Category Archives: Cryptography

Good Advice for Edgy Demos in Talks: Be Patient

Posted on July 3, 2009 by Michael Froomkin

This guest posting ex-cypherpunk mordaxus at Emergent Chaos gets how judges think. And uses the word “gedanken” properly. Must be someone I know. The “gedanken” limits the field some too.

Emergent Chaos: The Punch Line Goes at the End

Last year, the big cancellation was the team of MIT students who broke the Boston MBTA Charlie Card system. There was a legal injunction put against them that spoilt their presentation. The fault, in my opinion went to them for naming their talk, “How To Get Free Subway Rides For Life.”

Imagine that you are a judge who is interrupted from an otherwise pleasant Saturday by panicky people who want an injunction against a talk with such a dramatic NAME, you ll at least listen to them. You decide that sure, no harm to society will come from an injunction from Saturday til Monday, and you d be right. No harm came to society, DefCon was merely a little less interesting.

Now imagine that you are the same judge and you re asked for an injunction against the talk, A Practical Cryptanalysis of the Mifare Chip as Implemented in the MBTA. That one can wait until Monday, and the talk goes on.

In a similar gedanken experiment, imagine that you are the VP of Corporate Communications for the XYZ ATM Corp. You learn that in a few weeks, someone is going to do ATM Jackpot with one of your ATMs in some show in Vegas. Despite the fact that someone else in the company approved it, what do you? You pressure them to cancel. Duh. If you don t, then you re going to spend most of August reassuring people about your products, your boss is going to be really ticked at you after all, isn t it the job of Corporate Communications to control these things? , and it s just going to be no fun. This is also why you re paid the big bucks, to make embarrassments go away.

This is why if you are a researcher, you do not NAME your talk, ATM Jackpot you NAME it Penetration Testing of Standalone Financial Services Systems. It is only on stage that you fire up the flashing lights and clanging bells and make the ATM spit out C-notes for minutes on end. That would get you all the publicity for your talk that you want, and you actually get to give it. Remember, do as I say, not as I do. If you have a flashy Black Hat talk, put the punch line at the end of the joke.

But impressed as I am with the acuity of the analysis, I'd like to know why the site caused a cross-site scripting attack warning to come up when I auto-pasted the above into my blog. First time ever that has happened.

Posted in Cryptography | 1 Comment

Someone Could Make Money on This

Posted on July 2, 2009 by Michael Froomkin

There's clearly a business model here for a multi-national legal partnership willing to provide this service at commodity prices.

Tales from the encrypt: the secrets of data protection | Technology | guardian.co.uk

But what if I were killed or incapacitated before I managed to hand the passphrase over to an executor or solicitor who could use them to unlock all this stuff that will be critical to winding down my affairs – or keeping them going, in the event that I'm incapacitated? I don't want to simply hand the passphrase over to my wife, or my lawyer. Partly that's because the secrecy of a passphrase known only to one person and never written down is vastly superior to the secrecy of a passphrase that has been written down and stored in more than one place. Further, many countries's laws make it difficult or impossible for a court to order you to turn over your keys; once the passphrase is known by a third party, its security from legal attack is greatly undermined, as the law generally protects your knowledge of someone else's keys to a lesser extent than it protects your own.

Finally, I hit on a simple solution: I'd split the passphrase in two, and give half of it to my wife, and the other half to my parents' lawyer in Toronto. The lawyer is out of reach of a British court order, and my wife's half of the passphrase is useless without the lawyer's half (and she's out of reach of a Canadian court order). If a situation arises that demands that my lawyer get his half to my wife, he can dictate it over the phone, or encrypt it with her public key and email it to her, or just fly to London and give it to her.

As simple as this solution is, it leaves a few loose ends: first, what does my wife do to safeguard her half of the key should she perish with me? The answer is to entrust it to a second attorney in the UK (I can return the favour by sending her key to my lawyer in Toronto). Next, how do I transmit the key to the lawyer? I've opted for a written sheet of instructions, including the key, that I will print on my next visit to Canada and physically deliver to the lawyer.

Someone could package this. There would be some details to work out, especially how best to transport the data (internet? post? special encrypted usb sticks?), but it could be done.

Posted in Cryptography, Law: Practice | 1 Comment

More on the Joys of Weak Passphrases

Posted on March 3, 2009 by Michael Froomkin

Emergent Chaos: This Data Will Self-Destruct in 5 Seconds is a fine chaser to Pentagon Media Strategy Document Decrypted Due to Weak Passphrase.

Posted in Cryptography | Comments Off on More on the Joys of Weak Passphrases

Pentagon Media Strategy Document Decrypted Due to Weak Passphrase

Posted on March 2, 2009 by Michael Froomkin

RISKS Digest, Wikileaks cracks key NATO document on Afghan war

Wikileaks has cracked the encryption a key NATO document relating to the war in Afghanistan. The document, titled “NATO in Afghanistan: Master Narrative”, details the key facts and themes NATO representatives are to give—and to avoid giving—to the world press.

Among the revelations … is Jordan's presence as secret member of the US lead occupation force.

The password is “progress”, which perhaps reflects the Pentagon's desire to stay on-message, even to itself.

Wikileaks identified four other documents on the Pentagon web site with the same password.

Remember: strong crypto isn't much use if you have a weak passphrase.

Posted in Cryptography, National Security | Comments Off on Pentagon Media Strategy Document Decrypted Due to Weak Passphrase

Skype Security Considerations

Posted on January 21, 2009 by Michael Froomkin

Financial Cryptography: Skype: the gloss is losing its shine has lots of food for thought.

I just wish financialcryptography.com would format its RSS feed in a way my reader could parse better…

Posted in Cryptography, Law: Privacy | 1 Comment

So Much for Safe Browsing (Temporarily)

Posted on December 30, 2008 by Michael Froomkin

Via Ed Felton, news of a medium-sized bombshell in Researchers Show How to Forge Site Certificates:

Today at the Chaos Computing Congress, a group of researchers (Alex Sotirov, Marc Stevens, Jake Appelbaum, Arjen Lenstra, Benne de Weger, and David Molnar) announced that they have found a way to forge website certificates that will be accepted as valid by most browsers. This means that they can successfully impersonate any website, even for secure connections.

This is a big deal. But as Ed explains, it is based on an making worse a known weakness in the “MD5 with RSA” hashing algorithm. It can be fixed by having Equifax, which uses this now shown-to-be-insecure hast, replace the hash with something better. And having Equifax (and anyone else using it) revoking all existing certs based on this now vulnerable hash. (Which will cause a new wave of people ignoring security warnings…)

And, as Ed wisely notes,

… this is a sobering reminder that the certification process that underlies web site authentication —- a mechanism we all rely upon daily —- is far from bulletproof.

Posted in Cryptography, Internet | 2 Comments