s to cloak cyberwar activities,
or they want to learn the flaws of the product so they can penetrate
anonymity. (Why not -- according to CNN, the NSA claims that Osama bin
Laden has better communications technology than we do)
--Steve Bellovin, http://www.research.att.com/~smb
available.
The attack is quite expensive; it requires O(2^64) operations, several
terabytes of memory, and 2^22 signed messages.
--Steve Bellovin, http://www.research.att.com/~smb
Today's Wall Street Journal reports that the FBI is changing the name
of Carnivore. It will now be known as the DCS1000 -- the "DCS" stands
for "Data Collection System".
Clearly, that resolves all of the problems with it.
--Steve Bellovin, http://www.research.att.com/~smb
, not the
transmission!
--Steve Bellovin, http://www.research.att.com/~smb
PROTECTED]
***
--- End of Forwarded Message
--Steve Bellovin
The draft Carnivore report is at
http://www.usdoj.gov/jmd/publications/carniv_entry.htm
I haven't checked yet to see if any of the redactions are reversible...
--Steve Bellovin
glut of litigation."
A final decision will be made in November.
--Steve Bellovin
According to today's Wall Street Journal, the judge in the DeCSS case
against 2600 publisher Eric Corley (better known as Emmanuel Goldstein)
has asked both sides to submit briefs on whether or not software is
speech, and hence protected by the First Amendment.
--Steve
do under CALEA. I
don't see extending it at this point.
--- End of Forwarded Message
--Steve Bellovin
not heard of
GEE, and as far as I knew the ministry used online machines. Does
anyone have any details on either this system or its solution?
--Steve Bellovin
--Steve Bellovin
I spent the week at the Fast Software Encryption and AES-3 conferences
in New York. The big news is that there was no big news. All five
candidates still look solid, and there were at least as many papers
on performance as on cryptanalytic results. Not only that, the
former were more
s on order...
--Steve Bellovin
Are there any freely-available secret-sharing packages around? Specifically,
I need to be able to set up modestly complex policies to protect a sensitive
signature key.
While source code would be best, I'd also be interested in smart card-based
products.
--Steve Bellovin
about this? I know that Zimmerman (ab)used
U.S. facilities to transmit the message, but it was encrypted in 0075 code, as
I recall.
--Steve Bellovin
According to the Wall Street Journal, nine Internet firms (AOL, Amazon.com,
Yahoo, eBay, Excite@Home, DoubleClick, Inktomi, theglobe.com, and Lycos) have
formed a Washington lobbying group. The purpose is to focus on issues of
concern to Internet companies. The article does list privacy
Shamir's paper describing his design for a factoring machine is now
available (with permission) at http://www.research.att.com/~smb/twinkle.ps --
I'll leave it there for a few weeks.
To: [EMAIL PROTECTED]
From: Dave Farber [EMAIL PROTECTED]
Subject: IP: "Intercepting the Internet"
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: [EMAIL PROTECTED]
Precedence: list
Reply-To: [EMAIL PROTECTED]
From: "Caspar Bowden" [EMAIL PROTECTED]
To: "Dave Farber
Before cheering too much about McCain's apparent change of heart, it's
worth doing some arithmetic. 64-bit ciphers are vulnerable to a brute
force attack that costs 256 times what an attack on the same 56-bit
cipher would cost. Plug in EFF's 250K and you see that a similar design
would cost
But what you imply, that PGP (and other programs that request passwords
and passphrases from the user) should be more picky in what it accepts, is
an excellent idea. Of course, it's impossible to force the user to choose
a good passphrase, but requiring no fewer than, say, 12 characters that
In message [EMAIL PROTECTED], Colin Plumb writes:
Well, as I mentioned, I said so in fairly emphatic terms once already,
although I don't know whether such access was planned or if my comments
had any effect. I'm having another, more detailed discussion with the
responsible designers on
Intel has announced a number of interesting things at the RSA conference.
The most important, to me, is the inclusion of a hardware random number
generator (based on thermal noise) in the Pentium III instruction set.
They also announced hardware support for IPSEC.
I asked a friendly patent attorney. The Patent Office accepts what are
called "statutory invention registrations" that serve this purpose.
I don't know how to file one, or what they cost.
In message [EMAIL PROTECTED], Jim Gillogly writes:
"Arnold G. Reinhold" [EMAIL PROTECTED] writes:
... descriptions on the CipherSaber web site http://ciphersaber.gurus.com .
..
Any comments, suggestions, endorsements and publicity are welcome.
I'll endorse it -- the pages give a good
24 matches
Mail list logo
