Re: [spam] Re: Nullsoft's WASTE communication system

In message <[EMAIL PROTECTED]>, "John Brothers" writes: > >> Any license that you may >> believe you acquired with the Software is void, revoked and terminated. > > >Can you void and/or revoke the GPL? It doesn't matter if the GPL statement wasn't inserted by the real owner of the work. Note

Re: Nullsoft's WASTE communication system

The AP wire reports that the founder of Nullsoft, Justin Frankel, plans to resign in the wake of WASTE being pulled. http://www.nytimes.com/aponline/technology/AP-AOL-Nullsoft.html --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com

Re: An attack on paypal

In message <[EMAIL PROTECTED]>, Anne & Lynn Whee ler writes: > >at a recent cybersecurity conference, somebody made the statement that (of >the current outsider, internet exploits, approximately 1/3rd are buffer >overflows, 1/3rd are network traffic containing virus that infects a >machine beca

Re: An attack on paypal

In message <[EMAIL PROTECTED]>, "Matt Crawford" writ es: >> The worst trouble I've had with https is that you have no way to use host >> header names to differentiate between sites that require different SSL >> certificates. > >True as written, but Netscrape ind Internet Exploder each have a hack >

Re: An attack on paypal

Let me point folk at http://www.securityfocus.com/news/5654 for a related issue. To put it very briefly, *real* authentication is hard. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book) -

Re: Pre-cursor to Non-Secret Encryption

In message <[EMAIL PROTECTED]>, John Young writes: > >Related: We have a three-year-old FOIA request to NSA for >information on: > > The invention, discovery and development of "non-secret > encryption" (NSE) and public key cryptography (PKC) by > United Kingdom, United States, or any other

Re: authentication and ESP

In message <[EMAIL PROTECTED]>, martin f krafft writes : >As far as I can tell, IPsec's ESP has the functionality of >authentication and integrity built in: > >RFC 2406: > > 2.7 Authentication Data > > The Authentication Data is a variable-length field containing an > Integrity Check Value (

Re: New toy: SSLbar

>It's a toolbar for Mozilla (and related web browsers) that automatically >displays the SHA1 or MD5 fingerprint of the SSL certificate when you visit >an SSL secured web site. You could of course click the little padlock icon >and dig through a couple of dialogs to see it, but it's much easier

Re: New toy: SSLbar

In message <[EMAIL PROTECTED]>, Ian Grigg writes: > >Also, to impune the plug-in arrangement is to >impune all plug-ins, and to impune the download >from an unknown is to impune all downloads from >unknowns. Sounds about right... ... > >I.e., "download this fantastic tool" which >just so annoyi

Re: Attacking networks using DHCP, DNS - probably kills DNSSEC

In message <[EMAIL PROTECTED]>, Bill Stewart writes: >Somebody did an interesting attack on a cable network's customers. >They cracked the cable company's DHCP server, got it to provide a >"Connection-specific DNS suffic" pointing to a machine they owned, >and also told it to use their DNS server.

Re: Attacking networks using DHCP, DNS - probably kills DNSSEC

In message <[EMAIL PROTECTED]>, Simon Josefsson writes: > >Of course, everything fails if you ALSO get your DNSSEC root key from >the DHCP server, but in this case you shouldn't expect to be secure. >I wouldn't be surprised if some people suggest pushing the DNSSEC root >key via DHCP though, becau

Re: Attacking networks using DHCP, DNS - probably kills DNSSEC NOT

In message <[EMAIL PROTECTED]>, Simon Josefsson writes: >Bill Stewart <[EMAIL PROTECTED]> writes: > >>>* Your laptop see and uses the name "yahoo.com.attackersdomain.com". >>> You may be able to verify this using your DNSSEC root key, if the >>> attackersdomain.com people have set up DNSSEC for

Re: LibTomNet [v0.01]

[Moderator's note: I've been choking back the LibTomNet argument but I thought Steve's specific references here are interesting, even if the point has already been made. --Perry] In message <[EMAIL PROTECTED]>, tom st denis w rites: > >The RFC looks like it was written by a member of the ACLU a

Threat models (was: quantum hype )

In message <[EMAIL PROTECTED]>, "John S. Denker" writes: > Or perhaps more relevantly, what >is the chance that an enemy black-bag artist or a >traitor or a bungler will compromise all my keys >and/or all my plaintext? The latter is not to >be sneezed at, and puts an upper bound on what >I'm willi

