On Oct 3, 2013, at 9:27 PM, David Johnston d...@deadhat.com wrote:
On 10/1/2013 2:34 AM, Ray Dillinger wrote:
What I don't understand here is why the process of selecting a standard
algorithm for cryptographic primitives is so highly focused on speed. ~
What makes you think Keccak is
On Oct 5, 2013, at 12:00 PM, John Kelsey crypto@gmail.com wrote:
http://keccak.noekeon.org/yes_this_is_keccak.html
From the authors: NIST's current proposal for SHA-3 is a subset of the Keccak
family, one can generate the test vectors for that proposal using the Kecca
kreference code. and
On Oct 2, 2013, at 7:46 AM, John Kelsey crypto@gmail.com wrote:
Has anyone tried to systematically look at what has led to previous crypto
failures? T
In the case we are now, I don't think that it is actually crypto failures
(RSA is still secure, but 1024 bit is not. 2048 DHE is still
http://www.nytimes.com/2013/09/27/opinion/have-a-nice-day-nsa.html
On Sep 25, 2013, at 3:14 PM, John Kelsey crypto@gmail.com wrote:
Right now, there is a lot of interest in finding ways to avoid NSA
surveillance. In particular, Germans and Brazilians and Koreans would
presumably rather
Je n'ai fait celle-ci plus longue que parce que je n’ai pas eu le loisir de la
faire plus courte.
On Sep 23, 2013, at 12:45 PM, John Kelsey crypto@gmail.com wrote:
On Sep 18, 2013, at 3:27 PM, Kent Borg kentb...@borg.org wrote:
You foreigners actually have a really big vote here.
It
On Sep 9, 2013, at 9:10 PM, Tony Arcieri basc...@gmail.com wrote:
On Mon, Sep 9, 2013 at 9:29 AM, Ben Laurie b...@links.org wrote:
And the brief summary is: there's only one ciphersuite left that's good, and
unfortunately its only available in TLS 1.2:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
On Sep 9, 2013, at 7:30 PM, Michael Ströder michael at stroeder.com wrote:
Peter Gutmann wrote:
Do you have numbers about the relative and absolute performance impact?
Personally I don't see performance problems but I can't prove my position
with
numbers.
MBA-2:tmp synp$ openssl
On Sep 9, 2013, at 9:29 AM, Ben Laurie b...@links.org wrote:
Perry asked me to summarise the status of TLS a while back ... luckily I
don't have to because someone else has:
http://tools.ietf.org/html/draft-sheffer-tls-bcp-00
In short, I agree with that draft. And the brief summary is:
On Sep 9, 2013, at 2:49 PM, Stephen Farrell stephen.farr...@cs.tcd.ie wrote:
On 09/09/2013 05:29 PM, Ben Laurie wrote:
Perry asked me to summarise the status of TLS a while back ... luckily I
don't have to because someone else has:
http://tools.ietf.org/html/draft-sheffer-tls-bcp-00
In
On Sep 7, 2013, at 6:30 PM, James A. Donald jam...@echeque.com wrote:
On 2013-09-08 4:36 AM, Ray Dillinger wrote:
But are the standard ECC curves really secure? Schneier sounds like he's got
some innovative math in his next paper if he thinks he can show that they
aren't.
Schneier
On Sep 7, 2013, at 8:16 PM, Marcus D. Leech mle...@ripnet.com wrote:
But it's not entirely clear to me that it will help enough in the scenarios
under discussion. If we assume that mostly what NSA are doing is acquiring a
site
RSA key (either through donation on the part of the site,
On Sep 8, 2013, at 1:47 PM, Jerry Leichter leich...@lrw.com wrote:
On Sep 8, 2013, at 3:51 PM, Perry E. Metzger wrote:
In summary, it would appear that the most viable solution is to make
the end-to-end encryption endpoint a piece of hardware the user owns
(say the oft mentioned $50
On Sep 7, 2013, at 1:50 PM, Peter Fairbrother zenadsl6...@zen.co.uk wrote:
On 07/09/13 02:49, Marcus D. Leech wrote:
It seems to me that while PFS is an excellent back-stop against NSA
having/deriving a website RSA key, it does *nothing* to prevent the kind of
cooperative endpoint scenario
The following is from a similar list in Europe. Think this echoes much on this
list but has an interesting twist about PFS cipher suites.
