,
how many candidates have offered such a proof, in variants fast enough
to beat SHA-2?
Hal Finney
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
the polynomial variable is
secret, it is based on the key. So you don't know how things are being
combined. But with a known key and IV, there would be no security at all.
It would be linear like a CRC.
Hal Finney
-
The Cryptography
whether S is even or odd,
defeating the privacy of the scheme.
Hal Finney
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
At 10:39 AM -0700 7/4/09, Hal Finney wrote:
But how many other hash function candidates would also be excluded if
such a stringent criterion were applied? Or turning it around, if NIST
demanded a proof of immunity to differential attacks as Rivest proposed,
how many candidates have offered
possible v value. Learning a share tells you
nothing about v, and in general Shamir sharing, learning all but one of
the needed shares similarly tells you nothing about the secret.
Hal Finney
-
The Cryptography Mailing List
paths with
a maximum number of auxiliary paths.
(Rather than, we are abandoning our search for more differential paths
and working to try to find a real collision using this one. ;)
Hal Finney
-
The Cryptography Mailing List
message attack to find details, or read:
www.di.ens.fr/~bouillaguet/pub/SAC2009.pdf
slides (not too informative):
http://rump2009.cr.yp.to/ccbe0b9600bfd9f7f5f62ae1d5e915c8.pdf
Hal Finney
-
The Cryptography Mailing List
Unsubscribe
h...@finney.org (Hal Finney) on Saturday, January 24, 2009 wrote:
Countermeasures by botnet operators would include moderating their take,
perhaps only stealing 10% of the productive capacity of invaded computers,
so that their owners would be unlikely to notice. This kind of thinking
quickly
On Tue, Jun 16, 2009 at 09:31:36AM -0700, Hal Finney wrote:
Udhay Shankar N quotes wikipedia:
The question was finally resolved in 2009 with the development of the
first true fully homomorphic cryptosystem. The scheme, constructed by
Craig Gentry, employs lattice based encryption and allows
At 10:39 AM -0700 7/4/09, Hal Finney wrote:
But how many other hash function candidates would also be excluded if
such a stringent criterion were applied? Or turning it around, if NIST
demanded a proof of immunity to differential attacks as Rivest proposed,
how many candidates have offered
h...@finney.org (Hal Finney) writes:
Paul Hoffman wrote:
Getting a straight answer on whether or not the recent preimage work
is actually related to the earlier collision work would be useful.
[...]
There was an amusing demo at the rump session though of a different
kind of preimage
like 100 million
to 1! Even if the odds of Bitcoin succeeding to this degree are slim,
are they really 100 million to one against? Something to think about...
Hal
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
11:04:15 -0700 (PDT)
From: h...@finney.org (Hal Finney)
Subject: Re: On what the NSA does with its tech
MV writes:
Yes. They can't break a 128 bit key. That's obvious. (if all the
atoms in the
universe were computers... goes the argument).
Not necessarily, if nanotechnology works. 128 bits
. But it could still probably be smaller than for even ECDSA keys.
Anyway, that's the concept. Does anyone recognize it?
Hal Finney
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
On Tue, 2008-12-30 at 11:51 -0800, Hal Finney wrote:
Therefore the highest priority should be for the six bad CAs to change
their procedures, at least start using random serial numbers and move
rapidly to SHA1. As long as this happens before Eurocrypt or whenever
the results end up being
Hal Finney wrote:
* Spammer botnets could burn through pay-per-send email filters
trivially
If POW tokens do become useful, and especially if they become money,
machines will no longer sit idle. Users will expect their computers to
be earning them money (assuming the reward is greater
On Sat, 2009-07-04 at 10:39 -0700, Hal Finney wrote:
Rivest:
Thus, while MD6 appears to be a robust and secure cryptographic
hash algorithm, and has much merit for multi-core processors,
our inability to provide a proof of security for a
reduced-round (and possibly tweaked
Paul Hoffman wrote:
At 10:39 AM -0700 7/4/09, Hal Finney wrote:
But how many other hash function candidates would also be excluded if
such a stringent criterion were applied? Or turning it around, if NIST
demanded a proof of immunity to differential attacks as Rivest proposed,
how many
On Jul 21, 2009, at 3:11 PM, Hal Finney wrote:
The first is equivalent to: knowing g^(xy) is it impossible to
deduce g^x,
where y = H(g^x). Define Y = g^x, then y = H(Y) and g^(xy) = Y^H(Y).
The
question is then:
Given Y^H(Y) can we deduce Y?
To make a simple observation: H matters. If H
Hal Finney wrote:
Darren J Moffat darren.mof...@sun.com asks:
Ignoring performance for now what is the consensus on the suitabilty of
using AES-GMAC not as MAC but as a hash ?
Would it be safe ?
The key input to AES-GMAC would be something well known to the data
and/or software.
No, I
that their owners would be unlikely to notice. This kind of thinking
quickly degenerates into unreliable speculation, but it points out the
difficulties of analyzing the full ramifications of a world where POW
tokens are valuble.
Hal Finney
remains open: is there a POW
system which could be built solely on logically reversible computation?
The computation has to be intrinsically time consuming, but with a short
and quickly verifiable certificate of validity.
Hal Finney
so long sought.
Hal Finney
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
solve this -
seems like a hard problem.)
Hal Finney
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
On Aug 11, 2009, at 2:47 PM, Hal Finney wrote:
[Note subject line change]
Jerry Leichter writes:
Since people do keep bringing up Moore's Law in an attempt to justify
larger keys our systems stronger than cryptography, it's worth
keeping in mind that we are approaching fairly deep physical
On Tue, 30 Dec 2008, Hal Finney wrote:
- The attack relies on cryptographic advances in the state of the art for
finding MD5 collisions from inputs with different prefixes. These advances
are not yet being published but will presumably appear in 2009.
To insert a malicious
On Jan 27, 2009, at 2:35 PM, Hal Finney wrote:
John Gilmore writes:
The last thing we need is to deploy a system designed to burn all
available cycles, consuming electricity and generating carbon
dioxide,
all over the Internet, in order to produce small amounts of bitbux to
get emails
http://lesswrong.com/lw/1ab/dying_outside/
Less Wrong
Dying Outside
59
HalFinney
05 October 2009 02:45AM
A man goes in to see his doctor, and after some tests, the doctor
says, I'm sorry, but you have a fatal disease.
Man: That's terrible! How long have I got?
Doctor: Ten.
Man: Ten? What
28 matches
Mail list logo