Links

Ben Laurie blathering

30 Oct 2005

USENIX Security Invited Talk

Filed under: Crypto,Rants,Security — Ben @ 18:53

At USENIX Security I gave an invited talk. It was a series of rants followed by the talk I also gave at Black Hat on CaPerl (on which there will be more later).

Anyway, the slides are available.

27 Oct 2005

Fly Pentop Computer

Filed under: Toys — Ben @ 11:24

OK, its silly, but for some reason I still want one. Actually, I want two.

25 Oct 2005

OpenPGP:SDK

Filed under: Crypto,Open Source — Ben @ 12:38

At EuroOSCon, Rachel Willmer and I announced OpenPGP:SDK, a BSD-licensed C library implementing the OpenPGP standard. The SDK is sponsored by Nominet.

Although we are still very much in beta, feedback will be appreciated.

22 Oct 2005

Smooth(er) MD5 Collisions

Filed under: Crypto — Ben @ 7:02

Inspired by a comment on one of my posts, I thought of a better way to produce smooth collisions than searching and factoring. The essence of it is this…

Take a bunch of (small) primes, p1, p2, …, pn. Multiply them together, c=p1*p2*…*pn. Then take your colliding pair, n1 and n2. Set o=c-((n1 << ((32+b(c))&~7)) mod c), k1=n1 << ((32+b(c))&~7)+o and k2=n2 << ((32+b(c))&~7)+o, where b(c) is the number of bits in c. That is, k1 is n1 shifted left (bytewise) with an offset, o, added. Note that k1 is divisible by c (and check that k2 isn’t), and, of course, k1 and k2 collide.

Now test k2, k2+c, k2+2c, …, k2+Nc until one is found that is prime. At this point you have a collision, k2+Nc prime and k1+Nc divisible by c (i.e. smooth[ish]).

Using this method, here are two k2+Nc:

D131DD02C5E6EEC4 693D9A0698AFF95C 2FCAB50712467EAB 4004583EB8FB7F89 55AD340609F4B302 83E4888325F1415A 085125E8F7CDC99F D91DBD7280373C5B D8823E3156348F5B AE6DACD436C919C6 DD53E23487DA03FD 02396306D248CDA0 E99F33420F577EE8 CE54B67080280D1E C69821BCB6A88393 96F965AB6FF72A70 00000AD6BF4FE0D1 559E6140208D6D2B A4694335

and

D131DD02C5E6EEC4 693D9A0698AFF95C 2FCAB50712467EAB 4004583EB8FB7F89 55AD340609F4B302 83E4888325F1415A 085125E8F7CDC99F D91DBD7280373C5B D8823E3156348F5B AE6DACD436C919C6 DD53E23487DA03FD 02396306D248CDA0 E99F33420F577EE8 CE54B67080280D1E C69821BCB6A88393 96F965AB6FF72A70 00000085EDE28444 505E3FE8D0F8D68E FF7CF302ECEE5FCC FA78FAE6BF0F8979 57F7CD21

The first collides with a number that has the first 26 primes as factors, and the second with one that has the first 43 as factors.

16 Oct 2005

GUI Paradigms

Filed under: Rants — Ben @ 13:38

As the fifth dialog of the day popped up and disappeared in response to whatever I was typing at the time, I suddenly wondered:

a) WTF did that dialog say?

b) How bad will it be that I missed it?

c) Why doesn’t anyone use the trick that my timetracker uses?

Its dialog comes up on top, but without focus. It is totally trivial to do. Why does no-one do it? Are they all mad?

14 Oct 2005

Open Sources 2.0

Filed under: Open Source — Ben @ 12:33

I have a chapter on security in Open Sources 2.0, which is finally out.

13 Oct 2005

InfoCard Is Not All Its Cracked Up To Be

Filed under: Crypto,Identity Management — Ben @ 10:59

Kim Cameron recently wrote about why InfoCard is better than anything else. But is it true?

Here’s some specific criticisms. Feel free to correct me if I’m wrong.

  • Law 4, “Directected Identity” says

    “a consumer visiting a corporate Web site is able to use the identity beacon of that site to decide whether she wants to establish a relationship with it. Her system can then set up a “unidirectional” identity relation with the site by selecting an identifier for use with that site and no other. A unidirectional identity relation with a different site would involve fabricating a completely unrelated identifier. Because of this, there is no correlation handle emitted that can be shared between sites to assemble profile activities and preferences into super-dossiers.”

    However, as I’ve shown, this is not actually possible with any traditional type of signed assertion.

  • Apparently, InfoCard kicks ass because its inclusive of other systems. If it were true, then it could fix the problem above by supporting Stefan Brands’ stuff (shame its patented). But, amazingly, despite the claims made, no-one actually knows whether it can!
  • A specific example given of a system that could be supported is Sxip. Yet I am told that the UI planned for InfoCard is wrong for Sxip. What use is it if the protocols support something but the user has no access to it?

In short, there’s a lot of hype around InfoCard – but its increasingly unclear to me that it survives close examination. It seems to me that some of these issues could be fixed (linkability with legacy certificates does not strike me as fixable, though), but in the rush to get to market they’re being swept under the carpet.

10 Oct 2005

EuroOSCon

Filed under: Where I'm At — Ben @ 11:18

I’ll be at EuroOSCon next week. If anyone wants to meet up there, give me a shout.

Powered by WordPress