Begin forwarded message:
From: Paterson, Kenny [kenny.pater...@rhul.ac.uk]
Sent: Friday, September 06, 2013 12:03
Hashes aren't ITAR covered is a fact…. from Revised U.S. Encryption Export
Control Regulations, January 2000 at
http://epic.org/crypto/export_controls/regs_1_00.html
3. It was not the intent of the new Wassenaar language for ECCN 5A002 to be
more restrictive concerning Message
On Jul 14, 2010, at 1:52 AM, Florian Weimer wrote:
What's the current state of affairs regarding combined encryption and
authentication modes?
I've implemented draft-mcgrew-aead-aes-cbc-hmac-sha1-01 (I think, I
couldn't find test vectors), but I later came across CCM and EAX. CCM
has the
On Tue, Mar 23, 2010 at 11:21:01AM -0400, Perry E. Metzger wrote:
Ekr has an interesting blog post up on the question of whether protocol
support for periodic rekeying is a good or a bad thing:
http://www.educatedguesswork.org/2010/03/against_rekeying.html
On Mar 23, 2010, at 4:23 PM, Adam
On Nov 11, 2009, at 10:03 AM, Sandy Harris wrote:
On 11/8/09, Zooko Wilcox-O'Hearn zo...@zooko.com wrote:
Therefore I've been thinking about how to make Tahoe-LAFS robust against
the possibility that SHA-256 will turn out to be insecure.
NIST are dealing with that via the AHS process.
On Sep 22, 2009, at 5:57 AM, Darren J Moffat wrote:
Ivan Krsti wrote:
TrueCrypt is a fine solution and indeed very helpful if you need
cross-platform encrypted volumes; it lets you trivially make an
encrypted USB key you can use on Linux, Windows and OS X. If you're
*just* talking about
Caution, the following contains a rant.
On Aug 19, 2009, at 3:28 PM, Paul Hoffman wrote:
I understand that creaking is not a technical cryptography term,
but certainly is. When do we become certain that devastating
attacks on one feature of hash functions (collision resistance) have
any
:56 AM, james hughes wrote:
The first Crypto rump session took place in 1981 and was immediately
heralded as the most important meeting in cryptography. Each
subsequent Crypto rump session has reached a new level of historical
significance, outstripped only by the Crypto rump sessions
The first Crypto rump session took place in 1981 and was immediately
heralded as the most important meeting in cryptography. Each
subsequent Crypto rump session has reached a new level of historical
significance, outstripped only by the Crypto rump sessions that
followed it.
The
On Aug 6, 2009, at 1:52 AM, Ben Laurie wrote:
Zooko Wilcox-O'Hearn wrote:
I don't think there is any basis to the claims that Cleversafe makes
that their erasure-coding (Information Dispersal)-based system is
fundamentally safer, e.g. these claims from [3]: a malicious party
cannot recreate
On Aug 2, 2009, at 4:00 PM, Arshad Noor wrote:
Jerry Leichter wrote:
How
does a server, built on stock technology, keep secrets that it can
use to authenticate with other servers after an unattended reboot?
Without tamper-resistant hardware that controls access to keys,
anything the
On Jul 24, 2009, at 9:33 PM, Zooko Wilcox-O'Hearn wrote:
[cross-posted to tahoe-...@allmydata.org and
cryptogra...@metzdowd.com]
Disclosure: Cleversafe is to some degree a competitor of my Tahoe-
LAFS project.
...
I am tempted to ignore this idea that they are pushing about
encryption
On Jul 27, 2009, at 4:50 AM, James A. Donald wrote:
From: Nicolas Williams nicolas.willi...@sun.com
For example, many people use arcfour in SSHv2 over AES because
arcfour
is faster than AES.
Joseph Ashwood wrote:
I would argue that they use it because they are stupid. ARCFOUR
should
there are insecure implementation...).
James Hughes hugh...@mac.com writes:
TOEs that are implemented in a slow processor in a NIC card have
been shown
many times to be ineffective compared to keeping TCP in the fastest
CPU
(where it is now).
The problem with statements like
Note for Moderator. This is not crypto but TOE being the solution to
networking performance problems is a perception that is dangerous to
leave in the crypto community.
On Jul 23, 2009, at 11:45 PM, Nicolas Williams wrote:
On Thu, Jul 23, 2009 at 05:34:13PM +1200, Peter Gutmann wrote:
On Jul 14, 2009, at 12:43 PM, James A. Donald wrote:
2033130
Subsequent expansions in computing power will involve breaking up
Jupiter to build really big computers, and so forth, which will slow
things down a bit.
So 144 bit EC keys should be good all the way to the singularity and
On Jun 10, 2009, at 4:19 PM, travis+ml-cryptogra...@subspacefield.org
wrote:
Reading really old email, but have new information to add.