Re: anonymous DH & MITM

In message <[EMAIL PROTECTED]>, Ian Grigg writes: >M Taylor wrote: > >MITM is a real and valid threat, and should be >considered. By this motive, ADH is not a recommended >mode in TLS, and is also deprecated. > >Ergo, your threat model must include MITM, and you >will pay the cost. > >(Presumably

Re: Monoculture

In message <[EMAIL PROTECTED]>, "Perry E. Metzger" writes: > >Unfortunately, those parts are rather dangerous to omit. > >0) If you omit the message authenticator, you will now be subject to a > range of fine and well documented cut and paste attacks. With some > ciphers, especially stream cip

Re: anonymous DH & MITM

half of the first ciphertext, Mitch can't >decrypt it, and thus not pass on the correct thing to Bob in the first >step and to Alice in the second, so both can actually be sure to have >the public key of the person that made the other move. > You have to be careful how you a

Re: A-B-a-b encryption

In message <[EMAIL PROTECTED]>, "Perry E.Metzger" writes: >Hmm. You need a cipher such that given B(A(M)) and A you can get >B(M). I know of only one with that property -- XOR style stream >ciphers. Unfortunately that makes for a big flaw, so I'm not sure we >should throw out our Diffie-Hellman im

Re: Open Source Embedded SSL - Export Questions

In message <[EMAIL PROTECTED]>, "J Harper" writes: >SSLv3 protocol implementation >Simple ASN.1 parsing >Cipher suites: >TLS_RSA_WITH_RC4_128_MD5 >TLS_RSA_WITH_RC4_128_SHA >TLS_RSA_WITH_3DES_EDE_CBC_SHA I understand the need to conserve space; that said, I strongly urge you to consid

Re: Problems with GPG El Gamal signing keys?

In message <[EMAIL PROTECTED]>, "Anton Stiglic" writes : > >By the way, is the paper by Phong Q. Nguyen describing the vulnerability >available somewhere? This note appeared on the IETF OpenPGP mailing list. -- Subject: Re: Removing Elgamal signatures From: David Shaw <[EMAIL PROTECTED]> Date:

Re: origin of SHA 224 initial hash values

In message <[EMAIL PROTECTED]>, "Jeroen C.va n Gelderen" writes: > >On Dec 6, 2003, at 3:26, Jeremiah Rogers wrote: > >> I'm having trouble pinpointing the origin of the initial hash values >> for SHA 224 and, for that matter, 128. These values are defined as hex >> representations of cube roots

Re: yahoo to use public key technology for anti-spam

In message <[EMAIL PROTECTED]>, bear writes: > >>But you should be sending mails via *your* SMTP server, and should be >>connecting to that SMTP server using SSL and authentication. Open relays >>encourage spam. People shouldn't be relaying mail via just any SMTP server. > >This is generally how

Re: yahoo to use public key technology for anti-spam

In message <[EMAIL PROTECTED]>, Dan Geer writes: > >> So, in capsule: this proposal assumes that you use the same machine for >> outgoing and incoming e-mail. > >I'm actually experimenting with sending mail directly, >per this little hack[1], which does have separate paths >for incoming and out

Re: The future of security

In message <[EMAIL PROTECTED]>, Ian Grigg writes: > Security architects >will continue to do most of their work with >little or no crypto. And rightly so, since most security problems have nothing to do with the absence of crypto. > >j. a cryptographic solution for spam and >viruses won't be fou

Re: The future of security

In message <[EMAIL PROTECTED]>, "Anton Stiglic" writes: > >- Original Message ----- >From: "Steven M. Bellovin" <[EMAIL PROTECTED]> > >> > >> >j. a cryptographic solution for spam and >> >viruses won't be found. &

Re: The future of security

In message <[EMAIL PROTECTED]>, Ben Laurie writes: >Steven M. Bellovin wrote: >> In message <[EMAIL PROTECTED]>, "Anton Stiglic" write >s: >> >>>- Original Message - >>>From: "Steven M. Bellovin" <[EMAIL PROTECTED]>

Re: SMTP over TLS

In message <[EMAIL PROTECTED]>, "Perry E. Metzger" writes: > >I view link encryption for SMTP -- i.e. SMTP over TLS -- as having two >functions. > >1) It frustrates "vacuum cleaner" mail tapping efforts to some degree. >2) It can be used effectively for authenticating the posting of a > mail mess

Re: "The secret code is 00000000"

Although I'm not a professional in the nuclear weapons field, I have done a fair amount of research on the subject of PALs (Permissive Action Links); you can find a summary of my results at http://www.research.att.com/~smb/nsam-160/pal.html. I'll be updating the page soon, to add more informati

Re: Is finding security holes a good idea?

