[ISN] 1024-bit encryption is 'compromised'
I like what they said the whole focus of the Financial Cryptography conference was... ;-). Cheers, RAH --- begin forwarded text Status: U Date: Wed, 27 Mar 2002 03:37:25 -0600 (CST) From: InfoSec News [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [ISN] 1024-bit encryption is 'compromised' Sender: [EMAIL PROTECTED] Reply-To: InfoSec News [EMAIL PROTECTED] http://www.vnunet.com/News/1130451 By James Middleton [26-03-2002] Upgrade to 2048-bit, says crypto expert According to a security debate sparked off by cryptography expert Lucky Green on Bugtraq yesterday, 1,024-bit RSA encryption should be considered compromised. The Financial Cryptography conference earlier this month, which largely focused on a paper published by cryptographer Dan Bernstein last October detailing integer factoring methodologies, revealed significant practical security implications impacting the overwhelming majority of deployed systems utilising RSA as the public key algorithm. Based on Bernstein's proposed architecture, a panel of experts estimated that a 1,024-bit RSA factoring device can be built using only commercially available technology for a price range of several hundred million to $1bn. These costs would be significantly lowered with the use of a chip fab. As the panel pointed out: It is a matter of public record that the National Security Agency [NSA] as well as the Chinese, Russian, French and many other intelligence agencies all operate their own fabs. And as for the prohibitively high price tag, Green warned that we should keep in mind that the National Reconnaissance Office regularly launches Signal Intelligence satellites costing close to $2bn each. Would the NSA have built a device at less than half the cost of one of its satellites to be able to decipher the interception data obtained via many such satellites? The NSA would have to be derelict of duty to not have done so, he said. The machine proposed by Bernstein would be able to break a 1,024-bit key in seconds to minutes. But the security implications of the practical 'breakability' of such a key run far deeper. None of the commonly deployed systems, such as HTTPS, SSH, IPSec, S/MIME and PGP, use keys stronger than 1,024-bit, and you would be hard pushed to find vendors offering support for any more than this. What this means, according to Green, is that an opponent capable of breaking all of the above will have access to virtually any corporate or private communications and services that are connected to the internet. The most sensible recommendation in response to these findings at this time is to upgrade your security infrastructure to utilise 2,048-bit user keys at the next convenient opportunity, he advised. But a comment from well known cryptographer Bruce Schneier casts doubt on Bernstein's findings in practical application. It will be years before anyone knows exactly whether, and how, this work will affect the actual factoring of practical numbers, he said. But Green, much to the clamour of overreaction from the Slashdot community, added: In light of the above, I reluctantly revoked all my personal 1,024-bit PGP keys and the large web-of-trust that these keys have acquired over time. The keys should be considered compromised. Whatever the practical security implications, one sharp-witted Slashdot reader pointed out: Security is about risk management. If you have something to protect that's worth $1bn for someone to steal, and the only protection you have on it is 1,024-bit crypto, you deserve to have it stolen. - ISN is currently hosted by Attrition.org To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn' in the BODY of the mail. --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA The IBUC Symposium on Geodesic Capital April 3-4, 2002, The Downtown Harvard Club, Boston mailto: [EMAIL PROTECTED] for details... ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[ISN] NCIX WEB SITE UPDATE ADVISORY #4-2002
--- begin forwarded text Status: U Date: Wed, 27 Mar 2002 03:37:58 -0600 (CST) From: InfoSec News [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [ISN] NCIX WEB SITE UPDATE ADVISORY #4-2002 Sender: [EMAIL PROTECTED] Reply-To: InfoSec News [EMAIL PROTECTED] -- Forwarded message -- Date: Tue, 26 Mar 2002 13:43:36 -0500 From: Stephen F. Argubright [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: NCIX WEB SITE UPDATE ADVISORY #4-2002 Dear Friends and Colleagues: The Annual Report to Congress on Foreign Economic Collection Industrial Espionage 2001, prepared by the Office of the National Counterintelligence Executive (NCIX), is now available on the NCIX Web site at http://www.ncix.gov/pubs/reports/fy01.htm . The report is not copyrighted and may be downloaded and disseminated as required. No hard copy distribution is available. Background: Using primarily Internet e-mail addresses from consumers who have requested NCIX counterintelligence and security awareness material, the NCIX has created an Internet address group to alert and inform its readers about new and updated information regarding the NCIX Web site. The advisories include information on NCIX regional seminars, the release of new awareness material, and other information of counterintelligence interest. Please feel free to use this updated information on your own Intranet and other information-sharing systems. Each advisory is assigned a sequential number for tracking purposes. As of this advisory, there are more than 2,300 official subscribers. - ISN is currently hosted by Attrition.org To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn' in the BODY of the mail. --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA The IBUC Symposium on Geodesic Capital April 3-4, 2002, The Downtown Harvard Club, Boston mailto: [EMAIL PROTECTED] for details... ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
ecash news: Brands credentica.com
For cpunxnews/cryptography: Seems people missed this anonymous note about Dr Stefan Brands new company http://www.credentica.com on cypherpunks -- interesting news -- will Credentica persue ecash, private credentials, more liberal licensing terms than digicash and ecash-technologies/infospace. (Brands ecash and credential patent suite is the only major contender to Chaum's patent suite. Chaum's patent suite was recently acquired by Infospace for an undisclosed amount from ecash-technologies which earlier bought the patents when digicash filed for chapter 11 bankruptcy.) To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Brands credentica (Re: [Tsg] Micropayments VISA?) Your information is out of date: Brands is no longer at ZKS, last month a new company was launched in which Brands is involved, see www.credentica.com, the rights are not tangled up in any way (legal separation, all rights cleared). Paul Holman wrote: [...] There are possible alternatives; Brands' patents, now tied up at ZKS, and other schemes which try to body swerve Chaum, but nothing comforting. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Brands is alive! (fwd)
--- begin forwarded text Status: U Sender: [EMAIL PROTECTED] Date: Tue, 26 Mar 2002 15:52:38 -0500 From: Ian Grigg [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Digital Bearer Settlement List [EMAIL PROTECTED] Subject: Re: Brands is alive! (fwd) List-Subscribe: mailto:[EMAIL PROTECTED] After receiving permission, here is another email on the subject and person of the Brands. iang Original Message Subject: Re: Brands is alive! (Was Re: [Tsg] Micropayments VISA? Date: Mon, 25 Mar 2002 16:40:49 -0500 From: Ian Grigg [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Paul Holman [EMAIL PROTECTED] References: [EMAIL PROTECTED] Paul Holman wrote: Ian, thanks for telling me this. I'm happy to hear it. Brands is good people, and he tries hard. Problem is, it is a lot of work to licence patents. It took me 4 trips to Europe and 4 barrels of beer to do it. It's just a costly business, as well as unhealthy the morning after ;-) Secondly, in my experience, patents have nothing to do with digital cash, or, so little that discussion of patents is a red flag from a business perspective. I.e., don't invest in any scheme that talks about patents. As a programmer, if you wanted to do a blinded token scheme, just use Wagner. Switch to Brands (within very minor technical terms, Brands is far superior) when you've shown that you can do something valuable with Wagner. I fully agree that this would be a wise approach. However, depending on how it is played out, you'd be increasing the value of those patents if you made something that worked and later go shopping for them. This can be a disincentive that keeps businesses from getting started. Well, that is true at the margin. But, in practice, the market cares not one jot what patent you are using, if at all. In practice, if you continued to use Wagner blinding for ever, you would have a 99.9% equivalent offering for the market place, which is less than noise in the overall marketing equation. So, whilst I don't dispute that a potential improvement could occur that would leave the price going up, I really doubt in practice that you would notice this. I'm glad to hear you're so enthusiastic about the Brands approach. It seems more flexible than Chaumian blinding, but possibly more difficult to implement/manage. We did a lot of work investigating it during the DigiGold days, and both teams put on the job concurred that Brands was the best, independantly. I'm not a cryptographer, and can barely count, let alone read a Brands formula, which is why I contracted some real crypto people to prepare opinions. Hmm, I notice you replied privately. Do you mind if I put your reply onto the DBS list? It's not really an issue either way, just a chance to boost the intelligent traffic. -- iang --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA The IBUC Symposium on Geodesic Capital April 3-4, 2002, The Downtown Harvard Club, Boston mailto: [EMAIL PROTECTED] for details... ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: crypto question
