On Sep 3, 2013, at 3:16 PM, Faré wrote:
> Can't you trivially transform a hash into a PRNG, a PRNG into a
> cypher, and vice versa?
No.
> hash->PRNG: append blocks that are digest (seed ++ counter ++ seed)
Let H(X) = SHA-512(X) || SHA-512(X)
where '||' is concatenation. Assuming SHA-512 is a cry
On Sep 3, 2013, at 12:45 PM, Faré wrote:
> Don't write the code. Write a reasonably general software solver that
> finds a program that fulfill given specifications, given a minimum
> number of hints. Then write a specification for the problem (e.g.
> finding a nice elliptic curve with interestin
>>> Do we know they produced fake windows updates without assistance
>>> from Microsoft?
>>
>> Given the reaction from Microsoft, yes.
>>
>> The Microsoft public affairs people have been demonstrating real
>> anger at the Flame attack in many forums.
>
> ...Clearly, as things like bad vendor dri
On Sep 2, 2013, at 1:25 PM, Perry E. Metzger wrote:
> On Mon, 2 Sep 2013 00:06:21 -0400 Jerry Leichter
> wrote:
>> - To let's look at what they want for TOP SECRET. First off, RSA -
>> accepted for a transition period for SECRET, and then only with
>> 2048 bit modu
On Sep 1, 2013, at 10:35 PM, James A. Donald wrote:
>> Meanwhile, on the authentication side, Stuxnet provided evidence that the
>> secret community *does* have capabilities (to conduct a collision attacks)
>> beyond those known to the public - capabilities sufficient to produce fake
>> Windows
On Sep 1, 2013, at 6:06 PM, Perry E. Metzger wrote:
> We know what they spec for use by the rest of the US government in
> Suite B.
>
> http://www.nsa.gov/ia/programs/suiteb_cryptography/
>
> AES with 128-bit keys provides adequate protection for classified
> information up to the SECRET level.
On Sep 1, 2013, at 2:11 PM, Perry E. Metzger wrote:
> On Sun, 1 Sep 2013 07:11:06 -0400 Jerry Leichter
> wrote:
>> Meanwhile, just what evidence do we really have that AES is
>> secure?
>
> The fact that the USG likes using it, too.
We know they *say in public* that it&
On Sep 1, 2013, at 2:36 AM, Peter Gutmann wrote:
> John Kelsey writes:
>
>> If I had to bet, I'd bet on bad rngs as the most likely source of a
>> breakthrough in decrypting lots of encrypted traffic from different sources.
>
> If I had to bet, I'd bet on anything but the crypto. Why attack wh
On Aug 31, 2013, at 2:02 PM, Ray Dillinger wrote:
> ... It is both
> interesting and peculiar that so little news of quantum computing has been
> published since.
I don't understand this claim. Shor's work opened up a really hot new area
that both CS people and physicists (and others as well) ha
On Aug 29, 2013, at 7:00 PM, Phillip Hallam-Baker wrote:
> ...The code synthesis scheme I developed was an attempt to address the
> scaling problem from the other end. The idea being that to build a large
> system you create a very specific programming language that is targeted at
> precisely th
So the latest Snowden data contains hints that the NSA (a) spends a great deal
of money on cracking encrypted Internet traffic; (b) recently made some kind of
a cryptanalytic "breakthrough". What are we to make of this? (Obviously, this
will all be wild speculation unless Snowden leaks more sp
On Aug 28, 2013, at 2:04 PM, Faré wrote:
>> My target audience, like Perry's is people who simply can't cope with
>> anything more complex than an email address. For me secure mail has to look
>> feel and smell exactly the same as current mail. The only difference being
>> that sometime the secu
On Aug 28, 2013, at 11:03 AM, Jonathan Thornburg wrote:
> On Wed, 28 Aug 2013, Jerry Leichter wrote:
>> On the underlying matter of changing my public key: *Why* would I have
>> to change it? It's not, as today, because I've changed my ISP or employer
>> or s
On Aug 28, 2013, at 8:34 AM, Perry E. Metzger wrote:
> On Tue, 27 Aug 2013 23:39:51 -0400 Jerry Leichter
> wrote:
>> It's not as if this isn't a design we have that we know works:
>> DNS.
