On Mon, 11 Dec 2000, Enzo Michelangeli wrote:
--Ray Dillinger wrote:
There are times and places where you can use salt, and times and places
where you can't. In order to use salt with a passphrase, you have to
store it somewhere. And that means that a person who has only the
ciphertext
values
(such as dbm files indexed by encrypted passphrase).
Enzo
- Original Message -
From: "Ray Dillinger" [EMAIL PROTECTED]
To: "Enzo Michelangeli" [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, December 11, 2000 10:44 AM
Subject: Re: migration paradigm
At 12:12 PM 12/10/2000 -0500, you wrote:
snip ---
Finally, I'd like to see software that employs passphrases offer to
suggest a passphrase, rather than let the poor user sort through all
the conflicting -- and often bad --
On Tue, 5 Dec 2000, David Honig wrote:
Is there a reason not to use AES block cipher in a hashing mode
if you need a secure digest of some data?
Hashing modes of block ciphers require a re-key for every block, and hence
are really, really slow.
-Bram Cohen
At 03:43 PM 12/6/00 -0600, Rick Smith at Secure Computing wrote:
At 05:04 PM 12/5/00, Ray Dillinger wrote:
If someone wants to enter "sex" as a password, s/he deserves
what s/he gets (although you may put up an "insecure passphrase"
warning box for him/her).
The problem is that there's no
At 10:23 AM 12/8/00 -0800, Bram Cohen wrote:
On Tue, 5 Dec 2000, David Honig wrote:
Is there a reason not to use AES block cipher in a hashing mode
if you need a secure digest of some data?
Hashing modes of block ciphers require a re-key for every block, and hence
are really, really slow.
Rick Smith at Secure Computing [EMAIL PROTECTED] writes:
Now, just how do we intend to address such concerns in our memory-based
authentication systems? Our whole technology for using memorized secrets is
built on the belief that people will remember and recite these secrets
perfectly.
- Original Message -
From: "Bill Stewart" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; "William Allen Simpson"
[EMAIL PROTECTED]
Sent: Friday, December 08, 2000 11:58 PM
Subject: Re: migration paradigm (was: Is PGP broken?)
A more important pro
Bram Cohen [EMAIL PROTECTED] writes:
Is there a reason not to use AES block cipher in a hashing mode
if you need a secure digest of some data?
Hashing modes of block ciphers require a re-key for every block, and hence
are really, really slow.
Well, Rijndael can re-key faster than it can
At 3:35 PM -0600 12/7/2000, Rick Smith at Secure Computing wrote:
At 02:43 PM 12/7/00, Peter Fairbrother wrote:
In WW2 SOE and OSS used original poems which were often pornographic. See
"Between Silk and Cyanide" by Leo Marks for a harrowing account.
Yes, a terrific book. However, the book also
On Sun, 10 Dec 2000, Enzo Michelangeli wrote:
A more important problem with passphrase-based keys is collisions -
two people picking wimpy passwords can end up with the same keys.
Salt should take care of this (as well as reducing the effectiveness
of dictionary attacks).
There are times
At 02:43 PM 12/7/00, Peter Fairbrother wrote:
In WW2 SOE and OSS used original poems which were often pornographic. See
"Between Silk and Cyanide" by Leo Marks for a harrowing account.
Yes, a terrific book. However, the book also contains an important lesson
regarding human memory.
Marks was
From: Rick Smith at Secure Computing [EMAIL PROTECTED]
Does anyone have a citation as to the source of this 1.33 bits/letter
estimate? In other words, who computed it and how? It's in Stinson's crypto
book, but he didn't identify its source. I remember tripping over a
citation for it in
On Wed, Dec 06, 2000 at 08:32:54AM -0200, [EMAIL PROTECTED] wrote:
I've asked previously, but I hope it won't hurt asking
again. Has anyone compared the relative speeds of
(efficient implementations of) the SHA-2 functions and
Rijndael? Are there any figures available?
