Re: authentication protocols
John, Do your parties have any shared secret information? If they share a cryptographic key, they can use a simple hash-based challenge/response protocol. If the have shared passwords or any other small secrets, they can use EKE or SPEKE. There are lots of neat tricks that might be applicable, but you should first describe your needs in more detail. -- David At 06:14 PM 3/25/02 -0500, John Saylor wrote: Hi I'd like to find an authentication protocol that fits my needs: 1. 2 [automated] parties 2. no trusted 3rd party intemediary ['Trent' in _Applied_Crypto_] Most of the stuff in _Applied_Crypto_ requires that third party. It may be an impossible task, nothing seems obvious to me. Pointers, suggestions, or aphorisms all welcome. -- \js innovate scalable infomediaries - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: DMCA Still Faces Its First Criminal Test
R. A. Hettinga writes: http://www.law.com/cgi-bin/gx.cgi/AppLogic+FTContentServer?pagename=law/Viewc=Articlecid=ZZZU66KQBZClive=truecst=1pc=0pa=0s=NewsExpIgnore=trueshowsummary=0 March 28, 2002 DMCA Still Faces Its First Criminal Test Criminal case will test Digital Copyright Act The article by Elinor Mills Abreu at http://biz.yahoo.com/rf/020328/crime_bootleg_2.html claims that _two_ people have already been convicted of, or pleaded guilty to, criminal DMCA violations -- one unnamed person in Nebraska and one person just recently in California. My colleague Robin Gross is quoted as saying that the Mohsin Mynaf case is the first time the DMCA has been used to go after someone who is actually infringing copyright. Mynaf was apparently prosecuted for using a Macrovision corrector in the course of infringing the copyright on movies (presumably an act-of-circumvention case rather than a tools case). The first _civil_ case brought under the DMCA's anticircumvention provisions is probably the little-known _RealNetworks v. Streambox_, in Federal court in Washington state, which came to an unhappy end in 2000. The Elcomsoft case might have the distinction of being the first criminal case involving a _challenge_ to the anticircumvention provisions, but it isn't the first criminal case in which they've been used. Another colleague of mine is compiling a list of all court cases in which anticircumvention claims were brought under the DMCA. If you know of any -- other than the ones EFF has been involved in -- please let me know. -- Seth Schoen Staff Technologist[EMAIL PROTECTED] Electronic Frontier Foundationhttp://www.eff.org/ 454 Shotwell Street, San Francisco, CA 94110 1 415 436 9333 x107 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: ciphersaber-2 human memorable test vectors
On Fri, 29 Mar 2002, Adam Back wrote: Any takers on ciphersaber-2 test vectors which are also topical and amusing english phrases? Is there a faster way to search the test vector space than brute force? Only certain output values from the PRNG will transform alphanumeric characters into other alphanumerics, so that's one way to constrain the search, but are there other, more effective ones? - Jeff - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: ciphersaber-2 human memorable test vectors
On Sat, Mar 30, 2002 at 08:27:02AM -0800, Jeff Cours wrote: On Fri, 29 Mar 2002, Adam Back wrote: Any takers on ciphersaber-2 test vectors which are also topical and amusing english phrases? Is there a faster way to search the test vector space than brute force? Only certain output values from the PRNG will transform alphanumeric characters into other alphanumerics, so that's one way to constrain the search, but are there other, more effective ones? The code on the web page makes that optimization. http://www.cypherspace.org/adam/csvec/ Here's what it does: - from the word sets you feed it equal length word pairs are first XORed and stored for fast lookup with the lookup key being the xor of the word pair, and the value stored being a list of word pairs (you get quite often multiple word pairs that xor to the same value) - brute force by human readable key and iv meeting constraints given by user - first test if key output is 7 bit clean (xor of two 7 bit clean values is 7 bit clean). - if so lookup successive word lengths from the set of word lengths the user requested in the pre-computed word-pair database I use Dan Bernstein's amazingly fast and compact CDB (Constant DataBase) to store the xor pairs in -- if you have enough RAM, or a small word set the lookups will anyway be cached, but the CPU to lookup ratio is such that it's fast enough. (I don't try to keep the CPU busy while waiting for disk, the disk isn't exactly buzzing even with fairly short plaintext / ciphertext words -- if you cared about that small improvement you could start a few clients in parallel or fix the code). Those seemed like the obvious speedups, perhaps there are others. But the current approach may be fast enough, the frequency with which it finds words goes down as you request longer plaintext - ciphertext words due to the rate of English, but I presume will become more CPU bound as a higher proportion of RC4 PRNG outputs will not be 7-bit clean and so will be rejeced without before getting to the database lookup for. Adam -- http://www.cypherspace.org/adam/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
