financial Cryptography Update: On Digital Cash-like Payment Systems )) October 08, 2005 ------------------------------------------------------------------------ https://www.financialcryptography.com/mt/archives/000561.html ------------------------------------------------------------------------ Just presented at ICETE2005 by Daniel Nagy: http://www.epointsystem.org/~nagydani/ICETE2005.pdf ===8<=========8<============== Abstract. In present paper a novel approach to on-line payment is presented that tackles some issues of digital cash that have, in the author s opinion, contributed to the fact that despite the availability of the technology for more than a decade, it has not achieved even a fraction of the anticipated popularity. The basic assumptions and requirements for such a system are revisited, clear (economic) objectives are formulated and cryptographic techniques to achieve them are proposed. Introduction. Chaum et al. begin their seminal paper (D. Chaum, 1988) with the observation that the use of credit cards is an act of faith on the part of all concerned, exposing all parties to fraud. Indeed, almost two decades later, the credit card business is still plagued by all these problems and credit card fraud has become a major obstacle to the normal development of electronic commerce, but digital cash-like payment systems similar to those proposed (and implemented) by D. Chaum have never become viable competitors, let alone replacements for credit cards or paper-based cash. One of the reasons, in the author s opinion, is that payment systems based on similar schemes lack some key characteristics of paper-based cash, rendering them economically infeasible. Let us quickly enumerate the most important properties of cash: 1. "Money doesn't smell." Cash payments are -- potentially -- _anonymous_ and untraceable by third parties (including the issuer). 2. Cash payments are final. After the fact, the paying party has no means to reverse the payment. We call this property of cash transactions _irreversibility_. 3. Cash payments are _peer-to-peer_. There is no distinction between merchants and customers; anyone can pay anyone. In particular, anybody can receive cash payments without contracts with third parties. 4. Cash allows for "acts of faith" or _naive transactions_. Those who are not familiar with all the antiforgery measures of a particular banknote or do not have the necessary equipment to verify them, can still transact with cash relying on the fact that what they do not verify is nonetheless verifiable in principle. 5. The amount of cash issued by the issuing authority is public information that can be verified through an auditing process. The payment system proposed in (D. Chaum, 1988) focuses on the first characteristic while partially or totally lacking all the others. The same holds, to some extent, for all existing cash-like digital payment systems based on untraceable blind signatures (Brands, 1993a; Brands, 1993b; A. Lysyanskaya, 1998), rendering them unpractical. ... [bulk of paper proposes a new system...] Conclusion. The proposed digital payment system is more similar to cash than the existing digital payment solutions. It offers reasonable measures to protect the privacy of the users and to guarantee the transparency of the issuer s operations. With an appropriate business model, where the provider of the technical part of the issuing service is independent of the financial providers and serves more than one of the latter, the issuer has sufficient incentives not to exploit the vulnerability described in 4.3, even if the implementation of the cryptographic challenge allowed for it. This parallels the case of the issuing bank and the printing service responsible for printing the banknotes. The author believes that an implementation of such a system would stand a better chance on the market than the existing alternatives, none of which has lived up to the expectations, precisely because it matches paper-based cash more closely in its most important properties. Open-source implementations of the necessary software are being actively developed as parts of the ePoint project. For details, please see http://sf.net/projects/epoint =====>8=========>8===== -- Powered by Movable Type Version 2.64 http://www.movabletype.org/ _______________________________________________ fc-discuss mailing list fc-discuss at ifca.ai http://mail.ifca.ai/mailman/listinfo/fc-discuss --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From AbelHilliardaffluence at hotelhb.com Sat Oct 8 20:58:28 2005 From: AbelHilliardaffluence at hotelhb.com (Florence Hargrove) Date: Sun, 09 Oct 2005 07:58:28 +0400 Subject: valium fate Message-ID: <203212032200.55751.casey@outbacklinux.com> Hello, As a valued customer, we provide you with occassional information and updates. Our records indicate that you may be in need of a refill. We hope that you will once again, give us the opportunity to offer you a great selection of meds, low prices, and superior customer care. If you would like to place an order or browse our current products and specials, please visit the link below: http://www.sickmate.info/?a2fb9a415e74deS9cdee919d78Sa6a7d Yours Truly, Florence Hargrove Customer Care Specialist breastwork you cremate me, osmium . climb you caputo me, muscovite eke . divisible you chine me, book anvil . crackpot you bamberger me, implantation . http://www.sickmate.info/fgh.php From GuadalupeChanwestinghouse at broddle.karoo.co.uk Sun Oct 9 12:35:47 2005 From: GuadalupeChanwestinghouse at broddle.karoo.co.uk (Trudy Hadley) Date: Sun, 09 Oct 2005 20:35:47 +0100 Subject: ambien sachem Message-ID: <3DF4FB83.75004@ubp.edu.ar> Xanax and other drugs with wholesale prices. You wont find better prices anywhere! Xanax - 60 Pills - 199$ Ambien - 60 Pills - 190$ Ultram - 60 PilIs - 85$ Viagra - 150 Pills - 269$ Valium - 180 Pills - 370$ Soma - 80 Pills - 79$ Please click below and check out our offer. http://www.sickmate.info/?75093a330b5e42Sc50fd870641b6Sf01 periphrastic you fracture me, lick typeset . rapture you double me, respiration . keno you cumulate me, matchmake annuity nocturnal burglary . deliquescent you umbilici me, fragrant progenitor patriarchal . detonable you algol me, original quadrennial linseed . amputate you dole me, marionette . http://www.accup.info/fgh.php From eugen at leitl.org Mon Oct 10 06:33:49 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 10 Oct 2005 15:33:49 +0200 Subject: /. [You Need Not Be Paranoid To Fear RFID] Message-ID: <20051010133349.GN2249@leitl.org> Link: http://slashdot.org/article.pl?sid=05/10/10/0643235 Posted by: Zonk, on 2005-10-10 10:32:00 An anonymous reader writes "A story at the Boston Globe [1]covers extensive privacy abuses involving RFID." From the article: "Why is this so scary? Because so many of us pay for our purchases with credit or debit cards, which contain our names, addresses, and other sensitive information. Now imagine a store with RFID chips embedded in every product. At checkout time, the digital code in each item is associated with our credit card data. From now on, that particular pair of shoes or carton of cigarettes is associated with you. Even if you throw them away, the RFID chips will survive. Indeed, Albrecht and McIntyre learned that the phone company BellSouth Corp. had applied for a patent on a system for scanning RFID tags in trash, and using the data to study the shopping patterns of individual consumers." I think they may be going a little overboard with their stance, but it's always interesting to talk about. References 1. http://www.boston.com/business/globe/articles/2005/10/10/you_need_not_be_para noid_to_fear_rfid?mode=PF ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Mon Oct 10 12:01:36 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 10 Oct 2005 21:01:36 +0200 Subject: [sam@neurogrid.com: [p2p-hackers] Workshop on Dependable and Sustainable Peer-to-Peer Systems] Message-ID: <20051010190136.GC2249@leitl.org> ----- Forwarded message from Sam Joseph ----- From sam at neurogrid.com Mon Oct 10 11:53:51 2005 From: sam at neurogrid.com (Sam Joseph) Date: Tue, 11 Oct 2005 03:53:51 +0900 Subject: [p2p-hackers] Workshop on Dependable and Sustainable Peer-to-Peer Systems Message-ID: [CALL FOR PAPERS] The First International Workshop on Dependable and Sustainable Peer-to-Peer Systems (DAS-P2P 2006) is the first workshop which focuses on dependability and sustainability of P2P systems, with respect to their designs, operations, applications and social impacts. Peer-to-Peer (P2P) can be a promising technology on which we can depend lives of ours and our children, upon which we can build sustainable societies. Designs of P2P systems are characterized by their usage of overlay networks such that there is symmetry in the roles among participants. This implies distribution of authorities, not only preventing introduction of single points of failure, but also assuring a level of autonomy which allows many of us to spontaneously start, maintain, or recover from failures of, such systems. Although difficulties exist, such as uncertainty in the trust among participants, one needs to be aware that such difficulties are, in many parts, due to our own human nature; depending on P2P is, in fact and literally, depending on ourselves and our friends, which seem to be the only ones we can trust anyway, when it comes to our own survival. The goal of this workshop is to share experiences, insights and new ideas, and set forth research agendas and suggestive future directions by collaborations among researchers with different disciplines and with similar interests toward dependability and sustainability. The following is a non-exhaustive list of relevant topics: ** Designs and operations of dependable and sustainable P2P systems - Self-organization and emergence - Attack-resistance - Fault tolerance - Sustainable operations - Sustainable mutual trust - Sustainable reciprocal relationships ** Applications and social impacts of dependable and sustainable P2P systems - Sustainable economy - Sustainable governance - Sustainable lifestyles - Rescue activities - Post-catastrophic recovery - Tackling environmental problems The program of the workshop will be a combination of invited talks, paper presentations and discussions. [SUBMISSION INSTRUCTIONS] The workshop invites your contributions of previously unpublished papers, which will be selected based on their originality, technical merit and topical relevance. Papers will also be selected by the likelihood that they will lead to interesting and fruitful discussions at the workshop. Your contributions should be formatted acoording to the IEEE Computer Society Press Proceedings Author Guidelines: 10-point Times, single-spaced, two-column format (see http://www.tinmith.net/tabletop2006/IEEE/Format/instruct.htm for detail). Each of your contributions should not exceed 8 pages. See the workshop web site (http://das-p2p.wide.ad.jp/) for the submission procedure. [PUBLICATION] Proceedings of the workshop will be published by IEEE Computer Society Press. [IMPORTANT DATES] Paper submission due: December 4th, 2005 Notification of acceptance: January 15th, 2006 Camera-ready copies due: February 1st, 2006 Author registration due: February 1st, 2006 Workshop: April 20th-22nd, 2006 (exact date is to be decided) [REGISTRATION] Workshop registration will be handled by the ARES 2006 organization along with the main conference registration. [ORGANIZING COMMITTEE] Program co-chairs: Yusuke Doi Communication Platform Laboratory, Corporate R&D Center, TOSHIBA Corporation 1 Komukai-Toshiba-Cho, Saiwai-Ku, Kawasaki Kanagawa 212-8582 Japan Youki Kadobayashi Graduate School of Information Science Nara Institute of Science and Technology Takayama 8916-5, Ikoma Nara 630-0192 Japan Kenji Saito (main contact) Graduate School of Media and Governance Keio University 5322 Endo, Fujisawa Kanagawa 252-8520 Japan ks91 at sfc.wide.ad.jp [PROGRAM COMMITTEE] See the workshop web site (http://das-p2p.wide.ad.jp/). ----- _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rabbi at abditum.com Tue Oct 11 12:10:22 2005 From: rabbi at abditum.com (Len Sassaman) Date: Tue, 11 Oct 2005 12:10:22 -0700 (PDT) Subject: CodeCon 2006 Call For Papers Message-ID: CodeCon 2006 February 10-12, 2006 San Francisco CA, USA www.codecon.org Call For Papers CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community. All presentations must include working demonstrations, ideally accompanied by source code. Presentations must be done by one of the active developers of the code in question. We emphasize that demonstrations be of *working* code. We hereby solicit papers and demonstrations. * Papers and proposals due: December 15, 2005 * Authors notified: January 1, 2006 Possible topics include, but are by no means restricted to: * community-based web sites - forums, weblogs, personals * development tools - languages, debuggers, version control * file sharing systems - swarming distribution, distributed search * security products - mail encryption, intrusion detection, firewalls Presentations will be 45 minutes long, with 15 minutes allocated for Q&A. Overruns will be truncated. Submission details: Submissions are being accepted immediately. Acceptance dates are November 15, and December 15. After the first acceptance date, submissions will be either accepted, rejected, or deferred to the second acceptance date. The conference language is English. Ideally, demonstrations should be usable by attendees with 802.11b connected devices either via a web interface, or locally on Windows, UNIX-like, or MacOS platforms. Cross-platform applications are most desirable. Our venue will be 21+. To submit, send mail to submissions-2006 at codecon.org including the following information: * Project name * url of project home page * tagline - one sentence or less summing up what the project does * names of presenter(s) and urls of their home pages, if they have any * one-paragraph bios of presenters, optional, under 100 words each * project history, under 150 words * what will be done in the project demo, under 200 words * slides to be shown during the presentation, if applicable * future plans General Chair: Jonathan Moore Program Chair: Len Sassaman Program Committee: * Bram Cohen, BitTorrent, USA * Jered Floyd, Permabit, USA * Ian Goldberg, Zero-Knowledge Systems, CA * Dan Kaminsky, Avaya, USA * Ben Laurie, The Bunker Secure Hosting, UK * Nick Mathewson, The Free Haven Project, USA * David Molnar, University of California, Berkeley, USA * Jonathan Moore, Mosuki, USA * Meredith L. Patterson, University of Iowa, USA * Len Sassaman, Katholieke Universiteit Leuven, BE Sponsorship: If your organization is interested in sponsoring CodeCon, we would love to hear from you. In particular, we are looking for sponsors for social meals and parties on any of the three days of the conference, as well as sponsors of the conference as a whole and donors of door prizes. If you might be interested in sponsoring any of these aspects, please contact the conference organizers at codecon-admin at codecon.org. Press policy: CodeCon provides a limited number of passes to qualifying press. Complimentary press passes will be evaluated on request. Everyone is welcome to pay the low registration fee to attend without an official press credential. Questions: If you have questions about CodeCon, or would like to contact the organizers, please mail codecon-admin at codecon.org. Please note this address is only for questions and administrative requests, and not for workshop presentation submissions. From mark at awe.com Tue Oct 11 04:20:20 2005 From: mark at awe.com (Mark J Cox) Date: Tue, 11 Oct 2005 12:20:20 +0100 (BST) Subject: [ANNOUNCE] OpenSSL version 0.9.8a and 0.9.7h released Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL version 0.9.8a and 0.9.7h released ========================================== OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.8a of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release and incorporates changes and bugfixes to the toolkit. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. We also release 0.9.7h, which contains the same security bugfix as 0.9.8a and a few small bugfixes compared to 0.9.7g. These updates contain a fix for CAN-2005-2969, a potential SSL 2.0 rollback reported by Yutaka Oiwa. For more details of the security issue being fixed in this release please see http://www.openssl.org/news/secadv_20051011.txt We consider OpenSSL 0.9.8a to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.8a is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ For those who want or have to stay with the 0.9.7 series of OpenSSL, we strongly recommend that you upgrade to OpenSSL 0.9.7h as soon as possible. It's available in the same location as 0.9.8a. The distribution file names are: * openssl-0.9.8a.tar.gz MD5 checksum: 1d16c727c10185e4d694f87f5e424ee1 SHA1 checksum: 2aaba0f728179370fb3e86b43209205bc6c06a3a * openssl-0.9.7h.tar.gz MD5 checksum: 8dc90a113eb8925795071fbe52b2932c SHA1 checksum: 9fe535fce89af967b29c4727dedd25f2b4cc2f0d The checksums were calculated using the following commands: openssl md5 openssl-0.9.*.tar.gz openssl sha1 openssl-0.9.*.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Nils Larsch Ulf M?ller Ralf S. Engelschall Ben Laurie Andy Polyakov Dr. Stephen Henson Richard Levitte Geoff Thorpe Lutz J?nicke Bodo M?ller -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iQCVAwUBQ0uaXu6tTP1JpWPZAQKXyAP/V6xGTooFL52d9Ep0qd0DDaZCSHlukk48 DWljg3EY9QF9BfzLVB1BDbLNuHAyYpeAEjvte4kwHV1vWvAoiabV+XMx8kuoRTxi O+8NLOeOc1hilC0hLDYfM+XPq5k9dPiOfQvYpnqiwnr/TnwSBh11D+EEcoZlQToE a6qRMTC3mAM= =bwJD -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev at openssl.org Automated List Manager majordomo at openssl.org ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Tue Oct 11 04:31:10 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 11 Oct 2005 13:31:10 +0200 Subject: [mark@awe.com: [ANNOUNCE] OpenSSL version 0.9.8a and 0.9.7h released] Message-ID: <20051011113110.GY2249@leitl.org> ----- Forwarded message from Mark J Cox ----- From mv at cdc.gov Tue Oct 11 14:35:34 2005 From: mv at cdc.gov (Major Variola (ret.)) Date: Tue, 11 Oct 2005 14:35:34 -0700 Subject: test Message-ID: <434C3026.EE0F8024@cdc.gov> ignore From rah at shipwright.com Tue Oct 11 12:41:15 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 11 Oct 2005 15:41:15 -0400 Subject: [Clips] [p2p-hackers] CodeCon 2006 Call For Papers Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Tue, 11 Oct 2005 15:40:00 -0400 To: "Philodox Clips List" From: "R.A. Hettinga" Subject: [Clips] [p2p-hackers] CodeCon 2006 Call For Papers Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com --- begin forwarded text Delivered-To: p2p-hackers at zgp.org Date: Tue, 11 Oct 2005 12:10:28 -0700 (PDT) From: Len Sassaman To: p2p-hackers at zgp.org Subject: [p2p-hackers] CodeCon 2006 Call For Papers Reply-To: "Peer-to-peer development." Sender: p2p-hackers-bounces at zgp.org CodeCon 2006 February 10-12, 2006 San Francisco CA, USA www.codecon.org Call For Papers CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community. All presentations must include working demonstrations, ideally accompanied by source code. Presentations must be done by one of the active developers of the code in question. We emphasize that demonstrations be of *working* code. We hereby solicit papers and demonstrations. * Papers and proposals due: December 15, 2005 * Authors notified: January 1, 2006 Possible topics include, but are by no means restricted to: * community-based web sites - forums, weblogs, personals * development tools - languages, debuggers, version control * file sharing systems - swarming distribution, distributed search * security products - mail encryption, intrusion detection, firewalls Presentations will be 45 minutes long, with 15 minutes allocated for Q&A. Overruns will be truncated. Submission details: Submissions are being accepted immediately. Acceptance dates are November 15, and December 15. After the first acceptance date, submissions will be either accepted, rejected, or deferred to the second acceptance date. The conference language is English. Ideally, demonstrations should be usable by attendees with 802.11b connected devices either via a web interface, or locally on Windows, UNIX-like, or MacOS platforms. Cross-platform applications are most desirable. Our venue will be 21+. To submit, send mail to submissions-2006 at codecon.org including the following information: * Project name * url of project home page * tagline - one sentence or less summing up what the project does * names of presenter(s) and urls of their home pages, if they have any * one-paragraph bios of presenters, optional, under 100 words each * project history, under 150 words * what will be done in the project demo, under 200 words * slides to be shown during the presentation, if applicable * future plans General Chair: Jonathan Moore Program Chair: Len Sassaman Program Committee: * Bram Cohen, BitTorrent, USA * Jered Floyd, Permabit, USA * Ian Goldberg, Zero-Knowledge Systems, CA * Dan Kaminsky, Avaya, USA * Ben Laurie, The Bunker Secure Hosting, UK * Nick Mathewson, The Free Haven Project, USA * David Molnar, University of California, Berkeley, USA * Jonathan Moore, Mosuki, USA * Meredith L. Patterson, University of Iowa, USA * Len Sassaman, Katholieke Universiteit Leuven, BE Sponsorship: If your organization is interested in sponsoring CodeCon, we would love to hear from you. In particular, we are looking for sponsors for social meals and parties on any of the three days of the conference, as well as sponsors of the conference as a whole and donors of door prizes. If you might be interested in sponsoring any of these aspects, please contact the conference organizers at codecon-admin at codecon.org. Press policy: CodeCon provides a limited number of passes to qualifying press. Complimentary press passes will be evaluated on request. Everyone is welcome to pay the low registration fee to attend without an official press credential. Questions: If you have questions about CodeCon, or would like to contact the organizers, please mail codecon-admin at codecon.org. Please note this address is only for questions and administrative requests, and not for workshop presentation submissions. _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From MitchelKauffmantrinket at neu-nta.com Tue Oct 11 18:43:21 2005 From: MitchelKauffmantrinket at neu-nta.com (Christa Reynolds) Date: Tue, 11 Oct 2005 21:43:21 -0400 Subject: Xanax - get it here warden Message-ID: <221212032200.31651.casey@outbacklinux.com> Xanax and other drugs with wholesale prices. You wont find better prices anywhere! Xanax - 60 Pills - 199$ Ambien - 60 Pills - 190$ Ultram - 60 PilIs - 85$ Viagra - 150 Pills - 269$ Valium - 180 Pills - 370$ Soma - 80 Pills - 79$ Please click below and check out our offer. http://www.tvcup.info/?f65f6341Sb59bef118a280457133Se37 rigorous you sandpiper me, han eardrum cheesy . memento you abhorrent me, ah . less you brochure me, conceit bromide . sandstone you moat me, dolphin . eclat you obsolescent me, cockroach eleventh clump pablo . http://www.cupso.info/fgh.php From tortalk+Steven.Murdoch at cl.cam.ac.uk Tue Oct 11 15:26:10 2005 From: tortalk+Steven.Murdoch at cl.cam.ac.uk (Steven J. Murdoch) Date: Tue, 11 Oct 2005 23:26:10 +0100 Subject: Software from "Low-Cost Traffic Analysis of Tor" Message-ID: Some of you might have read the paper "Low-Cost Traffic analysis of Tor"[1], by myself and George Danezis. I have now released the code I used to run these experiments, in case it will help any future research. For more information, and to download the code, see: http://www.cl.cam.ac.uk/users/sjm217/projects/anon/#torta If you have any comments, suggestions or questions, please let me know. Thanks, Steven Murdoch. [1] http://www.cl.cam.ac.uk/users/sjm217/papers/oakland05torta.pdf -- w: http://www.cl.cam.ac.uk/users/sjm217/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Wed Oct 12 00:04:03 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 12 Oct 2005 09:04:03 +0200 Subject: [tortalk+Steven.Murdoch@cl.cam.ac.uk: Software from "Low-Cost Traffic Analysis of Tor"] Message-ID: <20051012070403.GA2249@leitl.org> ----- Forwarded message from "Steven J. Murdoch" ----- From schoen at loyalty.org Wed Oct 12 09:49:39 2005 From: schoen at loyalty.org (Seth David Schoen) Date: October 12, 2005 9:49:39 PM EDT Subject: [IP] more on Location tracking -- for people, products, Message-ID: places -- is fast coming into its own / It's 11 o'clock. Do you know where your _______ is? David Farber writes: >Begin forwarded message: > >From: Dennis Crowley >Date: October 12, 2005 3:37:56 PM EDT >To: dave at farber.net >Subject: Re: [IP] Location tracking -- for people, products, places >-- is fast coming into its own / It's 11 o'clock. Do you know where >your _______ is? > > > >>Location enabled and mobile computing have been watchwords for such >>a long time, it's >>nice to be using something that actually makes use of these ideas >>and to see what >>the accidental or deliberate social implications are. >> > >hi dave - > >saw the post about Plazes and wanted to send this along as well. >for the past few years, i've been working on location-based social >software for mobile devices - we've build a product called >"dodgeball" which allows people to set up a list of friends online >and then use their mobile phone to broadcast their whereabouts to >friends via text messaging. once dodgeball knows of your location, >it will look at all the other users who have "checked-in" nearby to >see if it can match you up with a nearby friend-of-friend or someone >from your "crush list". > These services are cool (and suddenly wildly popular, although more so overseas than here in the U.S.), but (much like Google Search) they are presenting a huge target for subpoenas because they typically collect and retain a tremendous amount of juicy personal information about their users. Researchers have worked on location-based services that don't require giving presence information to a central server; there seem to be two operational obstacles and one business obstacle to this. The operational obstacles are the greater network capacity and device intelligence requirements for privacy-protective location-based services (because you have to send a lot more data to the client, because you can't decide for the client in advance which information is going to be relevant because you don't know where the client is). For instance, an ideally privacy-protective service would tell a client about friends who are "checked-in" in every city in the world, because the service would deliberately have avoided learning what city the client was located in (and indeed deliberately not have interpreted the meaning of the friends' check-in information). The client would use its own knowledge of its own location to decide which friends were local and then to display that information to the user. That's more redundant communications that have to be sent to the client, and more work that has to be done, but as a result intermediaries will learn less about who is where. The business problem is that many location-based services developers realize that they can make more money if they know where their customers are. They can sell unblockable location-based ads or tie-ins to auxiliary services, or they can reduce their implementation costs. More to the point, it's difficult to compete based on privacy when one location-based service that tries to do the right thing and not know its subscribers' detailed movements for every moment of subscribers' lives risks being undercut by competitors who have no qualms about this. Hence, there is a prospect of a race to the bottom, with every location-based service ending up getting and potentially archiving as-precise-as-possible presence information for every subscriber. If people are committed to deploying services that rely on server-side knowledge of subscriber locations -- because they want to optimize for something other than privacy -- there are still two practical issues to consider. First, there's a trade-off between implementation efficiency and precision of geographical knowledge. If a client deliberately makes its reported location fuzzy, the service can send somewhat more information than strictly necessary while still not sending an unlimited amount of information. Here are a few points along the continuum: (1) The client says "I'm somewhere in the world"; the server says "OK, here are maps of every city in the world and the encrypted locations of all your friends everywhere in the world". The client then picks out the map and the friends' locations that it concludes are relevant. (If and when we have the communications capacity, this is the ideal for subscriber privacy; the intermediary _does not have to know anyone's location at all_.) (2) The client says "I'm in New York City"; the server says, "OK, here is a map of all of New York City, and the locations of all your friends who told me that they were in New York City". The client then picks out the region of the map that's relevant and displays the locations of friends who appear to be nearby. (3) The client says "I'm on the Upper West Side in New York"; the server says, "OK, here is a map of the Upper Wide Side, and the locations of all your friends in that neighborhood"; the client again displays the subset that it finds relevant. (4) The client says "I'm on the east side of Broadway between 93rd and 94th"; the server says "Your friend Josephine is on Broadway between 94th and 95th; your friend Sam is on Amsterdam Avenue between 92nd and 93rd; your friend Kate is headed west from Central Park; your friend Jim just walked out of the building across the street, take a look!". If people developing these applications are willing to go a little more coarse-grained than what they have the _ability_ to do, privacy will be better protected. Second, there's the question of how long information is retained. If it's retained as long as possible, it's a greater temptation for subpoenas, and a virtual certainty that these subpoenas will eventually become routine -- for law enforcement, divorce, child custody, employment and worker's compensation litigation, and probably other things we haven't thought of yet. Not to mention the traditional risks that it will be stolen, or that some successor-in-interest, in dire financial straits, will decide to sell it off to the highest bidder. It takes an effort to overcome the temptation to keep things forever, but a data-retention policy would do a lot to protect privacy here. -- Seth David Schoen | This is a new focus for the security http://www.loyalty.org/~schoen/ | community. The actual user of the PC http://vitanuova.loyalty.org/ | [...] is the enemy. | -- David Aucsmith, IDF 1999 ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From brianwc at ocf.berkeley.edu Wed Oct 12 18:26:58 2005 From: brianwc at ocf.berkeley.edu (Brian C) Date: Wed, 12 Oct 2005 18:26:58 -0700 Subject: Interoperating with p2p traffic Message-ID: Hi, Matt Thorne wrote: >That isn't a bad Idea, and possibly something that They (with help >ofcourse :-) could build into their P2P software. Probably not a bad >thing for them to lookinto just for their own use, not because We ask >them to, but becuase that would really mess with the heads of the people >at (Insert 4 letter accronym here). > >question: > >how do the people who feel posesive towards tor think about this idea? > >-=Matt=- > >On 10/12/05, *Arrakistor* wrote > What if we designated some type of tor family specifically for p2p > content, and coordinated with the software developers? > If an anonymizing service based on Tor were integrated into some p2p project or if a fork of Tor were to devote itself to serving p2p, then that should only be encouraged by the current Tor community if 1. It didn't take away any current tor servers or tor resources. 2. It used another name and was clearly its own standalone effort. The reason for 1 is obvious. If the point is to make Tor more usable, then we shouldn't support a migration of its resources elsewhere. The reason for 2 should also be obvious. Tor is a neutral technology that allows privacy. Some people use their privacy for uses we want to support; others for uses we wish they wouldn't engage in. But, if something were called "Tor" and were devoted to p2p traffic then it would taint the whole Tor project. Don't get me wrong. p2p also has legitimate uses. But in the current climate anything remotely associated with file-sharing is assumed to be illegal. Let's not let that shadow be cast upon Tor. It has enough reputational problems already. Also, Tor is open source. If someone wants to take the code and change it to use their own farm of servers exclusively for p2p traffic then there's nothing the Tor community can do to stop them. I'm not suggesting we should try to stop them. Rather, I'm suggesting we insist that if someone does do that, then they should not call it "Tor" or anything confusingly similar. Brian ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From jason at lunkwill.org Wed Oct 12 18:17:09 2005 From: jason at lunkwill.org (Jason Holt) Date: Thu, 13 Oct 2005 01:17:09 +0000 (UTC) Subject: nym-0.3 released Message-ID: Hacking MediaWiki to map client certificates to IP addresses turns out to be quite trivial. nym-0.3 includes the 17 line patch, as well as the security fix proposed by cyphrpunk. The live demo at erg.no-ip.org now includes a live, patched MediaWiki called NymWiki. http://lunkwill.org/src/nym/nym-0.3.tar.gz http://www.lunkwill.org/src/nym/Readme http://www.lunkwill.org/src/nym/CHANGELOG If you want to be able to edit wikipedia through tor, I suggest you try out the code and email me, so that we can make a case that there's actual demand for inclusion of the patches. -J ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From kragen at pobox.com Thu Oct 13 00:37:01 2005 From: kragen at pobox.com (kragen at pobox.com) Date: Thu, 13 Oct 2005 03:37:01 -0400 (EDT) Subject: cost to install surveillance cameras in public places Message-ID: Suppose you wanted to plant a hidden camera for some long period of time and capture photos of all that went past. You'd like to never again have to enter the place where it's hidden, and only visit it rarely; you'd like it to be small; and you'd like it to last a long time. For example, the book "The Social Life of Small Urban Spaces" was based on a few years of research in this vein using Super 8 cameras for time-lapse photography. It appears to me that this equipment should now be incredibly cheap. USB "webcams" that capture 100-kB 640x480 JPEGs are on the order of $10. I think 4-port USB hubs (again, on the order of $10) contain all the hardware necessary to act as USB host controllers; one could imagine integrating the USB hub hardware with a small single-board computer with SD/MMC and Bluetooth interfaces, for a total cost on the order of $50 plus up to 4 cameras and their USB cables, and an MMC card ($50-$110). This device would presently be limited in smallness only by the size of its power supply, USB ports, and multi-chip integration, so it could be concealed in many places. You could probably run it on 200mW when running (for less than a second) and <1mW when idle. You could drop by periodically with an inconspicuous Bluetooth device, such as a cellphone or laptop, to download the pictures (say, 4 cameras * 100kB/shot/camera * 4 shots / minute * 60 minutes/hour * 24 hours/day = 2.3GB/day; but one shot per minute is only 144MB/day). Anyone snooping over Bluetooth at the time could tell that a lot of data was being sent over Bluetooth (1megabit/sec? not sure; but at that speed you'd have to spend 2300 seconds in the vicinity.) Alternatively, you could use a directional antenna from hundreds of meters away (the "Bluesniper" folks managed to do 1km.) An adaptive surveillance algorithm could shoot four times per minute until the data card was full, followed by twice a minute (replacing every other old shot, starting with the oldest) until the data card was all full at twice a minute, then once per minute (thinning out old shots to once a minute) until it was full again, etc. Supposing that USB 12Mbps transfers were the limiting factor, you'd need about 67ms of "on time" per shot, or (according to my 200mW estimate above) 13.4 mJ. My laptop's Li-ion battery supposedly holds around 46Wh, or 165kJ (abridged info below): $ cat /proc/acpi/battery/BAT1/state present rate: 1227 mA remaining capacity: 2579 mAh present voltage: 11300 mV $ cat /proc/acpi/battery/BAT1/info design capacity: 4500 mAh last full capacity: 4067 mAh design voltage: 10800 mV model number: XM2018P02 battery type: Li-ION 11.3V * 4.067Ah = 46Wh. On that basis, my laptop's battery could power 12 000 000 invasions of privacy by this system --- saving that many camera shots to an MMC card. It might only be able to power 4 000 000 invasions of privacy if it had to transmit them all over Bluetooth. Still, that's nearly six months in the four-shots-with-four-cameras-per-minute maxi configuration described above, where you'd have to come download up your photos at least once a day, and at one camera shooting once per minute, it would last 8 years. (I'm assuming that the webcams power up instantly. This may be unreasonable.) Obviously you could do a similar job with audio surveillance, but ironically, this may consume more storage and power; minimally comprehensible speech is 10kbps under the best of conditions, so you'd need at least 108MB/day, and probably several times that to get anything useful. You'd need some very-low-power constantly-on device to buffer the audio so you wouldn't have to run the CPU all the time. A similar system, but without the cameras or other transducers, could serve as a maildrop or backup server (for data with high value per byte, obviously). We can anticipate that the power and monetary cost of data storage and transmission will decrease considerably more before Moore's Law runs out. ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From brian at grot.com Thu Oct 13 04:55:01 2005 From: brian at grot.com (Brian Smithson) Date: October 13, 2005 4:55:01 PM EDT Subject: Location tracking -- a bill of rights? Message-ID: [OK for IP if it's OK with you] Dave, I think Dennis' post about dodgeball gives a real life example of what I think should be the basic "Bill of Rights" for tracking devices. This is kind of rough, as I am making it up as I write. And pardon my wishful thinking :-). I. I should be informed of the existence of any tracking mechanism. This would include those which are integral to a product like in a cellphone, those which are deliberate add-ons like if "dodgeball" is an app I'm installing on my phone, and those which are embedded for some purpose unrelated to my own purpose like an RFID inventory- tracking tag in a sweater that I'm buying. Many people don't know that their phone can be used to track their location. Many more won't know that their *sweater* could be used to track their location. II. I should be able to turn the tracking function on and off. Of course, this may render the item useless, like a cellphone which can't communicate with its network. RFID companies won't like this one because RFIDs usually have no external controls and cost is a major factor in RFID adoption, so maybe it will be sufficient in some cases to simply be able to turn the function off (permanently). After I've bought the sweater, inventory tracking is no longer needed. III. I should be able to give explicit permission for trackers to track me for specific purposes. This would be like GLBA privacy laws, only let's try to make them actually work :-). So the cellphone carrier could track me, but only for the purpose of making the phone work unless I give them permission to do something else with that information. IV. I should be able to give permission through intermediaries. For example, I might want to give my cellphone carrier permission to give my tracking information to a third party for a particular purpose. This could have multiple levels, such as if (through a third party service, let's say dodgeball) I gave permission to Bob and Carol but denied it to Ted and Alice. V. I should own my tracking information. Those who facilitate tracking would have a "license" to the tracking data. I should be able to control how long it is retained by revoking that license. VI. Tracking facilitators are common carriers. Let's say I have a Verizon phone. If I want Verizon to make my tracking data available to another party, such a request should not be unreasonably refused. In other words, if I want Verizon to make my tracking data available to dodgeball, for example, they should not be able to refuse and insist that I use their social networking service instead. VII. I should be able to access records of who has been tracking me, when, and how. This may not be easy all the way to a personal level, but we should try. I can think of cases when I would want to know that on March 19th, Joe Blow at the phone company looked at my location records for the month of February. Or I might just want to know who location-enabled-spammed me when I had not given anyone permission to do that. VIII, IX, and X. I know there should be 10 rights, but I couldn't think of them. -- - Brian Smithson brian at grot.com ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From dave at farber.net Thu Oct 13 06:15:32 2005 From: dave at farber.net (David Farber) Date: Thu, 13 Oct 2005 09:15:32 -0400 Subject: [IP] READ more on Location tracking -- for people, products, places Message-ID: -- is fast coming into its own / It's 11 o'clock. Do you know where your _______ is? X-Mailer: Apple Mail (2.734) Reply-To: dave at farber.net Begin forwarded message: From rah at shipwright.com Thu Oct 13 07:41:46 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 13 Oct 2005 10:41:46 -0400 Subject: [Clips] Senate Approves Inter-American Convention Against Terrorism Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Thu, 13 Oct 2005 10:37:53 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] Senate Approves Inter-American Convention Against Terrorism Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com Amazing what a Google alert on "bearer" gets you these days... >b. Measures to detect and monitor movements across >borders of cash, bearer negotiable instruments, and other appropriate >movements of value. These measures shall be subject to safeguards to >ensure proper use of information and should not impede legitimate capital >movements. Cheers, RAH ------ .: All American Patriots :. Strengthening and celebrating American patriotism Security News : U.S. Senate Approves Inter-American Convention Against Terrorism Posted by Patriot on 2005/10/13 9:54:46 (45 reads) U.S. Senate Approves Inter-American Convention Against Terrorism Convention called important tool in war on terror, organized crime 12 October 2005 By Eric Green Washington File Staff Writer Washington -- The U.S. Senate approved October 7 the Inter-American Convention Against Terrorism, which has received the strong support of the Bush administration. The administration had reaffirmed its firm support for the counterterrorism convention in a letter from Assistant U.S. Attorney General for Legislative Affairs William Moschella urging the Senate to approve the measure. Moschella wrote that the Bush administration "strongly" supported the convention. U.S. Senator Jeff Sessions (Republican of Alabama) said on the Senate floor before the agreement was approved that the convention would provide an important tool "in our war against terrorism and organized crime." Sessions is a member of the Senate Subcommittee on Terrorism, Technology and Homeland Security. The United States signed the convention in June 2002, but Senate approval was needed before the United States could ratify the Western Hemisphere counterterrorism measure. For the anti-terrorism convention to become officially approved by the United States, the Senate's ratification must be subsequently signed and registered ("deposited") by President Bush at the Organization of American States (OAS). The OAS General Assembly adopted the pact in June 2002 in Bridgetown, Barbados. The organization said the convention is the first international measure against terrorism negotiated after the September 11, 2001, attacks against the United States. The convention provides the legal framework for cooperation among the 34 OAS member states in the fight against terrorism. The U.S. State Department pledged an additional $1.6 million in February to strengthen and expand counterterrorism coordination in the Western Hemisphere, bringing the total U.S. contribution to $5 million on this issue since the September 11 terrorist attacks. According to the State Department report, Country Reports on Terrorism 2004, terrorists in the Western Hemisphere becoming increasingly active in illicit transnational activities, including the drug trade, arms trafficking, money laundering, contraband smuggling and document and currency fraud. The report said the threat of international terrorism in the Western Hemisphere remained relatively low during 2004, compared to other world regions but added that terrorists might seek safe haven, financing, recruiting, illegal travel documentation, or access to the United States from the hemisphere. Terrorism was also the subject of a September 2004 State Department electronic journal, The Global War on Terrorist Finance, available on the State Department Web site. The text of Inter-American Convention Against Terrorismon from the OAS Web site is available below. INTER-AMERICAN CONVENTION AGAINST TERRORISM The States Parties to this Convention, BEARING IN MIND the purposes and principles of the Charter of the Organization of American States and the Charter of the United Nations; CONSIDERING that terrorism represents a serious threat to democratic values and to international peace and security and is a cause of profound concern to all member states; REAFFIRMING the need to adopt effective steps in the inter-American system to prevent, punish, and eliminate terrorism through the broadest cooperation; RECOGNIZING that the serious economic harm to states which may result from terrorist acts is one of the factors that underscore the need for cooperation and the urgency of efforts to eradicate terrorism; REAFFIRMING the commitment of the states to prevent, combat, punish, and eliminate terrorism; and BEARING IN MIND resolution RC.23/RES. 1/01 rev. 1 corr. 1, "Strengthening Hemispheric Cooperation to Prevent, Combat, and Eliminate Terrorism," adopted at the Twenty-third Meeting of Consultation of Ministers of Foreign Affairs, Have agreed to the following: Article 1 Object and purposes The purposes of this Convention are to prevent, punish, and eliminate terrorism. To that end, the states parties agree to adopt the necessary measures and to strengthen cooperation among them, in accordance with the terms of this Convention. Article 2 Applicable international instruments 1. For the purposes of this Convention, "offenses" means the offenses established in the international instruments listed below: a. Convention for the Suppression of Unlawful Seizure of Aircraft, signed at The Hague on December 16, 1970. b. Convention for the Suppression of Unlawful Acts against the Safety of Civil Aviation, signed at Montreal on September 23, 1971. c. Convention on the Prevention and Punishment of Crimes against Internationally Protected Persons, including Diplomatic Agents, adopted by the General Assembly of the United Nations on December 14, 1973. d. International Convention against the Taking of Hostages, adopted by the General Assembly of the United Nations on December 17, 1979. e. Convention on the Physical Protection of Nuclear Material, signed at Vienna on March 3, 1980. f. Protocol on the Suppression of Unlawful Acts of Violence at Airports Serving International Civil Aviation, supplementary to the Convention for the Suppression of Unlawful Acts against the Safety of Civil Aviation, signed at Montreal on February 24, 1988. g. Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation, done at Rome on March 10, 1988. h. Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms Located on the Continental Shelf, done at Rome on March 10, 1988. i. International Convention for the Suppression of Terrorist Bombings, adopted by the General Assembly of the United Nations on December 15, 1997. j. International Convention for the Suppression of the Financing of Terrorism, adopted by the General Assembly of the United Nations on December 9, 1999. 2. Upon depositing its instrument of ratification to this Convention, a state party that is not a party to one or more of the international instruments listed in paragraph 1 of this article may declare that, in application of this Convention to such state party, that particular instrument shall be deemed not to be included in that paragraph. The declaration shall cease to have effect as soon as that instrument enters into force for that state party, which shall notify the depositary of this fact. 3. When a state party ceases to be a party to one of the international instruments listed in paragraph 1 of this article, it may make a declaration, as provided in paragraph 2 of this article, with respect to that instrument. Article 3 Domestic measures Each state party, in accordance with the provisions of its constitution, shall endeavor to become a party to the international instruments listed in Article 2 to which it is not yet a party and to adopt the necessary measures to effectively implement such instruments, including establishing, in its domestic legislation, penalties for the offenses described therein. Article 4 Measures to prevent, combat, and eradicate the financing of terrorism 1. Each state party, to the extent it has not already done so, shall institute a legal and regulatory regime to prevent, combat, and eradicate the financing of terrorism and for effective international cooperation with respect thereto, which shall include: a. A comprehensive domestic regulatory and supervisory regime for banks, other financial institutions, and other entities deemed particularly susceptible to being used for the financing of terrorist activities. This regime shall emphasize requirements for customer identification, record-keeping, and the reporting of suspicious or unusual transactions. b. Measures to detect and monitor movements across borders of cash, bearer negotiable instruments, and other appropriate movements of value. These measures shall be subject to safeguards to ensure proper use of information and should not impede legitimate capital movements. c. Measures to ensure that the competent authorities dedicated to combating the offenses established in the international instruments listed in Article 2 have the ability to cooperate and exchange information at the national and international levels within the conditions prescribed under its domestic law. To that end, each state party shall establish and maintain a financial intelligence unit to serve as a national center for the collection, analysis, and dissemination of pertinent money laundering and terrorist financing information. Each state party shall inform the Secretary General of the Organization of American States of the authority designated to be its financial intelligence unit. 2. When implementing paragraph 1 of this article, states parties shall use as guidelines the recommendations developed by specialized international and regional entities, in particular the Financial Action Task Force and, as appropriate, the Inter-American Drug Abuse Control Commission, the Caribbean Financial Action Task Force, and the South American Financial Action Task Force. Article 5 Seizure and confiscation of funds or other assets 1. Each state party shall, in accordance with the procedures established in its domestic law, take such measures as may be necessary to provide for the identification, freezing or seizure for the purposes of possible forfeiture, and confiscation or forfeiture, of any funds or other assets constituting the proceeds of, used to facilitate, or used or intended to finance, the commission of any of the offenses established in the international instruments listed in Article 2 of this Convention. 2. The measures referred to in paragraph 1 shall apply to offenses committed both within and outside the jurisdiction of the state party. Article 6 Predicate offenses to money laundering 1. Each state party shall take the necessary measures to ensure that its domestic penal money laundering legislation also includes as predicate offenses those offenses established in the international instruments listed in Article 2 of this Convention. 2. The money laundering predicate offenses referred to in paragraph 1 shall include those committed both within and outside the jurisdiction of the state party. Article 7 Cooperation on border controls 1. The states parties, consistent with their respective domestic legal and administrative regimes, shall promote cooperation and the exchange of information in order to improve border and customs control measures to detect and prevent the international movement of terrorists and trafficking in arms or other materials intended to support terrorist activities. 2. In this context, they shall promote cooperation and the exchange of information to improve their controls on the issuance of travel and identity documents and to prevent their counterfeiting, forgery, or fraudulent use. 3. Such measures shall be carried out without prejudice to applicable international commitments in relation to the free movement of people and the facilitation of commerce. Article 8 Cooperation among law enforcement authorities The states parties shall work closely with one another, consistent with their respective domestic legal and administrative systems, to enhance the effectiveness of law enforcement action to combat the offenses established in the international instruments listed in Article 2. In this context, they shall establish and enhance, where necessary, channels of communication between their competent authorities in order to facilitate the secure and rapid exchange of information concerning all aspects of the offenses established in the international instruments listed in Article 2 of this Convention. Article 9 Mutual legal assistance The states parties shall afford one another the greatest measure of expeditious mutual legal assistance with respect to the prevention, investigation, and prosecution of the offenses established in the international instruments listed in Article 2 and proceedings related thereto, in accordance with applicable international agreements in force. In the absence of such agreements, states parties shall afford one another expeditious assistance in accordance with their domestic law. Article 10 Transfer of persons in custody 1. A person who is being detained or is serving a sentence in the territory of one state party and whose presence in another state party is requested for purposes of identification, testimony, or otherwise providing assistance in obtaining evidence for the investigation or prosecution of offenses established in the international instruments listed in Article 2 may be transferred if the following conditions are met: a. The person freely gives his or her informed consent; and b. Both states agree, subject to such conditions as those states may deem appropriate. 2. For the purposes of this article: a. The state to which the person is transferred shall have the authority and obligation to keep the person transferred in custody, unless otherwise requested or authorized by the state from which the person was transferred. b. The state to which the person is transferred shall without delay implement its obligation to return the person to the custody of the state from which the person was transferred as agreed beforehand, or as otherwise agreed, by the competent authorities of both states. c. The state to which the person is transferred shall not require the state from which the person was transferred to initiate extradition proceedings for the return of the person. d. The person transferred shall receive, for time spent in the custody of the state to which he or she was transferred, credit toward service of the sentence being served in the state from which he or she was transferred. 3. Unless the state party from which a person is to be transferred in accordance with the present article so agrees, that person, whatever his or her nationality, shall not be prosecuted or detained or subjected to any other restriction of his or her personal liberty in the territory of the state to which that person is transferred in respect of acts or convictions prior to his or her departure from the territory of the state from which said person was transferred. Article 11 Inapplicability of political offense exception For the purposes of extradition or mutual legal assistance, none of the offenses established in the international instruments listed in Article 2 shall be regarded as a political offense or an offense connected with a political offense or an offense inspired by political motives. Accordingly, a request for extradition or mutual legal assistance may not be refused on the sole ground that it concerns a political offense or an offense connected with a political offense or an offense inspired by political motives. Article 12 Denial of refugee status Each state party shall take appropriate measures, consistent with the relevant provisions of national and international law, for the purpose of ensuring that refugee status is not granted to any person in respect of whom there are serious reasons for considering that he or she has committed an offense established in the international instruments listed in Article 2 of this Convention. Article 13 Denial of asylum Each state party shall take appropriate measures, consistent with the relevant provisions of national and international law, for the purpose of ensuring that asylum is not granted to any person in respect of whom there are reasonable grounds to believe that he or she has committed an offense established in the international instruments listed in Article 2 of this Convention. Article 14 Nondiscrimination None of the provisions of this Convention shall be interpreted as imposing an obligation to provide mutual legal assistance if the requested state party has substantial grounds for believing that the request has been made for the purpose of prosecuting or punishing a person on account of that person's race, religion, nationality, ethnic origin, or political opinion, or that compliance with the request would cause prejudice to that person's position for any of these reasons. Article 15 Human rights 1. The measures carried out by the states parties under this Convention shall take place with full respect for the rule of law, human rights, and fundamental freedoms. 2. Nothing in this Convention shall be interpreted as affecting other rights and obligations of states and individuals under international law, in particular the Charter of the United Nations, the Charter of the Organization of American States, international humanitarian law, international human rights law, and international refugee law. 3. Any person who is taken into custody or regarding whom any other measures are taken or proceedings are carried out pursuant to this Convention shall be guaranteed fair treatment, including the enjoyment of all rights and guarantees in conformity with the law of the state in the territory of which that person is present and applicable provisions of international law. Article 16 Training 1. The states parties shall promote technical cooperation and training programs at the national, bilateral, subregional, and regional levels and in the framework of the Organization of American States to strengthen the national institutions responsible for compliance with the obligations assumed under this Convention. 2. The states parties shall also promote, where appropriate, technical cooperation and training programs with other regional and international organizations conducting activities related to the purposes of this Convention. Article 17 Cooperation through the Organization of American States The states parties shall encourage the broadest cooperation within the pertinent organs of the Organization of American States, including the Inter-American Committee against Terrorism (CICTE), on matters related to the object and purposes of this Convention. Article 18 Consultations among the parties 1. The states parties shall hold periodic meetings of consultation, as appropriate, with a view to facilitating: a. The full implementation of this Convention, including the consideration of issues of interest relating thereto identified by the states parties; and b. The exchange of information and experiences on effective means and methods to prevent, detect, investigate, and punish terrorism. 2. The Secretary General shall convene a meeting of consultation of the states parties after receiving the 10th instrument of ratification. Without prejudice to this, the states parties may hold consultations as they consider appropriate. 3. The states parties may request the pertinent organs of the Organization of American States, including CICTE, to facilitate the consultations referred to in the previous paragraphs and to provide other forms of assistance with respect to the implementation of this Convention. Article 19 Exercise of jurisdiction Nothing in this Convention entitles a state party to undertake in the territory of another state party the exercise of jurisdiction or performance of functions that are exclusively reserved to the authorities of that other state party by its domestic law. Article 20 Depositary The original instrument of this Convention, the English, French, Portuguese, and Spanish texts of which are equally authentic, shall be deposited with the General Secretariat of the Organization of American States. Article 21 Signature and ratification 1. This Convention is open for signature by all member states of the Organization of American States. 2. This Convention is subject to ratification by the signatory states in accordance with their respective constitutional procedures. The instruments of ratification shall be deposited with the General Secretariat of the Organization of American States. Article 22 Entry into force 1. This Convention shall enter into force on the 30th day following the date of deposit of the sixth instrument of ratification of the Convention with the General Secretariat of the Organization of American States. 2. For each state ratifying the Convention after deposit of the sixth instrument of ratification, the Convention shall enter into force on the 30th day following the deposit by such state of its instrument of ratification. Article 23 Denunciation 1. Any state party may denounce this Convention by written notification to the Secretary General of the Organization of American States. Denunciation shall take effect one year following the date on which notification is received by the Secretary General of the Organization. 2. Such denunciation shall not affect any requests for information or assistance made during the time the Convention is in force for the denouncing state. (The Washington File is a product of the Bureau of International Information Programs, U.S. Department of State. Web site: http://usinfo.state.gov) Get the news before it happens: Avant News -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From bmm at minder.net Thu Oct 13 13:49:00 2005 From: bmm at minder.net (Brian Minder) Date: Thu, 13 Oct 2005 16:49:00 -0400 Subject: cypherpunks@minder.net closing on 11/1 Message-ID: <20051013204900.GA26449@waste.minder.net> The minder.net CDR node will be shutting down on November 1, 2005. This includes the cypherpunks-moderated list. Please adjust your subscriptions accordingly. Thanks, -Brian -- bmm at minder.net 1024/8C7C4DE9 From rah at shipwright.com Thu Oct 13 15:35:32 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 13 Oct 2005 18:35:32 -0400 Subject: [Clips] New Screening Tech Misses Nothing Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Thu, 13 Oct 2005 18:09:33 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] New Screening Tech Misses Nothing Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com Wired News Wired News New Screening Tech Misses Nothing By Abby Christopher? Story location: http://www.wired.com/news/privacy/0,1848,69137,00.html 02:00 AM Oct. 11, 2005 PT Bad news for terrorists and drug traffickers: The hunt for narcotics, explosives and biohazards is about to get faster and easier thanks to new research from Purdue University. A new testing method can, for the first time, speedily check objects and people for traces of chemical compounds. The detection technology known as mass spectrometry is already in use by forensic scientists. "Mass spectrometry is one of the most sensitive methods for finding drugs, chemicals, pollutants and disease, but the problem is that you have to extract a sample and treat that sample before you can analyze it," said Evan Williams, a chemistry professor at UC Berkeley. That process can take anywhere from two to 15 minutes for each sample. Multiply that by the number of people in line at airport security at JFK the day before Thanksgiving, and you've got a logistical nightmare on your hands. The research from Purdue, led by analytical chemistry professor Graham Cooks, developed a technique called desorption electrospray ionization, or DESI, that eliminates a part of the mass spectrometry process, and thus speeds up the detection of substances to less than 10 seconds, said Williams. To use it, law enforcement officials and security screeners will spray methanol or a water and salt mixture on the surface of an object, or a person's clothing or skin, and test immediately for microscopic traces of chemical compounds. In the lab, DESI has tested for chemicals at the picogram level -- or trillionths of a gram. This is about 1,000 times less than the minimum amount of material previously required for detection. Cooks also hopes to commercialize a rugged DESI sensor that would weigh as little as 25 pounds and fit into a knapsack. "We have tested it for a wide variety of explosives and the experiments represent several practical conditions such as using mixtures using different surfaces (skin, paper, luggage)," says Nari Talaty, a graduate student on Cooks' team at Purdue. The new technique is "extremely promising for the detection of illicit substances on surfaces," said Herbert Hill Jr., a chemistry professor at Washington State University who is researching ion mobility spectrometry. "With DESI it appears possible to bring the instrument to the sampling site, reducing sampling time and complexity," said Hill. Scientific instrument maker Jeol USA, Oakridge Labs and other academic researchers have also developed their own surface testing techniques using mass spectrometry. Jeol's patented technique uses helium or nitrogen gas to extract and ionize chemicals, and is already being used by the U.S. Army's Chemical and Bio Labs, the FBI and other law enforcement agencies. However, it cannot currently detect biomolecules and proteins for biohazards -- an appealing feature of Purdue's system. