to crack, the encrypter wins.
No, I don't have any clue how an algorithm like that might work.
-Bram
On Fri, 5 Feb 1999, bram wrote:
I have a theory that no matter what computing machine is available, as
long as the same machine is available to both the encrypter and the
cracker, the cracker wins (barring non-turing complete machinery, of
course.)
Jim Gillogly pointed out that I misspoke
in the now
defunct .su ? Do you have to be grandfathered in? Is there a chance that
just unilaterally grabbing one might work?
-Bram
(Thinking he should get a domain in .to - that WIPO DNS paper looked kinda
scary)
-Bram
(altavista is your friend)
c sense, rather than a physics sense.
-Bram
with are
based on using secure hashes.
-Bram
/yarrow.html
so if you need the high quality randomness, you need hardware randomizers.
Those are helpful as well, but should still never be used in the raw -
their entropy output should be estimated conservatively and fed into a
reseedable PRNG.
-Bram
continuation attacks, but the
short answer is yes.
-Bram
harvesting by
having a more precise clock.)
-Bram
to control all attempted
reseedings.
-Bram
mixing.
I think the 160 bit safety involved in both SHA-1 and RIPEMD-160 will
continue to be excessive for many years to come, so there's no reason to
worry about it being 'too small'.
-Bram
with it's sources, not by
directly looking inside the state. Attacks of that form, even if they
aren't 'practical' now, could easily become practical in the future.
-Bram
developers will
rightfully recoil from getting into when all they want is a few random
bytes.
-Bram
offered by the prover, and using the bits of
the secure hash of that as the challenges by the provee.
-Bram
bills almost always have them with sequential
serial numbers. There have been many cases of a huge heist getting pulled
off successfully and then the robbers were unable to dispose of the cash
they got because it was too easy to trace.
-Bram
encryption which are strong against quantum
decryption techniques, although I'll bet you could get the right people to
speculate about it.
-Bram
more useful.
-Bram
servers) are just too small to say much about
individuals.
Besides, violating individual rights is the FBI's job.
-Bram
contrary to the interests of the IETF and the Internet as a whole. It
is a male. And he is regularly reporting IETF member activities for
secret investigation. Beware.
Or maybe it's just someone who reads published IETF literature. It's not
like the IETF keeps it's activities all that secret.
-Bram
Maybe I'm just dense, but what's with the emphasis on phone
conversations? Voice processing is flaky at best, and computationally
expensive regardless. Faxes, on the other hand, can be OCR'ed easily, and
email is in plaintext to begin with.
-Bram
yanked out from under it by allowing
alternate non-infringing implementations?
(Doesn't the RSA patent expire in October as well? That's a mighty funny
coincidence ... for anyone other than RSA, anyhow.)
-Bram
iled legal
meanings of what all the public key technical artifacts mean, but unless
those artifacts refer to specific meanings themselves, a court will make
them up later, and will probably make them up in a way which the original
authors (meaning you) aren't happy with.
-Bram
On Tue, 4 Jan 2000, Ray Hirschfeld wrote:
Date: Mon, 3 Jan 2000 18:43:52 -0800 (PST)
From: bram [EMAIL PROTECTED]
I'm a little confused. Are you saying that as of October it will be legal
to do any amount of reverse-engineering, publishing, and writing to APIs
you want without
xeroxed $100 bills, and
time how long it takes until the feds knock on your door).
Do you have a reference for that?
[There have been SO many articles on this recently, including a long
thread on RISKS: the summary being that it is absolutely
true. --Perry]
-Bram
' with regards to using the term RC4. If I publish something
clearly labelled 'Bram's crypto library' and list RC4 as one of the
ciphers supported, there's no implication of anything coming from RSA, it
comes from Bram. There's always the trademark dilution claim, although my
understanding
studying the output of Intel's RNG has only had accessed
to the post-processed output, plus I believe a file directly from Intel
which was claimed to be unprocessed output. Yeah ... right.
If Intel wants people to trust them, they should quit acting like they're
coving for bad engineering.
-Bram
titors to publically state 'We took apart a
Pentium III and it's RNG really works the way Intel says.'
-Bram
Does anybody know of a field in which a + b and a * b can be computed
quickly but (and this is important) it's computationally intractable to
compute the additive inverse of a?
I need it for a technique I'm working on.
-Bram
[Bram: All fields of n elements are isomorphic to all other fields
On Thu, 9 Mar 2000, bram wrote:
Does anybody know of a field in which a + b and a * b can be computed
quickly but (and this is important) it's computationally intractable to
compute the additive inverse of a?
[Bram: All fields of n elements are isomorphic to all other fields of
n elements
This isn't obviously crypto-related, but I'll explain if there's a simple
solution.
Given that f(x+1) = f(x) * f(x) + c, does anybody know how to express f(x)
in closed form?
-Bram Cohen
we have yet to discover.
-Bram Cohen
that, they look about the same - there wouldn't be any
noticeable difference in performance between the two algorithms.
Mostly I just find the mess which the expansion of f(x)^2 - 2 becomes
after a few iterations very comforting.
