Ben Laurie blathering

18 Dec 2010

ƃuıʇsılʞɔɐlq uʍop-ǝpısd∩

Filed under: Anonymity,Crypto,Identity Management,Lazyweb,Privacy — Ben @ 14:54

A well-known problem with anonymity is that it allows trolls to ply their unwelcome trade. So, pretty much every decent cryptographic anonymity scheme proposed has some mechanism for blacklisting. Basically these work by some kind of zero-knowledge proof that you aren’t on the blacklist – and once you’ve done that you can proceed.

However, this scheme suffers from the usual problem with trolls: as soon as they’re blacklisted, they create a new account and carry on. Solving this problem ultimately leads to a need for strong identification for everyone so you can block the underlying identity. Obviously this isn’t going to happen any time soon, and ideally never, so blacklists appear to be fundamentally and fatally flawed, except perhaps in closed user groups (where you can, presumably, find a way to do strong-enough identification, at least sometimes) – for example, members of a club, or employees of a company.

So lately I’ve been thinking about using “blacklists” for reputation. That is, rather than complain about someone’s behaviour and get them blacklisted, instead when you see someone do something you like, add them to a “good behaviour blacklist”. Membership of the “blacklist” then proves the (anonymous) user has a good reputation, which could then be used, for example, to allow them to moderate posts, or could be shown to other users of the system (e.g. “the poster has a +1 reputation”), or all sorts of other things, depending on what the system in question does.

The advantage of doing it this way is that misbehaviour can then be used to remove reputation, and the traditional fallback of trolls no longer works: a new account is just as useless as the one they already have.

There is one snag that I can see, though, which is at least some anonymity systems with blacklisting (e.g. Nymble, which I’ve somehow only recently become aware of) have the side-effect of making every login by a blacklisted person linkable. This is not good, of course. I wonder if there are systems immune to this problem?

Given that Jan Camenisch et al have a presentation on upside-down blacklisting (predating my thinking by quite a long way – one day I’ll get there first!), I assume there are – however, according to Henry, Henry and Goldberg, Camenisch’s scheme is not very efficient compared to Nymble or Nymbler.

15 Jul 2010

Alternatives to Adium?

Filed under: Lazyweb — Ben @ 16:04

When I’m at home, I tend to use Pidgin for IM. When travelling, I generally use Adium. But Adium is driving me nuts: basically it is fantastically unstable. Empirically this appears to be related to the number of contacts, of which I have many (i.e. reducing the number makes it less crashy).

So … what can I use on MacOS that’s less crap than Adium but still supports OTR?

30 Jul 2008

Is Your DNS Really Safe?

Filed under: Lazyweb,Security — Ben @ 6:26

Ever since the recent DNS alert people have been testing their DNS servers with various cute things that measure how many source ports you use, and how “random” they are. Not forgetting the command line versions, of course

dig +short TXT
dig +short TXT

which yield output along the lines of

"aaa.bbb.ccc.ddd is GREAT: 27 queries in 12.7 seconds from 27 ports with std dev 15253"

But just how GREAT is that, really? Well, we don’t know. Why? Because there isn’t actually a way to test for randomness. Your DNS resolver could be using some easily predicted random number generator like, say, a linear congruential one, as is common in the rand() library function, but DNS-OARC would still say it was GREAT. Believe them when they say it isn’t GREAT, though! Non-randomness we can test for.

So, how do you tell? The only way to know for sure is to review the code (or the silicon, see below). If someone tells you “don’t worry, we did statistical checks and it’s random” then make sure you’re holding on to your wallet – he’ll be selling you a bridge next.

But, you may say, we already know all the major caching resolvers have been patched and use decent randomness, so why is this an issue?

It is an issue because of NAT. If your resolver lives behind NAT (which is probably way more common since this alert, as many people’s reactions [mine included] was to stop using their ISP’s nameservers and stand up their own to resolve directly for them) and the NAT is doing source port translation (quite likely), then you are relying on the NAT gateway to provide your randomness. But random ports are not the best strategy for NAT. They want to avoid re-using ports too soon, so they tend to use an LRU queue instead. Pretty clearly an LRU queue can be probed and manipulated into predictability.