At 12:23 PM -0700 3/24/02, [EMAIL PROTECTED] wrote: or just security proportional to risk ... While a valid engineering truism, I have a number of issues with that dictum: 1. It is too often used as an excuse for inaction by people who are poorly equipped to judge either risk or cost. We've all encountered the experts on tap, not on top attitude of many managements. There was a good reason the U.S. centralized all crypto in the NSA after WW II. Managers in organizations like the State Department simply ignored known security compromises. Communications security never had a high priority with functional managers, so it was taken away from them. 2. Costs are often overstated or quoted out of context. A $1000 coprocessor that can verify 100 keys per second ends up costing under a millicent per verification, even allowing a large factor for peak demand. The added cost to store long keys is tiny. Good engineering (often the biggest cost) can be spread over many applications. Cost of keeping up with security patches is likely modest compared to 24/7 watchman security for a physical location. 3. The nature of risk is very different in cyberspace. Many cryptographic techniques introduce single points of failure. Bonnie and Clide can't rob all the banks at once, but the wily hacker might. It may be cheaper to employ bullet-proof solutions than to really understand the risks in good enough approaches. 4. There is also the question of risk to whom. Many businesses seem to assume the the government will pick up the tab for a major cyber terrorism incident. If business execs can say with a straight face that basic accounting principals are too difficult for them to grasp, imagine what they will say about a massive crypto failure. So in a sense taxpayers and consumers are being asked to insure some of these risks. I suspect they would gladly pay the added costs (pennies) to apply the best available technology. 5. There is a failure to distinguish between components and systems. It may be true that any real world system has holes, but that is no reason to give up on perfecting the tools used to build these systems. Incorporating known weaknesses into new designs is not justifiable, absent a compelling, fact-based, cost/security analysis. Arnold Reinhold - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Identrus buys Digital Signature Trust
--- begin forwarded text Status: U To: [EMAIL PROTECTED] Subject: Identrus buys Digital Signature Trust From: [EMAIL PROTECTED] Reply-to: [EMAIL PROTECTED] Date: 27 Mar 2002 13:48:12 -0800 Identrus buys Digital Signature Trust By LUCAS MEARIAN (March 25, 2002) Identrus LLC today announced that it has signed a deal to acquire Digital Signature Trust Co. (DST) from Salt Lake City-based Zions Bancorporation and the Washington- based American Bankers Association for an undisclosed amount. The deal gives Identrus the service arm it has sorely needed as it struggles to be the user authentication service for business-to-business e- commerce. There is a need for a B2B payment network. The banks were missing the boat, and now they'll be able to jump on and have a solid have base to operate from, said Avivah Litan, an analyst at Gartner Inc. in Stamford, Conn. New York-based Identrus, a vendor formed by a consortium of banks, has been building a global public-key infrastructure (PKI)-based system that was trying to be the de facto digital handshake for cross-border business-to-business transactions. Although Identrus had the framework, guidelines and preferred vendors, it didn't have its own service. Many banks ran into problems with vendors, and it took months to get [the PKI service] implemented. And then the customer didn't want to use it, Litan said. Last year, Identrus assumed ownership of Project Eleanor (see story), a joint venture of several financial institutions aimed at creating a standard for secure business-to-business payments over the Internet and bolstering straight-through processing or single-day settlement of trades. Salt Lake City-based DST provides online digital identity services to federal and state government agencies, including the Social Security Administration, and to U.S.-based financial services and utilities markets through its TrustID program. Greg Worch, chief marketing officer at Identrus, said the two companies are complementary from a geographical standpoint, a market segment standpoint and from a capabilities standpoint. Identrus has been dominant on global basis, but although the U.S. it has some major players, the PKI market was fragmented compared with the rest of the world, he said. TrustID is more targeted to needs of the middle market and B2B space, Worch said. DST also operates not just with banks but has more strength with the nonbank industry -- the mortgage industry, government sector and supply chain area. To remove yourself from this list send a message Unsubscribe to [EMAIL PROTECTED] --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA The IBUC Symposium on Geodesic Capital April 3-4, 2002, The Downtown Harvard Club, Boston mailto: [EMAIL PROTECTED] for details... ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
