I've moved this to the top because I feel it is the most important statement
that can be made
Hadmut said :
Security doesn't
necessarily mean cryptography.
- Original Message -
From: Hadmut Danisch [EMAIL PROTECTED]
Subject: Re: The future of security
On Mon, Apr 26, 2004 at
- Original Message -
From: Bill Stewart [EMAIL PROTECTED]
Sent: Sunday, May 09, 2004 12:44 PM
Subject: Re: Can Skype be wiretapped by the authorities?
[...]
BUT, unfortunately, the implementation is closed source, so there
are no guarantees that the software is not GAKked.
Also no
On Wed, Apr 28, 2004 at 07:54:50PM +, Jason Holt wrote:
Last I heard, Brands started a company called Credentica, which
seems to only have a placeholder page (although it does have an
info@ address).
I also heard that his credential system was never implemented,
It was implemented at
Oh yes, my other comment I forgot to mention was that if non-patent
status were a consideration, aside from Wagner's approach, another
approach for which the patent will presently expire is Chaum's
original approach combined with Niels Ferguson's single term offline
coins. (Don't have citation
[copied to cpunks as cryptography seems to have a multi-week lag these
days].
OK, now having read:
http://isrl.cs.byu.edu/HiddenCredentials.html
http://isrl.cs.byu.edu/pubs/wpes03.pdf
and seeing that it is a completely different proposal essentially
being an application of IBE, and extension
On Sun, 9 May 2004, Adam Back wrote:
Anyone have to hand the expiry date on Chaum's patent? (Think it is
in patent section of AC for example; perhaps HAC also).
I think it's June 2005. Actually, now that you mention Chaum, I'll have to
look into blind signatures with the BF IBE (issuing is
On Mon, May 10, 2004 at 02:42:04AM +, Jason Holt wrote:
However can't one achieve the same thing with encryption: eg an SSL
connection and conventional authentication?
How would you use SSL to prove fulfillment without revealing how?
You could get the CA to issue you a patient or
On Mon, May 10, 2004 at 03:03:56AM +, Jason Holt wrote:
[...] Actually, now that you mention Chaum, I'll have to look into
blind signatures with the BF IBE (issuing is just a scalar*point
multiply on a curve).
I think you mean so that the CA/IBE server even though he learns
pseudonyms
opinions?
http://www.wisdom.weizmann.ac.il/~tromer/acoustic/
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
But if I understand that is only half of the picture. The recipient's
IBE CA will still be able to decrypt, tho the sender's IBE CA may not
as he does not have ability to compute pseudonym private keys for the
other IBE CA.
If you make it PFS, then that changes to the recipient's IBE CA can
get
I keep the foils of my courses `intro to applied crypto` and `intro to
secure communication and commerce` online at
http://www.cs.biu.ac.il/~herzbea/book.html. Total of about 15 topics, each
covered by pretty extensive set of foils (planned for between one and four
2-hour sessions for each
http://www.computerworld.com.au/pp.php?id=1406778897fp=16fpid=0
Wednesday, 12th May 2004
Computerworld - The Voice of IT Management
RSA founders give perspective on cryptography
M.E. Kabay, Network World
11/05/2004 08:43:53
The famous cryptographers Leonard Adleman, Ronald Rivest, and Adi
*
DIMACS Workshop on Security Analysis of Protocols
June 7 - 9, 2004
DIMACS Center, CoRE Building, Rutgers University, Piscataway, NJ
Organizers:
John Mitchell, Stanford, [EMAIL PROTECTED]
Ran Canetti, IBM Watson, [EMAIL
[Adam and I are taking this discussion off-list to spare your inboxes, but
this message seemed particularly relevant. Perhaps we'll come back later if
we come up with anything we think will be of general interest.]
-J
On Tue, 11 May 2004, Adam Back
At 8:21 PM +0100 4/26/04, Graeme Burnett wrote:
Hello folks,
I am doing a presentation on the future of security,
which of course includes a component on cryptography.
That will be given at this conference on payments
systems and security: http://www.enhyper.com/paysec/
Would anyone there have any
http://news.bbc.co.uk/2/low/uk_news/england/staffordshire/3703191.stm
The BBC
Tuesday, 11 May, 2004, 09:50 GMT 10:50 UK
New puzzle for war code breakers
Experts from Bletchley Park are trying to crack a 250-year-old code
rumoured to point the way to the Holy Grail.
Specialists from the
Nevermind my previous message. The NetBSD kernel's des_set_key is hosed.
The key schedule is not correctly written to, and subkeys are left
uninitialized. It appears that someone changed the key schedule
organization and didn't change the code that rights to it.
(They added the weak_key field
Have you ever wondered what CA a spy agency would trust? In the case
of the Mossad, it's Thawte.