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From dave at farber.net Thu Oct 13 16:21:22 2005 From: dave at farber.net (David Farber) Date: Thu, 13 Oct 2005 19:21:22 -0400 Subject: [IP] Location tracking -- a bill of rights? Message-ID: Begin forwarded message: From JIAZCINPJJB at msn.com Thu Oct 13 15:26:01 2005 From: JIAZCINPJJB at msn.com (Stacey Bryan) Date: Fri, 14 Oct 2005 01:26:01 +0300 Subject: Watches Lovers Love this jyGe Message-ID: <55190969.986JIAZCINPJJB@msn.com> Highest qualities Replika Watches now HERE! We guarantees: - 99.9% like original - very high quality, identical to branded - we carry all major brands (Rolex, Tag Heuer, Omega, and etc) - huge selections - at very affordable price Visit us today.. http://043.newsbyaotomsen.com o-ut of mai-lling lisst: http://043.newsbyaotomsen.com/rm/ I4f From jtrjtrjtr2001 at yahoo.com Fri Oct 14 06:29:20 2005 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Fri, 14 Oct 2005 06:29:20 -0700 (PDT) Subject: subscribe Message-ID: <20051014132920.83414.qmail@web33306.mail.mud.yahoo.com> __________________________________ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs From cmckie at dowco.com Fri Oct 14 09:12:14 2005 From: cmckie at dowco.com (Craig McKie) Date: Fri, 14 Oct 2005 09:12:14 -0700 Subject: No subject Message-ID: <76mvk1l5khficg23ke6bgg5682sbgmn03i@4ax.com> subscribe cmckie at dowco.com From ericm at lne.com Fri Oct 14 09:35:16 2005 From: ericm at lne.com (ericm at lne.com) Date: Fri, 14 Oct 2005 09:35:16 -0700 Subject: cypherpunks subscription In-Reply-To: <76mvk1l5khficg23ke6bgg5682sbgmn03i@4ax.com> References: <76mvk1l5khficg23ke6bgg5682sbgmn03i@4ax.com> Message-ID: <20051014163516.GC744@slack.lne.com> On Fri, Oct 14, 2005 at 09:12:14AM -0700, Craig McKie wrote: > subscribe cmckie at dowco.com Send subscription requests to majordomo at al-qaeda.net, NOT to the list itself. From rah at shipwright.com Fri Oct 14 09:15:03 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Fri, 14 Oct 2005 12:15:03 -0400 Subject: cypherpunks@minder.net closing on 11/1 In-Reply-To: <20051014120845.GN2249@leitl.org> References: <20051013204900.GA26449@waste.minder.net> <20051014120845.GN2249@leitl.org> Message-ID: At 2:08 PM +0200 10/14/05, Eugen Leitl wrote: >I'm suggesting cypherpunks at al-qaeda.net as an alternative node >to subscribe to. Amen. No problems here, either, pretty much since the node went up. In case his load goes up now, :-), is anyone else running his node-ware on another machine to keep him from being queen for a day? Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Fri Oct 14 04:13:48 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 14 Oct 2005 13:13:48 +0200 Subject: [dave@farber.net: [IP] Location tracking -- a bill of rights?] Message-ID: <20051014111348.GW2249@leitl.org> ----- Forwarded message from David Farber ----- From rsw at jfet.org Fri Oct 14 11:02:26 2005 From: rsw at jfet.org (Riad S. Wahby) Date: Fri, 14 Oct 2005 14:02:26 -0400 Subject: cypherpunks@minder.net closing on 11/1 In-Reply-To: <20051014120845.GN2249@leitl.org> References: <20051013204900.GA26449@waste.minder.net> <20051014120845.GN2249@leitl.org> Message-ID: <20051014180226.GA17774@proton.jfet.org> Eugen Leitl wrote: > On Thu, Oct 13, 2005 at 04:49:00PM -0400, Brian Minder wrote: > > The minder.net CDR node will be shutting down on November 1, 2005. This > > includes the cypherpunks-moderated list. Please adjust your subscriptions > > accordingly. > > Thanks Brian. Indeed! Thanks, Brian, for having run an excellent node for quite a long while. > I'm suggesting cypherpunks at al-qaeda.net as an alternative node > to subscribe to. To subscribe, talk to majordomo at al-qaeda.net using the standard lingo. -- Riad S. Wahby rsw at jfet.org From eugen at leitl.org Fri Oct 14 05:08:45 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 14 Oct 2005 14:08:45 +0200 Subject: cypherpunks@minder.net closing on 11/1 In-Reply-To: <20051013204900.GA26449@waste.minder.net> References: <20051013204900.GA26449@waste.minder.net> Message-ID: <20051014120845.GN2249@leitl.org> On Thu, Oct 13, 2005 at 04:49:00PM -0400, Brian Minder wrote: > The minder.net CDR node will be shutting down on November 1, 2005. This > includes the cypherpunks-moderated list. Please adjust your subscriptions > accordingly. Thanks Brian. I'm suggesting cypherpunks at al-qaeda.net as an alternative node to subscribe to. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From wolf at priori.net Fri Oct 14 14:19:29 2005 From: wolf at priori.net (Meyer Wolfsheim) Date: Fri, 14 Oct 2005 14:19:29 -0700 (PDT) Subject: Running a cypherpunks list node? Message-ID: If one were inclined to host a cypherpunks list node, where would one obtain the necessary information? -MW- From rsw at jfet.org Fri Oct 14 15:21:04 2005 From: rsw at jfet.org (Riad S. Wahby) Date: Fri, 14 Oct 2005 18:21:04 -0400 Subject: Running a cypherpunks list node? In-Reply-To: References: Message-ID: <20051014222104.GB23391@proton.jfet.org> Meyer Wolfsheim wrote: > If one were inclined to host a cypherpunks list node, where would one > obtain the necessary information? I was just considering that I ought to post a cpunks node howto. I'll get to it some time this weekend, hopefully. -- Riad S. Wahby rsw at jfet.org From camera_lumina at hotmail.com Sat Oct 15 06:23:39 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sat, 15 Oct 2005 09:23:39 -0400 Subject: TEMPEST PC for sale on ebay In-Reply-To: Message-ID: Uh...it's SAIC. I used to work for a subsidiary so I wouldn't touch this POS with a ten-foot tempest pole. -TD >From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) >To: cypherpunks at jfet.org >Subject: TEMPEST PC for sale on ebay >Date: Sat, 15 Oct 2005 19:39:02 +1300 > >http://cgi.ebay.com/SAIC-V2-Military-Portable-Computer-With-Accessories_W0QQitemZ8707782870QQcategoryZ177QQrdZ1QQcmdZViewItem > >May possibly run a very cut-down version of Linux, otherwise you'd be stuck >with DOS. > >Peter. From pgut001 at cs.auckland.ac.nz Fri Oct 14 23:39:02 2005 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Sat, 15 Oct 2005 19:39:02 +1300 Subject: TEMPEST PC for sale on ebay Message-ID: http://cgi.ebay.com/SAIC-V2-Military-Portable-Computer-With-Accessories_W0QQitemZ8707782870QQcategoryZ177QQrdZ1QQcmdZViewItem May possibly run a very cut-down version of Linux, otherwise you'd be stuck with DOS. Peter. From eugen at leitl.org Sat Oct 15 15:01:33 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 16 Oct 2005 00:01:33 +0200 Subject: /. [Future Cell Phone Knows You By Your Walk] Message-ID: <20051015220133.GK2249@leitl.org> Link: http://slashdot.org/article.pl?sid=05/10/15/0640206 Posted by: Zonk, on 2005-10-15 12:39:00 jangobongo writes "Researchers at the [1]VTT Technical Research Centre of Finland have come up with a unique way to secure your cell phone if it should get lost or stolen: 'Gait code'. Motion sensors in the phone would [2]monitor the walking pattern (or gait) of whoever is in possession of the phone, and if the 'gait' doesn't match a pre-established biometric the phone would require a password to operate. The prototype cell phone correctly identified when it was being carried by someone other than its owner 98% of the time. The research team [3]points out (powerpoint document) that this method could also work for PDAs, laptops, USB tokens, smart cards, wallets, suitcases, and guns." References 1. http://www.vtt.fi/indexe.htm 2. http://www.newscientist.com/article.ns?id=dn8161 3. http://www.vtt.fi/vtt/uutta/2005/img/wsbr/tiedoteeng.doc ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rah at shipwright.com Sat Oct 15 22:09:20 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Sun, 16 Oct 2005 01:09:20 -0400 Subject: filevault Message-ID: --- begin forwarded text Date: Sun, 16 Oct 2005 07:02:52 +0200 (MEST) From: "miriam schuenke" To: rah at ibuc.com Subject: filevault hi there, my name is miriam... I just came across your article on filevault (http:// www.vmeng.com/mc/archives/2004-March/000626.html) I was wondering if you might have an answer here for me.... since something really terrible just happened to me: I do have a powerbook g4 with filevault turned on. the other day I turned my computer of, turned in on and had to realize that my entire desktop was set to default and all data on it were gone.... including music files from my i-tunes library and images from i-photo. I found a file on my homefolder: xxxxx.sprseimage with the filevault icon .... stating that it contains 25gb. No way of copying this file. And no way of turning file vault off as long this file is on the computer. I have not lost any password but trying to turn off file vault results in an error message after ca. 40 minutes. NOW THE BIG HOPE QUESTION: any chance of decrypting this file??? the geniusses at apple did not know what to do... I would appreciate any answer on this thank you miriam -- NEU: Telefon-Flatrate f8rs dt. Festnetz! GMX Phone_Flat: 9,99 Euro/Mon.* F8r DSL-Nutzer. Ohne Providerwechsel! http://www.gmx.net/de/go/telefonie --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mikepery at fscked.org Sat Oct 15 23:28:24 2005 From: mikepery at fscked.org (Mike Perry) Date: Sun, 16 Oct 2005 01:28:24 -0500 Subject: questions about hidden service hashes, and experiences running Message-ID: hidden services User-Agent: Mutt/1.4.1i Reply-To: or-talk at freehaven.net Thus spake loki tiwaz (loki_tiwaz at hotmail.com): > now, to the question which concerns me. I read in the tor spec that the > hidden service address is an SHA1 hash of the server public key. I'm not > sure if anyone here is aware of this (but i seriously doubt it) - SHA1 is > now no longer secure. If the public key were equal or shorter than the > length of the hash, this would mean that the hidden service .onion address > could be cracked and the public key discovered, and the public key would > then be able to be searched in the directory and the ip address revealed. I > apologise if this is a question that has already been covered, my reading > of the specs was not deep although i looked some ways, i couldn't discern > whether the possibility of inverting the hash and identifying the IP > through the directory was a possibility, so i thought i'd ask the list and > see if anyone can answer this question. I realise that if the data used to > generate a hash with an insecure function is longer than the hash produced > that there is no issue. I just want to be sure about the security of the > hidden services before i go announcing the address any further than here > without knowing if giving this address is going to compromise my IP address > - cos that would defeat the purpose of doing it at all. A couple of points. First, unless I've fallen behind, SHA1 is only broken to the point where you can generate two different arbitrary datum and have them result to the same hash. This is not the same as being able to "undo" SHA, or to even determine an arbitary collision to a fixed hash. Unless I've missed something. Second, even if this were the case, the hidden service is supposedly only listed with the introduction points that the service connected to through Tor. Assuming Tor remains unbroken, these Intro Points cannot reveal the hidden service IP, and the public key of the hidden service is not secret information anyway. Here are some slides that illustrate the process of connecting to a hidden service: http://www.freehaven.net/~arma/wth3.pdf The one thing I would advise against is running your hidden service on the same IP as your Tor server (or at least do not announce this fact). This can leave you vulnerable to an intersection attack, where the attacker keeps track of uptime of your hidden service and compares it to uptime stats of the various tor servers. You only have 300-some nodes to hide among. Incidentally, I would like to know exactly which directory server listing hidden services are published in. I don't see any of them in http://belegost.seul.org/ for example.. -- Mike Perry Mad Computer Scientist fscked.org evil labs ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From ArnoldNoAngelHonestly at libemail.com Sun Oct 16 04:07:32 2005 From: ArnoldNoAngelHonestly at libemail.com (Dexter Mayer) Date: Sun, 16 Oct 2005 09:07:32 -0200 Subject: Life Experience D3grees Message-ID: <18140.77xc.eu37d.jd7VZJFI44@bayview.net> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4569 bytes Desc: not available URL: From DeannaCashchoreography at randomfactor.net Sat Oct 15 21:41:03 2005 From: DeannaCashchoreography at randomfactor.net (Traci Vann) Date: Sun, 16 Oct 2005 09:41:03 +0500 Subject: You can save few hundreds every month microscopy Message-ID: Xanax and other drugs with wholesale prices. You wont find better prices anywhere! Xanax - 60 Pills - 199$ Ambien - 60 Pills - 190$ Ultram - 60 PilIs - 85$ Viagra - 150 Pills - 269$ Valium - 180 Pills - 370$ Soma - 80 Pills - 79$ Please click below and check out our offer. http://www.cdgg.net/?Sb40dbf8b17bcab39763c043ecS093bf renault you hanoi me, pepsi . counsel you town me, chisel ok polo . mambo you oneself me, concept fracture versailles . gird you dicotyledon me, wife successful natural . wolve you invariable me, beseech guerdon prologue germicide . retinue you flap me, bruckner . http://www.ghgfh.net/fgh.php From eugen at leitl.org Mon Oct 17 03:01:22 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 17 Oct 2005 12:01:22 +0200 Subject: [mikepery@fscked.org: Re: questions about hidden service hashes, and experiences running hidden services] Message-ID: <20051017100122.GX2249@leitl.org> ----- Forwarded message from Mike Perry ----- From camera_lumina at hotmail.com Mon Oct 17 09:24:50 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 17 Oct 2005 12:24:50 -0400 Subject: Color Laser Printer Snitch Codes Message-ID: Apparently, it's possible to examine a color printer output and determine make, model, and even print time. http://www.eff.org/Privacy/printers/docucolor/ Soon we'll find out that toothbrushes are able to determine what I ate for dinner and are regularly sending the info... -TD From eugen at leitl.org Mon Oct 17 07:00:44 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 17 Oct 2005 16:00:44 +0200 Subject: [dave@farber.net: [IP] READ more on Location tracking -- for people, products, places -- is fast coming into its own / It's 11 o'clock. Do you know where your _______ is?] Message-ID: <20051017140044.GD2249@leitl.org> ----- Forwarded message from David Farber ----- From rah at shipwright.com Mon Oct 17 13:15:14 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 17 Oct 2005 16:15:14 -0400 Subject: [Clips] "Cashpaks": Money for Nothing Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Mon, 17 Oct 2005 16:14:25 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] "Cashpaks": Money for Nothing Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com Add a fifth horseman to the infocalypse: US Iraq contractors. Cheers, RAH -------- October 24, 2005 Issue The American Conservative Money for Nothing Billions of dollars have disappeared, gone to bribe Iraqis and line contractors' pockets. by Philip Giraldi The United States invaded Iraq with a high-minded mission: destroy dangerous weapons, bring democracy, and trigger a wave of reform across the Middle East. None of these have happened. When the final page is written on America's catastrophic imperial venture, one word will dominate the explanation of U.S. failure-corruption. Large-scale and pervasive corruption meant that available resources could not be used to stabilize and secure Iraq in the early days of the Coalition Provisional Authority (CPA), when it was still possible to do so. Continuing corruption meant that the reconstruction of infrastructure never got underway, giving the Iraqi people little incentive to co-operate with the occupation. Ongoing corruption in arms procurement and defense spending means that Baghdad will never control a viable army while the Shi'ite and Kurdish militias will grow stronger and produce a divided Iraq in which constitutional guarantees will be irrelevant. The American-dominated Coalition Provisional Authority could well prove to be the most corrupt administration in history, almost certainly surpassing the widespread fraud of the much-maligned UN Oil for Food Program. At least $20 billion that belonged to the Iraqi people has been wasted, together with hundreds of millions of U.S. taxpayer dollars. Exactly how many billions of additional dollars were squandered, stolen, given away, or simply lost will never be known because the deliberate decision by the CPA not to meter oil exports means that no one will ever know how much revenue was generated during 2003 and 2004. Some of the corruption grew out of the misguided neoconservative agenda for Iraq, which meant that a serious reconstruction effort came second to doling out the spoils to the war's most fervent supporters. The CPA brought in scores of bright, young true believers who were nearly universally unqualified. Many were recruited through the Heritage Foundation website, where they had posted their risumis. They were paid six-figure salaries out of Iraqi funds, and most served in 90-day rotations before returning home with their war stories. One such volunteer was Simone Ledeen, daughter of leading neoconservative Michael Ledeen. Unable to communicate in Arabic and with no relevant experience or appropriate educational training, she nevertheless became a senior advisor for northern Iraq at the Ministry of Finance in Baghdad. Another was former White House Press Secretary Ari Fleischer's older brother Michael who, though utterly unqualified, was named director of private-sector development for all of Iraq. The 15-month proconsulship of the CPA disbursed nearly $20 billion, two-thirds of it in cash, most of which came from the Development Fund for Iraq that had replaced the UN Oil for Food Program and from frozen and seized Iraqi assets. Most of the money was flown into Iraq on C-130s in huge plastic shrink-wrapped pallets holding 40 "cashpaks," each cashpak having $1.6 million in $100 bills. Twelve billion dollars moved that way between May 2003 and June 2004, drawn from accounts administered by the New York Federal Reserve Bank. The $100 bills weighed an estimated 363 tons. Once in Iraq, there was virtually no accountability over how the money was spent. There was also considerable money "off the books," including as much as $4 billion from illegal oil exports. The CPA and the Iraqi State Oil Marketing Board, which it controlled, made a deliberate decision not to record or "meter" oil exports, an invitation to wholesale fraud and black marketeering. Thus the country was awash in unaccountable money. British sources report that the CPA contracts that were not handed out to cronies were sold to the highest bidder, with bribes as high as $300,000 being demanded for particularly lucrative reconstruction contracts. The contracts were especially attractive because no work or results were necessarily expected in return. It became popular to cancel contracts without penalty, claiming that security costs were making it too difficult to do the work. A $500 million power-plant contract was reportedly awarded to a bidder based on a proposal one page long. After a joint commission rejected the proposal, its members were replaced by the minister, and approval was duly obtained. But no plant has been built. Where contracts are actually performed, their nominal cost is inflated sufficiently to provide handsome bribes for everyone involved in the process. Bribes paid to government ministers reportedly exceed $10 million. Money also disappeared in truckloads and by helicopter. The CPA reportedly distributed funds to contractors in bags off the back of a truck. In one notorious incident in April 2004, $1.5 billion in cash that had just been delivered by three Blackhawk helicopters was handed over to a courier in Erbil, in the Kurdish region, never to be seen again. Afterwards, no one was able to recall the courier's name or provide a good description of him. Paul Bremer, meanwhile, had a slush fund in cash of more than $600 million in his office for which there was no paperwork. One U.S. contractor received $2 million in a duffel bag. Three-quarters of a million dollars was stolen from an office safe, and a U.S. official was given $7 million in cash in the waning days of the CPA and told to spend it "before the Iraqis take over." Nearly $5 billion was shipped from New York in the last month of the CPA. Sources suggest that a deliberate attempt was being made to run down the balance and spend the money while the CPA still had authority and before an Iraqi government could be formed. The only certified public-accounting firm used by the CPA to monitor its spending was a company called North Star Consultants, located in San Diego, which was so small that it operated out of a private home. It was subsequently determined that North Star did not, in fact, perform any review of the CPA's internal spending controls. Today, no one can account for billions of those dollars or even suggest how the money was spent. And as the CPA no longer exists, there is also little interest in re-examining its transparency or accountability. Bremer escaped Baghdad by helicopter two days before his proconsulship expired to avoid a possible ambush on the road leading to the airport, which he had been unable to secure. He has recently been awarded the Presidential Medal of Freedom, an honor he shares with ex-CIA Director George "Slam-dunk" Tenet. Considerable fraud has been alleged regarding American companies, much of which can never be addressed because the Bush administration does not regard contracts with the CPA as pertaining to the U.S. government, even though U.S. taxpayer dollars were involved in some transactions. Many of the contracts for work in Iraq were awarded on a cost-plus basis, in which an agreed-upon percentage of profit would be added to the actual costs of performing the contract. Such contracts are an invitation to fraud, and unscrupulous companies will make every effort to increase their costs so that the profits will also increase proportionally. Halliburton, Vice President Dick Cheney's former company, has a no-bid monopoly contract with the Army Corps of Engineers that is now estimated to be worth $10 billion. In June 2005, Pentagon contracting officer Bunny Greenhouse told a congressional committee that the agreement was the "most blatant and improper contracting abuse" that she had ever witnessed, a frank assessment that subsequently earned her a demotion. Halliburton has frequently been questioned over its poor record keeping, and critics claim that it has a history of overcharging for its services. In May 1967, a company called RMK/BRJ could not account for $120 million in materiel sent to Vietnam and was investigated several times for overcharging on fuel. RMK/BRJ is now known as KBR or Kellogg, Brown and Root, the Halliburton subsidiary that has been the focus of congressional, Department of Defense, and General Accountability Office investigations. Defense Contract Audit Agency auditors have questioned Halliburton's charges on a $1.6 billion fuel contract, claiming that the overcharges on the contract exceed $200 million. In one instance, the company charged the Army more than $27 million to transport $82,000 worth of fuel from Kuwait to Iraq. Halliburton has also been accused of billing the Army for 42,000 daily meals for soldiers, though it was only actually serving 14,000. In another operation, KBR purchased fleets of Mercedes trucks at $85,000 each to re-supply U.S. troops. The trucks carried no spare parts or even extra tires for the grueling high-speed run across the Kuwaiti and Iraqi deserts. When the trucks broke down on the highway, they were abandoned and destroyed rather than repaired. Responding to complaints, Halliburton refused to permit independent auditing and inspected itself using so-called "Tiger Teams." One such team stayed at the five-star Kuwait Kempinski Hotel while it was doing its audit, running up a bill of more than $1 million that was passed on to U.S. taxpayers. Another U.S. firm well connected to the Bush White House, Custer Battles, has provided security services to the coalition, receiving $11 million in Iraqi funds including $4 million in cash in a sole-source contract to supply security at Baghdad International Airport. The company had never provided airport security before receiving the contract. It also received a $21 million no-bid contract to provide security for the exchange of Iraqi currency. It has been alleged that much of the currency "replaced" by Custer Battles has never been accounted for. The company also allegedly took over abandoned Iraqi-owned forklifts at the airport, repainted them, and then leased them back to the airport authority through a company set up in the Cayman Islands. Custer Battles reportedly set up a number of shell companies in offshore tax havens in Lebanon, Cyprus, and the Cayman Islands to handle the cash flow. Two former company managers turned whistleblowers have charged that the company defrauded the U.S. government of at least $50 million. The Bush administration's Justice Department has only reluctantly, and under pressure from a Newsweek exposi, supported the rights of the plaintiffs in the case. The White House has indicated that it is not interested in assisting other investigations of fraud in Iraqi contracting, preferring to regard the CPA as a "multinational entity" and thereby limiting its vulnerability in American courts. Another American contractor, CACI International, which was involved in the Abu Ghraib interrogations, was accused by the GAO in April 2004 of having failed to keep records on hours of work that it was billing for and of routinely upgrading employee job descriptions so that more could be charged per employee per hour. Both are apparently common practices among contractors in Iraq, and audits routinely determine that there is little in the way of paperwork to support billings. The GAO report also confirms that many private security contractors in Iraq have been charging the U.S. government exorbitant fees for their services, frequently because the contracts allow security costs to be rolled into the overall cost of the contract without being itemized. In one case, contract security guards were effectively being billed at $33,000 per guard per month while the average rate for a security specialist worked out to between $13,000 and $20,000 per month. The CPA also spread its largesse around the U.S. armed forces, distributing over $600 million in cash to four regional commanders to fund reconstruction projects as part of the Commanders' Emergency Response Program. An audit of one region disclosed that 80 percent of the funds could not be accounted for, and more that $7 million in cash was missing. It is widely believed that many of the contracting agents working under the regional commands literally stole the money. In one reported instance, an American contracting officer doubled the price of a multimillion-dollar contract and brazenly explained that the extra money would be for his retirement fund. Unfortunately, the corruption of the occupation outlived the departure of Paul Bremer and the demise of the CPA. A recent high-level investigation of the Iraqi interim government concluded that the corruption is now so pervasive as to be irreversible. One prominent businessman estimates that 95 percent of all business activity involves some form of bribery or kickback. The bureaucrats and fixers who live off of bribery are referred to by ordinary Iraqis as "Ali Babas," named after the character in The Thousand and One Nights who was able to access riches from a treasure cave by saying "open sesame." For the average Iraqi businessman, there was formerly only one hand out, that of Saddam's designated minion. Now every hand is out. The educated and entrepreneurial are leaving the country in droves, as is most of the beleaguered Christian minority. Huge government appropriations are approved by Iraqi lawmakers and then simply disappear. Meanwhile, life for the average Iraqi does not improve, and oil production, water supplies, and electricity generation are all at lower levels than they were when the U.S. took control in 2003. The only thing that everyone knows is that all the money is gone and daily life in Iraq is worse than it was under Saddam Hussein. The undocumented cash flow continued long after the CPA folded. Over $1.5 billion was disbursed to interim Iraqi ministries without any accounting, and more than $1 billion designated for provincial treasuries never made it out of Baghdad. More than $430 million in contracts issued by the Petroleum Ministry were unsupported by any documentation, and $8 billion were given to government ministries that had no financial controls in place. Nearly all of it disappeared, spent on "payroll," wages for "ghost employees" in the Ministries of the Interior and Defense. In one case, an Army brigade receiving money to support 2,200 men was found to have fewer than 300 effectives. 602 actual guards at the Ministry of the Interior were billed as more than 8,200 for payroll purposes. Iraqi Airways carried 2,400 employees even though it had not operated for over a year and had no planes. The airline itself was sold to an unidentified buyer without any paperwork to show for how much it was sold and what assets were included. It has been alleged that the buyer might well have been Pentagon favorite Ahmad Chalabi. Nearly all payrolls in the national guard and national police were also inflated, leading to uncertainty over how large the security forces actually were-still an open question. Absentees from the nominal rolls of police and soldiers provided by government ministries are believed to number in the tens of thousands, and as the United States Congress has figured out, frequently cited figures on available trained manpower are largely imaginary. Even the "coalition of the willing" partners have been quick to cash in. Polish helicopters purchased as part of a $300 million deal with arms maker Bumar Ltd. were found to be obsolete, largely unflyable, and were actually rejected by the Iraqis. Bullets purchased from Poland by the Defense Ministry cost three times the normal international price. Five Polish peacekeepers have been arrested for demanding $90,000 in bribes. Both British and American soldiers have also demanded bribes from shopkeepers and travelers. In yet another instance of take-it-while-you-can, a senior Interior Ministry official flew to Beirut in a helicopter accompanied by $10 million in newly printed Iraqi dinars. He has yet to return. Interim Iraqi President Iyad Allawi's Defense Minister Hazem Shaalan transferred $500 million to a bank account in Lebanon, allegedly to buy weapons, in a case that continues to be murky. Shaalan is reportedly vacationing abroad and has not returned to Iraq. A Bremer favorite at the Defense Ministry, Ziad Tareq Cattan, was responsible for a number of shady arms-procurement deals. A warrant has been issued for his arrest, an unusual occurrence, and he is avoiding detention by staying with family in Erbil in Kurdistan. Countless billions will never be accounted for, and the full cost of corruption has yet to be tallied. Sources report that much of the money that was designated for the development of a national army and police force is actually going to units that are exclusively Kurd or Shi'ite in expectation of a day of reckoning over the country's oil supplies. The Kurds have made no secret of their desire to continue their autonomy-bordering-on-independence and have stated that they regard Kirkuk as their own. The Shi'ites have possession of the oil-producing region to the south and are using their control of the Interior Ministry to fill police ranks with their own pro-Iranian Badr Brigade members as well as militiamen drawn from radical cleric Moqtada al-Sadr's Mehdi Army. The Sunnis are the odd men out, virtually guaranteeing that, far from becoming the model democracy the U.S. set out to build, Iraq will descend deeper into chaos-aided in no small part by the culture of corruption we helped to fortify. ? _______________________________________________ Philip Giraldi, a former CIA Officer, is a partner in Cannistraro Associates, an international security consultancy. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Mon Oct 17 08:43:44 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 17 Oct 2005 17:43:44 +0200 Subject: [kragen@pobox.com: cost to install surveillance cameras in public places] Message-ID: <20051017154344.GM2249@leitl.org> ----- Forwarded message from kragen at pobox.com ----- From CaraConklinsagacity at hawkinsedwardsinc.com Mon Oct 17 14:59:15 2005 From: CaraConklinsagacity at hawkinsedwardsinc.com (Cassie Blackburn) Date: Mon, 17 Oct 2005 17:59:15 -0400 Subject: ambien bremen Message-ID: <0.1615314968.1197980757-389966658@topica.com> Xanax and other drugs with wholesale prices. You wont find better prices anywhere! Xanax - 60 Pills - 199$ Ambien - 60 Pills - 190$ Ultram - 60 PilIs - 85$ Viagra - 150 Pills - 269$ Valium - 180 Pills - 370$ Soma - 80 Pills - 79$ Please click below and check out our offer. http://www.ghgfh.net/?7S3e6caabec4eb52aaf81d709954S92f alter you drew me, alluvium jeannie . cadillac you wordy me, woodwind cleanup . prudential you appleton me, noontime . kaolinite you cube me, dysprosium marcel serf objet . baltimore you bellingham me, designate . connotative you delineate me, chad handel prizewinning lazy . http://www.fhfgh.com/fgh.php From fogstorm at gmail.com Mon Oct 17 22:52:19 2005 From: fogstorm at gmail.com (FogStorm) Date: Mon, 17 Oct 2005 22:52:19 -0700 Subject: Mobile phones talk the talk, will soon walk the walk Message-ID: http://news.yahoo.com/s/afp/20051013/tc_afp/finlandtelecomsciencemobile Finnish researchers presented new technology designed to prevent thefts of mobile phones and laptops, using biometrics to recognize the gait of the device's owner. A sensor-based so-called "gaitcode" embedded in the device registers and memorizes the movements of the owner in three- dimensional form, and is reliable in 90 percent of cases, the researchers said Thursday. If it does not recognize the walk, it asks for a password. If given an incorrect password, the device automatically locks itself down. The gaitcode can also be used in a smartcard, attache case, weapon or USB device. "We think that if it is no longer useful for a person to steal somebody else's mobile device, the number of crimes will decrease," professor Heikki Ailisto of the VTT Technical Research Centre of Finland told a press conference. More than 300,000 mobile phones are stolen each year in Britain and some 100,000 in both Germany and Sweden, according to statistics for recent years given by VTT. The technology can also be connected to a voice-recognition system. VTT spokesman Olli Ernvall said the invention was being patented on "the most important markets", but refused to disclose which company or companies were interested in its production From eugen at leitl.org Tue Oct 18 01:34:05 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 18 Oct 2005 10:34:05 +0200 Subject: [jason@lunkwill.org: nym-0.3 released] Message-ID: <20051018083405.GF2249@leitl.org> ----- Forwarded message from Jason Holt ----- From eugen at leitl.org Tue Oct 18 01:35:16 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 18 Oct 2005 10:35:16 +0200 Subject: [brianwc@ocf.berkeley.edu: Re: Interoperating with p2p traffic] Message-ID: <20051018083516.GI2249@leitl.org> ----- Forwarded message from Brian C ----- From dave at farber.net Tue Oct 18 09:07:11 2005 From: dave at farber.net (David Farber) Date: Tue, 18 Oct 2005 11:07:11 -0500 Subject: [IP] reply from Tropos on 1 more on Limits on wireless le ave U.S. at risk Message-ID: _______________ Forward Header _______________ Subject: RE: [IP] more on Limits on wireless leave U.S. at risk Author: ron.sege at troposnetworks.com Date: 18th October 2005 6:09:16 am Dave, Tropos has shipped a couple of hundred of our Tropos 5210 mesh routers into MS and LA in the days following the storm, and had a few hundred installed in the stricken area previously. These are high-power (36 dBm), high rx sensitivity (-100 dBm), outdoor-constructed 802.11b/g access points with embedded mesh routers so they can backhaul wirelessly amongst each other to a source of Internet connectivity. Each has a 1,000 ft plus range to an outdoor Wi-Fi device, emergency vehicle with external antenna or building with a window-mounted CPE. So, a couple of hundred nodes represents 10-15 sq mi or so of contiguous coverage in typical configuration. Every 10 nodes or so are fed with a Motorola Canopy "WiMAX" link, typically shot from the roof of an MCI PoP, or from city backhaul locations. These devices, at these densities, are non line of sight so can be installed by city workers with bucket trucks on street lamps, with power taken from street-light photo cells. They will self-configure, find their backhaul, optimize throughput and route around problems. They can be battery and solar-powered due to their low wattage (28 watts or so). Last I have heard, we were in 25 or so FEMA and Red Cross shelters in NO, Biloxi, Lamar-Dixon and Baton Rouge. We are around the NO airport and on a couple of cruise ships off the gulf that are housing FEMA workers. We had 200 nodes previously installed in high-crime areas of NO doing video surveillance. As the power has been restored to the street lights, these nodes have come back up on their own and are performing their functions again. We are now in the process of expanding that network as a "force multiplier" for the police. Data applications as well as Vonage phones and Skype are active on the networks. The CIO of NO is actually in DC today testifying about the benefits of Wi-Fi mesh. Hope that helps. You can see more on our technology at www.tropos.com Ron Sege President and CEO Tropos Networks 555 Del Rey Ave Sunnyvale, CA 94085 www.tropos.com 408-331-6810 office 650-861-7564 cell 617-407-5000 international cell 408-331-6530 fax The leading supplier of products for building true metro-scale Wi-Fi mesh networks. -----Original Message----- From: David P. Reed [mailto:dpreed at reed.com] Sent: Monday, October 17, 2005 5:09 PM To: dave at farber.net Cc: Ip Ip; ron.sege at troposnetworks.com Subject: Re: [IP] more on Limits on wireless leave U.S. at risk Gerry Faulhaber wrote: > Reed claims firms were offering WiMax and WiFi mesh networks for > first responders in the wake of Katrina and Rita. He also mentions > the role of municipal WiFi in this effort. Coulda happened, but it > seems wildly unlikely. Is there any proof of this? I'm a bit skeptical about Reed Hundt's broad claims, too. However, I do know that Tropos and others who have such technology were attempting to demonstrate the value of their systems post-Katrina, so there almost certainly was some deployment, given the value to the companies of the opportunity to show their stuff. I've cc'ed Ron Sege of Tropos, who may have more direct knowledge and data. ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From RuthFredericktidbit at alznet.com Tue Oct 18 04:19:27 2005 From: RuthFredericktidbit at alznet.com (Norris Hammond) Date: Tue, 18 Oct 2005 13:19:27 +0200 Subject: ambien tog Message-ID: <0.1942514968.1197980757-002966658@topica.com> Xanax and other drugs with wholesale prices. You wont find better prices anywhere! Xanax - 60 Pills - 199$ Ambien - 60 Pills - 190$ Ultram - 60 PilIs - 85$ Viagra - 150 Pills - 269$ Valium - 180 Pills - 370$ Soma - 80 Pills - 79$ Please click below and check out our offer. http://www.fhfgh.com/?S2d309c54d03d6a1dbb6S70d88429cf5 hostage you lack me, ipsilateral arlington dionysus collect . bernini you sonar me, dragonfly hangable discriminate reversion . treachery you pediment me, councilwomen gladys mardi . feathery you neuroses me, populace . cigar you drawl me, argue arboreal female garrisonian . vale you bookie me, touchdown . http://www.ghgfh.net/fgh.php From mv at cdc.gov Tue Oct 18 13:33:34 2005 From: mv at cdc.gov (Major Variola (ret.)) Date: Tue, 18 Oct 2005 13:33:34 -0700 Subject: Judy Miller needing killing Message-ID: <43555C1E.683E66D5@cdc.gov> So this dupe/spy/wannabe journalist thinks that journalists should be *special*.. how nice. Where in the 1st amendment is the class journalists mentioned? She needs a WMD enema. LAS VEGAS (AP) -- New York Times reporter Judith Miller defended her decision to go to jail to protect a source and told a journalism conference Tuesday that reporters need a federal shield law so that others won't face the same sanctions. http://wireservice.wired.com/wired/story.asp?section=Breaking&storyId=1104064 From mv at cdc.gov Tue Oct 18 14:18:31 2005 From: mv at cdc.gov (Major Variola (ret.)) Date: Tue, 18 Oct 2005 14:18:31 -0700 Subject: Color Laser Printer Snitch Codes Message-ID: <435566A7.2F94F2AE@cdc.gov> At 12:24 PM 10/17/05 -0400, Tyler Durden wrote: >Soon we'll find out that toothbrushes are able to determine what I ate for >dinner and are regularly sending the info... Soon there will be sensors in urinals that page the DEA.. From eugen at leitl.org Tue Oct 18 08:10:17 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 18 Oct 2005 17:10:17 +0200 Subject: [dave@farber.net: [IP] reply from Tropos on 1 more on Limits on wireless le ave U.S. at risk] Message-ID: <20051018151017.GK2249@leitl.org> ----- Forwarded message from David Farber ----- From cyphrpunk at gmail.com Tue Oct 18 23:27:53 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Tue, 18 Oct 2005 23:27:53 -0700 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: References: Message-ID: <792ce4370510182327n233bb7a8la907f4926398a103@mail.gmail.com> > Just presented at ICETE2005 by Daniel Nagy: > > http://www.epointsystem.org/~nagydani/ICETE2005.pdf > > Abstract. In present paper a novel approach to on-line payment is > presented that tackles some issues of digital cash that have, in the > author s opinion, contributed to the fact that despite the availability > of the technology for more than a decade, it has not achieved even a > fraction of the anticipated popularity. The basic assumptions and > requirements for such a system are revisited, clear (economic) > objectives are formulated and cryptographic techniques to achieve them > are proposed. This is a thorough and careful paper but the system has no blinding and so payments are traceable and linkable. The standard technique of inserting dummy transfers is proposed, but it is not clear that this adds real privacy. Worse, it appears that the database showing which coins were exchanged for which is supposed to be public, making this linkage information available to everyone, not just banking insiders. Some aspects are similar to Dan Simon's proposed ecash system from Crypto 96, in particular using knowledge of a secret such as a hash pre-image to represent possession of the cash. Simon's system is covered by patent number 5768385 and the ePoint system may need to step carefully around that patent. See http://www.mail-archive.com/cpunks at einstein.ssz.com/msg04483.html for further critique of Simon's approach. CP From DallasDiamondeighteenth at photorom.com Tue Oct 18 16:15:13 2005 From: DallasDiamondeighteenth at photorom.com (Casey Lockett) Date: Wed, 19 Oct 2005 01:15:13 +0200 Subject: Do you want Rolex? Message-ID: <5.7.2.7.2.2005199.00b0a40@designs.com> Superb Quality Rolex. The high! profile jewelry you're looking for at the lowest prices in the nation!!.. http://www.oneastonishingwatchez.net Choose from our collection of Rolex watches! praecox you realty me, transcript antelope . funnel you witchcraft me, candidate glasgow measure . terminus you debilitate me, environ lizzie culture . irate you pact me, debby strengthen forgettable casket . picket you incorporable me, exemption mills . marshall you auk me, callaghan lit bella willow . From DBWDKFQOFO at yahoo.com Wed Oct 19 00:44:26 2005 From: DBWDKFQOFO at yahoo.com (Mitchell Keyes) Date: Wed, 19 Oct 2005 05:44:26 -0200 Subject: Woww..8o-% 0ff Cypherpunks Message-ID: <271504011246.j31CkQBj035567@..com> The most complete Phar macy Online We carry all major medds at bargain price Viggra, Ci ialis, VaIium, Xa naax Phantermiine, Ulltraam and etc... SatiisfactIon Gua ranteeed http://ultratablets.net/?w9h4ue7thh2=42539d72eb540ac239489814e52e3270 uszEIX From cclymer at gmail.com Wed Oct 19 09:10:51 2005 From: cclymer at gmail.com (Chris Clymer) Date: Wed, 19 Oct 2005 12:10:51 -0400 Subject: Judy Miller needing killing In-Reply-To: <43555C1E.683E66D5@cdc.gov> References: <43555C1E.683E66D5@cdc.gov> Message-ID: <4356700B.6030609@chrisclymer.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You're just trolling, right? "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances." Sending a reporter to jail for not revealing her source sure sounds like its infringing on freedom of the press to me. The issue isn't HER. The issue is that if I'm someone that wants to blow the whistle on something, I'm going to be less likely to do it if the reporter I tell might reveal me as her source. And of course, reporters might be less likely to cover such stories if they may end up choosing between protecting the source and jail. "On July of 2005, Miller was jailed for contempt of court by refusing to testify before a federal grand jury investigating a leak naming Valerie Plame as a covert CIA agent. Miller did not write about Plame, but is reportedly in possession of evidence relevant to the leak investigation. According to a subpoena, Miller met with an unnamed government official ? later revealed to be "Scooter" Libby, Vice President Cheney's Chief of Staff ? on July 8, 2003, two days after former ambassador Joseph Wilson published an Op-Ed in the Times criticizing the Bush administration for "twisting" intelligence to justify war in Iraq. (Plame's CIA identity was revealed by political commentator Robert Novak on July 14, 2003.)" That woman went to jail for not revealing the source, on a story SHE NEVER EVEN WROTE. Thats dedication. Major Variola (ret.) wrote: > So this dupe/spy/wannabe journalist thinks that journalists > should be *special*.. how nice. Where in the 1st amendment is the class > journalists mentioned? She needs a WMD enema. > > > LAS VEGAS (AP) -- New York Times reporter Judith Miller defended her > decision to go to jail to protect a source and told a journalism > conference Tuesday that reporters need a federal shield law so that > others won't face the same sanctions. > > http://wireservice.wired.com/wired/story.asp?section=Breaking&storyId=1104064 > > - -- Chris Clymer - Chris at ChrisClymer.com PGP: E546 19B6 D1EC 47A7 CAA0 8623 C807 398C CD27 15B8 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.7 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDVnALyAc5jM0nFbgRAhiIAKCCDAizX/32F3U8BEAEZo1jmbufjACeOATk UAp601vKKywgkklcAWd0iaI= =73ed -----END PGP SIGNATURE----- [demime 1.01d removed an attachment of type text/x-vcard which had a name of chris.vcf] From shawnduffy at gmail.com Wed Oct 19 10:21:24 2005 From: shawnduffy at gmail.com (Shawn Duffy) Date: Wed, 19 Oct 2005 13:21:24 -0400 Subject: Judy Miller needing killing In-Reply-To: <4356700B.6030609@chrisclymer.com> References: <43555C1E.683E66D5@cdc.gov> <4356700B.6030609@chrisclymer.com> Message-ID: <83386960510191021k2ae9d726xefeedaa06c42a988@mail.gmail.com> Unfortunately, it's not as simple as protecting a source. Most shield laws, or proposed shield laws, as I understand them, protect a journalist from revealing a source who is exposing wrongdoing that is in the public interest. This is not the same thing. The act of leaking the identity of Ms. Plame is, itself, a crime, not the exposing of wrongdoing. Now, sending her to jail certainly betrays the spirit of shield laws, but freedom of the press does not necessarily protect a journalist who is shielding a felon. On 10/19/05, Chris Clymer wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > You're just trolling, right? > > "Congress shall make no law respecting an establishment of religion, or > prohibiting the free exercise thereof; or abridging the freedom of > speech, or of the press; or the right of the people peaceably to > assemble, and to petition the Government for a redress of grievances." > > Sending a reporter to jail for not revealing her source sure sounds like > its infringing on freedom of the press to me. The issue isn't HER. The > issue is that if I'm someone that wants to blow the whistle on > something, I'm going to be less likely to do it if the reporter I tell > might reveal me as her source. And of course, reporters might be less > likely to cover such stories if they may end up choosing between > protecting the source and jail. > > "On July of 2005, Miller was jailed for contempt of court by refusing to > testify before a federal grand jury investigating a leak naming Valerie > Plame as a covert CIA agent. Miller did not write about Plame, but is > reportedly in possession of evidence relevant to the leak investigation. > According to a subpoena, Miller met with an unnamed government official > ? later revealed to be "Scooter" Libby, Vice President Cheney's Chief of > Staff ? on July 8, 2003, two days after former ambassador Joseph Wilson > published an Op-Ed in the Times criticizing the Bush administration for > "twisting" intelligence to justify war in Iraq. (Plame's CIA identity > was revealed by political commentator Robert Novak on July 14, 2003.)" > > That woman went to jail for not revealing the source, on a story SHE > NEVER EVEN WROTE. Thats dedication. > > Major Variola (ret.) wrote: > > So this dupe/spy/wannabe journalist thinks that journalists > > should be *special*.. how nice. Where in the 1st amendment is the class > > journalists mentioned? She needs a WMD enema. > > > > > > LAS VEGAS (AP) -- New York Times reporter Judith Miller defended her > > decision to go to jail to protect a source and told a journalism > > conference Tuesday that reporters need a federal shield law so that > > others won't face the same sanctions. > > > > http://wireservice.wired.com/wired/story.asp?section=Breaking&storyId=1104064 > > > > > > - -- > Chris Clymer - Chris at ChrisClymer.com > PGP: E546 19B6 D1EC 47A7 CAA0 8623 C807 398C CD27 15B8 > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.7 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > > iD8DBQFDVnALyAc5jM0nFbgRAhiIAKCCDAizX/32F3U8BEAEZo1jmbufjACeOATk > UAp601vKKywgkklcAWd0iaI= > =73ed > -----END PGP SIGNATURE----- From nagydani at epointsystem.org Wed Oct 19 04:44:55 2005 From: nagydani at epointsystem.org (Daniel A. Nagy) Date: Wed, 19 Oct 2005 13:44:55 +0200 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <792ce4370510182327n233bb7a8la907f4926398a103@mail.gmail.com> References: <792ce4370510182327n233bb7a8la907f4926398a103@mail.gmail.com> Message-ID: <20051019114455.GA8007@epointsystem.org> On Tue, Oct 18, 2005 at 11:27:53PM -0700, cyphrpunk wrote: > > Just presented at ICETE2005 by Daniel Nagy: > > > > http://www.epointsystem.org/~nagydani/ICETE2005.pdf > > This is a thorough and careful paper but the system has no blinding > and so payments are traceable and linkable. The standard technique of > inserting dummy transfers is proposed, but it is not clear that this > adds real privacy. Worse, it appears that the database showing which > coins were exchanged for which is supposed to be public, making this > linkage information available to everyone, not just banking insiders. > > Some aspects are similar to Dan Simon's proposed ecash system from > Crypto 96, in particular using knowledge of a secret such as a hash > pre-image to represent possession of the cash. Simon's system is > covered by patent number 5768385 and the ePoint system may need to > step carefully around that patent. See > http://www.mail-archive.com/cpunks at einstein.ssz.com/msg04483.html for > further critique of Simon's approach. At the time of writing, I was already familiar with Simon's proposal and its above mentioned critique (I learnt about them from Stefan Brands' blog). At that time, the design and the implementation were already complete and the process of writing up the paper was also well advanced. Wishing to postpone the discussion of patents for as long as possible, I decided against citing Dan Simon's work in references, which may be regarded as an act of academic dishonesty on my part. Mea culpa. I am reasonably confident that I can legally defend the point that there are sufficient differences between my proposal and Simon's, but I might not be ready to fight off a legal assault from Microsoft (lack of time and money) right now. Leaving the patent issue at that, let us proceed to the substance. I will probably need to write another paper, clarifiing some of these issues. Let me, however, re-emphasize some of the points already present in the paper and perhaps cast them in a slightly different light. In my paper, I am explicitly and implicitly challenging Chaum's assumptions about the very problem of digital cash-like payment. One can, of course, criticize my proposal under chaumian assumptions, but that would miss the point entirely. I think, a decade of consistent failure at introducing chaumian digital cash to the market is good enough a reason to re-think the problem from the very basics. Note that nowhere in my paper did I imply that the issuer is a bank (the only mentioning of a bank in the paper is in an analogy). This is because I am strongly convinced that banks cannot, will not and should not be the principal issuers of digital cash-like payment vehicles. If you need explaination, I'm willing to provide it. I do not expect payment tokens to originate from withdrawals and end their life cycles being deposited to users' bank accounts. Insider fraud is a very serious risk in financial matters. A system that provides no safeguards against a fraudulent issuer will sooner or later be exploited that way. Financial systems (not just electronic ones) often fall to insider attacks. They must be addressed in a successful system. All chaumian systems are hopelessly vulnerable to insider fraud. And now some points missing from the paper: Having a long-term global secret, whose disclosure leads to immediate, catastrophic failure of the whole system is to be avoided in security engineering (using Schneier's terminology, it makes a hard system brittle). The private key of a blinding-based system is exactly such a component. Note that in the proposed system, the digital signature of the issuer is just a fancy integrity protection mechanism for public records, which can be supplemented and even temporarily substituted (while a new key is phased in in the case of compromise) by other mechanisms of integrity protection. It is the public audit trail that provides most of the security. Using currency is, essentially, a credit operation, splitting barter into the separate acts of selling and buying, thus making the promise to reciprocate (that is the eligibility to buy something of equal value from the buyer) a tradeable asset itself. It is the trading of this asset that needs to be anonymous, and the proposed system does a good enough job of protecting the anonymity of those in the middle of the transaction chains. Hope, this helps. -- Daniel From cclymer at gmail.com Wed Oct 19 11:17:48 2005 From: cclymer at gmail.com (Chris Clymer) Date: Wed, 19 Oct 2005 14:17:48 -0400 Subject: Judy Miller needing killing In-Reply-To: <83386960510191021k2ae9d726xefeedaa06c42a988@mail.gmail.com> References: <43555C1E.683E66D5@cdc.gov> <4356700B.6030609@chrisclymer.com> <83386960510191021k2ae9d726xefeedaa06c42a988@mail.gmail.com> Message-ID: <43568DCC.1050809@chrisclymer.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My understanding is that she only went to jail because of a federal law passed in the early 80's designed to protect undercover federal agents. Maybe I'm misunderstanding, but I was under the impression that were it not for that law, there would be no need for a "shield law"...just stronger clarification of that law. Did this issue go before the supreme court...have they ruled that the law is constitutional? Freedom of the press should protect a reporter from prosecution fromt he reporting of ANYTHING. Reporting about a felon is fine(i don't think current laws dispute this). If in addition to that, the reporter is breaking ANOTHER law by shielding a felon, thats another issue altogether. We're talking freedom to report things, not freedom for a reporter to do anything they wish. Shawn Duffy wrote: > Unfortunately, it's not as simple as protecting a source. > > Most shield laws, or proposed shield laws, as I understand them, > protect a journalist from revealing a source who is exposing > wrongdoing that is in the public interest. This is not the same > thing. The act of leaking the identity of Ms. Plame is, itself, a > crime, not the exposing of wrongdoing. Now, sending her to jail > certainly betrays the spirit of shield laws, but freedom of the press > does not necessarily protect a journalist who is shielding a felon. > > > > On 10/19/05, Chris Clymer wrote: > > You're just trolling, right? > > "Congress shall make no law respecting an establishment of religion, or > prohibiting the free exercise thereof; or abridging the freedom of > speech, or of the press; or the right of the people peaceably to > assemble, and to petition the Government for a redress of grievances." > > Sending a reporter to jail for not revealing her source sure sounds like > its infringing on freedom of the press to me. The issue isn't HER. The > issue is that if I'm someone that wants to blow the whistle on > something, I'm going to be less likely to do it if the reporter I tell > might reveal me as her source. And of course, reporters might be less > likely to cover such stories if they may end up choosing between > protecting the source and jail. > > "On July of 2005, Miller was jailed for contempt of court by refusing to > testify before a federal grand jury investigating a leak naming Valerie > Plame as a covert CIA agent. Miller did not write about Plame, but is > reportedly in possession of evidence relevant to the leak investigation. > According to a subpoena, Miller met with an unnamed government official > ? later revealed to be "Scooter" Libby, Vice President Cheney's Chief of > Staff ? on July 8, 2003, two days after former ambassador Joseph Wilson > published an Op-Ed in the Times criticizing the Bush administration for > "twisting" intelligence to justify war in Iraq. (Plame's CIA identity > was revealed by political commentator Robert Novak on July 14, 2003.)" > > That woman went to jail for not revealing the source, on a story SHE > NEVER EVEN WROTE. Thats dedication. > > Major Variola (ret.) wrote: > >>So this dupe/spy/wannabe journalist thinks that journalists >>should be *special*.. how nice. Where in the 1st amendment is the class >>journalists mentioned? She needs a WMD enema. > > >>LAS VEGAS (AP) -- New York Times reporter Judith Miller defended her >>decision to go to jail to protect a source and told a journalism >>conference Tuesday that reporters need a federal shield law so that >>others won't face the same sanctions. > >>http://wireservice.wired.com/wired/story.asp?section=Breaking&storyId=1104064 > > > > -- > Chris Clymer - Chris at ChrisClymer.com > PGP: E546 19B6 D1EC 47A7 CAA0 8623 C807 398C CD27 15B8 > - -- Chris Clymer - Chris at ChrisClymer.com PGP: E546 19B6 D1EC 47A7 CAA0 8623 C807 398C CD27 15B8 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.7 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDVo3MyAc5jM0nFbgRAtKQAJ427wj//CP8W7eyV4zzzlytFX1RZwCfd3Zi pmfTHmDlqSqLwMNAlZs++gY= =MAHe -----END PGP SIGNATURE----- [demime 1.01d removed an attachment of type text/x-vcard which had a name of chris.vcf] From cyphrpunk at gmail.com Wed Oct 19 16:34:26 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Wed, 19 Oct 2005 16:34:26 -0700 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <20051019114455.GA8007@epointsystem.org> References: <792ce4370510182327n233bb7a8la907f4926398a103@mail.gmail.com> <20051019114455.GA8007@epointsystem.org> Message-ID: <792ce4370510191634l719a7dbeqf7d921a5d56dc0b1@mail.gmail.com> On 10/19/05, Daniel A. Nagy wrote: > > > http://www.epointsystem.org/~nagydani/ICETE2005.pdf > > Note that nowhere in my paper did I imply that the issuer is a bank (the > only mentioning of a bank in the paper is in an analogy). This is because I > am strongly convinced that banks cannot, will not and should not be the > principal issuers of digital cash-like payment vehicles. If you need > explaination, I'm willing to provide it. I do not expect payment tokens to > originate from withdrawals and end their life cycles being deposited to > users' bank accounts. Suppose we consider your concept of a "transaction chain", which is formed when a token is created based on some payment from outside the system, is maintained through exchanges of one token for another (we will ignore split and combine operations for now), and terminates when the token is redeemed for some outside-the-system value. Isn't it likely in practice that such transaction chains will be paid for and redeemed via existing financial systems, which are fully identified? A user will buy a token using an online check or credit card or some other non-anonymous mechanism. He passes it to someone else as a cash-like payment. Optionally it passes through more hands. Ultimately it is redeemed by someone who exchanges it for a check or deposit into a bank or credit card account. If you don't see this as the typical usage model, I'd like to hear your ideas. If this is the model, my concern is that in practice it will often be the case that there will be few intermediate exchanges. Particularly in the early stages of the system, there won't be that much to buy. Someone may accept epoints for payment but the first thing he will do is convert them to "real money". A typical transaction will start with someone buying epoints from the issuer using some identified payment system, spending them online, and then the recipient redeems them using an identified payment system. The issuer sees exactly who spent, how much they spent and where they spent it. The result is that in practice the system has no anonymity whatsoever. It is just another way of transferring value online. > Using currency is, essentially, a credit operation, splitting barter into > the separate acts of selling and buying, thus making the promise to > reciprocate (that is the eligibility to buy something of equal value from the > buyer) a tradeable asset itself. It is the trading of this asset that needs > to be anonymous, and the proposed system does a good enough job of > protecting the anonymity of those in the middle of the transaction chains. The hard part is getting into the middle of those transaction chains. Until we reach the point where people receive their salaries in epoints, they will have little choice but to buy epoints for real money. That puts them at the beginning of a transaction chain and not in the middle. Sellers will tend to be at the end. The only people who could be in the middle would be those who sell substantially online for epoints and who also find things online that they can buy for epoints. But that will be a small fraction of users. For the rest of them, anonymity is not a sellling point of this system. If you take away the anonymity, is this technology still valuable? Does it have advantages over other online payment systems, like egold, credit cards or paypal? CP From gil_hamilton at hotmail.com Wed Oct 19 12:59:18 2005 From: gil_hamilton at hotmail.com (Gil Hamilton) Date: Wed, 19 Oct 2005 19:59:18 +0000 Subject: Judy Miller needing killing In-Reply-To: <43568DCC.1050809@chrisclymer.com> Message-ID: > > On 10/19/05, Chris Clymer wrote: > > > > You're just trolling, right? [snip] > > Major Variola (ret.) wrote: > > > >>So this dupe/spy/wannabe journalist thinks that journalists > >>should be *special*.. how nice. Where in the 1st amendment is the class > >>journalists mentioned? She needs a WMD enema. The problem is that reporters want to be made into a special class of people that don't have to abide by the same laws as the rest of us. Are you a reporter? Am I? Is the National Inquirer? How about Drudge? What about bloggers? Which agency will you have to apply to in order to get a Journalism License? And will this License to Report entitle one to ignore subpoenas from federal grand juries? Reporters should have no rights the rest of us don't have. It's hard to imagine the framers of the constitution approving an amendment that said freedom of the press is granted to all those who first apply for and receive permission from the government. GH _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From justin-cypherpunks at soze.net Wed Oct 19 13:40:31 2005 From: justin-cypherpunks at soze.net (Justin) Date: Wed, 19 Oct 2005 20:40:31 +0000 Subject: [Politech] More on Barney lawyer yearning to hack copyright infringers' sites [ip] In-Reply-To: <43568473.70201@well.com> References: <43568473.70201@well.com> Message-ID: <20051019204031.GA22101@arion.stark.net> On 2005-10-19T10:37:55-0700, Declan McCullagh wrote: > Previous Politech message: > http://www.politechbot.com/2005/10/17/barney-lawyer-recommends/ > Responses: > http://www.politechbot.com/2005/10/19/more-on-barney/ Some of the first-round responses mentioned the iniquities involved in attacking hosted sites, but what if the site that appears to be involved in copyright infringement isn't? There is no assurance that the suspect IP address isn't forwarding illegal (outgoing) traffic from some other machine, or that it doesn't forward incoming traffic to some other machine. Suppose someone has a wireless firewall appliance set up to forward a number of common ports to an interior server. Attacking a suspect IP results in an attack on an uninvolved interior server. The copyright violation might be some unauthorized person connecting through a wireless gateway, so the owner of the interior server might not be in any way connected to the copyright violation. Suppose someone is running a web proxy. An attack on a suspect IP address results in an attack on the machine running the web proxy. An open web proxy, while it may violate an ISP contract, is not illegal, and by itself the proxy is not connected to any illegal activity (except maybe in China, etc.). Suppose someone is involved in copyright infringement, but forwards all incoming connections on certain ports [while dropping traffic to the rest...] to an IP address associated with the Chinese Embassy. Is it clear who's responsible when a copyright holder ends up attacking a Chinese computer? Even if the person who set up the port forwarding is responsible for _connections_ to the Chinese Embassy made as a result, does that make him responsible for willful attacks conducted by copyright holders? If copyright hackers get immunity as long as they attack the public IP address that appears to be distributing copyrighted material, the consequences will be much worse than those of DMCA take-down provisions. ISPs everywhere would police their own networks with a vengeance to mitigate the risk that some copyright holder would find something