Got this from Mordy Ovits [EMAIL PROTECTED]
Is the following of more than trivial value? It does seem to use L
integers...
#!/usr/bin/python
from sys import*;from string import*;a=argv;[s,p,q]=filter(lambda x:x[:1]!=
'-',a);d='-d'in a;e,n=atol(p,16),atol(q,16);l=(len(q)+1)/2;o,inb=l-d,l-1+d
stream. It looks very
like white noise.
What is your estimate how difficult it would be to screen for such
communication channels, and how rapidly could one crack them (assuming
no further encryption of the traffic)?
-- Eugene Leitl
bram writes:
Most of the fancy reseedable PRNG schemes people have come up with are
based on using secure hashes.
They are sure validated, but are they the best we can do? MD5, the
nonplusultra, really?
bram writes:
I'm not sure if anybody's yarrowified /dev/random yet - I think someone
from coderpunks was working on it.
Does anybody know how cellular automata perform re cryptographically
solid random number generators? They can crank out a lot of integers
with a minimum investment in
What is your oppinion on the security of this system. Any obvious
flaws?
http://www.santafe.edu/~hag/ca11/ca11.html
A Massively Parallel Cryptosystem Based on Cellular Automata
Howard Gutowitz ESPCI; Laboratoire d'Electronique 10 rue Vauquelin;
75005 Paris, France [EMAIL PROTECTED]
The DES
John Young writes:
Nations do not control distribution of intangible items. While
I recognize that this issue is controversial, unless we address
this situation, use of the Internet to distribute encryption products
will render Wassenaar's controls immaterial."
I just love this
Lucky Green writes:
[Before a reader replies with an argument based on a claim that strong
crypto is in the process of becoming ubiquitous, please take a look at your
phone. Does it perform 3DES encryption? Do the phones of the majority of
Phone? Why do I need a stupid phone if there's
David Honig writes:
One of the many uses of nitric acid. Ie, take random samples
I thought this is mostly done by removing the bulk of the package
polymer by grinding, and then subjecting the rest of it to a plasma
etch.
I haven't put a processed wafer into nitric acid yet, but I could
Hi,
recently we had a break-in where very valuable intellectual property
was stolen along with (negligeable) hardware.
To prevent this in future I'd like to establish a (physically secured)
Linux SMB server running a cryptographic file system.
I've taken a quick look, and there seem to exist
John Gilmore writes:
What are you guys talking about? Differential power analysis doesn't
require any physical attack, nor does it deal with voltage
variations. (You are probably thinking of Shamir's fault-injection
You can't do differential power analysis if you supply power
Eli Brandt writes:
If so, doubling the cap size halves the cutoff frequency (right?),
halving the leaked power. Integrating runs gives signal voltage
linear in n and noise voltage sqrt(n); voltage ratio is sqrt; power
ratio is linear. So leaked-signal power is
Theta(
For the truly paranoid: it is perfectly possible to boostrap a working
Forth environment *by hand*, whether by hand assembly and flashing the
resulting image, or by porting eForth (or any Forths written in C) to
an embedded target.
You simply can't fit any Trojan in there: a minimal Forth OS
I've recently aquired a video camera (bttv-based 3Com Bigpicture, can
do 30 fps true color 640x480). I've noticed that under certain
conditions images can become quite noisy. Does anyone has data on the
amount and quality of the entropy produced?
I wouldn't mind any pointers to sources
David Honig writes:
Even if I had the same hardware, perhaps the tolerances on my ADCs are
different from yours.
And illumination levels will affect certain kinds of noise.
Sure, but the entropy generation rate will be in any case higher than
stuff coming from /dev/dsp
The point:
I presume if he fails to deliver the goods on time you'll henceforth
consider 56 bit secure, in all eternity (=5-10 years)?
Strange kind of reasoning.
Marshall Clow writes:
OK, Bob.
You have claimed to be from Missouri.
Show me.
Here's an encrypted file, encrypted with a 56 bit
Wiping is not enough in some cases. With magnetical proximal probe
microscopy one can read residual magnetisation even in low-level
formatted disks.
First wiping with ones and zeroes and then overwriting several times
with (pseudo)random sequences offers better protection.
The optimal solution
Steven M. Bellovin writes:
The problem, from the perspective of an intelligence agency, is figuring out
what to listen to. Let's do some arithmetic.
The product you cite requires at least a 133 Mhz Pentium; 200 Mhz preferred.
How many such chips are needed? Well, according to a
Arrianto Mukti Wibowo writes:
About Mondex, probably you are right. No information is available about the
internals of Mondex, and is kept secret, unlike CAFE which the specification
The fact that Mondex keeps its VM specs secret does not forebode well
for its security. Apparently, the VM
Well, the deformations must be smooth, so this just describes an
attack against a certain type of watermarks.
As I said, it is difficult to resiliently watermark a single image.
