Gutmann: operating under the radar

2004-04-05 Thread R. A. Hettinga
http://www.computerworld.co.nz/news.nsf/PrintDoc/3F25D67E47980786CC256E6C007EE7D2?OpenDocumentpub=Computerworld Computerworld NZ Tuesday, 6 April, 2004 Gutmann: operating under the radar Paul Brislen, Auckland He describes himself as a professional paranoid, but cryptography expert Peter

Re: [Mac_crypto] Apple should use SHA! (or stronger) to authenticate software releases

2004-04-05 Thread Arnold G. Reinhold
Dobbertin's 1996 collision demonstration is another good reason not to use md5, but is obviously hasn't gotten the open source community or Apple to stop. Whether my attack will be any more successful in effecting change remains to be seen. Publishing SHA1 hashes in parallel with md5 seems

Re: [Mac_crypto] Apple should use SHA! (or stronger) to authenticate software releases

2004-04-05 Thread R. A. Hettinga
--- begin forwarded text From: Nicko van Someren [EMAIL PROTECTED] Subject: Re: [Mac_crypto] Apple should use SHA! (or stronger) to authenticate software releases To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] List-Id: Macintosh Cryptography mac_crypto.vmeng.com

Re: [Mac_crypto] Apple should use SHA! (or stronger) to authenticate software releases

2004-04-05 Thread R. A. Hettinga
--- begin forwarded text To: [EMAIL PROTECTED] From: Vinnie Moscaritolo [EMAIL PROTECTED] Subject: Re: [Mac_crypto] Apple should use SHA! (or stronger) to authenticate software releases Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] List-Id: Macintosh Cryptography mac_crypto.vmeng.com

Re: [Mac_crypto] Apple should use SHA! (or stronger) to authenticate software releases

2004-04-05 Thread Anton Stiglic
The attacks by Dobbertin on MD5 only allow to find collisions in the compression function, not the whole MD5 hash. But it is a sign that something might be fishy about MD5. MD5 output is 128 bits. There are two types of collision finding attacks that can be applied. In the first you are given

[Publicity-list] DIMACS Tutorial on Social Choice and Computer Science

2004-04-05 Thread Linda Casals
* DIMACS Tutorial on Social Choice and Computer Science May 10 - 14, 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Kevin Chang, University of Illinois, [EMAIL PROTECTED] Michel

Re: [Mac_crypto] Apple should use SHA! (or stronger) to authenticate software releases

2004-04-05 Thread Arnold G. Reinhold
At 4:51 PM +0100 4/5/04, Nicko van Someren wrote: ... While I agree that it is somewhat lax of Apple to be using MD5 for checking its updates it's far from clear to me that an attack of the sort described above would ever be practical. The problem is that the while there are methods for

Mixmaster RFC

2004-04-05 Thread Len Sassaman
Hello, I'm preparing to submit draft -02 of the revised Mixmaster Protocol Specification. If you have any comments, or have previously contributed and have not been acknowledged, please let me know as soon as possible by sending mail to [EMAIL PROTECTED] The last published version is