On Apr 4, 2013, at 4:51 PM, ianG i...@iang.org wrote:
On 4/04/13 21:43 PM, Jon Callas wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Apr 4, 2013, at 6:27 AM, ianG i...@iang.org wrote:
In a project similar to Wikileaks, ICIJ comments on tools it used to secure
its team-based
See Matt Blaze's Protocol Failure in the Escrowed Encryption Standard,
http://www.crypto.com/papers/eesproto.pdf
On Mar 28, 2013, at 10:16 AM, Ethan Heilman eth...@gmail.com wrote:
Peter,
Do I understand you correctly. The checksum is calculated using a key or the
checksum algorithm is
On Mar 28, 2013, at 4:21 PM, ianG i...@iang.org wrote:
On 27/03/13 22:13 PM, Ben Laurie wrote:
On 27 March 2013 17:20, Steven Bellovin s...@cs.columbia.edu wrote:
On Mar 27, 2013, at 3:50 AM, Jeffrey Walton noloa...@gmail.com wrote:
What is the reason for checksumming symmetric keys
On Mar 27, 2013, at 3:13 PM, Ben Laurie b...@links.org wrote:
On 27 March 2013 17:20, Steven Bellovin s...@cs.columbia.edu wrote:
On Mar 27, 2013, at 3:50 AM, Jeffrey Walton noloa...@gmail.com wrote:
What is the reason for checksumming symmetric keys in ciphers like BATON?
Are symmetric
On Mar 23, 2013, at 10:04 AM, Adam Back a...@cypherspace.org wrote:
btw is anyone noticing that apparently skype is both able to eavesdrop on
skype calls, now that microsoft coded themselves in a central backdoor, this
was initially rumoured, then confirmed somewhat by a Russian police
On Dec 24, 2012, at 8:19 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Mon, Dec 24, 2012 at 8:03 AM, Ben Laurie b...@links.org wrote:
On Mon, Dec 24, 2012 at 12:22 PM, Jeffrey Walton noloa...@gmail.com wrote:
Has anyone had the privilege of looking at the stronger than military
grade
On Oct 10, 2012, at 9:09 AM, Ben Laurie b...@links.org wrote:
On Wed, Oct 10, 2012 at 1:44 PM, Guido Witmond gu...@wtmnd.nl wrote:
Hello Everyone,
I'm proposing to revitalise an old idea. With a twist.
The TL;DR:
1. Ditch password based authentication over the net;
2. Use SSL
On Sep 25, 2012, at 1:47 PM, Kevin W. Wall kevin.w.w...@gmail.com wrote:
-kevin
Sent from my Droid; please excuse typos.
On Sep 25, 2012 1:39 PM, Jeffrey Walton noloa...@gmail.com wrote:
In case anyone on the list might be affected... [Please note: I am not
the I' in the text below]
On Jun 18, 2012, at 11:21 52PM, ianG wrote:
Then there are RNGs. They start from a theoretical absurdity that we cannot
predict their output, which leads to an apparent impossibility of
black-boxing.
NIST recently switched gears and decided to push the case for deterministic
PRNGs.
On May 31, 2012, at 3:03 PM, Marsh Ray wrote:
On 05/31/2012 11:28 AM, Nico Williams wrote:
Yes, but note that one could address that with some assumptions, and
with some techniques that one would reject when making a better hash
-- the point is to be slow,
More precisely, the point is
On May 29, 2012, at 7:01 22PM, Maarten Billemont wrote:
Dear readers,
I've written an iOS / Mac application whose goal it is to produce passwords
for any purpose. I was really hoping for the opportunity to receive some
critical feedback or review of the algorithm used[1].
--
ABOUT
On May 26, 2012, at 8:15 34AM, Eugen Leitl wrote:
On Fri, May 25, 2012 at 11:19:33AM -0700, Jon Callas wrote:
My money would be on a combination of traffic analysis and targeted
malware. We know that the Germans have been pioneering using targeted malware
against Skype. Once you've done
Here's Google Translate link to the article (I can't read German). My money is
on a protocol or implementation flaw, or possibly just hacks to the end system.
On Apr 23, 2012, at 12:51 14PM, David Adamson wrote:
On 4/23/12, Samuel Neves sne...@dei.uc.pt wrote:
On big hardware, the fastest SHA-3 candidates (BLAKE, Skein) are very
much closer to MD5 in performance (~5.5 cpb) than SHA-2. Plus, I don't
see any platform where CubeHash16/32 wins over
The station-to-station protocol -- a digitally-signed Diffie-Hellman exchange
-- should do what you want.
