At 5:55 AM +0900 2/10/2001, [EMAIL PROTECTED] wrote:
WF1
In WF1 the 802.11 WEP keys would be changed many times each hour, say
every 10 minutes. A parameter, P , determines how many time per hour
the key is to be changed, where P must divide 3600 evenly. The WEP
keys are derived from a master
The draft paper by Borisov, Goldberg, and Wagner
http://www.isaac.cs.berkeley.edu/isaac/wep-draft.pdf presents a
number of practical attacks on 802.11 Wired Equivalent Privacy (WEP).
The right way to fix them, as the paper points out, is to rework the
802.11 protocol to use better encryption
At 8:58 AM -0500 2/5/2001, Steve Bellovin wrote:
Every now and then, something pops up that reinforces the point that
crypto can't solve all of our security and privacy problems. Today's
installment can be found at
http://www.privacyfoundation.org/advisories/advemailwiretap.html
For almost all
At 1:01 PM -0500 2/4/2001, John Kelsey wrote:
-BEGIN PGP SIGNED MESSAGE-
At 11:02 PM 1/27/01 -0500, William Allen Simpson wrote:
...
"Arnold G. Reinhold" wrote:
There are a lot of reasons why open source is desirable,
but it does simply the job for an attacker.
I disagree.
At 1:36 PM -0800 1/31/2001, Heyman, Michael wrote:
-Original Message-
From: William Allen Simpson [mailto:[EMAIL PROTECTED]]
Subject: Re: electronic ballots
[SNIP much]
It seems that something like a smartcard would be the best scheme.
Not likely. Voting is very different from
At 9:58 PM -0500 1/30/2001, Steven M. Bellovin wrote:
The obituary has, at long last, prompted me to write a brief review of
Marks' book "Between Silk and Cyanide". The capsule summary: read it,
and try to understand what he's really teaching about cryptography,
amidst all the amusing anecdotes
At 1:03 PM -0500 1/25/2001, William Allen Simpson wrote:
-BEGIN PGP SIGNED MESSAGE-
I've been working with Congresswoman Lynn Rivers on language for
electronic ballots. My intent is to specify the security sensitive
information, and encourage widespread implementation in a competitive
I remember those. They were made by Summagraphics. We purchased a
large format one (about 4 feet X 5 feet) to digitize apparel
patterns. They had linear microphones along the top and left sides of
the table. You had to be careful not to put your free hand between
the spark pen and the
One interesting question is exactly how strong radio frequency
illumination could cause compromise of information being processed by
electronic equipment. I have an idea for a mechanism whereby such
illumination could induce generation of harmonic and beat frequencies
that are modulated by
At 6:09 PM -0800 1/8/2001, David Honig wrote:
At 07:51 PM 1/8/01 -0500, Arnold G. Reinhold wrote:
...
By shielding the fixtures, they effectively
place the lights outside of the enclosure.
Yes. But 1. you'd still want a filter the power mains
inside your physically secured zone 2. The site had
At 01:27 PM 1/7/01 -0500, Arnold G. Reinhold wrote:
"Every inch of floor in more than four buildings was covered with
two-by-two-foot squares of bleak brown carpet. When the astronomers
tried to replace it, they discovered it was welded with tiny metal
fibers to the floor. The r
I don't think Chaitin/Kolomogorv complexity is relevant here. In real
world systems both parties have a lot of a priori knowledge. Your
probably_perfect_compress program is not likely to compress this
sentence at all, but PKZIP can. The probably_perfect_compress
argument would work (ignoring
At 10:38 PM + 1/3/2001, Peter Fairbrother wrote:
on 3/1/01 9:25 pm, Greg Rose at [EMAIL PROTECTED] wrote:
At Crypto a
couple of years ago the invited lecture gave some very general results
about unconditionally secure ciphers... unfortunately I can't remember
exactly who gave the
I've written a number calculator applet as a number theory teaching
tool. It exposes most of the functionality in the Java 1.1 (and
later) BigInteger package, including prime checking and modular
arithmetic. One of its goals is to let people try out various
cryptographic calculations by
At 3:35 PM -0600 12/7/2000, Rick Smith at Secure Computing wrote:
At 02:43 PM 12/7/00, Peter Fairbrother wrote:
In WW2 SOE and OSS used original poems which were often pornographic. See
"Between Silk and Cyanide" by Leo Marks for a harrowing account.
