From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce.mMe442d3920e7aeed16791c3f8.r522be890-2105-11eb-b15e-8d699134e1fa@9fans.bounce.topicbox.com>
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.7 required=5.0 tests=DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,DKIM_VALID,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2 autolearn=ham autolearn_force=no version=3.4.4
Received: from tb-ob20.topicbox.com (tb-ob20.topicbox.com [173.228.157.66])
	by inbox.vuxu.org (Postfix) with ESMTP id 1FFAF24D3A
	for <ml@inbox.vuxu.org>; Sat, 11 May 2024 22:21:52 +0200 (CEST)
Received: from tb-mx1.topicbox.com (tb-mx1.nyi.icgroup.com [10.90.30.61])
	by tb-ob20.topicbox.com (Postfix) with ESMTP id D003924106
	for <ml@inbox.vuxu.org>; Sat, 11 May 2024 16:21:51 -0400 (EDT)
	(envelope-from bounce.mMe442d3920e7aeed16791c3f8.r522be890-2105-11eb-b15e-8d699134e1fa@9fans.bounce.topicbox.com)
Received: by tb-mx1.topicbox.com (Postfix, from userid 1132)
	id 8070B18E64A9; Sat, 11 May 2024 16:21:51 -0400 (EDT)
ARC-Authentication-Results: i=2; topicbox.com; arc=pass; dkim=pass (2048-bit rsa key
 sha256) header.d=gmail.com header.i=@gmail.com header.b=IcOXN5P1
 header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass
 policy.published-domain-policy=none
 policy.published-subdomain-policy=quarantine policy.applied-disposition=none
 policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none)
 policy.policy-from=p header.from=gmail.com; spf=pass
 smtp.mailfrom=crossd@gmail.com smtp.helo=mail-lj1-f180.google.com;
 x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message
 has been altered)) (Message modified while forwarding at Topicbox)
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=
	topicbox.com; h=mime-version:references:in-reply-to:from:date
	:message-id:subject:to:content-type:content-transfer-encoding
	:list-help:list-id:list-post:list-subscribe:reply-to
	:list-unsubscribe; s=sysmsg-1; t=1715458911; bh=LTEOxCwR8kMGICPu
	G8yyRJgbS8KXrf9mRgc0W8aXmBQ=; b=N5eMtCryb3HAN44Z3wr9OBkIM1Rpp0uv
	T56HKpBw+LUjmOLWJlt3ZZncG9Cx0SfT9VdftK8rTciaNVFVLsEHt91LoIy2io5m
	ry40acEE3EgnXfaZU0pcdfX9UwhAswjjze8p8eOXkontlWm8pC4WiWCEV7F32Kb1
	ucz0Aa0zB7k=
ARC-Seal: i=2; a=rsa-sha256; cv=pass; d=topicbox.com; s=sysmsg-1; t=
	1715458911; b=avBVPh/q4H6izrKYgDw8CHnTU328aHo98ub0IRSuVoCqB9SSOx
	5rJc7qLzBlOH0cnPyeIIDWi1hDtGUMiXTJE0BljmB7ebeYsK5/30eM6Ly5NYlQiK
	NjR7ILwOFB/R05EQv36X11cQqRr9dvYvYv3j6u0jGXndehbIIpzpci6xI=
Authentication-Results: topicbox.com; arc=pass; dkim=pass (2048-bit rsa key
 sha256) header.d=gmail.com header.i=@gmail.com header.b=IcOXN5P1
 header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass
 policy.published-domain-policy=none
 policy.published-subdomain-policy=quarantine policy.applied-disposition=none
 policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none)
 policy.policy-from=p header.from=gmail.com; spf=pass
 smtp.mailfrom=crossd@gmail.com smtp.helo=mail-lj1-f180.google.com;
 x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message
 has been altered)) (Message modified while forwarding at Topicbox)
X-Received-Authentication-Results: tb-mx1.topicbox.com; arc=none (no
 signatures found); bimi=skipped (DMARC Policy is not at enforcement);
 dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com
 header.b=IcOXN5P1 header.a=rsa-sha256 header.s=20230601 x-bits=2048;
 dmarc=pass policy.published-domain-policy=none
 policy.published-subdomain-policy=quarantine policy.applied-disposition=none
 policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none)
