--- begin forwarded text
To: R.A.Hettinga [EMAIL PROTECTED]
From: Peter Wayner [EMAIL PROTECTED]
Subject: bounty for errors in _Translucent Databases_
Date: Thu, 3 Mar 2005 16:05:44 -0500
To: All readers of Translucent Databases.
I'm starting work on the second edition of _Translucent
Steve Bellovin writes:
Note that finding a hash function collision by brute force is
inherently harder, because it requires some communication: two
widely-separated machines may have produced matching outputs, but
they need to know about the other one.
That's not necessarily true, although
I haven't read the original paper, and I have a great deal of
respect for Markus Jakobsson. However, techniques that establish
that the parties share a weak secret without leaking that secret
have been around for years -- Bellovin and Merritt's DH-EKE,
David Jablon's SPEKE. And they don't require
Benne,
One could e.g. construct the to-be-signed parts of the certificates,
and get the one certificate signed by a CA. Then a valid signature for
the other certificate is obtained, while the CA has not seen proof of
possession of the private key of this second certificate.
From the paper I
http://www.washingtonpost.com/ac2/wp-dyn/A6367-2005Mar4?language=printer
The Washington Post
washingtonpost.com
New Industry Helping Banks Fight Back
Sleuths Hit Online Identity Thieves With 'Takedowns,' 'Poisoning'
By Brian Krebs
washingtonpost.com Staff Writer
Friday, March 4, 2005; 6:34
http://www.msnbc.msn.com/id/7087572/print/1/displaymode/1098/
MSNBC.com
SEC probing ChoicePoint stock sales
Execs sold shares before ID thefts made public
The Associated Press
Updated: 10:30 a.m. ET March 4, 2005
ATLANTA - ChoicePoint Inc., a leading data warehouser, says the Securities
and
On Wed, Mar 02, 2005 at 12:35:50PM +, Ben Laurie wrote:
Cute. I expect we'll see more of this kind of thing.
http://eprint.iacr.org/2005/067
Executive summary: calculate chaining values (called IV in the paper) of
first part of the CERT, find a colliding block for those chaining
--
On 23 Feb 2005 at 21:37, Steven M. Bellovin wrote:
I don't know if there's quite the need for open process for a
hash function as there was for a secrecy algorithm. The AES
process, after all, had to cope with the legacy of Clipper
and key escrow, to say nothing of the 25 years of DES
For the privilege of being able to communicate securely using SSL and a
popular web browser, you can pay anything from $10 to $1500. Clif
Cox researched cert prices from various vendors:
http://neo.opn.org/~clif/SSL_CA_Notes.html
John