On Apr 10, 2012, at 7:59 PM, King Of Fun wrote:
I am looking for a protocol that will provide mutual authentication and key
exchange with a minor twist: the client and server have RSA
On Apr 8, 2012, at 7:30 43AM, ianG wrote:
On 6/04/12 10:57 AM, Steven Bellovin wrote:
On Apr 5, 2012, at 5:51 10PM, James A. Donald wrote:
So I think that pretty much everyone has already heard that MS PPTP is
insecure. Every time I set up a vpn, I am re-reminded, just in case
On Apr 8, 2012, at 7:49 04PM, James A. Donald wrote:
On 2012-04-09 9:15 AM, Steven Bellovin wrote:
Yes, the algorithms and protocols can be very important,
especially if you have serious enemies. They're also more
fun for many folks (myself included) than the really hard
engineering
On Mar 25, 2012, at 1:16 PM, Florian Weimer wrote:
* Thierry Moreau:
The unusual public RSA exponent may well be an indication that the
signature key pair was generated by a software implementation not
encompassing the commonly-agreed (among number-theoreticians having
surveyed the field)
On Mar 25, 2012, at 10:43 PM, Jon Callas wrote:
On Mar 25, 2012, at 1:22 PM, coderman wrote:
now they pay to side step crypto entirely:
iOS up to $250,000
Chrome or IE up to $200,000
Firefox or Safari up to $150,000
Windows up to $120,000
MS Word up to $100,000
Flash or Java up to
On Mar 2, 2012, at 2:59 AM, Marsh Ray wrote:
On 03/01/2012 09:31 PM, Jeffrey Walton wrote:
Interesting. I seem to recall that cascading ciphers is frowned upon
on sci.crypt. I wonder if this is mis-information
Not mis-information. You could easily end up enabling a meet-in-the-middle
On Mar 1, 2012, at 8:18 32PM, Jeffrey I. Schiller wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/01/2012 06:09 PM, Nico Williams wrote:
I let mailman generate passwords. And I never use them, much less
re-use them. Well, I do use them when I need to change e-mail
addresses,
http://www.scmagazine.com.au/News/292189,nsa-builds-android-phone-for-top-secret-calls.aspx
makes for interesting reading. I was particularly intrigued by this:
Voice calls are encrypted twice in accordance with NSA policy,
using IPSEC and SRTP, meaning a failure requires “two
On Feb 24, 2012, at 2:30 57PM, James A. Donald wrote:
Bottom line is that the suspect was OK because kept his mouth zippered,
neither admitting nor denying any knowledge of the encrypted partition.
Had he admitted control of the partition, *then* they would have been able to
compel
Mozilla has issued a statement about MITM certs:
https://blog.mozilla.com/security/2012/02/17/message-to-certificate-authorities-about-subordinate-cas/
(Ack: Paul Hoffman posted this link to g+)
___
cryptography mailing list
cryptography@randombit.net
On Feb 14, 2012, at 10:02 PM, Jon Callas wrote:
On 14 Feb, 2012, at 5:58 PM, Steven Bellovin wrote:
The practical import is unclear, since there's (as far as is known) no
way to predict or control who has a bad key.
To me, the interesting question is how to distribute the results
On Feb 14, 2012, at 1:16 23PM, Jon Callas wrote:
On Feb 14, 2012, at 7:42 AM, ianG wrote:
On 14/02/12 21:40 PM, Ralph Holz wrote:
Ian,
Actually, we thought about asking Mozilla directly and in public: how
many such CAs are known to them?
It appears their thoughts were none.
Of
On Feb 14, 2012, at 7:50 14PM, Michael Nelson wrote:
Paper by Lenstra, Hughes, Augier, Bos, Kleinjung, and Wachter finds that two
out of every one thousand RSA moduli that they collected from the web offer
no security. An astonishing number of generated pairs of primes have a prime
in
On Feb 12, 2012, at 10:26 46PM, Nico Williams wrote:
On Sun, Feb 12, 2012 at 9:13 PM, Krassimir Tzvetanov
mailli...@krassi.biz wrote:
I agree, I'm just reflecting on the reality... :(
Reality is actually as I described, at least for some shops that I'm
familiar with.
