Cryptography-Digest Digest #56, Volume #10 Mon, 16 Aug 99 12:13:02 EDT
Contents:
Re: NIST AES FInalists are.... (fungus)
Re: Cracking the Scott cryptosystems? (fungus)
Re: NIST AES FInalists are.... (Patrick Juola)
Trust/authentication Models? ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: NIST AES FInalists are....
Date: Mon, 16 Aug 1999 13:20:24 +0200
David Wagner wrote:
>
> See Rijmen and Preneel's work on "trapdoor ciphers" for an example of
> a plausible design that seems to allow a designer to embed a secret
> trapdoor in a block cipher. Revealing the specification of the cipher
> apparently does not reveal the trapdoor.
>
> I suspect that this design task might be very challenging. Still,
> you've been arguing that the NSA is quite a bit better at cryptanalysis
> and design than the academic community; if we are to believe this, I
> think it is not unreasonable to believe that it is entirely plausible
> that the NSA might be able to build a cipher with a practical trapdoor
> that remains secret even after the cipher is published.
>
I don't think the NSA would produce such a cipher for political
reasons.
The risks of discovery are very high, and the damage done to the NSA
would be great if they were discovered doing this (ie. everybody
who had trusted the NSA to provide security would suddenly be up the
creek without a paddle).
The NSA seems to prefer ciphers with carefully chosen key sizes, eg.
the 80 bits of Skipjack. An agency with truly massive resources can
brute force an 80 bit cipher but nobody else can. This is a much
safer way to play the game.
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: Cracking the Scott cryptosystems?
Date: Mon, 16 Aug 1999 13:03:07 +0200
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
>
> Funus like most people shoot there mouth off and have
> never really looked at the source code.
That's the problem. If reading *that* source code is the only
way to understand what's happening then I'm not going to bother.
> THe totally code is supplied with the method but I guess having
> people read is just to much for most.
Life is too short.
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: NIST AES FInalists are....
Date: 16 Aug 1999 10:39:59 -0400
In article <7p6pud$1u4$[EMAIL PROTECTED]>,
David Wagner <[EMAIL PROTECTED]> wrote:
>In article <7p6n70$fi5$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>> If we are prepared to imagine a real world protocol that decrypts 2^36
>> chosen blocks (a thousand Gigabytes) with the same key we should also
>> be prepared to imagine a protocol that leaks the key as plaintext.
>
>Well, I see your point, but as network speeds increase, in the future
>obtaining 2^36 blocks may not be so unthinkable as you imagine.
Hmm. Let's do some numbers. I'm connected to my server by a vanilla
100Mb/sec cable; my server connects to the Real World at, I dunno,
8Gb/sec?
At capacity, my hypothetical E-commerce web site can produce 2^36 blocks
in less than a day.
-kitten
------------------------------
From: [EMAIL PROTECTED]
Subject: Trust/authentication Models?
Date: Mon, 16 Aug 1999 14:37:54 GMT
Hi,
I'm a newbie here, and read thru the group charter, and checked out
some of the other groups mentioned in the charter. This seems to be
the most appropriate for my question below, but if not, I'd
appreciate a (friendly) pointer.
Being a newbie, I also apologize in advance if my question is
terminologically imprecise, but I hope that it's at least clear :).
Anyway, I've been studying methods for authentication and establishing
trust, and I'm curious if, other than the hierarchical schemes (e.g.,
RSA, root authorities, etc.) and "web of trust" schemes (e.g., PGP),
there are any other generally accepted methods or models for
authentication and establishing trust?
Thanks in advance...
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
