Links

At USENIX Security I gave an invited talk. It was a series of rants followed by the talk I also gave at Black Hat on CaPerl (on which there will be more later).

Anyway, the slides are available.

Share This

OK, its silly, but for some reason I still want one. Actually, I want two.

Share This

At EuroOSCon, Rachel Willmer and I announced OpenPGP:SDK, a BSD-licensed C library implementing the OpenPGP standard. The SDK is sponsored by Nominet.

Although we are still very much in beta, feedback will be appreciated.

Share This

Inspired by a comment on one of my posts, I thought of a better way to produce smooth collisions than searching and factoring. The essence of it is this…

Take a bunch of (small) primes, p₁, p₂, …, p_n. Multiply them together, c=p₁*p₂*…*p_n. Then take your colliding pair, n₁ and n₂. Set o=c-((n₁ << ((32+b(c))&~7)) mod c), k₁=n₁ << ((32+b(c))&~7)+o and k₂=n₂ << ((32+b(c))&~7)+o, where b(c) is the number of bits in c. That is, k₁ is n₁ shifted left (bytewise) with an offset, o, added. Note that k₁ is divisible by c (and check that k₂ isn’t), and, of course, k₁ and k₂ collide.

Now test k₂, k₂+c, k₂+2c, …, k₂+Nc until one is found that is prime. At this point you have a collision, k₂+Nc prime and k₁+Nc divisible by c (i.e. smooth[ish]).

Using this method, here are two k₂+Nc:

D131DD02C5E6EEC4 693D9A0698AFF95C 2FCAB50712467EAB 4004583EB8FB7F89 55AD340609F4B302 83E4888325F1415A 085125E8F7CDC99F D91DBD7280373C5B D8823E3156348F5B AE6DACD436C919C6 DD53E23487DA03FD 02396306D248CDA0 E99F33420F577EE8 CE54B67080280D1E C69821BCB6A88393 96F965AB6FF72A70 00000AD6BF4FE0D1 559E6140208D6D2B A4694335

and

D131DD02C5E6EEC4 693D9A0698AFF95C 2FCAB50712467EAB 4004583EB8FB7F89 55AD340609F4B302 83E4888325F1415A 085125E8F7CDC99F D91DBD7280373C5B D8823E3156348F5B AE6DACD436C919C6 DD53E23487DA03FD 02396306D248CDA0 E99F33420F577EE8 CE54B67080280D1E C69821BCB6A88393 96F965AB6FF72A70 00000085EDE28444 505E3FE8D0F8D68E FF7CF302ECEE5FCC FA78FAE6BF0F8979 57F7CD21

The first collides with a number that has the first 26 primes as factors, and the second with one that has the first 43 as factors.

Share This

As the fifth dialog of the day popped up and disappeared in response to whatever I was typing at the time, I suddenly wondered:

a) WTF did that dialog say?

b) How bad will it be that I missed it?

c) Why doesn’t anyone use the trick that my timetracker uses?

Its dialog comes up on top, but without focus. It is totally trivial to do. Why does no-one do it? Are they all mad?

Share This

I have a chapter on security in Open Sources 2.0, which is finally out.

Share This

Kim Cameron recently wrote about why InfoCard is better than anything else. But is it true?

Here’s some specific criticisms. Feel free to correct me if I’m wrong.

• Law 4, “Directected Identity” says
  

  “a consumer visiting a corporate Web site is able to use the identity beacon of that site to decide whether she wants to establish a relationship with it. Her system can then set up a “unidirectional” identity relation with the site by selecting an identifier for use with that site and no other. A unidirectional identity relation with a different site would involve fabricating a completely unrelated identifier. Because of this, there is no correlation handle emitted that can be shared between sites to assemble profile activities and preferences into super-dossiers.”

  However, as I’ve shown, this is not actually possible with any traditional type of signed assertion.

• Apparently, InfoCard kicks ass because its inclusive of other systems. If it were true, then it could fix the problem above by supporting Stefan Brands’ stuff (shame its patented). But, amazingly, despite the claims made, no-one actually knows whether it can!
• A specific example given of a system that could be supported is Sxip. Yet I am told that the UI planned for InfoCard is wrong for Sxip. What use is it if the protocols support something but the user has no access to it?

In short, there’s a lot of hype around InfoCard – but its increasingly unclear to me that it survives close examination. It seems to me that some of these issues could be fixed (linkability with legacy certificates does not strike me as fixable, though), but in the rush to get to market they’re being swept under the carpet.

Share This

I’ll be at EuroOSCon next week. If anyone wants to meet up there, give me a shout.

Share This