Re: Warning! New cryptographic modes!
I believe that mode has been renamed EME2 because people were having a fit over the *. On May 14, 2009, at 12:37 AM, Jon Callas wrote: I'd use a tweakable mode like EME-star (also EME*) that is designed for something like this. It would also work with 512-byte blocks. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
End-of-chapter questions for Practical Cryptography?
Greetings again. I'm helping someone new to the field learn cryptography. He's a book-learner, and is starting with Ferguson Schneier Practical Cryptography. I would love to give him some things to think about after each chapter to make sure he's thinking about the big picture. Has anyone on this list used the book to teach a class? If so, did you create a list of discussion questions? Or, do people know profs who have used the book to teach? Any pointers are appreciated. --Paul Hoffman - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
security fail (from failblog)
See http://failblog.org/2009/05/22/security-fail-5. -Michael Heyman - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: End-of-chapter questions for Practical Cryptography?
Paul Hoffman paul.hoff...@vpnc.org writes: Greetings again. I'm helping someone new to the field learn cryptography. He's a book-learner, and is starting with Ferguson Schneier Practical Cryptography. I would love to give him some things to think about after each chapter to make sure he's thinking about the big picture. Has anyone on this list used the book to teach a class? If so, did you create a list of discussion questions? Or, do people know profs who have used the book to teach? Any pointers are appreciated. Not quite an answer to your question, but it brought this to mind for me. I taught crypto for a while in an academic setting, though the last time was about seven or eight years ago. I found that the available texts were kind of frustrating to use. I used Applied Cryptography and the Handbook because neither alone was good enough, but truth be told, even together there were topics I wanted to go over (like modern cryptanalysis) which were entirely or almost entirely missing. Practical Cryptography is a bit too practical if one is trying to teach people academic fundamentals rather than just teach people about what they need to know to be a user of the technology. I may be mistaken but I'm not aware of any significantly superior alternatives. The field really needs a new, thorough textbook suitable for a one year course, or maybe an up to date one semester intro text and an up to date one semester textbook on modern cryptanalysis. Perry -- Perry E. Metzgerpe...@piermont.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Distinguisher and Related-Key Attack on the Full AES-256
Alex Biryukov, Dmitry Khovratovich, and Ivica Nikolic gave a talk at the Eurocrypt rump session, 'Distinguisher and Related-Key Attack on the Full AES-256', with the full paper accepted to Crypto. Slides from Eurocrypt are here: http://eurocrypt2009rump.cr.yp.to/410b0c56029d2fa1d686823e3a059af8.pdf The q-multicollisions attack they describe may be a practical way of breaking a hash function based on AES. So this could have some interesting ramifications to SHA-3 candidates which use the AES round function; I'm not sufficiently familiar with those designs yet for it to be clear one way or another if they would in fact be vulnerable. (via zooko's blog) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: End-of-chapter questions for Practical Cryptography?
On Fri, 22 May 2009, Perry E. Metzger wrote: The field really needs a new, thorough textbook suitable for a one year course, or maybe an up to date one semester intro text and an up to date one semester textbook on modern cryptanalysis. Let me humbly suggest my own book: Introduction to Modern Cryptography, co-authored with Y. Lindell. You may find it a bit theoretical for your taste, but it was written exactly to address the need for an introductory text covering modern cryptography. (And it covers some basic cryptanalysis as well.) See http://www.cs.umd.edu/~jkatz/imc.html for further details. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Warning! New cryptographic modes!
For what it is worth, in the Tahoe-LAFS project [1] we simply use CTR mode and a unique key for each file. Details: [2] Tahoe-LAFS itself doesn't do any deltas, compression, etc., but there are two projects layered atop Tahoe to add such features -- a plugin for duplicity [3] and a new project named GridBackup [4]. Those upper layers can treat the Tahoe-LAFS as a secure store of whole files and therefore don't have to think about details like cipher modes of operation, nor do they even have to think very hard about key management, thanks to Tahoe-LAFS's convenient capability- based access control scheme. Regards, Zooko [1] http://allmydata.org [2] http://allmydata.org/trac/tahoe/browser/docs/architecture.txt [3] http://duplicity.nongnu.org [4] http://podcast.utos.org/index.php?id=52 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com