On Sat, Jan 17, 2009 at 5:24 PM, Steven M. Bellovin s...@cs.columbia.edu
wrote:
I've mentioned it before, but I'll point to the paper Eric Rescorla
wrote a few years ago:
http://www.cs.columbia.edu/~smb/papers/new-hash.ps or
http://www.cs.columbia.edu/~smb/papers/new-hash.pdf . The bottom
The myth that to delete data really securely from a hard disk you have
to overwrite it many times, using different patterns, has persisted for
decades, despite the fact that even firms specialising in data recovery,
openly admit that if a hard disk is overwritten with zeros just once,
all of its
Paul Hoffman wrote:
At 12:24 PM +0100 1/12/09, Weger, B.M.M. de wrote:
When in 2012 the winner of the
NIST SHA-3 competition will be known, and everybody will start
using it (so that according to Peter's estimates, by 2018 half
of the implementations actually uses it), do we then have enough
At 1:38 PM + 1/19/09, Darren J Moffat wrote:
Can you state the assumptions for why you think that moving to SHA384 would be
safe if SHA256 was considered vulnerable in some way please.
Sure. I need 128 bits of pre-image protection for, say, a digital signature.
SHA2/256 is giving me that.
On Mon, Jan 19, 2009 at 10:45:55AM +0100, Bodo Moeller wrote:
The RFC does exit (TLS 1.2 in RFC 5246 from August 2008 makes SHA-256
mandatory), so you can send a SHA-256 certificate to clients that
indicate they support TLS 1.2 or later. You'd still need some other
certificate for
On Mon, 19 Jan 2009 10:45:55 +0100
Bodo Moeller bmoel...@acm.org wrote:
On Sat, Jan 17, 2009 at 5:24 PM, Steven M. Bellovin
s...@cs.columbia.edu wrote:
I've mentioned it before, but I'll point to the paper Eric Rescorla
wrote a few years ago:
Steven M. Bellovin s...@cs.columbia.edu writes:
So -- who supports TLS 1.2?
Not a lot, I think. The problem with 1.2 is that it introduces a pile of
totally gratuitous incompatible changes to the protocol that require quite a
bit of effort to implement (TLS 1.1 - 1.2 is at least as big a step,
I have a general outline of a timeline for adoption of new crypto
mechanisms (e.g. OAEP, PSS, that sort of thing, and not specifically
algorithms) in my Crypto Gardening Guide and Planting Tips, http://www.cs.auckland.ac.nz/~pgut001/pubs/crypto_guide.txt
, see Question J about 2/3 of the way
On Mon, Jan 19, 2009 at 01:38:02PM +, Darren J Moffat wrote:
I don't think it depends at all on who you trust but on what algorithms
are available in the protocols you need to use to run your business or
use the apps important to you for some other reason. It also very much
depends on
On Mon, 19 Jan 2009, Stefan Kelm wrote:
... and who knows where else? Really, to ensure that nothing more can be
recovered from a hard disk, it has to be overwritten completely, sector
by sector. Although this takes time, it costs nothing: the dd command in
any Linux distribution will do the
Peter Gutmann has responded
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
(see the Further Epilogue section well down the page)
--dan
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
11 matches
Mail list logo