Read what I said: There's a *design* that works.
I never suggested
A different take on the problem: Would something built around identify-based
encryption help here? It sounds very tempting: My email address (or any other
string - say a bitmap of a picture of me) *is* my public key. The problem is
that it requires a central server that implicitly has access
On Aug 28, 2013, at 8:52 AM, Perry E. Metzger wrote:
> On Tue, 27 Aug 2013 23:52:23 -0400 Jerry Leichter
> wrote:
>> But none of that matters much any more. "Publication" is usually
>> on-line, so contact addresses can be arbitrary links. When we meet
>>
On Aug 28, 2013, at 4:24 AM, danimoth wrote:
> On 27/08/13 at 10:05pm, Christian Huitema wrote:
>>> Suppose, as in Bitcoin, my email address *is* my public key
>>
>> You can even use some hash compression tricks so you only need 9 or 10
>> characters to express the address as hash of the public
On Aug 27, 2013, at 9:48 PM, Perry E. Metzger wrote:
> On Tue, 27 Aug 2013 22:04:22 +0100 "Wendy M. Grossman"
> wrote:
>> On 08/27/2013 18:34, ianG wrote:
>>> Why do we need the 1980s assumption of being able to send freely
>>> to everyone, anyway?
>>
>> It's clear you're not a journalist or wo
On Aug 27, 2013, at 9:41 PM, Perry E. Metzger wrote:
> On Tue, 27 Aug 2013 21:13:59 -0400 Jerry Leichter
> wrote:
>> I wonder if much of the work on secure DHT's and such is based on
>> bad assumptions. A DHT is just a key/value mapping. There are two
>> reasons
I wonder if much of the work on secure DHT's and such is based on bad
assumptions. A DHT is just a key/value mapping. There are two reasons to want
to distribute such a thing: To deal with high, distributed load; and because
it's too large to store on any one node. I contend that the second
On Aug 26, 2013, at 2:54 PM, Ray Dillinger wrote:
> On 08/26/2013 10:39 AM, Jerry Leichter wrote:
>> On Aug 26, 2013, at 1:16 PM, Ray Dillinger wrote:
>
>>> Even a tiny one-percent-of-a-penny payment
>>> that is negligible between established correspondents o
On Aug 26, 2013, at 1:16 PM, Ray Dillinger wrote:
Minor point in an otherwise interesting message:
> Even a tiny one-percent-of-a-penny payment
> that is negligible between established correspondents or even on most email
> lists would break a spammer. Also, you can set your client to automatical
On Aug 26, 2013, at 10:14 AM, Perry E. Metzger wrote:
> On Mon, 26 Aug 2013 06:47:49 +0100 Richard Clayton
> wrote:
>> If you run your own emails system then you'll rapidly find out what
>> 2013's spam / malware problem looks like.
>
> This is slightly off topic, but...
>
> As it happens, I ru
On Aug 25, 2013, at 7:04 PM, Christian Huitema wrote:
> I think we can agree that the first step is to deploy home servers, and that
> the first application there would to host communication applications. Just
> doing that without much other change would already provide protection
> against the "
On Aug 25, 2013, at 6:28 PM, Perry E. Metzger wrote:
[Commenting on just one minor piece]
> ...Similar techniques may be useful for voice traffic, but that has
> "interesting" latency requirements, and they're hard to fulfill with a
> mix network that might take arbitrary time. There's been some
>
On Aug 20, 2013, at 1:38 PM, Perry E. Metzger wrote:
> What is the current state of patents on elliptic curve cryptosystems?
> (It would also be useful to know when the patents on such patents as
> exist end.)
As the Wikipedia article http://en.wikipedia.org/wiki/ECC_patents makes clear,
the situ
On Jul 5, 2013, at 12:07 PM, StealthMonger wrote:
>> A lawyer or other (paid) confidant was given instructions that would
>> disclose the key. "Do this if something happens to me."
>
> An adversary can verify an open source robot, but not such instructions.
>
> NSA cannot verify a claim that suc
Well, one does wonder about an RSA *primitive* that allows an exponent of 1.