So, if your NAT vendor is telling you not to worry, because the statistics say they are “random”, then I would start worrying a lot: your NAT vendor doesn’t understand the problem. It’s also pretty unhelpful for the various testers out there not to mention this issue, I must say.

Incidentally, I’m curious how much this has impacted the DNS infrastructure in terms of traffic – anyone out there got some statistics?

Oh, and I should say that number of ports and standard deviation are not a GREAT way to test for “randomness”. For example, the sequence 1000, 2000, …, 27000 has 27 ports and a standard deviation of over 7500, which looks pretty GREAT to me. But not very “random”.

10 Jul 2008

ACTA, The Pirate Bay and BTNS

Doc Searls just pointed me at a couple of articles. The first is about ACTA.

ACTA, first unveiled after being leaked to the public via Wikileaks, has sometimes been lauded by its supporters as “The Pirate Bay-killer,” due to its measures to criminalize the facilitation of copyright infringement on the internet – text arguably written specifically to beat pirate BitTorrent trackers. The accord will place add internet copyright enforcement to international law and force national ISPs to respond to international information requests, and subjects iPods and other electronic devices to ex parte searches at international borders.

Obviously this is yet another thing we must resist. The Pirate Bay’s answer to this

IPETEE would first test whether the remote machine is supporting the crypto technology; once that’s confirmed it would then exchange encryption keys with the machine before transmitting your actual request and sending the video file your way. All data would automatically be unscrambled once it reaches your machine, so there would be no need for your media player or download manager to support any new encryption technologies. And if the remote machine didn’t know how to handle encryption, the whole transfer would fall back to an unencrypted connection.

is a great idea, but … its already been done by the IETF BTNS (Better-Than-Nothing Security) Working Group.

The WG has the following specific goals:

a) Develop an informational framework document to describe the motivation and goals for having security protocols that support anonymous keying of security associations in general, and IPsec and IKE in particular

Hmmm. I guess I should figure out how I switch this on. Anyone?

21 May 2008

Modern Mail Clients

Filed under: General,Lazyweb — Ben @ 12:54

Way back when, I used to use Pine to read my email. After it had marked everything I read as unread again once too many times (admittedly not entirely its fault, but it did leave everything ’til the last minute), I switched to, well, something else. I don’t remember exactly what. But after a long series of experiments I ended up with Thunderbird, which I mostly like – or at least hate less than all other clients I’ve tried.

But, it really doesn’t handle big mailboxes very well. I’m lazy when it comes to tidying up, as my wife will testify, and so I tend to find myself with 100,000 read messages lying around and a similar number unread.

Thunderbird can read mailboxes like that (which is an improvement – earlier versions couldn’t), but it really doesn’t handle deleting them very well. Select even a small number, like a thousand or so, and hit delete, and watch Thunderbird go away for a very long sleep.

In the end I had to go back to Pine to tidy my mailbox. Incidentally, I tried mutt, but it couldn’t handle more than a few thousand messages at a time. Pine seems to manage whatever I throw at it, though its UI can only be described as arcane.

So, my question to the lazyweb: is there an answer to this? A modern open source client that can do graphical stuff, is nice to use and can handle big IMAP mailboxes? Or is my Thunderbird/Pine hybrid as good as it gets?

31 Jul 2007


Filed under: Lazyweb,Motorbikes,Toys — Ben @ 9:26

I could swear I’d written before about the TomTom Rider, which I use on my bikes, and love dearly. Well, mostly. Good points:

  • Uses bluetooth to connect to my phone to get updates on traffic conditions, and routes around blockages.
  • Not intolerable user interface.
  • Cute trick (that I haven’t used yet) of tracking your buddies.
  • Talks to me in my helmet.
  • Warns me about “safety” cameras. Mostly.