The trend is the
http://arstechnica.com/business/guides/2012/02/google-strips-chrome-of-ssl-revocation-checking.ars
--Steve Bellovin, https://www.cs.columbia.edu/~smb
___
cryptography mailing list
cryptography@randombit.net
Or at least that's what everyone thought. More recently, various groups have
begun to focus on a fly in the ointment: the practical implementation of this
process. While quantum key distribution offers perfect security in practice,
the devices used to send quantum messages are inevitably
On Jan 8, 2012, at 11:48 52PM, Alistair Crooks wrote:
On Sun, Jan 08, 2012 at 09:10:56PM -0500, Steven Bellovin wrote:
On Jan 8, 2012, at 6:29 26AM, Florian Weimer wrote:
* Eugen Leitl:
Is anyone aware of a CA that actually maintains its signing
secrets on secured, airgapped machines
https://grepular.com/Punching_through_The_Great_Firewall_of_TMobile
I know nothing more of this, including whether or not it's accurate
--Steve Bellovin, https://www.cs.columbia.edu/~smb
___
cryptography mailing list
On Jan 5, 2012, at 4:46 PM, Thor Lancelot Simon wrote:
On Fri, Jan 06, 2012 at 07:59:30AM +1100, ianG wrote:
The way I treat this problem is that it is analogous to inventing
ones own algorithm. From that perspective, one can ask:
What is? The folded SHA, or the use of HMAC?
You do
On Dec 31, 2011, at 12:32 06PM, John Levine wrote:
You can't force people to invent and memorize an endless stream of
unrelated strong passwords.
I'm not sure I agree with this phrasing. It is easy to memorize a strong
password -- it just has to be long enough.
Don't forget endless
On Dec 31, 2011, at 4:36 00PM, Bernie Cosell wrote:
On 31 Dec 2011 at 15:30, Steven Bellovin wrote:
Yes, ideally people would have a separate, strong password, changed
regularly for every site.
This is the very question I was asking: *WHY* changed regularly? What
threat/vulnerability
On Dec 31, 2011, at 5:09 08PM, John Levine wrote:
The standard rationale is that for any given time interval, there's a
non-zero probability that a given password has been compromised. At
some point, the probability is high enough that it's a real risk.
Sure, but where does that
On Dec 27, 2011, at 5:48 PM, Solar Designer wrote:
On Tue, Dec 27, 2011 at 03:54:35PM -0500, Jeffrey Walton wrote:
We're bouncing around ways to enforce non-similarity in passwords over
time: password1 is too similar too password2 (and similar to
password3, etc).
I'm not sure its possible
On Dec 9, 2011, at 3:46 18PM, Jon Callas wrote:
On 8 Dec, 2011, at 8:27 PM, Peter Gutmann wrote:
In any case getting signing certs really isn't hard at all. I once managed
it
in under a minute (knowing which Google search term to enter to find caches
of
Zeus stolen keys helps :-).
On Dec 9, 2011, at 5:41 04PM, Randall Webmail wrote:
From: Nico Williams n...@cryptonector.com
What should matter is that malware should not be able to gain control
of the device or other user/app data on that device, and, perhaps,
that the user not even get a chance to install said
On Dec 7, 2011, at 11:31 23AM, Jon Callas wrote:
But really, I think that code signing is a great thing, it's just being done
wrong because some people seem to think that spooky action at a distance
works with bits.
The question at hand is this: what is the meaning of expiration or
On Dec 7, 2011, at 12:34 29PM, Jon Callas wrote:
On 7 Dec, 2011, at 8:52 AM, Steven Bellovin wrote:
On Dec 7, 2011, at 11:31 23AM, Jon Callas wrote:
But really, I think that code signing is a great thing, it's just being
done wrong because some people seem to think that spooky
On Dec 7, 2011, at 4:56 29PM, Peter Gutmann wrote:
Steven Bellovin s...@cs.columbia.edu writes:
Let's figure out what we're trying to accomplish; after that, we can try to
figure out how to do it.
See above, code signatures help increase the detecability of malware, although
in more
On Dec 2, 2011, at 5:26 27PM, Jeffrey Walton wrote:
On Sun, Nov 27, 2011 at 3:10 PM, Steven Bellovin s...@cs.columbia.edu wrote:
Does anyone know of any (verifiable) examples of non-government enemies
exploiting flaws in cryptography? I'm looking for real-world attacks on
short key lengths
On Nov 29, 2011, at 7:44 AM, d...@geer.org wrote:
Steve/Jon, et al.,
Would you say something about whether you consider key management
as within scope of the phrase crypto flaw? There is a fair
amount of snake oil there, or so it seems to me in my line of
work (reading investment
On Nov 27, 2011, at 11:00 49PM, Peter Gutmann wrote:
Steven Bellovin s...@cs.columbia.edu writes:
Does anyone know of any (verifiable) examples of non-government enemies
exploiting flaws in cryptography?
Could you be a bit more precise about what flaws in cryptography covers?
If
you
On Nov 28, 2011, at 8:03 PM, Nico Williams wrote:
The list is configured to set Reply-To. This is bad, and in some
cases has had humorous results. I recommend the list owners change
this ASAP.
Agree, strongly. The mailman documentation agrees with us. I'm on the
verge of unsubscribing
Come on. This discussion has descended past whacko, which is where it went
once the broken by design discussion started.
Quite. I had to point someone at some of these threads today; when it came to
this part, I alluded to black helicopters.
--Steve Bellovin,
http://us.cnn.com/2011/WORLD/europe/09/16/enigma.machine.auction/index.html
--Steve Bellovin, https://www.cs.columbia.edu/~smb
___
cryptography mailing list
cryptography@randombit.net
On Sep 12, 2011, at 5:48 00PM, James A. Donald wrote:
--
On 2011-09-11 4:09 PM, Jon Callas wrote:
The bottom line is that there are places that continuity
works well -- phone calls are actually a good one. There
are places it doesn't. The SSL problem that Lucky has
talked about so
On Sep 13, 2011, at 2:22 28PM, Andy Steingruebl wrote:
On Tue, Sep 13, 2011 at 10:48 AM, Steven Bellovin s...@cs.columbia.edu
wrote:
Furthermore,
they're probably right; most of the certificate errors I've
seen over the years were from ordinary carelessness or errors,
rather than
On Sep 13, 2011, at 3:00 32PM, Paul Hoffman wrote:
On Sep 13, 2011, at 11:57 AM, Steven Bellovin wrote:
From personal experience -- I use https to read news.google.com; Firefox 6
on a Mac complains about wildcard certificates. And ietf.org's certificate
expired recently; it took a day
Jon, I think there was a great deal of wisdom in your post. I'd add only one
thing: a pointer to the definition of dialog box at
http://www.w3.org/2006/WSC/wiki/Glossary .
___
cryptography mailing list
cryptography@randombit.net
Sorry, that doesn't work. Afaik, there is practically zero evidence of
Internet interception of credit cards.
This makes no sense whatsoever. Credit card numbers are *universally*
encrypted; of course there's no interception of them.
In 1993, there was interception of passwords on the
It's one of the very few times a President resigned from office without his
term expiring.
Try only -- no other US President has resigned.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
___
cryptography mailing list
Who is selling exponentiation chips (in reasonably large quantities) these
days? Price and power consumption are important for this application, but I
need to be able to verify a few K RSA (or possibly ECC) signatures/second.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
there may be a pragmatic need for options dealing with existing
systems or business requirements, however i have yet to hear a
convincing argument for why options are necessary in any new system
where you're able to apply lessons learned from past mistakes.
You said it yourself: different
On Jul 5, 2011, at 2:44 57AM, Jon Callas wrote:
I was sitting around the other weekend with some friends and we were talking
about Bitcoin, and gossiping furiously about it. While we were doing so, an
interesting property came up.
Did you know that if a Bitcoin is destroyed, then the
On Jul 4, 2011, at 7:28 10PM, Sampo Syreeni wrote:
(I'm not sure whether I should write anything anytime soon, because of Len
Sassaman's untimely demise. He was an idol of sorts to me, as a guy who Got
Things Done, while being of comparable age to me. But perhaps it's equally
valid to
http://www.nytimes.com/2011/06/30/technology/30morris.html
I learned a lot about security, and especially attitudes towards security,
from him. (Yes, this is crypto-relevant; read the obit.)
--Steve Bellovin, https://www.cs.columbia.edu/~smb
On Jun 28, 2011, at 2:46 31PM, Marsh Ray wrote:
On 06/28/2011 12:48 PM, Steven Bellovin wrote:
Wow, this sounds a lot like the way 64-bit DES was weakened to 56 bits.
It wasn't weakened -- parity bits were rather important circa 1974.
(One should always think about the technology
http://www.darkreading.com/advanced-threats/167901091/security/application-security/231000129/malware-increasingly-being-signed-with-stolen-certificates.html
Not surprising to most readers of this list, I suspect...
