From: (Bruce Schneier)
Subject: CRYPTO-GRAM, November 15, 2002
Date: Thu, 14 Nov 2002 22:01:47 -0600


November 15, 2002

by Bruce Schneier
Founder and CTO
Counterpane Internet Security, Inc.
< >

A free monthly newsletter providing summaries, analyses, insights, and 
commentaries on computer security and cryptography.

Back issues are available at 
< >.  To subscribe, visit 
< > or send a blank message 

Copyright (c) 2002 by Counterpane Internet Security, Inc.

** *** ***** ******* *********** *************

In this issue:
New Book
Crypto-Gram Reprints
Counterpane News
Security Notes from All Over: Japanese Honeybees
The Doghouse
Comments from Readers

** *** ***** ******* *********** *************

New Book

This is a short issue of Crypto-Gram, because I'm finishing up a new book.

We are being told that we are in graver danger than ever, and that we 
must change our lives in drastic and inconvenient ways in order to be 
secure.  We are being told that we must give up privacy or anonymity, 
or accept restrictions on our actions.  We are being told that the 
police need new investigative powers, that domestic spying capabilities 
need to be instituted, and that our militaries must be brought to bear 
on countries that support terrorism.  What we're being told is mostly 
untrue.  Most of the changes we're being asked to endure don't result 
in good security.  They don't make us safer.  Some of the changes 
actually make things worse.

My new book, still untitled, is a book about security.  Not computer 
security, but security in general.  Its goal is to teach readers how to 
think differently, how to tell good security from bad security, and to 
be able to explain why.  Its goal is to instill in readers a healthy 
skepticism about security, especially the technologies surrounding 
security.  Its goal is to convince readers that good security is about 

The book walks the reader, step by step, through security: what works, 
what doesn't, and why.  It gives general principles that the reader can 
use to understand and evaluate security.  It illustrates those 
principles with anecdotes from all over: crime, war, history, sports, 
natural science, myth, literature, and movies.  And it gives the reader 
a simple process that he can use to understand the difference between 
good security and bad security.

Real-world security looks a whole lot like computer security.  It's not 
just that computers are everywhere; the same concepts and methodologies 
that allow us to make sense of computer security also apply to the real 
world.  In my previous book, "Secrets and Lies," I used real-world 
metaphors to explain computer and network security.  In this book I am 
going to explain real-world security using the techniques, processes, 
and formalism from the computer world, without assuming any computer 

Book publishing is second only to furniture delivery in slowness.  My 
deadline for the book is the end of the month, but it's not going to be 
available in stores until next September.

** *** ***** ******* *********** *************

Crypto-Gram Reprints

Crypto-Gram is currently in its fifth year of publication.  Back issues 
cover a variety of security-related topics, and can all be found on 
< >.  These are a selection 
of articles that appeared in this calendar month in other years.

Full Disclosure:
< >

Why Digital Signatures are Not Signatures
< >

Programming Satan's Computer:  Why Computers Are Insecure
< >

Elliptic Curve Public-Key Cryptography

The Future of Fraud:  Three reasons why electronic commerce is different
< >

Software Copy Protection: Why copy protection does not work
< >

** *** ***** ******* *********** *************


Red Hat vs. the DMCA.  Red Hat publishes information about a security 
patch ONLY to people outside the United States, because of fear of the 
DMCA.  It seems that a description of a fix to a vulnerability also 
contains information about the vulnerability itself, which could be a 
violation of the DMCA.  Ridiculous?  Of course it is.  But that's the 
law for you.
< >

And while we're on the subject of ridiculous, here are some of the 
"digital media devices" that would be required to incorporate 
government-approved copy-protection technology under the Hollings 
CBDTPA Bill: hearing aids, talking picture frames, scrolling signs, and 
baby monitors.
< >

The previous two items are examples of the kinds of things that happen 
when laws are written to protect the revenue stream of an industry with 
no regard to its effects on society as a whole.  Another example is the 
extensions to the copyright laws, currently being debated in the 
Supreme Court.  Here's Larry Lessig's thoughts on arguing at the 
Supreme Court:
< >

A clever Reuters reporter guesses URL of Swedish company's 3rd quarter 
results (before they were "officially" posted).  The company claims it 
will file criminal charges.  It's an interesting question: is guessing 
a URL an "intrusion"?  I don't think so.
< >
< >

The Security Business Quarterly is a magazine worth reading.  Issues 
are available online.
< >

Windows 2000 receives a Common Criteria security rating.  Does this 
mean anything?  Not really.  Jonathan Shapiro did such a good job 
explaining this that I'm just going to post a link to his essay.
< >