PGP key server changes [was: RE: 1024-bit RSA keys in danger of compromise]
Enzo wrote: Hmmm... I see that the new 4096-bit super-duper key, besides its own (which doesn't prove much), only bears the signatures of the now revoked -as potentially compromised- old keys 0x375AD924 and 0xEEE8CFF3, plus 0x06757D2D (which turns out to be a 1024-bit DSA key) and 0x50C0FEA7 (a lowly 2048-bit RSA legacy key)... Are you really our Lucky, or the NSA proving our worst fears founded? ;-) Oh, the curse of having to revoke a key that accumulated years of WOT signatures... My new pub key has since acquired a few signatures. You can always get the latest version of my key by fingering [EMAIL PROTECTED] or via LDAP from ldap://pgp.surfnet.nl:11370 (also known as europe.keys.pgp.com, though this alias may not last much longer given that it seems that the canonical PGP keyserver at keyserver.pgp.com appears to already have ceased operations in the wake of NAI placing PGP into maintenance mode. At least I have been unable to connect to that server for several days now. YMMV). No, my new key will not interoperate with PGP 1.0, Bass-O-Matic, or similarly outdated versions of PGP. Readers of this post are discouraged from contacting me to inform me of this fact. I an well aware of it and couldn't care less. Few, if any, programs that I use today would run on the Macintosh DUO 230 on which I generated my first 1024-bit PGP key back when I was an alpha tester for PGP 2.0. Thanks to Moore's Law, my first-ever 1024-bit key took a hell of a lot longer to generate on what was then a brand new machine than it took to generate my new 4096-bit PGP key on the old K6-333 that I used a few days ago to generated not only my new PGP key, but various 4096-bit SSH keys for good measure. My suggestion would be to use the time saved by not sending me such an email to upgrade your version of PGP instead. The key has been tested to work fine with the current release versions of PGP for Windows and Mac as well as GnuPG for UNIX and I presume Windows, though I haven't tested GnuPG on Windows. Those of you that know me are very much encouraged to contact me to verify the fingerprint of my new key. If you have my personal mobile phone number, just call. If you don't, email me for the number. Since I would rather not post it to a public mailing list. --Lucky - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
DMCA Still Faces Its First Criminal Test
http://www.law.com/cgi-bin/gx.cgi/AppLogic+FTContentServer?pagename=law/Viewc=Articlecid=ZZZU66KQBZClive=truecst=1pc=0pa=0s=NewsExpIgnore=trueshowsummary=0 March 28, 2002 DMCA Still Faces Its First Criminal Test Criminal case will test Digital Copyright Act Jason Hoppin The Recorder March 28, 2002 Dmitry Sklyarov is free, but the law under which he was jailed remains. The young Russian programmer turned cyber-cause celebre, arrested last year after a speech in the United States, has been home since he promised to testify in what was once, arguably, the Northern District of California's highest-profile case. But nothing has changed about the underlying issues that so inflamed the cyberlaw community. On Monday, U.S. District Judge Ronald Whyte will put those issues under a microscope in a criminal case that should have a significant impact on creative industries' drive to protect their products through legislation. ElcomSoft Co. Ltd., Sklyarov's employer when he wrote a program that unlocks Adobe Systems Inc.'s password-protected eBooks and PDF files, faces charges under the Digital Millennium Copyright Act, which outlaws the circumvention of encrypted digital works. But ElcomSoft's lawyers, along with Sklyarov's attorneys and backed by a phalanx of law professors and public interest lawyers, will ask Whyte to dismiss the case for a number of reasons, including that ElcomSoft could not have understood the penalties it faced. The failure of a statute, particularly one that carries criminal consequences, to clearly define the conduct it proscribes and thereby ensnare innocent law-abiding individuals is the essence of constitutional vagueness, wrote Duane Morris partner Joseph Burton in asking Whyte to toss the case. Two lawyers from the Northern District's Computer Hacking and Intellectual Property Unit will counter each argument, ranging from broad constitutional issues that may require Whyte to divine the Founding Fathers' intentions to parsing the specific language of the DMCA. Whyte has already heard arguments on whether the government has the jurisdiction to prosecute a Russian company, but hasn't yet ruled. Burton will be joined Monday by attorneys from San Francisco's Keker Van Nest, who will argue that the prosecution violates ElcomSoft's First Amendment rights, since computer code is considered speech. Keker partner Daralyn Durie, joined by associate Michael Celio, are appearing as of counsel. A coalition made up largely of intellectual property law professors, led by Georgetown University's Julie Cohen, submitted a rare amicus curiae brief