In message <[EMAIL PROTECTED]>, Ben Laurie writes: > >What you _may_ have shown is that there's an infinite number of bugs in >any particularly piece of s/w. I find that hard to believe, too :-) > Or rather, that the patch process introduces new bugs. Let me quote from Fred Brooks' "Mythical M

Re: Question on the state of the security industry (second half not necessarily on topic)

In message <[EMAIL PROTECTED]>, Jason H olt writes: > >[...] > >I had the same question about the NSA when some friends were interviewing >there. Apparently investigators will just show up at your house and want to >know all sorts of things about your friends, who you may or may not know to be >i

Re: EZ Pass and the fast lane ....

In message <[EMAIL PROTECTED]>, John Gilmore writes: >If they could read the license plates reliably, then they wouldn't >need the EZ Pass at all. They can't. It takes human effort, which is >in short supply. > There are, in fact, toll roads that try to do that; see, for example, http://www.whe

Re: Using crypto against Phishing, Spoofing and Spamming...

In message <[EMAIL PROTECTED]>, Ian Grigg writes: >> >> Don't be silly. It's not a threat because people generally use >> SSL. Back in the old days, password capture was a very serious >> threat. It went away with SSH. It seems to me quite likely that >> it would be a problem with web browsing in

Re: Al Qaeda crypto reportedly fails the test

In message <[EMAIL PROTECTED]>, John Denker writes: >Here's a challenge directly relevant to this group: Can you >design a comsec system so that pressure against a code clerk >will not do unbounded damage? What about pressure against a >comsec system designer? > That is, of course, one of the p

Re: [anonsec] Re: potential new IETF WG on anonymous IPSec (fwd from [EMAIL PROTECTED]) (fwd from [EMAIL PROTECTED])

In message <[EMAIL PROTECTED]>, Peter Gutmann writes: >Eugen Leitl <[EMAIL PROTECTED]> writes: > > >Maybe it's worth doing some sort of generic RFC for this security model to >avoid scattering the same thing over a pile of IETF WGs, things like the >general operational principles (store a hash of

Re: [anonsec] Re: potential new IETF WG on anonymous IPSec (fwd from [EMAIL PROTECTED]) (fwd from [EMAIL PROTECTED])

In message <[EMAIL PROTECTED]>, Ian Grigg writes: >Peter Gutmann wrote: >> "Steven M. Bellovin" <[EMAIL PROTECTED]> writes: >>>>Maybe it's worth doing some sort of generic RFC for this security model to >>>>avoid scattering the same thing

Re: IBM's original S-Boxes for DES?

In message <[EMAIL PROTECTED]>, Nicolai Moles -Benfell writes: >Hi, > >A number of sources state that the NSA changed the S-Boxes (and reduced the ke >y >size) of IBM's original DES submission, and that these change were made to >strengthen the cipher against differential/linear/?? cryptanalysis. >

Re: workshop on unwanted Internet traffic

In message <[EMAIL PROTECTED]>, Steve Bellov in writes: >Readers of this list may be interesting the the SRUTI -- Steps Towards >Reducing Unwanted Traffic on the Internet -- workshop. See >http://www.research.att.com/~bala/srut for details. > CORRECTION: it's http://www.research.att.com/~bala/sr

Re: "The Reader of Gentlemen's Mail", by David Kahn

nizations) became technologically obsolete. One of the reviews on Amazon.com noted skeptically Kahn's claim that Friedman was jealous of Yardley's success with women. I have no idea if that's true, though moralistic revulsion may be closer. But I wonder if the root of

Re: entropy depletion

uts? (Remember the purported escrow key generation algorithm for Clipper? See http://www.eff.org/Privacy/Newin/Cypherpunks/930419.denning.protocol for details. The algorithm was later disavowed, but I've never been convinced that the disavowal was genuine.) --Prof. Stev

Microsoft reuses RC4 keys in Office

ate a new IV. The consequences are obvious to readers of this list --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe crypto

Cryptanalytic attack on an RFID chip

ys or SpeedPasses in aluminum foil. I suspect that a more practical form factor is a spring-loaded conductive sleeve that normally surrounds the RFID chip, but is push back either manually or on key insertion. --Prof. Steven M. Bellovin, http://www.

Re: Is 3DES Broken?