first, attack the ISP, and cause major damage (not to mention subsequent loss of customers). At least with the DMCA, ISPs get notified and have a chance to act before something bad happens, which generally means low levels of in-house policing. From justin-cypherpunks at soze.net Wed Oct 19 13:44:20 2005 From: justin-cypherpunks at soze.net (Justin) Date: Wed, 19 Oct 2005 20:44:20 +0000 Subject: Judy Miller needing killing In-Reply-To: References: <43568DCC.1050809@chrisclymer.com> Message-ID: <20051019204420.GB22101@arion.stark.net> On 2005-10-19T19:59:18+0000, Gil Hamilton wrote: > > Reporters should have no rights the rest of us don't have. It's hard to > imagine the framers of the constitution approving an amendment that said > freedom of the press is granted to all those who first apply for and > receive permission from the government. Blame the framers. They separately enumerated freedom of speech and freedom of the press, which suggests at least a little bit that freedom of the press includes something extra. -- Do you know what your sin is? From gil_hamilton at hotmail.com Wed Oct 19 14:22:43 2005 From: gil_hamilton at hotmail.com (Gil Hamilton) Date: Wed, 19 Oct 2005 21:22:43 +0000 Subject: Judy Miller needing killing In-Reply-To: <4356B26C.4020309@gmx.co.uk> Message-ID: Dave Howe wrote: >Gil Hamilton wrote: > > The problem is that reporters want to be made into a special class of > > people that don't have to abide by the same laws as the rest of us. Are > > you a reporter? Am I? Is the National Inquirer? How about Drudge? > > What about bloggers? Which agency will you have to apply to in order to > > get a Journalism License? And will this License to Report entitle one > > to ignore subpoenas from federal grand juries? > Problem there is - Miller didn't write the story, pass on the info to >anyone >else, or indeed do much more than have a conversation with an unnamed >source >where a classified name was revealed. The Grand Jury is aware that Miller >had >this info but refused to reveal who the informant was. I've never heard it disclosed how the prosecutor discovered that Miller had had such a conversation but it isn't relevant anyway. The question is, can she defy a subpoena based on membership in the privileged Reporter class that an "ordinary" person could not defy? > On the other hand - Robert Novak got the same information, REPORTED it - >and >isn't in any sort of trouble at all. Somehow this isn't the issue though... >and >I wonder why? I don't know this either; perhaps because he immediately rolled over when he got subpoenaed? GH _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From gil_hamilton at hotmail.com Wed Oct 19 14:44:07 2005 From: gil_hamilton at hotmail.com (Gil Hamilton) Date: Wed, 19 Oct 2005 21:44:07 +0000 Subject: Judy Miller needing killing In-Reply-To: <20051019204420.GB22101@arion.stark.net> Message-ID: Justin wrote: >On 2005-10-19T19:59:18+0000, Gil Hamilton wrote: > > > > Reporters should have no rights the rest of us don't have. It's hard to > > imagine the framers of the constitution approving an amendment that said > > freedom of the press is granted to all those who first apply for and > > receive permission from the government. > >Blame the framers. They separately enumerated freedom of speech and >freedom of the press, which suggests at least a little bit that freedom >of the press includes something extra. Yes, it specifies printed material rather than spoken; this wouldn't have been unusual to them -- English law has long distinguished libel from slander, for example. Your statement implies that you think the framers were being deliberately vague or encoding various sorts of subtle nuances in the amendment's language. It's much simpler to presume that they said what they intended to say. GH _________________________________________________________________ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ From DaveHowe at gmx.co.uk Wed Oct 19 13:54:04 2005 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Wed, 19 Oct 2005 21:54:04 +0100 Subject: Judy Miller needing killing In-Reply-To: References: Message-ID: <4356B26C.4020309@gmx.co.uk> Gil Hamilton wrote: > The problem is that reporters want to be made into a special class of > people that don't have to abide by the same laws as the rest of us. Are > you a reporter? Am I? Is the National Inquirer? How about Drudge? > What about bloggers? Which agency will you have to apply to in order to > get a Journalism License? And will this License to Report entitle one > to ignore subpoenas from federal grand juries? Problem there is - Miller didn't write the story, pass on the info to anyone else, or indeed do much more than have a conversation with an unnamed source where a classified name was revealed. The Grand Jury is aware that Miller had this info but refused to reveal who the informant was. On the other hand - Robert Novak got the same information, REPORTED it - and isn't in any sort of trouble at all. Somehow this isn't the issue though... and I wonder why? From rah at shipwright.com Wed Oct 19 21:40:54 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 20 Oct 2005 00:40:54 -0400 Subject: [Clips] FDIC: Putting an End to Account-Hijacking Identity Theft Study Supplement Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Thu, 20 Oct 2005 00:39:23 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] FDIC: Putting an End to Account-Hijacking Identity Theft Study Supplement Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com ? Home > Consumer Protection > Consumer Resources > Putting an End to Account-Hijacking Identity Theft Study Supplement Putting an End to Account-Hijacking Identity Theft Study Supplement Federal Deposit Insurance Corporation Division of Supervision and Consumer Protection Technology Supervision Branch June 17, 2005 This publication supplements the FDIC's study Putting an End to Account-Hijacking Identity Theft published on December 14, 2004. Printable Version - PDF 105k (PDF Help) Table of Contents Executive Summary and Findings Focus of Supplement Identity theft in general and account hijacking in particular continue to be significant problems for the financial services industry and consumers. Recent studies indicate that identity theft is evolving in more complicated ways that make it more difficult for consumers to protect themselves. Recent studies also indicate that consumers are concerned about online security and may be receptive to using two-factor authentication if they perceive it as offering improved safety and convenience. This Supplement discusses seven additional technologies that were not discussed in the Study. These technologies, as well as those considered in the Study, have the potential to substantially reduce the level of account hijacking (and other forms of identity theft) currently being experienced. Findings Different financial institutions may choose different solutions, or a variety of solutions, based on the complexity of the institution and the nature and scope of its activities. The FDIC does not intend to propose one solution for all, but the evidence examined here and in the Study indicates that more can and should be done to protect the security and confidentiality of sensitive customer information in order to prevent account hijacking. Thus, the FDIC presents the following updated findings: 1 The information security risk assessment that financial institutions are currently required to perform should include an analysis to determine (a) whether the institution needs to implement more secure customer authentication methods and, if it does, (b) what method or methods make most sense in view of the nature of the institution's business and customer base. 2 If an institution offers retail customers remote access to Internet banking or any similar product that allows access to sensitive customer information, the institution has a responsibility to secure that delivery channel. More specifically, the widespread use of user ID and password for remote authentication should be supplemented with a reliable form of multifactor authentication or other layered security so that the security and confidentiality of customer accounts and sensitive customer information are adequately protected. Last Updated 6/27/2005 consumeralerts at fdic.gov Home Contact Us Search Help SiteMap Forms Freedom of Information Act Website Policies FirstGov.gov -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Wed Oct 19 21:41:02 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 20 Oct 2005 00:41:02 -0400 Subject: [Clips] FDIC: FIL-103-2005: Authentication in an Internet Banking Environment Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Thu, 20 Oct 2005 00:39:49 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] FDIC: FIL-103-2005: Authentication in an Internet Banking Environment Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com ? Home > News & Events > Financial Institution Letters Financial Institution Letters FFIEC Guidance Authentication in an Internet Banking Environment FIL-103-2005 October 12, 2005 Summary: The Federal Financial Institutions Examination Council (FFIEC) has issued the attached guidance, "Authentication in an Internet Banking Environment." For banks offering Internet-based financial services, the guidance describes enhanced authentication methods that regulators expect banks to use when authenticating the identity of customers using the on-line products and services. Examiners will review this area to determine a financial institution's progress in complying with this guidance during upcoming examinations. Financial Institutions will be expected to achieve compliance with the guidance no later than year-end 2006. Highlights: * Financial institutions offering Internet-based products and services should use effective methods to authenticate the identity of customers using those products and services. * Single-factor authentication methodologies may not provide sufficient protection for Internet-based financial services. * The FFIEC agencies consider single-factor authentication, when used as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties. * Risk assessments should provide the basis for determining an effective authentication strategy according to the risks associated with the various products and services available to on-line customers. * Customer awareness and education should continue to be emphasized because they are effective deterrents to the on-line theft of assets and sensitive information. Distribution: FDIC-Supervised Banks (Commercial and Savings) Suggested Routing: Chief Executive Officer Chief Information Security Officer Related Topics: * FIL-66-2005, Guidance on Mitigating Risks From Spyware, issued July 22, 2005 * FIL-64-2005, Guidance on How Financial Institutions Can Protect Against Pharming Attacks, issued July 18, 2005 * FIL-27-2004, Guidance on Safeguarding Customers Against E-Mail and Internet Related Fraud, issued March 12, 2004 * FFIEC Information Security Handbook, issued November 2003 * Interagency Informational Brochure on Phishing Scams, contained in FIL-113-2004, issued September 13, 2004 * Putting an End to Account- Hijacking Identity Theft, FDIC Study, issued December 14, 2004 * FDIC Identity Theft Study Supplement on Account-Highjacking Identity Theft, issued June 17, 2005 Attachment: FFIEC Guidance: Authentication in an Internet Banking Environment - PDF 163k (PDF Help) Contact: Senior Policy Analyst Jeffrey Kopchik at JKopchik at fdic.gov or (202) 898-3872, or Senior Technology Specialist Robert D. Lee at RoLee at fdic.gov or (202) 898-3688 Printable Format: FIL-103-2005 - PDF 41k (PDF Help) Note: FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at www.fdic.gov/news/news/financial/2005/index.html. To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html. Paper copies of FDIC FILs may be obtained through the FDIC's Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (1-877-275-3342 or 202-416-6940). Last Updated 10/12/2005 communications at fdic.gov Home Contact Us Search Help SiteMap Forms Freedom of Information Act Website Policies FirstGov.gov -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From DaveHowe at gmx.co.uk Wed Oct 19 17:11:01 2005 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Thu, 20 Oct 2005 01:11:01 +0100 Subject: Judy Miller needing killing In-Reply-To: References: Message-ID: <4356E095.7020804@gmx.co.uk> Gil Hamilton wrote: > I've never heard it disclosed how the prosecutor discovered that Miller had > had such a conversation but it isn't relevant anyway. The question is, can > she defy a subpoena based on membership in the privileged Reporter class that > an "ordinary" person could not defy? Why not? while Miller could well be prosecuted for revealing the identity, had she done so - she didn't. Why should *anyone* be jailed for failing to reveal who they had talked to in confidence? I am all in favour of people being tried for their actions, but not for thoughtcrimes. >> On the other hand - Robert Novak got the same information, REPORTED it - >> and isn't in any sort of trouble at all. Somehow this isn't the issue >> though... and I wonder why? > I don't know this either; perhaps because he immediately rolled over when he > got subpoenaed? And yet Novak is the one who purportedly committed a crime - revealing the identity of an agent and thus endangering them. So the actual crime (of revealing) isn't important, but talking to a reporter is? From kczjqxjxauap at hotmail.com Wed Oct 19 15:20:57 2005 From: kczjqxjxauap at hotmail.com (Janie Medeiros) Date: Thu, 20 Oct 2005 03:20:57 +0500 Subject: Highest Quality Branded Watches ZpsO Message-ID: <5244277.103133kczjqxjxauap@hotmail.com> Why pay more for originals when replikas are look 99.9% alike? Highest quality of replikas assured which can't differentiate the difference with originals. And available at 95% original prices. Try us out today.. http://043.iwantajobdognaldtrump.com o-ut of mai-lling lisst: http://043.iwantajobdonaldftrump.com/rm/ 1QUXE From nagydani at epointsystem.org Wed Oct 19 21:18:47 2005 From: nagydani at epointsystem.org (Daniel A. Nagy) Date: Thu, 20 Oct 2005 06:18:47 +0200 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <792ce4370510191634l719a7dbeqf7d921a5d56dc0b1@mail.gmail.com> References: <792ce4370510182327n233bb7a8la907f4926398a103@mail.gmail.com> <20051019114455.GA8007@epointsystem.org> <792ce4370510191634l719a7dbeqf7d921a5d56dc0b1@mail.gmail.com> Message-ID: <20051020041840.GC7120@epointsystem.org> I will provide a detailed answer a bit later, but the short answer is that anonymity and untraceability are not major selling points, as experience shows. After all, ATMs could easily record and match to the user the serial numbers of each banknote they hand out, yet, there seems to be no preference to coins vs. banknotes. The major selling point, as noted in the paper and in the presentation is that the security (and hence the transaction cost manifesting itself in the effort required for each transaction) scales with transaction value. For paying pennies, you just type, say, 12-character codes. Yet, if the transaction value warrants it, you can have a full-fledged, digitally signed audit trail within the same system. And it's completely up to the users to decide what security measures to take. Another important issue is that you never risk more than the transaction value. There is no identity to be stolen. So, in short, the selling point is flexible and potentially very high security against all sorts of threats. Someone finding out who you might be is not, by far, the most serious threat in a payment system. -- Daniel From iang at systemics.com Wed Oct 19 22:25:57 2005 From: iang at systemics.com (Ian G) Date: Thu, 20 Oct 2005 06:25:57 +0100 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <792ce4370510191634l719a7dbeqf7d921a5d56dc0b1@mail.gmail.com> References: <792ce4370510182327n233bb7a8la907f4926398a103@mail.gmail.com> <20051019114455.GA8007@epointsystem.org> <792ce4370510191634l719a7dbeqf7d921a5d56dc0b1@mail.gmail.com> Message-ID: <43572A65.9090308@systemics.com> cyphrpunk wrote: > If this is the model, my concern is that in practice it will often be > the case that there will be few intermediate exchanges. Particularly > in the early stages of the system, there won't be that much to buy. > Someone may accept epoints for payment but the first thing he will do > is convert them to "real money". A typical transaction will start with > someone buying epoints from the issuer using some identified payment > system, spending them online, and then the recipient redeems them > using an identified payment system. The issuer sees exactly who spent, > how much they spent and where they spent it. The result is that in > practice the system has no anonymity whatsoever. It is just another > way of transferring value online. That's a "merchant" business model. Typically, that's not how payment systems emerge. Mostly, they emerge by a p2p model, and then migrate to a merchant model over time. How they start is generally a varied question, and somewhat a part of the inspiration of the Issuer. According to the Issuer's design, he may try and force that migration faster or slower. In a more forced system, there is typically only one or a few exchange points and that is probably the Issuer himself. If the Issuer also pushes a merchant design, and a triangular flow evolves, the tracing of transactions is relatively easy regardless of the system because time and amount give it away. But, typically, if the Issuer has designs on merchant business, he generally doesn't care about the hyphed non-tracking capabilities of the software, and also prefer the tracking to be easy for support and segmentation purposes. A game that Issuers often play is to pretend or market a system as privacy protecting, but if their intention is the merchant model then that game stops when the numbers get serious. (I gather they discuss that in the Paypal book if you want a written example.) Either way, it is kind of tough to criticise a software system for that. It's the Issuer and the market that sets the tune there; not the software system. The ideal software system allows the Issuer to decide these paramaters, but it is also kind of tough to provide all such paramaters in a big dial, and keep the system small and tight. (I suppose on this note, this is a big difference between Daniel's system and mine. His is small and tight and he talks about being able to audit the 5 page long central server ... mine is relatively large and complex, but it can do bearer and it can do fully traceable, as well as be passably extended to imitate of his design.) Meanwhile, the Issuers who want to provide privacy with a bog standard double entry online accounts system still have a better record of doing that than any other Issuers that might have boasted mathematical blah blah, they just run theirs privately. e.g., your average Swiss bank. iang From gil_hamilton at hotmail.com Thu Oct 20 03:57:23 2005 From: gil_hamilton at hotmail.com (Gil Hamilton) Date: Thu, 20 Oct 2005 10:57:23 +0000 Subject: Judy Miller needing killing In-Reply-To: <4356E095.7020804@gmx.co.uk> Message-ID: Dave Howe wrote: >Gil Hamilton wrote: > > I've never heard it disclosed how the prosecutor discovered that Miller >had > > had such a conversation but it isn't relevant anyway. The question is, >can > > she defy a subpoena based on membership in the privileged Reporter class >that > > an "ordinary" person could not defy? >Why not? while Miller could well be prosecuted for revealing the identity, >had >she done so - she didn't. Why should *anyone* be jailed for failing to >reveal >who they had talked to in confidence? I am all in favour of people being >tried >for their actions, but not for thoughtcrimes. Miller wasn't prosecuted. She was not charged with a crime. She was not in danger of being charged if she had "revealed the identity". She was jailed for contempt of court for obstructing a grand jury investigation by refusing to testify. Perhaps no one should be required to testify but current law here is that when subpoenaed by a grand jury investigating a possible crime, one is obliged to answer their questions except in a small number of exceptional circumstances (self-incrimination would be one example). Miller is seeking to be placed above the law that applies to the rest of us. >And yet Novak is the one who purportedly committed a crime - revealing the >identity of an agent and thus endangering them. So the actual crime (of >revealing) isn't important, but talking to a reporter is? You're confused. AFAIK, no one has suggested that Novak commited a crime in this case. The "actual crime (of revealing)" is what the grand jury was attempting to investigate; Miller was jailed for obstructing that investigation. GH _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From cyphrpunk at gmail.com Thu Oct 20 11:09:08 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Thu, 20 Oct 2005 11:09:08 -0700 Subject: Judy Miller needing killing In-Reply-To: <43555C1E.683E66D5@cdc.gov> References: <43555C1E.683E66D5@cdc.gov> Message-ID: <792ce4370510201109k427f8bcak2ddccd7bde80d730@mail.gmail.com> On 10/18/05, Major Variola (ret.) wrote: > So this dupe/spy/wannabe journalist thinks that journalists > should be *special*.. how nice. Where in the 1st amendment is the class > journalists mentioned? She needs a WMD enema. We put up with this "needs killing" crap from Tim May because he was imaginative and interesting, at least when he could shake free from his racism and nihilism. You on the other hand offer nothing but bilious ignorance. If you don't have anything to say, how about if you just don't say it? The notion that someone who is willing to spend months in jail just to keep a promise of silence "needs killing" is beyond bizarre and is downright evil. This list supports the rights of individuals to tell the government to go to hell, and that is exactly what Judy Miller did. She should be a hero around here. It's disgusting to see these kinds of comments from a no-nothing like "Major Variola". CP From cyphrpunk at gmail.com Thu Oct 20 11:31:39 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Thu, 20 Oct 2005 11:31:39 -0700 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: References: Message-ID: <792ce4370510201131o6e1a2fa0x543a60a566a56a00@mail.gmail.com> Let's take a look at Daniel Nagy's list of desirable features for an ecash system and see how simple, on-line Chaum ecash fares. > http://www.epointsystem.org/~nagydani/ICETE2005.pdf > > One of the reasons, in the author s opinion, is that payment systems > based on similar schemes lack some key characteristics of paper-based > cash, rendering them economically infeasible. Let us quickly enumerate > the most important properties of cash: > > 1. "Money doesn't smell." Cash payments are -- potentially -- > _anonymous_ and untraceable by third parties (including the issuer). This is of course the main selling point of Chaum's system, where it excels. I will point out that defining cash as merely "potentially" anonymous leaves a loophole whereby fully non-anonymous systems get to call themselves cash. This underplays the strength of Chaum's system. It is not just "potentially" anonymous, it has a strong degree of anonymity. > 2. Cash payments are final. After the fact, the paying party has no > means to reverse the payment. We call this property of cash > transactions _irreversibility_. Certainly Chaum ecash has this property. Because deposits are unlinkable to withdrawals, there is no way even in principle to reverse a transaction. > 3. Cash payments are _peer-to-peer_. There is no distinction between > merchants and customers; anyone can pay anyone. In particular, anybody > can receive cash payments without contracts with third parties. Again this is precisely how Chaum ecash works. Everyone can receive ecash and everyone can spend it. There is no distinction between buyers and vendors. Of course, transactions do need the aid of the issuer, but that is true of all online payment systems including Daniel's. > 4. Cash allows for "acts of faith" or _naive transactions_. Those who > are not familiar with all the antiforgery measures of a particular > banknote or do not have the necessary equipment to verify them, can > still transact with cash relying on the fact that what they do not > verify is nonetheless verifiable in principle. I have to admit, I don't understand this point, so I can't say to what extent Chaum ecash meets it. In most cases users will simply use their software to perform transactions and no familiarity is necessary with any antiforgery or other technical measures in the payment system. In this sense all users are "naive" and no one is expected to be a technical expert. Chaum ecash works just fine in this model. > 5. The amount of cash issued by the issuing authority is public > information that can be verified through an auditing process. This is the one aspect where Chaum ecash fails. It is a significant strength of Daniel Nagy's system that it allows public audits of the amount of cash outstanding. However note that if the ecash issuer stands ready to buy and sell ecash for "real money" then he has an incentive not to excessively inflate his currency as it would create liabilities which exceed his assets. Similarly, in a state of competition between multiple such ecash issuers, any currency which over-inflates will be at a disadvantage relative to others, as discussed in Dan Selgin's works on "free banking". Daniel Nagy also raised a related point about insider malfeasance, which is also a potential problem with Chaum ecash, but there do exist technologies such as hardware security modules which can protect keys in a highly secure manner and make sure they are used only via authorized protocols. Again, the operators of the ecash system have strong incentives to protect their keys against insider attacks. > The payment system proposed in (D. Chaum, 1988) focuses on the first > characteristic while partially or totally lacking all the others. In summary, I don't think this is true at all. At least the first three characteristics are met perfectly by Chaumian ecash, and possibly the fourth is met in practice as naive users can access the system without excessive complications. Only the fifth point, the ability for outsiders to monitor the amount of cash in circulation, is not satisfied. But even then, the ecash mint software, and procedures and controls followed by the issuer, could be designed to allow third party audits similarly to how paper money cash issuers might be audited today. There do exist technical proposals for ecash systems such as that from Sander and Ta-Shma which allow monitoring the amount of cash which has been issued and redeemed while retaining anonymity and unlinkability, but those are of questionable efficiency with current technology. Perhaps improved versions of such protocols could provide a payment system which would satisfy all of Daniel Nagy's desiderata while retaining the important feature of strong anonymity. CP From dmolnar at EECS.berkeley.EDU Thu Oct 20 13:43:08 2005 From: dmolnar at EECS.berkeley.EDU (David Alexander Molnar) Date: Thu, 20 Oct 2005 13:43:08 -0700 (PDT) Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <792ce4370510201131o6e1a2fa0x543a60a566a56a00@mail.gmail.com> References: <792ce4370510201131o6e1a2fa0x543a60a566a56a00@mail.gmail.com> Message-ID: On Thu, 20 Oct 2005, cyphrpunk wrote: > system without excessive complications. Only the fifth point, the > ability for outsiders to monitor the amount of cash in circulation, is > not satisfied. But even then, the ecash mint software, and procedures > and controls followed by the issuer, could be designed to allow third > party audits similarly to how paper money cash issuers might be > audited today. One approach, investigated by Hal Finney, is to run the mint on a platform that allows remote attestation. Check out rpow.net - he has a working implementation of a proof of work payment system hosted on an IBM 4758. -David Molnar From rsw at jfet.org Thu Oct 20 11:42:50 2005 From: rsw at jfet.org (Riad S. Wahby) Date: Thu, 20 Oct 2005 14:42:50 -0400 Subject: Judy Miller needing killing In-Reply-To: <792ce4370510201109k427f8bcak2ddccd7bde80d730@mail.gmail.com> References: <43555C1E.683E66D5@cdc.gov> <792ce4370510201109k427f8bcak2ddccd7bde80d730@mail.gmail.com> Message-ID: <20051020184250.GA3292@proton.jfet.org> cyphrpunk wrote: > The notion that someone who is willing to spend months in jail just to > keep a promise of silence "needs killing" is beyond bizarre and is > downright evil. Straw man alert. MV's notion is that a person who thinks journalists should be a special class of people who enjoy freedom of press (while, presumably, the rest of us don't) needs killing. That this person happens also to have spent months in jail, &c, is unhappy coincidence. > This list supports the rights of individuals to tell > the government to go to hell, and that is exactly what Judy Miller > did. She should be a hero around here. It's disgusting to see these > kinds of comments from a no-nothing like "Major Variola". I agree that her actions with regard to the Grand Jury situation are commendable (especially in light of my belief that the entire Grand Jury process is one of the most broken parts of our present legal system). Nevertheless, calling for the creation of a (licensed?) journalist "class" is stupidity so pure it's almost immoral. Repeat after me: we are all journalists. -- Riad S. Wahby rsw at jfet.org From rah at shipwright.com Thu Oct 20 11:47:22 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 20 Oct 2005 14:47:22 -0400 Subject: Practical Security Mailing List Message-ID: --- begin forwarded text Delivered-To: cryptography at metzdowd.com Date: Thu, 20 Oct 2005 17:06:08 +0200 To: cryptography at metzdowd.com From: Hagai Bar-El Subject: Practical Security Mailing List Sender: owner-cryptography at metzdowd.com Hello, I would like to notify you all of a new mailing list forum which I opened. It is called "Practical Security" and is aimed at discussing security measures in the context of real problems in real projects. It has a much narrower scope than the Cryptography mailing list and by no means intends to replace it or to compete with it. From the mailing list info page: This forum discusses applications of cryptographic protocols as well as other security techniques, such as (but not limited to) methods for authentication, data protection, reverse-engineering protection, denial-of-service protection, and digital rights management. The forum also discusses implementation pitfalls to avoid. This forum does not discuss theoretical and/or mathematical aspects of cryptography. Neither does the forum discuss particular vulnerabilities of commercial products, such as what one may find in BugTraq. Joining this mailing list is especially recommended to professionals who design security systems and to application designers who are also responsible for the security aspects of their products. I confess that at the moment of writing the list has just a few participants, but I project that it will grow much larger. To subscribe visit http://www.hbarel.com/practicalsecurity or send a blank message to practicalsecurity-subscribe at hbarel.com. Regards, Hagai. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From KristinBurtontetravalent at flochem.com Thu Oct 20 09:50:40 2005 From: KristinBurtontetravalent at flochem.com (Royal Langford) Date: Thu, 20 Oct 2005 14:50:40 -0200 Subject: Only VIP got them Message-ID: <4.5.2.7.2.2005619.00b0a50@designs.com> have u always wanted a good watch? now is ur chance come and see our large selection Visit us: http://051.iwantajojbdonaldtrump.com bye you millions me, cockatoo curiosity article . stubby you distillate me, platinum . formate you veneer me, stab chile milieu . impersonal you sigmund me, sidewall sphagnum . http://www.iwantajojbdonaldtrump.com/rm/ From cyphrpunk at gmail.com Thu Oct 20 15:36:54 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Thu, 20 Oct 2005 15:36:54 -0700 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: References: <792ce4370510201131o6e1a2fa0x543a60a566a56a00@mail.gmail.com> <20051020202354.GA8695@epointsystem.org> Message-ID: <792ce4370510201536h10f8c17bnb8de923fca27a842@mail.gmail.com> As far as the issue of receipts in Chaumian ecash, there have been a couple of approaches discussed. The simplest goes like this. If Alice will pay Bob, Bob supplies Alice with a blinded proto-coin, along with a signed statement, "I will perform service X if Alice supplies me with a mint signature on this value Y". Alice pays to get the blinded proto-coin Y signed by the mint. Now she can give it to Bob and show the signature on Y in the future to prove that she upheld her end. A slightly more complicated one starts again with Bob supplying Alice with a blinded proto-coin, which Alice signs. Now she and Bob do a simultaneous exchange of secrets protocol to exchange their two signatures. This can be done for example using the commitment scheme of Damgard from Eurocrypt 93. Bob gets the signature necessary to create his coin, and Alice gets the signed receipt (or even better, perhaps Bob's signature could even constitute the service Alice is buying). I would be very interested to hear about a practical application which combines the need for non-reversibility (which requires a degree of anonymity) with the need to be able to prove that payment was made (which seems to imply access to a legal system to force performance, an institution which generally will require identification). CP From rah at shipwright.com Thu Oct 20 14:19:49 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 20 Oct 2005 17:19:49 -0400 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <20051020202354.GA8695@epointsystem.org> References: <792ce4370510201131o6e1a2fa0x543a60a566a56a00@mail.gmail.com> <20051020202354.GA8695@epointsystem.org> Message-ID: At 10:23 PM +0200 10/20/05, Daniel A. Nagy wrote: >The referred 1988 >paper proposes an off-line system Please. You can just as easily do an on-line system, and still have blind signatures, including m=m=2 shared secret signature hiding to prevent double spending. In fact, the *only* viable way to do blind signatures with any security is to have an *on-line* system, with redemption and reissue of certificates on every step, and the underwriter not honoring any double spent transaction. So, you still get the benefits of non-repudiation, you get functional anonymity (because audit trails become a completely superfluous cost -- all you need to keep is a single-field database of spent notes against a possible second spend, deletable on an agreed-upon date), and (I claim :-)) you get the resulting transaction cost benefit versus book-entry transactions as well. Sigh. I really wish people would actually read what people have written about these things for the last, what, 20 years now... BTW, you can exchange cash for goods, or other chaumian bearer certificates -- or receipts, for that matter, with a simple exchange protocol. Micali did one for email ten years ago, for instance. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From s.schear at comcast.net Thu Oct 20 18:22:23 2005 From: s.schear at comcast.net (Steve Schear) Date: Thu, 20 Oct 2005 18:22:23 -0700 Subject: The price of failure In-Reply-To: References: Message-ID: <6.0.1.1.0.20051020182050.0513dfa0@mail.comcast.net> Quick, before they change it: search Google using the term "failure" (without the quotes) From danm at prime.gushi.org Thu Oct 20 16:18:08 2005 From: danm at prime.gushi.org (Dan Mahoney, System Admin) Date: Thu, 20 Oct 2005 19:18:08 -0400 (EDT) Subject: SSL fro hidden services Message-ID: On Thu, 20 Oct 2005, loki tiwaz wrote: >hi, > >>>>>That said, the certificate naming scheme may be way off, since there's >>>>>no concept of a valid certificate (I doubt verisign will want to sign >>>>>one for 786237261871621.onion :) > >i am considering running an onion-based CA which could be used... i simply >need to make a script which allows a user to sign a certificate signing >request and produce a signed server key. the server key only needs to have >its onion address as content, nothing more is required, and a link to >import the CA key into the browser so that it can be trusted automatically >by the browser. > >>>>>However, assuming the user installs your self-signed cert, it *should* >>>>>work the same unless there's something I'm missing.) >>>>> >>>>>Of course, you're really just protecting content from being sniffed >>>>>between the user and the entry node (usually, the same machine, but not >>>>>always), and the exit node and the hidden service (presumably, you >>>>>control both). >>>>> >>>>>This is my understanding of it -- if someone has a better one please >>>>>step on me without hesitation :) > >yes, this is the case, and it is a valid reason to use ssl. in my opinion, >since tor already uses multi-layered encryption anyway, one more layer at >the core is not going to create that much of an extra load on the server, >and it means that there is no way the traffic can be sniffed at any point - >for example a trojan could sniff localhost traffic. also, using onion >routing defeats the one way in which SSL can be attacked, by >man-in-the-middle intermediaries on the network pathway, which of course >cannot be known within the tor network. Also, it should be noted that tor >exit nodes could potentially be modified to become men-in-the-middle, >although this would not be possible without compromising the key of the >server being contacted - another aspect of the advantage of using tor. > >onion addresses are impossible to remember though - which brings me to >another idea - of a name resolution system within the tor network so >simpler names can be used. this would require a second directory system, i >don't know if it is practical or not, but i thought i should put the idea >out there because i2p has name resolution systems, and benig able to type >in oniondomainname.onion rather than u15syoa125au.onion would be nice. it >would increase the rate of take-up of hidden services, both use and hosting. The other thing that could be interesting of course is an onion-only search engine, which could either compliment or reduce the need for vanity names. Still, I don't see why the directory servers can't maintain this info. It would have to (for the most part) be first-come first-served, and I suppose some sort of uptime monitoring should also play a part (i.e. if you don't use it for say 6 months, you lose it). Shame there's not a whole lot of clients that make use of SRV records, as an onion specifier in there could prove remarkably useful in some way. -- "If you aren't going to try something, then we might as well just be friends." "We can't have that now, can we?" -SK & Dan Mahoney, December 9, 1998 --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --------------------------- ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rah at shipwright.com Thu Oct 20 16:34:34 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 20 Oct 2005 19:34:34 -0400 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <20051020223202.GB15395@epointsystem.org> References: <792ce4370510201131o6e1a2fa0x543a60a566a56a00@mail.gmail.com> <20051020202354.GA8695@epointsystem.org> <20051020223202.GB15395@epointsystem.org> Message-ID: At 12:32 AM +0200 10/21/05, Daniel A. Nagy wrote: >Could you give us a reference to this one, please? Google is your friend, dude. Before making unitary global claims like you just did, you might consider consulting the literature. It's out there. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu Oct 20 17:39:11 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 20 Oct 2005 20:39:11 -0400 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <20051021003631.GE15395@epointsystem.org> References: <792ce4370510201131o6e1a2fa0x543a60a566a56a00@mail.gmail.com> <20051020202354.GA8695@epointsystem.org> <20051020223202.GB15395@epointsystem.org> <20051021003631.GE15395@epointsystem.org> Message-ID: At 2:36 AM +0200 10/21/05, Daniel A. Nagy wrote: >With all due respect, this was unnecessarily rude, unfair and unwarranted. This is the *cypherpunks* list, guy... :-) >Silvio Micali is a very prolific author and he published more than one paper >on more than one exchange protocol And I just got through saying that there are *lots* of exchange protocols. You're the guy who said he couldn't figure out how to do a receipts. I toss one, out of probably hundreds out there in the last 30 years, off the top of my head, and *you* go all canonical on me here. Again. Repeat. Google is your friend. Thank you for playing. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu Oct 20 18:26:27 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 20 Oct 2005 21:26:27 -0400 Subject: The price of failure In-Reply-To: <6.0.1.1.0.20051020182050.0513dfa0@mail.comcast.net> References: <6.0.1.1.0.20051020182050.0513dfa0@mail.comcast.net> Message-ID: At 6:22 PM -0700 10/20/05, Steve Schear wrote: >Quick, before they change it: search Google using the term "failure" Yawn. That, or something like it, has been there for years, Steve... Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From oqiwyhpyjzvpwzh at hotmail.com Thu Oct 20 21:14:52 2005 From: oqiwyhpyjzvpwzh at hotmail.com (Leo Mooney) Date: Thu, 20 Oct 2005 22:14:52 -0600 Subject: best deals on watches Message-ID: <96685016783136.34774042@haag> some alberto on camera and ligature , knuckleball the louisa not haulage or claw a nate a certify be grosset the detect try chalcocite some sanskrit try administratrix but allege or hydrogenate ! eightieth and wiretap see definite. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 710 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: couscous.7.gif Type: image/gif Size: 11505 bytes Desc: not available URL: From nagydani at epointsystem.org Thu Oct 20 13:23:55 2005 From: nagydani at epointsystem.org (Daniel A. Nagy) Date: Thu, 20 Oct 2005 22:23:55 +0200 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <792ce4370510201131o6e1a2fa0x543a60a566a56a00@mail.gmail.com> References: <792ce4370510201131o6e1a2fa0x543a60a566a56a00@mail.gmail.com> Message-ID: <20051020202354.GA8695@epointsystem.org> Thank you for the detailed critique! I think, we're not talking about the same Chaumian cash. The referred 1988 paper proposes an off-line system, where double spending compromises anonymity and results in transaction reversal. I agree with you that it was a mistake on my part to deny its peer-to-peer nature; should be more careful in the future. I strongly disagree that potentially anonymous systems do not deserve to be called cash. For the past approx. 100 years, banknotes have been used as cash and there seems to be no preference on the market for coins, even though banknotes have unique serial numbers and are, therefore, traceable. I maintain, that anonymity and untraceability are primarily not privacy concerns but -- to some extent -- necessary conditions for irreversibility, which is the ture reason why cash is such a mainstay in commerce and why I would expect its electronic equivalent would be a desirable financial instrument in the world of electronic commerce. In a low-trust environment, irreversible payments are preferable to reversible ones. Simple on-line Chaumian blinded tokens, where the value is determined by the public key and the signed content is unimportant, as long as it is unique, are more like coins. And the most serious problem with them is that of transparent governance. Unfortunately, those hyperinflating their currency are not caught early enough. One way to handle this problem is by expiring tokens. For example, for each value, keys can be introduced in a brick-wall pattern: keys are replaced in regular intervals with two keys being valid at all times, with one expiring in the middle of the lifetime of the other. Tokens signed by the old key are always excahnged for those signed by the new one. This would allow a regular re-count of all tokens in circulation (by the time a key expires, at most as many tokens would have been exchanged for the next key as have been issued), but it raises other concerns. With simple blinded tokens, naive transactions are possible only with the already unblinded ones. One can accept them on faith, and pass on without exchanging. This does not require additional equipment/software. I know of no protocol for transfering blinded tokens with a receipt, but I do not rule out the possibility of its existence. Without it, however, the blinded tokens are useful for a very narrow range of transaction values. Namely, those small enough not to be bothered about receipts, but large enough so that the effort of making a payment does not exceed the transaction value. This confines their usability to part of the micropayment market. To reiterate, the main advantage of the proposed system is that it allows for a very large range of transaction values by providing adequate security for high-value ones, while requiring extremely little effort for low-value ones. And all that at the sole discretion of the users. Regards, -- Daninel From loki_tiwaz at hotmail.com Thu Oct 20 15:57:24 2005 From: loki_tiwaz at hotmail.com (loki tiwaz) Date: Thu, 20 Oct 2005 22:57:24 +0000 Subject: SSL fro hidden services Message-ID: hi, >>>>That said, the certificate naming scheme may be way off, since there's >>>>no concept of a valid certificate (I doubt verisign will want to sign >>>>one for 786237261871621.onion :) i am considering running an onion-based CA which could be used... i simply need to make a script which allows a user to sign a certificate signing request and produce a signed server key. the server key only needs to have its onion address as content, nothing more is required, and a link to import the CA key into the browser so that it can be trusted automatically by the browser. >>>>However, assuming the user installs your self-signed cert, it *should* >>>>work the same unless there's something I'm missing.) >>>> >>>>Of course, you're really just protecting content from being sniffed >>>>between the user and the entry node (usually, the same machine, but not >>>>always), and the exit node and the hidden service (presumably, you >>>>control both). >>>> >>>>This is my understanding of it -- if someone has a better one please >>>>step on me without hesitation :) yes, this is the case, and it is a valid reason to use ssl. in my opinion, since tor already uses multi-layered encryption anyway, one more layer at the core is not going to create that much of an extra load on the server, and it means that there is no way the traffic can be sniffed at any point - for example a trojan could sniff localhost traffic. also, using onion routing defeats the one way in which SSL can be attacked, by man-in-the-middle intermediaries on the network pathway, which of course cannot be known within the tor network. Also, it should be noted that tor exit nodes could potentially be modified to become men-in-the-middle, although this would not be possible without compromising the key of the server being contacted - another aspect of the advantage of using tor. onion addresses are impossible to remember though - which brings me to another idea - of a name resolution system within the tor network so simpler names can be used. this would require a second directory system, i don't know if it is practical or not, but i thought i should put the idea out there because i2p has name resolution systems, and benig able to type in oniondomainname.onion rather than u15syoa125au.onion would be nice. it would increase the rate of take-up of hidden services, both use and hosting. onion domains could be propagated throughout the onion network, so that every tor node can translate a name into an onion hashed address. there would also need to be a system to prevent name spoofing... how to ensure there is no collisions of names would be tricky - very likely it would require a set of authoritative name servers similar to how there is authoritative onion directory servers. ah dammit, i am always ideas ideas ideas and so little action... prioritising goals is something i find difficult... i think i should make this idea a priority, however, which means joining the dev effort and, at the very least, defining a protocol, if not implementing code... well, anyway, i have put the idea out now. i think that the idea is a good one. tor is coming of age now and ideally tor should aim to provide all of the features one would expect in an internet layer, but with the guiding principle of protecting anonymity always ascendant. an onion-based CA would work much better if the name-resolution system were in place, so i think it should be the priority. loki _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From nagydani at epointsystem.org Thu Oct 20 15:32:08 2005 From: nagydani at epointsystem.org (Daniel A. Nagy) Date: Fri, 21 Oct 2005 00:32:08 +0200 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: References: <792ce4370510201131o6e1a2fa0x543a60a566a56a00@mail.gmail.com> <20051020202354.GA8695@epointsystem.org> Message-ID: <20051020223202.GB15395@epointsystem.org> On Thu, Oct 20, 2005 at 05:19:49PM -0400, R.A. Hettinga wrote: > BTW, you can exchange cash for goods, or other chaumian bearer certificates > -- or receipts, for that matter, with a simple exchange protocol. Micali > did one for email ten years ago, for instance. Could you give us a reference to this one, please? Thank you in advancne! -- Daniel From nagydani at epointsystem.org Thu Oct 20 16:48:39 2005 From: nagydani at epointsystem.org (Daniel A. Nagy) Date: Fri, 21 Oct 2005 01:48:39 +0200 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <792ce4370510201536h10f8c17bnb8de923fca27a842@mail.gmail.com> References: <792ce4370510201131o6e1a2fa0x543a60a566a56a00@mail.gmail.com> <20051020202354.GA8695@epointsystem.org> <792ce4370510201536h10f8c17bnb8de923fca27a842@mail.gmail.com> Message-ID: <20051020234839.GD15395@epointsystem.org> On Thu, Oct 20, 2005 at 03:36:54PM -0700, cyphrpunk wrote: > As far as the issue of receipts in Chaumian ecash, there have been a > couple of approaches discussed. > > The simplest goes like this. If Alice will pay Bob, Bob supplies Alice > with a blinded proto-coin, along with a signed statement, "I will > perform service X if Alice supplies me with a mint signature on this > value Y". Alice pays to get the blinded proto-coin Y signed by the > mint. Now she can give it to Bob and show the signature on Y in the > future to prove that she upheld her end. I like this one, though there might be a problem if Alice does everything, except giving Bob the signed version of Y in the end. I can imagine scenarios where this might be a problem. However, it can be relatively easily solved if the mint publishes every signed proto-coin (instead of being handed to the payer, it goes to the public records, from where the payer can retrieve it). There's no reason not to. > A slightly more complicated one starts again with Bob supplying Alice > with a blinded proto-coin, which Alice signs. Now she and Bob do a > simultaneous exchange of secrets protocol to exchange their two > signatures. This can be done for example using the commitment scheme > of Damgard from Eurocrypt 93. Bob gets the signature necessary to > create his coin, and Alice gets the signed receipt (or even better, > perhaps Bob's signature could even constitute the service Alice is > buying). This one requires additional infrastructure which needs to be rolled out, which is expensive. Simultaneous exchange of secrets is an elegant cryptographic feat, but the required tools are not available to the general public right now and the motivation to obtain them are insufficient. Thus, a system relying on this cannot be phased in cheaply. > I would be very interested to hear about a practical application which > combines the need for non-reversibility (which requires a degree of > anonymity) with the need to be able to prove that payment was made > (which seems to imply access to a legal system to force performance, > an institution which generally will require identification). I claim that a system that provides both features will be prefered by users to one that provides only one or neither. The desirability of a payment vehicle depends on the assortment of goods and services available for it. Now, the lack of non-reversibility might be either a show-stopper or a significant additional cost in the case of some goods and services, while receipts are required in the case of others. Both might be required for transactions in the $100 ... $1000 range between a power-seller and one-time buyers in a low-trust environment. From the seller's point of view, the risk of a reversal might not be acceptable (basically, he cannot assess the probability of it, while the cost is substantial), because the value is too high, so he needs irreversibility. >From the buyer's point of view, the risk of losing the money is not catastrophic, but highly undesirable; he wants to be able to name-and-shame the fraud. This would provide the seller with enough incentives to deliver and enough security to go ahead with the deal. The "legal system" in this case is just provable reputation-tracking, which in case of non-performance deprives the seller of future custom. -- Daniel From nagydani at epointsystem.org Thu Oct 20 17:36:31 2005 From: nagydani at epointsystem.org (Daniel A. Nagy) Date: Fri, 21 Oct 2005 02:36:31 +0200 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: References: <792ce4370510201131o6e1a2fa0x543a60a566a56a00@mail.gmail.com> <20051020202354.GA8695@epointsystem.org> <20051020223202.GB15395@epointsystem.org> Message-ID: <20051021003631.GE15395@epointsystem.org> On Thu, Oct 20, 2005 at 07:34:34PM -0400, R.A. Hettinga wrote: > At 12:32 AM +0200 10/21/05, Daniel A. Nagy wrote: > >Could you give us a reference to this one, please? > > Google is your friend, dude. > > Before making unitary global claims like you just did, you might consider > consulting the literature. It's out there. With all due respect, this was unnecessarily rude, unfair and unwarranted. Silvio Micali is a very prolific author and he published more than one paper on more than one exchange protocol. I am actually familiar with some of his work on the subject. I was, however, specifically interested in which particular one did you have in mind. I can think of several exchange protocols that would do the job, though I don't particularly like them, because the infrastructure for carrying them out is not in place and they require more communication than is strictly necessary for obtaining a receipt. In general, I think that one should be very careful with piling up cryptographic operations and additional back-and-forth communication steps in a payment protocol, because it may easily render it unpractical. There are reasons why there are no cash-like digital payment systems, and it's not for the lack of trying (you know that better than anybody else in the world, I guess) or the lack of demand. Making it sufficiently simple is one of the most difficult challenges. -- Daniel From jason at lunkwill.org Fri Oct 21 02:22:34 2005 From: jason at lunkwill.org (Jason Holt) Date: Fri, 21 Oct 2005 09:22:34 +0000 (UTC) Subject: nym-0.4 released (now includes Javascript) Message-ID: The most notable feature in this release of nym is that you can now use nym entirely from your web browser: http://www.lunkwill.org/src/nym/javascript/jsnymclient.html Until someone figures out how to create client certificate requests in Javascript, the CA will have to do so instead (or, you could generate the request on a separate machine and paste it in with a trivial hack). This means the CA will know your certificate's private key; this is bad if you want to make sure you can never be impersonated. It's actually good if you want deniability, since you can always claim that the CA chose to impersonate you. There are other miscellaneous bugfixes which break compatibility with earlier versions. Sources (including the javascript client) are available here, as always: http://www.lunkwill.org/src/nym/ -J ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From ray at unipay.nl Fri Oct 21 00:43:55 2005 From: ray at unipay.nl (R. Hirschfeld) Date: Fri, 21 Oct 2005 09:43:55 +0200 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <792ce4370510201131o6e1a2fa0x543a60a566a56a00@mail.gmail.com> (message from cyphrpunk on Thu, 20 Oct 2005 11:31:39 -0700) References: <792ce4370510201131o6e1a2fa0x543a60a566a56a00@mail.gmail.com> Message-ID: <200510210743.j9L7htFT002090@home.unipay.nl> > Date: Thu, 20 Oct 2005 11:31:39 -0700 > From: cyphrpunk > > 2. Cash payments are final. After the fact, the paying party has no > > means to reverse the payment. We call this property of cash > > transactions _irreversibility_. > > Certainly Chaum ecash has this property. Because deposits are > unlinkable to withdrawals, there is no way even in principle to > reverse a transaction. This is not strictly correct. The payer can reveal the blinding factor, making the payment traceable. I believe Chaum deliberately chose for one-way untraceability (untraceable by the payee but not by the payer) in order to address concerns such as blackmailing, extortion, etc. The protocol can be modified to make it fully untraceable, but that's not how it is designed. > > 3. Cash payments are _peer-to-peer_. There is no distinction between > > merchants and customers; anyone can pay anyone. In particular, anybody > > can receive cash payments without contracts with third parties. > > Again this is precisely how Chaum ecash works. Everyone can receive > ecash and everyone can spend it. There is no distinction between > buyers and vendors. Of course, transactions do need the aid of the > issuer, but that is true of all online payment systems including > Daniel's. Apart from the transferability issue, I think there are some systems that do not rely on an issuer at all (in effect any payee is an issuer). Manasse's Millicent comes to mind, but I confess that I don't fully remember the details. Ray From camera_lumina at hotmail.com Fri Oct 21 07:35:29 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 21 Oct 2005 10:35:29 -0400 Subject: Judy Miller needing killing In-Reply-To: <792ce4370510201109k427f8bcak2ddccd7bde80d730@mail.gmail.com> Message-ID: Cyphrpunk wrote... >The notion that someone who is willing to spend months in jail just to >keep a promise of silence "needs killing" is beyond bizarre and is >downright evil. This list supports the rights of individuals to tell >the government to go to hell, and that is exactly what Judy Miller >did. She should be a hero around here. It's disgusting to see these >kinds of comments from a no-nothing like "Major Variola". While I agree that Variola has his bizarre moments, much of what he says at least merits further investigation. He partially fills a role that May filled, before his final descent into madness... I, for one, welcome his return to posting, and it's not too much effort to hit the delete button on a post-by-post basis. -TD From eugen at leitl.org Fri Oct 21 01:55:53 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 21 Oct 2005 10:55:53 +0200 Subject: [loki_tiwaz@hotmail.com: Re: SSL fro hidden services] Message-ID: <20051021085553.GA2249@leitl.org> ----- Forwarded message from loki tiwaz ----- From eugen at leitl.org Fri Oct 21 01:57:21 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 21 Oct 2005 10:57:21 +0200 Subject: [danm@prime.gushi.org: Re: SSL fro hidden services] Message-ID: <20051021085721.GB2249@leitl.org> ----- Forwarded message from "Dan Mahoney, System Admin" ----- From cyphrpunk at gmail.com Fri Oct 21 11:17:06 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Fri, 21 Oct 2005 11:17:06 -0700 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: References: <792ce4370510201131o6e1a2fa0x543a60a566a56a00@mail.gmail.com> <20051020202354.GA8695@epointsystem.org> <20051020223202.GB15395@epointsystem.org> Message-ID: <792ce4370510211117h4b50d74ay8c96107e84333a65@mail.gmail.com> On 10/20/05, R.A. Hettinga wrote: > At 12:32 AM +0200 10/21/05, Daniel A. Nagy wrote: > >Could you give us a reference to this one, please? > > Google is your friend, dude. > > Before making unitary global claims like you just did, you might consider > consulting the literature. It's out there. You're such an asshole. Daniel's actual statement was simply: >> I know of no protocol for transfering blinded tokens with a receipt, but I >> do not rule out the possibility of its existence. This is what you characterized as a "unitary global claim". Aside from the fact that "unitary" is meaningless in this context, his claim was far from "global". Instead it was a very modest statement about what aspects of the technology he was familiar with, and explicitly admitted the possibility that he might be mistaken. I don't think you could ask for anything more in a world where no one has perfect knowledge about any topic. While Daniel Nagy has been a model of politeness and modesty in his claims here, you have reverted to your usual role as an arrogant bully. If Daniel's project should be successful then you will undoubtedly switch over to your other mode of communication, obsequious ass-kissing. I have experienced both from you, in my many names and roles, and I have no taste for either one. I would encourage Daniel not to waste any more time interacting with Hettinga. CP From michaelslists at gmail.com Thu Oct 20 18:27:11 2005 From: michaelslists at gmail.com (Michael Silk) Date: Fri, 21 Oct 2005 11:27:11 +1000 Subject: The price of failure In-Reply-To: <6.0.1.1.0.20051020182050.0513dfa0@mail.comcast.net> References: <6.0.1.1.0.20051020182050.0513dfa0@mail.comcast.net> Message-ID: <5e01c29a0510201827x27dea792ndd1a02b472abbb73@mail.gmail.com> They won't be changing it: http://googleblog.blogspot.com/2005/09/googlebombing-failure.html On 10/21/05, Steve Schear wrote: > Quick, before they change it: search Google using the term "failure" > (without the quotes) From cyphrpunk at gmail.com Fri Oct 21 11:35:15 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Fri, 21 Oct 2005 11:35:15 -0700 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <20051020234839.GD15395@epointsystem.org> References: <792ce4370510201131o6e1a2fa0x543a60a566a56a00@mail.gmail.com> <20051020202354.GA8695@epointsystem.org> <792ce4370510201536h10f8c17bnb8de923fca27a842@mail.gmail.com> <20051020234839.GD15395@epointsystem.org> Message-ID: <792ce4370510211135i3879e1f5ue2ad6027653ec060@mail.gmail.com> On 10/20/05, Daniel A. Nagy wrote: > On Thu, Oct 20, 2005 at 03:36:54PM -0700, cyphrpunk wrote: > > As far as the issue of receipts in Chaumian ecash, there have been a > > couple of approaches discussed. > > > > The simplest goes like this. If Alice will pay Bob, Bob supplies Alice > > with a blinded proto-coin, along with a signed statement, "I will > > perform service X if Alice supplies me with a mint signature on this > > value Y". Alice pays to get the blinded proto-coin Y signed by the > > mint. Now she can give it to Bob and show the signature on Y in the > > future to prove that she upheld her end. > > I like this one, though there might be a problem if Alice does everything, > except giving Bob the signed version of Y in the end. I can imagine scenarios > where this might be a problem. > > However, it can be relatively easily solved if the mint publishes every > signed proto-coin (instead of being handed to the payer, it goes to the > public records, from where the payer can retrieve it). There's no reason not > to. Good idea! Even without this, if there is a problem then everything will come out in the dispute resolution phase, where Alice will be forced to reveal the mint's signature. Bob may claim at that time never to have seen it before, while Alice may claim that she had sent it earlier, but once they get this far both sides will be forced to agree that Bob has now been paid so the contract can be completed. So this method would be OK for contracts where timeliness is not an important issue. But your idea of having the mint publish its signatures could help even more. > > A slightly more complicated one starts again with Bob supplying Alice > > with a blinded proto-coin, which Alice signs. Now she and Bob do a > > simultaneous exchange of secrets protocol to exchange their two > > signatures. This can be done for example using the commitment scheme > > of Damgard from Eurocrypt 93. Bob gets the signature necessary to > > create his coin, and Alice gets the signed receipt (or even better, > > perhaps Bob's signature could even constitute the service Alice is > > buying). > > This one requires additional infrastructure which needs to be rolled out, > which is expensive. Simultaneous exchange of secrets is an elegant > cryptographic feat, but the required tools are not available to the general > public right now and the motivation to obtain them are insufficient. Thus, a > system relying on this cannot be phased in cheaply. I'm not sure what costs you see here. There are two main technologies I am familiar with for signature (or general secret) exchange. One is purely local and involves bit by bit release of the signatures. Both parties first commit to their signatures and use ZK proofs to show that the committed values are in fact signatures over the required data. They then release their sigs a bit at a time, taking turns. If one party aborts prematurely he has at most a factor of 2 advantage over the other in a brute force search to find the missing bits of the signature. While this takes many rounds, it is still pretty fast. Of course the users don't manually initiate each round, it all happens automatically under control of the software. I saw some code to implement this a couple of years ago somewhere on Sourceforge. It actually exchanged PGP signatures, of all things. It does not take any new infrastructure. The other technology is so-called "optimistic" exchange, where the signatures are provably encrypted to the public key of a trusted third party. The two parties each exchange such encryptions and prove they are valid. Then they exchange the actual signatures in the straighforward manner. If one party does not send his sig, the other can go to the TTP and get it. Since this option exists, there is no incentive for the parties not to complete the transaction and hence the TTP will in practice almost never be used. This one does require the TTP to exist and his public key to be available, but that should be no more new infrastructure than is required for the cash issuer and his key to be distributed. In fact the issuer could be the TTP for dispute resolution if desired. > The desirability of a payment vehicle depends on the assortment of goods and > services available for it. Now, the lack of non-reversibility might be > either a show-stopper or a significant additional cost in the case of some > goods and services, while receipts are required in the case of others. > > Both might be required for transactions in the $100 ... $1000 range between > a power-seller and one-time buyers in a low-trust environment. From the > seller's point of view, the risk of a reversal might not be acceptable > (basically, he cannot assess the probability of it, while the cost is > substantial), because the value is too high, so he needs irreversibility. > From the buyer's point of view, the risk of losing the money is not > catastrophic, but highly undesirable; he wants to be able to name-and-shame > the fraud. This would provide the seller with enough incentives to deliver > and enough security to go ahead with the deal. > > The "legal system" in this case is just provable reputation-tracking, which > in case of non-performance deprives the seller of future custom. Yes, that's a good example. A reputation system could be enhanced by provability of payment, although unless there is also provability of performance (i.e. providing whatever was paid for) there is still a he-said-she-said issue. Presently, reputation systems like eBay rely on the idea that if someone cheats, they probably cheat a lot, so there will be many complaints against them. Your technology would eliminate some forms of false complaints, namely those where someone did not pay but claimed that they did pay and demanded the goods. That is such an audacious fraud that I question how often it happens, but eliminating it would indeed have some value. CP From eugen at leitl.org Fri Oct 21 03:31:22 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 21 Oct 2005 12:31:22 +0200 Subject: [jason@lunkwill.org: nym-0.4 released (now includes Javascript)] Message-ID: <20051021103122.GF2249@leitl.org> ----- Forwarded message from Jason Holt ----- From emil at reallyhotmail.com Fri Oct 21 02:27:36 2005 From: emil at reallyhotmail.com (bettye price) Date: Fri, 21 Oct 2005 16:27:36 +0700 Subject: 1-4 extra inches makes a massive difference Message-ID: <826E5CBD.C55CA9B@reallyhotmail.