On Sun, Mar 02, 2003 at 11:32:36AM -0800, [EMAIL PROTECTED] wrote:
Interestingly enough, the public references long ago published the
shuttle comm frequencies. Summarizing from:
The frequencies have never been secret, but in recent years some
or perhaps even almost all of the Ku band
At 11:08 AM 02/13/2003 -0500, Trei, Peter wrote:
Pete Chown[SMTP:[EMAIL PROTECTED]]
As a footnote to those times, 2 ** 40 is 1,099,511,627,776. My PC can
do 3,400,000 DES encryptions per second (according to openssl). I
believe DES key setup is around the same cost as one encryption, so we
Pete Chown[SMTP:[EMAIL PROTECTED]]
Arnold G. Reinhold wrote:
Indeed, but it is important to remember just how thickheaded the
anti-crypto effort of the '80s and '90s was and how much damage it did.
As a footnote to those times, 2 ** 40 is 1,099,511,627,776. My PC can
do 3,400,000
At 10:43 PM 2/11/2003 -0800, Bill Frantz wrote:
I wrote:
(IIRC, basically what the device did was reveal 16 bits of a DES key.)
It has been pointed out to me that they were even more clever than that.
(This technique could allow a dictionary attack on known/probable plain
text.) What they did
Arnold G. Reinhold[SMTP:[EMAIL PROTECTED]] wrote:
It's worth remembering that the original WEP used 40 bit keys. For
some time, RC4 with 40 bit keys was the only crypto system that could
be exported without a license. It's hard for me to believe that
export concerns were not the primary
In message [EMAIL PROTECTED]
m, Trei, Peter writes:
If I recall correctly (dee3: Can you help?) WEP is actually derived
from the encryption system used in the Apple Mobile Messaging
System, a PCMCIA paging card made for the Newton in the mid-90s.
This used 40 bit RC4.
Though only a few years
Steven M. Bellovin[SMTP:[EMAIL PROTECTED]] wrote:
In message
[EMAIL PROTECTED]
m, Trei, Peter writes:
If I recall correctly (dee3: Can you help?) WEP is actually derived
from the encryption system used in the Apple Mobile Messaging
System, a PCMCIA paging card made for the Newton
At 7:40 AM -0800 2/11/03, Steven M. Bellovin wrote:
The 40-bit issue is orthogonal to the other problems with WEP. Look at
IBM's Commercial Data Masking Facility (CDMF), a way to degrade the
strength of DES from 56 bits to 40 bits, while still ensuring that
they didn't enable any less-expensive
In message [EMAIL PROTECTED], Pete Chown writes:
Bill Stewart wrote:
These days nobody *has* a better cryptosystem than you do They might
have a cheaper one or a faster one, but for ten years the public's
been able to get free planet-sized-computer-proof crypto ...
I seem to remember that the
-2066(h) +1-508-851-8280(w)
Milford, MA 01757 USA [EMAIL PROTECTED]
On Sun, 9 Feb 2003, Pete Chown wrote:
Date: Sun, 09 Feb 2003 13:51:07 +
From: Pete Chown [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Columbia crypto box
Bill Stewart wrote:
These days
Pete Chown [EMAIL PROTECTED] writes:
Bill Stewart wrote:
These days nobody *has* a better cryptosystem than you do They might
have a cheaper one or a faster one, but for ten years the public's
been able to get free planet-sized-computer-proof crypto ...
I seem to remember that the
On Sun, Feb 09, 2003 at 11:34:01PM -0500, Steven M. Bellovin wrote:
First, there was no key management. This means that loss of a single
unit -- a stolen laptop or a disgruntled (ex-)employee would do --
compromises the entire network, since it's impossible to rekey
everything at once in
On Sun, Feb 09, 2003 at 11:43:55PM -0500, Donald Eastlake 3rd wrote:
been that you either throw away the first 256 bytes of stream key output
or use a different key on every message. WEP does neither. TKIP, the new
You NEVER, EVER, re-use the key for a stream cipher, if you do, you might
as
Matthew Byng-Maddick[SMTP:[EMAIL PROTECTED]] writes:
On Sun, Feb 09, 2003 at 11:43:55PM -0500, Donald Eastlake 3rd wrote:
been that you either throw away the first 256 bytes of stream key output
or use a different key on every message. WEP does neither. TKIP, the new
You NEVER,
In message [EMAIL PROTECTED], bear writ
es:
It's one of those things, like re-using a pad.
Actually, it is re-using a pad, exactly. It's just a pseudorandom
pad (stream cipher) instead of a one-time pad.
And while WEP had problems, it didn't have that particular problem.
New messages with the
Trei, Peter wrote:
The weird thing about WEP was its choice of cipher. It used RC4, a
stream cipher, and re-keyed for every block. . RC4 is
not really intended for this application. Today we'd
have used a block cipher with varying IVs if neccessary
I suspect that RC4 was chosen for other reasons
In message b295ds$l66$[EMAIL PROTECTED], David Wagner writes:
Trei, Peter wrote:
The weird thing about WEP was its choice of cipher. It used RC4, a
stream cipher, and re-keyed for every block. . RC4 is
not really intended for this application. Today we'd
have used a block cipher with varying IVs
At 1:26 PM -0800 2/10/03, David Wagner wrote:
It's hard to believe that RC4 was chosen for technical reasons.