Paul Crowley writes:
As far as I know, all fielded watermarking schemes can be defeated
with simple, invisible
http://www.eetimes.com/story/OEG2217S0039
Copy protection proposed for digital displays
By David Lammers
EE Times
(02/17/00, 7:02 p.m. EST)
PALM SPRINGS, Calif.-At the Intel Developer Forum here, Intel
Corp. unveiled a copy protection scheme that will add a layer of
encryption between
I haven't had the opportunity to try Napster yet (upgrade to glibc is
way overdue). Everybody is raving about it, though, so it is probably
very good.
It seems however, that Napster suffers from a few design flaws:
centralism (there is a central database, right?); it seems to produce
cleartext
(((I urge you to donate some of your computational/networking
resources to the Freenet project, even if it's a single xDSL
box. Details how to help see Latest News below.)))
http://freenet.sourceforge.net/
"I worry about my child and the Internet all the time, even though
she's too
http://www.mozillazine.org/
Thursday March 9th, 2000
Mozilla Crypto Released for Windows, Linux!
The first crypto-enabled builds of Mozilla have come online. Currently
there are Windows and Linux builds available - a Mac version will be
available soon. Enabled in these initial builds are
Of course U.S. companies are entirely innocent of that practise.
Right.
Sounds just like another lame excuse to me. Pedophiles, terrorists,
hackers, now it's Evil Euros, snatching up contracts using
bribes. Yawn. I'm surprised Janet Reno has this time nothing to say
about this.
Bill Stewart
Of course it ain't actual encryption, only (high-payload)
steganography at best. Now, if you sneak a message into a living
critter (a pet ("the message is the medium"), or creating the ultimate
self-propagating chainletter, a pathogen), that would be an
interesting twist.
Interesting is that
Arnold G. Reinhold writes:
If you know the DNA sequences of alphabet letters, you can PCR probe
for common words or word fragments like "the" or "ing" and avoid
total sequencing.
That's true. Luckily, there is no such test for random base sequences,
though a pseudorandom sequence would
Arnold G. Reinhold writes:
I am not sure I understand the difference between "random" and
"pseudorandom" as you are using it here. In any case, I expect more
There is no difference from an attacker's point of view. He can't tell
random from pseudorandom without extra knowledge. But he
I presume the paper in question is
http://www.cs.georgetown.edu/~denning/infosec/Grounding.txt
Ian BROWN writes:
Dorothy Denning wrote an interesting paper on authenticating location using
GPS signals... I think it's reachable from her home page as well as the
following citation:
Bill Stewart writes:
That doesn't mean that the author isn't mixing up two concepts -
GPS vs cell phone location by the phone system's signalling.
GPS burns too much power to be used in typical cellphones -
I'd like to point out an emerging technology (based on digital pulse
radio,
From: "Minow, Martin" [EMAIL PROTECTED]
Jim Choate writes:
Bull, the hardware companies aren't any more trustworthy.
I've been recommending the Dallas Semiconductor "iButton"
http://www.ibutton.com for secure storage. The Java version
also lets you implement your own on-chip algorithms so
David Honig writes:
Again, if they have the 'right' (as border agents) then the technical
difficulty translates into a battle of wills. A non-citizen would
lose. A citizen *might* have a case but might also spend a few
weeks in a Customs' hotel...
Essentially, this means a storage
SteveC writes:
At the risk of going against the tide, I would rather be in a country
where they did search some percentage of the incoming passport holders
belongings than one where they didn't.
They can search for things which can harm other people on the
flight. This involves plastique,
James A. Donald writes:
In real life situations where one wishes a conversation to be secure, are
people most commonly authenticated by true name, or by face.
We're mixing several unrelated items in one pot here. One thing is
authentication, the other is securety. Authentication is when
Only laptops, eh? Encrypted media are not mentioned, obviously. And
clearly every modern OS (IPsec, ssh, even Winders' weak encryption)
has "encryption capability".
Spytool Netscape, who would have thought.
Matt Crawford writes:
This came third-hand, Sandia - DOE - me
"Per
Rich Salz writes:
I'm putting together a system that might need to generate thousands of RSA
keypairs per day, using OpenSSL on a "handful" of Linux machines. What do
folks think of the following: take one machine and dedicate it as an entropy
source. After 'n' seconds turn the network
Bram Cohen writes:
To be fair, Yahoo handles so much mail that the CPU power necessary to
start SSL sessions for all of them gets pretty expensive. They'll probably
start doing end-to-end encryption when the prices of that drop lower,
Moore's law and all that.
Of course, this assumes
Lenny Foner wrote:
But the world is -different- now.
The DMCA exists, and its anticircumvention language will be used as
a bludgeon to sue and perhaps even lock up people who do anything to
bypass the crypto in the disk. Thus, a purely technical solution
This assumes I own the disk. Why
37 matches
Mail list logo