Microsoft users may have to pay for security.  Actually, I think this 
is a good idea.  If users explicitly pay for security, then there's a 
greater chance that Microsoft will be liable for that security.  And 
honestly, most users don't want security and don't want to pay for it.
<,,t269-s2123526,00.html >
< >

This article says: "The al-Qaeda terror network has begun using hackers 
who break into websites to create secret pages that send messages to 
its followers, Internet specialists say."  This makes absolutely no 
sense, and is a sad example of the mindless anti-terrorist 
computer-security hype we're hearing these days.
< >

A well-written analysis of the major security/privacy/stability 
concerns of Windows XP.
< >

"Fortune 1000 companies lost $45 billion to theft of proprietary 
information last year."  How do they know?
< >

"Assessing Internet Security Risk," a five-part series:
< >
< >
< >
< >
< >

Root DNS servers attacked.  It's a credit to the good guys that the 
effects of the attack were minimal.  Lots of commentary about it, though.
< >
< >
< >
< >
< >
< >
< >
< >
<,3959,651686,00.asp >

Nice security success story: NASA.
< >
< >

The United States Copyright Office is inviting public comment on the DMCA:
< >
< >

Fascinating Congressional testimony by NSA Director Michael Hayden.  He 
explains how NSA worked on terrorism pre- and post-9/11, and then tells 
Congress that they can best help him by going back to their 
constituents and finding out where the public wants to draw the line 
between liberty and safety.  Required reading.
< >

Excellent paper by Carl Ellison on the myths and realities of PKI:
< >

** *** ***** ******* *********** *************

Counterpane News

I'm sitting on some big news that I can't really talk about 
yet.  Hopefully next month.

In the meantime, I will be speaking at COMDEX in Las Vegas on 11/18, at 
the IETF meeting in Atlanta on 11/22, and at InfoSecurity in New York 
on 12/11.

** *** ***** ******* *********** *************

Security Notes from All Over: Japanese Honeybees

Giant hornets regularly attack beehives.  Typically, an attack begins 
when a single hornet captures a lone bee nearby the hive.  After 
several of these perimeter skirmishes, one hornet leaves a marking 
pheromone at the hive's entrance.  This pheromone attracts the other 
hornets, who arrive en masse and attack the beehive.  The bees' 
stingers can't penetrate the hornets' armor, so it's a one-sided 
slaughter; something like 30,000 bees can be killed in a few hours by 
30-40 hornets.

Japanese honeybees, however, have evolved an interesting defensive 
strategy.  When a hornet marks the hive's entrance, the bees guarding 
the entrance return to the hive and wait for the attacking 
hornets.  This has the effect of luring the first attacking hornets 
into the hive, rather than allowing them to start their attack 
outside.  Simultaneously, over 1000 worker bees in the hive leave the 
combs and mass just inside the hive's entrance.  When a hornet tries to 
enter the hive, the workers surround it, forming a ball of bodies, and 
cook it to death with their body heat.  The bees also release a 
pheromone that draws ever more bees from the hive's interior to come to 
the entrance and defend the nest.

This strategy must be perfect in order to be successful.  If the bees 
fail in killing the first hornet attackers, then the hornet pheromone 
gets stronger, and more hornets arrive to reinforce their attack.  By 
sheer numbers, the hornets can overpower the bees.

Source:  Bernd Heinrich, "The Thermal Warriors: Strategies of Insect 
Survival," Harvard University Press, 1996.

** *** ***** ******* *********** *************

The Doghouse

I'm busy, so you'll have to do the work this time.  Here are my current 
doghouse candidates.  Decide for yourself which is the funniest.

Is it CryptDefence, which offers "information's absolute protection" 
via their "entirely new original symmetric cryptographic algorithm 
MCD," which "disproves the Vernam theory...."
< >

Is it Asier Technology, which "has made a breakthrough in such 
[cryptography] research and is now offering revolutionary products," 
with keys "ranging in key sizes from 5,000 to over 136,000 bits"?

Is it TransPlace, "only security program without hacks/ cracks/patches 
on Internet"?  "Unhackable!!! It's IMPOSSIBLE to hack 
TransPlace-files!" "The internal structure of TransPlace is TOP 
SECRET!"  "We believe it's impossible to make successful cracks for 
TransPlace or 'TransPlace protected files'!"
< >

Is it ForeScout, an intrusion prevention technology that "pre-emptively 
neutralize[s] known and unknown attacks with no false positives 
ensuring zero time to protection," while at the same time requiring "no 
signature updates nor manual intervention"?
< >

Or is it EuroTech, with their "double cipher, keyless transmission 
system, with no transmitted key subject to compromise"?
< >

So many to choose from....  And thank you to everyone who e-mails me 
with Doghouse suggestions.  I always enjoy reading these Web sites.