at the district court level arguing that Congress overstepped its bounds when it enacted the DMCA. And the San Francisco-based Electronic Frontier Foundation, already an integral player in the case, was joined by a hodgepodge of public interest groups (including the American Association of Law Libraries) in submitting a brief in support of the Free Speech argument. (The EFF had lobbied Adobe to drop its support for prosecuting Sklyarov, which it eventually did following a barrage of protest.) The case seems to go to the heart of the efforts of a variety of industries -- movies, music, videos, books and software -- to protect their digital products, which they argue is necessary to protect their livelihood. Cary Sherman, general counsel of the Recording Industry Association of America, said his group has been following the case from afar. We've got our hands full with everything else, Sherman said. The Department of Justice is doing a fine job. ... I think that the government should win. For EFF general counsel Cindy Cohn, the case is about consumers' fair use rights and the First Amendment -- returning to people the ability to copy, print or otherwise manipulate a lawfully purchased eBook. Are we going to put people in jail who simply provide us the tools to get back what they took from us? Cohn asks. Also troubling for Cohn is the message sent by prosecuting someone for creating a technology. I think any attempt to go after the technology is problematic, Cohn said, echoing the EFF's argument that more cases like U.S. v. Elcomsoft, 01-20138, would chill innovation. Sklyarov was arrested in Las Vegas by federal agents in July after giving a speech on eBook encryption at DEFCON, which bills itself as the largest hacker convention on the planet. He was the first person charged by a federal grand jury under the DMCA. The uniqueness of the case is underscored by the number and breadth of the briefs, which offer not just case cites, but virtual histories of the development of IP law in the late 20th century. ElcomSoft, Sklyarov's Moscow-based employer, sold what it called the advanced eBook processor (AEBPR) through a United States-based Web site. Very few of the programs were ever sold -- court filings show an FBI agent contacted only three buyers, though possibly more. A prison term is no longer an issue in the case, but ElcomSoft could face stiff criminal
[FYI] The implications of the UK Export Control Bill
http://www.heise.de/tp/english/inhalt/te/12191/1.html CUT Knowledge Transfer Controls and Academic Freedom Ashley Benigno 28.03.2002 The implications of the UK Export Control Bill A controversial bill that extends export controls on armaments from hardware to intangible goods is currently before the British Parliament. The Export Control Bill has been viewed by some quarters as carrying serious implications for academic freedom, by curtailing research and collaboration through the adoption of transfer controls and the introduction of a licensing regime. The aim of the Bill, as outlined in its introduction, is to make provision enabling controls to be imposed on the exportation of goods, the transfer of technology, the provision of technical assistance overseas and activities connected with trade in controlled goods; and for connected purposes. As defined in the Export Control Bill, 'technology' means information (including information comprised in software). In fact, one of the primary objectives of the Bill is to extend current export control laws that cover only physical goods to include intangibles such as software. While the Bill is seen by the Government as an additional tool in its fight against international terrorism, some academics view the proposed law as being so widely drawn that it would provide ministers with the power to review and suppress any scientific paper prior to its publication, and to license foreign students (not just at British Universities, but students taught by UK nationals anywhere in the world). According to Ross Anderson, a Cambridge University professor and chairperson of the Foundation for Information Policy Research, the effects of the Export Control Bill would be felt across the fields of science and technology, impacting both research and education: The new law would cover most of our research in computer science (fast networks, high performance computing, neural networks, real- time expert systems, hardware and software verification, reverse engineering, computer security, cryptography) and could even force a rewrite of lecture course and project material. The Department of Engineering would be hit by the listing of numerically controlled machine tools and fibre winding equipment, robots, optical amplifiers, software radios and aero engine control systems, as well as many lasers, gyros, accelerometers and similar components. The restrictions that previously only applied to physical hardware objects will be extended to the software used to design, test, control or operate them, or to integrate them into larger systems. The proposed law would also negatively