 policy.policy-from=p header.from=gmail.com; iprev=pass
 smtp.remote-ip=209.85.208.180 (mail-lj1-f180.google.com); spf=pass
 smtp.mailfrom=crossd@gmail.com smtp.helo=mail-lj1-f180.google.com;
 x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key)
 header.d=1e100.net header.i=@1e100.net header.b=JsqjK3Fb; x-me-sender=none;
 x-ptr=pass smtp.helo=mail-lj1-f180.google.com
 policy.ptr=mail-lj1-f180.google.com; x-return-mx=pass header.domain=gmail.com
 policy.is_org=yes (MX Records found:
 alt1.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Records found: alt1.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=9fans.net; h=
	mime-version:references:in-reply-to:from:date:message-id:subject
	:to:content-type:content-transfer-encoding:list-help:list-id
	:list-post:list-subscribe:reply-to:list-unsubscribe; s=dkim-1;
	 t=1715458911; x=1715545311; bh=PBy4/GqOZwZwu49zqabSAkkqab0Ti60e
	nCTukeBKiXk=; b=DuGkicfekNzDkPGHgTab4PoczUieYwWnKwgN0TEN2cUXXYAo
	1usSr+olfoWyXkLLYt4KKefhc3RAOBJjVYkdByjzT7aisCUyD4I+pVSzQp5H8hnE
	BaQrcu1igo7Pv6eYr9yDrwNF6xLRxLMEBMAK5LTI8ingKL1Hw0MyughvBEw=
Received: from tb-mx1.topicbox.com (localhost.local [127.0.0.1])
	by tb-mx1.topicbox.com (Postfix) with ESMTP id 6F77818E5FD5
	for <9fans@9fans.net>; Sat, 11 May 2024 16:21:40 -0400 (EDT)
	(envelope-from crossd@gmail.com)
Received: from tb-mx1.topicbox.com (localhost [127.0.0.1])
    by tb-mx1.topicbox.com (Authentication Milter) with ESMTP
    id BA5B4ED77E8;
    Sat, 11 May 2024 16:21:40 -0400
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t=
    1715458900; b=XN6vw1aFxMGvq58+x6ducqO8Bp5dwTF8EYHQC20KpXMrH2qUaU
    +RV0GKPZgy1BQ57HOK57iEQQfp2yiai9TueD1uenbmZ0okkPRPHRV21MgurwNyib
    RbR/uJSdtbfIic71QNLJ+NIRd4BguoHpDuA4yOQyIaSrUcFcWAUfHvlTFW6icf8o
    CWtmRAAKDl7uHBf/+Gpx/6+hgTRMvl0XfwCI9+Iy419im87h0P38Hc0wp/oo6AbQ
    wzRu4/IJoq89fclr9IDkg6lmIjV/WgubNIJZy4qwgHfKd4RAKPA6FzuMnkAMcQur
    dNaKjOBqZsLInTnwRfn8CVORYntxlJIme66A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=
    topicbox.com; h=mime-version:references:in-reply-to:from:date
    :message-id:subject:to:content-type:content-transfer-encoding;
    s=arcseal; t=1715458900; bh=Hmdb3e92g0gqXw7+eMCZu75y098t7ESzAP+
    BU0fM+Ks=; b=tAzTqMTeVBtVOjxQY/ROXA9ScTcJjSVV5TNMNo2jg9Sheq0Eh7z
    N3mJRbBewltjiiCzxz9zDLTqw6lQMKmkXgD11XmNVtmsbOZyp4YDYunks9BQ+C08
    i6T1wpOsc9mH8Pg71Qq9EVrd5z5SnIVbB6DaaYOuxlhLH8BTQocz7p978AWGOEMW
    LCQjAZ2SV7+gecMnmTPQkGxNTf+MmvKrSP+/8g0hPdhhCSrZCCseikbpQcMtcaqb
    FWBtfj726DQdzXRj0lX2++CuMoHtD12h3tfFzvHFBtujlIbzMfuLL9ESaAkpTwlw
    q2mHzk1VTUidlX9cR57IcXxXAlrDKRV1OhA==
ARC-Authentication-Results: i=1; tb-mx1.topicbox.com;
    arc=none (no signatures found);
    bimi=skipped (DMARC Policy is not at enforcement);
    dkim=pass (2048-bit rsa key sha256) header.d=gmail.com
    header.i=@gmail.com header.b=IcOXN5P1 header.a=rsa-sha256
    header.s=20230601 x-bits=2048;
    dmarc=pass policy.published-domain-policy=none
    policy.published-subdomain-policy=quarantine
    policy.applied-disposition=none policy.evaluated-disposition=none
    (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p
    header.from=gmail.com;
    iprev=pass smtp.remote-ip=209.85.208.180 (mail-lj1-f180.google.com);
    spf=pass smtp.mailfrom=crossd@gmail.com
    smtp.helo=mail-lj1-f180.google.com;
    x-aligned-from=pass (Address match);
    x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net
    header.i=@1e100.net header.b=JsqjK3Fb;
    x-me-sender=none;