In message <[EMAIL PROTECTED]>, Aram Perez writes: >Hi Folks, > >I hate to bother you with what I consider a dumb question, but I'm >trying to give a person the benefit of my doubts. There's a person on a >legal forum that I participate in that claims that 3DES has been >broken/cracked. However,

Re: how to tell if decryption was successfull?

xt? >rot-13? There are a lot of ways to tell, but you generally have to have some idea what you're looking for. For two examples of how to do it, see http://www1.cs.columbia.edu/~smb/papers/probtxt.ps (or .pdf) and http://www1.cs.columbia.edu/~smb/papers/recog.ps (or .pdf)

Re: Is 3DES Broken?

In message <[EMAIL PROTECTED]>, bear writes: > > >On Mon, 31 Jan 2005, Steven M. Bellovin wrote: > > >>>[Moderator's note: The quick answer is no. The person who claims >>> otherwise is seriously misinformed. I'm sure others will chime >>>

Re: Dell to Add Security Chip to PCs

s right -- getting it easy to use *and* secure -- is the real challenge. Nor are competing products immune; the drive to make KDE and Gnome (and for that matter MacOS X) as easy to use (well, easier to use) than Windows is likely to lead to the same downward security sprial. I'm ranting, a

link-layer encryptors for Ethernet?

Are there any commercial link-layer encryptors for Ethernet available? I know that Xerox used to make them, way back when, but are there any current ones, able to deal with current speeds (and connectors)? --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb

Re: link-layer encryptors for Ethernet?

In message <[EMAIL PROTECTED]>, Russell Nelson writes: >Steven M. Bellovin writes: > > Are there any commercial link-layer encryptors for Ethernet available? > > I know that Xerox used to make them, way back when, but are there any > > current ones, able to de

Re: link-layer encryptors for Ethernet?

Layer 2? It seems to be an IPsec box. At the least, their Administrator's Guide talks about using IP Protocol 50. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailin

Re: link-layer encryptors for Ethernet?

g them, because of how frequently a transoceanic fiber would be cut and the circuits rerouted to satellite. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsu

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

xpecting and reading ASCII characters. But think of, say, the Japanese user who would like to see that the certificate really was issued to , and instead sees the IDN encoding? That's less than helpful -- he or she would have no way whatsoever of verifying t

Re: link-layer encryptors for Ethernet?

ot; or "KO" is government, and not what I'm looking for. The KG-235, which your second URL took me to, is for TS/SCI traffic -- *way* above what I need... --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb -

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

In message <[EMAIL PROTECTED]>, Amir Herzberg writes: >Steve, my point was not the trivial fact that TrustBar would not display >the homograph; suppose it did... even then, the user is _asked_ about >the certificate, since it was signed by an unusual CA that the user did >not specify as `to be t

SHA-1 cracked

built massively parallel hash function collision finders, but it's an impressive achievement nevertheless -- especially since it comes just a week after NIST stated that there were no successful attacks on SHA-1. --Prof. Steven M. Bellovin, http://www.

Re: SHA-1 cracked

In message <[EMAIL PROTECTED]>, Alexandre Dulaunoy writes: >On Tue, 15 Feb 2005, Steven M. Bellovin wrote: > >> According to Bruce Schneier's blog >> (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a >> team has found collisions in full SH

Re: [IP] SHA-1 cracked?

ate count. Beyond that, SHA1 has a 160-bit data path; DES uses a 32-bit path. I won't try to estimate the relative complexities of the mixing functions at each round. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb -

Re: [IP] One cryptographer's perspective on the SHA-1 result

repair the MD*/SHA* family is to risk the cry of "epicycles". --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: FUD about CGD and GBDE

In message <[EMAIL PROTECTED]>, Thor Lancelot Simon writes: >On Thu, Mar 03, 2005 at 05:31:34PM +0100, Poul-Henning Kamp wrote: >> In message <[EMAIL PROTECTED]>, "ALeine" writes: >> >> >Not necessarily, if one were to implement the ideas I proposed >> >I believe the performance could be kept at t

comments wanted on gbde

my own opinions, which I know some of you have seen, but on this list I'll remain silent for now to see if any consensus develops. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptog

NSA warned Bush it needed to monitor networks

http://www.nytimes.com/aponline/national/AP-Spy-Agency-Documents.html WASHINGTON (AP) -- The National Security Agency warned President Bush in 2001 that monitoring U.S. adversaries would require a ``permanent presence'' on networks that also carry Americans' messages that are protected from govern