** *** ***** ******* *********** *************

Comments from Readers

From: Frank Prince <>
Subject: National Strategy to Secure Cyberspace

I disagree that the strategy doesn't make a difference.  I feel your 
comments were too dismissive of it.

Something in the discussion about the relationship between consensus 
and security didn't ring true for me.  Relative to security, consensus 
-- in a community, in the board room, formalized in law, or honed by 
legal precedent -- is a kind of community threat estimate and resource 
allocation decision.  We can certainly argue that it is flawed -- but 
not that it is irrelevant.

Moreover, I take issue with the idea that security is a commons.  The 
new community resources we are trying to protect aren't fully 
defined.  And consensus regarding the threat to them will remain 
evanescent until they are.  Beyond that, the metrics that will allow us 
to assess liability are even less appreciable.  Security, like 
availability, is a characteristic that can be used to judge if the 
commons is in crisis.  But cultural accommodation to profoundly 
changing technological realities is the underlying issue -- not security.

That being said, in any time of change there are criminals that take 
advantage of upheaval.  We can't stand by and let them hurt us.  Still, 
we have to remember that we are engaged in a battle that is playing out 
in two different time scales -- the first with our day-to-day decisions 
about security and the second with our long-term understanding of the 
effects of technology change on security.  The day-to-day interacts 
with the long-term.  A new technique for mitigating the impact of 
denial-of-service attacks changes people's perception of how serious 
they are.  But so does a government test balloon on cyber-security, 
affecting things like research funding and public awareness.  Both make 
a difference.  Neither is irrelevant.

From: "Odom, Joel" <>
Subject: RE: National Strategy to Secure Cyberspace

In the same way that the "National Strategy to Secure Cyberspace" is 
going to do no good to improve computer security, passing laws 
requiring certain security behavior will do no good either.  As a 
matter of fact, laws requiring companies and individuals to practice 
certain security behavior would likely do more harm than good.

As you pointed out, the government is all about politics and not about 
what will actually work.  Computer security laws would require behavior 
that would make systems more complicated.  As a system becomes more 
complicated, it generally becomes less secure and not more secure.

Laws would not be able to mandate the detection and response necessary 
for true security.  Instead, laws would mandate certain products that 
would be trusted and would choke out bona fide efforts to improve 
security.  Even worse, they would lull users into a false sense of 

The best way to wreck computer security is to let the government meddle 
with it.  All of the security laws that have passed in recent years 
have only made matters worse.  Why do we expect that the government 
could ever actually make it better?

To: Bruce Schneier <>
Subject: National Strategy to Secure Cyberspace

> Security is a commons.  Like air and water and radio spectrum, any
> individual's use of it affects us all.  The way to prevent people from
> abusing a commons is to regulate it.  Companies didn't stop dumping
> toxic wastes into rivers because the government asked them
> nicely.  Companies stopped because the government made it illegal to
> do so.

No.  The way to prevent people from abusing a commons is to establish 
and enforce property rights.  A public bathroom will be filthy no 
matter how many laws you pass.  Most companies obey the laws against 
dumping wastes rivers, but there are still plenty who just got a bit 
more creative about where and when they do their polluting.  Laws don't 
work.  You need people with an interest in protecting _their_ property, 
not bureaucrats who will protect the commons as long as no one bribes 
them to look the other way, and not governments that pass laws but make 
themselves exempt.

The tricky bit is dividing the commons up into the proper chunks of 
property to insure that the greatest number of people can still use it 
at a fair price.

From: Marc de Piolenc <>
Subject: National Strategy to Secure Cyberspace

While I agree with your comments about the ineffectiveness of a plan 
without teeth, I am equally doubtful of the efficacy of 
legislation.  Your analogy to pollution regulations is a good one, 
because it points up the fundamental fallacy of a "commons."

That which belongs to everybody belongs to nobody, in the sense that 
nobody has any incentive to preserve it.  The answer is not empowering 
bureaucrats to protect the commons (which they will do poorly or not at 
all), but to privatize the resources currently treated as common property.

In the case of the infrastructure that we are talking about, it is 
already in private hands, and considering it a "commons" is just a 
fancy way of letting the people who control its various components 
escape responsibility for their management.

To use a simple example, the owners of distribution networks are, in 
the USA at least, civilly liable for failure to follow established good 
practice in their respective technical fields.  This is not a matter of 
regulation, but of tort law.  The problem with our sector is the 
absence of generally recognized good practices.  Any advance in that 
area is worth any number of tons of output from the Federal Register.