Yes, a terrific book. However, the book also
From http://www.defenselink.mil/news/Dec2000/b12062000_bt729-00.html
The Department of Defense, through its Defense Information Systems
Agency, last night awarded Iridium Satellite LLC of Arnold, Md., a
$72 million contract for 24 months of satellite communications
services. This contract
At 3:43 PM -0600 12/6/2000, Rick Smith at Secure Computing wrote:
Does anyone have a citation as to the source of this 1.33
bits/letter estimate? In other words, who computed it and how? It's
in Stinson's crypto book, but he didn't identify its source. I
remember tripping over a citation for
At 7:20 PM + 12/4/2000, lcs Mixmaster Remailer wrote:
William Allen Simpson [EMAIL PROTECTED] writes:
My requirements were (off the top of my head, there were more):
4) an agreed algorithm for generating private keys directly from
the passphrase, rather than keeping a private key
At 11:19 PM -0800 12/4/2000, Bram Cohen wrote:
On Mon, 4 Dec 2000, William Allen Simpson wrote:
We could use the excuse of AES implementation to foster a move to a
new common denominator.
AES is silly without an equivalently good secure hash function, which we
don't have right now.
[SHA-2
At 3:04 PM -0800 12/5/2000, Ray Dillinger wrote:
On Tue, 5 Dec 2000, Arnold G. Reinhold wrote:
...
I believe there are applications where a passphrase generated key is
preferable.
I think a standard such as Mr. Simpson suggests is a worthwhile idea.
No one is forced to use a standard just
At 9:55 AM +0100 11/29/2000, PA Axel H Horns wrote:
On 29 Nov 2000, at 7:07, Stephan Eisvogel wrote:
Adam Back wrote:
(And also without IDEA support for patent reasons even now
that the RSA patent has expired.)
Do you know when the IDEA patent will expire? I will hold a
small party
At 10:19 PM -0500 11/15/2000, Rich Salz wrote:
I'm putting together a system that might need to generate thousands of RSA
keypairs per day, using OpenSSL on a "handful" of Linux machines. What do
folks think of the following: take one machine and dedicate it as an entropy
source. After 'n'
"Steven M. Bellovin" [EMAIL PROTECTED] writes:
Precisely. What is the *real* threat model?
History does indeed show that believed-secure ciphers may not be, and
that we do indeed need a safety margin. But history shows even more
strongly that there are many better ways to the plaintext,
At 12:12 PM -0700 10/7/2000, Ed Gerck wrote:
"Arnold G. Reinhold" wrote:
In public-key cryptography "Non-Repudiation" means that that the
probability that a particular result could have been produced without
access to the secret key is vanishingly small, subjec
At 9:23 AM -0700 10/5/2000, David Honig wrote:
At 09:07 PM 10/3/00 -0400, Nina H. Fefferman wrote:
Hi all,
Does anyone know where (if at all) I can find statistics for the
predictable strings humans tend to produce when asked to create a
"random" sequence of zeros and ones? Maybe
The following information from the Rijndael Page
http://www.esat.kuleuven.ac.be/~rijmen/rijndael/index.html may come
in handy later today when NIST announces the new Advanced Encryption
Standard (AES):
'Rijndael FAQ
1.How is that pronounced ?
If you're Dutch, Flemish,
At 10:08 PM -0700 9/13/2000, Bram Cohen wrote:
On Thu, 14 Sep 2000, Enzo Michelangeli wrote:
http://www.the-times.co.uk/news/pages/sti/2000/09/10/stinwenws01007.html
SOLDIERS are having to use insecure mobile phones to communicate in
battlefield exercises because, they say, the army's radio
At 10:15 PM +0100 9/12/2000, Ben Laurie wrote:
"Arnold G. Reinhold" wrote:
I had some more thoughts on the question of Man in the Middle attacks
on PGP. A lot has changed on the Internet since 1991 when PGP was
first released. (That was the year when the World Wide Web was
introduc
At 6:29 PM +0100 9/13/2000, Ben Laurie wrote:
"Arnold G. Reinhold" wrote:
There's really nothing stopping an implementation of SSL that uses PGP
for key verification. All that's really required at the end of the day
is some ASCII (to check the server name) and a public key
I was searching to see if anyone had done a Zeroize interface for
Java and found a very interesting page
http://www.maritime.org/ecm2.htm on the US military's primary cipher
machine from World War II, the ECM Mark II, aka CSP-989 aka SIGABA.