Go to http://www.mossad.gov.il/Mohr/MohrTopNav/MohrEnglish/MohrAboutUs/
and click Contact Us or Application Form. You'll get an
SSL-protected connection, with a 1024-bit RSA key (with MD5) in a
--- begin forwarded text
Date: Wed, 19 May 2004 21:26:31 -0600
From: [EMAIL PROTECTED]
Subject: Yahoo releases internet standard draft for using DNS as public key
server
To: [EMAIL PROTECTED]
List-Post: mailto:[EMAIL PROTECTED]
List-Subscribe: http://ls.fstc.org/subscribe,
mailto:[EMAIL
Original Message
http://www.financialcryptography.com/mt/archives/000141.html
In a rare arisal of a useful use of cryptography in real life, the
mutual funds industry is looking to digital timestamping to
http://www.nwfusion.com/news/2004/0517euseeks.html
Network World Fusion
EU seeks quantum cryptography response to Echelon
By Philip Willan
IDG News Service, 05/17/04
The European Union is to invest ¤11 million ($13 million) over the next
four years to develop a secure communication system
*
DIMACS Workshop on Usable Privacy and Security Software
July 7 - 8, 2004
DIMACS Center, Rutgers University, Piscataway, NJ
Organizers:
Lorrie Cranor, Chair, ATT, [EMAIL PROTECTED]
Mark Ackerman, University
http://www.nytimes.com/2004/05/10/technology/10crypto.html?pagewanted=printposition=
The New York Times
May 10, 2004
Illuminating Blacked-Out Words
By JOHN MARKOFF
European researchers at a security conference in Switzerland last week
demonstrated computer-based techniques that can identify
This was posted on the ASRG list - the IRTF Anti Spam Research Group list,
which at first reading indicates that the future for Hashcash/Camram may be
limited.
Eric Johansson the camram developer has some different numbers which he
has just run that I will dig out and forward.
f
---
http://www.linuxelectrons.com/article.php/20040519090517729
LinuxElectrons -
VIA Reveals Details of Next Generation C5J Esther Processor Core With
Advanced Features For Securing E-Commerce Transactions
Wednesday, May 19 2004 @ 09:05 AM
Contributed by: ByteEnable
San Jose, CA -- VIA
Tom Shaddack wrote:
On Tue, 18 May 2004, Tyler Durden wrote:
Monyk believes there will be a global market of several
million users once
a workable solution has been developed. A political
decision will have to
be taken as to who those users will be in order to prevent
terrorists
As part of the Harvard University Science Center Lecture Series,
Michael O. Rabin, the T.J. Watson Sr. Professor of Computer Science at
Harvard University, lectures on hyper-encryption and provably
everlasting secrets.
In this lecture, Professor Rabin confronts the failure of present-day
Hi,
Pardon the diversion.
As most here know, I'm hard at work on the book BRUTE FORCE, which is
the story behind the 1997 DESCHALL effort that was the first to crack
a DES key by brute force in public. (Presently it is on-course for an
October release by Copernicus Books; we're aiming for
From: Stuart Schechter [EMAIL PROTECTED]
Subject: [fc-announce] CFP: FC'05 - Financial Cryptography and Data Security
To: [EMAIL PROTECTED]
Date: Tue, 18 May 2004 16:59:41 -0400
Organization: Harvard University
FC'05
Financial Cryptography and Data
An updated version of the Mixmaster Protocol Specification has been
published:
http://www.ietf.org/internet-drafts/draft-sassaman-mixmaster-01.txt
I'd like this to be the last revision, so if you have any comments on it
(or if you've raised issues in the past that you don't see addressed),
On Mon, 10 May 2004, Adam Back wrote:
OK that sounds like it should work. Another approach that occurs is
you could just take the plaintext, and encrypt it for the other
attributes (which you don't have)? It's usually not too challenging
to make stuff deterministic and retain security. Eg.
*
DIMACS Workshop on Electronic Voting -- Theory and Practice
May 26 - 27, 2004
DIMACS Center, Rutgers University, Piscataway, NJ
Organizers:
Markus Jakobsson, RSA Laboratories, [EMAIL PROTECTED]
Ari Juels,
Original Message
Subject: Financial Cryptography Update: US intelligence exposed as student decodes
Iraq memo
http://www.financialcryptography.com/mt/archives/000137.html
13 May 2004 DECLAN BUTLER
I've been working on integrating TCFS into NetBSD's kernel.
Currently I have a stand-alone package that builds an LKM that works.
The NetBSD people asked me to use the extant crypto code in the kernel,
and both TCFS's and NetBSD's came from SSLeay. I had to make only one
minor change to it
http://www.cse.ucsd.edu/users/tkohno/papers/WinZip/
Abstract: WinZip is a popular compression utility for Microsoft Windows
computers, the latest version of which is advertised as having
easy-to-use AES encryption to protect your sensitive data. We exhibit
several attacks against WinZip's new
From: Amir Herzberg [EMAIL PROTECTED]
So, if anyone has a reliable ftp server where I could post the lectures
(and update them via ftp), please let me know.
