(A Javascript-enabled browser is required to email me.)
TBTF logo

TBTF for 1998-07-20: Deep crack

Keith Dawson ( dawson dot tbtf at gmail dot com )
Sun, 19 Jul 23:57:11 -0400


Contents


Custom computer defeats DES in 56 hours

EFF changes the rules of the game

In January 1997 RSA Labs sponsored a contest inviting the world to decrypt a message coded using a 56-bit DES key. The challenge was broken 6 months later [1] by a loose collaboration using thousands of computers across the Internet. A similar challenge issued last January took 39 days to break [2]. The latest RSA DES challenge launched on July 13 and was broken 56 hours later, using a single special-purpose computer [3]. John Gilmore and Paul Kocher, working under sponsorship of the Electronic Frontier Foundation, led a year-long effort to build the DES Key-Search Machine. It cost about $220K USD and consists of over 1800 custom chips on 27 circuit boards; each chip contains 24 independent key-search processors. (Gilmore has named the chip "Deep Crack.") The machine can search 92 billion keys per second. By comparison, the massively parallel distributed computer that is the Internet, when overcoming another RSA challenge [4] last summer, peaked at 7 billion keys/sec.

A quick calculation indicates that similar horsepower applied to a 40-bit key would break it in an average of 6 seconds. This is the level of security that the US government allows to be exported without a promise of key recovery.

The EFF, in irrefutably demonstrating the insecurity of 56-bit encryption in the modern day, was making the point long denied by the US government: that even a modestly endowed organization could put together a purpose-built DES cracker.

Every message encoded with DES since its introduction in 1977 is now fair game for this machine or for one like it. In a press conference [5] the builders of the DES Cracker reiterated their belief in the liklihood that governments and even companies have built such machines before in secrecy.

O'Reilly has published a book on the design of the DES cracking machine [6] -- in paper only, as export laws forbid putting it on the Net. Those guys are right on top of it. Here is Whitfield Diffie's foreword [7] to the book.

[1] http://www.tbtf.com/archive/1997-06-23.html#s02
[2] http://www.tbtf.com/archive/1998-03-02.html#s04
[3] http://www.cryptography.com/resources/des/des.html
[4] http://www.tbtf.com/archive/1997-10-27.html#s02
[5] http://www.zdnet.com/zdnn/stories/zdnn_smgraph_display/0,3441,2120741,00.html
[6] http://www.oreilly.com/catalog/crackdes/
[7] http://www.eff.org/pub/Privacy/Crypto_misc/...

______

Did Microsoft misrepresent NT's security status?

Government agencies may be buying NT under false pretenses

Particular configurations of Windows NT 3.5 have been evaluated for C2-level security [8] and have been placed on the NSA's Evaluated Products List. This does not mean that the OS itself is "C2 certified" -- no operating system is ever certified. "Certification" is something granted to a particular configuration, including hardware. Here is what has been C2-certified by the US government: Windows NT 3.5 with Service Pack 3 on the Compaq ProLiant 2000 and ProLiant 4000 Pentium systems, and on a DECpc AXP/150. These configurations were tested standalone: no networked NT system has ever been tested, let alone certified.

The consultant who helped Microsoft achieve this certification, Ed Curry, now charges that Microsoft is misrepresenting his work and is trying to get him to do likewise [9]. (Never mind that he's gone bankrupt on broken promises.) Microsoft refused comment on these allegations to an InfoWorld reporter.

[8] http://www.radavis.com/c2.htm
[9] http://www.infoworld.com/cgi-bin/displayNew.pl?/petrel/980713np.htm

______

The future of Linux

A pivotal roundtable builds the momentum

Linux is being used increasingly in large corporations [10], but not often in mission-critical roles. This is not due to a lack of suitability or (especially) robustness. Rather, there is a paucity of infrastructure applications such as databases on the platform. Also, Linux does not enjoy much mindshare among top executives. Both of these factors may be changing.

Smaller database players such as Ingres (now sold by CA Associates) have announced plans for Linux products [11], but the large database vendors have until recently said that the OS does not exhibit critical mass [12].

At this juncture the father of Linux, Linus Torvalds, participated in a roundtable in Santa Clara on the future of Linux [13]. Here are two firsthand reports from the event. Below is a quick summary from Greg Roelofs <roelofs at pmc dot philips.com>; see his complete writeup on his site [14].

Rafael Skodlar <rasko at kset dot com> sent detailed notes, which are posted on the TBTF archive by permission [15].

After this standing-room-only conference Oracle reversed itself and announced plans for a Linux port [16], and Informix is rumored to be preparing a similar announcement next week [17]. Coincidence? Perhaps.

Greg Roelofs's notes:

"The Future of Linux" was set up as a panel discussion and was held at the S.C. Convention Center. It was hosted by Taos and sponsored by them, the Silicon Valley Linux Users Group (SVLUG), Intel, Red Hat (RH), Linux Journal (LJ), and VA Research (VAR). Apparently it was considerably more popular than Taos expected; people stood in line between 40 and 60 minutes to register, and the free food and free VA Research/Linux T-shirts ran out. I didn't get a firm count, but Taos said 850 people had RSVP'd, and it appeared that at *least* 700 chairs were occupied, possibly upwards of 900 or more.

The panel was a distinguished group: Jeremy Allison, one of the lead Samba developers; Larry Augustin, founder of VA Research and member of the Linux International (LI) Board of Directors; Robert Hart, from Red Hat Software; Sunil Saxena, from Intel's Unix Performance Lab; and, of course, The Man himself, Linus Torvalds. It was moderated by Michael Masterson of Taos, who traded off questioning duties with Phil Hughes, all-around hairy guy and the publisher of LJ.

I'll cover the panelists' comments later (the format basically involved each one giving a five-minute, semi-prepared response to one of two before-the-fact questions, with audience Q&A after each set of responses, and one segment of about 10 questions posed by Phil); for now a few highlights:

As always, Linus was full of quips; I'll get to those in the follow-up, too. (Btw, note that while he doesn't care how anyone pronounces Linux, he unquestionably does so with the short "i" sound, as in "linen." Amen.)

[10] http://www.m-tech.ab.ca/linux-biz/
[11] http://www.infoworld.com/cgi-bin/displayStory.pl?980710.whlinux.htm
[12] http://www.infoworld.com/cgi-bin/displayStory.pl?98076.ehlinux.htm
[13] http://www.teamtaos.com/events/linux/
[14] http://pobox.com/~newt/reports/linux-19980714-top.html
[15] http://www.tbtf.com/resource/skodlar.txt
[16] http://www.infoworld.com/cgi-bin/displayStory.pl?980717.whorlinux.htm
[17] http://www.infoworld.com/cgi-bin/displayStory.pl?980717.whinformix.htm

______

Private doorbells

Knock knock. Who's there? The Man

A coalition of 13 networking and security companies lead by Cisco Systems is offering what it calls a compromise in the encryption standoff [18]. It proposes an expedited export review for network-based encryption with two restricted access points -- so-called "private doorbells" -- at the beginning- and end-point of each transmission. Using this scheme, you leave encryption up to your ISP's router or firewall. Your network traffic is scrambled using triple-DES -- 10^33 times more secure than DES -- as it travels across the Net to its destination. But a network operator can flip a switch on the starting or ending router and trap all of your communications unencrypted, if requested to do so by a law enforcement agency.

Cisco has posted a press release [19] and a white paper [20] describing the technology.

Of the 13 companies in the coalition, 10 have filed papers with the Commerce Department asking for expedited review of products based on private doorbell technology. The 13 companies are:

  Ascend             Netscape
  Bay Networks       Network Associates
  Cisco Systems      Novell
  3Com               RedCreek Communications
  Hewlett-Packard    Secure Computing
  Intel              Sun Microsystems
  Microsoft	
Privacy advocates dislike the very idea of making the Internet wiretappable at the router level. Individuals could still guarantee complete privacy with desktop-to-desktop encryption. But the existence of tappable network-level encryption will reduce the demand for end-to-end crypto, making it easier to outlaw solutions such as PGP, which today are legal. Cryptographer Bruce Schneier comments, "This is being touted as a compromise, but I can't figure out where the compromise part is."

[18] http://www.news.com/News/Item/Textonly/0%2C25%2C24110%2C00.html?tbtf
[19] http://www.cisco.com/warp/public/146/july98/3.html
[20] http://www.cisco.com/warp/public/146/july98/2.html

______

Four new Microsoft security holes

The Windows platform takes on the appearance of a ripe Swiss cheese

bul Dot

The "dot" bug [21] (re)surfaced in late June, when programmers at the San Diego Source, the online arm of a Southern California business journal, discovered that placing an extra period placed at the end of an Active Server Page URL reveals the script code behind the page. ASP code is not meant to be seen; it sometimes contain procedures to access databases, including user names and passwords. It turns out this bug had been reported and patched in Microsoft's Internet Information Server 16 months ago, but San Diego Source found that it also affects NT-based Web servers from O'Reilly & Associates, Netscape, Sun, and Progress Software. All of these companies scrambled to produce patches, while pointing at Microsoft's NT operating system as the underlying cause of the vulnerability.

[21] http://www.news.com/News/Item/Textonly/0,25,23619,00.html?tbtf

bul :$$data

In early July a similar bug [22] was reported to NTBugtraq by Paul Ashton (who also found #5 on the TBTF Microsoft security exploits page [23]). Add ":$$data" to the end of an ASP URL and, if conditions are right, again you get the page's source code returned to your browser. Microsoft posted a fix to its security page on July 2.

[22] http://www.infoworld.com/cgi-bin/displayStory.pl?98072.whiisbug.htm
[23] http://www.tbtf.com/resource/ms-sec-exploits.html#n5

bul Remote Data Services

This IIS 4.0 database vulnerability [24], [25] stems from a component called Remote Data Service, enabled by default when IIS is installed, allows an intruder who has gained possession of a password and the name of a target database to query the database remotely. (This vulnerability combines nicely with the two above.) Microsoft revealed the exposure on its week-old Security Advisor Notification Service.

[24] http://www.zdnet.com/pcweek/news/0713/17miis.html
[25] http://www.microsoft.com/security/bulletins/ms98-004.htm

bul A password-grabbing Trojan

Anti-virus company Dr. Solomon's reported a Trojan horse program [26], [27] aimed at users of Microsoft's dial-up networking. The Trojan targets people who allow their system to store their (weakly encrypted) password, instead of typing it in each time. It uses native Win32 facilities to mail the password file off to its master for cracking. The Trojan surfaced at a Swiss ISP.

[26] http://www.infoworld.com/cgi-bin/displayStory.pl?98077.wcsolomon.htm
[27] http://www.drsolomon.com/vircen/valerts/win_dial.html

______

A hole in Secure Socket Layer

An improbable attack is blocked

A Bellcore encryption researcher, Daniel Bleichenbacher, last February discovered a flaw in SSL that could, in far-fetched theory, allow a well-equipped cracker to decrypt a Net session protected by SSL [28], [29]. When RSA Data Security sent out a warning on the problem late last month to its licensees, Microsoft, O'Reilly, Netscape, and others rushed to implement a fix. C2net's FAQ [30] on the bug illustrates how impractical the attack would be to mount in earnest. An attacker would need to send about a million messages to an SSL server in order to obtain a single session key.

[28] http://www.news.com/News/Item/Textonly/0,25,23595,00.html?tbtf
[29] http://www.techweb.com/wire/story/reuters/REU19980626S0001?ls=twb_text
[30] http://www.c2.net/products/stronghold/support/PKCS1.php

______

States drop Office from Microsoft complaint

Aiming to tighten their case

In an effort to focus their sweeping antitrust case against Microsoft, 20 states and the District of Columbia have dropped [31] allegations about the use of inappropriate licensing and sales tactics for the Office productivity suite. The attorneys general said they were responding to limits on witnesses and time set by the trial judge.

[31] http://www.techweb.com/wire/story/TWB19980717S0013

______

Crypto news

bul Junger loses in Federal court, will appeal

Peter Junger, an Ohio law professor who is pursuing one of three separate lawsuits challenging government restrictions on the export of strong crypto, lost the first round on July 3 and plans an appeal [32]. Judge James Gwin ruled that software is a device, not speech, and therefore does not merit first-amendment protection -- a finding 180 degrees at odds with earlier Federal court ruling in the Bernstein case [33]. (That case has been appealed, with a decision expected any day.) Junger has started a mailing list [34] and hopes to attract computer scientists and legal experts to discuss the ruling that software is not speech.

[32] http://www.infoworld.com/cgi-bin/displayStory.pl?98079.eijunger.htm
[33] http://www.tbtf.com/archive/1996-12-24.html
[34] http://samsara.law.cwru.edu/comp_law/jvd/

bul US relaxes crypto export for banks

The Commerce Department announced on July 7 that US software companies will have new freedom to export strong crypto to financial institutions chartered in 45 countries [35]. The receiving financial institutions will be allowed to further distribute the crypto-enabled products to their branch offices worldwide, with the exception of a handful of terrorist states, as defined by the US. This change amounts to a simplification of red tape for financial institutions, not a real policy shift. The 45 countries, which are deemed to have strong laws against money laundering, are listed here [36].

[35] http://www.seattletimes.com/news/business/html98/cryp_070798.html
[36] http://jya.com/doc-ease.htm

bul An authoritative newsletter on crypto

Bruce Schneier's Counterpane Systems has begun publishing a free email and Web newsletter called CRYPTO-GRAM, and the first few issues set a new standard for public commentary on crypto news. To subscribe, visit [37] or send an empty message to crypto-gram-subscribe@chaparraltree.com .

[37] http://www.counterpane.com/crypto-gram.html

______

Simulating emulation

Creative Photoshop-ware

Last month MacOS Rumors claimed [38] to have run MacOS 8, emulating Windows 95 (Virtual PC), emulating MacOS 8 (Fusion); here's what it looked like [39]. The following day the site trumped this claim with this screen shot [40] purporting to be

  MacOS 8
    emulating Windows 95 (Virtual PC)
      emulating MacOS 8 (Fusion)
        emulating GameBoy (Virtual GameBoy)
          emulating Windows CE (WinBoy)
            emulating the Newton OS (NewtonCE)
              emulating the Pilot (CoPilot for Newton)
                emulating Linux (Linux for Pilot) 
Some of these components are more than dubious: WinBoy? NewtonCE? I don't think so.

[38] http://www.macosrumors.com/archive269.html
[39] http://evillemur.blacklightmedia.com/Fusion_on_VPC_on_MacOS.gif
[40] http://evillemur.blacklightmedia.com/emu.jpg


Notes

bul Last issue's story of the Media Lab's Irish expansion plans [41] was premature. The Sunday Times of London had the story but no-one was confirming it. Years ago the Lab worked at opening a branch in Japan and the story got out prematurely; nothing ever came of those plans.

[41] http://www.tbtf.com/archive/1998-06-29.html#s13


Sources

bul For a complete list of TBTF's (mostly email) sources, see http://www.tbtf.com/sources.html.


TBTF home and archive at http://www.tbtf.com/ . To subscribe send
the message "subscribe" to tbtf-request@world.std.com. TBTF is
Copyright 1994-1998 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com-
mercial use prohibited. For non-commercial purposes please forward,
post, and link as you see fit.
_______________________________________________
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.

___