TBTF for 7/20/98: Deep crack

Keith Dawson (dawson@world.std.com)
Sun, 19 Jul 1998 23:24:14 -0500


-----BEGIN PGP SIGNED MESSAGE-----

TBTF for 7/20/98: Deep crack

T a s t y B i t s f r o m t h e T e c h n o l o g y F r o n t

Timely news of the bellwethers in computer and communications
technology that will affect electronic commerce -- since 1994

Your Host: Keith Dawson

This issue: < http://www.tbtf.com/archive/07-20-98.html >
________________________________________________________________________

C o n t e n t s

Custom computer defeats DES in 56 hours
Did Microsoft misrepresent NT's security status?
The future of Linux
Private doorbells
Four new Microsoft security holes
Dot
:$$data
Remote Data Services
A password-grabbing Trojan
A hole in Secure Socket Layer
States drop Office from Microsoft complaint
Crypto news
Junger loses in Federal court, will appeal
US relaxes crypto export for banks
An authoritative newsletter on crypto
Simulating emulation
________________________________________________________________________

..Custom computer defeats DES in 56 hours

EFF changes the rules of the game

In January 1997 RSA Labs sponsored a contest inviting the world to
decrypt a message coded using a 56-bit DES key. The challenge was
broken 6 months later [1] by a loose collaboration using thousands
of computers across the Internet. A similar challenge issued last
January took 39 days to break [2]. The latest RSA DES challenge
launched on July 13 and was broken 56 hours later, using a single
special-purpose computer [3]. John Gilmore and Paul Kocher, working
under sponsorship of the Electronic Freedom Foundation, led a year-
long effort to build the DES Key-Search Machine. It cost about $220K
USD and consists of over 1800 custom chips on 27 circuit boards;
each chip contains 24 independent key-search processors. (Gilmore
has named the chip "Deep Crack.") The machine can search 92 billion
keys per second. By comparison, the massively parallel distributed
computer that is the Internet, when overcoming another RSA chal-
lenge [4] last summer, peaked at 7 billion keys/sec.

A quick calculation indicates that similar horsepower applied to
a 40-bit key would break it in an average of 6 seconds. This is the
level of security that the US government allows to be exported with-
out a promise of key recovery.

The EFF, in irrefutably demonstrating the insecurity of 56-bit en-
cryption in the modern day, was making the point long denied by
the US government: that even a modestly endowed organization could
put together a purpose-built DES cracker.

Government spokesmen were quick to point out that the crack found
only a single session key. This is disingenuous. Every message en-
coded with DES since its introduction in 1977 is now fair game for
this machine or for one like it. In a press conference [5] the
builders of the DES Cracker reiterated their belief in the likli-
hood that governments and even companies have built such machines
before in secrecy.

O'Reilly has published a book on the design of the DES cracking
machine [6] -- in paper only, as export laws forbid putting it on
the Net. Those guys are right on top of it. Here is Whitfield
Diffie's foreword [7] to the book.

[1] http://www.tbtf.com/archive/06-23-97.html#s02
[2] http://www.tbtf.com/archive/03-02-98.html#s04
[3] http://www.cryptography.com/resources/des/des.html
[4] http://www.tbtf.com/archive/10-27-97.html#s02
[5] http://www.zdnet.com/zdnn/stories/zdnn_smgraph_display/0,3441,2120741,00.html
[6] http://www.oreilly.com/catalog/crackdes/
[7] http://www.eff.org/pub/Privacy/Crypto_misc/DESCracker/HTML/19980716_diffie_crackingdes_foreword.html
________________

..Did Microsoft misrepresent NT's security status?

Government agencies may be buying NT under false pretenses

Particular configurations of Windows NT 3.5 have been evaluated for
C2-level security [8] and have been placed on the NSA's Evaluated
Products List. This does not mean that the OS itself is "C2 cer-
tified" -- no operating system is ever certified. "Certification"
is something granted to a particular configuration, including hard-
ware. Here is what has been C2-certified by the US government: Win-
dows NT 3.5 with Service Pack 3 on the Compaq ProLiant 2000 and
ProLiant 4000 Pentium systems, and on a DECpc AXP/150. These con-
figurations were tested standalone: no networked NT system has ever
been tested, let alone certified.

The consultant who helped Microsoft achieve this certification, Ed
Curry, now charges that Microsoft is misrepresenting his work and
is trying to get him to do likewise [9]. (Never mind that he's gone
bankrupt on broken promises.) Microsoft refused comment on these
allegations to an InfoWorld reporter.

