Cryptography and Encryption Blog

On Wed, Mar 26, 2008 at 4:45 PM, mb <nospam.maillists@googlemail.com> wrote:
> Hm, just use autostart features and a script!? Something like a modern
> bootsector virus

hmm that will require a software/script to be loaded on the computer.

I was thinking more along the lines of WiebeTech's MouseJiggler[1],
where it just sends the mouse commands without loading any software.
Or maybe a pre-programmed keyboard that can send keystroke as soon as
it is connected, without requiring any software/script to be loaded.
Obviously this device would require a built-in processor and some
memory.

1. http://www.wiebetech.com/products/MouseJiggler.php
_______________________________________________
FDE mailing list
FDE@www.xml-dev.com
http://www.xml-dev.com/mailman/listinfo/fde

A paper enigma machine:

http://mckoss.com/Crypto/Enigma.htm

–
Perry E. Metzger perry@piermont.com

———————————————————————
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

Sure thing. In general, if your users are using pass-phrases shorter
than 9 characters, they can be cracked. If they use pass-phrases
longer than 9 characters, they may not be crackable. As someone else
said, if they are using two-factor authentication, they are in good
shape.

On Mar 26, 2008, at 10:25 AM, Owens Bernard B wrote:

> On Tue, 25 Mar 2008 20:04:29 -0700, Simson Garfinkel wrote:
>
>> But if you use strong passphrases and your users are torture-proof,
> they're probably on a pretty good footings.
>
> My users are tax collectors. They don't care enough to be
> torture-proof. For them, the methods you cite are of no practical
> value, being either unnecessary or illegal.
>
> For the general public, though, I think the original story spread
> disinformation. The quote from the DS made it sound like encryption
> simply doesn't work and so, to quote from another area of interest,
> "Resistance is futile." I find this sort of spin from law enforcement
> sources rather unsettling. It smacks of a lack of integrity and
> intellectual honesty. I always hope for better.
>
> Thanks for your thoughts,
>
> Bernard Owens
> USTreas/IRS
>
> _______________________________________________
> FDE mailing list
> FDE@www.xml-dev.com
> http://www.xml-dev.com/mailman/listinfo/fde
>

_______________________________________________
FDE mailing list
FDE@www.xml-dev.com
http://www.xml-dev.com/mailman/listinfo/fde

Hm, just use autostart features and a script!? Something like a modern
bootsector virus

Regards,
Mark

Ali, Saqib wrote:
> Hello All,
>
> I am looking for a USB device that can send pre-programmed key strokes
> when plugged-into the USB port. Any suggestions?
>
>
> Saqib
> _______________________________________________
> FDE mailing list
> FDE@www.xml-dev.com
> http://www.xml-dev.com/mailman/listinfo/fde

_______________________________________________
FDE mailing list
FDE@www.xml-dev.com
http://www.xml-dev.com/mailman/listinfo/fde

Hello All,

I am looking for a USB device that can send pre-programmed key strokes
when plugged-into the USB port. Any suggestions?

Saqib
_______________________________________________
FDE mailing list
FDE@www.xml-dev.com
http://www.xml-dev.com/mailman/listinfo/fde

On Mar 25, 2008, at 12:31 PM, Owens Bernard B wrote:

> The nexus between the referenced article and this list seems to be
> when Detective Sergeant Geoff Conway is quoted: "Encryption and
> passwords hold no fear for us. If there is something on a computer, we

> will find it."

Simson Garfinkel said:
>My understanding is that there are several standard ways of attacking
drive encryption:

* Asking the suspect for the encryption key
* Threatening the suspect to get the encryption key
* Brute forcing the passphrase using other information around
* Looking for the key in memory

>But if you use strong passphrases and your users are torture-proof,
they're probably on a pretty good footings.

Although isn't clear that the good detective was considering an FDE
solution, I would take exception to the above statement:

1. FDE solutions only protect the data when the computer has been
powered down, and in the case of software FDE, only after five minutes
or so have passed, because of the cold boot attack and other attacks.
2. Threatening the suspect with jail time or torture may or may not
work, depending on the jurisdiction, although it presumably won't work
in the case of a stolen laptop (unless the Mafia stole it along with
your kids.)
3. Brute-forcing the password with an offline attack is much easier
than most people realize, and is why we urge users to use two-factor
authentication with a hardware token to control their encryption keys.

Consider the following. Assuming you use a completely random password
generator to generate printable characters from the standard
96-character keyboard, that amounts to about 6.5 bits of entropy per
character. If you use numbers only, or natural language words, the
entropy drops to about 3.3 bits per character.

Most people have trouble remembering more than 8 random characters.
That amounts to 52 bits of entropy, or less than single-DES strength,
which as we know can be broken in less than a day with comparatively
modest resources – maybe even by the Metropolitan Police. If numbers or
words are used for an equivalent of a 26-bit key, a high-school kid
could break it on his PC in an afternoon.

