LISTWATCH: items from security-related mailing lists (October 6, 2000) by Mary Ellen Zurko (

This issue's highlights are from cypherpunks, ACM TechNews, risks, tbtf, and dcsb.


The big news on Monday was that NIST chose Rijndael as the Advanced Encryption Standard. Rijndael -- pronounced Rhine-Dahl -- is the creation of two Belgian cryptographers, Joan Daemen and Vincent Rijmen.  The real time web cast of the ceremony was impossible to get to, because of traffic. The NTRU Cryptosystems ( reference implementation for embedded systems -- the NERI toolkit the company has been shipping for a couple of months -- includes Rijndael code. The shareware library MIRACL includes Rijndael.

Rumors that leaked on the Saturday before pointed to Rijndael: there was to be a single winner, it was not an American design, and the winner was not covered by any patent or patent claim identified or disclosed to NIST by interested parties. The formal Hitachi warning to NIST that Hitachi had IP (US patents) which covered AES candidates is at:  Bruce Schneier had pointed out that Rijndael's ShiftRow operation is in fact a rotation, and so it should be also be covered by Hitachi's claims.  However, patent issues were not mentioned in the criteria for the final selection, from

10. Why did NIST select Rijndael to propose for the AES?

When considered together, Rijndael's combination of security, performance, efficiency, ease of implementation and flexibility make it an appropriate selection for the AES.

Specifically, Rijndael appears to be consistently a very good performer in both hardware and software across a wide range of computing environments regardless of its use in feedback or non-feedback modes.  Its key setup time is excellent, and its key agility is good. Rijndael's very low memory requirements make it very well suited for restricted-space environments, in which it also demonstrates excellent performance. Rijndael's operations are among the easiest to defend against power and timing attacks.

Additionally, it appears that some defense can be provided against such attacks without significantly impacting Rijndael's performance. Rijndael is designed with some flexibility in terms of block and key sizes, and the algorithm can accommodate alterations in the number of rounds, although these features would require further study and are not being considered at this time. Finally, Rijndael's internal round structure appears to have good potential to benefit from instruction-level parallelism.

Peter Trei proposed that anonymous remailers could pass along only encrypted mail to cut down on spam. Several folks raised the obvious issue that there's no algorithm to tell for sure if mail is encrypted or not. Several folks (including Sean Roach and Ray Dilinger) mentioned ideas around just getting a curve of the occurrences of letters in the email; flat is encrypted. Tom Vogt distributed a simple perl script to determine whether an email is PGP encrypted. He also mentioned such a remailer is better censor-proofed.

The US bill that gives e-signatures the same legal standing as an offline signature using pen and paper (Electronic Signatures in Global and National Commerce Act (E-SIGN)) went into effect on October 1st. The law is a broad and general statement that contracts cannot be invalidated simply because they are in a digital form. Businesses must still develop systems and procedures which prove that records have not been tampered with, that the signatures are accurate, and that all parties know that all the other parties had approved the agreement. The legislation provides consumers with the choice of signing transactions online or signing offline with a pen.

The head of the Secure Digital Music Initiative (SDMI) recently offered up to $10,000 to any person who could crack several online music files protected by new security mechanisms. The Linux Journal is sponsoring a boycott. They see the contest as a way to get free consulting then use it to deny access to the technology. The person who cracks the files must sign over the rights to their hacking method. Security experts call the contest a publicity stunt, and predict that the SDMI standard will be cracked eventually (when was the last time a security expert predicted that a system or standard wouldn't be cracked eventually?).

The  Christian Science Monitor  online edition discusses a the Baker-Hamilton Report   (, prepared at the request of the DOE. The report says that scientists at Los Alamos National Weapons Labs have become afraid of reporting or admitting even minor security breaches as a result of the threat of an aggressive prosecution and in the wake of the Wen Ho Lee situation. For lovers of puns and Peter G. Neumann, here is his commentary:
[The Government gave a terrible example of when holey prosecutions can run amok (holey, i.e., having holes). Perhaps the "situation" (as Ray calls it) will become known as an
 Un-Ho-Lee Mess (unholy, i.e., of questionable authority). PGN]

Declan McCullagh reported in Wired (,1283,39120,00.html)  that the US House Judiciary Committee gave the green light to Rep. Zoe Lofgren's (D-Calif.) Electronic Communications Privacy Act of 2000. At present, law enforcement agents can access email messages stored on a server by getting an administrative subpoena, but Lofgren's bill would force agents to get a search warrant before reading the communications.