On Wed, Oct 03, 2007 at 02:15:38PM +1000, Daniel Carosone wrote:
Speculation: the drive always encrypts the platters with a (fixed)
AES
key, obviating
I believe that mode has been renamed EME2 because people were having a
fit over the *.
On May 14, 2009, at 12:37 AM, Jon Callas wrote:
I'd use a tweakable mode like EME-star (also EME*) that is designed
for something like this. It would also work with 512-byte blocks.
On Mar 9, 2009, at 10:32 PM, Mads wrote:
I know of procedures and programs to erase files securely from
disks, Guttman did a paper on that
What I don't know is how to securely erase information from a
database.
If the material is that sensitive, and you only want to selectively
Building a reference implementation of a cipher can be an invaluable
aid to writing code. Building a cipher in a spreadsheet, while some
may suggest is strange, is a valid way to effectively describe a
cipher in a visual sense. This has been done before with The
Illustrated DES
On Feb 24, 2009, at 6:22 AM, Joachim Strömbergson wrote:
Aloha!
Ian G wrote:
However I think it is not really efficient at this stage to insist on
secure programming for submission implementations. For the simple
reason that there are 42 submissions, and 41 of those will be thrown
away,
On Feb 14, 2009, at 12:54 PM, David Molnar wrote:
Ben Laurie wrote:
[snip discussion of bad crypto implementation practices]
Because he is steeped in the craft
knowledge around crypto. But most developers aren't. Most developers
don't even have the right mindset for secure coding, let alone
All:
The Crypto2008 rump session will be webcast live starting at 19:30 on
August 19th. The details will be posted on the iacr website at
http://www.iacr.org
Local times are
http://tinyurl.com/6xrln9
Enjoy.
Jim
PS. Please feel free to forward this as widely as possible.
to James Hughes ([EMAIL PROTECTED]) by May 30th.
Thanks
Jim Hughes
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
The International Association for Cryptologic Research (http://www.iacr.org/
) is seeking presentations and demos of e-voting systems. For its next
meeting in August-17, 2008 (in Santa-Barbara, CA, USA), the IACR board
would like to invite presentations and demos of cryptographic e-voting
The company and all it's assets are for sale. Starting price $20M.
http://babelsecure.com/property.aspx
On Apr 16, 2008, at 8:49 PM, Ali, Saqib wrote:
See:
http://babelsecure.com/challenge.aspx
Snake-oil sales pitch:
The creators of BabelSecure are so confident in the ability and
I forgot to add the links...
http://people.redhat.com/drepper/sha-crypt.html
http://people.redhat.com/drepper/SHA-crypt.txt
On Oct 11, 2007, at 10:19 PM, james hughes wrote:
A proposal for a new password hashing based on SHA-256 or SHA-512
has been proposed by RedHat but to my
A proposal for a new password hashing based on SHA-256 or SHA-512 has
been proposed by RedHat but to my knowledge has not had any rigorous
analysis. The motivation for this is to replace MD-5 based password
hashing at banks where MD-5 is on the list of do not use algorithms.
I would prefer
On Oct 8, 2007, at 4:27 AM, Steven M. Bellovin wrote:
On Mon, 18 Jun 2007 22:57:36 -0700
Ali, Saqib [EMAIL PROTECTED] wrote:
US Government has select 9 security vendors that will product drive
and file level encryption software.
See:
I am all for humor... Can you give us a hand with how to find this
patent?
On Sep 2, 2007, at 2:27 PM, Axel Horns wrote:
On Fri, August 31, 2007 18:54, Stephan Neuhaus wrote:
Fun,
See German patent document DE10027974A1 (application was refused
in
2006).
Axel H. Horns
Call for papers, submission deadline now June 15th.
The 4th International Security In Storage Workshop will be held
September 27, 2007 (Thursday) at Paradise Point Resort and Spa in San
Diego, California, USA. The workshop is co-located with the 24th IEEE
Conference on Mass Storage Systems
On Jan 19, 2007, at 4:06 AM, Bill Stewart wrote:
[...] if you're trying to protect against KGB-skilled attacks [...]
On the other hand, if you're trying to protect against
lower-skilled attackers, [...]
I always find these arguments particularly frustrating.
By slowly raising the bar
On Jan 18, 2007, at 6:57 PM, Saqib Ali wrote:
When is the last time you checked the code for the open source app
that you use, to make sure that it is written properly?
30 seconds ago.
What mode is it using? How much information is encrypted under a
single key. Was the implementation
On Dec 20, 2006, at 8:44 AM, [EMAIL PROTECTED] wrote:
http://news.com.com/Jailed+ID+thieves+thwart+cops+with+crypto/
2100-7348_3-6144521.html
[...]