From: Jim Reid <>
Subject: National Strategy to Secure Cyberspace

I think your comments about consensus with regard to security matters 
could have been more carefully worded.  Security is ultimately about 
consensus.  It has to be a trade-off between what the end users will 
tolerate, what the security guys will tolerate, what providers are 
prepared to offer in the way of services, and what the bean counters 
will accept both in costs and risks/rewards.  Provided these 
conflicting interests can be balanced properly, the resulting system 
should be secure enough for the purpose it was intended.  It's a bit 
unfair of you to say that consensus security mostly results in bad 
decisions.  In a free society I think it's impossible to deploy 
workable security systems unless those systems are built around 
consensus.  For some fluffy definition of "consensus."

Where I do agree with you wholeheartedly is that security -- or 
anything else we try to do -- becomes flawed when the participants come 
with their own axes to grind or have a not-so-hidden agenda to protect 
their vested interests.  And then distort the decision making process 
to reflect their position.

From: Anonymous
Subject: National Strategy to Secure Cyberspace

Your response to the CyberSecurity Strategy is an impassioned plea, but 
I can't believe you came to your conclusion.  What possible law should 
the government pass?  After the example of the DMCA, they'll pass a law 
against hacking or anything that looks like it, and that law will make 
all network management (especially managed security such as Counterpane 
produces) illegal by side effect.

The people you describe, driven by special interests into confusion and 
feebleness in spite of tons of good advice, would pull the trigger -- 
but what would they hit?

So -- what law would you want them to pass?  It sounds like you want 
one law: that makes companies liable for successful attacks.  Would 
Counterpane be liable?

I suspect that it's Microsoft you want to be made liable -- as 
punishment for their creation of exploitable holes.  But, you don't say 
that.  Why do you expect the government to use the same logic you and I 
use?  If you want them to make someone liable, they might make a 
homeowner liable if his home computer is used as a DDoS launch point -- 
and leave Microsoft untouched.

From: Stefan Lucks <>
Subject: XSL Attacks Against AES

I have studied the equation-solving technique for the cryptanalysis of 
secret-key ciphers, such as the AES, myself.  As a scientist, I find 
the technique exciting.  However, I think it is too early to draw any 

As I mentioned, the paper from Courtois and Pieprzyk is exciting for 
me.  Their technique may turn out to be a relevant attack for some 
secret-key ciphers, possibly including the AES.  BUT: Currently, the 
study of these ciphers is research in progress, no more, no less.  It 
is much too early to consider the AES broken.  People should wait for 
more results.  (I don't write this to blame the authors.  The have done 
great work.  But good research needs time, and researchers have to 
publish their "work in progress" to get feedback from their peers.)

In general, the technique works like this:

1. Find a special "trick" to describe the cipher as a largely 
overdefined system of quadratic (or low-degree) equations (for 
secret-key cryptosystems typically in GF(2)).

2. Check if there are any obvious reasons why XL won't be able to solve 
the system (e.g., extremely many linear dependencies).

3. Use XL (some variant of XL) to solve the system and cross your 
fingers.  That is, artificially increase the number of equations by 
multiplying some of the equations with some of the terms to get a 
system of non-linear (higher-degree) equations.  If the number of 
equations exceeds the number of terms, linearise the system; i.e., 
treat each term as an independent linear variable.

4. Solve this (huge) system of linear equations.

The problem is going from step 2 to step 3.  Courtois and Pieprzyk 
describe some necessary conditions for XL to work in their paper.  We 
can check for these conditions in step 2.  But these conditions are 
unlikely to be sufficient.  Especially in the case of the AES, there 
are some doubts.

There are some experimental indications that XL works at least 
sometimes.  Unfortunately, the "real" attacks are by far too expensive 
be implemented today.  So we can't directly verify the attack 

Good ciphers are like good wine; both need much time to mature.  AES is 
still young, only five years old, and I wouldn't mind if people 
considered three-key triple DES as a possible alternative to the AES, 
for the next five years or so.

