David Wagner wrote:
Enzo Michelangeli wrote:
OpenPGP tries to detect such "wrong key" situations for
symmetrically-encrypted packets in a pretty simplistic way, [...]
The repetition of 16 bits in the 80 bits of random data prefixed to
the message allows the receiver to immediately
-BEGIN PGP SIGNED MESSAGE-
David Wagner wrote:
History shows that it is extremely easy to propose schemes for
encryption-with-integrity that are plausible-looking yet nonetheless
entirely broken. At this point, I don't think I would trust very much
a proposal without a proof.
For
Enzo Michelangeli wrote:
OpenPGP tries to detect such "wrong key" situations for
symmetrically-encrypted packets in a pretty simplistic way, [...]
The repetition of 16 bits in the 80 bits of random data prefixed to
the message allows the receiver to immediately check whether the
session
William Allen Simpson wrote:
As far as I can tell, the only unique element is the mod 2^128 - 159
function. We just need to use another function.
My own favorite (in CBCS) has been rotation by the population count [...]
The uniquely valuable aspect of Jutla's scheme (and other related
- Original Message -
From: "David Wagner" [EMAIL PROTECTED]
Newsgroups: isaac.lists.cryptography
To:
Sent: Monday, December 18, 2000 9:14 AM
Subject: Re: IBM press release - encryption and authentication
Enzo Michelangeli wrote:
OpenPGP tries to detect such "wrong
Ray Dillinger writes:
I may be misunderstanding what you are suggesting, but the construction
that uses an encrypted CRC as a MAC is insecure. Eg. Stubblebine
Gligor[1] show attacks on protocols which encrypt the concatenation of a
packet and a CRC-32 using DES-CBC. The properties of the MAC,
On 14 Dec 2000, Nikita Borisov wrote:
I think, though, that the "parallelization-friendliness" of the result
is much more interesting than being able to encrypt and MAC at the same
time.
Encrypt and MAC together are pretty useful too - it can result in a factor
of two improvement in speed on
In article 010801c064d0$b64193a0$6000a8c0@em,
Enzo Michelangeli [EMAIL PROTECTED] wrote:
Apart from the parallelization-friendliness, wouldn't the same result be
achieved by encrypting the concatenation of the plaintext with a MAC
implemented through a fast error detection code (say, a
D]
Sent: Saturday, December 09, 2000 8:50 AM
Subject: Re: IBM press release - encryption and authentication
In message
[EMAIL PROTECTED], "P
.J. Ponder" writes:
from: http://www.ibm.com/news/2000/11/30.phtml
IBM develops algorithm that encrypts and authenticates simultaneousl
On Sun, 10 Dec 2000, Rich Salz wrote:
No word, of course, on how the thing actually works, or whether they
intend to patent it.
Not so. Search your nearest IETF internet-drafts repository for
draft-jutla-ietf-ipsec-esp-iapm-00.txt
I was complaining about the total lack of
On Sun, 10 Dec 2000, Rodney Thayer wrote:
P.s, when he spoke at Stanford I asked about patents and he said
it was patented, and he said NIST is trying to get them to put it
in the public domain.
There are slides for it online at
[EMAIL PROTECTED] wrote:
The world is not so simple, not so black and white.
For example, you're completely omitting any outside
factors beyond the crypto algorithm itself.
Such as...? (Please restrict your answer to topics
pertinent to this discussion list).
Oh come on. The
Rich Salz [EMAIL PROTECTED] writes:
No word, of course, on how the thing actually works, or whether they
intend to patent it.
Not so. Search your nearest IETF internet-drafts repository for
draft-jutla-ietf-ipsec-esp-iapm-00.txt
Eh? It would be bad if a patented system became
In article [EMAIL PROTECTED],
Bram Cohen [EMAIL PROTECTED] wrote:
it's not hard to figure it out just from the slides - there are actually
two methods given, one which requires an extra lg(n) encryptions and one
which requires two extra encryptions but has a bunch of modular
arithmetic. Rijndael
At 05:14 PM 12/11/2000 -0800, Nikita Borisov wrote:
But in his examples, addition mod 2^128 - 159 can be implemented rather
quickly:
S_i = S_{i-1} + b [regular 128-bit addition]
if (b S_i) S_i += 159
Ahhh, yes, a classical example of premature optimisation. This is, of
course, a different
Greg Rose writes:
At 05:14 PM 12/11/2000 -0800, Nikita Borisov wrote:
But in his examples, addition mod 2^128 - 159 can be implemented rather
quickly:
S_i = S_{i-1} + b [regular 128-bit addition]
if (b S_i) S_i += 159
Ahhh, yes, a classical example of premature optimisation. This is, of
In message [EMAIL PROTECTED], "P
.J. Ponder" writes:
from: http://www.ibm.com/news/2000/11/30.phtml
IBM develops algorithm that encrypts and authenticates simultaneously
More precisely, this is a new mode of operation that does encryption
and authentication in one pass. It's also amenable
On Thu, 7 Dec 2000, P.J. Ponder wrote:
from: http://www.ibm.com/news/2000/11/30.phtml
IBM develops algorithm that encrypts and authenticates simultaneously
No word, of course, on how the thing actually works, or whether they
intend to patent it.
A note to the clueful about it being
On Fri, 08 Dec 2000, Bram Cohen wrote:
On Thu, 7 Dec 2000, P.J. Ponder wrote:
from: http://www.ibm.com/news/2000/11/30.phtml
IBM develops algorithm that encrypts and authenticates simultaneously
No word, of course, on how the thing actually works, or whether they
intend to patent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
this is talking about parallizing processing of an individual message.
the application for this is packet processing in a protocol stack,
or "lower", packet processing in hardware below+/inside the protocol
stack.
you can't parallelize IPsec, for
On Sun, 10 Dec 2000, Paulo S. L. M. Barreto wrote:
A description of Jutla's mode of operation is available from NIST's AES site.
And yes, IBM has filed patent for it.
Note to cryptographers of the world - there are two reasons to patent an
algorithm -
1) to keep anyone else from patenting it
No word, of course, on how the thing actually works, or whether they
intend to patent it.
Not so. Search your nearest IETF internet-drafts repository for
draft-jutla-ietf-ipsec-esp-iapm-00.txt
And in there you will find
5. Intellectual Property Issues
IBM has
22 matches
Mail list logo