Now, if the password mechanism uses PKCS#5 to slow down the logon
process deliberately, this might have the effect of adding some
additional resistance. Let's assume that an attacker might be able to
compute a password hash in a microsecond, but that PKCS#5 is used to
cause that to take 1 second per trial. That adds a factor of 10^6, or
another 20 bits of entropy. Now we are up to the equivalent of a 72-bit
key. But NIST is requiring at least 80-bit cryptography be used today,
and at least 128-bit keys for information that will have a useful life
past 2030.

That would require a 16-character fully random password, and if you want
to match the strength of AES-256, a 35-character password would be
required!

If you aren't using two-factor authentication with a hardware token that
enforces a hard limit on the number of incorrect PINs, then yes, you are
risk of merely annoying your users and fooling yourself into thinking
that you have more than passable security.

Bob

_______________________________________________
FDE mailing list
FDE@www.xml-dev.com
http://www.xml-dev.com/mailman/listinfo/fde

Dave Howe wrote:
> James A. Donald wrote:
>> From time to time I hear that DNSSEC is working fine, and on
>> examining the matter I find it is "working fine" except that ….
>
> DNSSEC is "working fine" as a technology. However, it is worth
> remembering that it works based on digitally signing an entire zone –
> the state of the world being what it is, most people prohibit xfer so
> any other technology that would allow a zonewalk is not going to be
> deployed.
>
> as far as I can tell, this is a basic design flaw, so isn't going to be
> rectified anytime soon.

RFC 5155 rectifies this design flaw.

–

http://www.apache-ssl.org/ben.html

http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." – Robert Woodruff

———————————————————————
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

On Tue, 25 Mar 2008 20:04:29 -0700, Simson Garfinkel <simsong@acm.org>
wrote…

> My understanding is that there are several standard ways of
> attacking drive encryption:
>
> * Asking the suspect for the encryption key
> * Threatening the suspect to get the encryption key
> * Brute forcing the passphrase using other information around
> * Looking for the key in memory
>
> But if you use strong passphrases and your users are torture-proof,
> they're probably on a pretty good footings.

You forgot the other side of the rubber hose attacks…extortion,
bribery (in this case, maybe a plea bargain for a severely reduced
sentence), etc. A user may be torture-proof, but assuming that their
is some other evidence that may convict them (as there often is),
they may still not want to waste away the rest of their lives
in jail.

I'm hoping–at this point at least–that the police in this country
aren't routinely sending their suspects to Gitmo for water-boarding
camp.

-kevin
—
Kevin W. Wall Qwest Information Technology, Inc.
Kevin.Wall@qwest.com Office Phone: 614.215.4788
"The reason you have people breaking into your software all
over the place is because your software sucks…"
— Former White House cyber security advisor, Richard Clarke,
at eWeek Security Summit

This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.

_______________________________________________
FDE mailing list
FDE@www.xml-dev.com
http://www.xml-dev.com/mailman/listinfo/fde

On Tue, 25 Mar 2008 20:04:29 -0700, Simson Garfinkel wrote:

>But if you use strong passphrases and your users are torture-proof,
they're probably on a pretty good footings.

My users are tax collectors. They don't care enough to be
torture-proof. For them, the methods you cite are of no practical
value, being either unnecessary or illegal.

For the general public, though, I think the original story spread
disinformation. The quote from the DS made it sound like encryption
simply doesn't work and so, to quote from another area of interest,
"Resistance is futile." I find this sort of spin from law enforcement
sources rather unsettling. It smacks of a lack of integrity and
intellectual honesty. I always hope for better.

Thanks for your thoughts,

Bernard Owens
USTreas/IRS

_______________________________________________
FDE mailing list
FDE@www.xml-dev.com
http://www.xml-dev.com/mailman/listinfo/fde

On Fri, 21 Mar 2008 08:52:07 +1000
"James A. Donald" <jamesd@echeque.com> wrote:

> From time to time I hear that DNSSEC is working fine, and on
> examining the matter I find it is "working fine" except that ….
>
> Seems to me that if DNSSEC is actually working fine, I should be able
> to provide an authoritative public key for any domain name I control,
> and should be able to obtain such keys for other domain names, and
> use such keys for any purpose, not just those purposes envisaged in
> the DNSSEC specification. Can I? It is not apparent to me that I
> can.
>
You might want to look at RFC 3445 and draft-iab-dns-choices-05.txt.

As for DNSSEC keys — DNSSEC is for securing the DNS. Once you've done
that, you can put other records in the DNS, but there are some subtle
points in DNS RR design that should be heeded.

–Steve Bellovin, http://www.cs.columbia.edu/~smb

———————————————————————
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com