[8] http://www.radavis.com/c2.htm
[9] http://www.infoworld.com/cgi-bin/displayNew.pl?/petrel/980713np.htm
________________

..The future of Linux

A pivital roundtable builds the momentum

Linux is being used increasingly in large corporations [10], but not
often in mission-critical roles. This is not due to a lack of suit-
ability or (especially) robustness. Rather, there is a paucity of
infrastructure applications such as databases on the platform. Also,
Linux does not enjoy much mindshare among top executives. Both of
these factors may be changing.

Smaller database players such as Ingres (now sold by CA Associates)
have announced plans for Linux products [11], but the large database
vendors have until recently said that the OS does not exhibit crit-
ical mass [12].

At this juncture the father of Linux, Linus Torvalds, participated
in a roundtable in Santa Clara on the future of Linux [13]. Here are
two firsthand reports from the event. Below is a quick summary from
Greg Roelofs <roelofs@pmc.philips.com>; see his complete writeup on
his site [14].

Rafael Skodlar <rasko@kset.com> sent detailed notes, which are posted
on the TBTF archive by permission [15].

After this standing-room-only conference Oracle reversed itself and
announced plans for a Linux port [16], and Informix is rumored to be
preparing a similar announcement next week [17]. Coincidence? Perhaps.

Greg Roelofs's notes:

"The Future of Linux" was set up as a panel discussion and was
held at the S.C. Convention Center. It was hosted by Taos and
sponsored by them, the Silicon Valley Linux Users Group (SVLUG),
Intel, Red Hat (RH), Linux Journal (LJ), and VA Research (VAR).
Apparently it was considerably more popular than Taos expected;
people stood in line between 40 and 60 minutes to register, and
the free food and free VA Research/Linux T-shirts ran out. I
didn't get a firm count, but Taos said 850 people had RSVP'd,
and it appeared that at *least* 700 chairs were occupied,
possibly upwards of 900 or more.

The panel was a distinguished group: Jeremy Allison, one of the
lead Samba developers; Larry Augustin, founder of VA Research
and member of the Linux International (LI) Board of Directors;
Robert Hart, from Red Hat Software; Sunil Saxena, from Intel's
Unix Performance Lab; and, of course, The Man himself, Linus
Torvalds. It was moderated by Michael Masterson of Taos, who
traded off questioning duties with Phil Hughes, all-around hairy
guy and the publisher of LJ.

I'll cover the panelists' comments later (the format basically
involved each one giving a five-minute, semi-prepared response
to one of two before-the-fact questions, with audience Q&A after
each set of responses, and one segment of about 10 questions
posed by Phil); for now a few highlights:

- Most of the panelists foresee Linux as owning a serious chunk
of the server market by 2001; it will be "the dominant Unix
server platform" and across all hardware, not just Intel,
according to Robert. The DataPro survey showing Linux as the
only non-MS OS to gain market share in 1997 was mentioned
several times.

- Much easier, prettier interfaces (KDE, Gnome) are coming;
these will broaden Linux's appeal even to the "Mom set." Jeremy
predicted Linux on 20-25% of the PC systems shipping in 2 to 3
years (based on the current status and the 12-month doubling
rate Linux is enjoying).

- Intel seems very committed to long-term, serious Linux
support; Sunil made several pleas for Linux developers to
"come talk to us and tell us what we can do." Intel and VA
Research cooperated to demonstrate a 4-way, 400 MHz Xeon (1MB)
server running Linux; it was most impressive. Leonard Zubkoff
spent the last couple of days tweaking the kernel to run on the
system.

As always, Linus was full of quips; I'll get to those in the
follow-up, too. (Btw, note that while he doesn't care how
anyone pronounces Linux, he unquestionably does so with the
short "i" sound, as in "linen." Amen.)

[10] http://www.m-tech.ab.ca/linux-biz/
[11] http://www.infoworld.com/cgi-bin/displayStory.pl?980710.whlinux.htm
[12] http://www.infoworld.com/cgi-bin/displayStory.pl?98076.ehlinux.htm
[13] http://www.teamtaos.com/events/linux/
[14] http://pobox.com/~newt/reports/linux-19980714-top.html
[15] http://www.tbtf.com/resource/skodlar.txt
[16] http://www.infoworld.com/cgi-bin/displayStory.pl?980717.whorlinux.htm
[17] http://www.infoworld.com/cgi-bin/displayStory.pl?980717.whinformix.htm
________________

..Private doorbells

Knock knock. Who's there? The Man

A coalition of 13 networking and security companies lead by Cisco
Systems is offering what it calls a compromise in the encryption
standoff [18]. It proposes an expedited export review for network-
based encryption with two restricted access points -- so-called
"private doorbells" -- at the beginning- and end-point of each
transmission. Using this scheme, you leave encryption up to your
ISP's router or firewall. Your network traffic is scrambled using
triple-DES -- 10^33 times more secure than DES -- as it travels
across the Net to its destination. But a network operator can flip
a switch on the starting or ending router and trap all of your com-
munications unencrypted, if requested to do so by a law enforcement
agency.

