Category Archivecryptology
cryptology Ralf on 04 Jan 2006
Peter Gutmann is funny
Catching up with the mailing lists i’m subscribed to, I came across the following absolutely hilarious commentary by Peter Gutmann; a postscript to the endless discussions on the brokenness of the trust model of X.509 certificates.
From: Peter Gutmann
Date: December 31, 2005 1:49:21 AM GMT+01:00
To: cryptography@metzdowd.com, perry@xxxxxxxxx.com
Subject: Re: ADMIN: end of latest SSL discussion
Perry E. Metzger writes:
The latest round of “SSL and X.509 certs in browsers are broken” has gone on too long.
It’s been a good start though. The first step towards recovery is admitting that you have a problem…
Hi. My name is Peter and I have an X.509 problem. Initially it was just small things, a little PKI after lunch, maybe a digital ID after dinner and a small CRL as a nightcap. Then I discovered OCSP, and started combining low-and high-assurance certificates. It just got worse and worse. In the end I was experimenting with cross-certifying CAs and even freebasing trust anchors. One morning I woke up in bed next to a giant lizard wearing a Mozilla t-shirt and knew I had a problem.
It’s now been six weeks since my last PKI…
Peter.
apple & cryptology & linux Ralf on 03 Jan 2006
OSS disk encryption
Of course I couldn’t keep my trap shut when Jacob Appelbaum recently dissed Rubberhose in a recent talk at the 22C3. So I decided to do some research into the current state of disk encryption myself. I haven’t been really following that topic since about the 2000 or 2001. I’m currently using FileVault, LUKS and GBDE on my boxen, but to be honest - even though I’m a cryptologist, I haven’t had time to research their security yet - save some failed attempts at reverse-engineering the DiskImages framework of MacOS X to figure out what exactly Apple is up to with FileVault.
The following links are without meant to be notes to self for future research.
Research papers:
I. Damgård and K. Dupont:
Universially Composable Disk Encryption Schemes (IACR ePrint, PDF)
K. Gjøsteen:
Security notions for disk encryption (IACR ePrint, PDF)
M.J. Saarinen:
Encrypted Watermarks and Linux Laptop Security (WISA 2004 proceedings, backup can be here)
Implementation reports:
Dowdeswell and Ioannidis: The CryptoGraphic Disk Driver (NetBSD)
P.H. Kamp: GBDE - Geom Based Disk Encryption (FreeBSD)
C. Fruhwirt: LUKS On-Disk Format Specification Version 1.0 (Linux, dm-crypt based)
Deniable encryption:
Phonebook (Linux)
Rubberhose (NetBSD/Linux) mirror only
TrueCrypt (Windows XP/2000/2003, Linux)
cryptology Ralf on 13 Nov 2005
Actual C code for the Wang attack
Reading Bruce Schneier’s notes on the NIST Hash function Workshop I came across a real gem in the comments section: A student of Lars Knudsen, Søren Steffen Thomsen, has released working C code for generating MD5 collisions using Wang’s method. Very useful, indeed. I will have to reread Magnus’s paper on finding differentials (I can’t find that online right now, but it should be contained in his thesis) one of these days to find out whether it’s feasible to obtain a differential with good probability that has a non-zero value at position 1.