impact transnational collaborative projects. A simple action such as sending an email to a foreign collegue relating to a research issue could end up requiring a special licence. Just like the teaching of many subjects to foreign students would fall under a licensing scheme. It is easy to envisage the administrative nightmare this would entail, the damaging effects on the overseas student contingent and on the development of academic work in general. In Anderson's opinion, opponents of the Bill may argue that while one may well decide to curtail long-established academic liberties because something bad has happened, it is excessive to do so because a bad thing might happen, but hasn't. (Al-Qaida isn't an excuse, unless even basic aerospace engineering is to be reclassified as a technology relevant to weapons of mass destruction). In the meantime, the Cambridge professor has proposed an amendment to the proposed law exempting research and teaching, which has received the backing of Universities UK and the Association of University Teachers. CUT - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: authentication protocols
At 06:14 PM 3/25/2002 -0500, John Saylor wrote: I'd like to find an authentication protocol that fits my needs: 1. 2 [automated] parties 2. no trusted 3rd party intemediary ['Trent' in _Applied_Crypto_] You want to look at the work of Carl Ellison and folks on SPKI It allows one party to authenticate the second. If that fits your case, and it fits a lot, then you are done. No CA needed. The SPKI stuff is at http://world.std.com/~cme/html/spki.html Pat Pat Farrell [EMAIL PROTECTED] http://www.pfarrell.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: authentication protocols
On Mon, 25 Mar 2002, John Saylor wrote: I'd like to find an authentication protocol that fits my needs: 1. 2 [automated] parties 2. no trusted 3rd party intemediary ['Trent' in _Applied_Crypto_] Authentication relative to what? All identity, and therefore all authentication, derives from some kind of consensus idea of who a person is. With no third party, it is hard to check a consensus. Usually authentication comes down to checking a credential. But that implies some third party that issued the credential. So, the pertinent question becomes, what is identity? For purposes of your application, I mean -- no point to go off on philosophical tangents. Answer that, and maybe there'll be a protocol that you can use. Bear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: 1024-bit RSA keys in danger of compromise
On Mon, 25 Mar 2002, Bill Stewart wrote: While SSL implementations are mostly 1024 bits these days, aren't PGP Diffie-Hellman keys usually 1536 bits? I think there's a general consensus that the minimum recommended key size for X9.42 Diffie-Hellman PGP keys is 1024bits. I'm not sure if the standard size is 1536bits. I might be wrong, but I don't believe such a key length standard exists. I think the only size related limitation in X9.42 was related only to size of the prime defining the Galos Field. I haven't worked with X9.42 before. There does not appear to be many 1536bit keys in the global PGP public keyring (the keys of the synchronized public keyservers). I count 1,057 in my copy of the ring, or 0.0748% of the total keys in the ring. Here is more information about that ring: http://gnv.us.ks.cryptnet.net/stats.html Notice the % of keys which is = 1024bits. - VAB --- V. Alex Brennen Senior Systems Engineer IBM Certified Specialist e-TechServices.com IBM Business Partner Bus: 352.246.8553 Fax: 770.216.1877 [EMAIL PROTECTED] http://www.e-techservices.com/people/vab/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: authentication protocols
John Saylor wrote: Hi I'd like to find an authentication protocol that fits my needs: 1. 2 [automated] parties 2. no trusted 3rd party intemediary ['Trent' in _Applied_Crypto_] Most of the stuff in _Applied_Crypto_ requires that third party. It may be an impossible task, nothing seems obvious to me. Pointers, suggestions, or aphorisms all welcome. You need to specify what you are trying to achieve! For example, its easy to avoid third parties if you have already exchanged keys. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: ciphersaber-2 human memorable test vectors
At 10:15 AM -0800 3/26/02, Adam Back wrote: In general purely human readable test vectors are not ideal as they are 7 bit, and there have been cases where implementation errors or related to the 7th bit (for example one blowfish implementation had problems with signd / unsigned chars), but it is kind of an interesting though experiment. If this issue seems to be a problem for a particular cypher, there are a couple of ways to try to solve it: * Compress out the eighth bit (requiring 10 characters for a 64 bit block cypher instead of 8). * Remember a pattern of high order bits. Something like would be relatively easy to remember, and would help mitigate signed vs. unsigned number problems on 32 bit machines. Cheers - Bill - Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]