Re: Security is the bits you disable before you ship

In message <[EMAIL PROTECTED]>, Peter Gutmann writes : >>From a news.com story about features of gcc 4.0, available at >http://news.com.com/Key+open-source+programming+tool+due+for+overhaul/2100-734 >4_3-5615886.html > > Key open-source programming tool due for overhaul > Published: March 14, 200

how to phase in new hash algorithms?

ld we as a community be doing now? There's no emergency on SHA1, but we do need to start, and soon. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscrib

Re: NSA warned Bush it needed to monitor networks

A few days ago, I posted this: > >WASHINGTON (AP) -- The National Security Agency warned President >Bush in 2001 that monitoring U.S. adversaries would require a >``permanent presence'' on networks that also carry Americans' >messages that are protected from government eavesdropping. > >... > > >``

Re: Encryption plugins for gaim

yption, many implementations support PGP encryption between correspondents. I don't know of any support for e2e-encrypted chat rooms. I haven't played with OTR, nor am I convinced of the threat model. That said, what you really need to watch out for is the transcript files on your own

Re: Schneier: SHA-1 has been broken - Time for a second thought about SDLH ?

n based on discrete log will be slow enough that no one will use it. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Lauren Kohnfelder's undergraduate thesis on certificates

I found this on Simson Garfinkel's blog (http://www.simson.net/blog/): March 13, 2005 kohnfelder78 I have put Lauren Kohnfelder's 1978 undergraduate thesis into a single PDF file, OCR'ed it, and put it online (with his permission). If you are interested in

Moore says his law won't last

http://www.vnunet.com/news/1162433 "Something like this cannot continue forever," he said. "The dimensions are small enough now that we're approaching the size of atoms and that's a fundamental block. I think the law has another 10-20 years before fundamental limits

Three NIST Special Pubs for Review (Forwarded)

]>[EMAIL PROTECTED], with "Comments on SP 800-57, Part 2" in the subject line. Elaine Barker 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Phone: 301-975-2911 --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb --

Re: What happened with the session fixation bug?

ing -- that's what's behind "pharming" attacks. In other words, it's a real threat, too. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: "SSL stops credit card sniffing" is a correlation/causality myth

In message <[EMAIL PROTECTED]>, Ian G writes: >On Tuesday 31 May 2005 02:17, Steven M. Bellovin wrote: >> In message <[EMAIL PROTECTED]>, "James A. Donald" writes: >> >-- >> >PKI was designed to defeat man in the middle attacks >> >bas

Re: Citibank discloses private information to improve security

ress.20050526.03.htm --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

analysis of the Witty worm

of information that the authors could gather about network configurations at different sites: as we all know, traffic analysis is a powerful technique. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - Th

Re: encrypted tapes (was Re: Papers about "Algorithm hiding" ?)

ipment of tapes to a credit bureau.) 2 involved hacking, one was an inside job, one was a stolen laptop, and 2 were fraudulent use of logins and passwords. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb -

Re: AmEx unprotected login site

w few pages people would visit on the site, though, he estimated that it would increase his costs by a factor of about 15. (I didn't verify the numbers; I know from experience that he's competent and has his hear in the right place re security). --Steven M. Bellovin, h

Re: AmEx unprotected login site

In message <[EMAIL PROTECTED]>, "Perry E. Metzger" writes: > >"Steven M. Bellovin" <[EMAIL PROTECTED]> writes: >>>They're still doing the wrong thing. Unless the page was transmitted >>>to you securely, you have no way to trust th

Re: analysis of the Witty worm

in Google's >cache is the intro page, with an abstract. The paper (pdf and ps) and a slide > >show are inaccessible, and are not in Google's cache. > >Anyone saved a copy? It's on Vern's web page: http://www.icir.org/vern/papers/witty-draft.pdf or

AES cache timing attack

h now says he's warning people even against doing their own implementations. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: de-identification

l sorts of other channels -- application data, timing data (the remote fingerprinting paper mentioned this one), etc. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsub

massive data theft at MasterCard processor

rise there --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [Forwarded] RealID: How to become an unperson.

umber of questions that need to be answered about any such system before it's even possible to discuss it intelligently. > And >whenever I enter the US, I have to give the fingerprints of my index >fingers and they take a picture of me. That's worse than an ID card. Agreed.

