[147313] in cryptography@c2.net mail archive
Re: [Cryptography] RSA recommends against use of its own products.
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Sat Sep 28 12:44:13 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <E1VOyLQ-0001Ce-5M@login01.fos.auckland.ac.nz>
Date: Thu, 26 Sep 2013 19:54:00 -0400
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: kristian.gjosteen@math.ntnu.no,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============4677713632080595765==
Content-Type: multipart/alternative; boundary=001a11c33fe67fdf5104e75215b0
--001a11c33fe67fdf5104e75215b0
Content-Type: text/plain; charset=ISO-8859-1
On Wed, Sep 25, 2013 at 7:18 PM, Peter Gutmann <pgut001@cs.auckland.ac.nz>wrote:
> =?iso-8859-1?Q?Kristian_Gj=F8steen?= <kristian.gjosteen@math.ntnu.no>
> writes:
>
> >(For what it's worth, I discounted the press reports about a trapdoor in
> >Dual-EC-DRBG because I didn't think anyone would be daft enough to use
> it. I
> >was wrong.)
>
> +1. It's the Vinny Gambini effect (from the film My Cousin Vinny):
>
> Judge Haller: Mr. Gambini, didn't I tell you that the next time you
> appear
> in my court that you dress appropriately?
> Vinny: You were serious about dat?
>
> And it's not just Dual-EC-DRBG that triggers the "You were serious about
> dat?"
> response, there are a number of bits of security protocols where I've
> been...
> distinctly surprised that anyone would actually do what the spec said.
>
Quite, who on earth thought DER encoding was necessary or anything other
than incredible stupidity?
I have yet to see an example of code in the wild that takes a binary data
structure, strips it apart and then attempts to reassemble it to pass to
another program to perform a signature check. Yet every time we go through
a signature format development exercise the folk who demand
canonicalization always seem to win.
DER is particularly evil as it requires either the data structures to be
assembled in the reverse order or a very complex tracking of the sizes of
the data objects or horribly inefficient code. But XML signature just ended
up broken.
[Just found your ASN.1 dump tool and using it to debug my C# ASN.1 encoder,
OK so maybe ASN.1 is not terrible if I can put together a compiler in four
days but I am not using the Assanine 1 schema syntax and I am using my
personal toolchain]
> (Having said that, I've also occasionally been pleasantly surprised when,
> by
> unanimous unspoken consensus among implementers, everyone ignored the spec
> and
> did the right thing).
>
I have a theory that the NSA stooges are not the technical folk. Why on
earth would a world class expert want to spend their time playing silly
games sabotaging specs when they could have much more fun working inside
the NSA at Fort Meade or building stuff.
What I would do is to take a person who is a technical wannabe and provide
him with technical support and tell him to try to wheedle positions as a
document editor. Extra points if they manage to discourage participation by
folk with solid technical chops.
We saw something of the sort during the anti-spam efforts. I was sure at
the time that the spammers had folk paid to make the discussions as
acrimonious as possible.
--
Website: http://hallambaker.com/
--001a11c33fe67fdf5104e75215b0
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">On Wed, Sep 25, 2013 at 7:18 PM, Peter Gutmann <span dir=
=3D"ltr"><<a href=3D"mailto:pgut001@cs.auckland.ac.nz" target=3D"_blank"=
>pgut001@cs.auckland.ac.nz</a>></span> wrote:<br><div class=3D"gmail_ext=
ra"><div class=3D"gmail_quote">
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im">=3D?iso-8859-1?Q?Kristian_=
Gj=3DF8steen?=3D <<a href=3D"mailto:kristian.gjosteen@math.ntnu.no">kris=
tian.gjosteen@math.ntnu.no</a>> writes:<br>
<br>
>(For what it's worth, I discounted the press reports about a trapdo=
or in<br>
>Dual-EC-DRBG because I didn't think anyone would be daft enough to =
use it. I<br>
>was wrong.)<br>
<br>
</div>+1. =A0It's the Vinny Gambini effect (from the film My Cousin Vin=
ny):<br>
<br>
=A0 Judge Haller: Mr. Gambini, didn't I tell you that the next time you=
appear<br>
=A0 =A0 =A0 =A0 in my court that you dress appropriately?<br>
=A0 Vinny: You were serious about dat?<br>
<br>
And it's not just Dual-EC-DRBG that triggers the "You were serious=
about dat?"<br>
response, there are a number of bits of security protocols where I've b=
een...<br>
distinctly surprised that anyone would actually do what the spec said.<br><=
/blockquote><div><br></div><div>Quite, who on earth thought DER encoding wa=
s necessary or anything other than incredible stupidity?</div><div><br>
</div><div>I have yet to see an example of code in the wild that takes a bi=
nary data structure, strips it apart and then attempts to reassemble it to =
pass to another program to perform a signature check. Yet every time we go =
through a signature format development exercise the folk who demand canonic=
alization always seem to win.</div>
<div><br></div><div>DER is particularly evil as it requires either the data=
structures to be assembled in the reverse order or a very complex tracking=
of the sizes of the data objects or horribly inefficient code. But XML sig=
nature just ended up broken.</div>
<div><br></div><div><br></div><div>[Just found your ASN.1 dump tool and usi=
ng it to debug my C# ASN.1 encoder, OK so maybe ASN.1 is not terrible if I =
can put together a compiler in four days but I am not using the Assanine 1 =
schema syntax and I am using my personal toolchain]</div>
<div><br></div><div>=A0</div><blockquote class=3D"gmail_quote" style=3D"mar=
gin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
(Having said that, I've also occasionally been pleasantly surprised whe=
n, by<br>
unanimous unspoken consensus among implementers, everyone ignored the spec =
and<br>
did the right thing).<br></blockquote><div><br></div><div>I have a theory t=
hat the NSA stooges are not the technical folk. Why on earth would a world =
class expert want to spend their time playing silly games sabotaging specs =
when they could have much more fun working inside the NSA at Fort Meade or =
building stuff.</div>
<div><br></div><div>What I would do is to take a person who is a technical =
wannabe and provide him with technical support and tell him to try to wheed=
le positions as a document editor. Extra points if they manage to discourag=
e participation by folk with solid technical chops.</div>
<div><br></div><div><br></div><div>We saw something of the sort during the =
anti-spam efforts. I was sure at the time that the spammers had folk paid t=
o make the discussions as acrimonious as possible.=A0</div><div>=A0</div></=
div>
<div><br></div>-- <br>Website: <a href=3D"http://hallambaker.com/">http://h=
allambaker.com/</a><br>
</div></div>
--001a11c33fe67fdf5104e75215b0--
--===============4677713632080595765==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============4677713632080595765==--
