Great Circle Associates Firewalls
(June 1997)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Stateful Packet Filters vs. Proxies
From: Adam Shostack <adam @ homeport . org>
Date: Fri, 13 Jun 1997 09:47:53 -0400 (EDT)
To: vin @ shore . net (Vin McLellan)
Cc: firewalls @ greatcircle . com
In-reply-to: <v03007800afc5d6585127 @ [198 . 115 . 179 . 81]> from Vin McLellan at "Jun 13, 97 02:04:27 am"

| >	Is that its official name?  the SecurID hash?  Mind if I
| >publish it?  How about F2, the 'other' hash that the system uses.
| >I've never gotten a go ahead on that from SDTI for the versions I
| >recovered.
| 
| 	I've always called it that -- but within SDTI, it's been called
| "ALGO" for algorithm, or "PRNgen" -- neither of which is a brand name which
| reflects the creativity involved in a good one-way function.  Rivest's F2
| and Brainard's SecurID Hash are both proprietary products of SDTI (as you
| well know;-) They've always been held as trade secrets; ACE/SecurID was,
| for years, sold with the promise that they would be kept confidential. SDTI
| won't release anything until those products are retired.

	I'll have to think on that one.  SDTI shouldn't make promises
that are beyond its control.

| 	For the market they confronted 7-8 years back, keeping the
| algorithm secret added a blanket of security-by-obscurity (not yet a curse)

	Not yet a well known curse, I'll agree.

| >| 	Several widely-respected cryptographers have studied Brainard's
| >| hash intensively in the past year, and acknowledged -- which is all
| >| cryptographers ever do;-) -- they see no effective attack, no way to
| 
| >	But those were carefully selected cryptographers.
| 
| 	(Think about it!  Could that be true?)  SDTI, for years, had a
| program whereby they commissioned respected cryptographers from various
| countries to do reviews of the resiliency of Brainard's hash in the face of
| the latest cryptoanalytic attacks.  But the most aggressive studies of the
| cryptographic integrity of ACE/SecurID -- any prominent security product!
| -- are doubtless  the pre-purchase security reviews by the big crypto-savvy
| multinationals, various national governments, and the dot-GOV.US security
| agencies. No vendor controls who those prospective buyers "select" to
| evaluate the product.

| 	Adam's SecurID paper, when presented to a Rutger's network security
| workshop last year, sparked a rare public comment on ACE cryptography by a
| big customer, when a senior Bell Labs scientist talked about the
| Bell/Lucient review of the ACE code (under NDA) and ruefully suggested Adam
| and his friends save themselves fruitless effort and stop trying to
| reverse-engineer the code in hopes of finding a fatal flaw in Brainard's
| hash.

	Actually, what he said was that they protected against the
obvious attack of using the output of the hash as a way to the card
secret.  I don't suggest that thats a profitable line of attack.  The
same set of Bell Labs scientists also missed the attack I found.
Which happens.  I still have as much respect for the people involved
as I did before.  Open review is a good idea precisely because people
miss things.  Even really, really good people miss things.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume




Follow-Ups:
References:
Indexed By Date Previous: Re: secure database access
From: C Matthew Curtin <cmcurtin @ research . megasoft . com>
Next: Re: Stateful Packet Filters vs. Proxies
From: peter @ baileynm . com (Peter da Silva)
Indexed By Thread Previous: Re: Stateful Packet Filters vs. Proxies
From: Vin McLellan <vin @ shore . net>
Next: Re: Stateful Packet Filters vs. Proxies
From: Vin McLellan <vin @ shore . net>

Google
 
Search Internet Search www.greatcircle.com