new NSA chief named

http://www.baltimoresun.com/news/nationworld/bal-te.nsa07jul07,1,6042171.story?coll=bal-home-headlines&cset=true&ctrack=1&cset=true --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The

the limits of crypto and authentication

for you to log int o E-Gold, checks your balance, and drains your account except for .004 grams of gold. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe

Re: Why Blockbuster looks at your ID.

ental fees if I don't present the card separately. Hmm -- the account is old enough that the expiration date on my credit card has long since expired. They've never asked me for an update. Maybe they're using a reputation system?) --Steven M. Bellovin, ht

Re: the limits of crypto and authentication

on is really being authenticated? (I alluded to this in a 1997 panel session talk; see http://www.cs.columbia.edu/~smb/talks/ncsc-97/index.htm ) --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptog

Re: mother's maiden names...

sibly, it simply didn't fit their real purpose of attracting more customers.) --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

draft paper: "Deploying a New Hash Algorithm"

Eric Rescorla and I have written a paper "Deploying a New Hash Algorithm". A draft is available at http://www.cs.columbia.edu/~smb/papers/new-hash.ps and http://www.cs.columbia.edu/~smb/papers/new-hash.pdf . Here's the abstract: As a result of recent discoveries, the strength of hash

Re: draft paper: "Deploying a New Hash Algorithm"

the next version of the paper. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: draft paper: "Deploying a New Hash Algorithm"

l enough. (Besides, how do you know if you'll actually notice it?) \endns --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

cracking passwords and challenge/response

as a cryptographic key with known plaintext (i.e., in challenge/ response protocols). --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "u

Re: solving the wrong problem

nbelievably cumbersome". I don't disagree with Perry's basic statement -- that a lot of people try to solve the wrong problem. Here, though, we have a tool. It remainds to be determined if it's a hammer, screwdriver, or wrench, and hence what problems to a

Re: faster SHA-1 attacks?

use of the new path, there is reason to think the attack will get even better. Shamir noted that 2^63 is within reach of a distributed Internet effort to actually find one. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb ---

Re: How many wrongs do you need to make a right?

> One can easily conceive of schemes that don't have such problems, such as simply publishing the hash of revoked certificates, or using a Bloom filter based on the hashes. Of course, that doesn't mean that was how it was done...

Re: How many wrongs do you need to make a right?

In message <[EMAIL PROTECTED]>, Florian Weimer writes: >* Steven M. Bellovin: > >> In message <[EMAIL PROTECTED]>, Florian Weimer writes: >> >>> >>>Can't you strip the certificates which have expired from the CRL? (I >>>know that with

Re: online MD5 crack database

ves to 64 characters, mirroring the password styles of the day, unsalted. That's 64^8. It still comes to 1.5 million reels of tape, however, so I still don't believe it. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Another entry in the internet security hall of shame....

easy to read, given their length and the complexity of the protocol.) Do I support e2e crypto? Of course I do! But the cost -- not the computational cost; the management cost -- is quite high; you need to get authentic public keys for all of your corresponden

Re: Another entry in the internet security hall of shame....

In message <[EMAIL PROTECTED]>, Chris Kuethe writes: >On 8/26/05, Steven M. Bellovin <[EMAIL PROTECTED]> wrote: >> ... >> If you don't trust your (or your correspondents') IM servers, it may be >> a different situation. I haven't read Google

Re: e2e all the way (Re: Another entry in the internet security hall of shame....)

In message <[EMAIL PROTECTED]>, Adam Back writes: >On Fri, Aug 26, 2005 at 11:41:42AM -0400, Steven M. Bellovin wrote: >> In message <[EMAIL PROTECTED]>, Adam Back writes: >> >Thats broken, just like the "WAP GAP" ... for security you want >> >

Re: MD5 Collision, Visualised

In message <[EMAIL PROTECTED]>, Ben Laurie writes: >I wrote some code to show the internal state of MD5 during a collision... > >http://www.shmoo.com/md5-collision.html > Very nice, though you need to give a scale of rounds -- how many horizontal lines per round?

Re: ECC patents?

if *all necessary patent rights* are owned (or licensed) by Sun. For obvious reasons, it's remarkably hard to get someone to say that they don't have a claim on some product. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb ---

Re: Clearing sensitive in-memory data in perl

Under some circumstances, you could do a call-out to a C module just for the crypto, but it's by no means obvious that that's a major improvement. Again -- what is your threat model? --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

MIT talk: Special-Purpose Hardware for Integer Factoring

, James Hughes and Paul Leyland. --- End of Forwarded Message --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography"

  1   2   3   4   >