From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.7 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.4 Received: from tb-ob1.topicbox.com (tb-ob1.topicbox.com [64.147.108.173]) by inbox.vuxu.org (Postfix) with ESMTP id 35BCC24B9C for ; Sun, 12 May 2024 19:10:24 +0200 (CEST) Received: from tb-mx0.topicbox.com (tb-mx0.nyi.icgroup.com [10.90.30.73]) by tb-ob1.topicbox.com (Postfix) with ESMTP id 5767818DC7 for ; Sun, 12 May 2024 13:10:23 -0400 (EDT) (envelope-from bounce.mM3d84204e405a926acc80c609.r522be890-2105-11eb-b15e-8d699134e1fa@9fans.bounce.topicbox.com) Received: by tb-mx0.topicbox.com (Postfix, from userid 1132) id 57D15186326D; Sun, 12 May 2024 13:10:23 -0400 (EDT) ARC-Authentication-Results: i=2; topicbox.com; arc=pass; dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=bChbaApl header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; spf=pass smtp.mailfrom=23hiro@gmail.com smtp.helo=mail-pj1-f47.google.com; x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message has been altered)) (Message modified while forwarding at Topicbox) ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=mime-version:references:in-reply-to:from:date :message-id:subject:to:content-type:list-help:list-id:list-post :list-subscribe:reply-to:content-transfer-encoding :list-unsubscribe; s=sysmsg-1; t=1715533823; bh=1/mUCcUAQgrW+oi2 9ishCqv2xa0ZXIrQrodPaQuutsU=; b=WU6d1qMBQlclV6U9eoVeJdZkJlkD5BRE nHd6yGXjdlUqx+QKrHSXNULRVrm/FPncdvFwwFjA1tGwYWiTt8m+932rH7eo7ln4 8FoPtp+oy68RMViviIUH+VppmrGeBvmb4/L9JObn1Wh0hF+3cliSjPMiPtbmIXrB JKt4jyU/7/Y= ARC-Seal: i=2; a=rsa-sha256; cv=pass; d=topicbox.com; s=sysmsg-1; t= 1715533823; b=kBQXpXqepCPEOVMAYA2C/eIbF5GWXo9iVKKJx2i5iDA85TRWAN 8W8T1zW0eY+eZZuvc/lCcLdmqbWU/LUm2PYcoq4r0EgCbgW3IC2Wye+h4Q53H8Rd aJoHiW5a5jCG1Cv4doi3+EZ/o3TC3TJ+JsW2V8NU6ctE8AHWMVeCpKPiY= Authentication-Results: topicbox.com; arc=pass; dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=bChbaApl header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; spf=pass smtp.mailfrom=23hiro@gmail.com smtp.helo=mail-pj1-f47.google.com; x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message has been altered)) (Message modified while forwarding at Topicbox) X-Received-Authentication-Results: tb-mx0.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC Policy is not at enforcement); dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=bChbaApl header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; iprev=pass smtp.remote-ip=209.85.216.47 (mail-pj1-f47.google.com); spf=pass smtp.mailfrom=23hiro@gmail.com smtp.helo=mail-pj1-f47.google.com; x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=aq5VqIqj; x-me-sender=none; x-ptr=pass smtp.helo=mail-pj1-f47.google.com policy.ptr=mail-pj1-f47.google.com; x-return-mx=pass header.domain=gmail.com policy.is_org=yes (MX Records found: alt4.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Records found: alt4.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=9fans.net; h= mime-version:references:in-reply-to:from:date:message-id:subject :to:content-type:list-help:list-id:list-post:list-subscribe :reply-to:content-transfer-encoding:list-unsubscribe; s=dkim-1; t=1715533823; x=1715620223; bh=8JHuaD4X30Tpmmb9e3frgu7eWwDWXN70 1EQDIzkIRgk=; b=QGF96uKFa/R0I5mrwLnqb3Lxmv4dEq2CxCCU725pyku/igR6 QESYgVItKpBfXhw71d8Rrbq3H8cE9x8FQc6P+pq9zqgzmXdWgIiIljDM6j0ilUIs YBgv+uPZVUcLKdnpa0YKanG5HFbCt76VpQGbzM5ymOe/ulWVSzLWSzEvi3w= Received: from tb-mx0.topicbox.com (localhost.local [127.0.0.1]) by tb-mx0.topicbox.com (Postfix) with