From: Ulrich Kunitz <>
Subject: One-Time Pads: Real-World Examples

I've seen one-time pads used in the East German army, I even did some 
encryption personally, not exactly in line with the rule book.  I 
served as a private in a surface-air-missile base with old SA-2 Voichov 
missiles from 1987 to 1989.  Short messages about the frequency plan 
for friend-detection, encoding of the coordinate system and troop 
movements were encrypted with one-time pads.  Encryption and decryption 
had to be done by officers, one of them explained it to me.  Blocks 
were numerated and stored in special sealed boxes fixed in the concrete 
walls of the command bunker.  Key exchange was the task of armed 
couriers (two men) with a sealed transport case.  Everybody using the 
system knew that code blocks must not be reused.  But this was still a 
German army with Prussian traditions, which double-counted every 
bullet.  That the Russians in the Soviet embassy didn't do the right 
thing, might be caused by their mentality to always cut corners to meet 

Here in Germany banks are using one-time pads for the authentication of 
financial orders.  This system is used by millions of bank customers, 
even my mother.  It's called the PIN/TAN-system.  The TAN blocks are 
sent by the postal service, some banks even require the customer to 
acknowledge the receipt by a signed letter.  For every order you enter 
into your browser or home banking application, you have to use one 
transaction number (TAN) from the block.  The bank system checks the 
TAN and enforces the single use.  The scheme doesn't prevent attackers 
from changing the message before sending it over the encrypted 
connection, but limits effectively the number of orders an attacker can 
send, as long as the customer doesn't store his TANs on the 
computer.  By limiting the amount of money per order on the bank side, 
risks are reduced by the system.

I've implemented here in Germany online-banking-systems using several 
cryptographic methods with keys in a file, tokens, and 
smartcards.  Standard algorithms, no snake oil, we know our limits.  It 
still strikes me how easy to understand, easy to apply (no drivers or 
additional devices), and relatively secure the PIN/TAN method 
is.  Limiting the number of orders an attacker could do is far more 
difficult with available smartcard technology or even keys in a 
file.  And customers have no problems to develop the right model about 
PIN/TAN, but smartcards aren't doing what most people think they do.

By the way, please remind your readers that even one-time pads are 
insecure, if somebody uses a "random" generator like C-library's rand() 
to generate the pads.  Murphy's law says it will happen---and it did.

Home banking fraud here in Germany is a popular media theme, but in 
reality it isn't a problem.  This is caused by the checks built in the 
classic banking system and its capability to handle errors and 
fraud.  That we never use the PIN alone in Germany does contribute, but 
how much, I really don't know.

"Secret & Lies" helped a me a lot to understand what is going 
on.  Technology will never solve the security problem alone: you need 
organization, infrastructure, people, processes and a legal system to 
produce security.

From: John Gateley <>
Subject: GreatEncryption

"Software with a key strength of 109^4000 + 109^3999 + ... 109^1."

It gets worse.  I found the following on the Web site: "Users can 
choose keys that are as short or as long as they wish.  But, only the 
first 4,000 valid characters submitted as a key are used in the 
program.  There are 109 valid key characters."

So, instead of 109^4000 different keys, they somehow come up with 
109^4000 + 109^3999 + ... +109^1.

Makes me wonder about the rest of their math.

** *** ***** ******* *********** *************

CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,
insights, and commentaries on computer security and cryptography.  Back 
issues are available on < >.

To subscribe, visit < > or 
send a blank message to  To 
unsubscribe, visit < >.

Please feel free to forward CRYPTO-GRAM to colleagues and friends who 
will find it valuable.  Permission is granted to reprint CRYPTO-GRAM, 
as long as it is reprinted in its entirety.

CRYPTO-GRAM is written by Bruce Schneier.  Schneier is founder and CTO 
of Counterpane Internet Security Inc., the author of "Secrets and Lies" 
and "Applied Cryptography," and an inventor of the Blowfish, Twofish, 
and Yarrow algorithms.  He is a member of the Advisory Board of the 
Electronic Privacy Information Center (EPIC).  He is a frequent writer 
and lecturer on computer security and cryptography.

Counterpane Internet Security, Inc. is the world leader in Managed 
Security Monitoring.  Counterpane's expert security analysts protect 
networks for Fortune 1000 companies world-wide.

< >

Copyright (c) 2002 by Counterpane Internet Security, Inc.

Visit the Crazy Atheist Libertarian
Check out "David Dorn" - Hate Monger
Check out Atheists United - Arizona
Visit my atheist friends at Heritics, Atheists, Skeptics, Humanists, Infidels, and Secular Humanists - Arizona
Arizona Secular Humanists
Paul Putz Cooks the Arizona Secular Humanist's Check Book
News about crimes commited by the police and government
News about crimes commited by religious leaders and beleivers
Some strange but true news about the government
Some strange but real news about religion
Interesting, funny but otherwise useless news!
Libertarians talk about freedom
Cool Useless Photos, Cool gif files, Cool jpg files
Legal Library
Gif, JPG, and other images you can use on your web pages
David Dorn Insuranse