(It turns out the term "zeroize" goes back to the
I had some more thoughts on the question of Man in the Middle attacks
on PGP. A lot has changed on the Internet since 1991 when PGP was
first released. (That was the year when the World Wide Web was
introduced as well.) Many of these changes significantly reduce the
practicality of an MITM
At 1:08 PM +0100 9/7/2000, Ben Laurie wrote:
John R Levine wrote:
CSS is entirely about subverting first sale, since the only useful
thing that
the CSS crypto does is to assign each DVD a "region code" so that
the DVD can
only be played on players with the same region code. (As has been
At 4:38 PM -0700 9/5/2000, David Honig wrote:
At 05:33 PM 9/3/00 -0400, Dan Geer wrote:
How do they exchange public keys? Via email I'll bet.
Note that it is trivial(*) to construct a self-decrypting
archive and mail it in the form of an attachment. The
recipient will merely have to
At 3:48 PM -0700 9/1/2000, David Honig wrote:
At 09:34 AM 8/30/00 -0700, Ed Gerck wrote:
BTW, many lawyers like to use PGP and it is a good usage niche. Here, in the
North Bay Area of SF, PGP is not uncommon in such small-group business users.
How do they exchange public keys? Via email I'll
At 11:21 AM -0400 8/26/2000, Jeff Kandt wrote:
On or about 11:52 AM -0400 8/24/00, Arnold G. Reinhold wrote:
The design goals: http://tipster.weblogs.com/designgoals
The crypto protocol: http://tipster.weblogs.com/tipsterblock/
Both of these are open to debate.
First let me say something
How hard would it be to filter the public key servers for unsigned
ADKs and either notify the keyowner or just remove the unsigned ADKs?
The cert containing the unsigned ADK could be moved to a separate key
server, equipped with suitable warnings, so the forensic record would
be preserved.
At 11:50 PM -0400 8/23/2000, Jeff Kandt wrote:
On or about 12:49 PM -0400 8/23/00, Arnold G. Reinhold wrote:
Certificate revocation is one of the thorniest issues in public key
cryptography. Maybe you can solve it in this narrow context, but I
would avoid it if there is another way and I
At 10:59 PM -0400 8/20/2000, Jeff Kandt wrote:
...
Tipster allows the artist to revoke any given key with a revokation
certificate. By allowing the artist to encode multiple
URL/signature pairs onto the file, they can set up multiple,
redundant revenue streams, and you encourage competition
Jeff,
I think a voluntary payment system is a fine idea, but I am not sure
that your proposal address the right issues. If I understand what you
are proposing correctly, your scheme allows a CD buyer to verify that
a particular payment server is authorized by the recording artist to
collect
At 8:28 PM -0400 8/17/2000, Jeff Kandt wrote:
On or about 12:57 PM -0400 8/17/00, Arnold G. Reinhold wrote:
I think a voluntary payment system is a fine idea, but I am not
sure that your proposal address the right issues. If I understand
what you are proposing correctly, your scheme allows a CD
Another reason for PGP 2.x compatibility is that there are a lot of
old computers out there that will not run more modern versions. Many
of these machines find their way into 3rd-world countries and NGOs
where there is a life-and-death need for security.
Also there is a argument that these
From http://www.yahoo.com 8/2/2000 1pm
WASHINGTON (Reuters) - A federal judge ordered an emergency hearing
on Wednesday on a privacy rights group's request for the immediate
release of details on Carnivore, the Federal Bureau of
Investigation's e-mail surveillance tool.
The Electronic
At 11:51 PM -0400 7/30/2000, dmolnar wrote:
On Sun, 30 Jul 2000, Arnold G. Reinhold wrote:
By the way, I could not find the April 2000 RSA Data Security
Bulletin on three primes at
http://www.rsasecurity.com/rsalabs/bulletins/index.html Is there a
better link?
The link I had in mind
0 RSA Data Security
Bulletin on three primes at
http://www.rsasecurity.com/rsalabs/bulletins/index.html Is there a
better link?
Arnold Reinhold
At 1:06 PM -0700 7/28/2000, Steve Reid wrote:
On Thu, Jul 27, 2000 at 03:00:16PM -0400, Arnold G. Reinhold wrote:
I like "Biprime Cryptography,&quo
At 7:05 AM -0700 7/27/2000, Rodney Thayer wrote:
What shall we call
that-public-key-algorithm-that-will-not-be-patent-protected in late
September? we should not use a trademarked or copyrighted term, in my
opinion.
There was discussion of this a while ago, I think. I don't recall what
was
At 12:31 AM +0100 7/18/2000, Paul Crowley wrote:
A variant on this question that we might see for lots of questions
soon: what's the best way to do this given only AES as a primitive?
Here's a simple way that uses all of the passphrase to control a
cryptographic PRNG that can be used to generate
At 12:08 PM -0400 7/3/2000, William Allen Simpson wrote:
-BEGIN PGP SIGNED MESSAGE-
"Arnold G. Reinhold" wrote:
Nothing new here. I often buy stuff on line and only get e-mail
receipts. My credit card statements are a backup, I suppose. If
anything the new law will strengthe
At 8:52 PM -0400 6/7/2000, Don Davis wrote:
...
but, when SGI announced their lavarand patent
application in the press a few years ago, i
decided that it wasn't worth worrying about.
theirs is clearly a defensive patent, intended
only to make sure that noone can keep SGI from
using anything they
At 3:27 PM -0400 6/6/2000, Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], "Steven
M. Bellovi
n" writes:
In message [EMAIL PROTECTED], Dennis
Glatting writes:
There is an article (somewhere) on the net of digital cameras focused
on lava lamps. Photos are taken of the lava lamps
At 3:15 AM -0500 6/6/2000, John Kelsey wrote:
-BEGIN PGP SIGNED MESSAGE-
At 07:08 PM 6/5/00 -0700, [EMAIL PROTECTED] wrote:
So I'm curious about what all methods do folks currently use (on NT
and unix) to generate a random seed in the case where user
interaction (e.g. the ol' mouse
I'm not sure I care for the elitist tone in Dan's posting either, but
he raises some points that deserve serious consideration. Sure we
have mail-in absentee ballots now, but the number of people who
choose to vote that way is small and an absentee ballot split that
varied markedly from the
At 8:39 AM -0400 5/27/2000, Steven M. Bellovin wrote:
In message v04210109b5531fa89365@[24.218.56.92], "Arnold G.
Reinhold" writes:
o There is the proposed legislation I cited earlier to protect these
methods from being revealed in court. These are not aimed at news
reports (that w
At 11:17 AM -0500 5/25/2000, Rick Smith wrote:
As usual with such discussions, lots of traffic hides substantial amounts
of agreement with touches of disagreement.
Agreed. Let me summarize what I am trying to say. Then maybe it is
time to move on.
1. I think citizen access to strong
Someone made the comment in this thread (I can't seem to find it
again) that a bug in MS security that counts as a hole, not a
backdoor. But a cooperative relationship between Microsoft and NSA
(or any vendor and their local signals security agency) can be more
subtle. What if Microsoft
At 2:56 PM -0400 5/12/2000, Peter Wayner wrote:
I think all crypto products rely on passphrases. Every wallet is
locked with a passphrase. Every private key is locked away. Even the
smart cards are usually sewn up with PINs. It's just a fact of life
and it seems unfair to me to pick upon
Here are my comments on Hushmail and ZipLip:
HUSHMAIL
Hushmail publishes their design and it seems to be generally well
constructed. However it is extremely important for your readers to
understand that the security of their HushMail account depends
*entirely* on the strength of the
At 12:43 PM +0300 5/11/2000, [EMAIL PROTECTED] wrote:
Thanks to all for the very interesting info. For people interested, here's
a summary of answers and ideas:
You left out my direction finding approach :( I think it has merit.
