News Items from Security-Related Mailing Lists (3/21/97)

by Mary Ellen Zurko, The Open Group Research Institute (m.zurko@opengroup.org)

This issue's highlights are from risks, http-wg, e$pam, cypherpunks, www-security, and tbtf.

Counterpane Systems and UC Berkeley announced that researchers have discovered a flaw in the privacy protection of the Cellular Message Encryption Algorithm (CMEA), used in today's most advanced digital cellular phones. This flaw effects the privacy of numbers dialed. Other flaws have been pointed out in the voice privacy feature of this standard as far back as 1992. Although CMEA is a 64-bit symmetric cipher, flaws reduce the key length to 24 or 32 bits. See http://www.counterpane.com/cmea.html for the press announcement.

Debate over the Cookie RFC in the HTTP working group has erupted, most recently due to a recent participant taking umbrage over the standard's privacy-motivated requirements. The standard requires browsers to give the user the ability to turn off acceptance of cookies, and to make that the default. The issue is whether a "wire" protocol should include user interface features in its standard, particularly since user interface is so important to browser success. Other paticipants recently took issue with the restrictions on cookies from domains outside of the main page's URL's domain ( http://www.wired.com/news/technology/story/2615.html).

An ex-Sandia cryptographer is suing the NSA ( http://www.jya.com/whp1.htm). His complaint says he was fired in 1992 for attacking the quality of NSA's cryptography. The complaint alleges that classification of information was used to hide its deficiencies in crypto skills.

RSA's RC5 48-bit challenge was broken in just over 13 days using more than 5000 machines across the internet ( http://www.cstp.umkc.edu/personal/bhugh/dicinfo.html). This same level of effort would have broken the 40-bit challenge in 40 minutes.

By contrast, problems with process seem to be slow participation in the distributed DES crack. Organizers are asking participants to agree before participating about how the the prize money should be allocated. Some people say that they don't want to be bothered with dealing with that kind of "contract". Resources went to the RC5 crack that might have gone to the DES attempt.

Some cypherpunks-types are concerned about certain provisions in the latest incarnation of the Pro-CODE bill ( http://jya.com/s377.htm). One concern is that anonymous remailers and fully anonymous digital cash might be export-restricted under the exception for hardware and software intentionally used to evade US law or taxes. Another is that the review board that meets with vendors of commercial encryption offerings is specifically exempted from open meeting requirements.

Since maintaining security with a composed system is harder than with a monolithic one, it will come as no surprise that there were a rash of bugs of this sort this month. Internet Explorer (IE) had three highly publicized bugs involving the 'out of band' downloader; the code in IE that handles downloading of objects that are not handled internally by the browse ( http://www.cybersnot.com/iebug.html, http://dec.dorm.umd.edu/iebug.html, http://web.mit.edu/crioux/www/ie/index.html ). These bugs completely bypass any of the distributed code security measures like Authenticode. Patches are available. Microsoft took a lot of heat in techie circles for its spin control. By way of comparison, Sun found its most recent Java security bug during a "regular security review" and announced the problem. In addition, a privacy hole was found with the Shockwave plug-in and Navigator 3.x ( http://www.webcomics.com/shockwave/). Shockwave features can be used to send out data such as a user's private email.

The architect and primary implementor of Authenticode published a piece in risks explaining the motivation and goals of Authenticode. Highlights include: users demand a rich computing experience, digital signing emulates traditional software distribution channels, automating the software installation process makes users lives dramatically better, Microsoft's private keys are managed inside BBN SafeKeyper boxes housed in a guarded steel and concrete bunker, users' bypassing the security infrastructure is highly discouraged, signatures allow for law enforcement to help redress any problems, Authenticode is an important innovation in terms of users' understanding and administering trust, and everyone plans on signing code in the future. There were many responses to all these points, providing a pretty good layout of all the issues.

Open Market's OM-Transact product, which uses SSL with RC4 using 128-bit keys, was granted export approval, because it is narrowly tailored for financial applications. They had no requirement for key escrow.

Errata: Although there does not seem to be any official information on the web, I've been informed that the Nordic Post Security Service is planning on using X.509 certificates, and not PGP.