Algorithms can be perfect and implementation sloppy. If you can
review the code you might find the problem, but with proprietary
code, fergetit.
I think you guys are missing the point. The term "Snake-Oil Crypto"
refers to the algorithm and NOT the actual implementation. This is a
"important" di
http://dilbert.com/comics/dilbert/archive/dilbert-20070117.html
http://dilbert.com/comics/dilbert/archive/dilbert-20070118.html
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
John Denker <[EMAIL PROTECTED]> writes:
> There is only one technical definition of entropy,
Oh?
So you're saying Chaitin-Kolmogrov information and other ways of
studying entropy are "wrong"? I think that's a bit unreasonable, don't
you?
There are different definitions that are useful at differ
Saqib Ali wrote:
Since when did AES-128 become "snake-oil crypto"? How come I missed
that? Compusec uses AES-128 . And as far as I know AES is NOT
"snake-oil crypto"
Saqib,
I believe you are correct as to the algorithm, but the snake-oil
is in the implementation,
As I have often said, "A
On 01/18/2007 03:13 PM, David Wagner wrote:
> In article <[EMAIL PROTECTED]> you write:
>> The /definition/ of entropy is
>>
>> sum_i P_i log(1/P_i) [1]
>>
>> there the sum runs over all symbols (i) in the probability
>> distribution, i.e. over all symbols in the ensembl
On Thu, 18 Jan 2007, Saqib Ali wrote:
> Since when did AES-128 become "snake-oil crypto"? How come I missed
> that? Compusec uses AES-128 . And as far as I know AES is NOT
> "snake-oil crypto"
It is even easier to use a good cryptographic transform in a way that is
utterly insecure then it is to
In article <[EMAIL PROTECTED]> you write:
>The /definition/ of entropy is
>
> sum_i P_i log(1/P_i) [1]
>
>there the sum runs over all symbols (i) in the probability
>distribution, i.e. over all symbols in the ensemble.
>
>Equation [1] is the gold standard. It is always c
On 1/18/07, Saqib Ali <[EMAIL PROTECTED]> wrote:
Since when did AES-128 become "snake-oil crypto"? How come I missed
that? Compusec uses AES-128 . And as far as I know AES is NOT
"snake-oil crypto"
He didn't say that AES is snake oil. He says he wants assurance that
the tool operates correctly.
On 01/17/2007 06:07 PM, Allen wrote:
> The whole issue of entropy is a bit vague for me - I don't normally work
> at that end of things - so could you point to a good tutorial on the
> subject, or barring having a reference handy, could you give an overview?
Entropy is defined in terms of probab
Since when did AES-128 become "snake-oil crypto"? How come I missed
that? Compusec uses AES-128 . And as far as I know AES is NOT
"snake-oil crypto"
Closed-source doesn't mean that it is "snake-oil". If that was the
case, the Microsoft's EFS, and Kerberos implementation would be "snake
oil" too.
On Wed, 17 Jan 2007, Saqib Ali wrote:
[[addressed to Steven Bellovin, but copied to the whole list]]
> I would like to invite you to try out a Free FDE product called
> Compusec < http://www.ce-infosys.com/ >
If I have data that's valuable enough to need encryption, I'm going
to be nervous trustin
Steven M. Bellovin wrote:
Not necessarily -- many of my systems have multiple disk drives and
file systems, some of which are on removable media. Apart from that,
though, this is reinforcing my point -- what is the threat model?
PC/RT had external scsi disk drive housing ... with scsi disk dri
I'm going to try to make this one a bit less aggregious in tone. I'm also
going to sometimes use (3DES) and (ECC) for designation of work and time
measurements.
- Original Message -
From: "Matthias Bruestle" <[EMAIL PROTECTED]>
Cc:
Sent: Monday, January 15, 2007 2:31 AM
Subject: Re: Pr
Joseph,
The whole issue of entropy is a bit vague for me - I don't
normally work at that end of things - so could you point to a
good tutorial on the subject, or barring having a reference
handy, could you give an overview?
Thanks,
Allen
Joseph Ashwood wrote:
- Original Message - F
14 matches
Mail list logo