John Young wrote:
Remote acquisition of electronic emissions, say from outside a
home, are not currently prohibited by law as far as I know. And
the language of the thermal imaging decision makes it applicable
to any technology not commonly in use.
IANAL, but when I read the decision it
Here's a quote from the Washington Post last Sunday, 23 Sept, 2001.
The URL
http://www.washingtonpost.com/wp-dyn/articles/A10701-2001Sep22.html
is good for 2 weeks from then:
-
I've been getting e-mails from all over the country, from people both
on the left and the right,
A little over a month ago Perry Metzger asked about free assembler
language implementations of Rijndael for x86. Helger Lipmaa, whose
commercial assembler language version seems to be the fastest,
mentioned Brian Gladman as having the best free C implementation.
Gladman's web page now says that
The URL Kevin posted is slashdotted because of this article
http://slashdot.org/articles/01/10/15/1727249.shtml
Based on the comments on slashdot it appears that Niels Provos, whose
program found no steganography in millions of images on the web, was able
to detect and decode an example image
Here's something by Ron Rivest about RC4 security that will give you a
simple overview before delving into the articles that Steve Bellovin
cited in his message. Note that Steve Bellovin's link includes the two
papers on RC4 weaknesses that Rivest references.
On Sun, 2002-01-27 at 14:07, [EMAIL PROTECTED] wrote:
The issue then is that biometric represents a particularly
difficult shared-secret that doesn't have to be memorized
Shared secret? People don't leave a copy of their PIN on every water
glass they use.
-- sidney
Someone on another mailing list pointed me to this posting by Dan
Bernstein on sci.crypt newsgroup:
http://groups.google.com/groups?hl=enselm=2002Jan1608.53.39.5497%40cr.yp.to
[begin quote]
From: D. J. Bernstein ([EMAIL PROTECTED])
Subject: Re: Strength of PGP vs SSL
Newsgroups:
Does anyone else notice the contradiction in these two paragraphs?
First Bruce says that businesses can reasonably be content with 1024 bit
keys, then he appears shocked that Lucky Green still has a 1024 bit key?
The big news is does not mean the same as I'm shocked that. He appears to agree
[Perry message forwarded a notice of a paper on an attack against PGP and
GnuPG]
A posting on bugtraq in response said, in part:
From: Werner Koch [EMAIL PROTECTED]
[...]
Countermeasures are defined in the OpenPGP drafts since October 2000.
This MDC (Manipulation Detection Code) feature is
Bill Frantz [EMAIL PROTECTED] asked:
Does anyone run a service that will check an IP address for open ports?
(I'd like to test my firewall.)
A Google search for 'nmap test' came up with this as the first hit:
http://www.linux-sec.net/Audit/nmap.test.gwif.html
It seems to offer that service,
Ed Gerck [EMAIL PROTECTED]
It does to (as you can read in the paper). BTW, the easily applies to the
case
WITHOUT salt
Well, to be really pedantic the paper never says that it is easy only that
it has a work factor of the square root of the number of possible MAC strings
without salt, and that
[EMAIL PROTECTED]
I want to understand the assumptions (threat models) behind the
work factor estimates. Does the above look right?
I just realized something about the salt in the RMAC algorithm, although it
may have been obvious to everyone else:
RMAC is equivalent to a HMAC hash-based MAC
Ed Gerck [EMAIL PROTECTED] said:
No -- these are all independent things. One can build an RMAC wih SHA-1.
An RMAC does not have to use an HMAC scheme. One can also have an
HMAC hash-based MAC algorithm using a block cipher, that is not an RMAC.
Some quotes from the paper:
This paper defines
Ed Gerck [EMAIL PROTECTED] wrote:
A minor nit, but sometimes looking into why
things were devised is helpful.
What I explained can be found in
http://csrc.nist.gov/encryption/modes/workshop2/report.pdf
Thank you, that was really helpful in seeing the motivation for the work that led to
the
Adam Back [EMAIL PROTECTED] wrote:
See for example Rogaway's arguments about limited value of
defending against extension forgery attacks in XCBC:
[... quote snipped ...]
http://csrc.nist.gov/encryption/modes/workshop2/presentations/xcbc.pdf
This doesn't contain the paragraph that you quoted,
Scott G. Kelly [EMAIL PROTECTED] wrote:
I seem to recall reading somewhere that there is some issue
with directly encrypting data with an
RSA public key, perhaps some vulnerability
The short answer is that you should use one of the standard padding modes
that are designed for RSA encryption,
Ralf Senderek [EMAIL PROTECTED] asked:
And if one loves to learn about every single one of them,
can you (or others) give some references ?
The page titled Prescriptions for Applications that are Vulnerable to the
Adaptive Chosen Ciphertext Attack on PKCS #1 v1.5 at URL
Ed Gerck [EMAIL PROTECTED] wrote:
For each AES-128 plaintext/ciphertext (c,p) pair with length
equal to or larger than the unicity distance, there exists exactly
one key k such that c=AES-128-Encrypt(p, k).
Excuse my naivete in the math for this, but is it relevant that the unicity
distance
at the less busy airports (source
Airports Council International, 10 Busiest Airports in US by Number of
Passengers, 2001).
-- sidney markowitz
[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
Derek Atkins [EMAIL PROTECTED] wrote:
Were there really 750 Million Passengers flying through ATL?
No, 75 million. If you look at my message again I did correctly say 750,000
for the 1% false positive figure, although I did not type a comma to make it
easier to read.
Therefore, a better
possession, use, manufacture, etc., would seem to have the same kind of
broadness we have seen misused in the DMCA, covering people who sell NAT and
encryption tools that might be used by someone who sends email while
attempting to defraud a communications service provider.
-- sidney markowitz
21 matches
Mail list logo