You might also want to look into installing a tracker and sharing them with
BitTorrent http://bitconjurer.org/BitTorrent/ - it should
http://www.computerworld.com/securitytopics/security/story/0,10801,93220,00.html?from=homeheads
I'm not sure what more to say, given my opinion of the general utility
of quantum crypto
--Steve Bellovin, http://www.research.att.com/~smb
Here's a forward of parts of an email I sent to Richard with comments on
his and Ben's paper (sent me a pre-print off-list a couple of weeks ago):
One obvious comment is that the calculations do not take account of
the CAMRAM approach of charging for introductions only. You mention
this in the
In message [EMAIL PROTECTED], Ian Grigg writes:
Security architects
will continue to do most of their work with
little or no crypto.
And rightly so, since most security problems have nothing to do with
the absence of crypto.
j. a cryptographic solution for spam and
viruses won't be found.
Original Message
Subject: Financial Cryptography Update: SSL secure browsing - attack tree Mindmap
http://www.financialcryptography.com/mt/archives/000136.html
Here is a /work in progress/ Mindmap on the
There's one born every minute, boys and girls.
We should take bets on when the first digital robbery occurs spoofing the
output of one of these things.
Cheers,
RAH
http://www.forbes.com/2004/05/21/cx_ah_0521tentech_print.html
Forbes
Ten O'Clock Tech
The Fingerprint As Password
Arik
Boondoggle. A solution in search of a problem:
Monyk believes there will be a global market of several million users once
a workable solution has been developed. A political decision will have to
be taken as to who those users will be in order to prevent terrorists and
criminals from taking
http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=109STORY=/www/story/05-11-2004/0002171630EDATE=
Pitney Bowes Technology on Display at National Cryptologic Museum
STAMFORD, Conn., and FT. GEORGE G. MEADE, Md., May 11 /PRNewswire-
FirstCall/ -- Pitney Bowes (NYSE: PBI), the world's leading
/. reports:
An article on Security.ITWorld.com[1] seems to outline a coming
information arms race. The European Union has decided to respond to the
Echelon project [2] by funding research into supposedly unbreakable
quantum cryptography that will keep EU data out of Echelon's maw.
Leaving
and the data that Eric S. Johansson got:
-=-=- forwarded text -=-=-
this is frustrating. I have run through the exact same calculations and
come up with a very different answer. The answers I came up with the
show that at worst case, spammers with zombies would almost have enough
horsepower to
--- begin forwarded text
From: Siamak Fayyaz Shahandashti [EMAIL PROTECTED]
To: Robert Hettinga [EMAIL PROTECTED]
Reply-To: Siamak Fayyaz Shahandashti [EMAIL PROTECTED]
Date: Sun, 23 May 2004 00:30:23 -0700
Subject: Monthly Talk of Iranian Society of Cryptology
Title: Transitive Signature
Recently someone proposed a system which combined ecash and hashcash
for email postage. Here is some analysis.
There are already proposals and even some working code for hashcash email
postage. See http://www.camram.org/. This is intended as an anti-spam
measure. The idea is that to send
Does anyone know of an SSL acceleration card that actually works under
Linux/*BSD? I've been looking at vendor web pages (AEP, Rainbow, etc), and
while they all claim to support Linux, Googling around all I find are people
saying Where can I get drivers? The ones vendor shipped only work on
http://www.nytimes.com/2004/05/23/politics/campaign/23vote.html?th=pagewanted=printposition=
The New York Times
May 23, 2004
Demand Grows to Require Paper Trails for Electronic Votes
By KATHARINE Q. SEELYE
ASHINGTON, May 22 - A coalition of computer scientists, voter groups and
state
http://www.asahi.com/english/nation/TKY200405130208.html
The Asahi Shimbun
Researchers unlock the key to `unbreakable' coded messages
TSUKUBA, Ibaraki Prefecture-The Holy Grail of data transmission-practical
communication of encrypted messages impervious to eavesdroppers-may finally
be
FYI Richard amended the figures in the paper which makes things 10x
more favorable for hashcash in terms of being an ecomonic defense
against spammers.
Richard wrote on asrg:
| we're grateful (albeit a little embarrassed) for the consideration
| given to one of our figures by Ted Wobber (MS
We've had great luck with the nFast and nForce lines of ssl
accelerators from nCipher under Red Hat:
http://www.ncipher.com
Depending on which model you choose, you can get anywhere from
150 to 1600 key ops/sec.
HTH,
G
--
Grant Goodale
[EMAIL PROTECTED] wrote:
Would anyone there have any good predictions on how
cryptography is going to unfold in the next few years
or so? I have my own ideas, but I would love
to see what others see in the crystal ball.
I'd like to think we would see a new flowering of
I'm looking for something like Mcrypt, but without any meta-information
stored in the encrypted versions of the files. That is, I want just
the encrypted data, with no identifying features. I could dive into
Mcrypt and strip out certain fields, but is there a tool or library
which already works
54 matches
Mail list logo