ESMTP id 5259B1862E36 for <9fans@9fans.net>; Sun, 12 May 2024 13:10:02 -0400 (EDT) (envelope-from 23hiro@gmail.com) Received: from tb-mx0.topicbox.com (localhost [127.0.0.1]) by tb-mx0.topicbox.com (Authentication Milter) with ESMTP id F768DB29747; Sun, 12 May 2024 13:10:02 -0400 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1715533802; b=BW6jXlSR1kzByuWliDtjyYsTX2REeaAwB4HeA7NZQi43iOGEkr jxg2gRGP/iAQB3pCF0/t0cyiQTFgxmfMOd2oc7koSmJVb8J4imai4RsiQTclIBR2 wmwEU06STWQv3mT6C/mA2VYOuf8zzpARGIgE6/nPQ/nZn/46m4vMHHH5UIk6cN8U XIraU/hiJRrLWNWn6JDnJCTOLjD2xbQgqoXTp8hNi7wzVxu0K69ARNIuk0y8GnTa mNtVLktskgadxBJSJmNr+WIc2KeGztV5b1PMeWVgxilH4P4/B+PAWKf2BdzBeo/A JwpUQJB+MmJRW4hftyNuIXm3RNFPPAQ2mKMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=mime-version:references:in-reply-to:from:date :message-id:subject:to:content-type; s=arcseal; t=1715533802; bh=rkjSWXp+Z0vvZ6WOS+bmCh5BWXaWLNtXMswhAsd5H1c=; b=GufZpQw8O03s vEcBm2XoxTp/0FICe5EAWnXCgFggCvvWZh69tzvbBmxQDI1XyOHv9owB7Act1it4 XbiKq73KSho0laxSjnzsKTAwBfOCwtmxkmG0QC6uCeL1/sUn+NgWKzn+rUv+QztA myXOb0Wow06tyBIewdYFPUsPC/4xpOwLotxL+snCErOsa9GA8jad9mOpJC/5D4tP qaBQov8vflvTEYQORTBxeLHxWVUb0kbXdPhXMC4iQObUggC1/xR9nZqn6Xbyy+bA FiE+fT/wjcoFCDEWV4MRHDp95/57hAZKbH9SXRFYjrPe/M1jQN2ylmhTQJb42I23 2vudnUCKRg== ARC-Authentication-Results: i=1; tb-mx0.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC Policy is not at enforcement); dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=bChbaApl header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; iprev=pass smtp.remote-ip=209.85.216.47 (mail-pj1-f47.google.com); spf=pass smtp.mailfrom=23hiro@gmail.com smtp.helo=mail-pj1-f47.google.com; x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=aq5VqIqj; x-me-sender=none; x-ptr=pass smtp.helo=mail-pj1-f47.google.com policy.ptr=mail-pj1-f47.google.com; x-return-mx=pass header.domain=gmail.com policy.is_org=yes (MX Records found: alt4.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Records found: alt4.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedvledrvdegvddguddtkecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhepgghfjg fhfffkuffvtgesthdtredttddtjeenucfhrhhomhephhhirhhouceovdefhhhirhhosehg mhgrihhlrdgtohhmqeenucggtffrrghtthgvrhhnpeetledtfeelhfffheeiueeigeegke duhefgfeekjeeitdehhfduueffkedvueehgfenucfkphepvddtledrkeehrddvudeirdeg jeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpedvtdelrdekhe drvdduiedrgeejpdhhvghlohepmhgrihhlqdhpjhduqdhfgeejrdhgohhoghhlvgdrtgho mhdpmhgrihhlfhhrohhmpeeovdefhhhirhhosehgmhgrihhlrdgtohhmqedpnhgspghrtg hpthhtohepuddprhgtphhtthhopeeolehfrghnsheslehfrghnshdrnhgvtheq X-ME-VSScore: 0 X-ME-VSCategory: clean Received-SPF: pass (gmail.com ... _spf.google.com: Sender is authorized to use '23hiro@gmail.com' in 'mfrom' identity (mechanism 'include:_netblocks.google.com' matched)) receiver=tb-mx0.topicbox.com; identity=mailfrom; envelope-from="23hiro@gmail.com"; helo=mail-pj1-f47.google.com; client-ip=209.85.216.47 Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tb-mx0.topicbox.com (Postfix) with ESMTPS for <9fans@9fans.net>; Sun, 12 May 2024 13:10:01 -0400 (EDT) (envelope-from 23hiro@gmail.com) Received: by mail-pj1-f47.google.com with SMTP id 98e67ed59e1d1-2b516b36acfso950173a91.2 for <9fans@9fans.net>; Sun, 12 May 2024 10:10:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715533800; x=1716138600; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=rkjSWXp+Z0vvZ6WOS+bmCh5BWXaWLNtXMswhAsd5H1c=; b=aq5VqIqjRobwfard3TW3ZHOxPyqP0fKLQRojZT25Hb2hrIMHZctGLdc3YzxBP3F/1Y