-Bram Cohen
thought I'd throw that out. Had to vent. Not being able to find one
is getting on my nerves.
-Bram Cohen
. Then, if
someone wants to demonstrate their login history they send you the dates
and their id and you can verify it, but analyzing the database as a whole
requires a lot of work.
Well, so that's not a particularly strong motivation, but hopefully it
clarifies.
-Bram Cohen
SSH ...
-Bram Cohen
. Senior commanders be-lieve
that the reliability of mobile phones outweighs the increased risk of
conversations being intercepted.
Wouldn't it be ironic if they resort to buying a bunch of stariums ...
-Bram Cohen
[That would require that Stariums actually appear on the market at
some point. --Perry]
nds hardly changes things much,
especially in light of Rijndael being very simple and hence relatively
easy to analyze.
-Bram Cohen
- if so, never mind.)
-Bram Cohen
is unencrypted, and that's not a big
deal, especially when you know about it and always send a 'checking to
make sure I got your address right' message to start things off.
-Bram Cohen
On Wed, 29 Nov 2000, Ian BROWN wrote:
Bram Cohen wrote:
What we really need is a system which just stops passive attacks. The best
idea I've come up with so far is for all outgoing messages to have a
public key attached, and if you have the public key of an email address
you're sending
On Sun, 3 Dec 2000, Ben Laurie wrote:
Bram Cohen wrote:
Come to think of it, there are some tricky issues with regards to crypto
on mailing lists, it might make sense to have a
X-crypto-originator [EMAIL PROTECTED] line in the headers to specify that the
crypto information contained
certificate included in the message.
To clarify - I think doing things based on PGP userIDs is unworkable, and
would like to do everything based on email addresses.
-Bram Cohen
ature" as well ...
I feel safer already :~)
To be fair, Yahoo handles so much mail that the CPU power necessary to
start SSL sessions for all of them gets pretty expensive. They'll probably
start doing end-to-end encryption when the prices of that drop lower,
Moore's law and all that.
-Bram Cohen
with it? --Perry]
We already have too many common denominators. I'm waiting for something to
stop looking like an experiment to actually start advocating use of a
particular crypto application.
-Bram Cohen
On Mon, 4 Dec 2000, Bram Cohen wrote:
[SHA-2 looks pretty good. What's your problem with it? --Perry]
It's slow. It's fast enough for most applications, but then again so is
3DES - either you care about speed or you don't, and if you do, SHA2 just
doesn't rank up there with Rijndael.
-Bram
On Tue, 5 Dec 2000, David Honig wrote:
Is there a reason not to use AES block cipher in a hashing mode
if you need a secure digest of some data?
Hashing modes of block ciphers require a re-key for every block, and hence
are really, really slow.
-Bram Cohen
which require
a lot.
-Bram Cohen
[Parallelism is NOT a trivial property. The maximum data rate you can
sustain depends a lot on whether or not an algorithm can be
implemented in parallel in hardware. Some algorithms, like various
keyed hashes, have bad properties in this regard. Claiming
it and release it into the public
domain.
2) to keep anyone from using it
If you're not doing 1, you're doing 2.
-Bram Cohen
of technical detail in the press
release specifically. Thanks for the pointer.
-Bram Cohen
that useful.
It really does, as advertized, offer MAC for almost no overhead, and
parallelization for free. It would be a shame for these modes to not get
used because of stupid patent bullshit.
-Bram Cohen
(who thinks doing the xors as a gray code instead of binary countup was a
nice touch.)
S military is switching over to biometrics, including fingerprints
and cornea scans. One of the reasons they decided to do the switch is that
newer technologies ensure that the item in front of the scanner is in fact
alive :)
-Bram Cohen
t in speed on a single CPU system.
There's an improved version of the IBM mode at
http://csrc.nist.gov/encryption/aes/modes/ in the 'OCB mode' paper.
Clearly, it's a good idea to wait for new developments to stop happening
to use the new modes.
-Bram Cohen
"Markets can remain irrational long
On Wed, 27 Dec 2000, Theodore Y. Ts'o wrote:
From: Bram Cohen [EMAIL PROTECTED]
The problem is that if someone performs MITM on you, you get a warning
saying 'I don't know who this is warning warning warning blah blah blah,
would you like to give up connecting or just hope
I've set up a home page for Envelope Mail, and included feedback which I
got from my last post (thanks everybody!) It's at -
http://gawth.com/bram/envelope_mail/
Any and all additional feedback and offers to help would be much
appreciated. In particular, it could use a logo :-)
-Bram Cohen
/bram/envelope_mail/
-Bram Cohen
"Markets can remain irrational longer than you can remain solvent"
-- John Maynard Keynes
.
-Bram Cohen
"Markets can remain irrational longer than you can remain solvent"
-- John Maynard Keynes
I've done a bunch more work on Envelope Mail, as always, the latest info
is at -
http://gawth.com/bram/envelope_mail/
New is actual code, complete with test code. Plans are next to write a
patch for BoboMail implementing the dummy version of the crypto API.
I could use immediate help
57 matches
Mail list logo
