Great Circle Associates Firewalls
(June 1997)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Stateful Packet Filters vs. Proxies
From: Adam Shostack <adam @ homeport . org>
Date: Fri, 13 Jun 1997 09:47:53 -0400 (EDT)
To: vin @ shore . net (Vin McLellan)
Cc: firewalls @ greatcircle . com
In-reply-to: <v03007800afc5d6585127 @ [198 . 115 . 179 . 81]> from Vin McLellan at "Jun 13, 97 02:04:27 am"

| >	Is that its official name?  the SecurID hash?  Mind if I
| >publish it?  How about F2, the 'other' hash that the system uses.
| >I've never gotten a go ahead on that from SDTI for the versions I
| >recovered.
| 	I've always called it that -- but within SDTI, it's been called
| "ALGO" for algorithm, or "PRNgen" -- neither of which is a brand name which
| reflects the creativity involved in a good one-way function.  Rivest's F2
| and Brainard's SecurID Hash are both proprietary products of SDTI (as you
| well know;-) They've always been held as trade secrets; ACE/SecurID was,
| for years, sold with the promise that they would be kept confidential. SDTI
| won't release anything until those products are retired.

	I'll have to think on that one.  SDTI shouldn't make promises
that are beyond its control.

| 	For the market they confronted 7-8 years back, keeping the
| algorithm secret added a blanket of security-by-obscurity (not yet a curse)

	Not yet a well known curse, I'll agree.

| >| 	Several widely-respected cryptographers have studied Brainard's
| >| hash intensively in the past year, and acknowledged -- which is all
| >| cryptographers ever do;-) -- they see no effective attack, no way to
| >	But those were carefully selected cryptographers.
| 	(Think about it!  Could that be true?)  SDTI, for years, had a
| program whereby they commissioned respected cryptographers from various
| countries to do reviews of the resiliency of Brainard's hash in the face of
| the latest cryptoanalytic attacks.  But the most aggressive studies of the
| cryptographic integrity of ACE/SecurID -- any prominent security product!
| -- are doubtless  the pre-purchase security reviews by the big crypto-savvy
| multinationals, various national governments, and the dot-GOV.US security
| agencies. No vendor controls who those prospective buyers "select" to
| evaluate the product.

| 	Adam's SecurID paper, when presented to a Rutger's network security
| workshop last year, sparked a rare public comment on ACE cryptography by a
| big customer, when a senior Bell Labs scientist talked about the
| Bell/Lucient review of the ACE code (under NDA) and ruefully suggested Adam
| and his friends save themselves fruitless effort and stop trying to
| reverse-engineer the code in hopes of finding a fatal flaw in Brainard's
| hash.

	Actually, what he said was that they protected against the
obvious attack of using the output of the hash as a way to the card
secret.  I don't suggest that thats a profitable line of attack.  The
same set of Bell Labs scientists also missed the attack I found.
Which happens.  I still have as much respect for the people involved
as I did before.  Open review is a good idea precisely because people
miss things.  Even really, really good people miss things.


"It is seldom that liberty of any kind is lost all at once."

Indexed By Date Previous: Re: secure database access
From: C Matthew Curtin <cmcurtin @ research . megasoft . com>
Next: Re: Stateful Packet Filters vs. Proxies
From: peter @ baileynm . com (Peter da Silva)
Indexed By Thread Previous: Re: Stateful Packet Filters vs. Proxies
From: Vin McLellan <vin @ shore . net>
Next: Re: Stateful Packet Filters vs. Proxies
From: Vin McLellan <vin @ shore . net>

Search Internet Search