[Fwd: [Ripple-protocol] [Fwd: [Finanzsystem] hackathon money]]

ec30 keeps getting easier...

-------- Original Message --------
Subject: [Ripple-protocol] [Fwd: [Finanzsystem] hackathon money]
Date: Fri, 03 Jul 2009 00:11:02 +0200
From: Klaus Mueller <m@klml.de>
Reply-To: Ripple concept and protocol development
<ripple-protocol@lists.sourceforge.net>
To: Ripple concept and protocol development
<ripple-protocol@lists.sourceforge.net>

Hi folks,

fyi;)

hackathon money

In 48 hours a group of hackers and creative minds will create free, open
source software that allows anyone to issue and exchange money - Digital
Bearer Certificates that are the basis for free, decentralized currencies
in virtual worlds, social networks and real life.

What can be your contribution? Your skills and talent are valuable! We
need enhusiasts in the fields of coding, security, administration,
identity design, web design, blogging, video editing, photography, writing
...

hackathon money_ is a wonderful opportunity to get together with great
minds, have fun, do what you love and create something meaningful - in
other words, a perfect weekend :)

Gastgeber: metalab / Andreas Pizsa
Beginn: Freitag, 24. Juli 2009 um 19:00
Ende: Sonntag, 26. Juli 2009 um 19:00
Ort: metalab
Straße: Rathausstraße 6
Stadt/Ort: Vienna, Austria

http://www.facebook.com/event.php?eid=94447637156
Metalab: http://metalab.at/

greetz
klml

--
Klaus Mueller
Heßstraße 90
80797 München

+49 89 18 98 58 21
+49 178 54 38 400
klml.de

------------------------------------------------------------------------------
_______________________________________________
Ripple-protocol mailing list
Ripple-protocol@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ripple-protocol

[Fwd: CE200 DSLAM observations]

The OpenSDSL project lives on!

-------- Original Message --------
Subject: CE200 DSLAM observations
Date: Wed, 1 Jul 2009 07:10:45 GMT
From: msokolov@ivan.Harhan.ORG (Michael Sokolov)
Reply-To: opensdsl@ifctfvax.Harhan.ORG
To: opensdsl@ifctfvax.Harhan.ORG

Update on the bring-up of our test DSLAM: I have received the new fan
module from David at Routerspot and both fans are now running fine.
The DSLAM's Ethernet port is now connected to the Harhan shop network
and has an IP address assigned. The configuration save operation worked
fine as well (see below).

The next step is to bring out the DSL output and look at it with our
various hacky tools while configuring different encapsulations and
netmodels on the DSLAM. I want to determine experimentally exactly what
this DSLAM is able to serve out on the subscriber loops when it's being
used by itself without a Redback router on the other end of a DS3 ATM
pipe.

With Rhythms and NorthPoint being gone, it seems that the only remaining
network which operates CM DSLAMs with the luxury of DS3 backhaul and
Redback aggregation routers is MegaPath aka former DSL.net on the
Atlantic coast. (If there are any others, I would like to know who they
are!) All other remaining CM DSLAM operators seem to be small
independents like RRIC. If a network operator has a bunch of DSLAMs
deployed in different COs and has DS3 links connecting them to an even
more central "MegaPOP", they can afford to use each DSLAM as nothing
more than a Layer 2 device and provision each subscriber as a separate
PVC from the "MegaPOP" side. However, if you have a single DSLAM and
you want to serve a local contingent of customers from it, you would
simply want to feed raw upstream bandwidth to it and have the DSLAM do
the rest, right? Hence my desire to find out exactly what this DSLAM is
able to serve out when one can't use the Cross-Connect netmodel because
there's nothing to cross-connect to.

The CE200 DSLAM puts its subscriber loops out on 50-pin Amphenol
connectors commonly known as "female telcos". Tomorrow I'll be heading
to the local telco gear warehouse to pick up the right cable for that;
I already have an M66 block with Amphenol breakout.

I have also taken a little peek at the internals of this DSLAM. As I
had already observed a while back, it has two internal buses: CompactPCI
and a proprietary line card bus. The Buffer Control Module is basically
the bridge between these two buses. The line card bus interconnects all
line card slots and the two redundant BCM slots. There two cPCI buses,
one on each side of the chassis for the redundant configuration. Each
cPCI complex consists of the System Control Module, WAN modules and the
BCM which links it to the line card bus and manages the redundancy
feature. My CE200 has a single cPCI complex on the left side, the
redundant slots on the right are unpopulated - apparently not too many
of these DSLAMs were shipped with the redundancy feature. (I've been
told they are so reliable that the redundant cPCI complex isn't really
needed.)

The SCM is an off-the-shelf Pentium SBC (single board computer) made by
Ziatech. (CM's documentation mentions there being 3 different versions
of the CE200 SCM and mine appears to match the description of version 1.)
The system's main CPU being an off-the-shelf SBC obviously raises the
next question of hacker's curiosity: what OS is it running? Well, I now
have the answer: it's VxWorks.

One of my past bosses at an embedded software engineering company has
referred to VxWorks as the "Microsoft of the embedded world", but that
was referring mostly to their proprietary licensing model. Those issues
aside, in purely technical terms VxWorks doesn't seem to be all that bad
when one needs a very complex and very specialized embedded system with
functionality markedly different from general purpose computer OSes.
But then perhaps I make a poor judge in this matter as I'm not very
familiar with VxWorks beyond hearsay.

There are two DE9 serial ports on the SCM, labeled "craft" and
"diagnostic". (According to CM's docs on SCM version 3 they've been
replaced with RJ45s using Cisco pinout, but I've never seen one with my
own eyes.) CM's docs talk only about the craft port and tell you to
leave the other one alone. Well, connecting to the diagnostic port like
CM tells you not to, one sees that it's the console port for VxWorks
running on the CPU. One can interact with the boot ROM, tell it to boot
a different image, and once it's booted, interact with the VxWorks
kernel and see the debug output from various processes. The craft port
in contrast is fully sanitized, all you see there is exactly what you
see when you telnet to a running DSLAM, no low-level debug output of any
kind. Basically the craft port is a way to get to the management CLI
when the IP stack isn't up and usable.

There is one part of this DSLAM design that is likely suffering from a
blemish though, and that is the flash file system. Flash memory on the
SCM is used to store the software/firmware images for all the boards in
the system as well as the config.txt or config.tgz (DOS-ified config.txt.gz,
see below) file which contains all persistent configuration. My contact
at MegaPath has told me that just about the only failure mode seen on
these DSLAMs is that after a certain while the SCM loses the ability to
save its running configuration to persist across power cycles, and after
taking a peek at how its internal file system is implemented, I think I
have a guess as to why that happens.

The two file systems supported by VxWorks are DOS and RT-11. Well,
there is nothing fundamentally wrong with using either of these file
systems in an embedded system (I particularly like the RT-11 fs), except
one little problem: both file systems are designed for regular block
devices, not for flash.

The file system used by CM on the SCM is DOS, or at least it has all the
appearance of a DOS file system: drive letters, 8.3 filenames, backslash
as the path separator, DOS-looking directory listings, all filenames
converted to uppercase as the canonical form. SCM version 1 (the one I
have) has only one kind of flash on it (VxWorks drive letter P:) and it
appears to be NOR flash. According to CM's docs SCM version 2 adds an
IDE flash drive under letter Q:.

Well, as someone who does embedded system consulting for a living
outside of the telecom hobby, I can tell you that NOR flash is rather
delicate and that it's designed for directly executable code, not for
making a file system out of it. Implementing a reliable flash file
system on top of NOR flash is certainly possible (jffs2 in Linux is a
good example), but it takes certain care, and I have never heard of
anyone implementing a DOS file system on top of NOR flash.

Being designed for traditional disk devices with 512-byte sectors, the
DOS file system is totally unsuited for NOR flash. The only way to
implement such a thing would be to build a software emulation layer that
makes a virtual block device out of NOR flash, and that is tricky. If
one does the dumb thing of implementing writes of 512-byte "sectors" by
taking the much larger flash sector, stashing it away in RAM, erasing it
and reprogramming it in flash, the resulting system will not only wear
the flash out very very shortly, but will also be vulnerable to
catastrophic fs corruption should the power go out in the middle of that
operation. I sure hope that CM's implementation of their DOS fs isn't
*that* dumb, but given all those field reports with the symptoms of
flash wearing out prematurely, who knows... Even if it isn't super-dumb,
it sure seems very suboptimal. There is the FTL standard that tells you
how to do it "right", but I'm not familiar with the details off the top
of my head and I still don't know how good it is - I would choose jffs2
over FTL any day in any system I design.

I have a guess that the reason why CM had added an IDE flash drive to
version 2 of their SCM was not because they needed more room, but simply
to avoid the configuration save flash wear problem. (Apparently when
that IDE flash drive is present, only the SCM code image stays on P: and
all other images and the config file move to Q:.) But they could have
fixed it by improving their software instead of throwing in more
unnecessary hardware!

Well, it's getting late here and I'm heading to bed. I will post more
when I wire up the DSL output from the beastie and play with some
configurations.

MS

[Fwd: A Few Random Thoughts...]

Good thoughts

-------- Original Message --------
Subject: A Few Random Thoughts...
Date: Fri, 26 Jun 2009 10:42:49 -0400
From: R.A. Hettinga <rah@shipwright.com>
To: Gold Silver Crypto <gold-silver-crypto@rayservers.com>, NANOG list
<nanog@nanog.org>, cypherpunks@al-qaeda.net, Cryptography
<cryptography@metzdowd.com>
References: <20090626134321.GH23524@leitl.org>

As with anonymous remailers, or any other anonymous system, the exit
node of an onion-routing system is the sin-eater for the rest of the
network.

And, without cash settlement, you get what you pay for. :-).

Cheers,
RAH
-------

Begin forwarded message:

From: Eugen Leitl <eugen@leitl.org>
Date: June 26, 2009 9:43:21 AM GMT-04:00
To: tt@postbiota.org, info@postbiota.org, cypherpunks@al-qaeda.net
Subject: A Few Random Thoughts...

----- Forwarded message from Michael <cozzi@cozziconsulting.com> -----

From: Michael <cozzi@cozziconsulting.com>
Date: Fri, 26 Jun 2009 08:16:00 -0400
To: or-talk@seul.org
Subject: A Few Random Thoughts...
User-Agent: Thunderbird 2.0.0.22 (Windows/20090605)
Reply-To: or-talk@freehaven.net

Hi all,

As one of those lucky souls with access to almost limitless
bandwidth and the skills (or stupidity) to use it, I suppose an apology
is in order:

I'm sorry- after reviewing what *could* be the consequences, I have
to whimp out based on professional risk factors... I can't run an exit
node. So I have to leave it to other folks who have a different
situation to do the heavy lifting.

What I *am* doing is deploying a couple of heavy iron closed relays
on OC3 or better bandwidth. The first is now deployed after a lot of up
and down testing, and I'll get to the second in due time.

I've been watching Tor for a long time and just recently decided to
get involved. The Iran situation cemented that decision.

Anyhow, here are some random thoughts:

On the "Who uses Tor?" section of the website, I see no mention of
IT people. I've used the Tor network for many practical uses as an IT
Director. These range from bypassing my own firewall to test incoming
connections, to helping my legal department do research on a pending
lawsuit without the opposition *knowing* we even looked at their
website. Having a random and easily accessible IP to initiate
connections from is a priceless testing tool. Especially when dealing
with niggling routing problems.

On one occasion my ISP was having routing/DNS problems, and Tor was
able to find an entrance node and allow me to work even though I
couldn't get to my remote servers directly. This saved my client a lot
of downtime, and might have saved me the account. Also, my employer's
R&D department sometimes needs to look at things they don't want anyone
to know they looked at (All quite legal mind you).

Quite frankly Tor is an undervalued IT tool and it's capabilities
should be trumpeted loudly on the web page. You might also find IT guys
like me throwing up some relays in exchange. After all- who has the
bandwidth anyway?

And before anyone accuses me of it, I'm not nearly stupid enough to
do a port scan over Tor. Phew.

One of the issues I ran into when looking into running an exit relay
had to do with not only the legalities, but identifying a server vendor
that was offshore from my home country and friendly to a Tor exit. In
order for me to run an exit node, I have to be completely shielded.

As it stands now, I can probably run an exit for instant messaging-
and that's it. However, if Tor itself had a relationship with someone
who rents hardware, perhaps a partnership, Tor could get the exit nodes
it needs, and the server vendor could get lots of cash. From my
standpoint, it doesn't matter whether I rent or colocate my hardware. So
if Tor as an organization had a partnership with a few server rental
whores (in multiple countries), it would simplify getting more exits. I
need servers, Tor runs with little impact on my server, I could care
less where my remote hardware is provisioned from. Bingo- more exits.

I read back about 6 months in the or-talk list and there were a
couple of suggestions inferring that *everyone* should be forced to be
an exit node. I think this is a very bad idea, and hurts the security of
the person trying to remain anonymous by causing an identifiable change
in bandwidth usage that could infer Tor usage (Information leakage).

Simply speaking, on a default Windows/Vidalia installation, outgoing
Tor traffic usually looks like https traffic, but on a forced exit, now
Tor is identified by relatively matched traffic on port 443 both in and
out of the client's connection (Unless it's entrance node is a *nix
variant). This could mean death (literal) for a political dissident who
is now identified as having an in/out matching traffic pattern assuming
his entrance node is on Windows. It is more likely, that a country
monitoring it's citizens would miss simple https traffic. But even
myself as a lowly IT director, would have alarm bells going off if https
was initiating in two directions from the same machine. Alternative
ports can also set off alarm bells. But given the nature of Onion
Routing, two way traffic needs to be avoided in the most sensitive
sensitive situations. Forcing exit nodes is a bad idea for users. It
will also drive away anyone who cannot provide an exit node.... that's
chasing away bandwidth as non exit relays run for the hills.

Long post. Too much coffee and too much time staring at routing
tables.

Michael

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

[Fwd: Some initial investigation on GPRS support]

Happy hacking indeed...

-------- Original Message --------
Subject: Some initial investigation on GPRS support
Date: Thu, 25 Jun 2009 21:16:59 +0200
From: Harald Welte <laforge@gnumonks.org>
To: openbsc@lists.gnumonks.org

Hi!

I've started to analyze GPRS and was actually even starting to write
some code
for it, but then have given up for the time being - it's much more work than
anticipated.

Given the long todo list of OpenBSC right now, I think I'll have put
aside GPRS
for some time :(

Based on looking at protocol traces, I have figured out the nanoBTS
GPRS/EDGE
implementation roughly looks as follows:

* make sure we allow the BTS to activate the GPRS software components
in abis_nm / OML activation!
* BTS will use a UDP connection on port 23000 for the GPRS related frames.
The GSM specs will consider this type of connection between the PCU (part
of the nanoBTS) and the SGSN. The establishment/configuration of the
UDP port number and SGSN ip address has not yet been identified.
Probably
similar to how the RSL link is activated via OML.

The protocol stack looks like:

IP : UDP : NSIP : BSSGP : LLC : higher-layer

IP and UDP you should know and/or not care about ;)
NSIP is a IP-enabled version of NS as specified in TS 08.16
BSSGP is specified in TS 08.18
LLC is as specified in TS 04.64

the higher-layer depends on the SAPI value of the LLC and can be
* GMM (GPRS Mobility Management as specified in 04.08)
* User Data (actual IP packets, e.g.)
* SMS

So what is weird about this is that the GPRS MM is actually part of
04.08, but
it is not terminated at the BSC but rather at the SGSN. Also, the deep
stack
comprised of many headers is really weird. Furthermore, it seems that a lot
of the packet scheduling and timeslot allocation is happening inside the
nanoBTS - very unlike the GSM side of things.

I have not yet managed to figure out how to allocate/dedicate resources to
GPRS.. after all, the BTS needs to know how many timeslots it can use
for it,
etc.

If anyone wants to dig deeper, you're most welcome to do so. A list of
relevant specs:

01.61 GPRS cipher algorithm requirements
03.60 Overall GRPS logical architecture (above RL and MAC)
03.64 GPRS radio interface
04.60 RLC/MAC on PDCH
04.64 MS-SGSN LLC spec (on top of RLC/MAC)
04.65 SGSN SNDCP
08.14 BSS SGSN Gb Layer 1
08.16 BSS SGSN Gb Layer 2
08.18 BSS SGSN BSS GPRS protocol
09.95 Interworking between modified PLMN supporting legacy GPRS and GPRS
mobiles
22.060 GPRS Service Spec
23.060 GPRS Radio Service Spec
29.016 SGSN - VLR Interface Gs network interface spec
29.018 SGSN - VLR Interface Gs layer3 interface spec
29.060 GPRS Tunneling (GTP) over Gn and Gp

Happy hacking,
--
- Harald Welte <laforge@gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7
Ch. A6)

[Fwd: TechNet Plus Subscription Deactivation]

Was fun while it lasted.

-------- Original Message --------
Subject: TechNet Plus Subscription Deactivation
Date: Fri, 12 Jun 2009 20:26:31 +0100
From: IT Advisory Council <ITAdvisoryCouncil@thinkintrepid.com>
To: <charles@thewybles.com>

Intrepid.bmp

Dear Charles,

Microsoft contracted with us, Intrepid Consultants, Inc, to conduct the
TechNet Plus Pilot Study program research and manage the activities of
the pilot study. Our records show that you have recently signed up for a
free TechNet Plus subscription through a registration link that was made
available without authorization on a public blog.

The registration link is part of a proprietary study and the party that
shared the information was in violation of the terms and conditions to
which they agreed to participate in the study. Membership to the Pilot
study is limited and all members of the program are required to first
meet survey requirements and then complete tasks and assignments over a
two month period in order to qualify for and have access to the free
TechNet Plus subscription. Since this was a privately conducted pilot
study, at no time was it ever intended that a free TechNet Plus
registration link would appear on a public internet site, which was done
in violation of the terms to which participants agreed upon registering
to participate in the pilot study.

We are very sorry for the inconvenience, but for this reason, we have
deactivated your subscription, as well as all other subscriptions
resulting from the unauthorized publication of the TechNet Plus Pilot
Study program registration link on a public blog. Again, we apologize
for any inconvenience.

Kind regards,

The Intrepid Consultants Team

If you are interested in a TechNet Plus subscription, please follow the
link to purchase:
http://technet.microsoft.com/en-us/subscriptions/renew.aspx

This e-mail and all files transmitted within are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. Please do not reproduce, print or forward any material
received unless granted express permission by the sender. Thank you,
Intrepid Consultants, Inc.

The research and communications administered by Intrepid Consultants,
Inc is conducted according to the highest standards of the Market
Research Society's code of conduct. Your information will not be shared
with any third party for any reason.

Microsoft is committed to protecting your privacy and has commissioned
Intrepid <http://www.thinkintrepid.com> and its partners (click here
<http://www.thinkintrepid.com/privacy> to read Intrepid's privacy
statement) to oversee the Survey and collect survey responses and
communicate with interested respondents and individuals. Should you wish
to no longer receive e-mails from Intrepid Consultants, please send an
e-mail to technetpilot@thinkintrepid.com with the word "remove" in the
subject line.

Please notify us if you are receiving this message in error at
ITAdvisoryCouncil@thinkintrepid.com and delete all contents of this email.

Review Microsoft's Privacy Statement here
<http://www.microsoft.com/info/cpyright.mspx>.

For information, please call 1-866-625-1409

Intrepid Consultants, Inc

124 NW Canal St, 2^nd Fl

Seattle WA 98107

All your ID belong to us

So lately I've become something of a federal ID/clearance junkie.

I completed my CVI clearance process last night.

Now I'm obtaining TWIC.

Then NEXUS and FAST.

Fun stuff.

Will update this post as I complete the process etc.

[Fwd: Re: [Cabletv-list] Cabletv-list Digest, Vol 27, Issue 5]

Television.... funny business...

-------- Original Message --------
Subject: Re: [Cabletv-list] Cabletv-list Digest, Vol 27, Issue 5
Date: Mon, 8 Jun 2009 12:16:13 -0500 (CDT)
From: Steve Dyche <sdyche@npgco.com>
Reply-To: CableTV-List <cabletv-list@cabletv.org>
To: <cabletv-list@cabletv.org>
References: <mailman.1.1244480401.24012.cabletv-list@cabletv.org>

All my recent experience with the service indicates that it is alive and
well. That is dealing with that division of TV Guide/ Macrovision and
whatever their new name is.
We have had to deal with some interestng situations, the data source on
the VBI of one of our imported PBS stations did not keep the service when
they switched over to their DTV channel. Instead the service is available
on another network television station in town which we do not carry or
import.

We transport the data service which is on a another PBS station from a
remote site and the common carrier could not accommodate keeping the VBI
intact during the transport. We contacted TV Guide Plus and they provided
a data inserter, we provided a phone line. They download guide data
regularly via telephone, the data inserter puts it back onto the
transported but stripped VBI PBS channel.

We have quite a few elderly customers, non-converter that insist on having
the service.

----------------------------------------------------------------------

Message: 1
Date: Mon, 8 Jun 2009 08:36:48 -0500
From: "Matt Schonlau" <matt@pioncomm.net>
Subject: [Cabletv-list] Guide +
To: "SCTE-List" <SCTE-List@SCTE-LIST.ORG>, "CableTV-List"
<cabletv-list@cabletv.org>
Message-ID:

<D271DAC1E8DE4A439400EF8644EB314A015257FA@pionexch2003.pioncomm.net>
Content-Type: text/plain; charset="us-ascii"

Can anyone direct me to more information on Guide+. How long will it be
supported?

Matt Schonlau, Switching & Transmission Mgr.
Pioneer Communications
120 W. Kansas
Ulysses, KS 67880
620-356-7146
http://www.pioncomm.net/

------------------------------

_______________________________________________
Cabletv-list mailing list
Cabletv-list@cabletv.org
To change subscription options or to donate:
http://cabletv.org/mailman/listinfo/cabletv-list
for other cable telecom info, see www.scte.org and www.scte.org.uk

End of Cabletv-list Digest, Vol 27, Issue 5
*******************************************
_______________________________________________
Cabletv-list mailing list
Cabletv-list@cabletv.org
To change subscription options or to donate:
http://cabletv.org/mailman/listinfo/cabletv-list
for other cable telecom info, see www.scte.org and www.scte.org.uk

Re: [WISPA] Electronic Signatures

The big carriers don't require a signature on a contract. They also
don't do (free/near free) installs either. I don't know if there is a
signed contract if you pay for an install.

Yes I realize this is a very important differentiator that we can
provide, however I don't feel a signed contract is necessary. An AUP is
an excellent idea as a general rule, however if they are transiting bits
on your network, you have the right and obligation to defend that
network. If you don't, you risk other operators dropping traffic from
your IP rnage /AS.

Your free to enforce your AUP with impunity. Failure to do so is the
sole reason that "bits of evil" reach our border routers. A few simple
route filters, and spam/botnets would be stopped. Subscribe to the Don't
Route Or Peer List from Spamhaus
(http://www.spamhaus.org/drop/index.lasso), and monitor outbound traffic.

*sighs*

Martha Huizenga wrote:
> Exactly, we send the contract with the install and then get it back when
> the install is done. Works fine.
>
> Jason Hensley wrote:
>> Wow. Seems like a waste of time and resources. If I mailed contracts like
>> that here I'd lose half my install opportunities because they would never
>> send the contract back. Send a contract with the installer, get them to
>> sign it before they install, give one copy to customer, bring one back, done
>> deal. If nothing else, get an electronic as an initial confirmation, then
>> get an actual signature at install.
>>
>>
>>
>> -----Original Message-----
>> From: wireless-bounces@wispa.org [mailto:wireless-bounces@wispa.org] On
>> Behalf Of Scott Reed
>> Sent: Saturday, June 06, 2009 6:42 AM
>> To: WISPA General List
>> Subject: [WISPA] Electronic Signatures
>>
>> We currently use a two-year contract for customers. Right now we gather
>> the information, generate a contract, USMail it to the customer and wait
>> for them to USMail it back after they sign it before we schedule an
>> installation. We would like to reduce the time from initial contact to
>> installation. One option we are looking at is "electronic signature" on
>> the contract. We have done some research into doing this, but thought it
>> would be good to get some other input.
>> If you do electronic signatures, how do you do it?
>> If you use a third party to "certify" the signatures, who do you use?
>> What is good about them? What is not so good?
>>
>>
>
>
> --------------------------------------------------------------------------------
> WISPA Wants You! Join today!
> http://signup.wispa.org/
> --------------------------------------------------------------------------------
>
> WISPA Wireless List: wireless@wispa.org
>
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
>

[Fwd: Re: [SGVLUG] Secure "one time" passwords -- oh really?]

Folks might dig this...

Emerson, Tom (*IC) wrote:
> OK, now that I've got John busy reconfiguring his security system,

*snickers*

I've got a question for the rest of you: how "secure" do you think the
"safeword" password token generator is?

I haven't worked with this one in particular, but am familiar with the
RSA brand.

They are quite secure.

>
> [trick question, I know, because safeword was bought by McAfee]

:)

Let me clarify my above statement. The theory is sound, and the
particular reduction to practice by RSA inc is considered to be quite
secure.

>
> On the surface, I'm not convinced (as you might guess, I've recently been assigned one of these) There are two models they talk about - one that you need only "push a button" to get the (next) "one-time" password token, and another where you need to enter a "pin" and it will generate the next token for that PIN. (and a third option is proprietary software loaded onto your system or blackberry/phone)

The ones from RSA automatically produce the next number, others have you
request it.

In some of the documents, they mention that the tokens can be either
"time based" or "event based". (and I presume "event" means "token
generated", since I don't see any way the fob you carry and back-end
"validating" server would otherwise agree on what an "event" is)

I would say this is a correct analysis, but am not familiar with the
particular reduction to practice used by your vendor.

>
> The card generates what appears to be a 6 (hexadecimal) digit value (i.e., 3 bytes) I have the one where you enter a 4 (decimal) digit PIN (and per related documents I've received, if you get the pin "wrong", it generates an invalid token) Just breaking it down on that aspect alone, the token generator can generate up to 2^24 tokens of which (for the PIN based ones) 1 in 10000 are legit -- someone please check my math, because I only come up with 1677 valid passwords for the life of the token generator! (2^24 / 10000) heavy use of the device (10 validations/day) would kill that in less than half a year! (though I suspect "typical use" might be twice a day/weekdays only/50 work-weeks per year, or about 3 years of useful life [2 * 5 * 50 = 500 uses/year])
>

They are reissued every N years as a matter of course. Your correct. I
didn't validate your math, but 3 to 5 years is par for the course. Again
your particular implementation should be verified by your organizations
security personnel against their specific policies.

> Then there is the challenge of tracking "use" of the tokens - I can think of two methods (and I have an idea as to which was used) The "validating" server can generate every valid token and store that as some form of list, "crossing off" each token as it is used [more realistically, a 16-million-bit bitmask with "1"'s set for each valid token; as they are used, they get reset to 0] OR you prepare a database with 1677 blank entries, filling in each one "as used" (and doing a search each time a token is presented to see if it's been used) Either would work because the entire range of "valid" tokens pretty much "has to be" generated programmatically (and possibly modulated based on the time-and-date that the token is generated, but this "complication" only makes it more difficult for a "human" -- see below)

To my knowledge the seed is site/time specific.

>
> Since the guy that was activating my card indicated "this next step takes some time", I imagine the list is pre-generated (if you use a "bitmask" it would only need to be 2 megabytes long -- years ago, that would be a showstopper, but in today's age of terabyte drives...) I don't know offhand if my card is also time-based (but that's easy to test...)
>
> In any case, I can see that the "push for a new token" card wouldn't be terribly secure (if it is only "event" based) as someone could copy a block of tokens should they get ahold of the card (and since there is no indication of how many tokens have been generated, the user wouldn't necessarily know that he'd been compromised) The pin-based one is a little better as a "random guess" only has a 1-in-10000 chance of getting the correct PIN (or to put it another way, for an attacker to store off potential tokens for later use, they would have to generate/store 9999 other tokens as well) Of course, should the PIN be compromised, the device is no more secure than the single-push version [though, a thought occurs -- if the "PIN" that you enter is used in some way to modify the token generated, and that "method" becomes known, it would be trivial to convert any given result to what it would be with a different PIN - the attacker need only store tokens generated for PIN 0000...]

>
> The "time based" ones are, again, only marginally more secure since (I imagine...) there has to be some set algorithm to convert a "good" token to "good at /this/ moment" token, and if that's the case, chances are pretty good this algorithm can be reversed, and again, someone could extract any number of tokens and "adjust" for the time of day (by first back-converting to the base token, then at the time you wish to break in, convert any base value token to a current-time version...)
>
> Oh well, food for thought for the weekend... Gotta go...
>

Thanks for the post.

I don't do a lot of security work anymore, as I got tired of the very
long audit sessions and stating my name/position/responsibilities etc
for the permanent record, as well as the in depth background checks
required. However I have been directly responsible for some very large,
high profile security implementations, and consulted for several others.
So I hope I answered your questions. Perhaps someone can do a
presentation on two factor VPN authentication with open source software
at SGVLUG?

Apologies for the formal nature of my response, but I take security and
the protection of privacy as very serious matters (even though some of
my previous posts to the list today, may have not seemed so.:)) I'm
guessing you and the organization issuing you the key fob do as well.

I don't know your particular situation beyond the details provided here,
and claim no responsibility for, or accuracy of anything said above.
Please please please onsult with your organizations security and legal
professionals on the security/legal/privacy/compliance implications of
your particular solution and it's reduction to practice.

I really really really care when I'm paid to care, and I take reasonable
precautions during online activity of a non employment related nature.