Electronically steerable antennas are quite practical at L band
Dorothy Denning wrote an interesting paper on authenticating location using
GPS signals... I think it's reachable from her home page as well as the
following citation:
D. E. Denning and P. F. MacDoran, "Location-Based Authentication: Grounding
Cyberspace for Better Security," Computer Fraud and
At 1:05 AM -0700 5/8/2000, Lucky Green wrote:
Arnold wrote:
It will be interesting to see what the reports say. But it is worth
noting that according to
http://www.uscourts.gov/wiretap99/contents.html there were 1350
wiretaps approved by state and federal judges in the US in 1999. 72%
were
On Fri, 5 May 2000 08:58:45 -0400 "Arnold G. Reinhold"
[EMAIL PROTECTED] writes:
It's worse than that. The new reports are to cover "law enforcement
encounters with encrypted communications in the execution of wiretap
orders." http://www.politechbot.com/docs/clinto
Can anyone point me to a good definition of "Perfect Forward Security"?
Arnold Reinhold
I am not a conspiracy nut. I think Oswald killed Kennedy all by
himself; Roosevelt had no idea Pearl Harbor was about to be attacked;
and Ben Jerry only wanted to make great ice cream. But I think
people are underestimating NSA if they think they would be afraid to
introduce crypto
Ben Laurie [EMAIL PROTECTED] wrote:
"Arnold G. Reinhold" wrote:
I wonder if you are confusing the length in bits of a PKC key, e.g. a
prime factor of an RSA public key, with the entropy of that private
key. The prime factor may be 512 bits long, but it usually does not
have anywa
I wonder if you are confusing the length in bits of a PKC key, e.g. a
prime factor of an RSA public key, with the entropy of that private
key. The prime factor may be 512 bits long, but it usually does not
have anyway near 512 bits of randomness. Usually a secret prime is
generated by adding
http://dailynews.yahoo.com/h/nm/2317/tc/eu_spying_1.html
EU to Set Up Major Probe Into U.S. 'Spy' Charges
BRUSSELS (Reuters) - The European Parliament is set to announce next
Wednesday that it will set up a special inquiry committee into
allegations that the United States uses an
Arnold G. Reinhold writes:
If you know the DNA sequences of alphabet letters, you can PCR probe
for common words or word fragments like "the" or "ing" and avoid
total sequencing.
That's true. Luckily, there is no such test for random base sequences,
though a pseudor
At 7:39 PM -0800 3/14/2000, Eugene Leitl wrote:
Of course it ain't actual encryption, only (high-payload)
steganography at best. Now, if you sneak a message into a living
critter (a pet ("the message is the medium"), or creating the ultimate
self-propagating chainletter, a pathogen), that would
By Matt Pottinger
BEIJING (Reuters) - China has eased tough new restrictions on
encryption technology,
announcing that a vast category of consumer software and equipment
-- including mobile
phones and Microsoft Windows -- would be exempt from the rules.
The government agency in charge
At 12:55 AM -0600 3/10/2000, John Kelsey wrote:
[much deleted]
Actually, the subpoena threat means that we need to put the
entities holding shares of the secret in places where even
we can't find them. In the extreme case, there's some
machine somewhere with e-mail access, which may carry some
At 10:56 AM -0500 3/8/2000, Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], "Matt Crawford" writes:
If you're going to trust that CryptoSat, inc. hasn't stashed a local
copy of the private key, why not eliminate all that radio gear and trust
CryptoTime, inc. not to publish the
VERISIGN ACQUIRES NETWORK SOLUTIONS TO FORM
WORLD'S LARGEST PROVIDER OF INTERNET TRUST SERVICES
Mountain View, CA Herndon, VA, March 7, 2000 - - VeriSign, Inc.
(Nasdaq:VRSN), the leading
provider of Internet trust services, and Network Solutions, Inc.
(Nasdaq: NSOL), the world's leading
At 5:09 PM -0500 2/11/2000, Dan Geer wrote:
I agree with Peter and Arnold; in fact, I am convinced that
as of this date, there are only two areas where national
agencies have a lead over the private/international sector,
namely one-time-pad deployment and traffic analysis. Of those,
I would
At 8:02 AM -0500 2/12/2000, Peter Gutmann wrote:
Late last year the Capstone spec ("CAPSTONE (MYK-80) Specifications",
R21-TECH-30-95) was partially declassified as the result of a FOIA lawsuit[0].
