«

This post probably get's my name on the NSA watch list but I'm in need
of
an example on how to use the java.security.spec.EllipticCurve class.

It's been in the jdk since 1.5 but cannot find any examples on how to
use it.


Thanks
Marty

<> wrote in message
news: oups.com...
> This post probably get's my name on the NSA watch list but I'm in need
> of
> an example on how to use the java.security.spec.EllipticCurve class.
>
> It's been in the jdk since 1.5 but cannot find any examples on how to
> use it.
>
I could tell you... but then I'd have to kill you.

See the following:

http://forum.java.sun.com/thread.jsp...124&tstart=135
http://www.bouncycastle.org/
http://jce.iaik.tugraz.at/sic/produc...o_toolkits/ecc
http://www.peterindia.net/ECCLinks.html
http://www.bmsi.com/java/#EC

- Oliver

<> wrote in message
news: oups.com...
> This post probably get's my name on the NSA watch list but I'm in need
> of
> an example on how to use the java.security.spec.EllipticCurve class.
>
> It's been in the jdk since 1.5 but cannot find any examples on how to
> use it.

Elliptic curves are expected to fall with RSA to quantum computers.

And the way to get on the NSA list is by sending daily encrypted messages to
Arab militant groups - not asking for info

--
LTP

On Wed, 1 Mar 2006 20:01:06 -0700, "Luc The Perverse"
<> wrote, quoted or indirectly
quoted someone who said :

>Elliptic curves are expected to fall with RSA to quantum computers.
>
>And the way to get on the NSA list is by sending daily encrypted messages to
>Arab militant groups - not asking for info

If anyone is serious about encryption and does not want the folks at
homeland security potentially cracking it, go with a one time pad.
With CDs to distribute the keys, it could be made relatively simple
and foolproof to use.

Your biggest problem is spyware at both ends.
--
Canadian Mind Products, Roedy Green.
http://mindprod.com Java custom programming, consulting and coaching.

Roedy Green wrote:

> If anyone is serious about encryption and does not want the folks at
> homeland security potentially cracking it, go with a one time pad.
> With CDs to distribute the keys, it could be made relatively simple
> and foolproof to use.
>
> Your biggest problem is spyware at both ends.

That, and actually finding a BSS. Either you have a very good hardware
generator, or it all collapses down to the seed of your PRNG, which is,
lets face it, usually not that hard to guess.

That being said, current symetric and asymetric methods look pretty
good. Quantum computing might have a say in the matter, but it is still
in its infancy.

"Roedy Green" < > wrote in
message news:...
> On Wed, 1 Mar 2006 20:01:06 -0700, "Luc The Perverse"
> <> wrote, quoted or indirectly
> quoted someone who said :
>
>>Elliptic curves are expected to fall with RSA to quantum computers.
>>
>>And the way to get on the NSA list is by sending daily encrypted messages
>>to
>>Arab militant groups - not asking for info
>
> If anyone is serious about encryption and does not want the folks at
> homeland security potentially cracking it, go with a one time pad.
> With CDs to distribute the keys, it could be made relatively simple
> and foolproof to use.
>
> Your biggest problem is spyware at both ends.

I'd figure the biggest problem is getting the key to the intended
recipient without a man-in-the-middle attack.

My recommendation is to stick with traditional (quantum-weak) encryption
for now, and when quantum computing becomes available, switch to quantum
encryption (which is currently believed to be impossible to crack; not
"merely" infeasible to crack).

- Oliver

On Thu, 02 Mar 2006 14:34:16 GMT, "Oliver Wong" <>
wrote, quoted or indirectly quoted someone who said :

>
> I'd figure the biggest problem is getting the key to the intended
>recipient without a man-in-the-middle attack.

You would send a secure courier around once a year with a stack of CDs
with true random numbers on them. If there is any hint that is
compromised, you send another guy out with a stack of CDs.

This is roughly how the Russians handled embassy transmissions even
back in the 60s. The did not mess around with the unknown of American
computational muscle.

