Wednesday, September 29, 2004

Everybody loves Darren

Slashdot posted to OpenBSD 3.6 Song Released
as Darren Reed and the OpenBSD song:

The author of ipf (Darren Reed) is regularly on the openbsd mailing lists, and quite often it's just gripe. This whole issue has become quite personal, jugding from the posts.

Yeah, what's up with that? His contributions vary from sardonic to the merely sarcastic. Darren is clearly a bright guy, his criticism could be constructive if he wanted.

Back on topic, this post by Darren is particularly amusing:

To: (Theo de Raadt)
Subject: Re: OpenBSD 3.6
From: Darren Reed <>
Date: Wed, 29 Sep 2004 12:14:38 +1000 (Australia/ACT)

Hey wow, I just got told that I get a mention in the lyrics :)
Thanks :)

That's almost enough to tempt me into buying my 1st ever CD :)

Not everyone gets immortalised (for better or worse) into song so thanks :)

Tuesday, September 14, 2004

Vulnerabilities in One Time Password (OTP) systems

Slashdot posted to Banks Begin To Use RSA Keys as Challenge-response vs response-only:

Challenge-response isn't inherently more secure than an auto-updating number based on time. Both are basically implementations of a pseudo-random function. With the auto-updater, the current time is essentially the challenge. And not having to type/scan in an explicit challenge is a lot more usable

Good point. There are also a number of vendors who have response-only tokens, less expensive competitors to RSA.

Also, the old X9.9 based Secure Net Key (SNK, aka Axent Defender) implementation of challenge-response was fatally flawed. There are still versions of this floating around, and it is an optional mode for the VASCO, Safeword, and CryptoCard tokens.

How long before someone finds a fast way of factoring large numbers and we're all screwed?

There's no direct relationship between the SecurID tokens sold by RSA and the old RSA algorithm.

Actually, the latest generation of SecurID tokens use AES, however RSA still ships backlogs of the older tokens which are built around a proprietary hash.

Like most other response-only tokens, the authentication is based not on large primes like public-key authentication but rather on a shared secret (one embedded in the token, the other stored on the authentication server.

Much work has been done towards cryptanalysis of response-only tokens, and a well-designed authentication system is very difficult to break blindly, just from observation of a few response pairs. There have been potentially successful attacks proposed against the old SecurID tokens due to a "vanishing differential" problem with certain seed values, but no proof of concept against that has succeeded, and the new AES tokens should not be vulnerable. More on this is available from the SecurID Users group.

As a counter-example, the old X9.9 challenge-response authentication system was based on DES encryption, and was not well-designed, was fatally flawed. Observation of a handful of challenges and responses cojuld allow an attacker to determine the seed value and compromise the authenticator.

Sunday, September 12, 2004

Petty theft deterrants

Slashdot posted to Home Defense, Geek Style? |
as Petty theft deterrants:
l0ungeb0y writes:
Sorry for being so blunt, but unless she's able to park the car in a secure area such as a garage, there's basically nothing that you can do beyond a car alarm to deter a break in.

Too true. Crooks are deterred by well-lighted areas and cameras, anything that can get them caught (by cops or a car owner with a baseball bat). A very obvious, sensitive, and loud car alarm might help, until they realize that nobody responds to car alarms anymore.

You can get a car alarm which will page you, but I don't see what a grandma is likely to do when her car pages her at 3AM...

This is a primary reason why auto insurance costs less in areas with lower crime rates -- there's not much you can do to deter a petty theif doing a simple smash and grab on a car.

I agree. So the solution is to move to an area with lower crime rates, and park her car in a secure area (garage) with surveillance.

Friday, September 03, 2004

Public Key Currency

Slashdot posted to Make Money Fast
as Public Key Currency:
The tinfoil hat crowd has long suggested that the mylar filament in bills is a remotely readable RFID tag....

That last problem is the worst--it's a lot like the DVD CSS encryption scheme problem. It works find until ONE INSTANCE of the private key gets broken, and then everybody has the key to every single banknote in circulation. And then the whole thing is kaput, money down the drain (literally). So it would be awfully important to solve the tamper-proofing issue, before you went ahead with this idea.

It'd work a lot better if the design were to embrace public key crypto entirely -- each bill contains a unique key, but all the bills in a particular "series" have their unique key signed by a centrally-held private key. Scanning the bill veries the serial number printed on the front.

Scanners would contain the list of public keys, they'd receive an annual update which could also include key revocation lists for any serial numbers commonly counterfeited, or any keys that were compromised.

MoralHazard replies:

Your point about using unique bill keys is right on--I didn't even think about that. That would work much better.

As for the theory about RFID tags in money, how about those pictures from a couple months back of the trucker/ConspiracyNut microwaving his wad? Classic. Doesn't get any better.

Ezmate goes on to say:

A microwaved bill would obviously fail the crypto check via the RFID tag. Such a bill would probably produce an audible "chirp" from the scanner that would let the cashier know, "You might want to take a closer look at what just got handed to you...". At that point, you'd be looking at the other anti-counterfit measures on the bill.