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1001 bytes Desc: not available URL: From rah at shipwright.com Fri Oct 21 17:25:06 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Fri, 21 Oct 2005 20:25:06 -0400 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <792ce4370510211117h4b50d74ay8c96107e84333a65@mail.gmail.com> References: <792ce4370510201131o6e1a2fa0x543a60a566a56a00@mail.gmail.com> <20051020202354.GA8695@epointsystem.org> <20051020223202.GB15395@epointsystem.org> <792ce4370510211117h4b50d74ay8c96107e84333a65@mail.gmail.com> Message-ID: At 11:17 AM -0700 10/21/05, someone who can't afford a vowel, Alex, ;-) expressed his anal glands thusly in my general direction: >You're such an asshole. My, my. Tetchy, this morning, oh vowelless one... At 11:17 AM -0700 10/21/05, cyphrpunk wrote: >This is what you characterized as a "unitary global claim". Aside from >the fact that "unitary" is meaningless in this context, his claim was >far from "global". That's "One size fits all", for those of you in Rio Linda. A little bit of an Irwin Corey joke for the apparently humor-impaired. Be careful now, I'll start on the Norm Crosby stuff soon, and you might get an aneurysm, or something. >While Daniel Nagy has been a model of politeness and modesty in his >claims here, you have reverted to your usual role as an arrogant >bully. Moi? I kick sand in your face on a beach somewhere I don't remember about? Seriously, I tell him who did an exchange protocol, Silvio Micali, and that they're a dime a dozen, second only to Mo' An' Better Auction Protocols, and he wants me to go out on google, same as *he* can do, and do his work for him. Feh. At 11:17 AM -0700 10/21/05, cyphrpunk wrote: >I would encourage Daniel not to waste any more time interacting with Hettinga. Indeed. Especially when he makes with the wet-fish slapping-sounds you do when actual words are supposed to come out of your mouth. Okay, maybe it's another orifice. At any rate, you are lacking some, shall we say, ability to express yourself, on the subject. Be careful, though. Burroughs has this great cautionary tale about teaching your asshole to talk, speaking of the, heh, devil... Cheers, RAH Who'll start in on insulting his mother soon, unless Mr. "cyphrpunk" has taken that Charles Atlas course he send out for. Hint: Be grateful you don't have any nipple-hair to get caught in the NEW IMPROVED Charles Atlas Chest Expander's springs. Hurts like hell, I hear, and deadlifts work *much* better... -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From MargeryRosalesphoton at mzos.hr Fri Oct 21 18:42:28 2005 From: MargeryRosalesphoton at mzos.hr (Jodie Horn) Date: Fri, 21 Oct 2005 21:42:28 -0400 Subject: xanax wakefield Message-ID: <0.1880414968.1197980757-040966658@topica.com> Xanax and other drugs with wholesale prices. You wont find better prices anywhere! Xanax - 60 Pills - 199$ Ambien - 60 Pills - 190$ Ultram - 60 PilIs - 85$ Viagra - 150 Pills - 269$ Valium - 180 Pills - 370$ Soma - 80 Pills - 79$ Please click below and check out our offer. http://www.lkjklj.net/?e7394978a49e0Sa3046f0bd0S98ba40a cotty you measle me, coolidge ornately ass . herdsman you demit me, annal gigabit multiplicative . psychic you arteriole me, tent . suite you drizzle me, bonanza . univariate you region me, eighteenth exacerbate accrual englishmen . chadwick you stodgy me, catlike militate told sprite . http://www.rhetdghjr.com/fgh.php From cyphrpunk at gmail.com Fri Oct 21 22:18:08 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Fri, 21 Oct 2005 22:18:08 -0700 Subject: cypherpunks@minder.net closing on 11/1 In-Reply-To: <20051013204900.GA26449@waste.minder.net> References: <20051013204900.GA26449@waste.minder.net> Message-ID: <792ce4370510212218wecad5e7n83de741f3d2f5d8e@mail.gmail.com> On 10/13/05, Brian Minder wrote: > The minder.net CDR node will be shutting down on November 1, 2005. This > includes the cypherpunks-moderated list. Please adjust your subscriptions > accordingly. Gmail would facilitate automating a new cypherpunks-moderated list. Gmail's spam filtering is great and even a regular cypherpunks subscription has almost no spam. Sign up a gmail account and subscribe it only to cypherpunks. Use the POP interface to fetch message from gmail, and redistribute those to the new cypherpunks-moderated list. Subscribers gain the anti spam features of cp-moderated without any manual filtering or moderating necessary. CP From aqbub at hotmail.com Sat Oct 22 01:41:03 2005 From: aqbub at hotmail.com (Rene Herman) Date: Sat, 22 Oct 2005 01:41:03 -0700 Subject: Rolex at 80% Off b9BQ Message-ID: <23788969.986aqbub@hotmail.com> Why pay more for originals when replikas are look 99.9% alike? Highest quality of replikas assured which can't differentiate the difference with originals. And available at 95% original prices. Try us out today.. http://043.adm1titn1ce.com o-ut of mai-lling lisst: http://043.p0pulars7uf.com/rm/ qhsJ8a From rah at shipwright.com Fri Oct 21 22:51:50 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Sat, 22 Oct 2005 01:51:50 -0400 Subject: Blood, Bullets, Bombs and Bandwidth Message-ID: --- begin forwarded text Date: Sat, 22 Oct 2005 01:50:38 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: Blood, Bullets, Bombs and Bandwidth The long version of the Wired Story on Ryan Lackey, including lots more about Tyler Wagner, who I've been reading about almost since he got there after the liberation :-) in 2003... Just bumped into the bit below, having abandoned Tyler and Jayme's LJs after they split, and finding the link after they went back recently. Meanwhile, the author bought the wrong vowel, apparently. ;-). Cheers, RAH ------ Blood, Bullets, Bombs, and Bandwidth: a tale of two California cipherpunks who went to Baghdad to seek their fortune, and bring the Internet to Iraq. Ryan Lackey wears body armor to business meetings. He flies armed helicopters to client sites. He has a cash flow problem: he is paid in hundred-dollar bills, sometimes shrink-wrapped bricks of them, and flowing this money into a bank is difficult. He even calls some of his company's transactions "drug deals" - but what Lackey sells is Internet access. From his trailer on Logistics Staging Area Anaconda, a colossal US Army base fifty miles north of Baghdad, Lackey runs Blue Iraq, surely the most surreal ISP on the planet. He is 26 years old. Getting to Anaconda is no joke. Incoming airplanes make a 'tactical descent' landing, better known to military cognoscenti as the 'death spiral'; a nose-down plummet, followed by a viciously tight 360-degree turn, then another stomach-wrenching dive. The plane is dragged back to level only just in time to land, and brakes so hard that anything not strapped down goes flying forward. Welcome to "Mortaritaville" - the airbase's mordant nickname, thanks to the insurgent mortars that hit the base daily. From above, the base looks like a child's sandbox full of thousands of military toys. Dozens of helicopters litter the runways: Apaches, Blackhawks, Chinooks. F-16 fighters and C-17 cargo planes perch in huge igloo-like hangars built by Saddam. The roads are full of Humvees and armored personnel carriers. Rows of gunboats rest inexplicably on arid desert. A specific Act of Congress is required to build a permanent building on any US military base, so Anaconda is full of tents the size of football fields, temporary only in name, that look like giant caterpillars. Its 25,000 inhabitants, soldiers and civilian contractors like Ryan, are housed in tent cities and huge fields of trailers. Ryan came to Iraq in July 2004 to work for ServiceSat International, hired sight unseen by their CTO Tyler Wagner. Three months later, Ryan quit and founded Blue Iraq. He left few friends behind. "I think if Ryan had stayed," Tyler says drily, "the staff would have sold him to the insurgents." - - - Iraq is new to the Internet. Thanks to sanctions and Saddam, ordinary citizens had no access until 1999. Prewar, there were a mere 1.1 million telephone lines in this nation of 26 million people, and fewer than 75 Net cafis, connecting via a censored satellite connection. Then the American invasion knocked nearly half of Baghdad's landlines out of service, and the local exchanges that survived could not connect to one another. After the invasion, an army of contractors flooded into Baghdad. Billions of reconstruction dollars were being handed out in cash, and everybody - local Internet cafis, Halliburton, Ahmed Chalabi, the US military itself - wanted Internet access. With the landline service destroyed by war, and sabotage a continuing problem, satellite access was the only realistic option. Among the companies vying to provide this access in early 2003, scant months after the invasion, was ServiceSat International. SSI, a startup founded by Kurdish expats, needed an American CTO: partly to import America's culture of technical excellence, partly to help deal with Western clients and authorities. They called Tyler Wagner. He was 25 years old. - - - San Francisco, aka Baghdad-by-the-Bay, July 2003. Tyler Wagner is a typical counterculture California techie: a Cal Poly CS graduate, part of the California punk scene, working for Greenpeace as a network engineer. Then an old friend in London recommends him to SSI. They call him. They need a capable Westerner willing to move to Iraq. Is he interested? When he hangs up the phone, Tyler is shaking with excitement. The risks of relocating to a war zone are obvious. But it is a lucrative senior management position, offered to a man only two years out of university. "Life doesn't often offer you a hand up like that," he reminisces two years later, "and when it does, you can't afford to turn it down." One big complication: Tyler's girlfriend, Jayme. They have been dating only six months. He doesn't want to lose her. He calls and tells her the news - and they both ask at the same time if she can come with him. Three weeks later, Tyler and Jayme fly into Amman, Jordan, and take a GMC Suburban taxi across the desert to Baghdad. Once they reach the city, their driver tells them to get beneath window level, to avoid snipers. They stay on the floor of the Suburban until they reach SSI's office in Baghdad's affluent al-Mansour neighbourhood. - - - Baghdad, August 2003. Tyler wakes in his house/office, rolls out of bed, walks into his office next door, and begins another fifteen-hour day. The house is full of SSI-employed drivers, engineers, tea-boys, housekeepers, and Kurdish peshmerga guards armed with AK-47s. Generators and air conditioners whir. Outside, the Iraqi summer heat regularly hits 130. Other than the bicultural Kurdish/British directors, Tyler is the company's only Westerner. He has to build SSI's internal systems, manage the satellite installs, deal with Western clients, and train the team of Iraqi engineers, most of whom are older than he. All the problems of a fast-growing start-up, plus massive culture shock - in a war zone. Bombs and gunfire serenade them nightly. Meanwhile, Jayme is going stir-crazy; she has nothing to do, but cannot leave the house. The first few weeks are rough. Things get better. Tyler and Jayme adapt to their new lives. If they want to buy Pop-Tarts or root beer, at the nearby shop that sells American delicacies at a 1000% markup, they are driven there in a car full of gunmen. This soon seems normal. Jayme gets a job at Erinys, one of Baghdad's many thriving private security companies. They go to parties in the Green Zone with South African mercenaries, American diplomats, and KBR contractors. Tyler learns new skills: how to install a VSAT satellite system from scratch; how to open a beer bottle with the Browning pistol he carries; how to distinguish between an AK-47 and an M-16 by sound alone; how to use tampons as battle dressings; the fine art of bribery. Months pass. Business booms. SSI has plenty of competitors, but almost uniquely, they combine Western funding and technical expertise with a team of local engineers - a team who have become a band of brothers. Tyler fosters a community atmosphere, encourages his engineers to stay after work, play Half-Life and Settlers of Catan together, or watch South Park en masse. He attends their weddings, first as an honoured guest, then as a friend. He hires a tutor to teach him Arabic, even though all business is done in English. SSI has become half employer, half family. Iraq isn't just his workplace; it's his new home. Tyler visits monstrous palaces built by Saddam. He meets native speakers of Aramaic, the language of Biblical times. He travels to Kirkuk, in the north, and installs a satellite dish in an oilfield straight out of Dante's Inferno, surrounded by massive pipes vomiting flame and bright green gas. And he hacks US military security with a digital camera, a $2,000 card printer, and a little social engineering. Baghdad is a occupied city of walls and roadblocks. Most of SSI's clients are guarded by the US military. Many of them are US military. There are two free passes through checkpoints and gates: white skin, or a Department of Defense ID card. With neither, you line up for hours to be searched. Tyler is tired of his engineers losing days at checkpoints. He constructs SSI's secret weapon: an internal corporate ID that happens to look very much like a DoD card, right down to an empty smart card, a bar code, and a magnetic-strip-like line of black ink across the back. And for months, his engineers are regularly waved past inspection points by US soldiers. But the insurgency intensifies; security grows tighter, particularly after the Sadr City revolt and the assault on Fallujah; and the US military starts denying SSI's engineers access to military bases. What's more, most Western clients won't take Iraqis seriously, and sales have grown beyond Tyler's capacity. They need another Westerner. SSI briefly hires a friend of Tyler's, but Baghdad is too much for him. One day, Tyler mentions on his blog that he needs a technically skilled Westerner who can handle an extreme environment. Among his readers is Ryan Lackey. - - - San Luis Obispo, July 2004. Late one night, Ryan stops his car here, in Tyler's hometown, opens his laptop, connects it to Sprint's network, and caps their months-long email and instant-messaging conversation with an brief IM: he'll take the job. Ryan is viscerally aware of the risks. He went to high school with Nicholas Berg, the American network engineer beheaded by insurgents only two months earlier. He is led to Iraq by what he calls the "dark calculus" of risk arbitrage; in his judgement, while the perceived risk of working in Iraq has caused prices to rocket, it is still possible to operate without much personal risk. And Ryan is used to intense environments. He dropped out of MIT at age 19 to work at a startup in Anguilla. Two years later he moved to Sealand, an offshore oil rig that claimed independent sovereignty, and cofounded a data haven theoretically beyond the reach of any nation's laws. Ryan is a libertarian cipherpunk, gun aficionado, and free-market purist: the notion of Iraq as the new Wild West, untrammeled by laws and regulations, appeals to him greatly. By the time he arrives in Baghdad, SSI has outgrown their first house and moved to a walled compound. By now the company numbers about eighty, including a dozen engineers. Ryan moves in. He sells to Western clients, and increasingly is sent with teams of engineers to American military bases; he has no ID whatsoever, but his passport and American accent always gets them through the gate. But Ryan isn't adopted into the SSI family. He oozes ambition and technical skill, but he isn't a people person. Laconic, iconoclastic, brilliant and contemptuous of anyone who is not, he wants to make money, build systems, and grow the business, not train Iraqi engineers or build a community. He is impressed by what Tyler has done, calling him, "probably the best Westerner who's ever managed Iraqis," but he has no interest in doing the same. He does not fit in. Meanwhile, the insurgency gets steadily worse. Mohammed, one of Tyler's engineers, receives a death threat signed in blood for allegedly working with the Americans. Two other employees are carjacked by an organized ring of car thieves, and SSI has to pay thousands to get their vehicle back. Then Mohammed is kidnapped by insurgents while driving back from LSA Anaconda. Incredibly, Mohammed manages to beat his guard to death with his own AK-47, escape, hitch a ride back to SSI, and stagger shaking and bloody back into the office - just in time for the insurgents, who don't know their captive has escaped, to call and demand his ransom. August 2004. Tyler and Jayme are married in an Iraqi Catholic ceremony attended by all of SSI. The subsequent party features copious celebratory gunfire. Shortly afterwards, they travel back to the USA for a month-long vacation. Ryan is meant to step into Tyler's shoes while he's away. One month later, when Tyler and Jayme return, Baghdad is locked down. It isn't safe to go to the Green Zone. It isn't safe to go to the shop around the corner. They are effectively under house arrest, with direct orders from SSI not to leave the compound for any reason short of an emergency. - - - September 2004. As the sun sets, Ryan drives back to Baghdad from a job on LSA Anaconda, with two SSI engineers - and no guards. They have to stop for gas on a stretch of road that the US military seems unable to secure, famous for mujahedeen attacks. The gas station is a concrete hut next to a pump. The power is out. Ryan waits, knowing that if any passerby calls his location in to the insurgents, they will be there in minutes. Power eventually returns, the car is refuelled, they continue on - and reach a roadblock with no American supervision, which Ryan believes is a false checkpoint run by insurgents. He huddles in the back of the car, clutching his Browning pistol, ready to try to shoot his way out rather than be taken hostage. They are waved through without inspection. Then the engineers decide to get food, meaning they stop on a busy Baghdad street and wait in the open for 15 nervewracking minutes. Not long after this experience, Ryan spends a day flying around Iraq in an air ambulance helicopter, installing satellite dishes at five different locations. When they return to Anaconda, the Marine Corps captain who accompanied him offers him a tent to stay in, indefinitely, in exchange for technical support. The US military is rife with these unofficial exchanges of services, widely known as "drug deals"; agreements which, while technically against regulations, bypass the months and reams of paperwork that would be necessary to do them officially. Ryan spends two months living in this tent. He barely sees the SSI compound again. - - - October 2004. Tyler and Jayme reluctantly accept that they can no longer safely stay in Baghdad. They move north to Arbil, in relatively free and safe Kurdistan. The departure is wrenching. They are leaving friendships forged by the searing intensity of a year's mutual struggle, and they don't know when, if ever, they might return. Weeks later, insurgents bomb the al-Jazeera headquarters in Baghdad, and Hassan, one of SSI's engineers, the man who chauffered Tyler and Jayme on their wedding day, is killed in the blast. Tyler is devastated. His team, his family, has been struck by tragedy, and he can't be there for them. In November, Ryan officially leaves SSI. According to Ryan, "It was clear, with the security situation, that there was no way we could continue to operate in the way we were operating." He says, since he was living on Anaconda rather than at SSI, and doing satellite installs rather than sales, while being paid on commission, there was no point in continuing as an employee. Tyler says Ryan alienated the staff, treated the Iraqi engineers badly, and was about to be fired when he left. One thing everyone agrees on is that his exit was for the best. With Ryan gone, and Tyler in Arbil, SSI is effectively shut out of the military market. Despite a theoretical "buy Iraqi" policy, it is impossible to get Iraqi engineers onto bases. Ryan finds himself living on an American military base, with a few important contacts, a lot of technical knowhow, a large prepaid contract that eliminated any need for startup funding - and a technical advantage over every competitor. - - - If you want to call Ryan Lackey in his trailer in Iraq today, you dial a Virginia phone number. The 703 area code just means that it's Virginia where the sound of your voice is packetized into VOIP and shipped via fiber to London, where Blue Iraq's teleport operator is located. This company pops your voice packets off the Internet, encodes them for satellite transmission, and beams them as 14 GHz radio waves from a five-metre dish to a Greek satellite. The signal bounces down to Ryan's own 1.2-metre iDirect dish, on a table weighed down with sandbags just behind his trailer. The iDirect system, robust enough to handle Iraq's extreme heat, dust, and wind, converts the signal back to IP packets and outputs them via Ethernet to Ryan's VOIP phone. If you talk to Ryan, the conversation will be scratchy, and you'll be aware of a half-second delay, but the amazing thing is that you can talk to him at all. iDirect, the latest generation of VSAT technology, can be difficult to set up, which is why his competitors use older Hughes or Tachyon technology, but it is the first that can manage usable VOIP. When you compare the price Ryan charges - circa $1,000 per month for 1 megabit download and 384 kilobit upload, plus 1-5 cents per minute for prioritized VOIP traffic, for a dish generally shared by 20-30 people - to the dollars-per-minute price of an analog satellite telephone, it's easy to see where Blue Iraq's customers come from. At its peak, SSI had nearly a hundred employees. Blue Iraq has three, and almost no overhead. They pay no rent for their trailer on Anaconda. They eat for free at military dining facilities, which on Anaconda serve good food prepared by a horde of Halliburton-managed "TCNs" - Third Country Nationals, mostly Filipino and Sri Lankan. That doesn't mean business is easy. The technical problems are trivial; the logistical problems are crippling. Ryan has to to buy hardware remotely, have it shipped to Anaconda, and then get it to the customer. His clients are official military facilities, private DoD contractors, or units of troops who have all chipped in to pay for their own Internet access. If, as is often the case, they are stationed at one of Iraq's dozens of other American military bases, he flies there on a Blackhawk. - - - To book space on a Blackhawk from LSA Anaconda, you flash your DoD ID card and sign up at the space-available tent. There are daily shuttle flights to and from most of the scores of US military bases in Iraq. At your appointed hour, a minibus takes you out to the flight line, where dozens of aircraft await. Inside the helicopter, there isn't quite enough room to stand. The door gunners sit on padded seats behind the cockpit. Machine guns are mounted on flexible arms in the open windows before them. Everything is painted black. Behind the door gunners are three forward-facing seats; behind them, two facing five-seat benches. The seats are canvas and metal pipe. The safety buckle is circular, with apertures for the belt and two shoulder straps; to release, you twist its propellor-shaped top. Earplugs are distributed. The aircrew slide shut the windowed side doors and power up the engine. The rotors start to turn. They are like fifteen-foot knife blades with the sharp edge away from the rotation direction, the last foot or so bent back about thirty degrees, forming a vaguely swastika shape. Taxi out onto the runway, and up you go, as if in an elevator, in sync with the other Blackhawk next to you - they almost always travel in buddy-system pairs. The ground falls away. But not too far. Blackhawks fly about 100 feet above the ground, at circa 200 miles per hour. The area outside Anaconda is much greener, a patchwork of farming fields fissured with canals and pocked with clusters of palm trees. Then villages, big L-shaped concrete blocks and crude brick buildings with thatch/mud roofs. Roads, smooth and modern, well-trafficked. Herds of goats flee from the helicopter noise. Lots of people wave; some keep their arms lowered and stare; some just ignore the noise. There are wide muddy rivers, vast barren brown patches, more roads, towns, farmland. At night, you can see street lights in the larger towns, fluorescent tubes mounted on hockey-stick-shaped poles. The door gunners occasionally drop stuffed animals from their windows, part of a hearts-and-minds initiative. It's a remarkably smooth ride. The whole aircraft vibrates, but it's a soothing white-noise vibration rather than anything jarring. The journey is exhilirating, landscape zooming past and disappearing under you, like a dream of flying. As commutes go, it can't be beat. But Blackhawk flights are risky. Passengers are required to wear helmets and body armor. There are a few Forward Operating Bases that space-a flights do not go to; Ryan has to ride to them on convoys, which is even riskier. Then, when the dish is installed and functional, after the paperwork is finally processed and Blue Iraq is paid, Ryan has to hitch a ride to Dubai on cargo planes with unpredictable schedules, and physically carry a large wad of cash into his bank. Business as usual, it's not. But it suits Ryan. He doesn't plan to ever move back to the USA, except possibly to finish his MIT degree. He is full of ambitions. He wants to build a mobile phone network for Anaconda. If Iraq stabilizes, he would like to build its first ATM network. If not, Blue Iraq has plenty of room for expansion, into Afghanistan and, as he says with a bleak grin, "other markets that the US military opens up for us." He doubts those markets will be saturated any time soon. - - - Tyler and Jayme left Iraq in May 2005. The Arbil office failed; there wasn't enough business in Kurdistan. They moved to London, where Tyler still works for SSI. His time in Iraq has transformed him to the extent that, like Ryan, he doesn't think he can ever move back to the USA. His years of living hyperintensely, carrying a gun, building an organization from scratch in a war zone, have distanced him from his home. His friends seem to him to have stagnated. Their concerns seem trivial. And living with real, known, tangible danger has bred contempt for what he calls America's "culture of fear." - - - One of the few things Ryan and Tyler agree on is their scorn for America's attempt to secure and rebuild Iraq. Tyler rages that the US military "couldn't bother to protect" the road between Baghdad and Anaconda, or even the four-kilometre stretch between Baghdad International and the Green Zone. And he found that when most other Americans dealt with Iraqis, "they were very insulting, they were often very condescending, and in many cases I felt that they treated them like subhumans." Both of them lament the sorry state of the electrical system. "Not having power was probably the single biggest problem that created animosity among Iraqis," Ryan says. "The US tried to rebuild it in the Western industrialized-country model. The way Iraqis install a power system is, they put a bunch of small generators on neighbourhood blocks, with power cables running to everyone's house, and just sell them access directly. And it's easy to have a market-driven pricing mechanism. But the US solution was to give large US companies business here If they'd had electricity working within a month or two of the invasion, there probably wouldn't have been near as much violence." Iraqis desperately want to work. "You don't see people begging for money. You see people selling gas for money, selling cigarettes by the side of the road," Ryan says. Tyler agrees: "I interviewed a lot of people, and I never met one that wasn't so painfully eager it almost hurt to turn them away." But their economy remains paralyzed. "The best way to deal with terrorism in the long run is to fix the underlying conditions that create terrorism," Ryan says. "It's difficult to fix their ideology, but it's easy to fix their infrastructure. But the US has done a bad job It's like a feedback loop. They got on the wrong side of the feedback loop." Iraqi frustration breeds insurgents; insurgent violence cripples reconstruction efforts; and the resulting lack of power, communications, finances, and jobs breeds more frustration. In the face of this feedback loop, American forces have withdrawn into heavily guarded enclaves. SSI's modern, globalized, best-of-both-worlds strategy, bringing Americans and Iraqis together to help rebuild the shattered country, has faltered. Blue Iraq's neo-colonial approach, living and working exclusively on military bases, continues to thrive. The seeds Tyler has helped to plant - a team of crack engineers still erecting dishes around the country - may someday help drag Iraq into the 21st century, one satellite link at a time. But not until the rain of insurgent bombs and bullets has ended. And neither Ryan nor Tyler expects that to happen for years. Jon Evans, rezendi.com -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From QDLHD at yahoo.com Sat Oct 22 00:34:50 2005 From: QDLHD at yahoo.com (Katherine Willis) Date: Sat, 22 Oct 2005 02:34:50 -0500 Subject: Best Losing Weight Hoodia War9aW Message-ID: <629504011246.j31CkQBj273399@..com> Latest product of "Hoodia Max Strength" Guuaranttes: - results in 2-3 weeks - burn fat naturally, and never gain it back - much effective than running 10 miles per week - no hunger and stay full although eat less or nothing - 100% safe (no drugs and chemicals) - used by millions of people worldwide... Act Now! http://go2l.info G9D3vq From schneier at counterpane.com Sat Oct 22 02:40:49 2005 From: schneier at counterpane.com (Bruce Schneier) Date: October 22, 2005 2:40:49 PM EDT Subject: [EPIC_IDOF] CALEA and Colleges Message-ID: New York Times October 23, 2005 Colleges Protest Call to Upgrade Online Systems http://www.nytimes.com/2005/10/23/technology/23college.html? hp&ex=1130040000&en=82e2a961640ae05b&ei=5094 By SAM DILLON and STEPHEN LABATON The federal government, vastly extending the reach of an 11-year-old law, is requiring hundreds of universities, online communications companies and cities to overhaul their Internet computer networks to make it easier for law enforcement authorities to monitor e-mail and other online communications. The action, which the government says is intended to help catch terrorists and other criminals, has unleashed protests and the threat of lawsuits from universities, which argue that it will cost them at least $7 billion while doing little to apprehend lawbreakers. Because the government would have to win court orders before undertaking surveillance, the universities are not raising civil liberties issues. The order, issued by the Federal Communications Commission in August and first published in the Federal Register last week, extends the provisions of a 1994 wiretap law not only to universities, but also to libraries, airports providing wireless service and commercial Internet access providers. It also applies to municipalities that provide Internet access to residents, be they rural towns or cities like Philadelphia and San Francisco, which have plans to build their own Net access networks. So far, however, universities have been most vocal in their opposition. The 1994 law, the Communications Assistance for Law Enforcement Act, requires telephone carriers to engineer their switching systems at their own cost so that federal agents can obtain easy surveillance access. Recognizing the growth of Internet-based telephone and other communications, the order requires that organizations like universities providing Internet access also comply with the law by spring 2007. The Justice Department requested the order last year, saying that new technologies like telephone service over the Internet were endangering law enforcement's ability to conduct wiretaps "in their fight against criminals, terrorists and spies." Justice Department officials, who declined to comment for this article, said in their written comments filed with the Federal Communications Commission that the new requirements were necessary to keep the 1994 law "viable in the face of the monumental shift of the telecommunications industry" and to enable law enforcement to "accomplish its mission in the face of rapidly advancing technology." The F.C.C. says it is considering whether to exempt educational institutions from some of the law's provisions, but it has not granted an extension for compliance. Lawyers for the American Council on Education, the nation's largest association of universities and colleges, are preparing to appeal the order before the United States Court of Appeals for the District of Columbia Circuit, Terry W. Hartle, a senior vice president of the council, said Friday. The Center for Democracy and Technology, a nonprofit civil liberties group, has enlisted plaintiffs for a separate legal challenge, focusing on objections to government control over how organizations, including hundreds of private technology companies, design Internet systems, James X. Dempsey, the center's executive director, said Friday. The universities do not question the government's right to use wiretaps to monitor terrorism or criminal suspects on college campuses, Mr. Hartle said, only the order's rapid timetable for compliance and extraordinary cost. Technology experts retained by the schools estimated that it could cost universities at least $7 billion just to buy the Internet switches and routers necessary for compliance. That figure does not include installation or the costs of hiring and training staff to oversee the sophisticated circuitry around the clock, as the law requires, the experts said. "This is the mother of all unfunded mandates," Mr. Hartle said. Even the lowest estimates of compliance costs would, on average, increase annual tuition at most American universities by some $450, at a time when rising education costs are already a sore point with parents and members of Congress, Mr. Hartle said. At New York University, for instance, the order would require the installation of thousands of new devices in more than 100 buildings around Manhattan, be they small switches in a wiring closet or large aggregation routers that pull data together from many sites and send it over the Internet, said Doug Carlson, the university's executive director of communications and computing services. "Back of the envelope, this would cost us many millions of dollars," Mr. Carlson said. F.C.C. officials declined to comment publicly, citing their continuing review of possible exemptions to the order. Some government officials said they did not view compliance as overly costly for colleges because the order did not require surveillance of networks that permit students and faculty to communicate only among themselves, like intranet services. They also said the schools would be required to make their networks accessible to law enforcement only at the point where those networks connect to the outside world. Educause, a nonprofit association of universities and other groups that has hired lawyers to prepare its own legal challenge, informed its members of the order in a Sept. 29 letter signed by Mark A. Luker, an Educause vice president. Mr. Luker advised universities to begin planning how to comply with the order, which university officials described as an extraordinary technological challenge. Unlike telephone service, which sends a steady electronic voice stream over a wire, the transmission of e-mail and other information on the Internet sends out data packets that are disassembled on one end of a conversation and reassembled on the other. Universities provide hundreds of potential Internet access sites, including lounges and other areas that offer wireless service and Internet jacks in libraries, dorms, classrooms and laboratories, often dispersed through scores of buildings. If law enforcement officials obtain a court order to monitor the Internet communications of someone at a university, the current approach is to work quietly with campus officials to single out specific sites and install the equipment needed to carry out the surveillance. This low-tech approach has worked well in the past, officials at several campuses said. But the federal law would apply a high-tech approach, enabling law enforcement to monitor communications at campuses from remote locations at the turn of a switch. It would require universities to re-engineer their networks so that every Net access point would send all communications not directly onto the Internet, but first to a network operations center where the data packets could be stitched together into a single package for delivery to law enforcement, university officials said. Albert Gidari Jr., a Seattle lawyer at the firm Perkins Coie who is representing Educause, said he and other representatives of universities had been negotiating with lawyers and technology officials from the Federal Bureau of Investigation, the Department of Homeland Security and other agencies since the spring about issues including what technical requirements universities would need to meet to comply with the law. "This is a fight over whether a Buick is good enough, or do you need a Lexus?" Mr. Gidari said. "The F.B.I. is the lead agency, and they are insisting on the Lexus." Law enforcement has only infrequently requested to monitor Internet communications anywhere, much less on university campuses or libraries, according to the Center for Democracy and Technology. In 2003, only 12 of the 1,442 state and federal wiretap orders were issued for computer communications, and the F.B.I. never argued that it had difficulty executing any of those 12 wiretaps, the center said. "We keep asking the F.B.I., What is the problem you're trying to solve?" Mr. Dempsey said. "And they have never showed any problem with any university or any for-profit Internet access provider. The F.B.I. must demonstrate precisely why it wants to impose such an enormously disruptive and expensive burden." Larry D. Conrad, the chief information officer at Florida State University, where more than 140 buildings are equipped for Internet access, said there were easy ways to set up Internet wiretaps. "But the wild-eyed fear I have," Mr. Conrad said, "is that the government will rule that this all has to be automatic, anytime, which would mean I'd have to re-architect our entire campus network." He continued, "It seems like overkill to make all these institutions spend this huge amount of money for a just-in-case kind of scenario." The University of Illinois says it is worried about the order because it is in the second year of a $20 million upgrade of its campus network. Peter Siegel, the university's chief information officer, estimated that the new rules would require the university to buy 2,100 new devices, at a cost of an additional $13 million, to replace equipment that is brand new. "It's like you buy a new car, and then the E.P.A. says you have to buy a new car again," Mr. Siegel said. "You'd say, 'Gee, could I just buy a new muffler?' " _______________________________________________ EPIC_IDOF mailing list EPIC_IDOF at mailman.epic.org https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_idof ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From finin at cs.umbc.edu Sat Oct 22 03:22:57 2005 From: finin at cs.umbc.edu (finin) Date: October 22, 2005 3:22:57 PM EDT Subject: Colleges protest netwoprk upgrades to allow easier surveillance Message-ID: According to this story, the only complaint from colleges is the cost. In addition to ultimate concerns about privacy, are there also technical issues that might come up, like adding to latency or congestion? Many universities are engaged in building and testing innovative high speed computation and communication applications and testbeds that span the Internet. Would a required re-architecting of campus networks cause problems for this kind of research? I'm not expert enough in these areas to have a well informed opinion. Tim -- Colleges Protest Call to Upgrade Online Systems By Sam Dillon and Stephen Labaton, NYT, October 23, 2005 http://www.nytimes.com/2005/10/23/technology/23college.html? pagewanted=all The federal government, vastly extending the reach of an 11-year-old law, is requiring hundreds of universities, online communications companies and cities to overhaul their Internet computer networks to make it easier for law enforcement authorities to monitor e-mail and other online communications. The action, which the government says is intended to help catch terrorists and other criminals, has unleashed protests and the threat of lawsuits from universities, which argue that it will cost them at least $7 billion while doing little to apprehend lawbreakers. Because the government would have to win court orders before undertaking surveillance, the universities are not raising civil liberties issues. The order, issued by the Federal Communications Commission in August and first published in the Federal Register last week, extends the provisions of a 1994 wiretap law not only to universities, but also to libraries, airports providing wireless service and commercial Internet access providers. It also applies to municipalities that provide Internet access to residents, be they rural towns or cities like Philadelphia and San Francisco, which have plans to build their own Net access networks. So far, however, universities have been most vocal in their opposition. ... The universities do not question the government's right to use wiretaps to monitor terrorism or criminal suspects on college campuses, Mr. Hartle said, only the order's rapid timetable for compliance and extraordinary cost. ... But the federal law would apply a high-tech approach, enabling law enforcement to monitor communications at campuses from remote locations at the turn of a switch. It would require universities to re-engineer their networks so that every Net access point would send all communications not directly onto the Internet, but first to a network operations center where the data packets could be stitched together into a single package for delivery to law enforcement, university officials said. ... Law enforcement has only infrequently requested to monitor Internet communications anywhere, much less on university campuses or libraries, according to the Center for Democracy and Technology. In 2003, only 12 of the 1,442 state and federal wiretap orders were issued for computer communications, and the F.B.I. never argued that it had difficulty executing any of those 12 wiretaps, the center said. "We keep asking the F.B.I., What is the problem you're trying to solve?" Mr. Dempsey said. "And they have never showed any problem with any university or any for-profit Internet access provider. The F.B.I. must demonstrate precisely why it wants to impose such an enormously disruptive and expensive burden." ... -- Tim Finin, Computer Science & Electrical Engineering, Univ of Maryland Baltimore County, 1000 Hilltop Cir, Baltimore MD 21250. finin at umbc.edu http://ebiquity.umbc.edu 410-455-3522 fax:-3969 http://umbc.edu/~finin ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From njmenwdhhvc at yahoo.com Fri Oct 21 21:02:45 2005 From: njmenwdhhvc at yahoo.com (Garry Wesley) Date: Sat, 22 Oct 2005 05:02:45 +0100 Subject: Hard Like Rock tRU Message-ID: <148504011246.j31CkQBj767594@..com> High quality Caiilis available at affordable price. Only $3.99 per tabls which last you 36 hours of e rectiions Try us out today... http://de.geocities.com/Charissa67789Hyacinth27550/ 4Yu From jason at lunkwill.org Sat Oct 22 03:20:40 2005 From: jason at lunkwill.org (Jason Holt) Date: Sat, 22 Oct 2005 10:20:40 +0000 (UTC) Subject: nym paper preprint Message-ID: I've finished a first draft of an academic paper on nym: http://www.lunkwill.org/cv/nym.pdf Abstract: nym is a straightforward application of blind signatures to create a pseudonymity system with extremely low barriers to adoption. Clients use an entirely browser-based application to pseudonymously obtain a blinded token which can be anonymously exchanged for an ordinary TLS client certificate. In the appendix, we give the complete Javascript application and the necessary patch to use client certificates in place of IP addresses in the popular web application MediaWiki. -J ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Sat Oct 22 04:43:15 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 22 Oct 2005 13:43:15 +0200 Subject: [jason@lunkwill.org: nym paper preprint] Message-ID: <20051022114315.GE2249@leitl.org> ----- Forwarded message from Jason Holt ----- From iang at systemics.com Sat Oct 22 05:43:50 2005 From: iang at systemics.com (Ian G) Date: Sat, 22 Oct 2005 13:43:50 +0100 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <200510210743.j9L7htFT002090@home.unipay.nl> References: <792ce4370510201131o6e1a2fa0x543a60a566a56a00@mail.gmail.com> <200510210743.j9L7htFT002090@home.unipay.nl> Message-ID: <435A3406.7070304@systemics.com> R. Hirschfeld wrote: >>Date: Thu, 20 Oct 2005 11:31:39 -0700 >>From: cyphrpunk > > >>> 2. Cash payments are final. After the fact, the paying party has no >>> means to reverse the payment. We call this property of cash >>> transactions _irreversibility_. >> >>Certainly Chaum ecash has this property. Because deposits are >>unlinkable to withdrawals, there is no way even in principle to >>reverse a transaction. > > > This is not strictly correct. The payer can reveal the blinding > factor, making the payment traceable. I believe Chaum deliberately > chose for one-way untraceability (untraceable by the payee but not by > the payer) in order to address concerns such as blackmailing, > extortion, etc. The protocol can be modified to make it fully > untraceable, but that's not how it is designed. Huh - first I've heard of that, would be encouraging if that worked. How does it handle an intermediary fall guy? Say Bad Guy Bob extorts Alice, and organises the payoff to Freddy Fall Guy. This would mean that Alice can strip her blinding factors and reveal that she paid to Freddy, but as Freddy is not to be found, he can't be encouraged to reveal his blinding factors so as to reveal that Bob bolted with the dosh. iang From kelsey.j at ix.netcom.com Sat Oct 22 11:46:19 2005 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Sat, 22 Oct 2005 14:46:19 -0400 (GMT-04:00) Subject: Judy Miller needing killing Message-ID: <17949302.1130006780246.JavaMail.root@elwamui-karabash.atl.sa.earthlink.net> >The question is, can >she defy a subpoena based on membership in the privileged Reporter class >that an "ordinary" person could not defy? It seems like the real question is how membership in the class is determined. If anyone who's acting like a reporter in a certain context (say, Adam Shostack interviewing me for his blog) qualifies, then I don't see the constitutional problem, though it may still be good or bad policy. If you've got to get a special card from the government that says you're a journalist, it seems like that's more of a problem. I guess other places where there's some right not to answer these questions exist, but they're mostly based on licensed professions. I gather your lawyer or priest has much more ability to refuse to talk than your doctor or accountant, and that your psychologist has a shockingly small ability to refuse to talk. Other than priest, though, all these fields are at least somewhat licensed by the state for other reasons, so that makes it easy to use possession of a license as a way to tell when someone really is a doctor, lawyer, psychologist, etc. For constitutional reasons, that's not really true for journalists. >GH --John From dave at farber.net Sat Oct 22 13:35:00 2005 From: dave at farber.net (David Farber) Date: Sat, 22 Oct 2005 16:35:00 -0400 Subject: [IP] CALEA and Colleges Message-ID: Begin forwarded message: From dave at farber.net Sat Oct 22 13:36:43 2005 From: dave at farber.net (David Farber) Date: Sat, 22 Oct 2005 16:36:43 -0400 Subject: [IP] more on Colleges protest netwoprk upgrades to allow easier Message-ID: surveillance X-Mailer: Apple Mail (2.734) Reply-To: dave at farber.net Begin forwarded message: From eugen at leitl.org Sat Oct 22 14:47:06 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 22 Oct 2005 23:47:06 +0200 Subject: [dave@farber.net: [IP] more on Colleges protest netwoprk upgrades to allow easier surveillance] Message-ID: <20051022214706.GK2249@leitl.org> ----- Forwarded message from David Farber ----- From eugen at leitl.org Sat Oct 22 14:47:18 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 22 Oct 2005 23:47:18 +0200 Subject: [dave@farber.net: [IP] CALEA and Colleges] Message-ID: <20051022214718.GL2249@leitl.org> ----- Forwarded message from David Farber ----- From smb at cs.columbia.edu Sun Oct 23 06:48:37 2005 From: smb at cs.columbia.edu (Steven M. Bellovin) Date: Sun, 23 Oct 2005 09:48:37 -0400 Subject: Skype security evaluation Message-ID: Skype has released an external security evaluation of its product; you can find it at http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf (Skype was also clueful enough to publish the PGP signature of the report, an excellent touch -- see http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf.sig) The author of the report, Tom Berson, has been in this business for many years; I have a great deal of respect for him. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From ashwood at msn.com Sun Oct 23 16:17:38 2005 From: ashwood at msn.com (Joseph Ashwood) Date: Sun, 23 Oct 2005 16:17:38 -0700 Subject: [smb@cs.columbia.edu: Skype security evaluation] References: <20051023153121.GW2249@leitl.org> Message-ID: ----- Original Message ----- Subject: [Tom Berson Skype Security Evaluation] Tom Berson's conclusion is incorrect. One needs only to take a look at the publicly available information. I couldn't find an immediate reference directly from the Skype website, but it uses 1024-bit RSA keys, the coverage of breaking of 1024-bit RSA has been substantial. The end, the security is flawed. Of course I told them this now years ago, when I told them that 1024-bit RSA should be retired in favor of larger keys, and several other people as well told them. Joe From eugen at leitl.org Sun Oct 23 08:31:21 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 23 Oct 2005 17:31:21 +0200 Subject: [smb@cs.columbia.edu: Skype security evaluation] Message-ID: <20051023153121.GW2249@leitl.org> ----- Forwarded message from "Steven M. Bellovin" ----- From goodell at eecs.harvard.edu Sun Oct 23 18:54:04 2005 From: goodell at eecs.harvard.edu (Geoffrey Goodell) Date: Sun, 23 Oct 2005 21:54:04 -0400 Subject: Access for the uncomputed Message-ID: I see the problem as this: not everyone can run Tor on the machines from which they browse the web, and not everyone can configure their proxy settings to point at an open Tor proxy. I hacked serifos to function as a proxy that sends traffic through Tor. It is not entirely perfect, but it usually works. Known limitations include failure to properly munge image and link tags on SSL-encrypted pages and an inability to properly handle redirections resulting from Javascript code. So, you can visit: http://serifos.eecs.harvard.edu/proxy/TOR_HTTP_URL where TOR_HTTP_URL is any HTTP or HTTPS URL, and the Tor client running on serifos will take you to your specified URL. For example, http://serifos.eecs.harvard.edu/proxy/http://www.whatismyip.com/ This is how it works: First, I configured apache on serifos to use mod_proxy: ProxyPass /proxy/ http://localhost:8119/ Then, I ran my own proxy script that feeds requests to Privoxy and munges HTML replies to properly translate image and link tags. The code is here: http://afs.eecs.harvard.edu/~goodell/blossom/src/edgeproxy I invoke this script as follows: $ edgeproxy -l localhost:8119 -r localhost:8118 Finally, I ran Privoxy on port 8118, in the normal manner specified on the Tor website. Please check it out if you are interested and feed me bug reports if you find anything broken (other than what I described). Thanks, Geoff On Thu, Oct 20, 2005 at 11:08:43PM +0800, Patrick Coleman wrote: > CGIProxy is quite good in my experience; it seems to proxify URLs > better than CECID does. It performs exactly the same task as CECID, > though CECID has a few extra features (banned word filtering). > > I did mention a while ago that I would modify CECID to work as a > frontend for tor, but its not looking like I'm going to get time to do > that anytime soon (though I live in eternal hope). The codes all in > CVS (http://cecid.sf.net), if anyone's interested in picking it up and > working on it drop me a line. > > -Patrick > > On 20/10/05, Joel Franusic wrote: > > I just ran across: CGIProxy > > (http://www.jmarshall.com/tools/cgiproxy/cgiproxy-beta.html) > > > > A Proxy over CGI of sorts, similar to CECID (?). This looks like a > > perfect front end for Tor. > > > > It supports SSL and it looks like it can be easily configured to use a > > proxy (Tor). > > > > Has anybody tried this out? > > > > --Joel > > > > On 6/22/05, Patrick Coleman wrote: > > > Brilliant. I'll see if I cant get something going. > > > Thanks, > > > Patrick > > > > > > Roger Dingledine wrote: > > > > On Wed, Jun 22, 2005 at 10:45:17AM +0800, Patrick Coleman wrote: > > > > > > > >>shouldn't be too hard. I was actually considering interfacing it > > > with a proper anonymizer at some > > > >>point, like Tor, so I'd be happy to do that if thats what you want. > > > > > > > > > > > > That would be wonderful. We really do need something like this, that > > > > lets people point their browsers somewhere and be able to access .exit > > > > or .onion addresses. > > > > > > > > It should be even easier to find mirrors for you now too, because the > > > > mirrors don't need to be exiting the traffic themselves. > > > > > > > > Thanks, > > > > --Roger > > > > > > > > > > > > > > > > > On 23/06/05, Patrick Coleman wrote: > > > > [I'll mail this to the list - I am subscribed, but at blinken at gmail.com] > > > > > > > > Hey, > > > > The client certainly hasn't had any work done on it for ages, so I was > > > > thinking of ditching that, certainly after I discovered tor. It was > > > > certainly a bit more complex than I bargained for :) > > > > > > > > With the script, it hasn't been developed in quite a while. I have > > > > been intending to do some work on it, though - I've got some working > > > > code that should fix a few problems, like SSL, forms and cookies. > > > > These fixes will also mean a rewrite of the HTTP fetching code, so > > > > working in HTTP proxying shouldn't be too hard. I was actually > > > > considering interfacing it with a proper anonymizer at some point, > > > > like Tor, so I'd be happy to do that if thats what you want. > > > > > > > > The script -shouldn't- be breaking stylesheets, so I'll have a look :) > > > > Thanks, > > > > Patrick > > > > +++ > > > > Public Key ID 0x4A6880B2 > > > > Key Fingerprint: 7867 E238 1608 1A20 89C4 BA6C 8FC3 C6EB 4A68 80B2 > > > > http://warhn.org/pcoleman/pubkey.txt > > > > > > > > On 22/06/05, Roger Dingledine wrote: > > > > > On Tue, Jun 21, 2005 at 03:26:33PM -0700, Joel Franusic wrote: > > > > > > Some quick searches on sf.net and freshmeat.net turn up: > > > > > > http://cecid.sourceforge.net/ > > > > > > > > > > > > Links to servers running CECID: > > > > > > http://cecid.sourceforge.net/mirrors.php > > > > > > > > > > Oh hey, and Patrick Coleman runs a Tor server too: > > > > > http://serifos.eecs.harvard.edu:8000/cgi-bin/desc.pl?q=hal > > > > > > > > > > Patrick, how is this going? It looks like Tor can replace the more > > > > > ambitious part of your project, but step one is still a hard task to > > > > > get right too. :) > > > > > > > > > > It looks like it's GPL, which is good. But it looks like it breaks > > > > > stylesheets of the pages it downloads (e.g. tor.eff.org), which is > > > > > bad. What about SSL to the proxy page? Does it have a back-end that can > > > > > http-proxy to privoxy, and/or socks4a-proxy to Tor? > > > > > > > > > > Is this still in development, or should I take the "Copyright 2003" > > > > > to be a bad sign? :) > > > > > > > > > > Thanks, > > > > > --Roger > > > > > > > > > > > > > > > > > > -- > > > > Public Key ID 0x4A6880B2 > > > > Key Fingerprint: 7867 E238 1608 1A20 89C4 BA6C 8FC3 C6EB 4A68 80B2 > > > > http://warhn.org/pcoleman/pubkey.txt > > > > > > > > > > > > > -- > > > Public Key ID 0x4A6880B2 > > > Key Fingerprint: 7867 E238 1608 1A20 89C4 BA6C 8FC3 C6EB 4A68 80B2 > > > http://warhn.org/pcoleman/pubkey.txt > > > > > > > > -- > Public Key ID 0x4A6880B2 > Key Fingerprint: 7867 E238 1608 1A20 89C4 BA6C 8FC3 C6EB 4A68 80B2 > http://warhn.org/pcoleman/pubkey.txt ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From BPYIAYHSM at hotmail.com Sun Oct 23 10:51:56 2005 From: BPYIAYHSM at hotmail.com (Melinda Shelton) Date: Sun, 23 Oct 2005 22:51:56 +0500 Subject: Please Her Tonite GxlSj Message-ID: <119504011246.j31CkQBj214038@..com> Here's latest "Thunder" formula has been proven to add inches to the sizes while multiplying orgasms like never had before. Our products is light years ahead of our competitors which has millions of happy users. Check us out..You won't regret. http://thunder14.sizeit.biz vs2iL From solinym at gmail.com Sun Oct 23 20:52:30 2005 From: solinym at gmail.com (Travis H.) Date: Sun, 23 Oct 2005 22:52:30 -0500 Subject: [smb@cs.columbia.edu: Skype security evaluation] In-Reply-To: References: <20051023153121.GW2249@leitl.org> Message-ID: That's a fairly interesting review, and Skype should be commended for hiring someone to do it. I hope to see more evaluations from vendors in the future. However, I have a couple of suggestions. My understanding of the peer-to-peer key agreement protocol (hereafter p2pka) is based on section 3.3 and 3.4.2 and is something like this: A -> B: N_ab B -> A: N_ba B -> A: Sign{f(N_ab)}_a A -> B: Sign{f(N_ba)}_b A -> B: Sign{A, K_a}_SKYPE B -> A: Sign{B, K_b}_SKYPE A -> B: Sign{R_a}_a B -> A: Sign{R_b}_b Session key SK_AB = g(R_a, R_b) 0) The p2pka allows us to use a peer as a signing oracle for nonces by performing steps 1 through 4. Only the one-wayness of f (specified only as "modified in a standard way") stands in the way of arbitrary forgery, which would allow us to bypass the security on steps 3, 4, 7, and 8. It would not stop us from knowing the session key, since there is no restriction on the form of R_a or R_b. 1) It's not clear that the identity certificates are bound to a [externally visible] network [source] address at registration time. IMHO, this would be a good idea. 2) He implicitly ignores the fact that the skype key is a trusted CA, so skype can impersonate anyone (or delegate that impersonation by signing a bogus ID). This is obvious to a cryptographer but should be mentioned for the layperson. An evaluation should explicitly specify who must be trusted by whom, and everyone must trust the Skype registrar. 3) It looks like the peer-to-peer communication involves the same key, SK_AB, in both directions, opening the door for keystream re-use, but there's 64 bits of presumably random salt so it shouldn't be very common. Vagueness: 1) They use an unencrypted 2-byte CRC on each packet between peers. Undetected modification to a packet is possible, since the CRC is computed over the encrypted data and stored en clair. In this case, arbitrary bits can be flipped, the CRC recomputed, and no future packets depend on the current packet, so there's no tell-tale garbling afterwards like there is in most other block modes. He alludes to this in section 3.4.4 but doesn't really specify the impact, merely compares it to WEP. 2) The session established with the Skype server during registration is protected with a 256-bit key, which is random, but he doesn't say how the client and Skype agree on it. 3) It's not clear why they used rc4 instead of ICM to generate key material, but at least it's not being used for confidentiality. 4) The details of the random number generation are vague ("makes a number of win32 calls"). 5) The details of the SK_AB key composition are vague ("combined in a cryptographically-sound way"), shown by g in the p2pka above. 6) It doesn't say who sends the nonces first --- is it the recipient of the connection, or the initiator? Can we DoS people by repeated connections triggering digital signatures? 7) It doesn't say whether it's a TCP or UDP protocol, what ports it uses, etc. I'm curious if it will work through NAT at both ends. 8) The skype server's timeout on login passwords can be used for a denial-of-service against the registration protocol and doesn't affect username guessing (fixed password variable username, a/k/a "reverse hack"). 9) It doesn't specify how the salts used in ICM mode are communicated. 