Cisco has posted a press release [19] and a white paper [20] describ-
ing the technology.

Of the 13 companies in the coalition, 10 have filed papers with the
Commerce Department asking for expedited review of products based
on private doorbell technology. The 13 companies are:

Ascend Netscape
Bay Networks Network Associates
Cisco Systems Novell
3Com RedCreek Communications
Hewlett-Packard Secure Computing
Intel Sun Microsystems
Microsoft

Privacy advocates dislike the very idea of making the Internet wire-
tappable at the router level. Individuals could still guarantee com-
plete privacy with desktop-to-desktop encryption. But the existence
of tappable network-level encryption will reduce the demand for
end-to-end crypto, making it easier to outlaw solutions such as PGP,
which today are legal. Cryptographer Bruce Schneier comments, "This
is being touted as a compromise, but I can't figure out where the
compromise part is."

[18] http://www.news.com/News/Item/Textonly/0%2C25%2C24110%2C00.html?tbtf
[19] http://www.cisco.com/warp/public/146/july98/3.html
[20] http://www.cisco.com/warp/public/146/july98/2.html
________________

..Four new Microsoft security holes

The Windows platform takes on the appearance of a ripe Swiss cheese

..Dot

The "dot" bug [21] (re)surfaced in late June, when programmers at
the San Diego Source, the online arm of a Southern California bus-
iness journal, discovered that placing an extra period placed at
the end of an Active Server Page URL reveals the script code behind
the page. ASP code is not meant to be seen; it sometimes contain
procedures to access databases, including user names and passwords.
It turns out this bug had been reported and patched in Microsoft's
Internet Information Server 16 months ago, but San Diego Source
found that it also affects NT-based Web servers from O'Reilly & As-
sociates, Netscape, Sun, and Progress Software. All of these com-
panies scrambled to produce patches, while pointing at Microsoft's
NT operating system as the underlying cause of the vulnerability.

[21] http://www.news.com/News/Item/Textonly/0,25,23619,00.html?tbtf

..:$$data

In early July a similar bug [22] was reported to NTBugtraq by Paul
Ashton (who also found #5 on the TBTF Microsoft security exploits
page [23]). Add ":$$data" to the end of an ASP URL and, if condi-
tions are right, again you get the page's source code returned to
your browser. Microsoft posted a fix to its security page on July
2.

[22] http://www.infoworld.com/cgi-bin/displayStory.pl?98072.whiisbug.htm
[23] http://www.tbtf.com/resource/ms-sec-exploits.html#n5

..Remote Data Services

This IIS 4.0 database vulnerability [24], [25] stems from a component
called Remote Data Service, enabled by default when IIS is installed,
allows an intruder who has gained possession of a password and the
name of a target database to query the database remotely. (This vul-
nerability combines nicely with the two above.) Microsoft revealed
the exposure on its week-old Security Advisor Notification Service.

[24] http://www.zdnet.com/pcweek/news/0713/17miis.html
[25] http://www.microsoft.com/security/bulletins/ms98-004.htm

..A password-grabbing Trojan

Anti-virus company Dr. Solomon's reported a Trojan horse program
[26], [27] aimed at users of Microsoft's dial-up networking. The
Trojan targets people who allow their system to store their (weak-
ly encrypted) password, instead of typing it in each time. It uses
native Win32 facilities to mail the password file off to its master
for cracking. The Trojan surfaced at a Swiss ISP.

[26] http://www.infoworld.com/cgi-bin/displayStory.pl?98077.wcsolomon.htm
[27] http://www.drsolomon.com/vircen/valerts/win_dial.html
________________

..A hole in Secure Socket Layer

An improbable attack is blocked

A Bellcore encryption researcher, Daniel Bleichenbacher, last Feb-
ruary discovered a flaw in SSL that could, in far-fetched theory,
allow a well-equipped cracker to decrypt a Net session protected
by SSL [28], [29]. When RSA Data Security sent out a warning on the
problem late last month to its licensees, Microsoft, O'Reilly,
Netscape, and others rushed to implement a fix. C2net's FAQ [30]
on the bug illustrates how impractical the attack would be to mount
in earnest. An attacker would need to send about a million messages
to an SSL server in order to obtain a single session key.

[28] http://www.news.com/News/Item/Textonly/0,25,23595,00.html?tbtf
[29] http://www.techweb.com/wire/story/reuters/REU19980626S0001?ls=twb_text
[30] http://www.c2.net/products/stronghold/support/PKCS1.php
________________

..States drop Office from Microsoft complaint

Aiming to tighten their case

In an effort to focus their sweeping antitrust case against Micro-
soft, 20 states and the District of Columbia have dropped [31] al-
legations about the use of inappropriate licensing and sales tac-
tics for the Office productivity suite. The attorneys general said
they were responding to limits on witnesses and time set by the
trial judge.

