Protecting Online Identity Through Cryptography 87
A new startup, Credentica, hopes to offer the ability for you to perform secure transactions using the smallest amount of personal information possible. Their goal is to both protect privacy and enhance security, which they hope will be a mutually inclusive process. "The technique employs secure multi-party computation, a branch of cryptography that can calculate meaningful answers about secret information by knowing only some non-revealing clues about that secret. The underlying theory was demonstrated in 1982 by Andrew Yao in the so-called Millionaire's Problem [...] U-Prove employs an ID token, a special kind of digital certificate that allows for minimal selective disclosure. The tokens can store all kinds of information, but users can disclose only the minimum amount of data required in any given transaction. They leave no unwanted data trails and permit both anonymity and pseudonymity."
Re:Why do we need spy tools? (Score:4, Insightful)
Re: (Score:1, Flamebait)
Re: (Score:2)
Would you call yourself technically adept?
Would you say you are socially liberal or socially conservative?
Is there a political ideology which resonates with you or your priorities? If you've found one which is it?
Do you adhere to a religion? If so which one?
Have you studied many different perspectives in order to acquire these ideologies or are these those you grew up with? (Those of your parents and community)
Re: (Score:2)
Yes, I'm technically adept.
I don't believe in party politics. Liberal and conservative are equally bad.
The ideology that resonate most with me are such as Anarchist Communism, but I don't think they're realistic as they have been put forward in the past.
I favour mandatory non-discriminatory involvement by all citizens in the infrastructure that supports their lives, and the absence of compulsion at any level beyond that.
Every person should be involved in the various systems that are req
Re: (Score:2)
Actually, I do think that some of the ideas put forth in 1984 have a lot of potential to liberate people from manipulation if they were employed properly and for higher purposes.
http://slashdot.org/~ShieldW0lf/journal/195726 [slashdot.org]
Re: (Score:2, Insightful)
Re: (Score:3, Insightful)
Re: (Score:1)
No, it wasn't. I don't want privacy and anonymity. I don't trust people, so I won't support technology that allows them to operate from the shadows with impunity. As far as I'm concerned, if you use it, you're guilty.
Not sure if a read that correctly.
But you don't trust people so you DONT want privacy or anonymity from them.
I don't trust people so I WANT this technology that allows people to protect themselves.
As far as your concerned people are guilty until they can prove their innocence?!
~Dan
Re: (Score:1)
Re: (Score:3, Insightful)
Re: (Score:2)
Anonymity and privacy were features that were built in.
Re: (Score:3, Informative)
We also have electronic cash [wikipedia.org] which uses zero-knowledge [wikipedia.org] systems to protect privacy. Note real implementations are far more sophisticated than the simple example at Wikipedia. The only information you can get from the cash is the information necessary to prove it has been paid to you.
Re: (Score:1)
Im a huge fan of coinage, especially really shiny ones, but even paper money too although its not real... but Anonymity with coinage/physical money?
Re: (Score:1)
Re:Why do we need spy tools? (Score:4, Insightful)
Re: (Score:1, Flamebait)
I don't hope for that. I hope for pervasive information, where I am always informed, where I never have a smiling snake oil salesman with no integrity moving from victim to victim, where I never have to deal with the hypocrisies of people because they're not practical to maintain anymore. I'd quite happily go to war with an assault rifle in my hands and kill people to prevent something like what you are describi
MPC and it's uses (Score:5, Interesting)
The problem with MPC protocols is that since they are so very general and powerful they tend to also be horribly inefficient (though polynomially bounded (i.e. in P). Never the less the constant are often horrible and could require on the order of n^2 rounds of communication. Another hurdle in their wider adoption in the field of security is that they represent a significantly more complicated concept then say encryption or a hash function and so tend to be a difficult sell to non-cryptographers.
However at least one company, Cryptomathics [cryptomathic.com] of Aarhus, Denmark are working on an implementation of MPC. The main client being the danish government which wants to use the product to setup an online market through which local farmers can to sell there goods. The idea being that by using an MPC protocol to do this rather then some central (government run) server no body needs to trust anyone else, not even the government; just their own implementation of the software on their computers. As long as that is correct and uncorrputed they are guarenteed all the security they could hope for.
Of course there is always the argument that you might well be better off trusting the government to host the entire show then your own computer, but on the other hand even IF the government runs some online auction server, you still need to connect to that remote system from your own computer. So a secure server is still not going to help you protect yourself from local corruptions. At least now that is the ONLY thing left to worry about.
Re: SIMAP and VIFF (Score:1)
The Danish government that was not involved in the auction -- it was an auction where sugar beet farmers traded their production quotas for producing beets for Danisco, the only company producing sugar in Denmark.
The auction finished last month and was a great success for all involved parties. It was poss
Identity theft is still aided by it's own victims (Score:2, Insightful)
Re:Identity theft is still aided by it's own victi (Score:1)
Re: (Score:2, Interesting)
Really, do you think Amazon or Google or somesmallretailer.com will settle for asking the minimum amount of information necessary to complete a transaction?
They already ask for more info than they need, presumably for 'security' purposes [ie, so someone isn't using your credit card to buy a bunch of Dells for orphans in Russia], but they just happen to keep using that data for marketing purposes. And now that they are already collecting al
Re: (Score:1)
Re: (Score:1)
Sort of like, they need to know that you are 21, so they ask you what your Grad year was, and what school you went to instead of how old are you?
Maybe I dont get it, but it seems like a possibility of "Personality" theft not just Identity theft...