Bad points

  • No tracking, very disappointing if you want to figure out where someone else took you, or you went randomly.
  • Weird slight randomness in routing (for example, Aylesbury to West London might choose to use the A355 down to Beaconsfield, or to continue down the A413, which is definitely faster).
  • Latest version of the s/w kills my Rider, but TomTom won’t fix it unless I send the Rider back in – and they won’t provide a replacement to use in the meantime.
  • Occasionally crashes.
  • Itinerary (their name for routes) handling is pathetic.
  • “Glove friendly” UI is actually pretty much impossible to use in gloves.

Anyway, all that said, I’ve been musing about using the TomTom in the car. The snag is that the only way the Rider has of talking to me is via a bluetooth headset – which is OK in a helmet, but I really don’t like their non-helmet version. For a start, it doesn’t stay in my ear. So, I’ve been considering alternatives, and I figured I’d ask the Lazyweb for suggestions. Perhaps even something I can use on both car and bike.

4 Jul 2007

Java Drives Me Nuts!

Filed under: Lazyweb,Programming,Rants — Ben @ 19:34

Though I will admit that a lot of the nut-drivingness has been taken out of it by Eclipse (even if it is black magyck). So, I’ve been playing with Higgins (btw, teehee!). Or, rather, trying to. It seems Higgins is a pile of different inter-related projects. Which is good, but each one has its own dependencies which it wants to find in a subdirectory called lib. The first issue here is when I discover that something depends on stax-api-1.0.1.jar, what am I supposed to make of that? I can do a bit of googling and discover that there is such a thing out there on the interweb, download it and plug it in. But surely there’s a better way? How do I know I got the right thing? Suck it and see?

And what when the required library is called serialiser.jar? That’s just a teensy bit vague. Now what?

Then there’s the issue that each one of these projects wants its own copies of each library. Which I can do, of course, but it’s tedious! Again, I ask, surely there’s a better way?

Someone please tell me this is a solved problem and I’m a moron for whining about it.

(And I haven’t even started writing Java yet, that’s when the real nuts-drivingness sets in)

1 Apr 2006

Unforgeable Blinded Credentials

Filed under: Crypto,Identity Management,Lazyweb — Ben @ 12:30

It is possible to use blind signatures to produce anonymity-preserving credentials. The general idea is that, say, British Airways want to testify that I am a silver BA Executive Club cardholder. First I create a random number (a nonce), I blind it, then send it to BA. They sign it with their “this guy is a silver member” signing key, I unblind the signature and then I can show the signed nonce to anyone who wants to verify that I am silver. All they need to do is check the signature against BA’s published silver member key. BA cannot link this nonce back to me because they have never seen it, so they cannot distinguish me from any other member.

However, anyone I show this proof to can then masquerade as a silver member, using my signed nonce. So, it occurred to me that an easy way to prevent this is to create a private/public key pair and instead of the nonce use the hash of the public key. Then to prove my silver status I have to show that both the hash is signed by BA and that I possess the corresponding private key (by signing a nonce, say).

It seems to me quite obvious that someone must have thought of this before – the question is who? Is it IP free?

Obviously this kind of credential could be quite useful in identity management. Note, though, that this scheme doesn’t give me unlinkability unless I only show each public/private key pair once. What I really need is a family of unlinkable public/private key pairs that I can somehow get signed with a single “family” signature (obviously this would need to be unlinkably transformed for each member of the key family).

9 Mar 2006

ATM Networks Compromised?

Filed under: Crypto,Lazyweb,Security — Ben @ 14:22

Jake Applebaum says he was told that the Canadian, Russian and UK ATM networks have been compromised. Now, I’ve known for a long time that ATM security was strangely crap, but can this be true? And if it is, why has there been no media coverage (that I’ve heard about)?

16 Sep 2005

Ideal Links, Spinning

Filed under: Knots,Lazyweb — Ben @ 13:07

One of my interests is these things called ideal knots (and links) about which I’ll write more later, no doubt. Anyway, I recently slammed together some code and scripts to produce raytraces of them spinning. Here’s the two component link 7.4, spinning. The colours indicate curvature, by the way.

Incidentally, this is an animated GIF, which sucks somewhat, since GIFs are limited to 256 colours, as well as being politically incorrect. Anyone out there know of command-line UNIX tools that will produce moving images with 24-bit colours from a set of frames?

Powered by WordPress