If that's the tooling you're working atop, it's hard to imagine you're going to
produce anything decent.
-- Jerry
On Jul 1, 2013, at 8:58 AM, Eugen Leitl wrote:
On Oct 7, 2010, at 1:10 PM, Bernie Cosell wrote:
a 19-year-old just got a 16-month jail sentence for his refusal to
disclose the password that would have allowed investigators to see
what was on his hard drive.
What about http://www.truecrypt.org/docs/?s=plausible-deniability
Could this be u
On Oct 7, 2010, at 4:14 AM, Christoph Gruber wrote:
>>> a 19-year-old just got a 16-month jail sentence for his refusal to
>>> disclose the password that would have allowed investigators to see
>>> what was on his hard drive.
>>
> What about http://www.truecrypt.org/docs/?s=plausible-deniability
On Oct 1, 2010, at 11:34 PM, Richard Outerbridge wrote:
Any implementation that returns distinguishable error conditions
for invalid padding is vulnerable...
Oh come on. This is really just a sophisticated variant of the old
"never say which was wrong" - login ID or password - attack. In
t
On Sep 22, 2010, at 9:34 AM, Steven Bellovin wrote:
Does anyone know of any ciphers where bits of keys modify the
control path, rather than just data operations? Yes, I know that
that's a slippery concept, since ultimately things like addition and
multiplication can be implemented with loo
On Sep 6, 2010, at 10:49 PM, John Denker wrote:
If you think about the use of randomness in cryptography, what
matters
isn't really randomness - it's exactly unpredictability.
Agreed.
This is a very
tough to pin down: What's unpredictable to me may be predictable to
you,
It's easy to pin
The recent discussion of random number generators reminded me of
something that I've been meaning to write a note about. A couple of
years back, John Conway and Simon Kochen proved what they nicknamed
the Free Will Theorem. Its informal statement is: Given three very
simple axioms (which
On Aug 27, 2010, at 2:34 AM, Thomas wrote:
Am Donnerstag 26 August 2010 12:25:55 schrieb Jerry Leichter:
RNG's in VM's are a big problem because the "unpredictable" values
used in the non-deterministic parts of the algorithms - whether you
use them just for seeding or dur
On Aug 25, 2010, at 4:37 PM, travis+ml-cryptogra...@subspacefield.org
wrote:
I also wanted to double-check these answers before I included them:
1) Is Linux /dev/{u,}random FIPS 140 certified?
No, because FIPS 140-2 does not allow TRNGs (what they call non-
deterministic). I couldn't tell if
I read through the HTTP Strict Transport Security (HSTS) Draft RFC (http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02
) and it's an odd mix. It continues - and expands on - Firefox's war
against self-signed certs - while adding to the Web exactly the same
kind of SSH-style "conn
Yesterday I asked about Haystack, an anti-censorship system that
appears to exist mainly as newspaper articles. So today I ran across
another system, which appears to be real: Collage (http://gigaom.com/2010/07/12/software-uses-twitter-flickr-to-let-dissidents-send-secret-messages/
), develo
On Aug 17, 2010, at 4:20 AM, Peter Gutmann wrote:
Your code-signing system should create a tamper-resistant audit
trail [0] of
every signature applied and what it's applied to.
Peter.
[0] By this I don't mean the usual cryptographic Rube-Goldbergery,
just log
the details to a separate
The mainstream press is full of discussion for a new program,
Haystack, developed by a guy name Austin Heap and sponsored by the
Censorship Research Center as a new kind of secure proxy. See http://www.haystacknetwork.com/faq/
for some information.