    x-ptr=pass smtp.helo=mail-lj1-f180.google.com
    policy.ptr=mail-lj1-f180.google.com;
    x-return-mx=pass header.domain=gmail.com policy.is_org=yes
    (MX Records found: alt1.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com);
    x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes
    (MX Records found: alt1.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com);
    x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384
    smtp.bits=256/256;
    x-vs=clean score=0 state=0
X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedvledrvdegtddgudegjecutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp
    uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhepgghfjg
    fhfffkuffvtgfgsehtqhertddttdejnecuhfhrohhmpeffrghnucevrhhoshhsuceotghr
    ohhsshgusehgmhgrihhlrdgtohhmqeenucggtffrrghtthgvrhhnpeekuefgffdvtedtve
    fgieduteekudehteffudekhfefkeevfeethfehuedukedtgeenucfkphepvddtledrkeeh
    rddvtdekrddukedtnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvth
    epvddtledrkeehrddvtdekrddukedtpdhhvghlohepmhgrihhlqdhljhduqdhfudektddr
    ghhoohhglhgvrdgtohhmpdhmrghilhhfrhhomhepoegtrhhoshhsugesghhmrghilhdrtg
    homheqpdhnsggprhgtphhtthhopedupdhrtghpthhtohepoeelfhgrnhhsseelfhgrnhhs
    rdhnvghtqe
X-ME-VSScore: 0
X-ME-VSCategory: clean
Received-SPF: pass
    (gmail.com ... _spf.google.com: Sender is authorized to use 'crossd@gmail.com' in 'mfrom' identity (mechanism 'include:_netblocks.google.com' matched))
    receiver=tb-mx1.topicbox.com;
    identity=mailfrom;
    envelope-from="crossd@gmail.com";
    helo=mail-lj1-f180.google.com;
    client-ip=209.85.208.180
Received: from mail-lj1-f180.google.com (mail-lj1-f180.google.com [209.85.208.180])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by tb-mx1.topicbox.com (Postfix) with ESMTPS
	for <9fans@9fans.net>; Sat, 11 May 2024 16:21:39 -0400 (EDT)
	(envelope-from crossd@gmail.com)
Received: by mail-lj1-f180.google.com with SMTP id 38308e7fff4ca-2df83058d48so40004931fa.1
        for <9fans@9fans.net>; Sat, 11 May 2024 13:21:39 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1715458898; x=1716063698;
        h=content-transfer-encoding:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Hmdb3e92g0gqXw7+eMCZu75y098t7ESzAP+BU0fM+Ks=;
        b=JsqjK3FbahKyU+Sstv/b96ZOlQg+G3eeKw4UYlfKfJimZYEYlSRyKPvMzYs6ezwEfI
         FCMhp4Na2Io8D1vCQvOIXqBoU/RWoPi0QP7TwgabEWkf85+p+0YFaEraeT+Hcr0xceGF
         121W/pqb1z2s/5/kttBditVe7zZAZaRT9RKsXCNO6F5c23Zj5CvDS8V8YxD0ouUGP5Ly
         3DNuCJmBkj6G7+mtqB+Se/nw634GKJZoVPmnLDZ5wE5gd9e4aEQ7QEsuEb3spalWlb0+
         BP1sVG4cVhY3IwbK9fEdju1Z+7JTXVGhF1ASrPIA2cU1V697Zpttnu4NZ3lLEawmn0Hs
         Cymw==
X-Gm-Message-State: AOJu0YxzZJ9nEJ2QfydRkjGqqNwmK1pyNfcgovINPxLPH3o+Ol0qXU86
	Y+6yu0z+ewOuzQ1phlnrIDRY+7DDm1FpKK2Mj1waOjwEdeRfJrgi4RKq0OK7TdJOxiYgiYm0+tn
	F2/uskeM9xWwMxUmIdvAtLNVyKZRttA==
X-Google-Smtp-Source: AGHT+IGyITDCxf4dNc1gGWXSmp90OB7lUCAQCMK/GnInyq4eOx58UJi2OIDzAdYNGa4Oz6lcjzErrMwl6/v/7wrpPqQ=
X-Received: by 2002:a05:651c:14f:b0:2df:eee9:c71f with SMTP id
 38308e7fff4ca-2e51fc36881mr33516721fa.7.1715458897939; Sat, 11 May 2024
 13:21:37 -0700 (PDT)
MIME-Version: 1.0
References: <5BDA3A43B36A42DC855E6BC34C893A7A@eigenstate.org>
 <2418bd0bb3ebe621a5075e616d35eb29@hamnavoe.com> <CAFSF3XP7HxGHKQ3+BPn80d5O9XfHa5OHNgcuya+w0a79uNgO0A@mail.gmail.com>
 <CAEoi9W4ra5u5OdoaoRUp-GkCJvPo2=MiG=Jv7qk=Ew_fH3yLxg@mail.gmail.com>
 <CAFSF3XMwy6iZ3qy3FNX7bVSUNjZyGUoYxrAYZyDCgAQvmy9UFg@mail.gmail.com>
 <CAEoi9W6hXDjzM-0hvoFOYofWQdWfUnct_cXm86d4c_Q-97rC4Q@mail.gmail.com> <2dda1745-c644-4d9b-b436-26aaf3380192@posixcafe.org>