--Steve Bellovin, https://www.cs.columbia.edu/~smb
Just to split hairs, malware has stolen signing keys for years, but it's only
in the last few years that malware vendors have started using them.
Maybe that's it -- it's DRM for the malware vendors, to ensure that other
bad guys don't steal their code...
--Steve Bellovin,
Well, obviously, bitcoin is succeeding because the financial crisis has
caused loss of trust in government approved and regulated solutions.
Obviously? I do not think this word means what you think it means.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
On Jun 7, 2011, at 3:01 30PM, J.A. Terranson wrote:
On Tue, 7 Jun 2011, Nico Williams wrote:
TEMPEST.
I'd like keyboards with counter-measures (emanation of noise clicks)
or shielding to be on the market, and built-in for laptops.
Remember how well the original IBM PC clicky
http://cgi.ebay.com/Model-M-94-Cipher-Device-U-S-Army-Signal-Corps-WWII-/220784760519
I'd love it, but the bidding is already over US$1000 so I'll pass...
Sent from my iPad
___
cryptography mailing list
cryptography@randombit.net
I've posted a draft paper on my web site at
http://mice.cs.columbia.edu/getTechreport.php?techreportID=1460 ;
here's the abstract:
The invention of the one-time pad is generally credited to
Gilbert S. Vernam and Joseph O. Mauborgne. We show that it
was invented about 35 years earlier by a
On Jan 15, 2011, at 8:53 44AM, Marsh Ray wrote:
On 01/14/2011 06:13 PM, Jon Callas wrote:
This depends on what you mean by data integrity.
How about an attacker with write access to the disk is unable to modify the
protected data without detection?
In a strict, formal
way, where
On Dec 17, 2010, at 12:34 39PM, Jon Callas wrote:
Let's get back to the matter at hand.
I believe that there's another principle, which is that he who proposes,
disposes. I'll repeat -- it's up to the person who says there was/is a back
door to find it.
Searching the history for
On Dec 16, 2010, at 5:09 05PM, Marsh Ray wrote:
On 12/15/2010 02:36 PM, Jon Callas wrote:
Facts. I want facts. Failing facts, I want a *testable* accusation.
Failing that, I want a specific accusation.
How's this:
OpenBSD shipped with a bug which prevented effective IPsec ESP
On Dec 9, 2010, at 10:45 54PM, Peter Gutmann wrote:
* Skein is soft and succumbs to brute force
* Skein has been successfully linearized
* Skein has clear output patterns
* Skein is easily distinguishable from a random oracle
http://eprint.iacr.org/2010/623
Despite that, it was
On Dec 2, 2010, at 4:30 18PM, coderman wrote:
On Wed, Dec 1, 2010 at 7:26 PM, Steven Bellovin s...@cs.columbia.edu wrote:
http://www.cellular-news.com/story/46690.php
521-bit key and other odd claims? think i'll stick with RedPhone ...
That's 521 bits for the ECC part, as I read
http://www.cellular-news.com/story/46690.php
I know nothing more about this...
--Steve Bellovin, http://www.cs.columbia.edu/~smb
___
cryptography mailing list
cryptography@randombit.net
On Nov 18, 2010, at 5:21 16PM, Adam Back wrote:
So a serious question: is there a software company friendly jurisdiction?
(Where software and algorithm patents do not exist under law?)
It won't help, if you want to sell into the US or other jurisdictions that
do recognize such patents. A
On Nov 17, 2010, at 11:01 45PM, James A. Donald wrote:
On 17/11/10 7:26 AM, David G. Koontz wrote:
On 17/11/10 9:01 AM, David G. Koontz wrote:
A. US6704870, granted on March 9, 2004 (Yes, published)
Sony asserted prior art against this patent in the 2007 case before
agreeing
On Sep 14, 2010, at 2:18 38PM, Zooko O'Whielacronx wrote:
following-up to my own post:
On Tue, Sep 14, 2010 at 8:54 AM, Zooko O'Whielacronx zo...@zooko.com wrote:
Also, even if you did have a setting where the CPU cost of HMAC-SHA1
was a significant part of your performance (at e.g. 12
On Sep 10, 2010, at 2:06 18PM, travis+ml-rbcryptogra...@subspacefield.org wrote:
So there's an obvious (though imperfect) analogy between block ciphers
and, say, HMAC. Imperfect because authentication always seems to
involve metadata.
But is there a MAC analog to a stream cipher? That
76 matches
Mail list logo