Re: (Score:3, Insightful)
Re:Identity theft is still aided by it's own victi (Score:2)
Unfortunately it is all too easy to accomplish identify theft via some very uncomplicated and low-tech methods. People still click on links in emails and type their financial information into fake websites or answer questions over the phone to the nice IRS man who wants to send me a tax rebate.
Far lower tech than that -- much identity theft is still accomplished through dumpster diving, mailbox theft, over-the-shoulder snooping, and many other techniques that have been around since way before the Intern
Re:Identity theft is still aided by it's own victi (Score:2)
</cynical>
Millionaire's Problem (Score:5, Interesting)
No wonder Millionaires are so stupid... if this is what they consider a "Problem"...
Re: (Score:1)
Re: (Score:3, Informative)
another counterexample [wikipedia.org]
Re: (Score:2)
Hey, it could happen.
Re: (Score:1)
But I will give credit to some "Famous" people that are in similar positions, being a guinea pig/stooge to someone who actually has a brain as far as marketing and management goes, gathering millions and then just vanishing from publicity to live out the rest of their life in luxery... however
Re: (Score:2)
She may've started with a nice kaboodle, but she's increased it significantly on her own through fashion-lines, perfumes, TV shows, and getting paid to show up at bars and clubs.
The only evidence of her stupidity that I've seen has been what she's said on those TV shows, which I have no rea
Re: (Score:2)
Re: (Score:2)
Re:Millionaire's Problem (Score:4, Funny)
If you think that's bad, then I have some dining philosophers that I'd like you to meet...
Re: (Score:3, Funny)
Bruce Schneier knows Alice and Bob's secret.
Anonymous? (Score:2, Funny)
What a load of shit.
Three Words (Score:1)
Re: (Score:2)
Some interesting questions here. (Score:2)
Another issue is that such tokens may be forged. What are the safeties in place to verify that it isn't forged?
Forged identities are likely to be abused by those that really doesn't want to be on the map, like terrorists and major drug dealers. The latter can probably afford a lot to be anonymous - e
Re: (Score:1)
That's the magic statement, And if you can't trust them with your ID, What makes them think you can trust them with (after Blockbuster gets done with it) an $80 copy of midget porn that they demand back with a post card.
But of course, renting "Midget Ladies of Lust" was just what they did to test the stolen ID on the way to the BMW dealership, where they really had fun...
Re: (Score:2)
In both cases the dealers would have failed to do a sufficient verification of the ID by checking that it was valid and not reported as missing and that the person providing it did match the person holding it. So in both cases the dealers has to take full responsibility by being insufficient.
Book pointer (Score:5, Informative)
Re: (Score:3, Informative)
Re: (Score:1, Informative)
Re: (Score:2)
This will never fly (Score:2, Insightful)
Re: (Score:2)
Authtication is not considered a problem, (Score:1)
Consumers might adopt a solution like this if it were up to them, but I doubt anyone would pay for it, and no, this does require cooperation of both parties, so it is not up to them, and will not work independently on the cons
Re: (Score:2)
Please explain (Score:2)
numbers could be derived) sounds impossible. Can someone explain how the problem is solved in plain English (since IANA crypto expert).
Re: (Score:3, Informative)
A practical application of this is at http://www.cypherpunks.ca/otr/ [cypherpunks.ca] (with a plugin for a few common AIM application, most usefully for pidgin née gaim).
This one has an implementation called the "Socialist Millionaires Problem", which sounds the same, although I recall it being used only to tell if two secret values are the same on both side, thus augmenting the key exchange protocol with man-in-the-middle detection capabilities, provided the parties has shared knowledge about something (and somethin
Re: (Score:2, Informative)
Imagine three millionaires in a room who wants to compute the sum of their incomes. Let us say that the millionaires can agree in advance that the sum can be represented by an integer in the range 0..100. They just need some upper limit, so the number could denote billions, trillions or whatever. Each millionaire then chooses three numbers a ran
If only its easy for sites to adopt (Score:1)
As I see, credentica has some kind of SDK. How would
Re: (Score:2)
For validing an ID, all it takes is a government CA adding certs onto someone's public key stating that they are above 21, not a felon, etc. Of course, all the certs are revocable, and ones that would possibly change (absence of a criminal
bad passwords (Score:1)
At the time the database stored passwords in cleartext (guess they haven't heard of hashing then). When doing some work of course I can see everyone's passwords. People choose funny passwords. There's the obvious "password", "<my name>", or whatever.
But there was one that was a strange 9 digit number. Later when I had a chance to talk to that person on the phone I got to learn that his password was his SSN.
companies like that trail (Score:2)
terroristsdream (Score:5, Insightful)
Re: (Score:1)
Re: (Score:2)
I can't understand how people actually believe nonsense like that. Lack of privacy is, by itself, a form of terrorism when taken to an extreme.
I don't know about a "form of terrorism", but I'd say that trading privacy for safety, even if it worked, would be a bad trade.
Jefferson's well-known quote is very appropriate: "The tree of liberty must be refreshed from time to time with the blood of patriots". Most people take this to mean that soldiers have to give their lives to preserve liberty, but I think there's another important truth in the statement: In some cases liberty is incompatible with safety, which means that people will die, includi
Privacy hypocrisy (Score:1)
No reason to use it (Score:3, Insightful)
Gas stations already do this.... (Score:3, Interesting)
Re: (Score:2)
Re: (Score:2)
Wikipedia description link ZK proof (Score:1)
http://en.wikipedia.org/wiki/Zero_knowledge_proof [wikipedia.org]