NESSIE-STORK joint workshop Feb 26-27, Lund, Sweden
Apologies if you receive this more than once * NESSIE-STORK CRYPTOGRAPHY WORKSHOP: Cryptographic Research in Europe February 26 (afternoon) and 27 (morning), 2003 (right after FSE 2003) AF Borgen, Sandgatan 2, SE-223 50 Lund, Sweden. The NESSIE and STORK projects jointly organize their 4th and 2nd workshop, respectively. It will take place on the same premises as FSE 2003. The early registration deadline is 19 February 2003. WORKSHOP PROGRAM Wednesday, February 26 13:30-14:00 Registration. 14:00-14:25 An overview of the NESSIE project (Bart Preneel, K.U.Leuven) 14:30-15:00 Tools for measuring performance and assessing the security of cryptographic algorithms (Eli Biham, Technion and Markus Dichtl, Siemens AG) 15:00-15:50 Evaluation results for asymmetric primitives (Louis Granboulan, ENS, Francesco Sica, UCL and Alex Dent, Royal Holloway) 15:50-16:15 Coffee Break. 16:15-17:10 Evaluation results for symmetric primitives (Markus Dichtl, Siemens AG, Lars Knudsen, T.U.Denmark and Bart Van Rompay, K.U.Leuven) 17:10-17:50 The Cryptrec project (Toshinobu Kaneko, Science Univ. of Tokio) 19:30 Workshop Banquet Thursday, February 27 9:00-9:30 An introduction to the STORK project and a status update on Framework 6 (Bart Preneel, K.U.Leuven) 9:30-10:15 Recent progress in cryptanalysis using algebraic equations (Jean-Charles Faugère, LIP6) 10:15-10:40 Coffee Break 10:40-11:30 Open problems in cryptology. An overview of the list of open problems in the STORK Roadmap, followed by an open discussion. 11:30-12:00 Activities in a future Network of Excellence on Cryptography. An open discussion on activities that could be supported and how this could be organized. 12:00 Adjourn REGISTRATION * Early registration: 60 euro. Form and payment must be received no later than 19 February * Normal registration: 80 euro. Form and payment received after 19 February In addition to the scientific program, payment of the registration fee entitles to a 3-course group dinner on Wednesday 26 February and to coffee breaks and refreshments during the workshop. All information on the workshop (including how to register) can be found on the workshop webpage at https://www.cosic.esat.kuleuven.ac.be/nessie/workshop4/index.htm or via the NESSIE (www.cryptonessie.org) or STORK (www.stork.eu.org) webpages. Send an email to [EMAIL PROTECTED] if you have further questions. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Columbia crypto box
Pete Chown[SMTP:[EMAIL PROTECTED]] Arnold G. Reinhold wrote: Indeed, but it is important to remember just how thickheaded the anti-crypto effort of the '80s and '90s was and how much damage it did. As a footnote to those times, 2 ** 40 is 1,099,511,627,776. My PC can do 3,400,000 DES encryptions per second (according to openssl). I believe DES key setup is around the same cost as one encryption, so we should halve this if a different key is being used each time. Brute force of a 40-bit DES key will therefore take about a week. In other words 40-bit DES encryption is virtually useless, as brute force would be available to anyone with a modern PC. -- Pete You can actually do much better that that for key set up. To toot my own horn, one of the critical events in getting software DES crackers running at high speed was my realization that single-bit-set key schedules can be OR'd together to produce any key's schedule. Combining this with the use of Grey Codes to choose the order in which keys were tested (Perry's idea) led to key scheduling taking about 5% of the time budget. Peter - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Stupid security measures, a contest
On Wed, Feb 12, 2003 at 06:10:56PM -0500, Matt Blaze wrote:
If I were looking for a winner for this, I'd be especially interested
in measures that end up reducing security rather than improving it.
One of the worst security measures I've ever personally seen:
Some years ago I was invited as an expert (for security) into a german
ministry/government department. I received a paper document which was
classified as confidential. I was asked to take it with me, read it,
comment it, and then put it in a paper shredder.
As usual, every page of the document was marked as confidential
by having a large, bright grey writing from the bottom left to the
top right corner as a background of the text. (like the latex
draftcopy style)
At this time I was working at the University, and the University was
short of money, so we had only a very cheap paper shredder which was
cutting the paper only in stripes of about 3-4 mm width instead of
little particles as expensive shredders do. Usually it is still too
difficult to sort the stripes.
It turned out that it was just the diagonal confidential label which
made it absolutely easy to sort the stripes and to reassemble the
pages within seconds.
Another example:
There's a german bank which provides Internet Banking through a ssl
secured web page, which is after all not a bad idea. When you're on
the web page, it opens a new browser window through java script, which
then gives you access to the banking and asks for account number and
pin.
The web designers decided to open a window without the usual
browser decoration, i.e. without showing the URL the page came
from:
function openwin(){
var WinName='Internetbanking';
if(is.ie){
var
param='toolbar=no,menubar=no,scrollbars=yes,resizable=yes,status=yes,width=800,height=600';
var url='/OnlineBanking/fs_ie.html';
}
if(is.ns){
var
param='toolbar=no,menubar=no,scrollbars=yes,resizable=no,status=yes,width=800,height=600';
var url='/OnlineBanking/fs_ns.html';
}
msg=open(url,WinName,param);
}
So when you're on this page, you're on an encrypted page and the
browser shows the padlock symbol promising security, but you can't
see whom you are talking with. So you could redirect the browser to
any other webserver with a valid SSL certificate and provide webpages
with a similar appearence, and ...[you know what].
I've contacted that bank and tried to explain the problem.
They completely denied it and claimed that they have high
level experts, much more experienced than I am, and that they
all said that they use SSL with 128 Bit encryption, which is
absolutely unbreakable. :-)
(If you wanna see it, try https://banking.diba.de . You could
argue that it is not trivial to intercept and modify this already
ssl-encrypted page to perform some redirection. I've given this
URL only for those who don't speak german and can't navigate through
the menues. Usually people start at http://www.diba.de, and with some
simple DNS spoofing or attack on a proxy it could simply redirect
telebanking to anywhere.)
regards
Hadmut
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