There is a speed
on 6/12/00 9:43 pm, Rick Smith at Secure Computing at
[snip]
"My name is Ozymandias, king of kings:
Look upon my works, ye Mighty, and despair!"
So the 'new dictonary' for pass phrase attacks contains all the chestnuts
from all the school lit books in the country. I expect there's a lot of
At 05:04 PM 12/5/00, Ray Dillinger wrote:
If someone wants to enter "sex" as a password, s/he deserves
what s/he gets (although you may put up an "insecure passphrase"
warning box for him/her).
The problem is that there's no objective way of knowing when a passphrase
becomes 'insecure' since
At 3:43 PM -0600 12/6/2000, Rick Smith at Secure Computing wrote:
Does anyone have a citation as to the source of this 1.33
bits/letter estimate? In other words, who computed it and how? It's
in Stinson's crypto book, but he didn't identify its source. I
remember tripping over a citation for
David Wagner wrote:
David Honig wrote:
Is there a reason not to use AES block cipher
in a hashing mode if you need a secure digest
of some data?
Yes. The standard hashing modes provide only
128-bit hash digests, and for long-term collision-
resistance, we'd probably like longer
On Mon, 4 Dec 2000, William Allen Simpson wrote:
We could use the excuse of AES implementation to foster a move to a
new common denominator.
AES is silly without an equivalently good secure hash function, which we
don't have right now.
[SHA-2 looks pretty good. What's your problem with it?
At 7:20 PM + 12/4/2000, lcs Mixmaster Remailer wrote:
William Allen Simpson [EMAIL PROTECTED] writes:
My requirements were (off the top of my head, there were more):
4) an agreed algorithm for generating private keys directly from
the passphrase, rather than keeping a private key
On Mon, 4 Dec 2000, Bram Cohen wrote:
[SHA-2 looks pretty good. What's your problem with it? --Perry]
It's slow. It's fast enough for most applications, but then again so is
3DES - either you care about speed or you don't, and if you do, SHA2 just
doesn't rank up there with Rijndael.
-Bram
At 11:59 PM 12/4/00 -0800, Alan Olsen wrote:
The
review of the system during the audit was less than nice, but they still
wanted to go ahead with it.
Didn't they set themselves up for extra liability when fraud
is committed due to their *now conscious* lack of diligence?
Ignorance is bliss,
At 3:04 PM -0800 12/5/2000, Ray Dillinger wrote:
On Tue, 5 Dec 2000, Arnold G. Reinhold wrote:
...
I believe there are applications where a passphrase generated key is
preferable.
I think a standard such as Mr. Simpson suggests is a worthwhile idea.
No one is forced to use a standard just
On Tue, 05 Dec 2000, Bram Cohen wrote:
[SHA-2 looks pretty good. What's your problem with it? --Perry]
It's slow.
Just how slow? Are you sure you tried a production implementation? What
efficiency figures do you have (say, SHA-256 vs. SHA-1 vs. Rijndael)?
Paulo Barreto.
David Honig wrote:
Is there a reason not to use AES block cipher in a hashing mode
if you need a secure digest of some data?
Yes. The standard hashing modes provide only 128-bit hash digests, and
for long-term collision-resistance, we'd probably like longer outputs.
Also, Rijndael has not
William Allen Simpson [EMAIL PROTECTED] writes:
My requirements were (off the top of my head, there were more):
4) an agreed algorithm for generating private keys directly from
the passphrase, rather than keeping a private key database.
Moving folks from laptop to desktop has
- Original Message -
From: "lcs Mixmaster Remailer" [EMAIL PROTECTED]
Sent: Tuesday, December 05, 2000 3:20 AM
William Allen Simpson [EMAIL PROTECTED] writes:
My requirements were (off the top of my head, there were more):
4) an agreed algorithm for generating private keys
27 matches
Mail list logo