As described, the program relies on some
Excerpted from
http://arstechnica.com/security/news/2010/08/cars-hacked-through-wireless-tyre-sensors.ars
-- Jerry
The tire pressure monitors built into modern cars have been shown to
be insecure by researchers from Rutgers University an
We discussed the question of why IE6 is still out there. Well ... http://arstechnica.com/microsoft/news/2010/08/despite-petition-uk-government-to-keep-ie6.ars
reports that the UK government has officially decided not to replace
IE6, feeling the costs outweigh the benefits. Quoting from the
On Aug 2, 2010, at 4:19 PM, Paul Wouters wrote:
...Of course, TLS hasn't been successful in the sense that we care
about
most. TLS has had no impact on how users authenticate (we still send
usernames and passwords) to servers, and the way TLS authenticates
servers to users turns out to be very
On Aug 2, 2010, at 1:25 PM, Nicolas Williams wrote:
On Mon, Aug 02, 2010 at 12:32:23PM -0400, Perry E. Metzger wrote:
Looking forward, the "there should be one mode, and it should be
secure" philosophy would claim that there should be no insecure
mode for a protocol. Of course, virtually all pr
On Aug 2, 2010, at 2:30 AM, Peter Gutmann wrote:
Jerry Leichter writes:
One could certainly screw up the design of a recovery system, but one
would have to try. There really ought not be that much of difference
between recovering from m pieces and recovering from one.
There's a
On Aug 1, 2010, at 7:10 AM, Peter Gutmann wrote:
Thanks to all the folks who pointed out uses of m-of-n threshold
schemes,
however all of them have been for the protection of one-off, very
high-value
keys under highly controlled circumstances by trained personnel,
does anyone
know of any si
On Aug 1, 2010, at 10:34 AM, Henrique de Moraes Holschuh wrote:
(Please keep all CCs).
On Sun, 01 Aug 2010, Jerry Leichter wrote:
file might be reused: Stir in the date and time and anything else
that might vary - even if it's readily guessable/detectable - along
Well, yes, we have se
On the question of what to do if we can't be sure the saved seed file
might be reused: Stir in the date and time and anything else that
might vary - even if it's readily guessable/detectable - along with
the seed file. This adds minimal entropy, but detecting that a seed
file has been re-
On Jul 28, 2010, at 11:04 AM, Jonathan Thornburg wrote:
http://www.crashie.com/ - if you're feeling malicious, just include
the one line JavaScript that will make IE6 crash, maybe eventually
the
user will figure it out. (Or maybe not).
Please stop and think about the consequences before usin
On Jul 27, 2010, at 5:34 PM, Ben Laurie wrote:
> On 24/07/2010 18:55, Peter Gutmann wrote:
>> - PKI dogma doesn't even consider availability issues but expects the
>> straightforward execution of the condition "problem -> revoke cert". For a
>> situation like this, particularly if the cert was
On Jul 11, 2010, at 1:16 PM, Ben Laurie wrote:
Beyond simple hacking - someone is quoted saying "You can consider
GPS a
little like computers before the first virus - if I had stood here
before
then and cried about the risks, you would've asked 'why would anyone
bother?'." - among the possib
On Jun 29, 2010, at 3:33 AM, Steven Bellovin wrote:
For years, there have been unverifiable statements in the press
about assorted hostile parties using steganography. There may now
be a real incident -- or at least, the FBI has stated in court
documents that it happened.
According to th
On Jun 3, 2010, at 10:39 AM, Sandy Harris wrote:
India recently forbade some Chinese companies from bidding on some
cell phone infrastructure projects, citing national security
concerns...
The main devices to worry about are big infrastructure pieces --
telephone switches, big routers and the
On Jul 9, 2010, at 1:00 PM, Pawel wrote:
Hi,
On Apr 27, 2010, at 5:38 AM, "Peter Gutmann (alt)" > wrote:
GPS tracking units that you can fit to your car to track where your
kids are taking it [T]he sorts of places that'll sell you card
skimmers and RFID cloners have started selling m
On Jul 9, 2010, at 1:55 PM, Jonathan Katz wrote:
CTR mode seems a better choice here. Without getting too technical,
security of CTR mode holds as long as the IVs used are "fresh"
whereas security of CBC mode requires IVs to be random.
In either case, a problem with a short IV (no matter wha
On Apr 21, 2010, at 7:29 PM, Samuel Neves wrote:
EC definitely has practical merit. Unfortunately the patent issues
around
protocols using EC public keys are murky.
Neither RSA nor EC come with complexity proofs.
While EC (by that I assume you mean ECDSA) does not have a formal
security pro
On Mar 25, 2010, at 8:05 AM, Dave Kleiman wrote:
March 24th, 2010 New Research Suggests That Governments May Fake SSL
Certificates
Technical Analysis by Seth Schoen
http://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl
""Today two computer security researcher
On Nov 21, 2009, at 6:12 PM, Bill Frantz wrote:
leich...@lrw.com (Jerry Leichter) on Saturday, November 21, 2009
wrote:
It's no big deal to read these cards,
and from many times the inch or so that the standard readers require.
So surely someone has built a portable reade
On Nov 18, 2009, at 6:16 PM, Anne & Lynn Wheeler wrote:
... we could moved to a "person-centric" paradigm ... where a person
could use the same token for potentially all their interactions ...
we claimed we do something like two orders magnitude reduction in
fully-loaded costs by going to no p
On Nov 16, 2009, at 12:30 PM, Jeremy Stanley wrote:
If one organization distributes the dongles, they could accept
only updates signed by that organization. We have pretty good
methods for keeping private keys secret at the enterprise level,
so the risks should be manageable.
But even then, poo
On Nov 11, 2009, at 10:36 AM, Matt Crawford wrote:
On Nov 10, 2009, at 8:44 AM, Jerry Leichter wrote:
Whether or not it can, it demonstrates the hazards of freezing
implementations of crypto protocols into ROM: Imagine a world in
which there are a couple of hundred million ZTIC'
On Nov 8, 2009, at 7:45 PM, Thorsten Holz wrote:
...There are several approaches to stop (or at least make it more
difficult) this attack vector. A prototype of a system that
implements the techniques described in your blog posting was
presented by IBM Zurich about a year ago, see http://www
On Nov 8, 2009, at 6:30 AM, Zooko Wilcox-O'Hearn wrote:
I propose the following combined hash function C, built out of two
hash functions H1 and H2:
C(x) = H1(H1(x) || H2(x))
I'd worry about using this construction if H1's input block and output
size were the same, since one might be able to
On Nov 8, 2009, at 2:07 AM, John Levine wrote:
At a meeting a few weeks ago I was talking to a guy from BITS, the
e-commerce part of the Financial Services Roundtable, about the way
that malware infected PCs break all banks' fancy multi-password logins
since no matter how complex the login proce
On Nov 6, 2009, at 4:19 PM, Erwan Legrand wrote:
On Tue, Nov 3, 2009 at 9:41 PM, David-Sarah Hopwood
wrote:
Jerry is absolutely correct that the practical result will be that
most
users of OpenID will become more vulnerable to compromise of a single
password.
Do you really believe most peo
On Nov 2, 2009, at 5:36 PM, Jeffrey I. Schiller wrote:
- "Jerry Leichter" wrote:
for iPhone's and iPod Touches, which are regularly used to hold
passwords (for mail, at the least).
I would not (do not) trust the iPhone (or iPod Touch) to protect a
high value password
On Nov 1, 2009, at 10:32 PM, Steven Bellovin wrote:
On Oct 29, 2009, at 11:25 PM, Jerry Leichter wrote:
A couple of days ago, I pointed to an article claiming that these
were easy to break, and asked if anyone knew of security analyses
of these facilities.
I must say, I'm
A couple of days ago, I pointed to an article claiming that these were
easy to break, and asked if anyone knew of security analyses of these
facilities.
I must say, I'm very disappointed with the responses. Almost everyone
attacked the person quoted in the article. The attacks they assume
The article at http://www.net-security.org/article.php?id=1322 claims
that both are easily broken. I haven't been able to find any public
analyses of Keychain, even though the software is open-source so it's
relatively easy to check. I ran across an analysis of File Vault not
long ago whi
On Oct 17, 2009, at 5:23 AM, John Gilmore wrote:
Even using keys that have a round number of bits is foolish, in my
opinion. If you were going to use about 2**11th bits, why not 2240
bits, or 2320 bits, instead of 2048? Your software already handles
2240 bits if it can handle 2048, and it's onl
A bit too far for a quick visit (at least for me):
http://news.bbc.co.uk/2/hi/uk_news/england/8241617.stm
-- Jerry
-
The Cryptography Mailing List
Unsubscribe by sending "u
On Oct 14, 2009, at 7:54 PM, Perry E. Metzger wrote:
...We should also recognize that in cryptography, a small integer
safety
margin isn't good enough. If one estimates that a powerful opponent
could attack a 1024 bit RSA key in, say, two years, that's not even a
factor of 10 over 90 days, and
On Oct 3, 2009, at 2:42 AM, Kevin W. Wall wrote:
Hi list...I have a question about Shamir's secret sharing.