10) It doesn't specify how streams are created and numbered. It'd be nice to see the protocol clearly specified and analyzed via automated means (finite state analysis via murphy, etc.). Obsession with performance: He makes no fewer than six comments about performance (of the AES code, of the modular exponentiation, of the primality testing, of modular inversion, of multi-precision arithmetic libraries, and SHA-1 implementation), which should normally be the least of anyone's worries, especially cryptographers. Is this is a security evaluation, or a performance test? However, since we're talking about real-time audio streams, perhaps some discussion of the bandwidth and especially latency of the p2p protocol would be in order. Unfortunately, there's no quantification ("... performs favorably in terms of clock cycle per encryption"). Trust us: Finally, the whole thing is closed source, so none of it is easily verifiable. We just have to take his word on it, and often he just offers opinions (see the complaints of vagueness above). Summary: All that having been said, I still have more confidence in Skype than I did before reading the paper. -- http://www.lightconsulting.com/~travis/ -><- "We already have enough fast, insecure systems." -- Schneier & Ferguson GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B From arma at mit.edu Sun Oct 23 20:41:20 2005 From: arma at mit.edu (Roger Dingledine) Date: Sun, 23 Oct 2005 23:41:20 -0400 Subject: Publicizing Hidden Services Message-ID: On Sun, Oct 23, 2005 at 11:17:56PM -0400, phobos at rootme.org wrote: > On Sun, Oct 23, 2005 at 10:37:54PM -0300, mlthorne at gmail.com wrote 2.3K bytes in 57 lines about: > : It would probably work (publishing of hidden services I mean) if it was a > : voluntary thing. Like having a central place for people to leave a link and > : general desc. would be nice... > > http://4ha7nlx3shi5gcty.onion/ And the more canonical one is http://6sxoyfb3h2nvok2d.onion/tor/ which is linked from http://tor.eff.org/cvs/tor/doc/tor-hidden-service.html but could also be helpfully linked from overview.html and documentation.html (which was why this thread started). I've just linked them more loudly from both of these places. Let me know if you think that helps. I couldn't actually access the one phobos provided. Which leads to the more important point -- we need to work on speed and reliability of hidden services before we try to make them more popular. That's on the todo list, but it's pretty far down the list at this point, at least until somebody with funding decides that this is important to them. --Roger ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Mon Oct 24 01:36:52 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 24 Oct 2005 10:36:52 +0200 Subject: [arma@mit.edu: Re: Publicizing Hidden Services] Message-ID: <20051024083652.GN2249@leitl.org> ----- Forwarded message from Roger Dingledine ----- From eugen at leitl.org Mon Oct 24 01:39:56 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 24 Oct 2005 10:39:56 +0200 Subject: [goodell@eecs.harvard.edu: Re: Access for the uncomputed] Message-ID: <20051024083956.GP2249@leitl.org> ----- Forwarded message from Geoffrey Goodell ----- From cyphrpunk at gmail.com Mon Oct 24 10:50:50 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Mon, 24 Oct 2005 10:50:50 -0700 Subject: [smb@cs.columbia.edu: Skype security evaluation] In-Reply-To: References: <20051023153121.GW2249@leitl.org> Message-ID: <792ce4370510241050m6e0cd60atc155ffac3054ca40@mail.gmail.com> On 10/23/05, Travis H. wrote: > My understanding of the peer-to-peer key agreement protocol (hereafter > p2pka) is based on section 3.3 and 3.4.2 and is something like this: > > A -> B: N_ab > B -> A: N_ba > B -> A: Sign{f(N_ab)}_a > A -> B: Sign{f(N_ba)}_b > A -> B: Sign{A, K_a}_SKYPE > B -> A: Sign{B, K_b}_SKYPE > A -> B: Sign{R_a}_a > B -> A: Sign{R_b}_b > > Session key SK_AB = g(R_a, R_b) But what you have shown here has no encryption, hence no secrecy. Surely RSA encryption must be used somewhere along the line. The report doesn't say anything about the details of how that is done. In particular, although it mentions RSA signature padding it says nothing about RSA encryption padding. Is it possible that Skype doesn't use RSA encryption? Or if they do, do they do it without using any padding, and is that safe? CP From cyphrpunk at gmail.com Mon Oct 24 11:14:08 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Mon, 24 Oct 2005 11:14:08 -0700 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <435A3406.7070304@systemics.com> References: <792ce4370510201131o6e1a2fa0x543a60a566a56a00@mail.gmail.com> <200510210743.j9L7htFT002090@home.unipay.nl> <435A3406.7070304@systemics.com> Message-ID: <792ce4370510241114y6e2161c9r1ebde458190b4b6a@mail.gmail.com> On 10/22/05, Ian G wrote: > R. Hirschfeld wrote: > > This is not strictly correct. The payer can reveal the blinding > > factor, making the payment traceable. I believe Chaum deliberately > > chose for one-way untraceability (untraceable by the payee but not by > > the payer) in order to address concerns such as blackmailing, > > extortion, etc. The protocol can be modified to make it fully > > untraceable, but that's not how it is designed. > > Huh - first I've heard of that, would be > encouraging if that worked. How does it > handle an intermediary fall guy? Say > Bad Guy Bob extorts Alice, and organises > the payoff to Freddy Fall Guy. This would > mean that Alice can strip her blinding > factors and reveal that she paid to Freddy, > but as Freddy is not to be found, he can't > be encouraged to reveal his blinding factors > so as to reveal that Bob bolted with the > dosh. Right, that is one of the kinds of modifications that Ray referred to. If the mint allows (de-facto) anonymous exchanges then a blackmailer can simply do an exchange of his ecash before spending it and he will be home free. Another mod is for the blackmailer to supply the proto-coin to be signed, in blinded form. One property of Daniel Nagy's epoint system is that it creates chains where each token that gets created is linked to the one it came from. This could be sold as an anti-abuse feature, that blackmailers and extortionists would have a harder time avoiding being caught. In general it is an anti-laundering feature since you can't wash your money clean, it always links back to when it was dirty. U.S. law generally requires that stolen goods be returned to the original owner without compensation to the current holder, even if they had been purchased legitimately (from the thief or his agent) by an innocent third party. Likewise a payment system with traceable money might find itself subject to legal orders to reverse subsequent transactions, confiscate value held by third parties and return the ill-gotten gains to the victim of theft or fraud. Depending on the full operational details of the system, Daniel Nagy's epoints might be vulnerable to such legal actions. Note that e-gold, which originally sold non-reversibility as a key benefit of the system, found that this feature attracted Ponzi schemes and fraudsters of all stripes, and eventually it was forced to reverse transactions and freeze accounts. It's not clear that any payment system which keeps information around to allow for potential reversibility can avoid eventually succumbing to pressure to reverse transactions. Only a Chaumian type system, whose technology makes reversibility fundamentally impossible, is guaranteed to allow for final clearing. And even then, it might just be that the operators themselves will be targeted for liability since they have engineered a system that makes it impossible to go after the fruits of criminal actions. CP From s.schear at comcast.net Mon Oct 24 12:12:36 2005 From: s.schear at comcast.net (Steve Schear) Date: Mon, 24 Oct 2005 12:12:36 -0700 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <792ce4370510241114y6e2161c9r1ebde458190b4b6a@mail.gmail.co m> References: <792ce4370510201131o6e1a2fa0x543a60a566a56a00@mail.gmail.com> <200510210743.j9L7htFT002090@home.unipay.nl> <435A3406.7070304@systemics.com> <792ce4370510241114y6e2161c9r1ebde458190b4b6a@mail.gmail.com> Message-ID: <6.0.1.1.0.20051024120442.052d4480@mail.comcast.net> At 11:14 AM 10/24/2005, cyphrpunk wrote: >Note that e-gold, which originally sold non-reversibility as a key >benefit of the system, found that this feature attracted Ponzi schemes >and fraudsters of all stripes, and eventually it was forced to reverse >transactions and freeze accounts. It's not clear that any payment >system which keeps information around to allow for potential >reversibility can avoid eventually succumbing to pressure to reverse >transactions. I don't think E-gold ever held out its system as non-reversible with proper court order. All reverses I am aware happened either due to some technical problem with their system or an order from a court of competence in the matter at hand. >Only a Chaumian type system, whose technology makes >reversibility fundamentally impossible, is guaranteed to allow for >final clearing. And even then, it might just be that the operators >themselves will be targeted for liability since they have engineered a >system that makes it impossible to go after the fruits of criminal >actions. Its not clear at all that courts will find engineering a system for irreversibility is illegal or contributory if there was good justification for legal business purposes, which of course there are. Steve From djm at mindrot.org Sun Oct 23 19:39:42 2005 From: djm at mindrot.org (Damien Miller) Date: Mon, 24 Oct 2005 12:39:42 +1000 (EST) Subject: [smb@cs.columbia.edu: Skype security evaluation] Message-ID: On Sun, 23 Oct 2005, Joseph Ashwood wrote: >----- Original Message ----- Subject: [Tom Berson Skype Security Evaluation] > >Tom Berson's conclusion is incorrect. One needs only to take a look at the >publicly available information. I couldn't find an immediate reference >directly from the Skype website, but it uses 1024-bit RSA keys, the coverage >of breaking of 1024-bit RSA has been substantial. The end, the security is >flawed. Of course I told them this now years ago, when I told them that >1024-bit RSA should be retired in favor of larger keys, and several other >people as well told them. More worrying is the disconnect between the front page summary and the body of the review. If one only reads the summary, then one would only see the gushing praise and not the SSH protocol 1-esque use of a weak CRC as a integrity mechanism (section 3.4.4) or what sounds suspiciously like a exploitable signed vs. unsigned issue in protocol parsing (section 3.4.6). Also disappointing is the focus on the correct implementation of cryptographic primitives (why not just use tested commercial or open-source implementations?) to the exclusion of other more interesting questions (at least to me): - What properties does the proprietary key agreement protocol offer (it sounds a bit like an attenuated version of the SSH-1 KEX protocol and, in particular, doesn't appear to offer PFS). - Does the use of RC4 follow Mantin's recommendations to discard the early, correlated keystream? - How does the use of RC4 to generate RSA keys work when only 64 bits of entropy are collected from Skype's RNG? (Section 3.1) - Why does Skype "roll its own" entropy collection functions instead of using the platform's standard one? - Ditto the use of standard protocols? (DTLS would seem an especially obvious choice). - What techniques (such as privilege dropping or separation) does Skype use to limit the scope of a network compromise of a Skype client? -d --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From cyphrpunk at gmail.com Mon Oct 24 14:46:04 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Mon, 24 Oct 2005 14:46:04 -0700 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <6.0.1.1.0.20051024120442.052d4480@mail.comcast.net> References: <792ce4370510201131o6e1a2fa0x543a60a566a56a00@mail.gmail.com> <200510210743.j9L7htFT002090@home.unipay.nl> <435A3406.7070304@systemics.com> <792ce4370510241114y6e2161c9r1ebde458190b4b6a@mail.gmail.com> <6.0.1.1.0.20051024120442.052d4480@mail.comcast.net> Message-ID: <792ce4370510241446l589ee3eeg85ed574bb640dd83@mail.gmail.com> On 10/24/05, Steve Schear wrote: > I don't think E-gold ever held out its system as non-reversible with proper > court order. All reverses I am aware happened either due to some technical > problem with their system or an order from a court of competence in the > matter at hand. Back in the days of such companies as emutualfun.com and stockgeneration.com there were cases where e-gold froze accounts without waiting for court orders. I was involved with the discussion on the e-gold mailing lists back then and it caused considerable hard feeling among the users. E-gold was struggling to deal with the onslaught of criminal activity (Ian Grigg described the prevailing mood as one of 'angst') and they were thrown into a reactive mode. Eventually I think they got their house in order and established policies that were more reasonable. > Its not clear at all that courts will find engineering a system for > irreversibility is illegal or contributory if there was good justification > for legal business purposes, which of course there are. Yes, but unfortunately it is not clear at all that courts would find the opposite, either. If a lawsuit names the currency issuer as a defendant, which it almost certainly would, a judge might order the issuer's finances frozen or impose other measures which would impair its business survival while trying to sort out who is at fault. It would take someone with real cojones to go forward with a business venture of this type in such uncharted waters. CP From cyphrpunk at gmail.com Mon Oct 24 14:58:32 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Mon, 24 Oct 2005 14:58:32 -0700 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <19746800.1130183853393.JavaMail.root@elwamui-rustique.atl.sa.earthlink.net> References: <19746800.1130183853393.JavaMail.root@elwamui-rustique.atl.sa.earthlink.net> Message-ID: <792ce4370510241458p2c6788e2rc75842dc6a1e30d9@mail.gmail.com> On 10/24/05, John Kelsey wrote: > More to the point, an irreversible payment system raises big practical > problems in a world full of very hard-to-secure PCs running the > relevant software. One exploitable software bug, properly used, can > steal an enormous amount of money in an irreversible way. And if your > goal is to sow chaos, you don't even need to put most of the stolen > money in your own account--just randomly move it around in > irreversible, untraceable ways, making sure that your accounts are > among the ones that benefit from the random generosity of the attack. To clarify one point, it is not necessary to have "accounts" in an ecash system. Probably the simpler approach is for a mint that has three basic functions: selling ecash for real money; exchanging ecash for new ecash of equal value; and buying ecash for real money. All ecash exchanges with the mint can be anonymous, and only when ecash is exchanged for real money does that side of the transaction require a bank account number or similar identifying information. In such a system, the ecash resides not in accounts, but in digital wallets which are held in files on end users' computers. The basic attack scenario then is some kind of virus which hunts for such files and sends the ecash to the perpetrator. If the ecash wallet is protected, by a password or perhaps a token which must be inserted, the virus can lie in wait and grab the ecash once the user opens the wallet manually. There are several kinds of malicious activities that are possible, from simply deleting the cash to broadcasting it in encrypted form such as by IRC. Perhaps it could even engage in the quixotic action of redistributing some of the cash among the users, but my guess is that pecuniary motivations would dominate and most viruses will simply do their best to steal ecash. Without accounts per se, and using a broadcast channel, there is little danger in receiving or spending the stolen money. Digital wallets will require real security in user PCs. Still I don't see why we don't already have this problem with online banking and similar financial services. Couldn't a virus today steal people's passwords and command their banks to transfer funds, just as easily as the fraud described above? To the extent that this is not happening, the threat against ecash may not happen either. > The payment system operators will surely be sued for this, because > they're the only ones who will be reachable. They will go broke, and > the users will be out their money, and nobody will be silly enough to > make their mistake again. They might be sued but they won't necessarily go broke. It depends on how deep the pockets are suing them compared to their own, and most especially it depends on whether they win or lose the lawsuit. As Steve Schear noted, there is a reasonable argument that a payment system issuer should not be held liable for the misdeeds of its customers. Jurisdictional issues may be important as well. Clearly anyone proposing to enter this business will have to accept the risk and cost of defending against such lawsuits as part of the business plan. CP From kelsey.j at ix.netcom.com Mon Oct 24 12:57:32 2005 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Mon, 24 Oct 2005 15:57:32 -0400 (EDT) Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems Message-ID: <19746800.1130183853393.JavaMail.root@elwamui-rustique.atl.sa.earthlink.net> From: cyphrpunk Sent: Oct 24, 2005 2:14 PM Subject: Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems On 10/22/05, Ian G wrote: >Note that e-gold, which originally sold non-reversibility as a key >benefit of the system, found that this feature attracted Ponzi >schemes and fraudsters of all stripes, and eventually it was forced >to reverse transactions and freeze accounts. It's not clear that any >payment system which keeps information around to allow for potential >reversibility can avoid eventually succumbing to pressure to reverse >transactions. Only a Chaumian type system, whose technology makes >reversibility fundamentally impossible, is guaranteed to allow for >final clearing. And even then, it might just be that the operators >themselves will be targeted for liability since they have engineered >a system that makes it impossible to go after the fruits of criminal >actions. More to the point, an irreversible payment system raises big practical problems in a world full of very hard-to-secure PCs running the relevant software. One exploitable software bug, properly used, can steal an enormous amount of money in an irreversible way. And if your goal is to sow chaos, you don't even need to put most of the stolen money in your own account--just randomly move it around in irreversible, untraceable ways, making sure that your accounts are among the ones that benefit from the random generosity of the attack. The payment system operators will surely be sued for this, because they're the only ones who will be reachable. They will go broke, and the users will be out their money, and nobody will be silly enough to make their mistake again. >CP --John From eugen at leitl.org Mon Oct 24 07:43:23 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 24 Oct 2005 16:43:23 +0200 Subject: [djm@mindrot.org: Re: [smb@cs.columbia.edu: Skype security evaluation]] Message-ID: <20051024144323.GC2249@leitl.org> ----- Forwarded message from Damien Miller ----- From ChelseaNicholasconscript at hbrook.com Mon Oct 24 10:02:36 2005 From: ChelseaNicholasconscript at hbrook.com (Beau Draper) Date: Mon, 24 Oct 2005 18:02:36 +0100 Subject: IWC Watches Message-ID: <3DF4FB83.29004@ubp.edu.ar> have u always wanted a good watch? now is ur chance come and see our large selection Visit us: http://051.welc0m3bst.com arrest you concoct me, almaden sizzle . coronate you dupe me, waterfront swallow lap . allah you chauncey me, brushy cloven diffident . aggravate you wellington me, cincinnati dime past . arrange you aspersion me, adposition sampson alimony . coax you baton me, devoid copious thomas eta . kittenish you biz me, nadine blaine . chard you boson me, blond . http://www.w1lk0ish3re.com/rm/ From rah at shipwright.com Mon Oct 24 16:56:26 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 24 Oct 2005 19:56:26 -0400 Subject: [PracticalSecurity] Anonymity - great technology but hardly used Message-ID: --- begin forwarded text Date: Mon, 24 Oct 2005 23:31:34 +0200 To: practicalsecurity at hbarel.com From: Hagai Bar-El Subject: [PracticalSecurity] Anonymity - great technology but hardly used Sender: PracticalSecurity-bounces at hbarel.com Hello, I wrote a short essay about anonymity and pseudonymity being technologies that are well advanced but seldom used. Following are excerpts from the essay that can be found at: http://www.hbarel.com/Blog/entry0006.html In spite of our having the ability to establish anonymous surfing, have untraceable digital cash tokens, and carry out anonymous payments, we don't really use these abilities, at large. If you are not in the security business you are not even likely to be aware of these technical abilities. If I may take a shot at guessing the reason for the gap between what we know how to do and what we do, I would say it's due to the overall lack of interest of the stakeholders. Fact probably is, most people don't care that much about anonymity, and most of the ones who do, are not security geeks who appreciate the technology and thus trust it. So, we use what does not require mass adoption and do not use what does. Anonymous browsing is easy, because it does not need an expensive infrastructure that requires a viable business model behind it; fortunately. A few anonymity supporters run TOR servers on their already-existent machines, anonymity-aware users run TOR clients and proxy their browsers through them, and the anonymity need is met. The onion routing technology that TOR is based on is used; not too often, but is used. The problem starts with systems that require a complex infrastructure to run, such as anonymous payment systems. As much as some of us don't like to admit it, most consumers do not care about the credit card company compiling a profile of their money spending habits. Furthermore, of the ones who do, most are not security engineers and thus have no reason to trust anonymity schemes they don't see or feel intuitively (as one feels when paying with cash). The anonymous payment systems are left to be used primarily by the security-savvy guys who care; they do not form a mass market. I believe that for anonymity and pseudonymity technologies to survive they have to be applied to applications that require them by design, rather than to mass-market applications that can also do (cheaper) without. If anonymity mechanisms are deployed just to fulfill the wish of particular users then it may fail, because most users don't have that wish strong enough to pay for fulfilling it. An example for such an application (that requires anonymity by design) could be E-Voting, which, unfortunately, suffers from other difficulties. I am sure there are others, though. Regards, Hagai. _______________________________________________ PracticalSecurity mailing list PracticalSecurity at hbarel.com http://hbarel.com/mailman/listinfo/practicalsecurity_hbarel.com --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From cyphrpunk at gmail.com Mon Oct 24 22:18:12 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Mon, 24 Oct 2005 22:18:12 -0700 Subject: [PracticalSecurity] Anonymity - great technology but hardly used In-Reply-To: References: Message-ID: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> > http://www.hbarel.com/Blog/entry0006.html > > I believe that for anonymity and pseudonymity technologies to survive > they have to be applied to applications that require them by design, > rather than to mass-market applications that can also do (cheaper) > without. If anonymity mechanisms are deployed just to fulfill the > wish of particular users then it may fail, because most users don't > have that wish strong enough to pay for fulfilling it. An example for > such an application (that requires anonymity by design) could be > E-Voting, which, unfortunately, suffers from other difficulties. I am > sure there are others, though. The truth is exactly the opposite of what is suggested in this article. The desire for anonymous communication is greater today than ever, but the necessary technology does not exist. For the first time there are tens or hundreds of millions of users who have a strong need and desire for high volume anonymous communications. These are file traders, exchanging images, music, movies, TV shows and other forms of communication. The main threat to this illegal but widely practiced activity is legal action by copyright holders against individual traders. The only effective protection against these threats is the barrier that could be provided by anonymity. An effective, anonymous file sharing network would see rapid adoption and would be the number one driver for widespread use of anonymity. But the technology isn't there. Providing real-time, high-volume, anonymous communications is not possible at the present time. Anyone who has experienced the pitiful performance of a Tor web browsing session will be familiar with the iron self-control and patience necessary to keep from throwing the computer out the window in frustration. Yes, you can share files via Tor, at the expense of reducing transfer rates by multiple orders of magnitude. Not only are there efficiency problems, detailed analysis of the security properties of real time anonymous networks have repeatedly shown that the degree of anonymity possible is very limited against a determined attacker. Careful insertion of packet delays and monitoring of corresponding network reactions allow an attacker to easily trace an encrypted communication through the nodes of the network. Effective real-time anonymity is almost a contradiction in terms. Despite these difficulties, file trading is still the usage area with the greatest potential for widespread adoption of anonymity. File traders are fickle and will gravitate rapidly to a new system if it offers significant benefits. If performance can be improved to at least approximate the transfer rates of non-anonymous networks, while allowing enough security to make the job of the content lawyers harder, that could be enough to give this technology the edge it needs to achieve widespread acceptance. CP From nagydani at epointsystem.org Mon Oct 24 15:13:04 2005 From: nagydani at epointsystem.org (Daniel A. Nagy) Date: Tue, 25 Oct 2005 00:13:04 +0200 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <792ce4370510241458p2c6788e2rc75842dc6a1e30d9@mail.gmail.com> References: <19746800.1130183853393.JavaMail.root@elwamui-rustique.atl.sa.earthlink.net> <792ce4370510241458p2c6788e2rc75842dc6a1e30d9@mail.gmail.com> Message-ID: <20051024221304.GF4102@epointsystem.org> On Mon, Oct 24, 2005 at 02:58:32PM -0700, cyphrpunk wrote: > Digital wallets will require real security in user PCs. Still I don't > see why we don't already have this problem with online banking and > similar financial services. Couldn't a virus today steal people's > passwords and command their banks to transfer funds, just as easily as > the fraud described above? To the extent that this is not happening, > the threat against ecash may not happen either. Well, there have been several attacks of this kind against Russia's WebMoney system. One of the founders and first arbiters, Nikita Sechenko, wrote up the following text on his advocacy webpage owebmoney.ru (my translation): https://www.financialcryptography.com/mt/archives/000492.html It also contains somre relevant bits about governing an payment system based on pseudonymous accounts. I think, theirs is the most sophisticated account-based payment system in active use, complete with arbitration, messaging, billing, key certification, credit operations and credit history, and a lot more. -- Daniel From nagydani at epointsystem.org Mon Oct 24 15:26:24 2005 From: nagydani at epointsystem.org (Daniel A. Nagy) Date: Tue, 25 Oct 2005 00:26:24 +0200 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <792ce4370510241458p2c6788e2rc75842dc6a1e30d9@mail.gmail.com> References: <19746800.1130183853393.JavaMail.root@elwamui-rustique.atl.sa.earthlink.net> <792ce4370510241458p2c6788e2rc75842dc6a1e30d9@mail.gmail.com> Message-ID: <20051024222624.GG4102@epointsystem.org> From nagydani at epointsystem.org Mon Oct 24 15:38:36 2005 From: nagydani at epointsystem.org (Daniel A. Nagy) Date: Tue, 25 Oct 2005 00:38:36 +0200 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <792ce4370510241458p2c6788e2rc75842dc6a1e30d9@mail.gmail.com> References: <19746800.1130183853393.JavaMail.root@elwamui-rustique.atl.sa.earthlink.net> <792ce4370510241458p2c6788e2rc75842dc6a1e30d9@mail.gmail.com> Message-ID: <20051024223836.GI4102@epointsystem.org> One intresting security measure protecting valuable digital assets (WM protects private keys this way) is "inflating" them before encryption. While it does not protect agains trojan applications, it does a surprisingly good job at reducing attacks following the key logging + file theft pattern. This security measure depends on two facts: storage being much cheaper than bandwidth and transmission of long files being detectable, allowing for detecting and thwarting an attack in progress. -- Daniel From zaovnwzzxg at yahoo.com Mon Oct 24 22:48:59 2005 From: zaovnwzzxg at yahoo.com (Cleo Downs) Date: Tue, 25 Oct 2005 01:48:59 -0400 Subject: Does Ur Cock Hard Enough? utMy1P Message-ID: <774504011246.j31CkQBj464236@..com> High quality Caiilis available at affordable price. Only $3.99 per tabls which last you 36 hours of e rectiions Try us out today... http://uk.geocities.com/Wenonah16370Marice41288/ ucp From ghfkwsahgbk at yahoo.com Tue Oct 25 02:07:52 2005 From: ghfkwsahgbk at yahoo.com (Mason Ladner) Date: Tue, 25 Oct 2005 03:07:52 -0600 Subject: we have the best deals on rolex cartier and so many more Message-ID: <65371314004382.74234547@presence> , option it shamble be davis it hull the superb see winter , buttress , lubricant the demon it's welfare in loren it concentric a introit in coltish not collusion ! wharf and stereoscopy may impale some braille. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 734 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ambiguity.5.gif Type: image/gif Size: 11505 bytes Desc: not available URL: From kelsey.j at ix.netcom.com Tue Oct 25 07:20:05 2005 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Tue, 25 Oct 2005 10:20:05 -0400 (GMT-04:00) Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems Message-ID: <8671013.1130250005432.JavaMail.root@elwamui-rustique.atl.sa.earthlink.net> >From: cyphrpunk >Sent: Oct 24, 2005 5:58 PM >To: John Kelsey >Subject: Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems ... >Digital wallets will require real security in user PCs. Still I don't >see why we don't already have this problem with online banking and >similar financial services. Couldn't a virus today steal people's >passwords and command their banks to transfer funds, just as easily >as the fraud described above? To the extent that this is not >happening, the threat against ecash may not happen either. Well, one difference is that those transactions can often be undone, if imperfectly at times. The whole set of transactions is logged in many different places, and if there's an attack, there's some reasonable hope of getting the money back. And that said, there have been reports of spyware stealing passwords for online banking systems, and of course, there are tons of phishing and pharming schemes to get the account passwords in a more straightforward way. The point is, if you're ripped off in this way, there's a reasonable chance you can get your money back, because the bank has a complete record of the transactions that were done. There's no chance of this happening when there's no record of the transaction anywhere. >> The payment system operators will surely be sued for this, because >> they're the only ones who will be reachable. They will go broke, and >> the users will be out their money, and nobody will be silly enough to >> make their mistake again. >They might be sued but they won't necessarily go broke. It depends on >how deep the pockets are suing them compared to their own, and most >especially it depends on whether they win or lose the lawsuit. I don't think so. Suppose there's a widespread attack that steals money from tens of thousands of users of this payment technology. There seem to be two choices: a. The payment system somehow makes good on their losses. b. Everyone who isn't dead or insane pulls every dime left in that system out, knowing that they could be next. It's not even clear that these are mutually exclusive, but if (a) doesn't happen, (b) surely will. Nobody wants their money stolen, and I don't think many people are so confident of their computer security that they're willing to bet huge amounts of money on it. If you have to be that confident in your computer security to use the payment system, it's not going to have many clients. >CP --John From gnu at toad.com Tue Oct 25 10:20:16 2005 From: gnu at toad.com (John Gilmore) Date: Tue, 25 Oct 2005 10:20:16 -0700 Subject: [Politech] Wiretapping innocent people on the Internet In-Reply-To: <435CF29E.7040306@well.com> Message-ID: The NYT covered this story, on the front page, too. But somehow it was all about "Colleges Protest Call to Upgrade Online Systems". It wasn't about the government automating the bugging of every student, professor, and staff person by typing a few commands from the basement of the FBI building. The nasty word "wiretap" didn't appear til the eighth paragraph, "below the fold", and when it did appear, it was buried in mid-sentence, right next to "criminals, terrorists and spies". (They never wiretap "citizens", "innocent bystanders", or "suspects", and everyone wiretapped is of course guilty-as-charged, though they haven't been charged with any crime yet.) There's no shortage of bias in the New York Times, but this is a particularly blatant example. Now why is it in the interest of the Times to build wiretapping into the hardware of the Internet? The story also claimed that "Because the government would have to win court orders before undertaking surveillance, the universities are not raising civil liberties issues." I think there's a civil liberties issue when the US Government wants to wire the country like the Stasi wired East Germany for indiscriminate bugging. And there's no "winning" of these court orders; they happen in secret, without the participation or knowledge of the target of the wiretap. The university cannot appear in court to argue about whether the order should be issued (and very few challenge them after issuance). In most cases the judge is *required* to issue the secret wiretap order every time the Feds merely say "we need the info". To get 99% of such orders, they don't need a warrant, nor probable cause to believe that a crime has been committed. What used to be tough wiretap standards have been whittled away inch by inch by decades of aggressive pushing on the part of the FBI, DEA, CIA, NSA, and DoJ. In August, one judge woke up and published a decision that said, despite his previously regular issuance of secret orders to track the location of peoples' cellphones in real time, without probable cause or any suspicion of criminal activity, he was concerned about whether this routine secret practice was actually legal. (See http://www.eff.org/news/archives/2005_09.php#004002). Bravo for that one judge who found his conscience. The government argues that under the same conditions (no warrant, no reason to suspect you in particular), they can monitor about 40% of the bits you send over the Internet, in real time, including where you are, who you're talking with, what protocols you're using, and every URL, email address, IM name, or other "addressing and signaling information". (I argue that they don't have this authority, but I never get to show up in court at these discussions with the judge.) Not only is this information supposedly legal for the government to get about every citizen, it's perfect for automated software tracking of who's-talking-to-who, all the time. The NSA term for it is "traffic analysis", and most of it works even if your communications are encrypted. I understand why the authoritarian brass would want routine wiretaps of the innocent; as Orson Welles said, "Only in a police state is the job of a policeman easy." They've lost sight of their goal (keeping people safe and free), yet redoubled their efforts. Why this would be in the interest of the citizens (or the FCC, or the NY Times) is the puzzle. John Gilmore (speaking for myself) ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rah at shipwright.com Tue Oct 25 08:34:10 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 25 Oct 2005 11:34:10 -0400 Subject: On the orthogonality of anonymity to current market demand In-Reply-To: <19746800.1130183853393.JavaMail.root@elwamui-rustique.atl.sa.earthlink.ne t> References: <19746800.1130183853393.JavaMail.root@elwamui-rustique.atl.sa.earthlink.ne t> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- At 3:57 PM -0400 10/24/05, John Kelsey wrote: >More to the point, an irreversible payment system raises big practical >problems in a world full of very hard-to-secure PCs running the >relevant software. One exploitable software bug, properly used, can >steal an enormous amount of money in an irreversible way. And if your >goal is to sow chaos, you don't even need to put most of the stolen >money in your own account--just randomly move it around in >irreversible, untraceable ways, making sure that your accounts are >among the ones that benefit from the random generosity of the attack. >The payment system operators will surely be sued for this, because >they're the only ones who will be reachable. They will go broke, and >the users will be out their money, and nobody will be silly enough to >make their mistake again. Though I agree with the notion that anonymity is orthogonal to market demand at the moment, I think you lost me at the word "account", above. :-). That is to say, your analysis conflicts with the whole trend towards T-0 trading, execution, clearing and settlement in the capital markets, and, frankly, with all payment in general as it gets increasingly granular and automated in nature. The faster you can trade or transact business with the surety that the asset in question is now irrevocably yours, the more trades and transactions you can do, which benefits not only the individual trader but markets as a whole. The whole foundation of modern finance, and several -- almost posthumous, so pervasive was the homeopathic socialism that we now call Keynesianism -- Nobel prizes in economics are based on that premise, and it has been proven empirically now for many decades: The entire history of the currency futures markets would be a good example, though now that I think of it, any derivative market, since the time of Thales himself, would prove the point. However "anonymous" irrevocability might offend one's senses and cause one to imagine the imminent heat-death of the financial universe (see Gibbon, below... :-)), I think that technology will instead step up to the challenge and become more secure as a result. And, since internet bearer transactions are, by their very design, more secure on public networks than book-entry transactions are in encrypted tunnels on private networks, they could even be said to be secure *in spite* of the fact that they're anonymous; that -- as it ever was in cryptography -- business can be transacted between two parties even though they don't know, or trust, each other. For instance, another "problem" with internet bearer transactions, besides their prima facie "anonymity" (they're only prima facie because, while the protocols don't *require* is-a-person and-then-you-go-to-jail identity, traffic analysis is still quite trivial for the time being, onion routers notwithstanding) is that the client is responsible not only for most of the computation, but also for the storage of notes or coins, instead of a central database in a clearinghouse or bank somewhere "storing" various offsetting book-entries in, as you noted above, "accounts". :-). Of course, simply backing up one's data off-site, much easier with internet bearer certificates than with whole databases, solves this problem, and, as we all know here, the safest way to do *that* is to use some kind of m-of-n hash, stored, someday, for even smaller bits of cash :-), in many places on the net at once. Obviously, we don't need small cash to store big assets, any more than we need big servers to distribute big files in BitTorrent, but it will only accelerate, if not complete, the process, when we get there. As I have said, too many times :-), about these things, transaction cost is always going to be the critical factor in any change from book-entries to chaumian-esque internet bearer transactions. And I believe that, hand-in-hand with increased security, reduced transaction cost is more a function of the collapsing cost and the ubiquity of distributed processing power and network access than anything else. So, anonymity is, in fact, orthogonal to market demand, primarily because it's an *effect*, and not a cause, of that demand. As we all do now with the current proctological state of book-entry finance, the anonymity of a proposed internet bearer transaction infrastructure will just be a "cost" that the market would have to bear. :-). To channel Schopenhauer a bit, like the emergence of industrialism and the abolition of slavery was before it, once anonymity becomes a "feature" of our transaction infrastructure, people will eventually declare it to be not only self-evident all along, but a moral *prerequisite* of any transaction as well. To put it another way, it's a pity for acrophobics that the fastest way to get anywhere these days is to fly, but it is still a physical fact, nonetheless. Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ15P8cUCGwxmWcHhAQFpBQgAho3Tq+19xPsosyD0KLIfxrqUG2gQT9dM F0gOAr/+STjbT53JwqCm+ofucDYSwN3c339dCMTclPcI/5SPdWcrLg4/mtnfDqtd 8Pw6tTqtN9/qO01NyhmQmnYo070RC/cSmA3meAsHKrtUKoS1ypigX5ehHP2kNHS7 rPguFYeAuBDpfha9XCTg0qYEwJZvJUb+ph+kBs/fys1U+zzT4Dj3ibF6kMpSmrav rkhYnXUiFJ7DsMhwhVPmpwcQ4W2ghiqNFls+COULSAfTnWSZwLn6flLlM9YXQure F7Dnn4orOgAJFsnsEhk0skikb5XV+FlQrGTuWSHaM5mYVlpdQx5H+A== =aDV5 -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mv at cdc.gov Tue Oct 25 11:54:09 2005 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 25 Oct 2005 11:54:09 -0700 Subject: On special objects, and Judy Miller's treason Message-ID: <435E7F50.697D9F56@cdc.gov> Its unfortunate that some posters had to be reminded that anyone calling for government-licensed "reporters" (and "religions", as one author included) deserves to have their carbon recycled, because of the treason to the BoR. Tim May used to call government licensed citizens "special objects". Search for it. If state violence is used against "unlicensed" practitioners, then the state controls the practice. Pharmacy provides another example of this --the state controlling what you ingest. It is also sad that no one pointed out that when compelled to go before the Inquisition (aka grand jury) one is not compelled to say anything. So long as the BoR holds. For instance, Dupe Miller could have kept her crudely painted mouth shut, because she could have worried that she would have incriminated herself, eg in not reporting the felony of broadcasting a spook's identity. Or worried about unknown charges that might be brought against her; you never know what prosecutors will dream up. Do not cooperate with fascists, occupying troops, etc. (Speaking of which, are any anonymous offshore betting establishments making odds on Ryan Lackey's lifespan?) --- Impeach or frag. From mv at cdc.gov Tue Oct 25 11:54:24 2005 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 25 Oct 2005 11:54:24 -0700 Subject: Private records scattered in the wind (FLA) Message-ID: <435E7F60.2FA93C90@cdc.gov> We encourage the publication of the (paper) school records which the FLA hurricane reportedly distributed to locals, as part of an effort to show the sheeple how *well* the state guards their secrets. Particularly interested in offspring of state officials, not that their kids are likely go to public schools. [FLA is required to bus lower caste students within counties, to achieve a certain average complexion, so even in Jeb'$ neighborhood the schools suck.] --- Impeach or frag. From mv at cdc.gov Tue Oct 25 12:04:29 2005 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 25 Oct 2005 12:04:29 -0700 Subject: big bro in the car Message-ID: <435E81BD.9E5F6929@cdc.gov> Nuclear Detection: Fixed detectors, portals, and NEST teams wont work for shielded HEU on a national scale; a distributed network of in-vehicle detectors is also necessary to deter nuclear terrorism http://iis-db.stanford.edu/evnts/4249/disarm.pdf Maybe the FCC will require rad detectors in cellphones as part of their 911-location finding / dissident-tracking system? ----- Go for the head shot, they're wearing puffy vests on the tube, mate. From declan at well.com Tue Oct 25 13:23:23 2005 From: declan at well.com (Declan McCullagh) Date: Tue, 25 Oct 2005 13:23:23 -0700 Subject: [Politech] U.S. passports to receive RFID implants starting in October 2006 [priv] Message-ID: Text of regulations: http://edocket.access.gpo.gov/2005/05-21284.htm --- http://news.com.com/Passports+to+get+RFID+chip+implants/2100-7348_3-5913644.h tml?tag=nefd.top Passports to get RFID chip implants October 25, 2005, 12:12 PM PDT All U.S. passports will be implanted with remotely-readable computer chips starting in October 2006, the Bush administration has announced. Sweeping new State Department regulations issued Tuesday say that passports issued after that time will have tiny radio frequency ID (RFID) chips that can transmit personal information including the name, nationality, sex, date of birth, place of birth and digitized photograph of the passport holder. Eventually, the government contemplates adding additional digitized data such as "fingerprints or iris scans." Over the last year, opposition to the idea of implanting RFID chips in passports has grown amidst worries that identity thieves could snatch personal information out of the air simply by aiming a high-powered antenna at a person or a vehicle carrying a passport. Out of the 2,335 comments on the plan that were received by the State Department this year, 98.5 percent were negative. The objections mostly focused on security and privacy concerns. [...remainder snipped...] _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From dave at farber.net Tue Oct 25 11:08:43 2005 From: dave at farber.net (David Farber) Date: Tue, 25 Oct 2005 14:08:43 -0400 Subject: [IP] Wiretapping innocent people on the Internet Message-ID: From leichter_jerrold at emc.com Tue Oct 25 11:58:22 2005 From: leichter_jerrold at emc.com (leichter_jerrold at emc.com) Date: Tue, 25 Oct 2005 14:58:22 -0400 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems Message-ID: | U.S. law generally requires that stolen goods be returned to the | original owner without compensation to the current holder, even if | they had been purchased legitimately (from the thief or his agent) by | an innocent third party. This is incorrect. The law draws a distinction between recognized sellers of the good in question, and other sellers. If you buy a washer from a guy who comes up to you and offers you a great deal on something from the back of his truck, and it turns out to be stolen, you lose. If you go to an appliance store and buy a washer that turned out to be stolen, it's yours. Buy a gold ring from the salesman at the same store, and you better hope he didn't steal it. As in any real-world situation, there are fuzzy areas at the edges; and there are exceptions. (Some more expensive objects transfer by title - mainly houses and cars. You don't get any claim on the object unless you have a state-issued title.) But the general intent is clear and reasonable. | Likewise a payment system with traceable | money might find itself subject to legal orders to reverse subsequent | transactions, confiscate value held by third parties and return the | ill-gotten gains to the victim of theft or fraud. Depending on the | full operational details of the system, Daniel Nagy's epoints might be | vulnerable to such legal actions. This is no different from the case with cash today. If there is a way to prove - in the legal sense, not some abstract mathematical sense - that a transfer took place, the legal system may reverse it. This comes up in contexts like improper transfers of assets before a bankruptcy declaration, or when people try to hide money during a divorce. -- Jerry From camera_lumina at hotmail.com Tue Oct 25 13:36:45 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 25 Oct 2005 16:36:45 -0400 Subject: On special objects, and Judy Miller's treason In-Reply-To: <435E7F50.697D9F56@cdc.gov> Message-ID: >Its unfortunate that some posters had to be reminded that anyone >calling for government-licensed "reporters" (and "religions", as one >author included) deserves to have their carbon recycled, because >of the treason to the BoR. Tim May used to call government licensed >citizens "special objects". Search for it. Although I agree in theory, if I were a black man in Alabama in the 1950s (for instance), I might certainly be willing to try to declare blacks as worthy of "special consideration" if that would keep me from getting lynched. I would not, in general, expect to be held liable by others for the reaction of Tyrants, and I'd be willing to allow other lynchables to take care of themselves. Is Miller in this situation? Doubtful, but then again were you -suprised-? -TD From mv at cdc.gov Tue Oct 25 19:52:10 2005 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 25 Oct 2005 19:52:10 -0700 Subject: crypto on sonet is free, Tyler Message-ID: <435EEF5A.6EDB6430@cdc.gov> At 03:15 PM 6/8/04 -0400, Tyler Durden wrote: >Well, it's interesting to consider how/if that might be possible. SONET >scrambles the payload prior to transmission..adding an additional crypto >layer prior to transmission would mean changing the line rate, so probably a >no-no. Tyler, one can implement crypto at *arbitrary* line rates though the use of multiple hardware engines and the right "mode" of operation. If you don't use crypto you are broadcasting, as well as accepting anything from anyone as authentic. Its that simple. Caveat receiver. --- Impeach or frag. From eugen at leitl.org Tue Oct 25 12:49:47 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 25 Oct 2005 21:49:47 +0200 Subject: [dave@farber.net: [IP] Wiretapping innocent people on the Internet] Message-ID: <20051025194947.GB2249@leitl.org> ----- Forwarded message from David Farber ----- From eugen at leitl.org Tue Oct 25 13:41:02 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 25 Oct 2005 22:41:02 +0200 Subject: [declan@well.com: [Politech] U.S. passports to receive RFID implants starting in October 2006 [priv]] Message-ID: <20051025204101.GC2249@leitl.org> ----- Forwarded message from Declan McCullagh ----- From solinym at gmail.com Tue Oct 25 21:40:24 2005 From: solinym at gmail.com (Travis H.) Date: Tue, 25 Oct 2005 23:40:24 -0500 Subject: [PracticalSecurity] Anonymity - great technology but hardly used In-Reply-To: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> References: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> Message-ID: Part of the problem is using a packet-switched network; if we had circuit-based, then thwarting traffic analysis is easy; you just fill the link with random garbage when not transmitting packets. I considered doing this with SLIP back before broadband (back when my friend was my ISP). There are two problems with this; one, getting enough random data, and two, distinguishing the padding from the real data in a computationally efficient manner on the remote side without giving away anything to someone analyzing your traffic. I guess both problems could be solved by using synchronized PRNGs on both ends to generate the chaff. The two sides getting desynchronzied would be problematic. Please CC me with any ideas you might have on doing something like this, perhaps it will become useful again one day. On packet-switched networks, running full speed all the time is not very efficient nor is it very friendly to your neighbors. Again, if you have any ideas on how to deal with this, email me. Many of the anonymity protocols require multiple participants, and thus are subject to what economists call "network externalities". The best example I can think of is Microsoft Office file formats. I don't buy MS Office because it's the best software at creating documents, but I have to buy it because the person in HR insists on making our timecards in Excel format. In this case, the fact that the HR person (a third party to the transaction) is using it forces me to buy it from Microsoft. Similarly, the more people use digital cash, the more likely I am to decide to use it. The more Tor nodes we have, the more high speed and close nodes there will be, and the more enjoyable the experience will be (assuming Tor is smart enough to use the close, fast nodes). For more information on network externalities, see the book "Information Rules", available from Amazon for just over $4. Everyone working in IT or interested in computers should read that book. Another issue involves the ease of use when switching between a [slower] anonymous service and a fast non-anonymous service. I have a tool called metaprox on my website (see URL in sig) that allows you to choose what proxies you use on a domain-by-domain basis. Something like this is essential if you want to be consistent about accessing certain sites only through an anonymous proxy. Short of that, perhaps a Firefox plug-in that allows you to select proxies with a single click would be useful. It would be nice if the protocols allowed you to specify a chain of proxies, but unfortunately HTTP only allows you to specify the next hop, not a chain of hops. Perhaps someone could come up with an encapsulation method and cooperative proxy server that is more like the old cpunk remailers, using nested encrypted "envelopes" in the body of the request. Perhaps crowds or Tor already does this, I don't know. Where anonymizing facilities fail are fairly obvious to anyone who has used them, listed in descending order of importance: ease of configuration (initial setup cost) ease of use locator services for peers or servers network effects (not enough people using it) efficient use of resources (see quote in sig about why this is the least important) There are some technical concerns limiting their security: resistance to traffic analysis or trojaned software ad-hoc systems for crypto key updates or revocation I think one way to encourage adoption is to amortize the cost of setup over a group of people. For example, everyone who reads this could set up a hardened co-loc box and install all the relevant software, then charge their friends a small fee to use it. An ISP could make these services available to their customers. An ASP could make them available to customers over the web. People could start creating open-source Live! CD distributions* with all the software clients installed and preconfigured (or configured easily through a wizard-like set of menus invoked automatically at bootup). With Live! CDs in particular, you'd have a bit of a problem with generating crypto keys since the RNG fires up in the same state for everyone, but perhaps you could seed it by hashing the contents of a disk drive, or the contents of memory-mapped hardware ROMs (e.g. ethernet MAC address), network traffic, and/or with seed state persisted on a removable USB drive. [*] See http://www.frozentech.com/content/livecd.php I don't see a distro specifically for anonymity; if you have friends who want to create Yet Another Linux Distro, perhaps they could fill this niche. Two alternatives suggest themselves; a client distro for end-users and a server distro for people with a machine that's not doing anything. You'd just pop in the CD and it announces its availability to various locator services to act as a Tor, mixmaster, or whatever node. Again, keep me informed if anyone starts work on this. -- http://www.lightconsulting.com/~travis/ -><- "We already have enough fast, insecure systems." -- Schneier & Ferguson GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B From solinym at gmail.com Tue Oct 25 22:24:07 2005 From: solinym at gmail.com (Travis H.) Date: Wed, 26 Oct 2005 00:24:07 -0500 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <8671013.1130250005432.JavaMail.root@elwamui-rustique.atl.sa.earthlink.net> References: <8671013.1130250005432.JavaMail.root@elwamui-rustique.atl.sa.earthlink.net> Message-ID: > If you have > to be that confident in your computer security to use the payment > system, it's not going to have many clients. Maybe the trusted computing platform (palladium) may have something to offer after all, namely enabling naive users to use services that require confidence in their own security. One could argue it's like going to a Vegas casino; software vendors (MS *cough* MS) probably won't cheat you in such a system because they don't have to; the odds are in their favor already. The whole system is designed to assure they get paid, and they have a lot to lose (confidence in the platform) by cheating you (at least in ways that can be detected). And since you won't be able to do anything to compromise the security, you can't screw it up. While I wouldn't see an advantage in that, I might recommend it for my grandmother. More on topic, I recently heard about a scam involving differential reversibility between two remote payment systems. The fraudster sends you an email asking you to make a Western Union payment to a third party, and deposits the requested amount plus a bonus for you using paypal. The victim makes the irreversible payment using Western Union, and later finds out the credit card used to make the paypal payment was stolen when paypal reverses the transaction, leaving the victim short. -- http://www.lightconsulting.com/~travis/ -><- "We already have enough fast, insecure systems." -- Schneier & Ferguson GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B From kelsey.j at ix.netcom.com Tue Oct 25 23:13:18 2005 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Wed, 26 Oct 2005 02:13:18 -0400 (EDT) Subject: On the orthogonality of anonymity to current market demand Message-ID: <26873835.1130307198603.JavaMail.root@elwamui-huard.atl.sa.earthlink.net> >From: "R.A. Hettinga" >Sent: Oct 25, 2005 8:34 AM >To: cryptography at metzdowd.com, cypherpunks at jfet.org >Subject: On the orthogonality of anonymity to current market demand ... >That is to say, your analysis conflicts with the whole trend towards >T-0 trading, execution, clearing and settlement in the capital >markets, and, frankly, with all payment in general as it gets >increasingly granular and automated in nature. The faster you can >trade or transact business with the surety that the asset in question >is now irrevocably yours, the more trades and transactions you can >do, which benefits not only the individual trader but markets as a >whole. The prerequisite for all this is that when the asset changes hands, it's very nearly certain that this was the intention of the asset's previous owner. My point isn't to express my love for book-entry payment systems. There's plenty to hate about them. But if the alternative is an anonymous, irreversible payment system whose control lies in software running alongside three pieces of spyware on my Windows box, they probably still win for most people. Even bad payment systems are better than ones that let you have everything in your wallet stolen by a single attack. ... >However "anonymous" irrevocability might offend one's senses and >cause one to imagine the imminent heat-death of the financial >universe (see Gibbon, below... :-)), I think that technology will >instead step up to the challenge and become more secure as a >result. What's with the heat-death nonsense? Physical bearer instruments imply stout locks and vaults and alarm systems and armed guards and all the rest, all the way down to infrastructure like police forces and armies (private or public) to avoid having the biggest gang end up owning all the gold. Electronic bearer instruments imply the same kinds of things, and the infrastructure for that isn't in place. It's like telling people to store their net worth in their homes, in gold. That can work, but you probably can't leave the cheapest lock sold at Home Depot on your front door and stick the gold coins in the same drawer where you used to keep your checkbook. >And, since internet bearer transactions are, by their very >design, more secure on public networks than book-entry transactions >are in encrypted tunnels on private networks, they could even be said >to be secure *in spite* of the fact that they're anonymous; that -- >as it ever was in cryptography -- business can be transacted between >two parties even though they don't know, or trust, each other. Why do you say internet bearer transactions are more secure? I can see more efficient, but why more secure? It looks to me like both kinds of payment system are susceptible to the same broad classes of attacks (bank misbehavior (for a short time), someone finding a software bug, someone breaking a crypto algorithm or protocol). What makes one more secure than the other? ... >Cheers, >RAH --John Kelsey From press at eff.org Wed Oct 26 07:00:22 2005 From: press at eff.org (EFF Press) Date: October 26, 2005 7:00:22 PM EDT Subject: [E-B] EFF: Court Issues Surveillance Smack-Down to Justice Message-ID: Department Reply-To: press at eff.org Electronic Frontier Foundation Media Release For Immediate Release: Wednesday, October 26, 2005 Contact: Kevin Bankston Staff Attorney Electronic Frontier Foundation bankston at eff.org +1 415 436-9333 x126 Kurt Opsahl Staff Attorney Electronic Frontier Foundation kurt at eff.org +1 415 436 9333 x106 Court Issues Surveillance Smack-Down to Justice Department No Cell Phone Location Tracking Without Probable Cause New York - Agreeing with a brief submitted by EFF, a federal judge forcefully rejected the government's request to track the location of a mobile phone user without a warrant. Strongly reaffirming an earlier decision, Federal Magistrate James Orenstein in New York comprehensively smacked down every argument made by the government in an extensive, fifty-seven page opinion issued this week. Judge Orenstein decided, as EFF has urged, that tracking cell phone users in real time required a showing of probable cause that a crime was being committed. Judge Orenstein's opinion was decisive, and referred to government arguments variously as "unsupported," "misleading," "contrived," and a "Hail Mary." "This is a true victory for privacy in the digital age, where nearly any mobile communications device you use might be converted into a tracking device," said EFF Staff Attorney Kevin Bankston. "Combined with a similar decision this month from a federal court in Texas, I think we're seeing a trend--judges are starting to realize that when it comes to surveillance issues, the DOJ has been pulling the wool over their eyes for far too long." Earlier this month, a magistrate judge in Texas, following the lead of Orenstein's original decision, published his own decision denying a government application for a cell phone tracking order. That ruling, along with Judge Orenstein's two decisions, revealed that the DOJ has routinely been securing court orders for real-time cell phone tracking without probable cause and without any law authorizing the surveillance. "The Justice Department's abuse of the law here is probably just the tip of the iceberg," said EFF Staff Attorney Kurt Opsahl. "The routine transformation of your mobile phone into a tracking device, without any legal authority, raises an obvious and very troubling question: what other new surveillance powers has the government been creating out of whole cloth and how long have they been getting away with it?" The government is expected to appeal both decisions and EFF intends to participate as a friend of the court in each case. You can read the full text of Judge Orenstein's new opinion, and the similar Texas opinion, at www.eff.org/legal/cases/USA_v_PenRegister. For this release: http://www.eff.org/news/archives/2005_10.php#004090 About EFF The Electronic Frontier Foundation is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression and privacy online. EFF is a member-supported organization and maintains one of the most linked-to websites in the world at http://www.eff.org/ -end- _______________________________________________ presslist mailing list https://falcon.eff.org/mailman/listinfo/presslist ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From joern2473 at yahoo.com Wed Oct 26 07:09:23 2005 From: joern2473 at yahoo.com (Jörn Schmidt) Date: Wed, 26 Oct 2005 07:09:23 -0700 (PDT) Subject: [PracticalSecurity] Anonymity - great technology but hardly used In-Reply-To: Message-ID: <20051026140924.91559.qmail@web52407.mail.yahoo.com> --- "Travis H." wrote: [snip] > Another issue involves the ease of use when switching between a > [slower] anonymous service and a fast non-anonymous service. I have > a > tool called metaprox on my website (see URL in sig) that allows you > to > choose what proxies you use on a domain-by-domain basis. Something > like this is essential if you want to be consistent about accessing > certain sites only through an anonymous proxy. Short of that, > perhaps > a Firefox plug-in that allows you to select proxies with a single > click would be useful. You can already do the latter with SwitchProxy (http://www.roundtwo.com/product/switchproxy). Basically, it's a Firefox extension that saves you the trouble of going into the 'preferences' dialogue everytime you want to switch from one proxy to another (or go from using a proxy to not using one, that is). It works like a charm with tor and a local proxy. It also has a "Anonymizer mode", which cycles through a list of proxies in an attempt to give you some kind of pseudo-anonymity (which I guess is good enough for many people). Jvrn __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com From dirkx at webweaving.org Wed Oct 26 07:47:22 2005 From: dirkx at webweaving.org (Dirk-Willem van Gulik) Date: Wed, 26 Oct 2005 07:47:22 -0700 (PDT) Subject: [smb@cs.columbia.edu: Skype security evaluation] In-Reply-To: <792ce4370510241050m6e0cd60atc155ffac3054ca40@mail.gmail.com> References: <20051023153121.GW2249@leitl.org> <792ce4370510241050m6e0cd60atc155ffac3054ca40@mail.gmail.com> Message-ID: <20051026074451.L35119@skutsje.san.webweaving.org> On Mon, 24 Oct 2005, cyphrpunk wrote: > Is it possible that Skype doesn't use RSA encryption? Or if they do, > do they do it without using any padding, and is that safe? You may want to read the report itself: http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf and perhaps section 3.2.3 (about padding) and 3.2.2 (about how RSA is used) may help with this (and what it is used for in section 2). Dw. From neuhaus at st.cs.uni-sb.de Tue Oct 25 23:21:08 2005 From: neuhaus at st.cs.uni-sb.de (Stephan Neuhaus) Date: Wed, 26 Oct 2005 08:21:08 +0200 Subject: [PracticalSecurity] Anonymity - great technology but hardly used In-Reply-To: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> References: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> Message-ID: <435F2054.6010804@st.cs.uni-sb.de> cyphrpunk wrote: > The main threat to > this illegal but widely practiced activity is legal action by > copyright holders against individual traders. The only effective > protection against these threats is the barrier that could be provided > by anonymity. An effective, anonymous file sharing network would see > rapid adoption and would be the number one driver for widespread use > of anonymity. If I thought I was being ripped off by anonymous file sharing, I'd try to push legislation that would mandate registering beforehand any download volume exceeding x per month. Downloaded more than x per month but not registered? Then you'll have to lay open your traffic, including encryption keys. The reasoning would be that most people won't have any legitimate business downloading more than x per month. By adjusting x, you can make a strong case. Once you get this enacted, you first get the ones with huge download volumes; then you lower x and repeat until the number of false positives gets too embarassing. If that seems drastic, just take a look at other legislation that has been enacted recently. I certainly believe that it's possible. Fun, Stephan [demime 1.01d removed an attachment of type text/x-vcard which had a name of neuhaus.vcf] From s.schear at comcast.net Wed Oct 26 08:38:03 2005 From: s.schear at comcast.net (Steve Schear) Date: Wed, 26 Oct 2005 08:38:03 -0700 Subject: Legally thwarting FBI surveillance of libraries and ISPs Message-ID: <6.0.1.1.0.20051026083626.05a74b50@mail.comcast.net> I'm one of those that believes that agrees with Louis Brandice's dissenting opinion about the constitutionality of wiretaps. That they violate the privacy of those parties who call or are called by the party being wiretapped. I have written on this in 2002/2003. There seem to be at least two legal ways to both obey court orders and also allow the monitored parties a way to learn of the activity. 1 - The basic notion is for the University/ISP/library to allow all its premises to be bugged. Every room (except maybe the restroom) by its clients (or their proxies). All communication could be monitored and the ISP would have no control. My understanding of court orders is that they must be served on the ISP at its business address. Once the order is opened or discussed by the designated employee who receives the data all its clients would know in short order. The employees and management will not have been responsible because they have not taken any affirmative actions to allow the information to escape their custody. They will have protected the info with the same diligence they show their own data. ;-) 2 - Alternatively, the organization implements a policy of replying positively to all inquiries if asked by a patron/student the when their account is free of such court orders. If a request does come in then the db admin can either: fail to respond (monitoring implied), tell them they are being monitored (violating the law) or lie and say they are not even if they are. They can charge a fee for this service and use it as a new revenue source. Looks like at least one library is trying a variation the method I suggested... "The Patriot Act also prohibits libraries and others from notifying patrons and others that an investigation is ongoing. At least one library has tried a solution to "beat the system" by regularly informing the board of directors that there are no investigations. If the director does not notify the Board that there are no investigations, it can serve as a clue that something may be happening. " http://www.ombwatch.org/article/articleview/1706/1/41 Can the Feds require a librarian to lie to a customer who inquires whether their library usage is being monitored? 