[31] http://www.techweb.com/wire/story/TWB19980717S0013
________________

..Crypto news

..Junger loses in Federal court, will appeal

Peter Junger, an Ohio law professor who is pursuing one of three
separate lawsuits challenging government restrictions on the export
of strong crypto, lost the first round on July 3 and plans an appeal
[32]. Judge James Gwin ruled that software is a device, not speech,
and therefore does not merit first-amendment protection -- a finding
180 degrees at odds with earlier Federal court ruling in the Bern-
stein case [33]. (That case has been appealed, with a decision ex-
pected any day.) Junger has started a mailing list [34] and hopes to
attract computer scientists and legal experts to discuss the ruling
that software is not speech.

[32] http://www.infoworld.com/cgi-bin/displayStory.pl?98079.eijunger.htm
[33] http://www.tbtf.com/archive/12-24-96.html
[34] http://samsara.law.cwru.edu/comp_law/jvd/
________________

..US relaxes crypto export for banks

The Commerce Department announced on July 7 that US software com-
panies will have new freedom to export strong crypto to financial
institutions chartered in 45 countries [35]. The receiving finan-
cial institutions will be allowed to further distribute the crypto-
enabled products to their branch offices worldwide, with the ex-
ception of a handful of terrorist states, as defined by the US.
This change amounts to a simplification of red tape for financial
institutions, not a real policy shift. The 45 countries, which are
deemed to have strong laws against money laundering, are listed
here [36].

[35] http://www.seattletimes.com/news/business/html98/cryp_070798.html
[36] http://jya.com/doc-ease.htm
________________

..An authoritative newsletter on crypto

Bruce Schneier's Counterpane Systems has begun publishing a free
email and Web newsletter called CRYPTO-GRAM, and the first few
issues set a new standard for public commentary on crypto news.
To subscribe, visit [37] or send an empty message to
crypto-gram-subscribe@chaparraltree.com .

[37] http://www.counterpane.com/crypto-gram.html
________________

..Simulating emulation

Creative Photoshop-ware

Last month MacOS Rumors claimed [38] to have run MacOS 8, emulating
Windows 95 (Virtual PC), emulating MacOS 8 (Fusion); here's what
it looked like [39]. The following day the site trumped this claim
with this screen shot [40] purporting to be

MacOS 8
emulating Windows 95 (Virtual PC)
emulating MacOS 8 (Fusion)
emulating GameBoy (Virtual GameBoy)
emulating Windows CE (WinBoy)
emulating the Newton OS (NewtonCE)
emulating the Pilot (CoPilot for Newton)
emulating Linux (Linux for Pilot)

Some of these components are more than dubious: WinBoy? NewtonCE? I
don't think so.

[38] http://www.macosrumors.com/archive269.html
[39] http://evillemur.blacklightmedia.com/Fusion_on_VPC_on_MacOS.gif
[40] http://evillemur.blacklightmedia.com/emu.jpg
________________________________________________________________________

N o t e s

> Last issue's story of the Media Lab's Irish expansion plans [41] was
premature. The Sunday Times of London had the story but no-one
was confirming it. Years ago the Lab worked at opening a branch
in Japan and the story got out prematurely; nothing ever came of
those plans.

[41] http://www.tbtf.com/archive/06-29-98.html#s13
________________________________________________________________________

S o u r c e s

> For a complete list of TBTF's (mostly email) sources, see
http://www.tbtf.com/sources.html .
________________________________________________________________________

TBTF home and archive at http://www.tbtf.com/ . To subscribe send
the message "subscribe" to tbtf-request@world.std.com. TBTF is
Copyright 1994-1998 by Keith Dawson, <dawson@world.std.com>. Com-
mercial use prohibited. For non-commercial purposes please forward,
post, and link as you see fit.
_______________________________________________
Keith Dawson dawson@world.std.com
Layer of ash separates morning and evening milk.

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5

iQCVAwUBNbLFqmAMawgf2iXRAQFWvQP/Ttoe2wHRpDaDokVMLFcxbu0ZznsQxTTh
zwhjQLn756bDw+Xmq+1i12ac1xlhQEx6hHrj1lynYqTPuPsWo2cdKy8z9PNueKBp
0xMJgSZlmRehQD7zJkxWLhS8a/mOB88EgUaQ/5obkTQH/2ie36ryxk6Wg44BROO9
Ez/ufIPhgns=
=MA4Y
-----END PGP SIGNATURE-----