According to the _Handbook of Applied Cryptography_
Shamir’s secret sharing (t,n) threshold scheme works as follows:
SUMMARY: a trusted party distributes shares of a secret S to n
u
Well, here I'll expect one. :-)
As there is increasing pressure to keep
records of Internet use, there will be a counter-move to use VPN's
which promise to keep no records. Which will lead to legal orders
that records be kept, with no notification to those being tracked.
Enter secure remot
On Sep 17, 2009, at 1:20 AM, Peter Gutmann wrote:
"Kevin W. Wall" writes:
(Obviously some of these padding schemes such as OAEP are not
suitable with
symmetric ciphers. Or at least I don't think they are.)
You'd be surprised at what JCE developers will implement just
because they
can, a
On Sep 4, 2009, at 4:24 PM, Matt Crawford wrote:
". . . federal agents at the conference got a scare on Friday when
they were told they might have been caught in the sights of an RFID
reader.
The reader, connected to a web camera, sniffed data from RFID-
enabled ID cards and other documents
On Sep 7, 2009, at 8:58 AM, Jerry Leichter wrote:
...standard Mac OS GUI element to prompt for passwords ...
I should expand on that a bit: This GUI element is used for all kinds
of things tied to a window, not just passwords. For example, if you
try to close a window that contains stuff
On Sep 3, 2009, at 12:26 AM, Peter Gutmann wrote:
This returns us to the previously-unsolved UI problem: how -- with
today's
users, and with something more or less like today's browsers since
that's
what today's users know -- can a spoof-proof password prompt be
presented?
Good enough to s
http://blogs.zdnet.com/storage/?p=565
"NSA spooks gather for a colleague’s retirement party at a bar. What
they don’t know is that an RFID scanner is picking them out - and a
wireless Bluetoothwebcam is taking their picture.
Could that really happen? It already did.
(The Feds got a taste
It can “...intercept all audio data coming and going to the Skype
process.”
Proof of concept, but polished versions will surely follow.
http://www.scmagazineus.com/Skype-snooping-trojan-detected/article/147537/
-- Jerry
http://conferences.sigcomm.org/sigcomm/2009/workshops/mobiheld/papers/p31.pdf
ABSTRACT
Modern mobile phones possess three types of capabilities:
computing, communication, and sensing. While these capa-
bilities enable a variety of novel applications, they also raise
serious privacy concerns. We e
http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message%20Falsification%20Attack%20on%20WPA.pdf
A Practical Message Falsification Attack on WPA
Toshihiro Ohigashi and Masakatu Morii
Abstract. In 2008, Beck and Tews have proposed a practical attack on
WPA. Their attack (called the Beck
On Aug 26, 2009, at 1:39 PM, Zooko Wilcox-O'Hearn wrote:
...This at least suggests that the v1.7 readers need to check *all*
hashes that are offered and raise an alarm if some verify and others
don't. Is that good enough?
"Good enough" for what purpose?