3 - For libraries another is available. Libraries routinely assess overdue fines and thus most have a cash register at the checkout desk. If they allow patrons to remove books without showing ID and charge them, as a refundable deposit, the full replacement value in cash, then no records need be created which can be turned over to law enforcement. A receipt might be provided to the patron showing them the last day they may return the book without forfeiting the deposit. They can charge a fee for this service and use it as a new revenue source. Steve From jamesd at echeque.com Wed Oct 26 08:53:02 2005 From: jamesd at echeque.com (James A. Donald) Date: Wed, 26 Oct 2005 08:53:02 -0700 Subject: On Digital Cash-like Payment Systems In-Reply-To: <20051024223836.GI4102@epointsystem.org> References: <792ce4370510241458p2c6788e2rc75842dc6a1e30d9@mail.gmail.com> Message-ID: <435F43EE.21250.A1D6EE9@localhost> Date sent: Tue, 25 Oct 2005 00:38:36 +0200 To: cyphrpunk Copies to: John Kelsey , Ian G , ray at unipay.nl, cryptography at metzdowd.com, cypherpunks at jfet.org From: nagydani at epointsystem.org (Daniel A. Nagy) Subject: Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems > One intresting security measure protecting valuable digital assets (WM > protects private keys this way) is "inflating" them before encryption. > > While it does not protect agains trojan applications, it does a surprisingly > good job at reducing attacks following the key logging + file theft pattern. > > This security measure depends on two facts: storage being much cheaper than > bandwidth and transmission of long files being detectable, allowing for > detecting and thwarting an attack in progress. How does one inflate a key? > > -- > Daniel From jamesd at echeque.com Wed Oct 26 08:53:04 2005 From: jamesd at echeque.com (James A. Donald) Date: Wed, 26 Oct 2005 08:53:04 -0700 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <792ce4370510241446l589ee3eeg85ed574bb640dd83@mail.gmail.com> References: <6.0.1.1.0.20051024120442.052d4480@mail.comcast.net> Message-ID: <435F43F0.23393.A1D7702@localhost> -- Steve Schear > Yes, but unfortunately it is not clear at all that > courts would find the opposite, either. If a lawsuit > names the currency issuer as a defendant, which it > almost certainly would, a judge might order the > issuer's finances frozen or impose other measures > which would impair its business survival while trying > to sort out who is at fault. It would take someone > with real cojones to go forward with a business > venture of this type in such uncharted waters. Anyone can sue for anything. Paypal is entirely located in the US, making it easy to sue, has done numerous bad things, but no court orders have been issued to put it out of business. If a business's main assets are gold located in offshore banks, courts are apt to be quite reluctant to attempt to shut it down, as issuing ineffectual or difficult to enforce orders makes a judge look stupid. People fuss too much about what courts might do. Courts are as apt, perhaps more apt, to issue outrageous orders if you are as innocent. as the dawn. Courts are like terrorists in that there is no point in worrying what might offend the terrorists, because they are just as likely to target you no matter what you do. Government regulators are a bigger problem, since they are apt to forbid any business model they do not understand, but they tend to be more predictable than courts. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG CY46prGSdN80nLrJL5G79zdH2Uu2lRjQHD9mlSsf 4JTEpYw1dnco9AMX6Fvv3Uce0bPsG1TJYg+qpwG5n From jamesd at echeque.com Wed Oct 26 09:17:21 2005 From: jamesd at echeque.com (James A. Donald) Date: Wed, 26 Oct 2005 09:17:21 -0700 Subject: On the orthogonality of anonymity to current market demand In-Reply-To: <26873835.1130307198603.JavaMail.root@elwamui-huard.atl.sa.earthlink.net> Message-ID: <435F49A1.14621.A33B337@localhost> -- John Kelsey > What's with the heat-death nonsense? Physical bearer > instruments imply stout locks and vaults and alarm > systems and armed guards and all the rest, all the way > down to infrastructure like police forces and armies > (private or public) to avoid having the biggest gang > end up owning all the gold. Electronic bearer > instruments imply the same kinds of things, and the > infrastructure for that isn't in place. It's like > telling people to store their net worth in their > homes, in gold. That can work, but you probably can't > leave the cheapest lock sold at Home Depot on your > front door and stick the gold coins in the same drawer > where you used to keep your checkbook. Some of us get spyware more than others. Further, genuinely secure systems are now becoming available, notably Symbian. While many people are rightly concerned that DRM will ultimately mean that the big corporation, and thus the state, has root access to their computers and the owner does not, it also means that trojans, viruses, and malware does not. DRM enables secure signing of transactions, and secure storage of blinded valuable secrets, since DRM binds the data to the software, and provides a secure channel to the user. So secrets representing ID, and secrets representing value, can only be manipulated by the software that is supposed to be manipulating it. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 3CepcQ59MYKAZTizEycP1vkZBbexwbyiobaC/bXS 44hfxMF4PBKXmc5uavnegOFFCMtNwDmpIMxLBcyI3 From camera_lumina at hotmail.com Wed Oct 26 06:44:04 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 26 Oct 2005 09:44:04 -0400 Subject: crypto on sonet is free, Tyler In-Reply-To: <435EEF5A.6EDB6430@cdc.gov> Message-ID: Yo Variola! Did you notice the date stamp on that post? Did you do a stint on "Survivor" or something? Or as I said to the short-lived Tom Veil, "What, no Starbucks near your Unabomber shack?" -TD >From: "Major Variola (ret)" >To: "cypherpunks at al-qaeda.net" >Subject: crypto on sonet is free, Tyler >Date: Tue, 25 Oct 2005 19:52:10 -0700 > >At 03:15 PM 6/8/04 -0400, Tyler Durden wrote: > >Well, it's interesting to consider how/if that might be possible. SONET > > >scrambles the payload prior to transmission..adding an additional >crypto > >layer prior to transmission would mean changing the line rate, so >probably a > >no-no. > >Tyler, one can implement crypto at *arbitrary* line rates though the use > >of multiple hardware engines and the right "mode" of operation. > >If you don't use crypto you are broadcasting, as well as accepting >anything >from anyone as authentic. Its that simple. Caveat receiver. > >--- >Impeach or frag. From prjdhaxmoqzt at comcast.net Wed Oct 26 09:59:27 2005 From: prjdhaxmoqzt at comcast.net (Sterling Mock) Date: Wed, 26 Oct 2005 10:59:27 -0600 Subject: designer watches for a fraction of the cost Message-ID: <68745065608835.24431534@burley> on assimilate some shut try backstage see collarbone the ceramium , dewar see muslim see nourish it's naturopath and bridgehead ! cardiovascular see extramarital may malcontent be scandalous but dastard not bumble see casual or debate it's richmond. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 759 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: tiffany.9.gif Type: image/gif Size: 11505 bytes Desc: not available URL: From Ivars.Suba at bank.lv Wed Oct 26 01:52:16 2005 From: Ivars.Suba at bank.lv (Ivars Suba) Date: Wed, 26 Oct 2005 11:52:16 +0300 Subject: [smb@cs.columbia.edu: Skype security evaluation] Message-ID: <09860B5A18E3064881072A101816D81B0830EB44@E-PASTS.bank.lv> Is it possible that Skype doesn't use RSA encryption? Or if they do, do they do it without using any padding, and is that safe? No ,Skype use RSA encryption: "Each party contributes 128 random bits toward the 256-bit session key. The contributions are exchanged as RSA cryptograms. The two contributions are then combined in a cryptographically-sound way to form the shared session key." I. -----Original Message----- From: owner-cryptography at metzdowd.com [mailto:owner-cryptography at metzdowd.com] On Behalf Of cyphrpunk Sent: Monday, October 24, 2005 8:51 PM To: Travis H. Cc: cypherpunks at jfet.org; cryptography at metzdowd.com; berson at anagram.com Subject: Re: [smb at cs.columbia.edu: Skype security evaluation] X-Approval-Subject: BOUNCE cypherpunks at al-qaeda.net: Non-member submission from ["Ivars Suba" ] On 10/23/05, Travis H. wrote: > My understanding of the peer-to-peer key agreement protocol (hereafter > p2pka) is based on section 3.3 and 3.4.2 and is something like this: > > A -> B: N_ab > B -> A: N_ba > B -> A: Sign{f(N_ab)}_a > A -> B: Sign{f(N_ba)}_b > A -> B: Sign{A, K_a}_SKYPE > B -> A: Sign{B, K_b}_SKYPE > A -> B: Sign{R_a}_a > B -> A: Sign{R_b}_b > > Session key SK_AB = g(R_a, R_b) But what you have shown here has no encryption, hence no secrecy. Surely RSA encryption must be used somewhere along the line. The report doesn't say anything about the details of how that is done. In particular, although it mentions RSA signature padding it says nothing about RSA encryption padding. Is it possible that Skype doesn't use RSA encryption? Or if they do, do they do it without using any padding, and is that safe? CP --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com - This e-mail is intended for the addressee(s) named above. It may contain confidential information, and any unauthorised disclosure, use or dissemination, either in whole or in part, is prohibited. If you have received this e-mail in error, please notify the sender immediately via e-mail and delete this e-mail from your system. Communications by e-mail are not subject to the same verification procedures as paper-based communications, therefore this e-mail is in no way whatsoever binding on the Bank of Latvia. From MyrtleBowervex at csoinc.net Wed Oct 26 13:36:09 2005 From: MyrtleBowervex at csoinc.net (Laurie Herron) Date: Wed, 26 Oct 2005 13:36:09 -0700 Subject: wanna be a rich guy? Message-ID: <0.1324614968.1197980757-185966658@topica.com> Authentic replica Rolex and other watches for gentlemen and ladies from just $229 Use this promotional link to get best ever prices: http://www.remarkablewatch.com prohibition you praecox me, constructor anglo buttercup . brindle you country me, chambers chrysanthemum . absolution you infinitive me, christen citizenry blubber . protect you beggar me, bujumbura . From jsd at av8n.com Wed Oct 26 12:14:27 2005 From: jsd at av8n.com (John Denker) Date: Wed, 26 Oct 2005 15:14:27 -0400 Subject: packet traffic analysis In-Reply-To: References: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> Message-ID: <435FD593.3030708@av8n.com> Travis H. wrote: > Part of the problem is using a packet-switched network; if we had > circuit-based, then thwarting traffic analysis is easy; you just fill > the link with random garbage when not transmitting packets. .... OK so far ... > There are two problems with this; one, getting > enough random data, and two, distinguishing the padding from the real > data in a computationally efficient manner on the remote side without > giving away anything to someone analyzing your traffic. I guess both > problems could be solved > by using synchronized PRNGs on both ends to generate the chaff. This is a poor statement of the problem(s), followed by a "solution" that is neither necessary nor sufficient. 1) Let's assume we are encrypting the messages. If not, the adversary can read the messages without bothering with traffic analysis, so the whole discussion of traffic analysis is moot. 2) Let's assume enough randomness is available to permit encryption of the traffic ... in particular, enough randomness is available _steady-state_ (without stockpiling) to meet even the _peak_ demand. This is readily achievable with available technology. 3) As a consequence of (1) and (2), we can perfectly well use _nonrandom_ chaff. If the encryption (item 1) is working, the adversary cannot tell constants from anything else. If we use chaff so that the steady-state traffic is indistinguishable from the peak traffic, then (item 2) we have enough randomness available; TA-thwarting doesn't require anything more. 4) Let's consider -- temporarily -- the scenario where the encryption is being done using IPsec. This will serve to establish terminology and expose some problems heretofore not mentioned. 4a) IPsec tunnel mode has "inner headers" that are more than sufficient to distinguish chaff from other traffic. (Addressing the chaff to UDP port 9 will do nicely.) 4b) What is not so good is that IPsec is notorious for "leaking" information about packet-length. Trying to make chaff with a distribution of packet sizes indistinguishable from your regular traffic is rarely feasible, so we must consider other scenarios, somewhat like IPsec but with improved TA-resistance. 5) Recall that IPsec tunnel mode can be approximately described as IPIP encapsulation carried by IPsec transport mode. If we abstract away the details, we are left with a packet (called an "envelope") that looks like ---------------++++++++++++++++++++++++++ | outer header | inner header | payload | [1] ---------------++++++++++++++++++++++++++ where the inner header and payload (together called the "contents" of the envelope) are encrypted. (The "+" signs are meant to be opaque to prying eyes.) The same picture can be used to describe not just IPsec tunnel mode (i.e. IPIP over IPsec transport) but also GRE over IPsec transport, and even PPPoE over IPsec transport. Note: All the following statements apply *after* any necessary fragmentation has taken place. The problem is that the size of the envelope (as described by the length field in the outer header) is conventionally chosen to be /just/ big enough to hold the contents. This problem is quite fixable ... we just need constant-sized envelopes! The resulting picture is: ---------------++++++++++++++++++++++++++++++++++++ | outer header | inner header | payload | padding | [2] ---------------++++++++++++++++++++++++++++++++++++ where padding is conceptually different from chaff: chaff means packets inserted where there would have been no packet, while padding adjusts the length of a packet that would have been sent anyway. The padding is not considered part of the contents. The decoding is unambiguous, because the size of the contents is specified by the length field in the inner header, which is unaffected by the padding. This is a really, really tiny hack on top of existing protocols. If your plaintext consists primarily of small packets, you should set the MTU of the transporter to be small. This will cause fragmentation of the large packets, which is the price you have to pay. Conversely, if your plaintext consists primarily of large packets, you should make the MTU large. This means that a lot of bandwidth will be wasted on padding if/when there are small packets (e.g. keystrokes, TCP acks, and voice cells) but that's the price you have to pay to thwart traffic analysis. (Sometimes you can have two virtual circuits, one for big packets and one for small packets. This degrades the max performance in both cases, but raises the minimum performance in both cases.) Remark: FWIW, the MTU (max transmission unit) should just be called the TU in this case, because all transmissions have the same size now! From eugen at leitl.org Wed Oct 26 06:34:00 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 26 Oct 2005 15:34:00 +0200 Subject: /. [Snooping Through Walls with Microwaves] Message-ID: <20051026133400.GF2249@leitl.org> Link: http://slashdot.org/article.pl?sid=05/10/26/0424211 Posted by: ScuttleMonkey, on 2005-10-26 10:26:00 denis-The-menace writes "According to an article from newscientist, scientists have devised a system to [1]use microwave energy for surveillance. If people are speaking inside the room, any flimsy surface, such as clothing, will be vibrating. This modulates the radio beam reflected from the surface. Although the radio reflection that passes back through the wall is extremely faint, the kind of electronic extraction and signal cleaning tricks used by NASA to decode signals in space can be used to extract speech. Although, I doubt it would work in [2]this room" References 1. http://www.newscientist.com.nyud.net:8090/article.ns?id=dn8208 2. http://www.imagireal.com.nyud.net:8090/gallery/foiled ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From justin-cypherpunks at soze.net Wed Oct 26 09:55:04 2005 From: justin-cypherpunks at soze.net (Justin) Date: Wed, 26 Oct 2005 16:55:04 +0000 Subject: [PracticalSecurity] Anonymity - great technology but hardly used In-Reply-To: <435F2054.6010804@st.cs.uni-sb.de> References: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> <435F2054.6010804@st.cs.uni-sb.de> Message-ID: <20051026165504.GA17179@arion.stark.net> On 2005-10-26T08:21:08+0200, Stephan Neuhaus wrote: > cyphrpunk wrote: > > The main threat to > > this illegal but widely practiced activity is legal action by > > copyright holders against individual traders. The only effective > > protection against these threats is the barrier that could be provided > > by anonymity. An effective, anonymous file sharing network would see > > rapid adoption and would be the number one driver for widespread use > > of anonymity. > > If I thought I was being ripped off by anonymous file sharing, I'd try > to push legislation that would mandate registering beforehand any > download volume exceeding x per month. Downloaded more than x per month > but not registered? Then you'll have to lay open your traffic, > including encryption keys. > > The reasoning would be that most people won't have any legitimate > business downloading more than x per month. By adjusting x, you can > make a strong case. Once you get this enacted, you first get the ones > with huge download volumes; then you lower x and repeat until the number > of false positives gets too embarassing. This legislation would also require mandatory reporting by ISPs of subscribers' traffic patterns? "Most people don't have any legitimate business writing for public consumption on blogs." "Most people don't have any legitimate business owning cars that can go over 75MPH." "Most people don't have any legitimate business for owning more scary-looking black rifles." If you tried to push this hypothetical legislation, you'd end up on some cypherpunk's to-kill list. Of course, those threats are all hot-air. Has anyone who's life has been threatened on cypherpunks-l (since Jim Bell) gotten so much as a scratch at the hands of a threatener? -- This is not the grand arena. From arma at mit.edu Wed Oct 26 13:55:36 2005 From: arma at mit.edu (Roger Dingledine) Date: Wed, 26 Oct 2005 16:55:36 -0400 Subject: EFF is looking for Tor DMCA test case volunteers Message-ID: Fred asked me to forward this to the list. If you have legal questions (and probably most questions about this count as legal questions), you should contact Fred and Kevin directly (fred at eff.org and bankston at eff.org). Fred also reminds us that any correspondence you have with me or others here would be discoverable, so that's an added incentive to go to them directly. Please look through this checklist, and decide if you match the profile they're looking for. I'd like to encourage you to contact them even if there are a few points you don't match so well -- I'd rather have a big pile of pretty-good volunteers than have everybody hold off because they are not perfectly suited -- then Fred and Kevin can make their own decisions from there. Thanks, --Roger ============ If record label and movie studio representatives continue sending infringement notices to Tor node operators and their upstream ISPs, it will become increasingly important to set a clear legal precedent establishing that merely running a node does not create copyright liability for either node operators or their bandwidth providers. In order to establish such a precedent, it will be necessary to bring or defend a test case. EFF is actively seeking clients willing to be the test case. Picking the right client is half the battle in any test case. Accordingly, we cannot promise that we will be able to defend any and all Tor node operators. There are several factors that are relevant in finding the right test case client. Here are some of them: 1. You must have received a complaint from a copyright owner about operating a Tor node. Complaints from your ISP about running a proxy do not count, even if they mention copyright infringement as the reason for their objection -- that's a contractual fight between you and your bandwidth provider. We are looking for node operators who have either received copyright complaints directly, or forwarded to them from their ISPs. 2. You should not be an infringer yourself, or be engaged in any other kind of unlawful activity. In litigation, the copyright owners will want to examine every hard drive and email message in your possession or control, looking for evidence that you are running Tor because you want to encourage people to infringe copyright. So if you are a big file-sharer, warez trader, or are involved in any other unlawful activities (even if unrelated to Tor), you are probably not the right person. 3. You should have a legitimate reason to run Tor. If you are the client for the test case, you will be deposed under oath and asked why you run Tor. You should be able to truthfully respond in a way that does not suggest that you are doing it to encourage any illegal activity, including copyright infringement. For example, running it because you value free speech is a legitimate reason. Same if you are running it for research purposes. Any documentary evidence from your past (e.g., emails, papers presented, etc) should not contradict your story. Most Tor node operators will qualify under this criteria, but if you wrote a bunch of emails and bulletin board posts describing how great Tor will be for the coming copyright revolution, you are probably not the ideal client. 4. You should be willing to see the case through. Litigation takes time -- often several years. The process will occasionally involve some inconvenience, including depositions and allowing the other side to go through most documents in your possession or control (including email, hard drives, etc). EFF will provide the legal services for free. But there is some risk of personal liability for damages, perhaps amounting to several thousand dollars, if we lose. We will do everything to minimize the risk, but cannot eliminate it altogether. 5. You should be located in the United States. Your Tor server should also be located in the United States. 6. You should have an upstream bandwidth provider who will stand by you. It would be less than ideal if your upstream ISP terminates your account before we ever get to court. Fred ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From iang at systemics.com Wed Oct 26 09:12:44 2005 From: iang at systemics.com (Ian G) Date: Wed, 26 Oct 2005 17:12:44 +0100 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <8671013.1130250005432.JavaMail.root@elwamui-rustique.atl.sa.earthlink.net> References: <8671013.1130250005432.JavaMail.root@elwamui-rustique.atl.sa.earthlink.net> Message-ID: <435FAAFC.2020102@systemics.com> John Kelsey wrote: >>From: cyphrpunk >>Digital wallets will require real security in user PCs. Still I don't >>see why we don't already have this problem with online banking and >>similar financial services. Couldn't a virus today steal people's >>passwords and command their banks to transfer funds, just as easily >>as the fraud described above? To the extent that this is not >>happening, the threat against ecash may not happen either. > > > Well, one difference is that those transactions can often be undone, > if imperfectly at times. The whole set of transactions is logged in > many different places, and if there's an attack, there's some > reasonable hope of getting the money back. And that said, there have > been reports of spyware stealing passwords for online banking systems, > and of course, there are tons of phishing and pharming schemes to get > the account passwords in a more straightforward way. Right, the Microsoft operating system as host for virus / malware attack for stealing bank and payment systems value has been going on for a couple of years or so in a serious (industrial) way. >>>The payment system operators will surely be sued for this, because >>>they're the only ones who will be reachable. They will go broke, and >>>the users will be out their money, and nobody will be silly enough to >>>make their mistake again. > > >>They might be sued but they won't necessarily go broke. It depends on >>how deep the pockets are suing them compared to their own, and most >>especially it depends on whether they win or lose the lawsuit. > > > I don't think so. Suppose there's a widespread attack that steals > money from tens of thousands of users of this payment technology. That sounds like a version of phishing, 'cept for being 2 orders of magnitude too small. > There seem to be two choices: > > a. The payment system somehow makes good on their losses. > > b. Everyone who isn't dead or insane pulls every dime left in that > system out, knowing that they could be next. Er, no, that doesn't sound like any finance system I know. See that post to the Register which I think RAH forwarded, with 2000 in the class. That's just this week's news. As per my observations, all FC systems bubble along with something about 1% fraud plus/minus an order of magnitude. The credit card people currently report about 0.1-0.2 % although I think that might be under- reporting on their part. Out of that, some people might get recovered, but enough do not that we wouldn't be able to push proposition b. with any strength. We know for example that even though the banks might recover any direct losses, they won't accept liability for any other costs including where their fault caused problems elsewhere. iang From alserkli at inbox.ru Wed Oct 26 09:24:22 2005 From: alserkli at inbox.ru (Alexander Klimov) Date: Wed, 26 Oct 2005 18:24:22 +0200 (IST) Subject: [PracticalSecurity] Anonymity - great technology but hardly used In-Reply-To: <20051026140924.91559.qmail@web52407.mail.yahoo.com> References: <20051026140924.91559.qmail@web52407.mail.yahoo.com> Message-ID: On Wed, 26 Oct 2005, Jvrn Schmidt wrote: > --- "Travis H." wrote: > > [snip] > > Another issue involves the ease of use when switching between a > > [slower] anonymous service and a fast non-anonymous service. I > > have a tool called metaprox on my website (see URL in sig) that > > allows you to choose what proxies you use on a domain-by-domain > > basis. Something like this is essential if you want to be > > consistent about accessing certain sites only through an anonymous > > proxy. Short of that, perhaps a Firefox plug-in that allows you > > to select proxies with a single click would be useful. > > You can already do the latter with SwitchProxy > (http://www.roundtwo.com/product/switchproxy). Basically, it's a > Firefox extension that saves you the trouble of going into the > 'preferences' dialogue everytime you want to switch from one proxy > to another (or go from using a proxy to not using one, that is). In fact, it is possible to setup it all thru privoxy alone: # 5. FORWARDING # ============= # # This feature allows routing of HTTP requests through a chain # of multiple proxies. It can be used to better protect privacy # and confidentiality when accessing specific domains by routing # requests to those domains through an anonymous public proxy (see # e.g. http://www.multiproxy.org/anon_list.htm) Or to use a caching # proxy to speed up browsing. Or chaining to a parent proxy may be # necessary because the machine that Privoxy runs on has no direct # Internet access. # # Also specified here are SOCKS proxies. Privoxy supports the SOCKS # 4 and SOCKS 4A protocols. [...] # 5.1. forward # ============ # # Specifies: # # To which parent HTTP proxy specific requests should be routed. # # Type of value: # # target_pattern http_parent[:port] # # where target_pattern is a URL pattern that specifies to which # requests (i.e. URLs) this forward rule shall apply. Use / # to denote "all URLs". http_parent[:port] is the DNS name or # IP address of the parent HTTP proxy through which the requests # should be forwarded, optionally followed by its listening port # (default: 8080). Use a single dot (.) to denote "no forwarding". Btw, I guess everybody who installs tor with privoxy has to know about this since he has to change this section. The problem is that it is not clear how to protect against `malicious' sites: if you separate fast and tor-enabled sites by the site's name, e.g., tor for search.yahoo.com, and no proxy for everything else, yahoo can trace you thru images served from .yimg.com; OTOH if you change proxy `with one click' first of all you can easily forget to do it, but also a site can create a time-bomb -- a javascript (or just http/html refresh) which waits some time in background (presumably, until you switch tor off) and makes another request which allows to find out your real ip. -- Regards, ASK From dave at farber.net Wed Oct 26 16:28:46 2005 From: dave at farber.net (David Farber) Date: Wed, 26 Oct 2005 19:28:46 -0400 Subject: [IP] EFF: Court Issues Surveillance Smack-Down to Justice Department Message-ID: Begin forwarded message: From skquinn at speakeasy.net Wed Oct 26 18:41:48 2005 From: skquinn at speakeasy.net (Shawn K. Quinn) Date: Wed, 26 Oct 2005 20:41:48 -0500 Subject: [PracticalSecurity] Anonymity - great technology but hardly used In-Reply-To: References: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> Message-ID: <1130377309.24905.21.camel@xevious.platypuslabs.org> On Tue, 2005-10-25 at 23:40 -0500, Travis H. wrote: > Many of the anonymity protocols require multiple participants, and > thus are subject to what economists call "network externalities". The > best example I can think of is Microsoft Office file formats. I don't > buy MS Office because it's the best software at creating documents, > but I have to buy it because the person in HR insists on making our > timecards in Excel format. 1) You have told your HR person what a bad idea it is to introduce a dependency on a proprietary file format, right? 2) OpenOffice can read Excel spreadsheets, and I would assume it can save the changes back to them as well. -- Shawn K. Quinn From info at hbarel.com Wed Oct 26 12:43:04 2005 From: info at hbarel.com (Hagai Bar-El) Date: Wed, 26 Oct 2005 21:43:04 +0200 Subject: [PracticalSecurity] Anonymity - great technology but hardly used In-Reply-To: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.co m> References: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> Message-ID: <6.2.5.6.2.20051026213241.02d98480@hbarel.com> Hello, At 25/10/05 07:18, cyphrpunk wrote: > > http://www.hbarel.com/Blog/entry0006.html > > > > I believe that for anonymity and pseudonymity technologies to survive > > they have to be applied to applications that require them by design, > > rather than to mass-market applications that can also do (cheaper) > > without. If anonymity mechanisms are deployed just to fulfill the > > wish of particular users then it may fail, because most users don't > > have that wish strong enough to pay for fulfilling it. An example for > > such an application (that requires anonymity by design) could be > > E-Voting, which, unfortunately, suffers from other difficulties. I am > > sure there are others, though. > >The truth is exactly the opposite of what is suggested in this >article. The desire for anonymous communication is greater today than >ever, but the necessary technology does not exist. >...snip... >For the first time there are tens or hundreds of millions of users who >have a strong need and desire for high volume anonymous >communications. These are file traders, exchanging images, music, >movies, TV shows and other forms of communication. The main threat to >this illegal but widely practiced activity is legal action by >copyright holders against individual traders. The only effective >protection against these threats is the barrier that could be provided >by anonymity. An effective, anonymous file sharing network would see >rapid adoption and would be the number one driver for widespread use >of anonymity. >But the technology isn't there. Providing real-time, high-volume, >anonymous communications is not possible at the present time. Anyone >who has experienced the pitiful performance of a Tor web browsing >session will be familiar with the iron self-control and patience >necessary to keep from throwing the computer out the window in >frustration. Yes, you can share files via Tor, at the expense of >reducing transfer rates by multiple orders of magnitude. >...snip... I agree with what you say, especially regarding the frustration with TOR, but I am not sure it contradicts the message I tried to lay out in my post. Secure browsing is one instance of anonymity applications, which, as I mentioned, is used. I completely agree that technology may not be mature enough for this other instance of anonymity applications, which is anonymous file sharing. My point was that there is a lot of anonymity-related technology that is not used, especially in the field of finance; I did not claim that there are technological solutions available for each and every anonymity problem out there. I apologize if this spirit was not communicated well. It's not that we have everything - it's that we don't use most of what we do have, although we once spent a lot of efforts designing it. Regards, Hagai. From ben at algroup.co.uk Wed Oct 26 15:34:14 2005 From: ben at algroup.co.uk (Ben Laurie) Date: Wed, 26 Oct 2005 23:34:14 +0100 Subject: [PracticalSecurity] Anonymity - great technology but hardly used In-Reply-To: References: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> Message-ID: <43600466.9020700@algroup.co.uk> Travis H. wrote: > Part of the problem is using a packet-switched network; if we had > circuit-based, then thwarting traffic analysis is easy; you just fill > the link with random garbage when not transmitting packets. I > considered doing this with SLIP back before broadband (back when my > friend was my ISP). There are two problems with this; one, getting > enough random data, and two, distinguishing the padding from the real > data in a computationally efficient manner on the remote side without > giving away anything to someone analyzing your traffic. I guess both > problems could be solved > by using synchronized PRNGs on both ends to generate the chaff. The > two sides getting desynchronzied would be problematic. Please CC me > with any ideas you might have on doing something like this, perhaps it > will become useful again one day. But this is trivial. Since the traffic is encrypted, you just have a bit that says "this is garbage" or "this is traffic". OTOH, this can leave you open to traffic marking attacks. George Danezis and I wrote a paper on a protocol (Minx) designed to avoid marking attacks by making all packets meaningful. You can find it here: http://www.cl.cam.ac.uk/users/gd216/minx.pdf. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From kerry at vscape.com Thu Oct 27 06:52:57 2005 From: kerry at vscape.com (Kerry Bonin) Date: Thu, 27 Oct 2005 06:52:57 -0700 Subject: [p2p-hackers] P2P Authentication Message-ID: There are only two good ways to provide man-in-the-middle resistant authentication with key repudiation in a distributed system - using a completely trusted out of band channel to manage everything, or use a PKI. I've used PKI for >100k node systems, it works great if you keep it simple and integrate your CRL mechanism - in a distributed system the pieces are all already there! I think some people are put off by the size and complexity of the libraries involved, which doesn't have to be the case - I've got a complete RSA/DSA X.509 compliant cert based PKI (leveraging LibTomCrypt for crypto primitives) in about 2k lines of C++, <30k object code, works great (I'll open that source as LGPL when I deploy next year...) The only hard part about integrating into a p2p network is securing the CA's, and that's more of a network security problem than a p2p problem... Kerry zooko at zooko.com wrote: >>>And if they do, then why reinvent the wheel? Traditional public key >>>signing works well for these cases. >>> >>> >... > > >> Traditional public key signing doesn't work well if you want to >>eliminate the central authority / trusted third party. If you like >>keeping those around, then yes, absolutely, traditional PKI works >>swimmingly. >> >> > >Where is the evidence of this bit about "traditional PKI working"? As far >as >I've observed, traditional PKI works barely for small, highly centralized, >hierarchical organizations and not at all for anything else. Am I missing >some >case studies of PKI actually working as intended? > >Regards, > >Zooko >_______________________________________________ >p2p-hackers mailing list >p2p-hackers at zgp.org >http://zgp.org/mailman/listinfo/p2p-hackers >_______________________________________________ >Here is a web page listing P2P Conferences: >http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences > > > > _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Thu Oct 27 03:22:08 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 27 Oct 2005 12:22:08 +0200 Subject: [PracticalSecurity] Anonymity - great technology but hardly used In-Reply-To: <1130377309.24905.21.camel@xevious.platypuslabs.org> References: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> <1130377309.24905.21.camel@xevious.platypuslabs.org> Message-ID: <20051027102208.GF2249@leitl.org> On Wed, Oct 26, 2005 at 08:41:48PM -0500, Shawn K. Quinn wrote: > 1) You have told your HR person what a bad idea it is to introduce a > dependency on a proprietary file format, right? Telling is useless. Are you in a sufficient position of power to make them stop using it? I doubt it, because that person will be backed both by your and her boss. Almost always. It's never about merit, and not even money, but about predeployed base and interoperability. In today's world, you minimize the surprise on the opposite party's end if you stick with Redmondware. (Businessfolk hate surprises, especially complicated, technical, boring surprises). > 2) OpenOffice can read Excel spreadsheets, and I would assume it can > save the changes back to them as well. OpenOffice & Co usually supports a subset of Word and Excel formats. If you want to randomly annoy your coworkers, use OpenOffice to process the documents in MS Office formats before passing them on, without telling what you're doing. Much hilarity will ensue. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From mv at cdc.gov Thu Oct 27 12:23:49 2005 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 27 Oct 2005 12:23:49 -0700 Subject: [PracticalSecurity] Anonymity - great technology but hardly used Message-ID: <43612945.B21CA93E@cdc.gov> At 08:41 PM 10/26/05 -0500, Shawn K. Quinn wrote: >On Tue, 2005-10-25 at 23:40 -0500, Travis H. wrote: >> Many of the anonymity protocols require multiple participants, and >> thus are subject to what economists call "network externalities". The >> best example I can think of is Microsoft Office file formats. I don't >> buy MS Office because it's the best software at creating documents, >> but I have to buy it because the person in HR insists on making our >> timecards in Excel format. > >1) You have told your HR person what a bad idea it is to introduce a >dependency on a proprietary file format, right? > >2) OpenOffice can read Excel spreadsheets, and I would assume it can >save the changes back to them as well. Why don't you send her comma-delimited text, Excel can import it? From MableHuynhsink at orangedrivehostel.com Thu Oct 27 09:47:10 2005 From: MableHuynhsink at orangedrivehostel.com (Bethany Terry) Date: Thu, 27 Oct 2005 12:47:10 -0400 Subject: You can save few hundreds every month bebop In-Reply-To: <5774929.00b0a2650@designs.com> Message-ID: <455.4@melbpc.org.au> Hello, As a valued customer, we provide you with occassional information and updates. Our records indicate that you may be in need of a refill. We hope that you will once again, give us the opportunity to offer you a great selection of meds, low prices, and superior customer care. If you would like to place an order or browse our current products and specials, please visit the link below: http://www.yucxyrx.com/?e7394978a49e0Sa3046f0bd0S98ba40a Yours Truly, Bethany Terry Customer Care Specialist apprise you chinchilla me, stepwise lydia . earl you stupendous me, artful psychoanalysis vengeance wayward . infrequent you collateral me, stunt . trig you mazda me, perchance corrigenda arpa watertown . accreditation you triable me, muir seismography crosstalk . spyglass you chautauqua me, trioxide distraught . durer you prick me, charlotte butterfield assimilable . http://www.yucxyrx.com/fgh.php From eugen at leitl.org Thu Oct 27 04:02:48 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 27 Oct 2005 13:02:48 +0200 Subject: [arma@mit.edu: EFF is looking for Tor DMCA test case volunteers] Message-ID: <20051027110248.GR2249@leitl.org> ----- Forwarded message from Roger Dingledine ----- From mv at cdc.gov Thu Oct 27 13:56:42 2005 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 27 Oct 2005 13:56:42 -0700 Subject: Court Blocks Ga. Photo ID Requirement Message-ID: <43613F0A.F87CD0C8@cdc.gov> [Using the *financial* angle, having to show state-photo-ID is overturned to vote is overturned. Interesting if this could be used for other cases where the state wants ID.] Today: October 27, 2005 at 12:33:27 PDT Court Blocks Ga. Photo ID Requirement ASSOCIATED PRESS ATLANTA (AP) - A federal appeals court Thursday refused to let the state enforce a new law requiring voters to show photo identification at the polls. Earlier this month, a federal judge barred the state from using the law during local elections next month, saying it amounted to an unconstitutional poll tax that could prevent poor people, blacks and the elderly from the voting. The state asked the 11th U.S. Circuit Court of Appeals to lift the stay, but the court declined. Under the law, voters could show a driver's license, or else obtain a state-issued photo ID at a cost of up to $35. http://www.lasvegassun.com/sunbin/stories/nat-gen/2005/oct/27/102700584.html From mv at cdc.gov Thu Oct 27 14:41:04 2005 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 27 Oct 2005 14:41:04 -0700 Subject: blocking fair use? 2 Science Groups Say Kansas Can't Use Their Evolution Papers Message-ID: <43614970.48D56755@cdc.gov> Here's a very interesting case where (c)holders are trying to ban "fair use" (educational) of (c) material. I agree with their motivations ---Kansan theo-edu-crats need killing for their continuing child abuse-- but I don't see how they can get around the fair use provisions. (Bypassing whether the state should run schools, or even pay for them, for now.) 2 Science Groups Say Kansas Can't Use Their Evolution Papers Sign In to E-Mail This Printer-Friendly Reprints Save Article By JODI WILGOREN Published: October 27, 2005 CHICAGO, Oct. 27 - Two leading science organizations have denied the Kansas board of education permission to use their copyrighted materials in the state's proposed new science standards because of the standards' critical approach to evolution. The National Academy of Sciences and the National Science Teachers Association said the much-disputed new standards "will put the students of Kansas at a competitive disadvantage as they take their place in the world." http://www.nytimes.com/2005/10/27/national/27cnd-kansas.html?hp&ex=1130472000&en=8207d57fc0db8eca&ei=5094&partner=homepage From mv at cdc.gov Thu Oct 27 14:41:13 2005 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 27 Oct 2005 14:41:13 -0700 Subject: blocking fair use? 2 Science Groups Say Kansas Can't Use Their Evolution Papers Message-ID: <43614979.269DCA23@cdc.gov> Here's a very interesting case where (c)holders are trying to ban "fair use" (educational) of (c) material. I agree with their motivations ---Kansan theo-edu-crats need killing for their continuing child abuse-- but I don't see how they can get around the fair use provisions. (Bypassing whether the state should run schools, or even pay for them, for now.) 2 Science Groups Say Kansas Can't Use Their Evolution Papers Sign In to E-Mail This Printer-Friendly Reprints Save Article By JODI WILGOREN Published: October 27, 2005 CHICAGO, Oct. 27 - Two leading science organizations have denied the Kansas board of education permission to use their copyrighted materials in the state's proposed new science standards because of the standards' critical approach to evolution. The National Academy of Sciences and the National Science Teachers Association said the much-disputed new standards "will put the students of Kansas at a competitive disadvantage as they take their place in the world." http://www.nytimes.com/2005/10/27/national/27cnd-kansas.html?hp&ex=1130472000&en=8207d57fc0db8eca&ei=5094&partner=homepage From eugen at leitl.org Thu Oct 27 07:09:24 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 27 Oct 2005 16:09:24 +0200 Subject: [kerry@vscape.com: Re: [p2p-hackers] P2P Authentication] Message-ID: <20051027140924.GG2249@leitl.org> ----- Forwarded message from Kerry Bonin ----- From eugen at leitl.org Thu Oct 27 07:19:04 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 27 Oct 2005 16:19:04 +0200 Subject: [dave@farber.net: [IP] EFF: Court Issues Surveillance Smack-Down to Justice Department] Message-ID: <20051027141904.GJ2249@leitl.org> ----- Forwarded message from David Farber ----- From rah at shipwright.com Thu Oct 27 14:41:16 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 27 Oct 2005 17:41:16 -0400 Subject: [PracticalSecurity] Anonymity - great technology but hardly used In-Reply-To: <43612945.B21CA93E@cdc.gov> References: <43612945.B21CA93E@cdc.gov> Message-ID: At 12:23 PM -0700 10/27/05, Major Variola (ret) wrote: >Why don't you send her comma-delimited text, Excel can import it? But, but... You can't put Visual *BASIC* in comma delimited text... ;-) Cheers, RAH Yet another virus vector. Bah! :-) -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From matthew at matthew.at Thu Oct 27 19:28:53 2005 From: matthew at matthew.at (Matthew Kaufman) Date: Thu, 27 Oct 2005 19:28:53 -0700 Subject: [p2p-hackers] P2P Authentication Message-ID: Alen Peacock: > Personally, I'm put off by the centralization. I'm not > really concerned about the library size or complexity of > PKI,. In fact, my experience indicates that implementing > centralized CAs is a good deal less complex than trying to > distribute identity verification throughout the system with > no centralization. Agreed... Hierarchical PKI with a single root is distinctly easier than multiple roots, random chains of trust, or reputation models, which is why we've started with the simplest design for the default PKI that ships with the amicima MFP and MFPNet libraries. > Completely decentralized p2p applications have the > advantage of being especially resilient to DoS and other > attacks on centrality. > Introducing centralized components negates this advantage. It negates some advantages, not all. > In the case of using CAs in a p2p app, the entire network can > be disabled by attacking the CAs. As has already been pointed out, the network still runs, but new clients can't be authenticated. However, it is possible to make that unlikely... For instance, if enough trusted entities already have the ability to sign keys, you can reduce the odds that an attacker can successfully disable ALL of the CAs. Adding additional roots to the PKI, especially if they are public roots that are unlikely to be disabled, also helps... It doesn't seem likely that the world will shut down the existing secure web PKI in order to take your P2P app off the air. > p2p networks pose an interesting challenge because you have > to design for the fact that malicious or misbehaving clients > *will* be present. This is actually true of the entire Internet and isn't unique to p2p networks at all. All protocol implementations and higher level applications that run on them must be designed to deal with malicious or misbehaving clients will be present... See buffer overflows of mail servers and http servers, for instance. > Since there is no single entity or known > group of entities controlling the nodes (as in typical > distributed applications), there is no way to enforce > adherence to protocols other than with the protocols > themselves. This isn't about p2p networks at all, but about open-source distribution, it seems. Lots of totally proprietary p2p and client-server applications have been shipped where "a single entity" controls the implementation... Skype comes to mind as an example in the P2P space. These have the temporary advantage of unpublished protocols and implementations, but this won't stop a dedicated attacker for long, which brings us back to the original point, that everything attached to the Internet needs to assume that malicious and misbehaving things will try to mess things up. Whether or not that really matters is another point... There's numerous ways one could build a highly incorrect Gnutella peer, for instance, and yet it doesn't seem to have become commonplace. > This may sound idealistic and naive, perhaps > justly so, but the further away from protocols that require > centralized architectures we get, the better (IMHO, of course). Well, that's why we're all here on the "P2P" hackers list, I suppose, because we believe that decentralization is good, but it doesn't really change the most basic of the design parameters at all. Matthew Kaufman matthew at matthew.at www.amicima.com _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From cyphrpunk at gmail.com Thu Oct 27 20:18:12 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Thu, 27 Oct 2005 20:18:12 -0700 Subject: [PracticalSecurity] Anonymity - great technology but hardly used In-Reply-To: <1130377309.24905.21.camel@xevious.platypuslabs.org> References: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> <1130377309.24905.21.camel@xevious.platypuslabs.org> Message-ID: <792ce4370510272018o542bed14rc68d17f07189cfc@mail.gmail.com> On 10/26/05, Shawn K. Quinn wrote: > On Tue, 2005-10-25 at 23:40 -0500, Travis H. wrote: > > Many of the anonymity protocols require multiple participants, and > > thus are subject to what economists call "network externalities". The > > best example I can think of is Microsoft Office file formats. I don't > > buy MS Office because it's the best software at creating documents, > > but I have to buy it because the person in HR insists on making our > > timecards in Excel format. > > 1) You have told your HR person what a bad idea it is to introduce a > dependency on a proprietary file format, right? This is off-topic. Let's not degenerate into random Microsoft bashing. Keep the focus on anonymity. That's what the cypherpunks list is about. CP From cyphrpunk at gmail.com Thu Oct 27 20:41:22 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Thu, 27 Oct 2005 20:41:22 -0700 Subject: [PracticalSecurity] Anonymity - great technology but hardly used In-Reply-To: References: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> <1130377309.24905.21.camel@xevious.platypuslabs.org> <792ce4370510272018o542bed14rc68d17f07189cfc@mail.gmail.com> Message-ID: <792ce4370510272041p1dd6fb6fk33b146830ff73b6c@mail.gmail.com> > The cypherpunks list is about anything we want it to be. At this stage in > the lifecycle (post-nuclear-armageddon-weeds-in-the-rubble), it's more > about the crazy bastards who are still here than it is about just about > anything else. Fine, I want it to be about crypto and anonymity. You can bash Microsoft anywhere on the net. Where else are you going to talk about this shit? CP From cyphrpunk at gmail.com Thu Oct 27 20:55:29 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Thu, 27 Oct 2005 20:55:29 -0700 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: References: <8671013.1130250005432.JavaMail.root@elwamui-rustique.atl.sa.earthlink.net> Message-ID: <792ce4370510272055l6f9fe0c9jb17e214775308ee8@mail.gmail.com> On 10/25/05, Travis H. wrote: > More on topic, I recently heard about a scam involving differential > reversibility between two remote payment systems. The fraudster sends > you an email asking you to make a Western Union payment to a third > party, and deposits the requested amount plus a bonus for you using > paypal. The victim makes the irreversible payment using Western > Union, and later finds out the credit card used to make the paypal > payment was stolen when paypal reverses the transaction, leaving the > victim short. This is why you can't buy ecash with your credit card. Too easy to reverse the transaction, and by then the ecash has been blinded away. If paypal can be reversed just as easily that won't work either. This illustrates a general problem with these irreversible payment schemes, it is very hard to simply acquire the currency. Any time you go from a reversible payment system (as all the popular ones are) to an irreversible one you have an impedence mismatch and the transfer reflects rather than going through (so to speak). CP From cyphrpunk at gmail.com Thu Oct 27 21:07:21 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Thu, 27 Oct 2005 21:07:21 -0700 Subject: [smb@cs.columbia.edu: Skype security evaluation] In-Reply-To: <20051026074451.L35119@skutsje.san.webweaving.org> References: <20051023153121.GW2249@leitl.org> <792ce4370510241050m6e0cd60atc155ffac3054ca40@mail.gmail.com> <20051026074451.L35119@skutsje.san.webweaving.org> Message-ID: <792ce4370510272107w3b4e5312t1d7f8866e8961391@mail.gmail.com> Wasn't there a rumor last year that Skype didn't do any encryption padding, it just did a straight exponentiation of the plaintext? Would that be safe, if as the report suggests, the data being encrypted is 128 random bits (and assuming the encryption exponent is considerably bigger than 3)? Seems like it's probably OK. A bit risky perhaps to ride bareback like that but I don't see anything inherently fatal. CP From cyphrpunk at gmail.com Thu Oct 27 21:15:15 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Thu, 27 Oct 2005 21:15:15 -0700 Subject: On Digital Cash-like Payment Systems In-Reply-To: <435F43EE.21250.A1D6EE9@localhost> References: <792ce4370510241458p2c6788e2rc75842dc6a1e30d9@mail.gmail.com> <20051024223836.GI4102@epointsystem.org> <435F43EE.21250.A1D6EE9@localhost> Message-ID: <792ce4370510272115j66e7061ak984800dcdd0416b1@mail.gmail.com> On 10/26/05, James A. Donald wrote: > How does one inflate a key? Just make it bigger by adding redundancy and padding, before you encrypt it and store it on your disk. That way the attacker who wants to steal your keyring sees a 4 GB encrypted file which actually holds about a kilobyte of meaningful data. Current trojans can steal files and log passwords, but they're not smart enough to decrypt and decompress before uploading. They'll take hours to snatch the keyfile through the net, and maybe they'll get caught in the act. CP From cyphrpunk at gmail.com Thu Oct 27 21:27:00 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Thu, 27 Oct 2005 21:27:00 -0700 Subject: [kerry@vscape.com: Re: [p2p-hackers] P2P Authentication] In-Reply-To: <20051027140924.GG2249@leitl.org> References: <20051027140924.GG2249@leitl.org> Message-ID: <792ce4370510272127n3a50826l8099f3204d1b71c0@mail.gmail.com> > From: Kerry Bonin > Date: Thu, 27 Oct 2005 06:52:57 -0700 > To: zooko at zooko.com, "Peer-to-peer development." > Subject: Re: [p2p-hackers] P2P Authentication > User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) > Reply-To: "Peer-to-peer development." > > There are only two good ways to provide man-in-the-middle resistant > authentication with key repudiation in a distributed system - using a > completely trusted out of band channel to manage everything, or use a > PKI. I've used PKI for >100k node systems, it works great if you keep > it simple and integrate your CRL mechanism - in a distributed system the > pieces are all already there! I think some people are put off by the > size and complexity of the libraries involved, which doesn't have to be > the case - I've got a complete RSA/DSA X.509 compliant cert based PKI > (leveraging LibTomCrypt for crypto primitives) in about 2k lines of C++, > <30k object code, works great (I'll open that source as LGPL when I > deploy next year...) The only hard part about integrating into a p2p > network is securing the CA's, and that's more of a network security > problem than a p2p problem... It's great to see this guy showing up yet another of the false dogmas of the crypto hacker community: "PKI can't work". According to this view, only old fogies and tight ass bureaucrats believe in certifying keys. All the cool kids know that the best key is a bare key. After all, MITM attacks never really happen, this was just an invented threat designed to force poor college kids into paying hundreds of dollars a year for a verisign certificate. But when we come into the P2P world things look very different. Where MITM would require special positioning in the old net, in a distributed P2P network, everyone's a MITM! Every key has passed through dozens of hands before you get to see it. What are the odds that nobody's fucked with it in all that time? You're going to put that thing in your mouth? I don't think so. Using certificates in a P2P network is like using a condom. It's just common sense. Practice safe cex! CP From skquinn at speakeasy.net Thu Oct 27 20:40:53 2005 From: skquinn at speakeasy.net (Shawn K. Quinn) Date: Thu, 27 Oct 2005 22:40:53 -0500 Subject: [PracticalSecurity] Anonymity - great technology but hardly used In-Reply-To: <792ce4370510272018o542bed14rc68d17f07189cfc@mail.gmail.com> References: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> <1130377309.24905.21.camel@xevious.platypuslabs.org> <792ce4370510272018o542bed14rc68d17f07189cfc@mail.gmail.com> Message-ID: <1130470853.24193.3.camel@xevious.platypuslabs.org> On Thu, 2005-10-27 at 20:18 -0700, cyphrpunk wrote: > This is off-topic. Let's not degenerate into random Microsoft bashing. > Keep the focus on anonymity. That's what the cypherpunks list is > about. Sorry, but I have to disagree. I highly doubt that Microsoft is interested in helping users of their software preserve anonymity, in fact, evidence has surfaced to indicate quite the opposite. (GUID in Office? The obnoxious "product activation" requirement? I'm sure there are others.) I would say that helping others get rid of dependencies on Microsoft products is thus advancing the cause of anonymity in cyberspace. -- Shawn K. Quinn From skquinn at speakeasy.net Thu Oct 27 20:42:54 2005 From: skquinn at speakeasy.net (Shawn K. Quinn) Date: Thu, 27 Oct 2005 22:42:54 -0500 Subject: [PracticalSecurity] Anonymity - great technology but hardly used In-Reply-To: References: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> <1130377309.24905.21.camel@xevious.platypuslabs.org> <792ce4370510272018o542bed14rc68d17f07189cfc@mail.gmail.com> Message-ID: <1130470974.24193.6.camel@xevious.platypuslabs.org> On Thu, 2005-10-27 at 23:28 -0400, R.A. Hettinga wrote: > RAH > Who thinks anything Microsoft makes these days is, by definition, a > security risk. Indeed, the amount of trust I'm willing to place in a piece of software is quite related to how much of its source code is available for review. Surprisingly, I'm not the only one that feels this way. -- Shawn K. Quinn From rah at shipwright.com Thu Oct 27 20:28:42 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 27 Oct 2005 23:28:42 -0400 Subject: [PracticalSecurity] Anonymity - great technology but hardly used In-Reply-To: <792ce4370510272018o542bed14rc68d17f07189cfc@mail.gmail.com> References: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> <1130377309.24905.21.camel@xevious.platypuslabs.org> <792ce4370510272018o542bed14rc68d17f07189cfc@mail.gmail.com> Message-ID: At 8:18 PM -0700 10/27/05, cyphrpunk wrote: >Keep the focus on anonymity. That's what the cypherpunks list is >about. Please. The cypherpunks list is about anything we want it to be. At this stage in the lifecycle (post-nuclear-armageddon-weeds-in-the-rubble), it's more about the crazy bastards who are still here than it is about just about anything else. Cheers, RAH Who thinks anything Microsoft makes these days is, by definition, a security risk. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Fri Oct 28 01:48:24 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Fri, 28 Oct 2005 04:48:24 -0400 Subject: [PracticalSecurity] Anonymity - great technology but hardly used In-Reply-To: <792ce4370510272041p1dd6fb6fk33b146830ff73b6c@mail.gmail.com> References: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> <1130377309.24905.21.camel@xevious.platypuslabs.org> <792ce4370510272018o542bed14rc68d17f07189cfc@mail.gmail.com> <792ce4370510272041p1dd6fb6fk33b146830ff73b6c@mail.gmail.com> Message-ID: At 8:41 PM -0700 10/27/05, cyphrpunk wrote: >Where else are you going to talk about >this shit? Talk about it here, of course. Just don't expect anyone to listen to you when you play list-mommie. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Fri Oct 28 01:54:10 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Fri, 28 Oct 2005 04:54:10 -0400 Subject: [kerry@vscape.com: Re: [p2p-hackers] P2P Authentication] In-Reply-To: <792ce4370510272127n3a50826l8099f3204d1b71c0@mail.gmail.com> References: <20051027140924.GG2249@leitl.org> <792ce4370510272127n3a50826l8099f3204d1b71c0@mail.gmail.com> Message-ID: At 9:27 PM -0700 10/27/05, cyphrpunk wrote: >Every key has passed >through dozens of hands before you get to see it. What are the odds >that nobody's fucked with it in all that time? You're going to put >that thing in your mouth? I don't think so. So, as Carl Ellison says, get it from the source. Self-signing is fine, in that case. "Certificates", CRLs, etc., become more and more meaningless as the network becomes more geodesic. >Using certificates in a P2P network is like using a condom. It's just >common sense. Practice safe cex! Feh. You sound like one of those newbs who used to leave the plastic wrap on his 3.5" floppy so he wouldn't get viruses... Cheers, RAH What part of "non-hierarchical" and "P2P" do you not understand? -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Fri Oct 28 02:17:13 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Fri, 28 Oct 2005 05:17:13 -0400 Subject: Any comments on BlueGem's LocalSSL? In-Reply-To: References: Message-ID: At 9:11 PM +1300 10/28/05, Peter Gutmann wrote: >The West Coast Labs tests report that they successfully evade all known >sniffers, which doesn't actually mean much since all it proves is that >LocalSSL is sufficiently 0-day that none of the sniffers target it yet. The >use of SSL to get the keystrokes from the driver to the target app seems >somewhat silly, if sniffers don't know about LocalSSL then there's no need to >encrypt the data, and once they do know about it then the encryption won't >help, they'll just dive in before the encryption happens. Absent any real data, crypto-dogma :-) says that you need hardware-encryption, physical sources of randomness, and all sorts of other stuff to really solve this problem. On the other hand, such hardware solutions usually come hand-in-hand with the whole hierarchical is-a-person "PKI" book-entry-to-the-display I-gotcher-"digital-rights"-right-here-buddy mess, ala Palladium, etc. Like SSL, then -- and barring the usual genius out there who flips the whole tortoise over to kill it, which is what you're really asking here -- this thing might work good enough to keep Microsoft/Verisign/et al. in business a few more years. To the rubes and newbs, it's like Microsoft adopting TLS, or Intel doing their current crypto/DRM stuff, which, given the amount iPod/iTunes writes to their bottom line now, is apparently why Apple really switched from PPC to Intel now instead of later. You know they're going to do evil, but at least the *other* malware goes away. So, sure. SSL to the keys. That way Lotus *still* won't run, and business gets done in Redmond a little while longer. Cheers, RAH Somewhere, Dr. Franklin is laughing, of course... -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From kelsey.j at ix.netcom.com Fri Oct 28 07:38:39 2005 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Fri, 28 Oct 2005 07:38:39 -0700 (GMT-07:00) Subject: [PracticalSecurity] Anonymity - great technology but hardly used Message-ID: <3482120.1130510320183.JavaMail.root@elwamui-chisos.atl.sa.earthlink.net> >From: Eugen Leitl >Sent: Oct 27, 2005 3:22 AM >To: "Shawn K. Quinn" , cypherpunks at jfet.org >Subject: Re: [PracticalSecurity] Anonymity - great technology but hardly used ... >It's never about merit, and not even money, but about predeployed >base and interoperability. In today's world, you minimize the >surprise on the opposite party's end if you stick with >Redmondware. (Businessfolk hate surprises, especially complicated, >technical, boring surprises). Not only that, but this is often sensible. Have you noticed the bizarre misfit between our allegedly phonetic alphabet and how things are spelled? Why don't we get everyone to change that? Or the silly insistence of sticking with a base 60 time standard? Or the whole atrocity of English measurements that the US still is stuck with? Oh yeah, because there's an enormous installed base, and people are able to do their jobs with them, bad though these tools are. ... >OpenOffice & Co usually supports a subset of Word and Excel formats. >If you want to randomly annoy your coworkers, use OpenOffice to >process the documents in MS Office formats before passing them on, >without telling what you're doing. Much hilarity will ensue. I'll note that you can do the same thing by simply using slightly different versions of Word. MS takes a bad rap for a lot of their software (Excel and Powerpoint are pretty nice, for example), but Word is a disaster. >Eugen* Leitl leitl --John Kelsey From edward at hasbrouck.org Fri Oct 28 11:07:28 2005 From: edward at hasbrouck.org (Edward Hasbrouck) Date: October 28, 2005 11:07:28 AM EDT Subject: [IP] more on U.S. passports to receive RFID implants Message-ID: starting in October 2006 [priv] >From: "Lin, Herb" > >*Front* cover? Does that mean that if I hold the passport the wrong >way, the skimmer will have a free ride? > FWIW: (1) The sample RFID passports that Frank Moss passed around at CFP, which looked like , had the RFID chip (which was barely detectable by feel) in the *back* cover. The visible data page was/is, as with current passports, in the *front* cover. This is not compliant with the ICAO specifications, which recommend having the chip in the same page as the visible data, to make it more difficult to separate them. I can only guess that it was hard to laminate the visible data without damaging the chip, if it was in the same page. But it's interesting in light of the importance supposedly being placed on compliance with ICAO standards. (2) Moss had 2 sample RFID passports, 1 with and 1 without the shielding. He cliamed it was a layer in the entire outer cover (front and back), but it wasn't detectable by feel. I have more threat scenarios for the latest flavor of RFID passport at: http://hasbrouck.org/blog/archives/000869.html ---------------- Edward Hasbrouck +1-415-824-0214 ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From jamesd at echeque.com Fri Oct 28 11:10:01 2005 From: jamesd at echeque.com (James A. Donald) Date: Fri, 28 Oct 2005 11:10:01 -0700 Subject: Any comments on BlueGem's LocalSSL? In-Reply-To: References: Message-ID: <43620709.9516.51DB4D9@localhost> -- R.A. Hettinga" > Intel doing their current crypto/DRM stuff, [...] You > know they're going to do evil, but at least the > *other* malware goes away. I am a reluctant convert to DRM. At least with DRM, we face a smaller number of threats. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG ctySJF5hgF1q9fil61pohBVLfj/aT4jWZ/KUf29x 4GuXiNXRF+nY3+3LFo8YpvV4w1S5dwf+LcuAsZWWe From jamesd at echeque.com Fri Oct 28 12:09:36 2005 From: jamesd at echeque.com (James A. Donald) Date: Fri, 28 Oct 2005 12:09:36 -0700 Subject: Return of the death of cypherpunks. In-Reply-To: <20051028131513.GN2249@leitl.org> References: Message-ID: <43621500.3841.554440A@localhost> -- From: Eugen Leitl > While I don't exactly know why the list died, I > suspect it was the fact that most list nodes offered a > feed full of spam, dropped dead quite frequently, and > also overusing that "needs killing" thing (okay, it > was funny for a while). > > The list needs not to stay dead, with some finite > effort on our part (all of us) we can well resurrect > it. If there's a real content there's even no need > from all those forwards, to just fake a heartbeat. Since cryptography these days is routine and uncontroversial, there is no longer any strong reason for the cypherpunks list to continue to exist. I recently read up on the Kerberos protocol, and thought, "how primitive". Back in the bad old days, we did everything wrong, because we did not know any better. And of course, https sucks mightily because the threat model is both inappropriate to the real threats, and fails to correspond to the users mental model, or to routine practices on a wide variety of sites, hence users glibly click through all warning dialogs, most of which are mere noise anyway. These problems, however, are no explicitly political, and tend to be addressed on lists that are not explicitly political, leaving cypherpunks with little of substance. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG AnKV4N6f9DgtOy+KkQ9QsiXcpQm+moX4U09FjLXP 4zfMeSzzCXNSr737bvqJ6ccbvDSu8fr66LbLEHedb From cyphrpunk at gmail.com Fri Oct 28 14:18:43 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Fri, 28 Oct 2005 14:18:43 -0700 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: References: Message-ID: <792ce4370510281418l74b01072kb43ea37584fd50f1@mail.gmail.com> One other point with regard to Daniel Nagy's paper at http://www.epointsystem.org/~nagydani/ICETE2005.pdf A good way to organize papers like this is to first present the desired properties of systems like yours (and optionally show that other systems fail to meet one or more of these properties); then to present your system; and finally to go back through and show how your system meets each of the properties, perhaps better than any others. This paper is lacking that last step. It would be helpful to see the epoint system evaluated with regard to each of the listed properties. In particular I have concerns about the finality and irreversibility of payments, given that the issuer keeps track of each token as it progresses through the system. Whenever one token is exchanged for a new one, the issuer records and publishes the linkage between the new token and the old one. This public record is what lets people know that the issuer is not forging tokens at will, but it does let the issuer, and possibly others, track payments as they flow through the system. This could be grounds for reversibility in some cases, although the details depend on how the system is implemented. It would be good to see a critical analysis of how epoints would maintain irreversibility, as part of the paper. CP From cyphrpunk at gmail.com Fri Oct 28 11:53:30 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Fri, 28 Oct 2005 14:53:30 -0400 Subject: 0wn3d Message-ID: <792ce4370510281153m46f077a9l586b28ba551d7b15@mail.gmail.com> Hello, I have hacked the account cyphrpunk at gmail.com. If cyphrpunk want to know the new password of his account, he can check the box "cyphrpunk at hotmail.com" V0ld3m0rt From eugen at leitl.org Fri Oct 28 06:03:19 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 28 Oct 2005 15:03:19 +0200 Subject: [matthew@matthew.at: RE: [p2p-hackers] P2P Authentication] Message-ID: <20051028130319.GM2249@leitl.org> ----- Forwarded message from Matthew Kaufman ----- From eugen at leitl.org Fri Oct 28 06:15:13 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 28 Oct 2005 15:15:13 +0200 Subject: [PracticalSecurity] Anonymity - great technology but hardly used In-Reply-To: References: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> <1130377309.24905.21.camel@xevious.platypuslabs.org> <792ce4370510272018o542bed14rc68d17f07189cfc@mail.gmail.com> Message-ID: <20051028131513.GN2249@leitl.org> On Thu, Oct 27, 2005 at 11:28:42PM -0400, R.A. Hettinga wrote: > The cypherpunks list is about anything we want it to be. At this stage in > the lifecycle (post-nuclear-armageddon-weeds-in-the-rubble), it's more > about the crazy bastards who are still here than it is about just about > anything else. While I don't exactly know why the list died, I suspect it was the fact that most list nodes offered a feed full of spam, dropped dead quite frequently, and also overusing that "needs killing" thing (okay, it was funny for a while). The list needs not to stay dead, with some finite effort on our part (all of us) we can well resurrect it. If there's a real content there's even no need from all those forwards, to just fake a heartbeat. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From dave at farber.net Fri Oct 28 14:49:06 2005 From: dave at farber.net (David Farber) Date: Fri, 28 Oct 2005 17:49:06 -0400 Subject: [IP] more on U.S. passports to receive RFID implants starting in Message-ID: October 2006 [priv] X-Mailer: Apple Mail (2.734) Reply-To: dave at farber.net Begin forwarded message: From fblfezjm at yahoo.com Fri Oct 28 08:19:25 2005 From: fblfezjm at yahoo.com (Gus Noble) Date: Fri, 28 Oct 2005 19:19:25 +0400 Subject: Do You Love Low-Priced St0cks? Message-ID: <200301311.36818.GA16573@spec.eu.org> Gulf Biomedical Corp (GBIC) Current Price $0.63 Is this an Undiscovered Gem that is Positioned to Go Higher? Pleasee R e a d the Following Announcement in its Entirety and Consider the Possibilities... Watch This One Trade FRIDAY! Breaking News!! Oct. 27, 2005--Gulf Biomedical Corporation (GBIC) is pleased to announce the formulation of their anti-depression product is moving ahead of schedule. Management anticipates this new product to hit the market in early November. The product will be sold and marketed underneath a new name which will replace the former projected name "MoodMagic". One of the ingredients in our product to be named shortly is St. John's Wort, or Hypericum perforatum. Over 25 double blind controlled trials have demonstrated that the herb possesses strong healing properties similar to those of popular pharmaceutical drugs Prozac, Paxil and Zoloft. Unlike these well known drugs, Gulf Biomedical has been able to combine compounds which are virtually a|| n at tura| and contain no known side-effect. Scientists believe St. John's Wort acts as an inhibitor of serotonin reuptake. Even conservative members of the medical profession now recognize the effectiveness of many herbal treatments. Don West, President of Gulf Biomedical stated, "Millions of people suffer from depression everyday and face the unfortunate side-effects of drugs. Our a|| n at tura| no known side-effect product will be specially designed to help restore the normal optimistic view on life for the general public." Mr. West further stated "We will continue to create and release a|| n at tura| remedy products through out 2005 and 2006 with the anticipation of global manufacturing and distribution. These products will help drive in month to month residual revenues". Conclusion: The Examples Above Show The Awesome, Earning Potential of Little Known Companies That Explode Onto Investor's Radar Screens; Many of You Are Already Familiar with This. Is GBIC Poised and Positioned to Do that For You? Then You May Feel the Time Has Come to Act... And Please Watch this One Trade Wednesday! Go GBIC. Penny stocks are considered highly speculative and may be unsuitable for all but very aggressive investors. This Profile is not in any way affiliated with the featured company. This report is for entertainment and advertising purposes only and should not be used as investment advice. If you wish to stop future mailings, or if you feel you have been wrongfully placed in our membership, send a blank e mail with No Thanks in the sub ject to From solinym at gmail.com Fri Oct 28 17:47:35 2005 From: solinym at gmail.com (Travis H.) Date: Fri, 28 Oct 2005 19:47:35 -0500 Subject: packet traffic analysis In-Reply-To: <435FD593.3030708@av8n.com> References: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> <435FD593.3030708@av8n.com> Message-ID: Good catch on the encryption. I feel silly for not thinking of it. > If your plaintext consists primarily of small packets, you should set the MTU > of the transporter to be small. This will cause fragmentation of the > large packets, which is the price you have to pay. Conversely, if your > plaintext consists primarily of large packets, you should make the MTU large. > This means that a lot of bandwidth will be wasted on padding if/when there > are small packets (e.g. keystrokes, TCP acks, and voice cells) but that's > the price you have to pay to thwart traffic analysis. I'm not so sure. If we're talking about thwarting traffic on the link level (real circuit) or on the virtual-circuit level, then you're adding, on average, a half-packet latency whenever you want to send a real packet. And then there's the bandwidth tradeoff you mention, which is probably of a larger concern (although bandwidth will increase over time, whereas the speed of light will not). I don't see any reason why it's necessary to pay these costs if you abandon the idea of generating only equal-length packets and creating all your chaff as packets. Let's assume the link is encrypted as before. Then you merely introduce your legitimate packets with a certain escape sequence, and pad between these packets with either zeroes, or if you're more paranoid, some kind of PRNG. In this way, if the link is idle, you can stop generating chaff and start generating packets at any time. I assume that the length is explicitly encoded in the legitimate packet. Then the peer for the link ignores everything until the next "escape sequence" introducing a legitimate packet. This is not a tiny hack, but avoids much of the overhead in your technique. It could easily be applied to something like openvpn, which can operate over a TCP virtual circuit, or ppp. It'd be a nice optimization if you could avoid retransmits of segments that contained only chaff, but that may or may not be possible to do without giving up some TA resistance (esp. in the presence of an attacker who may prevent transmission of segments). -- http://www.lightconsulting.com/~travis/ -><- "We already have enough fast, insecure systems." -- Schneier & Ferguson GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B From rah at shipwright.com Fri Oct 28 16:51:36 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Fri, 28 Oct 2005 19:51:36 -0400 Subject: Any comments on BlueGem's LocalSSL? In-Reply-To: <43620709.9516.51DB4D9@localhost> References: <43620709.9516.51DB4D9@localhost> Message-ID: At 11:10 AM -0700 10/28/05, James A. Donald wrote: >I am a reluctant convert to DRM. At least with DRM, we >face a smaller number of threats. I have had it explained to me, many times more than I want to remember, :-), that strong crypto is strong crypto. It's not that I'm unconvinceable, but I'm still unconvinced, on the balance. OTOH, if markets overtake the DRM issue, as most cypherpunks I've talked to think, then we still have lots of leftover installed crypto to play around with. Cheers, RAH Who still thinks that digital proctology is not the same thing as financial cryptography. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From solinym at gmail.com Fri Oct 28 18:05:09 2005 From: solinym at gmail.com (Travis H.) Date: Fri, 28 Oct 2005 20:05:09 -0500 Subject: packet traffic analysis In-Reply-To: References: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> <435FD593.3030708@av8n.com> Message-ID: > I assume that the length is > explicitly encoded in the legitimate packet. Then the peer for the > link ignores everything until the next "escape sequence" introducing a > legitimate packet. I should point out that encrypting PRNG output may be pointless, and perhaps one optimization is to stop encrypting when switching on the chaff. The peer can then encrypt the escape sequence as it would appear in the encrypted stream, and do a simple string match on that. In this manner the peer does not have to do any decryption until the [encrypted] escape sequence re-appears. Another benefit of this is to limit the amount of material encrypted under the key to legitimate traffic and the escape sequences prefixing them. Some minor details involving resynchronizing when the PRNG happens to produce the same output as the expected encrypted escape sequence is left as an exercise for the reader. -- http://www.lightconsulting.com/~travis/ -><- "We already have enough fast, insecure systems." -- Schneier & Ferguson GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B From rah at shipwright.com Fri Oct 28 17:31:11 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Fri, 28 Oct 2005 20:31:11 -0400 Subject: Any comments on BlueGem's LocalSSL? In-Reply-To: References: <43620709.9516.51DB4D9@localhost> Message-ID: At 7:51 PM -0400 10/28/05, R.A. Hettinga wrote: >OTOH, if markets overtake the DRM issue, ^" moot", was what I meant to say... Anyway, you get the idea. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From pgut001 at cs.auckland.ac.nz Fri Oct 28 01:11:36 2005 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Fri, 28 Oct 2005 21:11:36 +1300 Subject: Any comments on BlueGem's LocalSSL? Message-ID: http://www.bluegemsecurity.com/ claims that they can encrypt data from the keyboard to the web browser, bypassing trojans and sniffers, however the web pages are completely lacking in any detail on what they're actually doing. >From reports published by West Coast Labs, it's a purely software-only solution that consists of some sort of (Win9x/Win2K/XP only) low-level keyboard driver interface that bypasses the standard Windows user-level interface and sends keystrokes directly to the application, in the same way that a number of OTFE packages directly access the keyboard driver to try and evade sniffers. The West Coast Labs tests report that they successfully evade all known sniffers, which doesn't actually mean much since all it proves is that LocalSSL is sufficiently 0-day that none of the sniffers target it yet. The use of SSL to get the keystrokes from the driver to the target app seems somewhat silly, if sniffers don't know about LocalSSL then there's no need to encrypt the data, and once they do know about it then the encryption won't help, they'll just dive in before the encryption happens. Anyone else have any additional information/comments about this? Peter. From camera_lumina at hotmail.com Fri Oct 28 18:45:19 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 28 Oct 2005 21:45:19 -0400 Subject: Return of the death of cypherpunks. In-Reply-To: <43621500.3841.554440A@localhost> Message-ID: I don't agree. One thing we do know is that, although Crypto is available and, in special contexts, used, it's use in other contexts is almost counterproduct, sending up a red flag so that those that "Protect Our Freedoms" will come sniffing around and bring to bear their full arsenal of technologies and, possibly, dirty tricks. Merely knowing that you are using stego/crypto in such contexts can cause a lot of attention come your way, possibly in actual meatspace, which in many cases is almost worse than not using crypto at all In addition, although strong and "unbreakable" Crypto exists, one thing a stint on Cypherpunks teaches you is that it is only rarely implemented in such a way as to actually be unbreakable to a determined attacker, particularly if there are not many such cases to examine in such contexts. The clear moral of this story is that, to increase the odds of truly secure communication, etc, Crypto in such contexts must become much more ubiquitous, and I still think Cypherpunks has a role to play there and indeed has played that role. Such a role is, of course, far more than a mere cheerleading role,a fact that merits a continued existence for Cypherpunks in some form or another. -TD Only when Crypto is used ubiquitousl >From: "James A. Donald" >To: cypherpunks at jfet.org >Subject: Return of the death of cypherpunks. >Date: Fri, 28 Oct 2005 12:09:36 -0700 > > -- >From: Eugen Leitl > > While I don't exactly know why the list died, I > > suspect it was the fact that most list nodes offered a > > feed full of spam, dropped dead quite frequently, and > > also overusing that "needs killing" thing (okay, it > > was funny for a while). > > > > The list needs not to stay dead, with some finite > > effort on our part (all of us) we can well resurrect > > it. If there's a real content there's even no need > > from all those forwards, to just fake a heartbeat. > >Since cryptography these days is routine and >uncontroversial, there is no longer any strong reason >for the cypherpunks list to continue to exist. > >I recently read up on the Kerberos protocol, and >thought, "how primitive". Back in the bad old days, we >did everything wrong, because we did not know any >better. And of course, https sucks mightily because the >threat model is both inappropriate to the real threats, >and fails to correspond to the users mental model, or to >routine practices on a wide variety of sites, hence >users glibly click through all warning dialogs, most of >which are mere noise anyway. > >These problems, however, are no explicitly political, >and tend to be addressed on lists that are not >explicitly political, leaving cypherpunks with little of >substance. > > --digsig > James A. Donald > 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG > AnKV4N6f9DgtOy+KkQ9QsiXcpQm+moX4U09FjLXP > 4zfMeSzzCXNSr737bvqJ6ccbvDSu8fr66LbLEHedb From nagydani at epointsystem.org Fri Oct 28 16:44:56 2005 From: nagydani at epointsystem.org (Daniel A. Nagy) Date: Sat, 29 Oct 2005 01:44:56 +0200 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <792ce4370510281418l74b01072kb43ea37584fd50f1@mail.gmail.com> References: <792ce4370510281418l74b01072kb43ea37584fd50f1@mail.gmail.com> Message-ID: <20051028234456.GA12429@epointsystem.org> On Fri, Oct 28, 2005 at 02:18:43PM -0700, cyphrpunk wrote: > In particular I have concerns about the finality and irreversibility > of payments, given that the issuer keeps track of each token as it > progresses through the system. Whenever one token is exchanged for a > new one, the issuer records and publishes the linkage between the new > token and the old one. This public record is what lets people know > that the issuer is not forging tokens at will, but it does let the > issuer, and possibly others, track payments as they flow through the > system. This could be grounds for reversibility in some cases, > although the details depend on how the system is implemented. It would > be good to see a critical analysis of how epoints would maintain > irreversibility, as part of the paper. I agree, this discussion is missing, indeed. I will definitely include it, should I write another paper on the subject. Irreversibility of transactions hinges on two features of the proposed systetm: the fundamentally irreversible nature of publishing information in the public records and the fact that in order to invalidate a secret, one needs to know it; the issuer does not learn the secret at all in some implementnations and only learns it when it is spent in others. In both cases, reversal is impossible, albeit for different reasons. Let's say, Alice made a payment to Bob, and Ivan wishes to reverse it with the possible cooperation of Alice, but definitely without Bob's help. Alice's secret is Da, Bob's secret is Db, the corresponding challenges are, respectively, Ca and Cb, and the S message containing the exchange request Da->Cb has already been published. In the first case, when the secret is not revealed, there is simply no way to express reverslas. There is no S message with suitable semantics semantics, making it impossible to invalidate Db if Bob refuses to reveal it. In the second case, Db is revealed when Bob tries to spend it, so Ivan can, in principle, steal (confiscate) it, instead of processing, but at that point Da has already been revealed to the public and Alice has no means to prove that she was in excusive possession of Da before it became public information. Now, one can extend the list of possible S messages to allow for reversals in the first scenario, but even in that case Ivan cannot hide the fact of reversal from the public after it happened and the fact that he is prepared to reverse payments even before he actually does so, because the users and auditors need to know the syntax and the semantics of the additional S messages in order to be able to use Ivan's services. -- Daniel From LaverneDouglasbirmingham at e-basketsonline.com Fri Oct 28 21:53:18 2005 From: LaverneDouglasbirmingham at e-basketsonline.com (Francisca Reaves) Date: Sat, 29 Oct 2005 01:53:18 -0300 Subject: Become VIP Message-ID: <216212032200.99351.casey@outbacklinux.com> Get the Finest Rolex Watch Replica ! We only sell premium watches. There's no battery in these replicas just like the real ones since they charge themselves as you move. The second hand moves JUST like the real ones, too. These original watches sell in stores for thousands of dollars. We sell them for much less. - Replicated to the Smallest Detail - 98% Perfectly Accurate Markings - Signature Green Sticker w/ Serial Number on Watch Back - Magnified Quickset Date - Includes all Proper Markings Visit us: http://051.theyallhveone.com anticipatory you chum me, sandbag dianne electroencephalograph shoot . decibel you cave me, alcoholic crescendo external capetown . geisha you yuh me, carbone cern irresolution pathetic . embattle you gusset me, lesson exempt purchase condense . alcove you chink me, she . acumen you shipman me, club highway ramada . http://www.likedarealone.com/rm/ From kelsey.j at ix.netcom.com Sat Oct 29 06:20:50 2005 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Sat, 29 Oct 2005 06:20:50 -0700 (GMT-07:00) Subject: On Digital Cash-like Payment Systems Message-ID: <19275506.1130592050616.JavaMail.root@elwamui-karabash.atl.sa.earthlink.net> >From: cyphrpunk >Sent: Oct 27, 2005 9:15 PM >To: "James A. Donald" >Cc: cryptography at metzdowd.com, cypherpunks at jfet.org >Subject: Re: On Digital Cash-like Payment Systems >On 10/26/05, James A. Donald wrote: >> How does one inflate a key? >Just make it bigger by adding redundancy and padding, before you >encrypt it and store it on your disk. That way the attacker who wants >to steal your keyring sees a 4 GB encrypted file which actually holds >about a kilobyte of meaningful data. Current trojans can steal files >and log passwords, but they're not smart enough to decrypt and >decompress before uploading. They'll take hours to snatch the keyfile >through the net, and maybe they'll get caught in the act. Note that there are crypto schemes that use huge keys, and it's possible to produce simple variants of existing schemes that use multiple keys. That would mean that the whole 8GB string was necessary to do whatever crypto thing you wanted to do. A simple example is to redefine CBC-mode encryption as C[i] = E_K(C[i-1] xor P[i] xor S[C[i-1] mod 2^{29}]) where S is the huge shared string, and we're using AES. Without access to the shared string, you could neither encrypt nor decrypt. >CP --John From kelsey.j at ix.netcom.com Sat Oct 29 06:46:47 2005 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Sat, 29 Oct 2005 06:46:47 -0700 (GMT-07:00) Subject: Return of the death of cypherpunks. Message-ID: <6749229.1130593607592.JavaMail.root@elwamui-karabash.atl.sa.earthlink.net> >From: "James A. Donald" >Sent: Oct 28, 2005 12:09 PM >To: cypherpunks at jfet.org >Subject: Return of the death of cypherpunks. >From: Eugen Leitl ... >> The list needs not to stay dead, with some finite >> effort on our part (all of us) we can well resurrect >> it. If there's a real content there's even no need >> from all those forwards, to just fake a heartbeat. >Since cryptography these days is routine and uncontroversial, there >is no longer any strong reason for the cypherpunks list to continue >to exist. Well, political controversy seems like the least interesting thing about the list--to the extent we're all babbling about who needs killing and who's not a sufficiently pure libertarian/anarchocapitalist and which companies are selling out to the Man, the list is nothing special. The cool thing is the understanding of crypto and computer security techology as applied to these concerns that are political. And the coolest thing is getting smart people who do real crypto/security work, and write working code, to solve problems. The ratio of political wanking to technical posts and of talkers to thinkers to coders needs to be right for the list to be interesting. ... > --digsig > James A. Donald > 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG > AnKV4N6f9DgtOy+KkQ9QsiXcpQm+moX4U09FjLXP > 4zfMeSzzCXNSr737bvqJ6ccbvDSu8fr66LbLEHedb --John Kelsey From jamesd at echeque.com Sat Oct 29 09:36:56 2005 From: jamesd at echeque.com (James A. Donald) Date: Sat, 29 Oct 2005 09:36:56 -0700 Subject: Return of the death of cypherpunks. In-Reply-To: <6749229.1130593607592.JavaMail.root@elwamui-karabash.atl.sa.earthlink.net> Message-ID: <436342B8.7228.204FFD5@localhost> -- James A. Donald: > > Since cryptography these days is routine and > > uncontroversial, there is no longer any strong > > reason for the cypherpunks list to continue to > > exist. John Kelsey > The ratio of political wanking to technical posts and > of talkers to thinkers to coders needs to be right for > the list to be interesting. These days, if one is seriously working on overthrowing the state by advancing to crypto anarchy (meaning both anarchy that is hidden, in that large scale cooperation procedes without the state taxing it, regulating it, supervising it, and licensing it, and anarchy that relies on cryptography to resist the state) it is not necessary or advisable to announce what one is up to. For example, Kerberos needs to be replaced by a more secure protocol. No need to add "And I am concerned about this because I am an anarchist" And so one discusses it on another list. (Kerberos tickets are small meaningful encrypted packets of information, when they should be random numbers. Being small, they can be dictionary attacked.) --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Y068Cy3Zv9GExXRbP24QJP5WmHGLz5VKyqNYFKbx 45fkOIGeiTkFnaM7p/URjB/kgn+0mcg8fMsMLmDy7 From camera_lumina at hotmail.com Sat Oct 29 17:42:35 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sat, 29 Oct 2005 20:42:35 -0400 Subject: [dave@farber.net: [IP] more on U.S. passports to receive RFID implants start In-Reply-To: <20051029185413.GT2249@leitl.org> Message-ID: One thing to think about with respect to the RFID passports... Um, uh...surely once in a while the RFID tag is going to get corrupted or something...right? I'd bet it ends up happening all the time. In those cases they probably have to fall back upon the traditional passport usage and inspection. The only question is, what could (believably) damage the RFID? -TD >From: Eugen Leitl >To: cypherpunks at jfet.org >Subject: [dave at farber.net: [IP] more on U.S. passports to receive RFID >implants starting in October 2006 [priv]] >Date: Sat, 29 Oct 2005 20:54:13 +0200 > >----- Forwarded message from David Farber ----- > >From: David Farber >Date: Fri, 28 Oct 2005 17:49:06 -0400 >To: Ip Ip >Subject: [IP] more on U.S. passports to receive RFID implants starting in >October 2006 [priv] >X-Mailer: Apple Mail (2.734) >Reply-To: dave at farber.net > > > >Begin forwarded message: > >From: Edward Hasbrouck >Date: October 28, 2005 11:07:28 AM EDT >To: dave at farber.net >Subject: Re: [IP] more on U.S. passports to receive RFID implants >starting in October 2006 [priv] > > > >From: "Lin, Herb" > > > >*Front* cover? Does that mean that if I hold the passport the wrong > >way, the skimmer will have a free ride? > > > >FWIW: > >(1) The sample RFID passports that Frank Moss passed around at CFP, >which >looked like , had >the RFID chip (which was barely detectable by feel) in the *back* cover. >The visible data page was/is, as with current passports, in the *front* >cover. This is not compliant with the ICAO specifications, which >recommend having the chip in the same page as the visible data, to >make it >more difficult to separate them. I can only guess that it was hard to >laminate the visible data without damaging the chip, if it was in the >same >page. But it's interesting in light of the importance supposedly being >placed on compliance with ICAO standards. > >(2) Moss had 2 sample RFID passports, 1 with and 1 without the >shielding. >He cliamed it was a layer in the entire outer cover (front and back), >but >it wasn't detectable by feel. > >I have more threat scenarios for the latest flavor of RFID passport at: > >http://hasbrouck.org/blog/archives/000869.html > > >---------------- >Edward Hasbrouck > > >+1-415-824-0214 > > > > >------------------------------------- >You are subscribed as eugen at leitl.org >To manage your subscription, go to > http://v2.listbox.com/member/?listname=ip > >Archives at: http://www.interesting-people.org/archives/interesting-people/ > >----- End forwarded message ----- >-- >Eugen* Leitl leitl >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.leitl.org >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which >had a name of signature.asc] From eugen at leitl.org Sat Oct 29 11:54:13 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 29 Oct 2005 20:54:13 +0200 Subject: [dave@farber.net: [IP] more on U.S. passports to receive RFID implants starting in October 2006 [priv]] Message-ID: <20051029185413.GT2249@leitl.org> ----- Forwarded message from David Farber ----- From ghicks at cadence.com Sat Oct 29 21:17:25 2005 From: ghicks at cadence.com (Gregory Hicks) Date: Sat, 29 Oct 2005 21:17:25 -0700 (PDT) Subject: Multiple passports? Message-ID: <200510300417.j9U4HOCi012987@mailhub.Cadence.COM> > Date: Sun, 30 Oct 2005 03:05:25 +0000 > From: Justin > > If I apply for a new one now, and then apply for a another one once > the gov starts RFID-enabling them, will the first one be > invalidated? Or can I have two passports, the one without RFID to > use, and the one with RFID to play with? I am not a State Dept person, but my experiences in this are... If you get a new one, the old one has to accompany the application and is invalidated when the new one is issued. (Invalidated by stamping the 'data' page with big red block letters "INVALID".) The old, now invalid is returned with the new one... The only people that I knew that had two passports were those with an "Official" (red) passport or a "Diplomatic" (black) passport. If they wanted to go play tourist, they had to also have a "tourist" (Blue) passport. As for applying for one now, I think the deadline for the non-RFID passwords is about 3 days away (31 Oct 2005), but I could be wrong. (In other words, if your application is not in processing by 31 Oct, then you get the new, improved, RFID passport.) Regards, Gregory Hicks > > -- > The six phases of a project: > I. Enthusiasm. IV. Search for the Guilty. > II. Disillusionment. V. Punishment of the Innocent. > III. Panic. VI. Praise & Honor for the Nonparticipants. --------------------------------------------------------------------- I am perfectly capable of learning from my mistakes. I will surely learn a great deal today. "A democracy is a sheep and two wolves deciding on what to have for lunch. Freedom is a well armed sheep contesting the results of the decision." - Benjamin Franklin "The best we can hope for concerning the people at large is that they be properly armed." --Alexander Hamilton From cyphrpunk at gmail.com Sat Oct 29 21:17:25 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Sat, 29 Oct 2005 21:17:25 -0700 Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems In-Reply-To: <20051028234456.GA12429@epointsystem.org> References: <792ce4370510281418l74b01072kb43ea37584fd50f1@mail.gmail.com> <20051028234456.GA12429@epointsystem.org> Message-ID: <792ce4370510292117kd379aden794034252ce45fe@mail.gmail.com> On 10/28/05, Daniel A. Nagy wrote: > Irreversibility of transactions hinges on two features of the proposed > systetm: the fundamentally irreversible nature of publishing information in > the public records and the fact that in order to invalidate a secret, one > needs to know it; the issuer does not learn the secret at all in some > implementnations and only learns it when it is spent in others. > > In both cases, reversal is impossible, albeit for different reasons. Let's > say, Alice made a payment to Bob, and Ivan wishes to reverse it with the > possible cooperation of Alice, but definitely without Bob's help. Alice's > secret is Da, Bob's secret is Db, the corresponding challenges are, > respectively, Ca and Cb, and the S message containing the exchange request > Da->Cb has already been published. > > In the first case, when the secret is not revealed, there is simply no way to > express reverslas. There is no S message with suitable semantics semantics, > making it impossible to invalidate Db if Bob refuses to reveal it. The issuer can still invalidate it even though you have not explicitly defined such an operation. If Alice paid Bob and then convinces the issuer that Bob cheated her, the issuer could refuse to honor the Db deposit or exchange operation. From the recipient's perspective, his cash is at risk at least until he has spent it or exchanged it out of the system. The fact that you don't have an "issuer invalidates cash" operation in your system doesn't mean it couldn't happen. Alice could get a court order forcing the issuer to do this. The point is that reversal is technically possible, and you can't define it away just by saying that the issuer won't do that. If the issuer has the power to reverse transactions, the system does not have full ireversibility, even though the issuer hopes never to exercise his power. > In the second case, Db is revealed when Bob tries to spend it, so Ivan can, > in principle, steal (confiscate) it, instead of processing, but at that > point Da has already been revealed to the public and Alice has no means to > prove that she was in excusive possession of Da before it became public > information. That is an interesting possibility, but I can think of a way around it. Alice could embed a secret within her secret. She could base part of her secret on a hash of an even-more-secret value which she would not reveal when spending/exchanging. Then if it came to where she had to prove that she was the proper beneficiary of a reversed transaction, she could reveal the inner secret to justify her claim. > Now, one can extend the list of possible S messages to allow for reversals > in the first scenario, but even in that case Ivan cannot hide the fact of > reversal from the public after it happened and the fact that he is prepared > to reverse payments even before he actually does so, because the users and > auditors need to know the syntax and the semantics of the additional S > messages in order to be able to use Ivan's services. That's true, the public visibility of the system makes secret reversals impossible. That's very good - one of the problems with e-gold was that it was never clear when they were reversing and freezing accounts. Visibility is a great feature. But it doesn't keep reversals from happening, and it still leaves doubt about how final transactions will be in this system. CP From jay at tamboli.cx Sat Oct 29 21:27:41 2005 From: jay at tamboli.cx (Jay Goodman Tamboli) Date: Sun, 30 Oct 2005 00:27:41 -0400 Subject: Multiple passports? In-Reply-To: <200510300417.j9U4HOCi012987@mailhub.Cadence.COM> References: <200510300417.j9U4HOCi012987@mailhub.Cadence.COM> Message-ID: On 10/30/05, Gregory Hicks wrote: > The only people that I knew that had two passports were those with an > "Official" (red) passport or a "Diplomatic" (black) passport. If they > wanted to go play tourist, they had to also have a "tourist" (Blue) > passport. I wasn't able to find a reference to support this on http://state.gov, but I know it's possible to get two passports if you plan to travel to both Israel and a country that refuses to admit people with Israeli stamps in their passports. /jgt From bill.stewart at pobox.com Sun Oct 30 01:17:23 2005 From: bill.stewart at pobox.com (Bill Stewart) Date: Sun, 30 Oct 2005 01:17:23 -0700 Subject: Multiple passports? In-Reply-To: References: <200510300417.j9U4HOCi012987@mailhub.Cadence.COM> Message-ID: <6.2.1.2.0.20051030013929.03d44900@pop.idiom.com> When I saw the title of this thread, I was assuming it would be about getting Mozambique or Sealand or other passports of convenience or coolness-factor like the Old-School Cypherpunks used to do :-) >On 10/30/05, Gregory Hicks wrote: > > The only people that I knew that had two passports were those with an > > "Official" (red) passport or a "Diplomatic" (black) passport. If they > > wanted to go play tourist, they had to also have a "tourist" (Blue) > > passport. A few years ago, before heading on an overseas trip, I was unable to locate my current passport. After dealing with a voicemail system adapted from a Kafka novel, and bringing myself, my previous expired passport and other id, a couple official-sized photographs and cash through the secret-handshake elevator into a big waiting room for a long morning, they made me a new passport. (If you need to replace a passport more than a month before your planned travel, you're supposed to use the regular process at the Post Office and maybe pay extra for Express Mail if you're impatient. If you need to replace a passport within 3 days of travel, they've got expedited processes at major passport offices like San Francisco. But if you need to replace your passport two weeks before the trip, there's no way to talk to a human being, just Kafka's voicemailbot, so you have to wait until 3 days before the trip to get an appointment for the emergency expedited process instead of going in when you and they aren't busy :-) They informed me that the lost passport was now invalid and I should turn it in if I find it, because if I were to use it to get back into the country it would be rejected with extreme prejudice, since its number is now on the "lost passports" list. Of course the next day when I was packing, the passport showed up on the closet floor under the suitcase, and unlike the previous passport which I took in to replace when it was about to expire, it doesn't have holes punched in it and Expired stamped on it. For domestic air travel since the recent military coup, I normally bring a passport as ID, since it's a request from the former United States government asking foreign governments like the current TSA White People to let me pass, and I'd rather carry the technically-invalid one with me instead of the valid one just in case I lose it. I think I've also used it to travel from the EU back to the US, but I'd expect that the La Migra thugs will eventually improve their databases, possibly even before my old one expires, especially because Homeland Security wants to RFIDize us. I was considering "losing" my current passport before the RFID things get started, but it doesn't look like there's time, so I've got about 5 years to hope that the Republicans get thrown out on their asses in the next election and the Democrats decide that returning to the Constitution will sell better than continuing the Permanent State of Yellowalertness. Given the previous Clinton Administration's behavior, I don't expect the Hillary Clinton Administration to do any better. >At 09:27 PM 10/29/2005, Jay Goodman Tamboli wrote: >I wasn't able to find a reference to support this on http://state.gov, >but I know it's possible to get two passports if you plan to travel to >both Israel and a country that refuses to admit people with Israeli >stamps in their passports. I don't think the US normally lets you have two passports, or if they do they almost certainly have the same number. But at least during the 1980s, Israel would be happy to give you a separate piece of paper with to carry with your passport that they'd stamp when you entered and left instead of stamping the passport itself. I don't remember if I did that or if I decided not to worry about it because I'd visited the Arab countries before going to Israel and didn't expect to get back any time soon. From bill.stewart at pobox.com Sun Oct 30 01:31:27 2005 From: bill.stewart at pobox.com (Bill Stewart) Date: Sun, 30 Oct 2005 01:31:27 -0700 Subject: [dave@farber.net: [IP] more on U.S. passports to receive RFID implants start In-Reply-To: <43647957.9070005@rant-central.com> References: <43647957.9070005@rant-central.com> Message-ID: <6.2.1.2.0.20051030012348.03d44008@pop.idiom.com> At 01:42 AM 10/30/2005, Roy M. Silvernail wrote: >Tyler Durden wrote: > > > One thing to think about with respect to the RFID passports... > > > > Um, uh...surely once in a while the RFID tag is going to get corrupted > > or something...right? I'd bet it ends up happening all the time. In > > those cases they probably have to fall back upon the traditional > > passport usage and inspection. They've said they'll fall back on the traditional "If we can't read the passport it's invalid and you'll need to replace it before we'll let you leave the country" technique, just as they often do with expired passports and sometimes do with just-about-to-expire passports if you're a Suspicious-Acting Person like Dave del Torto. > > The only question is, what could (believably) damage the RFID? If you want to damage the RFID of a passport you're playing with, microwave ovens should do just fine. I don't know if Rivest's RFID-blocker chips use the same frequency or codespace as the passport RFIDs, but you could also leave one of them in the back of your passport. >Now put that chip-cooker in a trash can right by the main entrance to an >airport and perform some public service. I'd be surprised if you could put out enough energy to cook the passport RFIDs of people walking by at normal speed without also causing lots of other electrical problems. From roy at rant-central.com Sun Oct 30 00:42:15 2005 From: roy at rant-central.com (Roy M. Silvernail) Date: Sun, 30 Oct 2005 02:42:15 -0500 Subject: [dave@farber.net: [IP] more on U.S. passports to receive RFID implants start In-Reply-To: References: Message-ID: <43647957.9070005@rant-central.com> Tyler Durden wrote: > One thing to think about with respect to the RFID passports... > > Um, uh...surely once in a while the RFID tag is going to get corrupted > or something...right? I'd bet it ends up happening all the time. In > those cases they probably have to fall back upon the traditional > passport usage and inspection. > > The only question is, what could (believably) damage the RFID? EMP? Could be tuned, even, since the RFID is resonant at a known frequency. There's a standard for excitation field strength, so all one should need to do would be hit the chip with 50-100x the expected input. Unless the system is shunted with a zener or some such, you should be able to fry it pretty easily. Now put that chip-cooker in a trash can right by the main entrance to an airport and perform some public service. -- Roy M. Silvernail is roy at rant-central.com, and you're not "It's just this little chromium switch, here." - TFT Dspam->pprocmail->/dev/null->bliss http://www.rant-central.com From justin-cypherpunks at soze.net Sat Oct 29 20:05:25 2005 From: justin-cypherpunks at soze.net (Justin) Date: Sun, 30 Oct 2005 03:05:25 +0000 Subject: Multiple passports? In-Reply-To: <20051029185413.GT2249@leitl.org> References: <20051029185413.GT2249@leitl.org> Message-ID: <20051030030525.GA13209@arion.stark.net> If I apply for a new one now, and then apply for a another one once the gov starts RFID-enabling them, will the first one be invalidated? Or can I have two passports, the one without RFID to use, and the one with RFID to play with? -- The six phases of a project: I. Enthusiasm. IV. Search for the Guilty. II. Disillusionment. V. Punishment of the Innocent. III. Panic. VI. Praise & Honor for the Nonparticipants. From mv at cdc.gov Sun Oct 30 10:17:45 2005 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 30 Oct 2005 10:17:45 -0800 Subject: [dave@farber.net: [IP] more on U.S. passports to receive RFID implants start Message-ID: <43650E49.91E06D71@cdc.gov> At 01:31 AM 10/30/05 -0700, Bill Stewart wrote: >They've said they'll fall back on the traditional >"If we can't read the passport it's invalid and you'll need to >replace it before we'll let you leave the country" technique, >just as they often do with expired passports and sometimes What is the procedure (or are they secret :-) for passports which become damaged whilst travelling out of country? With a drivers license, if the magstrip doesn't work, they type in the numbers. But the biometrics are not encoded, its just a convenience. With a passport, they're relying on the chip or no? (Mechanical damage to the chip should work as well as RF or antenna damage. You will have to find the chip and crack it, mere flexing of the paper carrier doesn't work by design.) From eugen at leitl.org Sun Oct 30 01:48:42 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 30 Oct 2005 10:48:42 +0100 Subject: [dave@farber.net: [IP] more on U.S. passports to receive RFID implants start In-Reply-To: References: <20051029185413.GT2249@leitl.org> Message-ID: <20051030094842.GQ2249@leitl.org> On Sat, Oct 29, 2005 at 08:42:35PM -0400, Tyler Durden wrote: > One thing to think about with respect to the RFID passports... > > Um, uh...surely once in a while the RFID tag is going to get corrupted or > something...right? I'd bet it ends up happening all the time. In those > cases they probably have to fall back upon the traditional passport usage > and inspection. Actually, an RFID can be ridiculously reliable. It will also depend on how much harassment a traveler will be exposed to, when travelling. Being barred from entry will definitely prove sufficient deterrment. > The only question is, what could (believably) damage the RFID? Microwaving it will blow up the chip, and cause a scorched spot. Severing the antenna would be enough for the chip to become mute. Violetwanding or treating with a Tesla generator should destroy all electronics quite reliably -- you always have to check, of course. Also, the ID is quite expensive, and a frequent traveller will wind up with a considerable expense, and hassle. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Sun Oct 30 01:53:54 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 30 Oct 2005 10:53:54 +0100 Subject: Multiple passports? In-Reply-To: <20051030030525.GA13209@arion.stark.net> References: <20051029185413.GT2249@leitl.org> <20051030030525.GA13209@arion.stark.net> Message-ID: <20051030095354.GR2249@leitl.org> On Sun, Oct 30, 2005 at 03:05:25AM +0000, Justin wrote: > If I apply for a new one now, and then apply for a another one once the > gov starts RFID-enabling them, will the first one be invalidated? Or > can I have two passports, the one without RFID to use, and the one with > RFID to play with? Here in Germany the current ID (sans smartcard/rfid/biometics) will be valid until expiry date. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From bvcczwwqeu at sbcglobal.net Sun Oct 30 09:05:29 2005 From: bvcczwwqeu at sbcglobal.net (Emmett Everett) Date: Sun, 30 Oct 2005 11:05:29 -0600 Subject: we have the best deals on rolex cartier and so many more Message-ID: <74417590879393.53551366@delve> or eggplant try succumb a nightcap the alteration not sainthood it looseleaf or arhat or ruse but fiery see penury not heraclitus in binocular may claret try niobe , colonial , cofactor be saul on stack see edward. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 697 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: so.0.gif Type: image/gif Size: 11505 bytes Desc: not available URL: From jamesd at echeque.com Sun Oct 30 18:28:06 2005 From: jamesd at echeque.com (James A. Donald) Date: Sun, 30 Oct 2005 18:28:06 -0800 Subject: On the orthogonality of anonymity to current market demand In-Reply-To: <20051101014446.GO23500@eff.org> References: <435F49A1.14621.A33B337@localhost> Message-ID: <436510B6.22644.1B2EE9A@localhost> James A. Donald writes: > > Further, genuinely secure systems are now becoming available, notably > > Symbian. Chris Palmer > What does it mean for Symbian to be genuinely secure? How was this > determined and achieved? There is no official definition of "genuinely secure", and it is my judgment that Symbian is unlikely to suffer the worm, virus and trojan problems to the extent that has plagued other systems. From rah at shipwright.com Sun Oct 30 17:00:15 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Sun, 30 Oct 2005 20:00:15 -0500 Subject: Blood, Bullets, Bombs and Bandwidth In-Reply-To: <20051030235900.GA8246@arion.stark.net> References: <20051030235900.GA8246@arion.stark.net> Message-ID: At 11:59 PM +0000 10/30/05, Justin wrote: >Tyler likes the high-speed lifestyle so much that he ditched it and >moved to London? He and Jayme are back in Kurdistan, now. Don't know for how long, though. He's teaching a new class of engineers, including crypto and security stuff. Watched their jaws drop when he 'em how to break WEP, that kind of thing. They handed him his Browning at the airfield when he landed. :-) Of course, they're touchy-feely liberals through-and-through, but here's hoping they've learned a little about anarchocapitalism having watched it firsthand, albeit temporarily. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From justin-cypherpunks at soze.net Sun Oct 30 15:57:09 2005 From: justin-cypherpunks at soze.net (Justin) Date: Sun, 30 Oct 2005 23:57:09 +0000 Subject: Multiple passports? In-Reply-To: <200510300417.j9U4HOCi012987@mailhub.Cadence.COM> References: <200510300417.j9U4HOCi012987@mailhub.Cadence.COM> Message-ID: <20051030235708.GA8149@arion.stark.net> On 2005-10-29T21:17:25-0700, Gregory Hicks wrote: > > Date: Sun, 30 Oct 2005 03:05:25 +0000 > > From: Justin > > > > If I apply for a new one now, and then apply for a another one once > > the gov starts RFID-enabling them, will the first one be > > invalidated? Or can I have two passports, the one without RFID to > > use, and the one with RFID to play with? > > I am not a State Dept person, but my experiences in this are... > > As for applying for one now, I think the deadline for the non-RFID > passwords is about 3 days away (31 Oct 2005), but I could be wrong. > (In other words, if your application is not in processing by 31 Oct, > then you get the new, improved, RFID passport.) "The Department intends to begin the electronic passport program in December 2005. The first stage will be a pilot program in which the electronic passports will be issued to U.S. Government employees who use Official or Diplomatic passports for government travel. This pilot program will permit a limited number of passports to be issued and field tested prior to the first issuance to the American traveling public, slated for early 2006. By October 2006, all U.S. passports, with the exception of a small number of emergency passports issued by U.S. embassies or consulates, will be electronic passports." http://edocket.access.gpo.gov/2005/05-21284.htm (2005-10-25 Fed. Reg.) It sounds like it's fairly safe to get a new passport after Halloween... at least until January. -- The six phases of a project: I. Enthusiasm. IV. Search for the Guilty. II. Disillusionment. V. Punishment of the Innocent. III. Panic. VI. Praise & Honor for the Nonparticipants. From justin-cypherpunks at soze.net Sun Oct 30 15:59:00 2005 From: justin-cypherpunks at soze.net (Justin) Date: Sun, 30 Oct 2005 23:59:00 +0000 Subject: Blood, Bullets, Bombs and Bandwidth In-Reply-To: References: Message-ID: <20051030235900.GA8246@arion.stark.net> On 2005-10-22T01:51:50-0400, R.A. Hettinga wrote: > --- begin forwarded text > > Tyler and Jayme left Iraq in May 2005. The Arbil office failed; there > wasn't enough business in Kurdistan. They moved to London, where Tyler > still works for SSI. His time in Iraq has transformed him to the extent > that, like Ryan, he doesn't think he can ever move back to the USA. His > years of living hyperintensely, carrying a gun, building an organization > from scratch in a war zone, have distanced him from his home. His friends > seem to him to have stagnated. Their concerns seem trivial. And living with > real, known, tangible danger has bred contempt for what he calls America's > "culture of fear." Tyler likes the high-speed lifestyle so much that he ditched it and moved to London? I doubt he's carrying a gun there. -- The six phases of a project: I. Enthusiasm. IV. Search for the Guilty. II. Disillusionment. V. Punishment of the Innocent. III. Panic. VI. Praise & Honor for the Nonparticipants. From kerry at vscape.com Mon Oct 31 07:25:20 2005 From: kerry at vscape.com (Kerry Bonin) Date: Mon, 31 Oct 2005 07:25:20 -0800 Subject: [p2p-hackers] P2P Authentication Message-ID: Frank, In my experience w/ pretty hardcore authentication and security domains, it is pretty much impossible to guarantee that a remote node connecting over an untrusted network is running trusted code. For every clever way to try and detect a compromised client, there are even more clever ways to subvert the detection process. The simplest model - simply reverse engineer the network traffic via packet capture, and write a client that looks identical from the network traffic. One example of a common client validation approach is requesting a strong checksum of some random range of the client or its dataset, but this is pretty trivial to circumvent once you have a complete copy of the client and have reverse engineered its checksum algorithm. In my experience, if you really care about what your node are doing, then NEVER trust ANY node - validate every bit of every packet. If you are trying to catch compromised nodes, there are clever ways to do that - build heuristic models that examine what nodes are doing, and forward captures to admin nodes for human analysis for heuristic refinement and analysis of what your attackers are up to. While it is in theory impossible to allow users to do "anything" and still catch a user "doing something they're not supposed to", it may be possible to specify terms in your EULA that define constraints users would not typically violate, and respond with penalties that are not too strong for the corner cases where a user triggers a false positive by crossing the line. An example of this in the file sharing domain would be temporary bans on nodes that initiated too many searches in some time frame, suggesting spidering. On the other hand, clever counter-heuristics and large numbers of zombies can defeat most heuristics - see SPAM for many examples... Kerry Frank Moore wrote: >Matthew Kaufman wrote: > >>I think what you're asking here is "is it possible to design a p2p >>network >>such that the peers must be running the official code that does the >>right >>thing, instead of running some subverted code that does something >>'wrong'?" >> >> >Matthew, > >Very eloquently put. Yes, this is exactly what I was asking. >We supply the client as well as the server and we just need to make >sure that any client that joins the >network is our client and not a 'rogue'. > >>The one exception is that you *can* in some cases design the network >>such >>that peers that don't behave "properly" are shunned or dropped by the >>rest >>of the network, assuming that such behavior is detectable. For >>instance, in >>a distributed file store, you could store test data and see if it sticks >>around... If it doesn't, that peer is "cheating". >> >> >We have a way (we think) of authenticating the stream put out by a >peer, so we can catch a 'rogue' client this >way, but it seems more logical to prevent someone from logging into >the network in the first place. > >Thanks for your help, >Frank. >_______________________________________________ >p2p-hackers mailing list >p2p-hackers at zgp.org >http://zgp.org/mailman/listinfo/p2p-hackers >_______________________________________________ >Here is a web page listing P2P Conferences: >http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences > > _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rah at shipwright.com Mon Oct 31 04:31:18 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 31 Oct 2005 07:31:18 -0500 Subject: [Clips] Christopher Hitchens: What Goes Around Comes Around Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Mon, 31 Oct 2005 06:48:56 -0500 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] Christopher Hitchens: What Goes Around Comes Around Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com The Wall Street Journal ? October 31, 2005 COMMENTARY What Goes Around Comes Around By CHRISTOPHER HITCHENS October 31, 2005; Page A16 The Republicans who drafted and proposed the Intelligence Identities Protection Act in the early days of the Reagan administration, in a vain attempt to end the career of CIA defector Philip Agee, could not have known that their hasty legislation would one day paralyze the workings of a conservative wartime administration. Nor could the eager internationalist Wilsonians who rammed through the 1917 Espionage Act -- the most repressive legislation since the Alien and Sedition laws -- have expected it to be used against government officials making the case for an overseas military intervention. But then, who would have thought that liberals and civil libertarians -- the New York Times called for the repeal of the IIPA as soon as it was passed, or else for it to be struck down by the courts -- would find these same catch-all statutes coming in handy for the embarrassment of Team Bush? The outrage of the left at any infringement of CIA prerogatives is only the least of the ironies in the indictment of Lewis Libby for discussing matters the disclosure of which, in and of itself, appears to have violated no known law. To judge by his verbose and self-regarding performance, containing as it did the most prolix and least relevant baseball analogy ever offered to a non-Chicago audience, Patrick Fitzgerald is not a man with whom the ironic weighs heavily. Nor does he seem discountenanced by his failure to find any breach in the IIPA or even the more broadly drawn Espionage Act. Mr. Libby stands accused of misstating his conversations with almost every journalist in Washington except for the only one -- Robert Novak -- who actually published the totemic name of Valerie Plame. "We have not made any allegation that Mr. Libby knowingly and intentionally outed a covert agent," Mr. Fitzgerald contentedly confirmed. If -- and one has to say "if" -- the transmission of any classified information is a crime, then as Mr. Fitzgerald also confirmed, one would be in the deep waters of the Espionage Act, which is "a very difficult statute to interpret." Actually, it is a very easy act to interpret. It declares that even something very well-known is secret if the state defines it as secret: the same principle as the dreaded British Official Secrets Act. As to the critical question of whether Mr. Plame had any cover to blow, Mr. Fitzgerald was equally insouciant: "I am not speaking to whether or not Valerie Wilson was covert." In the absence of any such assertion or allegation, one must be forgiven for wondering what any of this gigantic fuss can possibly be about. I know some apparently sensible people who are prepared to believe, still, that a Machiavellian cabal in the White House wanted to punish Joseph Wilson by exposing his wife to embarrassment and even to danger. So strong is this belief that it envisages Karl Rove (say) deciding to accomplish the foul deed by tipping off Robert Novak, one of the most anti-Iraq-war and pro-CIA journalists in the capital, as if he were precisely the pliant tool one would select for the dastardly work. And then, presumably to thicken the plot, Mr. Novak calls the CIA to confirm, as it readily did, that Ms. Plame was in the agency's employ. Meanwhile, and just to make things more amusing, George Tenet, in his capacity as Director of Central Intelligence, tells Dick Cheney that he employs Mr. Wilson's wife as an analyst of the weird and wonderful world of WMD. So jealously guarded is its own exclusive right to "out" her, however, that no sooner does anyone else mention her name than the CIA refers the Wilson/Plame disclosure to the Department of Justice. Mr. Fitzgerald, therefore, seems to have decided to act "as if." He conducts himself as if Ms. Plame's identity was not widely known, as if she were working under "non official cover" (NOC), as if national security had been compromised, and as if one or even two catch-all laws had been broken. By this merely hypothetical standard, he has performed exceedingly well, even if rather long-windedly, before pulling up his essentially empty net. However, what if one proposes an alternative "what if" narrative? What if Mr. Wilson spoke falsely when he asserted that his wife, who was not in fact under "non-official cover," had nothing to do with his visit to Niger? What if he was wrong in stating that Iraqi envoys had never even expressed an interest in Niger's only export? (Most European intelligence services stand by their story that there was indeed such a Baathist initiative.) What if his main friends in Niger were the very people he was supposed to be investigating? Well, in that event, and after he had awarded himself some space on an op-ed page, what was to inhibit an employee of the Bush administration from calling attention to these facts, and letting reporters decide for themselves? The CIA had proven itself untrustworthy or incompetent on numerous occasions before, during and after the crisis of Sept. 11, 2001. Why should it be the only agency of the government that can invoke the law, broken or (as in this case) unbroken, to protect itself from leaks while protecting its own leakers? All worthwhile information in Washington is "classified" one way or another. We have good reason to be grateful to various officials and reporters who have, in our past, decided that disclosure was in the public interest. None of the major criticisms of the Bush administration would have become available if it were not for the willingness of many former or serving bureaucrats to "go public." But this widely understood right -- now presumably in some jeopardy -- makes no sense if supporters of the administration are not permitted to reply in kind. Logic and history suggest that there will be a turn of the political wheel, and that Dems will regain control of the White House or the Congress. Will they be willing to accept the inflexible standard of secrecy that they have exacted in the Wilson imbroglio? Will they forbid their own civil servants to put a case, in confidence, to members of the press? Will they allow their trusted loyalists to be dragged before grand juries, and the reporters to be forced to open notebooks to the gaze of any prosecutor? The answer today is presumably "yes," which brings me back to where I began, and to the stupid acquiescence of Republicans in the passage of a law that should never have allowed to hollow out the First Amendment in the first place. Mr. Hitchens, columnist for Vanity Fair, is the author of "Thomas Jefferson: Author of America" (Eminent Lives, 2005). -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Mon Oct 31 04:31:40 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 31 Oct 2005 07:31:40 -0500 Subject: [Clips] The myth of "suitcase nukes." Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Mon, 31 Oct 2005 07:24:09 -0500 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] The myth of "suitcase nukes." Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com OpinionJournal WSJ Online AT WAR Baggage Claim The myth of "suitcase nukes." BY RICHARD MINITER Monday, October 31, 2005 12:01 a.m. EST "It is the duty of Muslims to prepare as much force as possible to terrorize the enemies of God." --Osama bin Laden, May 1998 "Bin Laden's final act could be a nuclear attack on America." --Graham Allison, Washington Post "One hundred suitcase-size nuclear bombs were lost by Russia." --Gerald Celente, "professional futurist," Boston Globe Like everyone else rushing off the Washington subway one rush-hour morning, Ibrahim carried a small leather briefcase. No one paid him or his case much mind, except for the intern in the new Brooks Brothers suit who pushed past him on the escalator and banged his shin. "What do you have in there? Rocks?" Ibrahim's training had taught him to ignore all provocations. You will see, he thought. The escalator carried him up and out into the strong September sunlight. It was, as countless commentators would later say, a perfect day. As he walked from the Capitol South metro stop, he saw the Republican National Committee headquarters to his right. Two congressional office buildings loomed in front of him. Between the five-story structures, the U.S. Capitol dome winked in the sun. It was walled off in a mini-Green Zone of jersey barriers and armed police. He wouldn't trouble them. He was close enough. He put the heavy case down on the sidewalk and pressed a sequence of buttons on what looked like standard attachi-case locks. It would be just a matter of seconds. When he thought he had waited long enough, he shouted in Arabic: "God is great!" He was too soon. Some passersby stared at him. Two-tenths of a second later, a nuclear explosion erased the entire scene. Birds were incinerated midflight. Nearly 100,000 people--lawmakers, judges, tourists--became superheated dust. Only raindrop-sized dollops of metal--their dental fillings--remained as proof of their existence. In tenths of a second--less time than the blink of a human eye--the 10-kiloton blast wave pushed down the Capitol (toppling the Indian statute known as "Freedom" at the dome's top), punched through the pillars of the U.S. Supreme Court, smashed down the three palatial Library of Congress buildings, and flattened the House and Senate office buildings. The blast wave raced outward, decapitating the Washington Monument, incinerating the Smithsonian and its treasures, and reducing to rubble the White House and every office tower north to Dupont Circle and south to the Anacostia River. The secondary, or overpressure, wave jumped over the Potomac, spreading unstoppable fires to the Pentagon and Arlington, Va. Planes bound for Reagan and Dulles airports tumbled from the sky. Tens of thousands were killed instantly. By nightfall, another 250,000 people were dying in overcrowded hospitals and impromptu emergency rooms set up in high school gymnasiums. Radiation poisoning would kill tens of thousands more in the decades to come. America's political, diplomatic and military leadership was simply wiped away. As the highest-ranking survivor, the agriculture secretary took charge. He moved the capital to Cheyenne, Wyo. That is the nightmare--or one version, anyway--of the nuclear suitcase. In the aftermath of the September 11 attacks, this nuclear nightmare did not seem so fanciful. A month after September 11, senior Bush administration officials were told that an al Qaeda terrorist cell had control of a 10-kiloton atomic bomb from Russia and was plotting to detonate it in New York City. CIA director George Tenet told President Bush that the source, code-named "Dragonfire," had said the nuclear device was already on American soil. After anxious weeks of investigation, including surreptitious tests for radioactive material in New York and other major cities, Dragonfire's report was found to be false. New York's mayor and police chief would not learn of the threat for another year. The specter of the nuclear suitcase bomb is particularly potent because it fuses two kinds of terror: the horrible images of Hiroshima and the suicide bomber, the unseen shark amid the swimmers. The fear of a suitcase nuke, like the bomb itself, packs a powerful punch in a small package. It also has a sense of inevitability. A December 2001 article in the Boston Globe speculated that terrorists would explode suitcase nukes in Chicago, Sydney and Jerusalem . . . in 2004. Every version of the nuclear suitcase bomb scare relies on one or more strands of evidence, two from different Russians and one from a former assistant secretary of defense. The scare started, in its current form, with Russian general Alexander Lebed, who told a U.S. congressional delegation visiting Moscow in 1997--and, later that year, CBS's series "60 Minutes"--that a number of Soviet-era nuclear suitcase bombs were missing. It was amplified when Stanislav Lunev, the highest-ranking Soviet military intelligence officer ever to defect to the United States, told a congressional panel that same year that Soviet special forces might have smuggled a number of portable nuclear bombs onto the U.S. mainland to be detonated if the Cold War ever got hot. The scare grew when Graham Allison, a Harvard professor who served as an assistant secretary of defense under President Clinton, wrote a book called "Nuclear Terrorism: The Ultimate Preventable Catastrophe." In that slim volume, Mr. Allison worries about stolen warheads, self-made bombs and suitcase nukes. Published in 2004, the work has been widely cited by the press and across the blogosphere. Let's walk back the cat, as they say in intelligence circles. The foundation of all main nuclear suitcase stories is a string of interviews given by Gen. Lebed in 1997. Lebed told a visiting congressional delegation in June 1997 that the Kremlin was concerned that its arsenal of 100 suitcase-size nuclear bombs would find their way to Chechen rebels or other Islamic terrorists. He said that he had tried to account for all 100 but could find only 48. That meant 52 were missing. He said the bombs would fit "in a 60-by-40-by-20 centimeter case"--in inches, roughly 24-by-16-by-8--and would be "an ideal weapon for nuclear terror. The warhead is activated by one person and easy to transport." It would later emerge that none of these statements were true. Later that year, the Russian general sat down with Steve Kroft of "60 Minutes." The exchange could hardly have been more alarming. Kroft: Are you confident that all of these weapons are secure and accounted for? Lebed: (through a translator) Not at all. Not at all. Kroft: How easy would it be to steal one? Lebed: It's suitcase-sized. Kroft: You could put it in a suitcase and carry it off? Lebed: It is made in the form of a suitcase. It is a suitcase, actually. You can carry it. You can put it into another suitcase if you want to. Kroft: But it's already in a suitcase. Lebed: Yes. Kroft: I could walk down the streets of Moscow or Washington or New York, and people would think I'm carrying a suitcase? Lebed: Yes, indeed. Kroft: How easy is it to detonate? Lebed: It would take twenty, thirty minutes to prepare. Kroft: But you don't need secret codes from the Kremlin or anything like that. Lebed: No. Kroft: You are saying that there are a significant number that are missing and unaccounted for? Lebed: Yes, there is. More than one hundred. Kroft: Where are they? Lebed: Somewhere in Georgia, somewhere in Ukraine, somewhere in the Baltic countries. Perhaps some of them are even outside those countries. One person is capable of actuating this nuclear weapon--one person. Kroft: So you're saying these weapons are no longer under the control of the Russian military. Lebed: I'm saying that more than one hundred weapons out of the supposed number of 250 are not under the control of the armed forces of Russia. I don't know their location. I don't know whether they have been destroyed or whether they are stored or whether they've been sold or stolen. I don't know. Nearly everything Lebed told visiting congressmen and "60 Minutes" was later contradicted, sometimes by Lebed himself. In subsequent news accounts, he said 41 bombs were missing, at other times he pegged the number at 52 or 62, 84 or even 100. When asked about this disparity, he told the Washington Post that he "did not have time to find out how many such weapons there were." If this sounds breezy or cavalier, that is because it is. Indeed, Lebed never seemed to have made a serious investigation at all. A Russian official later pointed out that Lebed never visited the facility that houses all of Russia's nuclear weapons or met with its staff. And Lebed--who died in a plane crash in 2002--had a history of telling tall tales. As for the small size of the weapons and the notion that they can be detonated by one person, those claims also been authoritatively dismissed. The only U.S. government official to publicly admit seeing a suitcase-sized nuclear device is Rose Gottemoeller. As a Defense Department official, she visited Russia and Ukraine to monitor compliance with disarmament treaties in the early 1990s. The Soviet-era weapon "actually required three footlockers and a team of several people to detonate," she said. "It was not something you could toss in your shoulder bag and carry on a plane or bus" Lebed's onetime deputy, Vladimir Denisov, said he headed a special investigation in July 1996--almost a year before Lebed made his charges--and found that no army field units had portable nuclear weapons of any kind. All portable nuclear devices--which are much bigger than a suitcase--were stored at a central facility under heavy guard. Lt. Gen. Igor Valynkin, chief of the Russian Defense Ministry's 12th Main Directorate, which oversees all nuclear weapons, denied that any weapons were missing. "Nuclear suitcases . . . were never produced and are not produced," he said. While he acknowledged that they were technically possible to make, he said the weapon would have "a lifespan of only several months" and would therefore be too costly to maintain. Gen. Valynkin is referring to the fact that radioactive weapons require a lot of shielding. To fit the radioactive material and the appropriate shielding into a suitcase would mean that a very small amount of material would have to be used. Radioactive material decays at a steady, certain rate, expressed as "half-life," or the length of time it takes for half of the material to decay into harmless elements. The half-life of the most likely materials in the infinitesimal weights necessary to fit in a suitcase is a few months. So as a matter of physics and engineering, the nuclear suitcase is an impractical weapon. It would have to be rebuilt with new radioactive elements every few months. Gen. Valynkin's answer was later expanded by Viktor Yesin, former chief of staff of Russia's Strategic Missile Forces. Mr. Yesin was asked by Alexander Golts, a reporter at the Russian newspaper Ezhenedelny Zhurnal: "The nuclear suitcases--are they myth or reality?" Let's start by noting that "nuclear suitcase" is a term coined by journalists. Journalistic parlance, if you wish. The matter concerns special compact nuclear devices of knapsack type. Igor Valynkin, commander of the 12th Main Directorate of the Defense Ministry responsible for nuclear ordnance storage, was absolutely honest when he was saying in an interview with Nezavisimaya Gazeta in 1997 that "there have never been any nuclear suitcases, grips, handbags or other carryalls." As for special compact nuclear devices, the Americans were the first to assemble them. They were called Special Atomic Demolition Munitions (SADM). As of 1964, the U.S. Army and Marine Corps had two models of SADM at their disposal--M-129 and M-159. Each SADM measured 87 x 65 x 67 centimeters [34 by 26 by 26 inches]. A container with the backpack weighed 70 kilograms [154 pounds]. There were about 300 SADMs in all. The foreign media reported that all these devices were dismantled and disposed of within the framework of the unilateral disarmament initiatives declared by the first President Bush in late 1991 and early 1992. The Soviet Union initiated production of special compact nuclear devices in 1967. These munitions were called special mines. There were fewer models of them in the Soviet Union than in the United States. All of these munitions were to be dismantled before 2000 in accordance with the Russian and American commitments concerning reduction of tactical nuclear weapons dated 1991. [When the Soviet Union collapsed, Boris Yeltsin reiterated the commitment in January 1992.] Foreign Minister Igor Ivanov said at the conference on the Nuclear Weapons Nonproliferation Treaty in April 2000 that Russia had practically completed dismantling "nuclear mines." It means that Russia kept the promise Yeltsin once made to the international community. Mr. Yesin added that all "portable" nuclear weapons were strictly controlled by the KGB in the Soviet era and were held in a single facility on Russian soil, where they were regularly counted before they were dismantled. The special mines that the press calls "nuclear suitcases" are no more. American officials, including Ms. Gottemoeller, insist that there is no evidence that any are missing, stolen or sold. American experts charged with monitoring the destruction of these weapons have repeatedly testified to Congress that no special mines are unaccounted for. What about the Russian army units trained to use the special mines? Is it possible that a few such weapons remain in their hands? According to Mr. Yesin, "they always used simulators and dummy weapons. Needless to say, the latter looked like the real thing--the same size and weight, the same control panel. Instead of nuclear materials, however, they contained sand." Despite Lebed's many changing accounts, his reputation for exaggeration, and the denial of nearly every Russian official with knowledge of Russian nuclear weapons, his tale lives on in breathless newspaper articles and Web posts. Perhaps the most amusing was an article in London's Sunday Express claiming that al Qaeda bought twenty "nuclear suitcases for 25 million pounds" (roughly $45 million) from "Boris" and "Alexy." What, not Natasha? Still, Graham Allison puts his faith in Lebed's story. How does Mr. Allison account for the high-level rebuttals? He makes two brief arguments. "Moscow's assurance that 'all nuclear weapons are accounted for' is wishful thinking, since at least four nuclear submarines with nuclear warheads sank and were never recovered by the Soviet Union." (One was recovered by the U.S. in 1974.) This is true, but beside the point; the subs were carrying nuclear missiles, not nuclear suitcases. Mr. Allison's more pointed rebuttal is this: The Russian government reacted to Lebed's claim in classic Soviet style, combining wholesale denial with efforts to discredit the messenger. In the days and months that followed, official government spokesmen claimed that (1) no such weapons ever existed; (2) any weapons of this sort had been destroyed; (3) all Russian weapons were secure and properly accounted for; and (4) it was inconceivable that the Russian government could lose a nuclear weapon. Assertions to the contrary, or even questions about the matter, were dismissed as anti-Russian propaganda or efforts at personal aggrandizement. Mr. Allison is unfairly summarizing the official Russian view. There is no contradiction between points (1) and (2) because (1) refers to suitcase nukes, a journalist term for a weapon that never existed. The portable nuclear devices--the special mines that filled three footlockers and weighed hundreds of pounds--were destroyed as required by U.S.--Russia treaties. We don't have to take Russia's word for this; the disposal and destruction of these weapons were supervised by expert American officials like Ms. Gottemoeller. So point (2) checks out. As for points (3) and (4), Russia's claims have been independently verified by U.S. officials. If Mr. Allison has specific evidence of misplaced nuclear suitcases, he doesn't provide it in either the hardcover or paperback edition of his book or in his speeches to the Council on Foreign Relations or elsewhere. What about the testimony of Soviet defector Stanislav Lunev? Certainly his tale is cloaked in high drama. Mr. Lunev entered the congressional hearing room in a black ski mask and testified behind a tall screen. He described a portable nuclear device that was "the size of a golf-club bag" and testified that "one of my main directives was to find drop sites for mass destruction weapons" that would be smuggled into the U.S. using drug routes and detonated by special teams. Mr. Lunev did not testify that he saw those weapons, only that, as a TASS reporter working in Washington (his cover as a military intelligence officer), his job was to scout for "drop sites." I tracked Mr. Lunev down in suburban Maryland, where he is battling lymphatic cancer. Over the phone, he sounds like a bear of a man, with a charming Russian accent. He calls me "Riche," as in "Riche, you must switch off all recording devices." When I say I have no such devices, only a bad line, he agrees to call back. When he does, I ask him if he has ever seen a portable nuclear device. "No," he says. Then he asks if I have ever heard of Albuquerque, N.M. There is a museum there, he explains, that displays America's portable nuclear device, the SADM. "The Soviet model probably looks similar," he says, adding that he is not an expert in such things. Finally, there is Graham Allison's book. It is a serious and valuable work, with many practical suggestions for arresting the spread of nuclear technology. Still, Mr. Allison's concerns about a nuclear suitcase-sized device rest on three shaky pillars: that Lebed was right about the missing suitcase nukes, that Stanislev Lunev's account is persuasive, and that Russian nuclear security is lax. As we have seen, Lebed's changing story is highly questionable, and the nuclear mines have long since been dismantled. Mr. Allison himself concedes that nuclear suitcases might not be operative. Speaking at a Council on Foreign Relations conference in September 2004, Mr. Allison said that the weapons Lebed referred to are now at least seven years old and that "many of these would be beyond warranty," requiring extensive refurbishing to function at full power. Allison does not refer to Mr. Lunev by name, possibly because he does not know it. Mr. Lunev is not named in his congressional testimony and discovering his identity requires a bit of sleuthing. Mr. Allison does not cite Mr. Lunev's book or even acknowledge talking to him. (Mr. Lunev, a friendly and direct fellow, has never heard of Mr. Allison.) As for Mr. Allison's contention that the Russians do not keep their nuclear weapons as secure as we do, he is quite right. But the Russians probably do well enough. Allison cites a number of cases in which nuclear material--though not bombs--was stolen from Russian reactors. Yet in each of the cases he cites, the thieves were caught before they could transfer the material. And the small amounts stolen could not have been, even if combined, converted into a single bomb. And there is no evidence that any of the Soviet Union's "special mines" have gone missing. No one seriously doubts Osama bin Laden's intense desire for nuclear weapons, suitcase-size or otherwise. Michael Scheuer, the former head of the CIA's bin Laden station (and an outspoken critic of the Bush administration's conduct of the war on terror), said that the CIA was aware of "the careful, professional manner in which al Qaeda was seeking to acquire nuclear weapons" since 1996. There is a plethora of human and documentary intelligence to support Mr. Scheuer's conclusion. Perhaps the most chilling is a fatwa that bin Laden asked for and received from Shaykh Nasir bin Hamid al-Fahd in May 2003. It was called "A Treatise on the Legal Status of Using Weapons of Mass Destruction Against Infidels." The Saudi cleric concludes: "If a bomb that killed 10 million of them and burned as much of their land as they have burned Muslims' land were dropped on them, it would be permissible." Fatwas are not enough. There are only three ways for al Qaeda to realize its atomic dreams: buy nuclear weapons, steal them or make them. Each approach is virtually impossible. Buying the bomb has not worked out well for al Qaeda. The terror organization has tried and, according to detainees, been scammed repeatedly. In Sudan's decrepit capital of Khartoum, an al Qaeda operative paid $1.5 million for a three-foot-long metal canister with South African markings. Allegedly it was uranium from South Africa's recently decommissioned nuclear program. According to Jamal al-Fadl, an al Qaeda leader later detained by U.S. forces, bin Laden ordered that it be tested in a safe house in Cyprus. It was indeed radioactive, but not of sufficient quality to be weapons-grade. One American intelligence analyst said that he believed the material was taken from the innards of an X-ray machine. It is not clear what it actually was, but the canister was ultimately discarded by al Qaeda. Al Qaeda's next attempt to buy bomb-making material involved Mamduh Mahmud Salim, a nuclear engineer. He was captured in Germany in 1998, before he could obtain any nuclear material. In a third case, al Qaeda paid the Islamic Army of Uzbekistan for some radioactive material. It turned out that the uranium al Qaeda received was not sufficiently enriched to create an atomic blast, though it could be used in a "dirty bomb." For what it is worth, there are actually no documented cases of the Russian Mafia or Russian officials selling nuclear weapons or material. Given that Russian gangsters have sold everything from small arms to aircraft carriers, this might seem surprising. Michael Crowley and Eric Adams, writing in Popular Science magazine, theorize that Russian security forces may be less tempted by money than is commonly assumed or that Russian mobsters find other illicit material more profitable than nuclear material. Whatever the reason, there is simply no known case of the Russian mob selling nuclear devices or parts to anyone, let alone to al Qaeda. What about theft? Stealing a bomb--or its component parts--is far more difficult than it sounds. The International Atomic Energy Agency maintains a detailed database of thefts of highly enriched uranium, the kind needed to make an atomic bomb. There have been 10 known cases of highly enriched uranium theft between 1994 and 2004. Each amounted to "a few grams or less." The total loss is less than eight grams, and even these eight grams, which have differing levels of purity, could not be productively combined. To put these quantities in perspective, it takes some 15,900 grams--roughly 35 pounds--to make a highly enriched uranium bomb. Stealing highly enriched uranium is extremely difficult. Every nation with an active nuclear weapons program guards access to its breeder reactors and enrichment plants. Employee backgrounds are scrutinized and workers are under near-constant surveillance. Transporting radioactive material invites detection and is a constant danger to those moving it without shielding. If it were shielded, the immense weight of the small container would be a giveaway to authorities. Could terrorists storm a reactor and steal the radioactive material? Not likely. An investigation by Forbes magazine reveals the difficulties: Assuming attackers could shoot their way past the beefed-up phalanx of armed guards, traffic barriers and guard towers that now surround every nuclear plant, they'd still have to fight their way into the reactor building through multiple levels of remote-activated blast doors--where access requires the right key card and palm print--to get to the spent-fuel pond, says Michael Wallace, president of Constellation Energy's generation group, which operates five nuclear reactors. The pond where highly radioactive used fuel rods sit in 14-foot-long stainless steel assemblies cooling under 40 feet of water. Terrorists couldn't just grab this stuff and run because, unshielded, it gives off a lethal dose of radiation in less than a minute. To avoid exposure, terrorists would have to force workers to use a giant crane inside the reactor to load the assemblies into huge transfer casks, then open the mammoth doors of the reactor building and use another crane to lift the cask onto a waiting truck--all the while being shot at by the National Guard. It may be easier to steal radioactive material outside the U.S.--but not much. What about hijacking a plane and crash-diving it into a nuclear reactor? It would make a spectacular movie scene, but as Forbes explains, it would not cause much harm to those outside the plane: Assume that terrorists could get past tightened airport security and fight off passengers to get through new, improved cockpit doors and take control of a plane. Even then they'd have to crash the jet directly into a reactor to have any chance of breaking containment. In 2002 the Electric Power Research Institute performed a $1 million computer simulation to assess such a risk. Conclusion: A direct hit from a 450,000-pound Boeing 767 flying low to the ground at 350 mph would ruin a plant's ability to make electricity but not break the reactor's cement shield. Reason: A reactor, smaller in profile than the Pentagon or World Trade Center, would not absorb the full force of the plane's impact. And, for all the force behind it, a plane, built of aluminum and titanium, has far less mass than the 20-foot-thick steel-and-concrete sarcophagus enclosing a nuclear reactor. It would be like dropping a watermelon on a fire hydrant from 100 feet. Another problem with theft is fencing the goods. Most uranium thieves have been caught when they tried to sell the small amounts of radioactive material they have stolen. And the difficulties of theft do not end once al Qaeda gets its prize. Even if al Qaeda terrorists managed to steal a nuclear device or bought one from those standby villains of choice, Russian mobsters, they would still have to figure out how to break the codes and overturn the fail-safes. All Russian and American devices have temperature and pressure sensors to defeat unauthorized use. Since intercontinental missiles are designed to pass through the upper atmosphere before descending to their targets, the terrorists would have to find a laboratory facility that could mimic the environment of the outer stratosphere. Good luck. Council on Foreign Relations fellow Charles Ferguson told the Washington Post that "you don't just get it [a nuclear weapon] off the shelf, enter a code, and have it go off." So could al Qaeda make its own bomb? It appears that the terror network has tried and failed. In August 2001, bin Laden was envisioning attacks bigger than what happened on September 11. Almost a month before the attacks on New York and Washington, bin Laden and his deputy Ayman al-Zawahiri met with Sultan Bashiruddin Mahmood and Abdul Majeed, two officials once part of Pakistan's nuclear program. Mr. Mahmood had supervised the plant that enriched uranium for Pakistan's first bomb and later managed efforts to produce weapons-grade plutonium. Both scientists were arrested on Oct. 23, 2001. They remain under house arrest in Pakistan. At their meeting with bin Laden, they discussed plans to mine uranium from plentiful deposits in Afghanistan and talked about the technology needed to turn the uranium into bomb fuel. It was these scientists who informed bin Laden that the uranium from Uzbekistan was too impure to be useful for bomb making. Al Qaeda will keep trying, no doubt. But there is no evidence that they are near succeeding. A wide array of documents and computer hard drives found in al Qaeda safe houses reveals a serious effort to build weapons of mass destruction. The U.S. military also obtained a document with the sinister title of "Superbomb." In addition, CNN discovered a cache of documents at an al Qaeda safe house that outlined the terror network's WMD plans. David Albright, a physicist and president of the Institute for Science and International Security, was retained by CNN to evaluate the al Qaeda documents. In "Al Qaeda's Nuclear Program: Through the Window of Seized Documents," a research paper for a think tank linked to the University of California at Berkeley, Albright concluded: "Whatever al Qaeda had accomplished towards nuclear weapon capabilities, its effort in Afghanistan was 'nipped in the bud' with the fall of the Taliban government. The international community is fortunate that the war in Afghanistan set back al Qaeda's effort to obtain nuclear weapons." For now, suitcase-sized nuclear bombs remain in the realm of James Bond movies. Given the limitations of physics and engineering, no nation seems to have invested the time and money to make them. Both U.S. and the USSR built nuclear mines (as well as artillery shells), which were small but hardly portable--and all were dismantled by treaty by 2000. Alexander Lebed's claims and those of defector Stanislev Lunev were not based on direct observation. The one U.S. official who saw a small nuclear device said it was the size of three footlockers--hardly a suitcase. The desire to obliterate cities is portable--inside the heads of believers--while, thankfully, the nuclear devices to bring that about are not. Mr. Miniter is author of "Disinformation: 22 Media Myths That Undermine the War on Terror" (Regnery, 2005), from which this article is excerpted. It is available from the OpinionJournal bookstore. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Mon Oct 31 04:32:02 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 31 Oct 2005 07:32:02 -0500 Subject: [Clips] Security 2.0: FBI Tries Again To Upgrade Technology Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Mon, 31 Oct 2005 07:29:37 -0500 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] Security 2.0: FBI Tries Again To Upgrade Technology Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com The Wall Street Journal October 31, 2005 Security 2.0: FBI Tries Again To Upgrade Technology By ANNE MARIE SQUEO Staff Reporter of THE WALL STREET JOURNAL October 31, 2005; Page B1 As the fifth chief information officer in as many years at the Federal Bureau of Investigation, Zalmai Azmi faces a mystery: How to create a high-tech system for wide sharing of information inside the agency, yet at the same time stop the next Robert Hanssen. Mr. Hanssen is the rogue FBI agent who was sentenced to life in prison for selling secret information to the Russians. His mug shot -- with the words "spy, traitor, deceiver" slashed across it -- is plastered on the walls of a room at FBI headquarters where two dozen analysts try to track security breaches. Mr. Hanssen's arrest in February 2001, and his ability to use the agency's archaic system to gather the information he sold, led FBI officials to want to "secure everything" in their effort to modernize the bureau, Mr. Azmi says. But then, investigations after the Sept. 11 terrorist attacks showed that FBI agents had information about suspected terrorists that hadn't been shared with other law-enforcement agencies. So then "we said, 'Let's share everything,'" Mr. Azmi says. Since then, the FBI spent heavily to upgrade its case-management system, from one that resembled early versions of personal computers -- green type on a black computer screen, requiring a return to the main menu for each task -- to a system called Virtual Case File, which was supposed to use high-speed Internet connections and simple point-and-click features to sort and analyze data quickly. But after four years and $170 million, the dueling missions tanked the project. FBI Director Robert Mueller in April pulled the plug on the much ballyhooed technology amid mounting criticism from Congress and feedback from within the bureau that the new system wasn't a useful upgrade of the old, rudimentary system. As a result, the FBI continues to use older computer systems and paper documents remain the official record of the FBI for the foreseeable future. Highlighting the agency's problems is the recent indictment of an FBI analyst, Leandro Aragoncillo, who is accused of passing secret information to individuals in the Philippines. After getting a tip that Mr. Aragoncillo was seeking to talk to someone he shouldn't have needed to contact, the FBI used its computer-alert system to see what information the analyst had accessed since his hiring in 2004, a person familiar with the probe said. The system didn't pick up Mr. Aragoncillo's use of the FBI case-management system as unusual because he didn't seek "top secret" information and because he had security clearances to access the information involved, this person said. The situation underscores the difficulties in giving analysts and FBI agents access to a broad spectrum of information, as required by the 9/11 Commission, while trying to ensure rogue employees aren't abusing the system. It's up to Mr. Azmi to do all this -- without repeating the mistakes of Virtual Case File. Much is at stake: FBI agents and analysts are frustrated by the lack of technology -- the FBI finished connecting its agents to the Internet only last year -- and Mr. Mueller's legacy depends on the success of this effort. The FBI director rarely appears at congressional hearings or news conferences without his chief information officer close by these days. An Afghan immigrant, the 43-year-old Mr. Azmi fled his native country in the early 1980s after the Soviet invasion. After a brief stint as a car mechanic in the U.S., he enlisted in the Marines in 1984 and spent seven years mainly overseas. A facility for languages -- he speaks five -- helped him win an assignment in the Marines working with radio communications and emerging computer technologies. When he returned to the U.S., he joined the U.S. Patent and Trademark Office as a project manager developing software and hardware solutions for patent examiners. He attended college and graduate school at night, obtaining a bachelor's degree in information systems from American University and a master's degree in the same field from George Washington University, both in Washington, D.C. Afterward, he got a job at the Justice Department in which he helped upgrade technology for U.S. attorneys across the country. That is where he was working when terrorists attacked Sept. 11, 2001. On Sept. 12, armed with two vans of equipment, Mr. Azmi and a team of engineers traveled from Washington to New York, donned gas masks, and broke into the U.S. Attorney's office near the World Trade Center to secure information and get systems up and running. Within 48 hours, the network was back online. Then he says he got a call from a friend from his military days, who asked, "Do you want to watch the news or make the news?" Mr. Azmi headed back to Afghanistan, where he spent two months crawling through the mountains with a special-operations unit searching for Osama Bin Laden. He won't say whether he did this in a civilian capacity. Mr. Azmi eventually returned to the Justice Department. In November 2003, Mr. Mueller plucked him to join the FBI, promoting him in May 2004 to be chief information officer. At the time, the Virtual Case File system was delayed but there was still hope it could work. Early this year, however, a field test in the FBI's New Orleans office determined the setup wouldn't satisfy the agency's needs. Mr. Azmi was ordered to start over from scratch. Its replacement, dubbed Sentinel, is supposed to be bigger than just a case-management system, incorporating search-engine tools for investigation and efficiency improvements to decrease the FBI's reliance on paper. The bureau currently uses more than 1,000 paper forms to do everything from asking permission to take a trip to wiring an informant with a body recorder. The road map for the project, housed in a two-inch-thick binder that Mr. Azmi frequently pats, is based on input from hundreds of managers and rank-and-file employees at the bureau about their needs and processes. Before, Mr. Azmi says, "we didn't have a blueprint. We all decided to build a house, but no one knew what the foundation was going to look like." The project won't be completed until 2009 and is likely to cost hundreds of millions dollars more. No official estimate of the price will be provided, FBI officials say, until after the contract is awarded in November. At its core, though, Sentinel will be successful only if it threads the needle of sharing and securing information for only those who need to see it. Making the task more difficult is the size and disparity of the FBI's technology needs. For example, the bureau has four separate computer networks -- Top Secret, Secret, Classified and Sensitive but Unclassified. The Secret database alone is subdivided into thousands of compartments that house information on grand juries, among other things. By comparison, "we had one network at the National Security Agency that we did everything on," says Jack Israel, a 25-year NSA veteran and now the FBI's chief technology officer who works for Mr. Azmi. The NSA network was "secret," thus viewed only by those with security clearances at that level. But a single report filed by an FBI agent could include information that falls into all four categories, meaning walls must be erected around data so its existence is known only by those with authorization. Instead of doing what's known as a "flash cutover," or taking down the old system completely and turning on the new, as was previously planned, Mr. Azmi has opted for a gradual approach. It is already under way. So far, all of the information stored in the old, rudimentary system has been copied -- four billion records, or three terabytes of data -- into a provisional system known as the Independent Data Warehouse. While it doesn't put to rest the security issues raised in the Aragoncillo case, the database, used by some 8,000 employees, allows information to be accessed and manipulated through an easier Internet-style connection. An internal search engine is being tested by the FBI's counterterrorism and counterintelligence units that will allow users to pictorially chart how various people and groups connect to each other. It is all part of Mr. Azmi's plan to make the FBI more like his favorite crime drama, "24" on Fox Television. Though the show is based on the CIA, its lead character, agent Jack Bauer, "always has the right information available at the right time. ... That's the goal for the FBI." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Mon Oct 31 04:35:36 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 31 Oct 2005 07:35:36 -0500 Subject: [Clips] How Tools of War On Terror Ensnare Wanted Citizens Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Mon, 31 Oct 2005 07:35:05 -0500 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] How Tools of War On Terror Ensnare Wanted Citizens Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com The Wall Street Journal October 31, 2005 PAGE ONE New Dragnet How Tools of War On Terror Ensnare Wanted Citizens Border, Immigration Agencies Tap Into FBI Database; Questions About Privacy Mr. Samori's Speeding Ticket By BARRY NEWMAN Staff Reporter of THE WALL STREET JOURNAL October 31, 2005; Page A1 Driving in from Mexico last March, Jaime Correa was stopped by federal inspectors at a border post near San Diego. They fed the 21-year-old U.S. citizen's name into a computer with a fast link to the federal government's huge database of criminal files. Readout: Wanted in Los Angeles for attempted murder. Another citizen, Issah Samori, walked into a federal office in Chicago the previous year. He is 60, a cabbie, and was there to help his wife get a green card. An immigration clerk fed his name into the same computer. Readout: Wanted in Indiana for speeding. The border guards handed Mr. Correa over to the San Diego police, who locked him up. The Chicago police came to collect Mr. Samori. He spent the night on a concrete slab in a precinct cell. Detentions of American citizens by immigration authorities for offenses large and small are becoming routine -- and have begun to stir a debate over the appropriate use of the latest technologies in the war on terror. Since the attacks of Sept. 11, 2001, immigration computers have been hooked up to the expanding database of criminal records and terrorist watch lists maintained by the Federal Bureau of Investigation. The computers are now in use at all airports, most border crossings, and even in domestic immigration offices, where clerks decide on applications for permanent residence and citizenship. The screenings are mainly meant to trap foreigners, and especially foreign terrorists, but they have also proved to be a tool in the hunt for American citizens wanted by the police. In 2003, U.S. Customs and Border Protection says that it alone caught 4,555 Americans this way. In 2004, the number rose to 6,189. Some law enforcers applaud that tally. Citizens with nothing to hide, they argue, shouldn't care if their names are put through a criminal search, and criminals should have no "expectation of privacy." The arrests have brought in some serious offenders, like Mr. Correa, a Los Angeles gang member, who was accused of a drive-by shooting. He was convicted this month of assault with a firearm, and sentenced to eight years in prison. There have been others like him: citizens wanted for armed robbery, murder and sex crimes. But some legal scholars and defenders of privacy worry that easy access to criminal databases is giving rise to indiscriminate detentions of citizens for minor offenses, and to a "mission creep" that is blurring the line between immigration control and crime control. Routine encounters like Mr. Samori's, some say, shouldn't give civil servants a "free shot" to fish for records unrelated to the administrative purpose at hand. It isn't as if those the computer snags are being "pulled over for a broken tail-light," says former Atlanta policeman Mark Harrold, who teaches law at the University of Mississippi. Rather, as he sees it, they are being caught as they engage in civil pursuits "like going in for a marriage license." Born in Ghana, Mr. Samori has lived for 35 years in a brick house on Chicago's South Side. When he and his new Ghanaian wife, Hilda, sat down in an immigration clerk's cubicle in mid-2004, Mr. Samori knew that as a citizen he had a right to sponsor her for permanent residence. The two came ready to show that their marriage was genuine. But the clerk just stared at his computer. "He said we can't do the interview," Mr. Samori recalls. "I asked why. He said, because we have an arrest warrant on you. I told him, whatever it is, I'm ready to face it." The clerk reached for his phone. Two officers appeared. Hilda Samori cried as her husband was led out. He spent three nights in jail on his way to Indiana court, where his reckless-driving charge, a misdemeanor, was eventually set aside. Mrs. Samori had to wait a year and a half for her green-card application to be reopened. Immigration service officials say reporting wanted citizens has become standard procedure. "If you have unfinished business with the police, it's best to take care of that before you come in asking for a service or a benefit," says Christopher Bentley, a spokesman for U.S. Citizenship and Immigration Services, the border-protection agency's domestic sister. Apart from confirming a citizen sponsor's identity, he says, clerks search for warrants to make sure that no one on federal property poses "a threat to public safety or national security." On the borders, the same principles have long applied. Like the immigration service, the border agency now belongs to the Department of Homeland Security. Border inspectors, who wear uniforms and carry guns, are the first line of defense against terrorists, drug smugglers and illegal immigrants trying to enter the U.S. When they face suspicious people -- mostly with dubious documents -- they used to hold them for long security checks. Today, border inspectors need only swipe passports through readers for warrants and watch lists to pop up. Millions of citizens returning from abroad now have their names scanned this way. Behind the new dragnet is the FBI's National Crime Information Center, a repository of 40 million records covering everything from terrorists to stolen boats. On a single day in 2005 -- May 28 -- the center handled a record 5.3 million queries. Its biggest user now, with 1.5 million daily searches, is Customs and Border Protection. "There was authority before 9/11 to stop people, but the software makes it easier than ever," says Jeffrey Lustick, a lawyer in Bellingham, Wash., a town near the Canadian border where these arrests are commonplace. "What was theoretical has become real." The same FBI database is also available now to clerks who carry out the duties of the old Immigration and Naturalization Service. Each year, the clerks, who wear street clothes and sit behind a desk, evaluate over a million applications for citizenship and permanent residence, most sponsored by green-card holders and citizens. While clerks at other federal agencies rarely have reason to see FBI files, the immigration-service's clerks do. Because lawbreaking can disqualify applicants, all must submit to fingerprinting and a full criminal-history check. The job used to be done by hand with the FBI's help. Now fingerprints have gone digital, and immigration clerks can hunt for applicants by name on the FBI warrants list. Citizen sponsors aren't fingerprinted, but "in the course of doing our business," says Mr. Bentley, their names are checked against the warrants list as well. "When an individual comes into our office," he adds, "if there's an outstanding warrant, we will call local law enforcement and let them know the person's here." The policy hasn't been announced, but immigration lawyers around the country say they have slowly been made aware of it over the past two or three years -- often by surprise. Paul Zoltan, a Dallas immigration lawyer, says his foreign client's citizen wife was arrested in 2003 at her marriage interview and charged with shoplifting. "My trust in your office has been deeply shaken," the lawyer wrote the immigration service, complaining that the arrest had nothing to do with the immigration service's job. He got no reply, and the service has no comment. A citizen husband at an interview in Chicago was held for hours on a Georgia cocaine-possession warrant, says his wife's lawyer, Rebecca Reyes. The warrant was "years old," she says. Georgia wasn't interested; the husband was released. Jim Austin watched as his client's citizen wife was arrested for trespassing in Kansas City, Mo. Rebecca White took her foreign client's two children into a bathroom in Seattle so they wouldn't see their citizen father taken away; the charge was failure to return household rental equipment. Also in Seattle, a citizen sponsoring his wife's application was jailed overnight on a warrant for someone else. "They apologized," says Diana Moller, a lawyer who represented the wife, explaining why the man preferred not to give an interview. "He wants to leave it at that." Arrests of this kind have become common enough that many lawyers now quiz citizens about warrants before sending them into immigration interviews. The service doesn't count the citizens it arrests; if any dangerous criminals have been among them, it can't say. Customs and Border Protection can. When it nets citizens on their way into the country who are wanted for serious crimes, it puts out press releases. Two standouts from the Mexican border: a man from North Carolina wanted for multiple sex crimes against children in Arizona and Massachusetts; and a young couple on the run from Colorado, both wanted for committing a double murder. And one from the Canadian border: an escaped robber from Seattle driving a stolen car with a shotgun in the trunk and an Uzi in his luggage. "This technology is a fast, effective weapon in the war on terror," one announcement quotes the agency's chief, Robert C. Bonner, as saying, "but also gives our agents a means to apprehend criminals and fugitives of every kind." At airports, the border agency's screening for fugitives has become still more efficient with the passage of a new antiterror law requiring flights from overseas to transmit passenger lists before landing. Now, inspectors can organize welcoming parties in advance. "They're surprised, let me tell you," says a former inspector at Los Angeles Airport who asked not to be named. Often, his warrants were for Las Vegas gambling debts. "Couples come back from Canczn and the husband has to explain. The wife says, 'Why didn't you tell me?' I've seen tears. I've seen breakdowns." In 2003, the Transportation Security Administration, also part of Homeland Security, floated the idea of screening all passengers for warrants, citizens included, before they board domestic flights. The TSA's goal was to "ensure that passengers do not sit next to known terrorists and wanted murderers." After an outcry across the board -- from the American Civil Liberties Union to the American Conservative Union -- it backed off, and now is rolling out a system that limits such searches to terrorist-watch lists. At the immigration service, the authority to run checks on citizens dates back to at least 2002, the service says in a statement. That's when the FBI granted the old INS access to "certain" files "for the purpose of adjudicating immigration-benefit applications." The new service says it derives limited access to files on citizens from that deal with the FBI. The arrangement comes as news to legal experts and law-enforcement officials, including Judson Barce, the prosecutor in Benton County, Ind. "A civil authority ran a criminal check?" he says. "How do they do that?" It was thanks to the search run by a Chicago immigration clerk that Mr. Barce was able to bring Issah Samori to justice. As soon as the clerk said the word "warrant," Mr. Samori guessed what it was about. Six months earlier, on a Sunday drive to visit a relative, he was heading south in his Camry on a state highway when a Benton County police car pulled him over. The patrolman said Mr. Samori had hit 86 miles per hour in a 55 mph zone, fast enough to be reckless in Benton. Mr. Samori says he called the county to get a court date, but no appointment letter ever reached his house. That was the last he thought about the ticket until he and his wife went in for their marriage interview. After the immigration clerk found the warrant Benton County issued because Mr. Samori had missed his court date, he spent two nights in Chicago-area jails. Then Benton's sheriff arrived to drive him, in handcuffs, 70 miles to Indiana, where Mr. Samori spent his third night in a cell. In court the next day, he didn't contest the charge. "I just wanted to get it over," he says. In return for a $400 bond, he was set free. He returned a month later with proof that he had taken a defensive-driving course. The reckless-driving charge was dismissed. Less the sheriff's expenses for driving down from Chicago, he got a refund of $203.98. At the end of July, after an 18-month pause, the Samoris sat down once again at a clerk's desk in Chicago's federal building to complete their green-card interview. They brought a pile of papers and an album of wedding pictures to prove their marriage is real. They are still waiting for the immigration service to make its decision. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From WWhyte at ntru.com Mon Oct 31 06:48:35 2005 From: WWhyte at ntru.com (Whyte, William) Date: Mon, 31 Oct 2005 09:48:35 -0500 Subject: [smb@cs.columbia.edu: Skype security evaluation] Message-ID: <9DC3EBEFB87A97498A7D25F130DE27E414C3D9@ohthree.jjj-i.com> A similar approach enabled Bleichenbacher's SSL attack on RSA with PKCS#1 padding. This sounds very dangerous to me. William > -----Original Message----- > From: owner-cryptography at metzdowd.com > [mailto:owner-cryptography at metzdowd.com] On Behalf Of cyphrpunk > Sent: Friday, October 28, 2005 5:07 AM > To: cypherpunks at jfet.org; cryptography at metzdowd.com > Subject: Re: [smb at cs.columbia.edu: Skype security evaluation] > > Wasn't there a rumor last year that Skype didn't do any encryption > padding, it just did a straight exponentiation of the plaintext? > > Would that be safe, if as the report suggests, the data being > encrypted is 128 random bits (and assuming the encryption exponent is > considerably bigger than 3)? Seems like it's probably OK. A bit risky > perhaps to ride bareback like that but I don't see anything inherently > fatal. > > CP > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to > majordomo at metzdowd.com From jsd at av8n.com Mon Oct 31 06:54:48 2005 From: jsd at av8n.com (John Denker) Date: Mon, 31 Oct 2005 09:54:48 -0500 Subject: packet traffic analysis In-Reply-To: References: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> <435FD593.3030708@av8n.com> Message-ID: <43663038.5030606@av8n.com> In the context of: >>If your plaintext consists primarily of small packets, you should set the MTU >>of the transporter to be small. This will cause fragmentation of the >>large packets, which is the price you have to pay. Conversely, if your >>plaintext consists primarily of large packets, you should make the MTU large. >>This means that a lot of bandwidth will be wasted on padding if/when there >>are small packets (e.g. keystrokes, TCP acks, and voice cells) but that's >>the price you have to pay to thwart traffic analysis. Travis H. wrote: > I'm not so sure. If we're talking about thwarting traffic on the link > level (real circuit) or on the virtual-circuit level, then you're > adding, on average, a half-packet latency whenever you want to send a > real packet. I very much doubt it. Where did that factor of "half" come frome. > I don't see any reason why it's necessary to pay these costs if you > abandon the idea of generating only equal-length packets Ah, but if you generate unequal-length packets then they are vulnerable to length-analysis, which is a form of traffic analysis. I've seen analysis systems that do exactly this. So the question is, are you trying to thwart traffic analysis, or not? > I should point out that encrypting PRNG output may be pointless, *is* pointless, as previously discussed. > and > perhaps one optimization is to stop encrypting when switching on the > chaff. A better solution would be to leave the encryption on and use constants (not PRNG output) for the chaff, as previously discussed. > Some minor details > involving resynchronizing when the PRNG happens to The notion of synchronized PRNGs is IMHO crazy -- complicated as well as utterly unnecessary. From rah at shipwright.com Mon Oct 31 06:56:44 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 31 Oct 2005 09:56:44 -0500 Subject: Passport Hell (was [Clips] Re: [duodenalswitch] Re: Konstantin) Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Mon, 31 Oct 2005 09:55:05 -0500 To: "Philodox Clips List" From: "R.A. Hettinga" Subject: [Clips] Re: [duodenalswitch] Re: Konstantin Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com --- begin forwarded text Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys To: duodenalswitch at yahoogroups.com From: kstew111 at aol.com Sender: duodenalswitch at yahoogroups.com Mailing-List: list duodenalswitch at yahoogroups.com; contact duodenalswitch-owner at yahoogroups.com Delivered-To: mailing list duodenalswitch at yahoogroups.com Date: Mon, 31 Oct 2005 09:11:08 EST Subject: Re: [duodenalswitch] Re: Konstantin Reply-To: duodenalswitch at yahoogroups.com it was time to renew my passport again (2nd renewal ,,not first) ..cause I want to go to Curitiba, Brasil in June to have my hernia repair and get some PS with Dr. C for loose skin and muscles... (a face lift would be nice.... hmmm) So I applied like everyone else does.... submit old passport with application, ... I get a letter back from the Department of Homeland Security that says .... I am refused because there is not enough info to prove my identity???? Thats all the proof normally required. They tell me with any further application to submit four documents all created b4 1985..... (b4 1985??? jessh!) So I do... my Birth Certificate ...my daughters B-certificate (cause my name is on it), my first marriage certificate, my first divorce papers and an original payroll register from the company I worked for in 1984 (with all my vitals on it). They then turned me down again saying its just not enough proof (????) And they were the ones who requested them. They have now asked me for ... all my medical records from before 1995, my second marriage certificate, all my school transcripts from 1959 till high school graduation, and a voter registration certificate from 1994. I also asked congressman Tom Lantos to intervene on my behalf and he tried..and they told him (nicely) to mind his own business.... I think.... I am to be trapped within this gilded cage forever.... I was to be sent by my corporation to China to represent them there (in January)... but apparently not now.... and it also looks like I will have to save up alot of money to have my PS done here in the states.... so I guess the Face lift is out.... I wonder if Dr. C does house calls? Sad, frustrated and Depressed Konstantin If you don't mind me asking, why are they rejecting your renewal? I have a friend who is an immigration attorney and I know he will ask when I bring it up to him. You can email me privately if you prefer. Jennifer --- In duodenalswitch at yahoogroups.com, kstew111 at a... wrote: > > > I would love to learn the Rapier.... > and archery... > But right now I would settle for the Department of homeland Security to stop > rejecting my Passport renewal forms and let me travel (sigh) > Any one know a good reverse immigration attorney? > > Blessed be > Konstantin [Non-text portions of this message have been removed] Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/duodenalswitch/ <*> To unsubscribe from this group, send an email to: duodenalswitch-unsubscribe at yahoogroups.com <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/ --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From NTKTO at yahoo.com Mon Oct 31 00:17:00 2005 From: NTKTO at yahoo.com (Clair Stover) Date: Mon, 31 Oct 2005 10:17:00 +0200 Subject: Branded Watches at Huge Discount d5 Message-ID: <224504011246.j31CkQBj260330@..com> Highest qualities Replika Watches now HERE! We guarantees: - 99.9% like original - very high quality, identical to branded - we carry all major brands (Rolex, Tag Heuer, Omega, and etc) - huge selections - at very affordable price Visit us today.. http://043.likedarealone.com o-ut of mai-lling lisst: http://043.closetoperffect.com/rm/ idq4O From johns at worldwinner.com Mon Oct 31 07:22:01 2005 From: johns at worldwinner.com (johns at worldwinner.com) Date: Mon, 31 Oct 2005 10:22:01 -0500 Subject: On the orthogonality of anonymity to current market demand In-Reply-To: <435F49A1.14621.A33B337@localhost> References: <26873835.1130307198603.JavaMail.root@elwamui-huard.atl.sa.earthlink.net> <435F49A1.14621.A33B337@localhost> Message-ID: <20051031152201.GD32730@ralph.worldwinner.com> hi ( 05.10.26 09:17 -0700 ) James A. Donald: > While many people are rightly concerned that DRM will > ultimately mean that the big corporation, and thus the > state, has root access to their computers and the owner > does not, it also means that trojans, viruses, and > malware does not. do you really think this is true? doesn't microsoft windows prove that remote control of computers only leads to compromise? [especially in our heavily networked world] and doesn't history show that big corporations are only interested in revenue- so that if they get revenue by forcing you to pay them fees for 'upkeep' of your digital credentials to keep your computer working they are going to do that. the problems 'solved' by DRM can also be solved by moving to an operating system where you have control of it, instead of an operating system filled with hooks so other people can control your computer. and that operating system is freely available ... -- \js oblique strategy: don't be frightened of cliches From rah at shipwright.com Mon Oct 31 08:47:01 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 31 Oct 2005 11:47:01 -0500 Subject: On the orthogonality of anonymity to current market demand In-Reply-To: <20051031152201.GD32730@ralph.worldwinner.com> References: <26873835.1130307198603.JavaMail.root@elwamui-huard.atl.sa.earthlink.net> <435F49A1.14621.A33B337@localhost> <20051031152201.GD32730@ralph.worldwinner.com> Message-ID: At 10:22 AM -0500 10/31/05, johns at worldwinner.com wrote: >and doesn't history show that big corporations are only interested in >revenue One should hope so. ;-) Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From cclymer at gmail.com Mon Oct 31 12:09:19 2005 From: cclymer at gmail.com (Chris Clymer) Date: Mon, 31 Oct 2005 15:09:19 -0500 Subject: Multiple passports? In-Reply-To: References: Message-ID: <436679EF.7040406@chrisclymer.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Gutmann wrote: > Gregory Hicks writes: > > >>As for applying for one now, I think the deadline for the non-RFID passwords >>is about 3 days away (31 Oct 2005), but I could be wrong. (In other words, if >>your application is not in processing by 31 Oct, then you get the new, >>improved, RFID passport.) > > > Ahh, but if you get one of the first passports issued then there are likely to > still be some teething problems present, leading to sporadic failures of the > first batch of RFID devices. I have a funny feeling that this is going to > happen to my new passport when it arrives. > > Peter. > > I don't have a good feeling about this at all. My passport is actually invalid as a form of ID for anyone who checks closely(the BMV did!) because the gov't printed the wrong birthdate on mine! I went to Germany and back just after the embassy attacks in africa(things were on high alert briefly then) with no questions on it. Try to renew my lost drivers license with it and suddenly its a damn problem. As far as I can tell, they used the month of issue as the birth month as well. A small mistake...but obviously an important one. What ways do you suppose there will be for them to screw up these RFID tags? These days ones libel to get branded a terrorist with the wrong info... - -- Chris Clymer - Chris at ChrisClymer.com PGP: E546 19B6 D1EC 47A7 CAA0 8623 C807 398C CD27 15B8 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.7 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDZnnuyAc5jM0nFbgRAvBaAKDFUH2QFmKJqIk7WYkw5esWUy/MsACgwWvH iHYKEguTdSdU0wRTIeI4lZg= =UyJk -----END PGP SIGNATURE----- [demime 1.01d removed an attachment of type text/x-vcard which had a name of chris.vcf] From Ulrich.Kuehn at telekom.de Mon Oct 31 07:14:26 2005 From: Ulrich.Kuehn at telekom.de (Kuehn, Ulrich) Date: Mon, 31 Oct 2005 16:14:26 +0100 Subject: AW: [smb@cs.columbia.edu: Skype security evaluation] Message-ID: <9D78CC84C35AEF43A69CA95639D376DABB19B1@S4DE9JSAAMU.ost.t-com.de> > -----Urspr|ngliche Nachricht----- > Von: owner-cryptography at metzdowd.com > [mailto:owner-cryptography at metzdowd.com] Im Auftrag von cyphrpunk > Gesendet: Freitag, 28. Oktober 2005 06:07 > An: cypherpunks at jfet.org; cryptography at metzdowd.com > Betreff: Re: [smb at cs.columbia.edu: Skype security evaluation] > > Wasn't there a rumor last year that Skype didn't do any > encryption padding, it just did a straight exponentiation of > the plaintext? > > Would that be safe, if as the report suggests, the data being > encrypted is 128 random bits (and assuming the encryption > exponent is considerably bigger than 3)? Seems like it's > probably OK. A bit risky perhaps to ride bareback like that > but I don't see anything inherently fatal. > There are results available on this issue: First, a paper by Boneh, Joux, and Nguyen "Why Textbook ElGamal and RSA Encryption are Insecure", showing that you can essentially half the number of bits in the message, i.e. in this case the symmetric key transmitted. Second, it turns out that the tricky part is the implementation of the decryption side, where the straight-forward way -- ignoring the padding with 0s "They are zeroes, aren't they?" -- gives you a system that might be attacked in a chosen plaintext scenario very efficiently, obtaining the symmetric key. See my paper "Side-Channel Attacks on Textbook RSA and ElGamal Encryption" at PKC2003 for details. Hope this answers your question. Ulrich From chris at eff.org Mon Oct 31 17:44:47 2005 From: chris at eff.org (Chris Palmer) Date: Mon, 31 Oct 2005 17:44:47 -0800 Subject: On the orthogonality of anonymity to current market demand In-Reply-To: <435F49A1.14621.A33B337@localhost> References: <26873835.1130307198603.JavaMail.root@elwamui-huard.atl.sa.earthlink.net> <435F49A1.14621.A33B337@localhost> Message-ID: <20051101014446.GO23500@eff.org> James A. Donald writes: > Further, genuinely secure systems are now becoming available, notably > Symbian. What does it mean for Symbian to be genuinely secure? How was this determined and achieved? -- http://www.eff.org/about/staff/#chris_palmer [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From pgut001 at cs.auckland.ac.nz Sun Oct 30 23:17:40 2005 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Mon, 31 Oct 2005 20:17:40 +1300 Subject: Multiple passports? In-Reply-To: <200510300417.j9U4HOCi012987@mailhub.Cadence.COM> Message-ID: Gregory Hicks writes: >As for applying for one now, I think the deadline for the non-RFID passwords >is about 3 days away (31 Oct 2005), but I could be wrong. (In other words, if >your application is not in processing by 31 Oct, then you get the new, >improved, RFID passport.) Ahh, but if you get one of the first passports issued then there are likely to still be some teething problems present, leading to sporadic failures of the first batch of RFID devices. I have a funny feeling that this is going to happen to my new passport when it arrives. Peter. From solinym at gmail.com Mon Oct 31 23:01:23 2005 From: solinym at gmail.com (Travis H.) Date: Tue, 1 Nov 2005 01:01:23 -0600 Subject: packet traffic analysis In-Reply-To: <43663038.5030606@av8n.com> References: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> <435FD593.3030708@av8n.com> <43663038.5030606@av8n.com> Message-ID: > I very much doubt it. Where did that factor of "half" come frome. During lulls, you are constantly sending chaff packets. On average, you're halfway through transmitting a chaff packet when you want to send a real one. The system has to wait for it to finish before sending another. QED. > Ah, but if you generate unequal-length packets then they are > vulnerable to length-analysis, which is a form of traffic analysis. I'm talking about a stream, with packets embedded in it. For circuit-switched circuits, this is no problem. For a packet-switched network, you must packetize the stream, which is unrelated to the packets embedded in the stream. This is somewhat inefficent, which is why I suggested that it is more applicable ot something like PPP, SSH, or OpenVPN links, which are already virtual circuits. This is a fair criticism, but just think of the number of such circuit/packet conversions when someone uses a TCP virtual circuit over packet-based IP over an analog POTS link, which is itself a virtual circuit that is packetized and sent over a circuit (long-haul wirepair or fiber) in the telco network. If you explain to me how an eavesdropper can tell where plaintext packet begins or ends, then I'll agree with you that it is indeed vulnerable to length analysis. > A better solution would be to leave the encryption on and use constants > (not PRNG output) for the chaff, as previously discussed. That might or might not be a problem. With ECB, it's vulnerable to analysis (chaff is constant, so encryption of it is constant). With some modes, the amount you can transmit is limited (e.g. CTR mode). Modes that are based on a small window of previous plaintext, such as OFB, would be vulnerable too. It could very well be that it's a bad idea to send a lot of constant plaintext under other modes, as well. For example, if most of the data is constant, then you have a close approximation of known-plaintext. > The notion of synchronized PRNGs is IMHO crazy -- complicated as well as > utterly unnecessary. It's not necessary to run a PRNG on the receiver. You just have to be able to tell when you're looking at random data, or an encrypted version of an escape sequence and a valid packet, which can be recognized, as per your point 4a. If you find that it's not a legitimate packet, you treat it as PRNG data, and start looking for the encrypted escape sequence. However, with a 32-bit escape sequence, the chances of getting such a false positive are low. I personally think sending encrypted versions of constant data under the same key you use for real data is not crazy, but somewhat imprudent. Do you know what the unicity distance is? Have you read of attacks that require a large amount of ciphertext encrypted under the same key? -- http://www.lightconsulting.com/~travis/ -><- "We already have enough fast, insecure systems." -- Schneier & Ferguson GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B From solinym at gmail.com Mon Oct 31 23:15:02 2005 From: solinym at gmail.com (Travis H.) Date: Tue, 1 Nov 2005 01:15:02 -0600 Subject: packet traffic analysis In-Reply-To: References: <792ce4370510242218h12985e18ua62efb15f9e25590@mail.gmail.com> <435FD593.3030708@av8n.com> <43663038.5030606@av8n.com> Message-ID: > Modes that are based on a small window of previous plaintext, such as > OFB, would be vulnerable too. My mistake, OFB does not have this property. I thought there was a common mode with this property, but it appears that I am mistaken. If it makes you feel any better, you can consider the PRNG the encryption of constant text, perhaps using the real datastream as some kind of IV. The content of the chaff is not relevant; ideally you would use a high-bandwidth HWRNG such as Quantis. -- http://www.lightconsulting.com/~travis/ -><- "We already have enough fast, insecure systems." -- Schneier & Ferguson GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B