The 2000 Survey of Internet Usage at Work reported the following (   Roughly 53 percent of employees believe that their personal use of the Internet goes unnoticed at work, 42 percent of managers observe employees' Web use via monitoring software or other means, roughly 28 percent of workers who use the Internet on company time go to lengths to conceal their activities.

Kevin Mitnick is doing the lecture circuit, and nothing he's quoted as saying is particularly surprising (,4164,2634540,00.html).

"People are the weakest link when it comes to security."

XNS (eXtensible Name Service) technology from OneName marries of XML with Web agent technology, a next generation naming system, and legally enforceable privacy contracts. They plan to go open source. Web agents talk XML among themselves and find other agents in a new extended namespace called XNS. Javascript is heavily used. You get a universal address that points to all your contact information forever. There are some patents (they seem to have patented something about agents logging who they send what information to; go figure!). The structure is governed by a new non-profit called the XNS Public Trust Organization, or XNSORG. About halfway through the registration process I got a URL not found error. Telcordia Technologies and VeriSign seem to have a competing effort going with ENUM, a standard they've submitted to the IETF that provides a framework for a global numbering system to map telephone numbers to other service addresses over the Internet. They'd like to use DNS for a trial implementation. Both efforts position themselves as part of the business card of the future.

The nonprofit IIT Research Institute has signed on to review the FBI's Carnivore email monitoring system (,1283,39078,00.html), a process that will begin at once and conclude in December.  They will be charged with determining whether the use of Carnivore increases privacy risks to Internet users' electronic communications (how could it not?).    "If you have a reputation like MIT, you're concerned about sullying it by prostituting yourself by doing such work," said Jeffrey Schiller He said the fine print in the DOJ's request for proposals placed numerous unacceptable restraints on the process, including giving the department the right to read and edit the report before it is finished. MIT and the University of San Diego both declined to submit proposals. Schiller said Purdue University had also declined, but officials from Purdue would not comment. Another school, Dartmouth University, declined because it is already doing work for the Justice Department and felt it would be a conflict of interest.

The overwritten portions of the Carnivore review proposal in PDF can be easily lifted:  Nothing secret revealed, just the names of the participants, a few home addresses and phone numbers, and their security ratings.

Network Ice released the source code for altivore.c ( I can substitute for Carnivore in the case of a court order.

A survey by the Electronic Privacy Information Center and Privacy International highlighted what they called a push led by the U.S. Federal Bureau of Investigation toward wiretap-friendly international communications standards. Besides the ever popular Carnivore and CALEA, the survey said FBI Director Louis Freeh had nudged countries such as Hungary and the Czech Republic to expand wiretapping. Quoting unnamed Russian computer security experts, the report said U.S. officials had advised Moscow on implementation of Carnivore-like network surveillance systems.

Ralph Dressel, a 28-year-old software analyst at Royal Skandia lnvestment bank, accessed bank account details of millions of Americans from his home in the Isle of Man.,7369,372676,00.html  Dressel said: 'I was just checking details of my US bank account and was playing around looking to see how secure the system was.  I was amazed there didn't seem to be any protection at all and within five minutes I had obtained full access to account details of hundreds of thousands of people.'   Dressel contacted the FBI in Boston and his local police station in the Isle of Man.   Dressel printed details of three accounts from customers which have been seen by The Observer.   These were from the Amalgamated Bank of Chicago, Bank of Oklahoma and the Sovereign Bank in Connecticut. The print-outs included account numbers and balances.   It also gave options to change PIN numbers, view the history of the account, pay bills and transfer funds.

After addressing a national business journalists' meeting in Irvine, California, Qualcomm chief executive Irvin Jacobs found that someone had stolen his laptop computer, which he left on the floor of a hotel conference room. The thief acquired not only an IBM Thinkpad but also the Qualcomm secrets it contains, because Jacobs had just finished telling the audiencethat the slide-show presentation he was giving with his laptop contained proprietary information that could be valuable to foreign governments. Qualcomm is in the midst of negotiations for a next-generation system for China, amongst others.