The document is stamped "TOP SECRET UMBRA" on every page. UMBRA is a SIGINT
codeword, not an
At 12:38 PM -0800 2/11/2000, David Wagner wrote:
In article v04210102b4ca1b7a641f@[24.218.56.92],
Arnold G. Reinhold [EMAIL PROTECTED] wrote:
Clipper/Capstone was always advertised to the public as providing a
higher level (80-bits) of security than DES while allowing access by
law
I'd like to tone this discussion down a bit and get back to basics.
First of all, I am happy to thank Intel for finally releasing the
hardware interface. I hadn't known about its release until this
thread. I'm always grateful when someone does the right thing, even
if it's late. Second, I
At 9:00 PM + 2/2/2000, lcs Mixmaster Remailer wrote:
It may not have been mentioned here, but Intel has
released the programmer interface specs to their RNG, at
http://developer.intel.com/design/chipsets/manuals/298029.pdf.
Nothing prevents the device from being used in Linux /dev/random now.
At 9:15 AM -0800 2/2/2000, Eric Murray wrote:
On Tue, Feb 01, 2000 at 09:00:33PM -0800, Dave Del Torto wrote:
At 6:19 pm -0500 2000-01-26, Tom McCune wrote:
...
(A) I'm not sanguine about it being a "default" in any version of
PGP, knowing what I do and having been told more by
At 1:34 AM -0500 1/26/2000, Marc Horowitz wrote:
Rick Smith [EMAIL PROTECTED] writes:
The basic notion of stego is that one replaces 'noise' in a document with
the stego'ed information. Thus, a 'good' stego system must use a crypto
strategy whose statistical properties mimic the noise
John Young [EMAIL PROTECTED] responded:
Your points are valid for the AIA document. However, in the
Navy document, Number 9, image 3, there is the phrase,
"Maintain and operate an ECHELON site."
I had missed that reference. A agree that the capitalization here is
consistent with a code name.
Regarding the question of how far back TEMPEST goes, I took a look at
David Kahn's "The Codebreakers" which was copyrighted in 1967.
TEMPEST is not listed in the index. However I did find the following
paragraph in a portion of the chapter on N.S.A. that discusses
efforts to improve the US
I appreciate all the hard work that went into into prying this
material loose from NSA, but there is a case to be made that
"Echelon" as use in these documents is being employed according to
its dictionary meaning "A subdivision of a military force" rather
than as a code word.
The text in
At 11:13 AM -0600 1/19/2000, Rick Smith wrote:
At 04:49 PM 01/18/2000 -0700, [EMAIL PROTECTED] wrote:
I've got something with around 100 bytes of ram and an 8-bit multiply.
Is there an authentication mechanism that can fit in this?
What types of attacks are you concerned with? That's the main
n system rests
on a continuing series of Presidential Executive Orders and it is not
clear to me how much they effect someone who is not a government
employee and who has not entered into an agreement regarding such
material.
Donald
From: "Arnold G. Reinhold" [EMAIL PROTECTED]
X-Sender: [
At 1:34 PM -0800 12/1/99, Udhay Shankar N wrote:
From: [EMAIL PROTECTED]
Date: Wed, 1 Dec 1999 15:18:43 -0500
To: undisclosed-recipients: ;
CyberWire Dispatch // (c) Copyright 1999 // November 30
Sender: [EMAIL PROTECTED]
Precedence: bulk
X-Loop: [EMAIL PROTECTED]
Jacking in from the "Sticks
At 10:02 AM -0500 11/17/99, Steven M. Bellovin wrote:
In message v04220814b457e31782c9@[204.167.101.35], Robert Hettinga writes:
--- begin forwarded text
To: [EMAIL PROTECTED]
Subject: a smartcard of a different color
Date: Tue, 16 Nov 1999 22:15:07 -0500
From: Dan Geer [EMAIL PROTECTED]
At 10:49 AM -0400 10/22/99, Declan McCullagh wrote:
...
...
PRESS CONFERENCE
WITH U.S. ATTORNEY GENERAL JANET RENO
COLOMBIAN AMBASSADOR ALBERTO MORENO
SUBJECT: ARREST OF COLOMBIAN DRUG TRAFFICKERS
IN OPERATION MILLENNIUM
THE DEPARTMENT OF JUSTICE
WASHINGTON, D.C.