YYxaEdKw5c1zi8MfiW/O1ejWA3gJ7QWrZupdPM3t2YuU/locl+N0/UuGeHL+/CcshDva scFK44KzPT2oceyxQg/3xQCvIc9O82YEfo7GIdHkrqkEDgwBfat5/2ZA+7ebtmoRnto4 2deubQweld5FrkoWzFjcyVwYKfPz3VptMB0X7HdzzKJI7SzkLxgTKzKCRbkSSfsPqI1S EVK1Mnh9XLLld28HNOeIWfZV+SDfp3uQe/Oq5J2Ow1xah3QRxsi30Pueg3FtjViHmxul 3kZA== X-Gm-Message-State: AOJu0Yyc9IRmmj/hzf8Q5oijZC7O/vZSEQAb3iwKDcfMaCjl9CX1ICBD eH8u5+EsOPiMxjjMxYBeuD37QsoHokzqFL+B83h0zho7r5UDtrdJHo+KTT/K1CpgilGPDbG6i06 HKPWwqRMsY2vlDeNGLz4UhwV2eJQ+7ee+ X-Google-Smtp-Source: AGHT+IGCGtxU4MeHI378Bxvm9WXCeWlRb5ij2LQqlCFaVdVR5KqMMywcz5uUUs2QgkM9tOZyn2r495eU5LjafIfl7KQ= X-Received: by 2002:a17:90a:dc13:b0:2b2:78a7:1b02 with SMTP id 98e67ed59e1d1-2b6cc2448d8mr7195107a91.1.1715533800172; Sun, 12 May 2024 10:10:00 -0700 (PDT) MIME-Version: 1.0 References: <36c63d5b02277489e2195a0c1006ff39@hamnavoe.com> In-Reply-To: <36c63d5b02277489e2195a0c1006ff39@hamnavoe.com> From: hiro <23hiro@gmail.com> Date: Sun, 12 May 2024 19:09:48 +0200 Message-ID: Subject: Re: [9fans] one weird trick to break p9sk1 ? To: 9fans <9fans@9fans.net> Content-Type: text/plain; charset=UTF-8 Topicbox-Policy-Reasoning: allow: sender is a member Topicbox-Message-UUID: 804049d6-1082-11ef-a14e-8a3c0a8c7b06 Archived-At: =?UTF-8?B?PGh0dHBzOi8vOWZhbnMudG9waWNib3guY29tL2dyb3Vwcy85?= =?UTF-8?B?ZmFucy9UNTYzOTdlZmY2MjY5YWYyNy1NM2Q4NDIwNGU0MDVhOTI2YWNjODBj?= =?UTF-8?B?NjA5Pg==?= List-Help: List-Id: "9fans" <9fans.9fans.net> List-Post: List-Software: Topicbox v0 List-Subscribe: Precedence: list Reply-To: 9fans <9fans@9fans.net> Content-Transfer-Encoding: quoted-printable List-Unsubscribe: , Topicbox-Delivery-ID: 2:9fans:437d30aa-c441-11e9-8a57-d036212d11b0:522be890-2105-11eb-b15e-8d699134e1fa:M3d84204e405a926acc80c609:1:kZNXEeELaabqSnmxM8fljhhxVmX1INkzI73nipT4I5w > I thought of 3DES in the first instance because of this desire to be > minimally disruptive. Support for DES is already there and tested. > 3DES only needs extra keys in /mnt/keys, and because 3DES encryption > with all three keys the same becomes single DES, there's a graceful > fallback when users have access only via an older client with > unmodified p9sk1. Obviously the server ticket would always be protected > by 3DES. it is not obvious to me. but then, you know more about 3des than me. ;) there are some fundamental features in dp9ik that are still missing even when you increase the "quality" of the DES key by giving it arbitrarily longer lengths. also, the server and client keys are the same in p9sk1 as far as i understood. i would welcome public/private key system though (is that what you were thinking of when separating "server key" and "client key". that would add yet another set of features that are currently missing. > This is only the first scratching of an idea, not implemented yet. i can offer strictly less than that even. but it seems to me that concentrating on 3DES just for the sake of similarity to DES is taking ocam's razor slightly too far. though i do find it generally happens that security mechanisms are claimed to be "outdated", resulting in less scientific processes and more popularity contests than anything else, so putting extra scrutiny is highly welcome. on my part i'm simply trusting cinap on his intent and research as i have no hope to ever understand any details. but the dp9ik approach has some novelties which should make it worthwhile for security researchers to study. ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T56397eff6269af27-M3d842= 04e405a926acc80c609 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription