EFF changes the rules of the game

In January 1997 RSA Labs sponsored a contest inviting the world to decrypt a message coded using a 56-bit DES key. The challenge was broken 6 months later [1] by a loose collaboration using thousands of computers across the Internet. A similar challenge issued last January took 39 days to break [2]. The latest RSA DES challenge launched on July 13 and was broken 56 hours later, using a single special-purpose computer [3]. John Gilmore and Paul Kocher, working under sponsorship of the Electronic Frontier Foundation, led a year-long effort to build the DES Key-Search Machine. It cost about $220K USD and consists of over 1800 custom chips on 27 circuit boards; each chip contains 24 independent key-search processors. (Gilmore has named the chip "Deep Crack.") The machine can search 92 billion keys per second. By comparison, the massively parallel distributed computer that is the Internet, when overcoming another RSA challenge [4] last summer, peaked at 7 billion keys/sec.

A quick calculation indicates that similar horsepower applied to a 40-bit key would break it in an average of 6 seconds. This is the level of security that the US government allows to be exported without a promise of key recovery.

The EFF, in irrefutably demonstrating the insecurity of 56-bit encryption in the modern day, was making the point long denied by the US government: that even a modestly endowed organization could put together a purpose-built DES cracker.

Every message encoded with DES since its introduction in 1977 is now fair game for this machine or for one like it. In a press conference [5] the builders of the DES Cracker reiterated their belief in the liklihood that governments and even companies have built such machines before in secrecy.

O'Reilly has published a book on the design of the DES cracking machine [6] -- in paper only, as export laws forbid putting it on the Net. Those guys are right on top of it. Here is Whitfield Diffie's foreword [7] to the book.

[1] http://www.tbtf.com/archive/1997-06-23.html#s02
[2] http://www.tbtf.com/archive/1998-03-02.html#s04
[3] http://www.cryptography.com/resources/des/des.html
[4] http://www.tbtf.com/archive/1997-10-27.html#s02
[5] http://www.zdnet.com/zdnn/stories/zdnn_smgraph_display/0,3441,2120741,00.html
[6] http://www.oreilly.com/catalog/crackdes/
[7] http://www.eff.org/pub/Privacy/Crypto_misc/...

Government agencies may be buying NT under false pretenses

Particular configurations of Windows NT 3.5 have been evaluated for C2-level security [8] and have been placed on the NSA's Evaluated Products List. This does not mean that the OS itself is "C2 certified" -- no operating system is ever certified. "Certification" is something granted to a particular configuration, including hardware. Here is what has been C2-certified by the US government: Windows NT 3.5 with Service Pack 3 on the Compaq ProLiant 2000 and ProLiant 4000 Pentium systems, and on a DECpc AXP/150. These configurations were tested standalone: no networked NT system has ever been tested, let alone certified.

The consultant who helped Microsoft achieve this certification, Ed Curry, now charges that Microsoft is misrepresenting his work and is trying to get him to do likewise [9]. (Never mind that he's gone bankrupt on broken promises.) Microsoft refused comment on these allegations to an InfoWorld reporter.

[8] http://www.radavis.com/c2.htm
[9] http://www.infoworld.com/cgi-bin/displayNew.pl?/petrel/980713np.htm

A pivotal roundtable builds the momentum

Linux is being used increasingly in large corporations [10], but not often in mission-critical roles. This is not due to a lack of suitability or (especially) robustness. Rather, there is a paucity of infrastructure applications such as databases on the platform. Also, Linux does not enjoy much mindshare among top executives. Both of these factors may be changing.

Smaller database players such as Ingres (now sold by CA Associates) have announced plans for Linux products [11], but the large database vendors have until recently said that the OS does not exhibit critical mass [12].

At this juncture the father of Linux, Linus Torvalds, participated in a roundtable in Santa Clara on the future of Linux [13]. Here are two firsthand reports from the event. Below is a quick summary from Greg Roelofs <roelofs at pmc dot philips.com>; see his complete writeup on his site [14].

Rafael Skodlar <rasko at kset dot com> sent detailed notes, which are posted on the TBTF archive by permission [15].

After this standing-room-only conference Oracle reversed itself and announced plans for a Linux port [16], and Informix is rumored to be preparing a similar announcement next week [17]. Coincidence? Perhaps.

Greg Roelofs's notes:

Knock knock. Who's there? The Man

A coalition of 13 networking and security companies lead by Cisco Systems is offering what it calls a compromise in the encryption standoff [18]. It proposes an expedited export review for network-based encryption with two restricted access points -- so-called "private doorbells" -- at the beginning- and end-point of each transmission. Using this scheme, you leave encryption up to your ISP's router or firewall. Your network traffic is scrambled using triple-DES -- 10^33 times more secure than DES -- as it travels across the Net to its destination. But a network operator can flip a switch on the starting or ending router and trap all of your communications unencrypted, if requested to do so by a law enforcement agency.

Cisco has posted a press release [19] and a white paper [20] describing the technology.

Of the 13 companies in the coalition, 10 have filed papers with the Commerce Department asking for expedited review of products based on private doorbell technology. The 13 companies are:

  Ascend             Netscape
  Bay Networks       Network Associates
  Cisco Systems      Novell
  3Com               RedCreek Communications
  Hewlett-Packard    Secure Computing
  Intel              Sun Microsystems
  Microsoft	

[18] http://www.news.com/News/Item/Textonly/0%2C25%2C24110%2C00.html?tbtf
[19] http://www.cisco.com/warp/public/146/july98/3.html
[20] http://www.cisco.com/warp/public/146/july98/2.html

The Windows platform takes on the appearance of a ripe Swiss cheese

Dot

The "dot" bug [21] (re)surfaced in late June, when programmers at the San Diego Source, the online arm of a Southern California business journal, discovered that placing an extra period placed at the end of an Active Server Page URL reveals the script code behind the page. ASP code is not meant to be seen; it sometimes contain procedures to access databases, including user names and passwords. It turns out this bug had been reported and patched in Microsoft's Internet Information Server 16 months ago, but San Diego Source found that it also affects NT-based Web servers from O'Reilly & Associates, Netscape, Sun, and Progress Software. All of these companies scrambled to produce patches, while pointing at Microsoft's NT operating system as the underlying cause of the vulnerability.

[21] http://www.news.com/News/Item/Textonly/0,25,23619,00.html?tbtf

:$$data

In early July a similar bug [22] was reported to NTBugtraq by Paul Ashton (who also found #5 on the TBTF Microsoft security exploits page [23]). Add ":$$data" to the end of an ASP URL and, if conditions are right, again you get the page's source code returned to your browser. Microsoft posted a fix to its security page on July 2.

[22] http://www.infoworld.com/cgi-bin/displayStory.pl?98072.whiisbug.htm
[23] http://www.tbtf.com/resource/ms-sec-exploits.html#n5

Remote Data Services

This IIS 4.0 database vulnerability [24], [25] stems from a component called Remote Data Service, enabled by default when IIS is installed, allows an intruder who has gained possession of a password and the name of a target database to query the database remotely. (This vulnerability combines nicely with the two above.) Microsoft revealed the exposure on its week-old Security Advisor Notification Service.

[24] http://www.zdnet.com/pcweek/news/0713/17miis.html
[25] http://www.microsoft.com/security/bulletins/ms98-004.htm

A password-grabbing Trojan

Anti-virus company Dr. Solomon's reported a Trojan horse program [26], [27] aimed at users of Microsoft's dial-up networking. The Trojan targets people who allow their system to store their (weakly encrypted) password, instead of typing it in each time. It uses native Win32 facilities to mail the password file off to its master for cracking. The Trojan surfaced at a Swiss ISP.

[26] http://www.infoworld.com/cgi-bin/displayStory.pl?98077.wcsolomon.htm
[27] http://www.drsolomon.com/vircen/valerts/win_dial.html

An improbable attack is blocked

A Bellcore encryption researcher, Daniel Bleichenbacher, last February discovered a flaw in SSL that could, in far-fetched theory, allow a well-equipped cracker to decrypt a Net session protected by SSL [28], [29]. When RSA Data Security sent out a warning on the problem late last month to its licensees, Microsoft, O'Reilly, Netscape, and others rushed to implement a fix. C2net's FAQ [30] on the bug illustrates how impractical the attack would be to mount in earnest. An attacker would need to send about a million messages to an SSL server in order to obtain a single session key.

[28] http://www.news.com/News/Item/Textonly/0,25,23595,00.html?tbtf
[29] http://www.techweb.com/wire/story/reuters/REU19980626S0001?ls=twb_text
[30] http://www.c2.net/products/stronghold/support/PKCS1.php

Aiming to tighten their case

In an effort to focus their sweeping antitrust case against Microsoft, 20 states and the District of Columbia have dropped [31] allegations about the use of inappropriate licensing and sales tactics for the Office productivity suite. The attorneys general said they were responding to limits on witnesses and time set by the trial judge.

[31] http://www.techweb.com/wire/story/TWB19980717S0013

Peter Junger, an Ohio law professor who is pursuing one of three separate lawsuits challenging government restrictions on the export of strong crypto, lost the first round on July 3 and plans an appeal [32]. Judge James Gwin ruled that software is a device, not speech, and therefore does not merit first-amendment protection -- a finding 180 degrees at odds with earlier Federal court ruling in the Bernstein case [33]. (That case has been appealed, with a decision expected any day.) Junger has started a mailing list [34] and hopes to attract computer scientists and legal experts to discuss the ruling that software is not speech.

[32] http://www.infoworld.com/cgi-bin/displayStory.pl?98079.eijunger.htm
[33] http://www.tbtf.com/archive/1996-12-24.html
[34] http://samsara.law.cwru.edu/comp_law/jvd/

US relaxes crypto export for banks

The Commerce Department announced on July 7 that US software companies will have new freedom to export strong crypto to financial institutions chartered in 45 countries [35]. The receiving financial institutions will be allowed to further distribute the crypto-enabled products to their branch offices worldwide, with the exception of a handful of terrorist states, as defined by the US. This change amounts to a simplification of red tape for financial institutions, not a real policy shift. The 45 countries, which are deemed to have strong laws against money laundering, are listed here [36].

[35] http://www.seattletimes.com/news/business/html98/cryp_070798.html
[36] http://jya.com/doc-ease.htm

An authoritative newsletter on crypto

Bruce Schneier's Counterpane Systems has begun publishing a free email and Web newsletter called CRYPTO-GRAM, and the first few issues set a new standard for public commentary on crypto news. To subscribe, visit [37] or send an empty message to crypto-gram-subscribe@chaparraltree.com .

[37] http://www.counterpane.com/crypto-gram.html

Creative Photoshop-ware

Last month MacOS Rumors claimed [38] to have run MacOS 8, emulating Windows 95 (Virtual PC), emulating MacOS 8 (Fusion); here's what it looked like [39]. The following day the site trumped this claim with this screen shot [40] purporting to be

  MacOS 8
    emulating Windows 95 (Virtual PC)
      emulating MacOS 8 (Fusion)
        emulating GameBoy (Virtual GameBoy)
          emulating Windows CE (WinBoy)
            emulating the Newton OS (NewtonCE)
              emulating the Pilot (CoPilot for Newton)
                emulating Linux (Linux for Pilot) 

[38] http://www.macosrumors.com/archive269.html
[39] http://evillemur.blacklightmedia.com/Fusion_on_VPC_on_MacOS.gif
[40] http://evillemur.blacklightmedia.com/emu.jpg

[41] http://www.tbtf.com/archive/1998-06-29.html#s13

TBTF home and archive at http://www.tbtf.com/ . To subscribe send
the message "subscribe" to tbtf-request@world.std.com. TBTF is
Copyright 1994-1998 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com-
mercial use prohibited. For non-commercial purposes please forward,
post, and link as you see fit.
_______________________________________________
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.