OCTOBER 13, 1999, WEDNESDAY
At 11:39 AM -0500 8/13/99, Jim Thompson wrote:
This thread started over concerns about diskless nodes that want to
run IPsec. Worst case, these boxes would not have any slots or other
expansion capability. The only source of entropy would be network
transactions, which makes me nervous...
At 12:25 PM -0400 8/11/99, Theodore Y. Ts'o wrote:
Date: Tue, 10 Aug 1999 11:05:44 -0400
From: "Arnold G. Reinhold" [EMAIL PROTECTED]
A hardware RNG can also be added at the board level. This takes
careful engineering, but is not that expensive. The review of the
Penti
I have found this discussion very stimulating and enlightening. I'd
like to make a couple of comments:
1. Mr. Kelsey's argument that entropy should only be added in large
quanta is compelling, but I wonder if it goes far enough. I would
argue that entropy collected from different sources
At 3:22 PM -0700 7/27/99, Jon Callas wrote:
I built a PRNG that used an RC4 variant as John Kelsey said. The thing is
also actually very Yarrow-like. I modified it later to use a state array
512 long instead of 256 long, just so it would have a larger entropy pool.
When I added more entropy, I
At 2:51 PM -0400 7/28/99, Steven M. Bellovin wrote:
In message v04011701b3c4f4fbabb1@[24.218.56.100], "Arnold G. Reinhold"
writes
I'd spin it the other way. The best approach to making nonces -- DH
exponents, symetric keys, etc -- is to use a true source of randomness.
That eliminate
At 12:19 AM -0700 7/27/99, James A. Donald wrote:
--
At 08:44 PM 7/26/99 +0200, Anonymous wrote:
Even aside from active attacks, there is a possible problem based on
the fact that RC4 can "almost" fall into a repeated-state situation.
RC4's basic iteration looks like:
(1) i += 1;
(2)
At 1:49 PM -0700 7/25/99, David Wagner wrote:
In article v04011700b3c0b0807cfc@[24.218.56.100],
Arnold G. Reinhold [EMAIL PROTECTED] wrote:
One nice advantage of using RC4 as a nonce generator is that you can easily
switch back and forth between key setup and code byte generation. You can
even
At 8:35 AM -0700 7/21/99, James A. Donald wrote:
--
At 09:24 PM 7/19/99 +0100, Ben Laurie wrote:
So what you are saying is that you'd be happy to run your server
forever on an inital charge of 128 bits of entropy and no more
randomness ever?
Yes, though I would probably prefer an initial
At 1:29 PM -0400 7/1/99, I wrote:
How much of an improvement 56 bit DES actually give over the customary
implementation of "40-bit" RC4 is open to question. Naively the difference
is 16 bits or a factor of 64K. However, as I understand it, the "40-bit"
RC4 is actually 128 bit RC4 with 88 bits
At 6:17 PM +0300 7/12/99, Ivars Suba wrote:
In MS-CHAPv.1 data encryption technique named MPPE (MS Point-to-Point
Encryption), which exploit RC-40 OFB encryption mode (with constant salt!) ,
is vulnerable resynchronization attack (http:/www.counterpane.com) from two
sessions encrypted with same
A friend of mine is looking for a introductory level book that explains
internet
security issues (SSL in particular). Any suggestions?
At 4:51 PM + 5/31/15, [EMAIL PROTECTED] wrote:
Maybe you could make your own local html page and download the applet
JAR file once and for all, then refer to that when you wanted to use hushmail.
Or better still, build the applet file yourself, if they supply the
source. I'm not
sure if the
At 9:18 AM +1000 6/2/99, Greg Rose wrote:
At 16:38 1/06/99 -0400, it was written: [by Arnold Reinhold]
...
I would argue that UNIX is an excellent object lesson for John's point. 12
bits was a bad design decision, even in the 70's.
I take exception to this last statement. The design (of the
At 1:36 PM -0400 5/27/99, Kawika Daguio wrote:
What I would like to know from you is whether you and others have been
able to construct a "duh" list of typical, but unacceptable current
practices that can easily be remediated.
Here are my top 10 candidates for a "duh" list:
1. Keys that are
1 - 100 of 116 matches
Mail list logo