The huge cost of key setup per packet (equivalent to generating 256
bytes of keystream and then throwing it away) should dominate the other
potential advantages of RC4.
The technical
At 4:29 PM -0800 2/10/03, Steven M. Bellovin wrote:
In message v03110705ba6dec92ddb0@[192.168.1.5], Bill Frantz writes:
* Fast key setup (Forget tossing the 256 bytes of key stream.
The designers weren't crypto engineers. Personally, I'd toss the
first 1024.)
...
There may be a
In message v03110708ba6df9a4efb3@[192.168.1.5], Bill Frantz writes:
At 4:29 PM -0800 2/10/03, Steven M. Bellovin wrote:
In message v03110705ba6dec92ddb0@[192.168.1.5], Bill Frantz writes:
* Fast key setup (Forget tossing the 256 bytes of key stream.
The designers weren't crypto engineers.
Bill Frantz writes:
* Fast key setup (Forget tossing the 256 bytes of key
stream. The designers weren't crypto engineers.
Personally, I'd toss the first 1024.)
Steven M. Bellovin wrote:
There may be a cryptographically sound reason to
discard that much, but it's not without cost.
At 06:12 PM 2/10/2003 -0500, Steven M. Bellovin wrote:
In any case, WEP would clearly look very different if it had been designed
by cryptographers, and it almost certainly wouldn't use RC4. Look at
CCMP, for instance: it is 802.11i's chosen successor to, and re-design
of, WEP. CCMP uses AES,
In message [EMAIL PROTECTED], Paul A.S. Ward writes:
Is it really fair to blame WEP for not using AES when AES wasn't around
when WEP was being created?
Of course they couldn't have used AES. But there are other block
ciphers they could have used. They could have used key management.
They
Bill Stewart wrote:
These days nobody *has* a better cryptosystem than you do They might
have a cheaper one or a faster one, but for ten years the public's
been able to get free planet-sized-computer-proof crypto ...
I seem to remember that the Nazis said the same thing about Enigma.
Even when
On Sat, 8 Feb 2003, Lucky Green wrote:
In July of 1997, only days after the Mars Pathfinder mission and its
Sojourner Rover successfully landed on Mars, I innocently inquired on
the Cypherpunks mailing list if any subscribers happened to know if and
how NASA authenticates the command uplink to
As reported by AP:
| Among the most important [debris] they were seeking was
| a device that allows for the encryption of communication
| between the shuttle and NASA controllers. A NASA spokesman
| in Houston, John Ira Petty, said Friday that NASA feared
| the technology could be used to send
John,
Your snipe at NASA is probably uncalled for. A sentence fragment
quoted from a spokesperson at press conference almost certainly
does not reflect the professional judgment of the people who designed
the system.
As someone who is occasionally quoted (and just as often misquoted)
in the
At 12:41 AM 2/8/2003 -0500, John S. Denker wrote:
As reported by AP:
| Among the most important [debris] they were seeking was
| a device that allows for the encryption of communication
| between the shuttle and NASA controllers. A NASA spokesman
| in Houston, John Ira Petty, said Friday that
On Sat, Feb 08, 2003 at 01:24:14PM -0500, Tim Dierks wrote:
There may be more valid reasons for treating the device as secret; some
categories that come to mind include protecting non-cryptographic
information, such as the capabilities of the communication channel. Also,
many systems on the
On Sat, Feb 08, 2003 at 01:36:46PM -0500, Adam Fields wrote:
On Sat, Feb 08, 2003 at 01:24:14PM -0500, Tim Dierks wrote:
There may be more valid reasons for treating the device as secret; some
categories that come to mind include protecting non-cryptographic
information, such as the
Apparently some folks skipped class the day Kerchhoffs'
Principle was covered.
While this is obvious to the oldtimers, I had to look Kerkhoffs principle
( and found that it is the old injunction against security by obscurity ).
So for the benefit of those who are as clueless as me:
On Sat, Feb 08, 2003 at 01:36:46PM -0500, Adam Fields wrote:
On Sat, Feb 08, 2003 at 01:24:14PM -0500, Tim Dierks wrote:
There may be more valid reasons for treating the device as secret; some
categories that come to mind include protecting non-cryptographic
information, such as the
On Sat, Feb 08, 2003 at 03:26:53PM -0800, Bill Stewart wrote:
It'd be lame, but it's possible.
It's probably just every-day insitutionalised paranoia. It doesn't
matter why they care, the sticker on the outside says they have
to.
--
Dan.
In message [EMAIL PROTECTED], Faust writes:
Apparently some folks skipped class the day Kerchhoffs'
Principle was covered.
While this is obvious to the oldtimers, I had to look Kerkhoffs principle
( and found that it is the old injunction against security by obscurity ).
You can find
Matt wrote quoting John:
Do you really, honestly believe that none of the people
designing a secure communication system for the shuttle were
even remotely acquainted with the basic principles of the
subject?
[...]
Apparently some folks skipped class the day Kerchhoffs'
Principle was
35 matches
Mail list logo