In-Reply-To: <2dda1745-c644-4d9b-b436-26aaf3380192@posixcafe.org>
From: Dan Cross <crossd@gmail.com>
Date: Sat, 11 May 2024 16:21:01 -0400
Message-ID: <CAEoi9W6RZYY6hKPgXOKQz-Md32nZJnMtUyfsWi6-c4wKv5v58Q@mail.gmail.com>
Subject: Re: [9fans] Interoperating between 9legacy and 9front
To: 9fans <9fans@9fans.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Topicbox-Policy-Reasoning: allow: sender is a member
Topicbox-Message-UUID: 163083f2-0fd4-11ef-8126-a559c8ac67dd
Archived-At: =?UTF-8?B?PGh0dHBzOi8vOWZhbnMudG9waWNib3guY29tL2dyb3Vwcy85?=
 =?UTF-8?B?ZmFucy9UZGUyY2EyYWRkYTM4M2EzYS1NZTQ0MmQzOTIwZTdhZWVkMTY3OTFj?=
 =?UTF-8?B?M2Y4Pg==?=
List-Help: <https://9fans.topicbox.com/groups/9fans>
List-Id: "9fans" <9fans.9fans.net>
List-Post: <mailto:9fans@9fans.net>
List-Software: Topicbox v0
List-Subscribe: <https://9fans.topicbox.com/groups/9fans>
Precedence: list
Reply-To: 9fans <9fans@9fans.net>
List-Unsubscribe: <https://9fans.topicbox.com/groups/9fans>,
 <mailto:9fans+unsubscribe@9fans.net?subject=x-tx-unsubscribe:2:9fans:437d30aa-c441-11e9-8a57-d036212d11b0:522be890-2105-11eb-b15e-8d699134e1fa:Me442d3920e7aeed16791c3f8:1:zMP5UCzuCfFutE7hdJYur31JWKnc64qJfhhCf4smOqU>
Topicbox-Delivery-ID:
 2:9fans:437d30aa-c441-11e9-8a57-d036212d11b0:522be890-2105-11eb-b15e-8d699134e1fa:Me442d3920e7aeed16791c3f8:1:xhQ0KhME9r04lGgz1GzYhiAafNtm3_6KWuDkCPeSMBg

On Sat, May 11, 2024 at 4:17=E2=80=AFPM Jacob Moody <moody@posixcafe.org> w=
rote:
> On 5/11/24 14:59, Dan Cross wrote:
> > On Sat, May 11, 2024 at 3:36=E2=80=AFPM hiro <23hiro@gmail.com> wrote:
> >>> explanation of dp9ik, which while useful, only
> >>> addresses what (I believe) Richard was referring to in passing, simply
> >>> noting the small key size of DES and how the shared secret is
> >>> vulnerable to dictionary attacks.
> >>
> >> i don't remember what richard was mentioning, but the small key size
> >> wasn't the only issue, the second issue is that this can be done
> >> completely offline. why do you say "only", what do you think is
> >> missing that should have been documented in addition to that?
> >
> > Probably how a random teenager could break it in an afternoon. :-)
>
> If we agree that:
>
> 1) p9sk1 allows the shared secret to be brute-forced offline.
> 2) The average consumer machine is fast enough to make a large amount of =
attempts in a short time,
>    in other words triple DES is not computationally hard to brute force t=
hese days.
>
> I don't know how you don't see how this is trivial to do.
> A teenager can learn to download hashcat, all that is missing from this r=
ight now is some python
> script to get the encrypted shared secret from a running p9sk1 server. Al=
l the code for doing
> this is already written in C as part of the distribution, you just have t=
o only do half the
> negotiation and break out. I think you vastly underestimate the resourcef=
ulness of teenagers.
>
> I had previously stated I would publish the PoC that friends of mine in u=
niversity built
> as part of their class, I have been asked to not do that so I will not.

To be clear: _I'm_ not saying it can't be done. I don't know that it
can be done in an _afternoon_; maybe a day or two, but I honestly
don't know. I was just trying to clarify what (I think) Richard was
asking for.

        - Dan C.

------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Tde2ca2adda383a3a-Me442d=
3920e7aeed16791c3f8
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription