OpenPGP:SDK v0.9 released
I thought people might be interested in this now somewhat-complete, BSD-licensed OpenPGP library... http://openpgp.nominet.org.uk/cgi-bin/trac.cgi/wiki/V0.9 -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
On the topic of "Asking the drunk"...
https://visa.com/ Peter. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
MD5 considered harmful today, SHA-1 considered harmful tomorrow
On Tue, 2008-12-30 at 11:51 -0800, "Hal Finney" wrote: > Therefore the highest priority should be for the six bad CAs to change > their procedures, at least start using random serial numbers and move > rapidly to SHA1. As long as this happens before Eurocrypt or whenever > the results end up being published, the danger will have been averted. > This, I think, is the main message that should be communicated from this > important result. Nearly everything I've seen regarding the proposed solutions to this attack have involved migration to SHA-1. SHA-1 is scheduled to be decertified by NIST in 2010, and NIST has already recommended[1] moving away from SHA-1 to SHA-2 (256, 512, etc.). Collision attacks have already been demonstrated[2] against SHA-1 back in 2005, and if history tells us anything then things will only get worse for SHA-1 from here. By not moving directly to at least SHA-2 (until the winner of the NIST hash competition is known), these vendors are likely setting themselves up for similar attacks in the (relatively) near future. [1] http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html [2] http://www.cryptography.com/cnews/hash.html -- Dustin D. Trammell Security Researcher BreakingPoint Systems, Inc. signature.asc Description: This is a digitally signed message part
Bitcoin v0.1 released
Announcing the first release of Bitcoin, a new electronic cash system that uses a peer-to-peer network to prevent double-spending. It's completely decentralized with no server or central authority. See bitcoin.org for screenshots. Download link: http://downloads.sourceforge.net/bitcoin/bitcoin-0.1.0.rar Windows only for now. Open source C++ code is included. - Unpack the files into a directory - Run BITCOIN.EXE - It automatically connects to other nodes If you can keep a node running that accepts incoming connections, you'll really be helping the network a lot. Port 8333 on your firewall needs to be open to receive incoming connections. The software is still alpha and experimental. There's no guarantee the system's state won't have to be restarted at some point if it becomes necessary, although I've done everything I can to build in extensibility and versioning. You can get coins by getting someone to send you some, or turn on Options->Generate Coins to run a node and generate blocks. I made the proof-of-work difficulty ridiculously easy to start with, so for a little while in the beginning a typical PC will be able to generate coins in just a few hours. It'll get a lot harder when competition makes the automatic adjustment drive up the difficulty. Generated coins must wait 120 blocks to mature before they can be spent. There are two ways to send money. If the recipient is online, you can enter their IP address and it will connect, get a new public key and send the transaction with comments. If the recipient is not online, it is possible to send to their Bitcoin address, which is a hash of their public key that they give you. They'll receive the transaction the next time they connect and get the block it's in. This method has the disadvantage that no comment information is sent, and a bit of privacy may be lost if the address is used multiple times, but it is a useful alternative if both users can't be online at the same time or the recipient can't receive incoming connections. Total circulation will be 21,000,000 coins. It'll be distributed to network nodes when they make blocks, with the amount cut in half every 4 years. first 4 years: 10,500,000 coins next 4 years: 5,250,000 coins next 4 years: 2,625,000 coins next 4 years: 1,312,500 coins etc... When that runs out, the system can support transaction fees if needed. It's based on open market competition, and there will probably always be nodes willing to process transactions for free. Satoshi Nakamoto - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
[tmo...@seas.harvard.edu: [fc-announce] Financial Crypto February 23-26 in Barbados, Early Registration Deadline Approaching]
From: "Tyler Moore" Subject: [fc-announce] Financial Crypto February 23-26 in Barbados, Early Registration Deadline Approaching To: fc-annou...@ifca.ai Date: Wed, 7 Jan 2009 21:58:44 -0500 Call for Participation Financial Cryptography and Data Security '09 http://fc09.ifca.ai/ Thirteenth International Conference February 23-26, 2009 Accra Beach Hotel & Resort Barbados Early registration deadline approaching fast! Register by January 21 to receive a discount. For full details, visit: http://fc09.ifca.ai/registration.html Also, reserve your hotel room by January 22 in order to guarantee availability: http://fc09.ifca.ai/accommodation.html Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration and debate regarding information assurance in the context of finance and commerce. We have assembled a vibrant program featuring 21 peer- reviewed research paper presentations, two panels (on the economics of information security and on authentication), and a keynote address by David Dagon. To view the complete program, visit: http://fc09.ifca.ai/program.html We look forward to seeing you in Barbados! Tyler Moore FC '09 General Chair ___ fc-announce mailing list fc-annou...@ifca.ai http://mail.ifca.ai/mailman/listinfo/fc-announce -- - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
BIS looking for feedback on export controls
The BIS is looking for feedback on export controls, however, this is for foreign products. It does affect US makers of cryptography products if their products are re-packaged by a foreign entity. - http://www.gpo.gov/bis/fedreg/ear_fedreg.html#74fr413 01/06/09 74 FR 413 Request for Public Comment on Foreign Produced Encryption Items That are made from U.S.-origin Encryption technology or software To determine the appropriate extent and scope of U.S. export controls on foreign products that are direct products of U.S. origin encryption technology or software, BIS is considering making subject to the Export Administration Regulations (EAR) all foreign items that would be controlled for Encryption Items (“EI”) reasons under the EAR (i.e., that would be classified under ECCN 5A002 or 5D002) if they are the direct product of U.S.-origin ECCN 5E002 technology or ECCN 5D002 software. BIS is seeking information regarding the impact this change would have on both U.S. exporters of encryption technology and software and foreign manufacturers of products that are derived in part or whole from U.S.-origin encryption technology or software. Comments are due March 9, 2009. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
CodeCon 2009 Call for Presentations
CodeCon 2009 April 17-19, 2009 San Francisco CA, USA www.codecon.org Call For Presentations CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community. All presentations must include working demonstrations, ideally accompanied by source code. Presentations must be done by one of the active developers of the code in question. We emphasize that demonstrations be of *working* code. We hereby solicit papers and demonstrations. * Papers and proposals due: February 15, 2009 * All Authors notified: March 1, 2009 Possible topics include, but are by no means restricted to: * community-based web sites - forums, weblogs, personals * development tools - languages, debuggers, version control * file sharing systems - swarming distribution, distributed search * security products - mail encryption, intrusion detection, firewalls * malware analysis - detection, compensation, and mitigation of emerging threats -- As a new feature this year, CodeCon will be presenting a Biohack! track. While we will continue our tradition of presenting only one talk at a time, a portion of one of the days' talks will be reserved for interesting biotechnology hacking projects. A key requirement for these presentations is ease of reproduction with minimal access to expensive laboratory equipment. Example topics include: * Purifying DNA using common household items * Developing genetically-modified bacteria in a kitchen laboratory * Using specially-designed software to assist in bioengineering * The use of simple bioengineering techniques to solve real-world problems. Ideal Biohack! Track submissions will have a strong emphasis on the "hack" portion of the talk -- in the last few years, there has been a strong growth in the community of biology hackers; we aim to bring these hackers together to discuss their techniques for inexpensive, at home experimentation in biological engineering research. -- Presentations will be 30 minutes long, with an additional 15 minutes allocated for Q&A. Overruns will be truncated. Submission details: Submissions are being accepted immediately. Acceptance dates are February 7th and March 1st. After the first acceptance date, submissions will be either accepted, rejected, or deferred to the second acceptance date. The conference language is English. The conference venue is open to all ages. Ideally, technical demonstrations should be usable by attendees with 802.11b connected devices either via a web interface, or locally on Windows, UNIX-like, or MacOS platforms. Cross-platform applications are most desirable. Biohacking demonstrations should be viewable with a presenter-provided camera, or prepared movies for projection. To submit, send mail to submissions-2...@codecon.org including the following information: * Project name * Code track or Biohack! track * url of project home page * tagline - one sentence or less summing up what the project does * names of presenter(s) and urls of their home pages, if they have any * one-paragraph bios of presenters, optional, under 100 words each * project history, under 150 words * what makes the project novel -- how it differs from similar projects * what will be done in the project demo, under 200 words * slides to be shown during the presentation, if applicable * future plans General Chairs: Jonathan Moore and Bram Cohen Program Chair: Jered Floyd and Len Sassaman Program Committee: * Jon Callas, PGP, USA * Bram Cohen, BitTorrent, USA * Roger Dingledine, The Tor Project, USA * Jered Floyd, Permabit, USA * Ben Laurie, Google, UK * David Molnar, University of California, Berkeley, USA * Jonathan Moore, Mosuki, USA * Meredith L. Patterson, Osogato, USA * Andrew S. Peek, Integrated DNA Technologies, USA * Len Sassaman, Katholieke Universiteit Leuven, BE * Cliff Skolnick * Paul Syverson, Naval Research Laboratory, USA * [Others may be added] Sponsorship: If your organization is interested in sponsoring CodeCon, we would love to hear from you. In particular, we are looking for sponsors for social meals and parties on any of the three days of the conference, as well as sponsors of the conference as a whole and donors of door prizes. If you might be interested in sponsoring any of these aspects, please contact the conference organizers at codecon2...@codecon.org Press policy: CodeCon provides a limited number of passes to qualifying press. Complimentary press passes will be evaluated on request. Everyone is welcome to pay the low registration fee to attend without an official press credential. Questions: If you have questions about CodeCon, or would like to contact the organizers, please mail codecon2...@codecon.org. Please note this address is only for questions and