[RC5] Of potential interest -- Citibank tries to gag crypto bug

Fuzzy Logic fuzzman at m-net.arbornet.org
Sat Feb 22 21:51:20 EST 2003


This is actually kind of interesting to me.  I work for IBM, and one of
the products I worked on was the 4758.  In all the documentation we
provide, never do we specify that the decimalization table should be
"0123456789012345", not is the length limited to 4 digits.  It can be up
to 16 digits long.  Just goes to prove that once a particular method is
entrenched, it's quite difficult to get customers to do things a different
way.

While I can never give examples, we've actually had customers use our
example keys (listed in the documentation) for their active master keys.
Gee, only a few thousand people have that particular book, which is
available for download FREE.

*sigh*

Fuzzy
-- 
Quidquid Latine dictum sit, altum videtur.
Si hoc legere scis, nimium eruditionis habes.
Vir sapit qui pauca loquitur.
Cras amet qui numquam amavit, quique amavit cras plus amet.
Uno itinere non potest perveniri ad tam grande secretum.

On Sat, 22 Feb 2003, Ralph W. Reid wrote:

> Since Distributed Net demonstrated some time ago that DES was not
> very secure at all, and since we are currently working on some RC5
> decryption, I thought the enclosed note I received from another list
> might be of some interest here.  Enjoy.
>
> >---------- Forwarded message ----------
> >Date: Thu, 20 Feb 2003 14:04:01 -0800
> >From: Robert Moskowitz <rgm-sec at htt-consult.com>
> >To: saag at mit.edu
> >Subject: [saag]  Of potential interest -- Citibank tries to gag crypto bug
> >    disclosure
> >
> > >To: ukcrypto at chiark.greenend.org.uk
> > >Subject: Citibank tries to gag crypto bug disclosure
> > >Date: Thu, 20 Feb 2003 09:57:34 +0000
> > >From: Ross Anderson <Ross.Anderson at cl.cam.ac.uk>
> > >
> > >
> > >Citibank is trying to get an order in the High Court today gagging
> > >public disclosure of crypto vulnerabilities:
> > >
> > >    http://www.cl.cam.ac.uk/ftp/users/rja14/citibank_gag.pdf
> > >
> > >I have written to the judge opposing the order:
> > >
> > >    http://www.cl.cam.ac.uk/ftp/users/rja14/citibank_response.pdf
> > >
> > >The background is that my student Mike Bond has discovered some really
> > >horrendous vulnerabilities in the cryptographic equipment commonly
> > >used to protect the PINs used to identify customers to cash machines:
> > >
> > >    http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-560.pdf
> > >
> > >These vulnerabilities mean that bank insiders can almost trivially
> > >find out the PINs of any or all customers. The discoveries happened
> > >while Mike and I were working as expert witnesses on a `phantom
> > >withdrawal' case.
> > >
> > >The vulnerabilities are also scientifically interesting:
> > >
> > >    http://cryptome.org/pacc.htm
> > >
> > >For the last couple of years or so there has been a rising tide of
> > >phantoms. I get emails with increasing frequency from people all over
> > >the world whose banks have debited them for ATM withdrawals that they
> > >deny making. Banks in many countries simply claim that their systems
> > >are secure and so the customers must be responsible. It now looks like
> > >some of these vulnerabilities have also been discovered by the bad
> > >guys. Our courts and regulators should make the banks fix their
> > >systems, rather than just lying about security and dumping the costs
> > >on the customers.
> > >
> > >Curiously enough, Citi was also the bank in the case that set US law
> > >on phantom withdrawals from ATMs (Judd v Citibank). They lost. I hope
> > >that's an omen, if not a precedent ...
> > >
> > >Ross Anderson

--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list