You have the same problem distributing bug-free software (in both
senses). You pretty well must have it delivered by secure courier on
CD. Digital signing will stop your average hacker but I would not
trust it to stop the CIAs of the world.

If I were working for the government try to crack a terrorist ring
using one-time pads, the vulnerabilities to go for are:

1. intercept the courier and convince him something awful will happen
if he ever lets on. You make copies of the CDs.

2. You take advantage of the fact Windows is such a crappy OS. You
get Mr. Gates to smuggle in the code you need in the next official MS
update.

3. On the off chance someone slips, you create email viruses and porn
viewers that report back to Momma if they ever find themselves on a
computer with "interesting" software installed.

4. You install EMF tracking to read the screens of people viewing the
messages.

5. you use traditional bugging, including keyboard bugs that record
keystrokes.

6. You become a manufacturer of high security message exchange
software. If they are dumb enough to accept complex software without
source that they compile....

7. You prevail on Sun to insert backdoor code in compiled programs
under certain circumstances.


--
Canadian Mind Products, Roedy Green.
http://mindprod.com Java custom programming, consulting and coaching.

On Thu, 2006-03-02 at 15:02 +0000, Roedy Green wrote:
>
> > I'd figure the biggest problem is getting the key to the
> intended
> >recipient without a man-in-the-middle attack.
>
> You would send a secure courier around once a year with a stack of CDs
> with true random numbers on them. If there is any hint that is
> compromised, you send another guy out with a stack of CDs.

The courier is the "man in the middle" and thus, the avenue of "attack."

James McGill wrote:
> On Thu, 2006-03-02 at 15:02 +0000, Roedy Green wrote:
>
>>> I'd figure the biggest problem is getting the key to the
>>
>>intended
>>
>>>recipient without a man-in-the-middle attack.
>>
>>You would send a secure courier around once a year with a stack of CDs
>>with true random numbers on them. If there is any hint that is
>>compromised, you send another guy out with a stack of CDs.
>
>
> The courier is the "man in the middle" and thus, the avenue of "attack."
>

That isn't a man-in-the-middle attack in the usual sense of the term.
It's just attacking the transmission medium. A man-in-the-middle attack
doesn't require a man to be in the middle of the transmission, it places
a "man" there to break the security of the system in some way.


James

"James Westby" <> wrote in message
newsfFNf.99934$. uk...
> James McGill wrote:
>> On Thu, 2006-03-02 at 15:02 +0000, Roedy Green wrote:
>>
[I, Oliver, wrote:]
>>>> I'd figure the biggest problem is getting the key to the
>>>> intended recipient without a man-in-the-middle attack.
>>>
>>>You would send a secure courier around once a year with a stack of CDs
>>>with true random numbers on them. If there is any hint that is
>>>compromised, you send another guy out with a stack of CDs.
>>
>>
>> The courier is the "man in the middle" and thus, the avenue of "attack."
>>
>
> That isn't a man-in-the-middle attack in the usual sense of the term. It's
> just attacking the transmission medium. A man-in-the-middle attack doesn't
> require a man to be in the middle of the transmission, it places a "man"
> there to break the security of the system in some way.
>

I think we're all thinking of the same situation, though. You have a CD.
You want to give it to a particular person named Alice, and you don't want
anyone other than Alice having access to the CD between the time when it
leaves your possession and enters Alice's possessions.

Here, the Courier MIGHT be the man in the middle. Or maybe someone will
beat up the courier, take the CD, make a copy of it, and then give the
original to Alice (or give a completely new CD to Alice or whatever).

They say to always concentrate on the least secure point of your system.
One-time pads are pretty strong, and I think the weakest part of this
particular system is the part where you have to give the pad (i.e. the CD)
to the courier, and then the courier is out of your sight for a while, and
then the courier (perhaps the same one, perhaps a different one) shows up in
front of Alice, and hands her a CD (perhaps the same one, perhaps a
different one).

- Oliver