According to the Crown Prosecution Service (CPS), which confirmed
that Kostap had activated the encryption after being arrested,
it
All:
The Rump session of this year's Crypto conference will be webcast
Aug. 22 (tomorrow) starting at 19:30 pacific. Other timezones here:
http://tinyurl.com/otxxu
and the webcast will be broadcast in Quicktime and will be available
here:
rtsp://qtss.id.ucsb.edu/crypto.sdp
On Aug 9, 2006, at 8:44 PM, Travis H. wrote:
Hey,
I was mulling over some old emails about randomly-generated numbers
and realized that if I had an imperfectly random source (something
less than 100% unpredictable), that compressing the output would
compress it to the point where it was
Hello list:
I have research project that is looking for a fast -software-
implementation of the KASUMI block cipher. I have found many papers
on doing this in hardware, but nothing in software. While free is
better (as is beer), I will consider a purchase.
FYI, KASUMI is the
In listening to this thread hearing all the hyperbole on both sides,
I would suggest that we may need more fuel to the fire.
There was a rump presentation at the recent Crypto on the use of
Ceremonies (which, pardon my misstatement in advance, is claimed to
be computer protocols with the
At this time I believe the answer is no. I set it up last year and
have not this year. I take it that there is interest?
I will send an email to the group if this changes.
Thanks
jim
On Aug 12, 2005, at 9:07 AM, Mads Rasmussen wrote:
Anyone knows whether there will be webcasts from this
by the IEEE
Computer Society Press in the workshop proceedings and become part of
the IEEE Digital Library.
Workshop Sponsor
- Jack Cole (US Army Research Laboratory, USA)
Program Chair
- James Hughes (StorageTek, USA)
Program Committee
- Don Beaver (USA)
- John Black (University of Colorado, USA
On Mar 4, 2005, at 5:23 PM, James A. Donald wrote:
The attacks on MD*/SHA* are weak and esoteric.
On this we respectfuly disagree.
You make it sound trivial. Wang has been working on these results for
over 10 years. She received the largest applause at Crypto 2004 session
from her peers I have
The following device is a layer 2 tunneling device that has 256 bit AES
at up to 400Mb/s.
http://blueridgenetworks.com/products/index.htm
http://blueridgenetworks.com/support/borderguard_vpn__serv_res_ctr.htm
Hope this helps
On Feb 8, 2005, at 11:29 AM, Russell Nelson wrote:
Steven M. Bellovin
On Feb 2, 2005, at 1:32 PM, bear wrote:
On Mon, 31 Jan 2005, Steven M. Bellovin wrote:
snip re: 3des broken?
[Moderator's note: The quick answer is no. The person who claims
otherwise is seriously misinformed. I'm sure others will chime
in. --Perry]
[snip]
When using CBC mode, one should not
On Jan 31, 2005, at 10:38 PM, Steven M. Bellovin wrote:
When using CBC mode, one should not encrypt more than 2^32 64-bit
blocks under a given key. That comes to ~275G bits, which means that
on a GigE link running flat out you need to rekey at least every 5
minutes, which is often impractical.
For this discussion, I think we are missing the point here...
1. With a rogue binary distribution with correct hash, this is -at
least- a denial of service where the customer will install the rogue
binary and it will crash in the area that the information was changed.
MD5 based Tripwire will
In a personal interview with Walt Tuchman (IBM at the time, worked for
StorageTek when I met him, now retired) he described the process for
creating the s-boxes. A set of mathematical requirements were created
and candidate s-boxes meeting these requirements would be printed out
on a regular
On Sep 7, 2004, at 11:12 PM, Steve Bellovin wrote:
What are some of the classic, must-read, references on traffic
analysis?
(I'm familiar with the Zendian problem, of course.)
In looking through my library, I came across two references (I would
not say 'must read' though).
Code Breakers (David
Hello:
This is Jim Hughes, General Chair of CRYPTO2002. There are three
significant Rump session papers on hash collisions that will be
presented, including an update on this one (and about 40 other short
papers on other aspects of cryptography). As the session firms up, more
information it
I have 2 items of note for this list.
1. The web site is updated with program and the times.
http://www.iacr.org/conferences/crypto2004/rump.html
2. I was typing fast, and mistyped my title. I am General Chair this
year, not 2002 as was stated.
Enjoy.
On Aug 17, 2004, at 1:39 PM, james
In message [EMAIL PROTECTED], John Denker writes:
Here's a challenge directly relevant to this group: Can you
design a comsec system so that pressure against a code clerk
will not do unbounded damage? What about pressure against a
comsec system designer?
If I understand your question correctly,
63 matches
Mail list logo