By hypothesis, "SHA-3" is secure, so
On Aug 11, 2009, at 2:47 PM, Hal Finney wrote:
[Note subject line change]
Jerry Leichter writes:
Since people do keep bringing up Moore's Law in an attempt to justify
larger keys our systems "stronger than cryptography," it's worth
keeping in mind that we are approaching
On Aug 10, 2009, at 4:42 AM, Alexander Klimov wrote:
On Sun, 9 Aug 2009, Jerry Leichter wrote:
Since people do keep bringing up Moore's Law in an attempt to justify
larger keys our systems "stronger than cryptography," it's worth
keeping in mind that we are approaching
3. Cleversafe should really tone down the Fear Uncertainty and
Doubt about today's encryption being mincemeat for tomorrow's
cryptanalysts. It might turn out to be true, but if so it will be
due to cryptanalytic innovations more than due to Moore's Law. And
it might not turn out like tha
Just about all notebooks shipped in the last 5 years or more contain a
helpful bit of code in the BIOS that allows for remote tracing in case
of theft. Unfortunately, it's got serious security holes, allowing it
to be used for much more nefarious purposes - like rootkits that
survive disk
A couple of weeks ago, Apple distributed a firmware update for their
keyboards - the standalone ones, not the ones built into laptops. I
remarked at the time (perhaps on this list?) that given a way for
Apple to update the firmware ... was there a way for others with
malicious intent? Wel
Why Cloud Computing Needs More Chaos:
http://www.forbes.com/2009/07/30/cloud-computing-security-technology-cio-network-cloud-computing.html
[Moderator's note: ... the article is about a growing problem -- the
lack of good quality random numbers in VMs provided by services like
EC2
and the effe
Found on the Telecom list (which I've subscribed to for years but
almost never read any more). The paper is quite interesting.
-- Jerry
Date: Fri, 31 Jul 2009 22:07:03 -0400
From: Monty Solomon
To: mod...@telecom.csail.mit.edu
Subject:
On Jul 26, 2009, at 11:20 PM, Perry E. Metzger wrote:
Jerry Leichter writes:
While I agree with the sentiment and the theory, I'm not sure that it
really works that way. How many actual implementations of typical
protocols are there?
I'm aware of at least four TCP/IP implemen
On Jul 26, 2009, at 2:27 PM, Perry E. Metzger wrote:
...[T]here is an exploitable hole in
Adobe's "Flash" right now, and there is no fix available yet
This highlights an unfortunate instance of monoculture -- nearly
everyone on the internet uses Flash for nearly all the video they
watch,
s
On Jul 26, 2009, at 12:11 AM, james hughes wrote:
On Jul 24, 2009, at 9:33 PM, Zooko Wilcox-O'Hearn wrote:
[cross-posted to tahoe-...@allmydata.org and cryptography@metzdowd.com
]
Disclosure: Cleversafe is to some degree a competitor of my Tahoe-
LAFS project.
...
I am tempted to ignore
On Jul 21, 2009, at 10:48 PM, Perry E. Metzger wrote:
d...@geer.org writes:
The pieces of the key, small numbers, tend to =93erode=94 over
time as
they gradually fall out of use. To make keys erode, or timeout,
Vanish
takes advantage of the structure of a peer-to-peer file system. Such
netw
On Jul 21, 2009, at 3:11 PM, Hal Finney wrote:
The first is equivalent to: knowing g^(xy) is it impossible to
deduce g^x,
where y = H(g^x). Define Y = g^x, then y = H(Y) and g^(xy) = Y^H(Y).
The
question is then:
Given Y^H(Y) can we deduce Y?
To make a simple observation: H matters. If H(z
On Jul 8, 2009, at 8:46 PM, d...@geer.org wrote:
I don't honestly think that this is new, but even
if it is, a 9-digit random number has a 44% chance
of being a valid SSN (442 million issued to date).
Different attack. What they are saying is that given date and place
of birth - not normally c
Randomness from quantum effects at Megabits per second (and they claim
they can get to Gb/s). I can't say I follow all the details of what
they're doing.
http://spie.org/x35516.xml
-- Jerry
-
On Jun 28, 2009, at 4:05 PM, Ivan Krstić wrote:
Does anyone have a recommended encrypted password storage program for
the mac?
System applications and non-broken 3rd party applications on OS X
store credentials in Keychain, which is a system facility for
keeping secrets. Your user keychain
On May 29, 2009, at 8:48 AM, Peter Gutmann wrote:
Jerry Leichter writes:
For the most part, software like this aims to keep reasonably honest
people honest. Yes, they can probably hire someone to hack around
the
licensing software. (There's generally not much motivation for J
R
Using retransmissions for steganography.
http://arxiv.org/pdf/0905.0363v3
-- Jerry
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to maj
101 - 200 of 244 matches
Mail list logo