Re: traffic analysis

2003-08-29 Thread John S. Denker
On 08/28/2003 04:26 PM, David Wagner wrote: > > Are you sure you understood the attack? Are you sure you read my original note? > The attack assumes that communications links are insecure. I explicitly hypothesized that the links were encrypted. The cryptotext may be observed and its timing may b

Re: PRNG design document?

2003-08-29 Thread Thor Lancelot Simon
On Fri, Aug 29, 2003 at 11:27:41AM +0100, Ben Laurie wrote: > > > > As you mentioned, the FIPS-140-2 approved PRNG > > are deterministic, they take a random seed and extend it > > to more random bytes. But FIPS-140-2 has no > > provision for generating the seed in the first place, > > this is

Re: PRNG design document?

2003-08-29 Thread Tim Dierks
I'd like to thank everyone for their suggestions re: PRNG design documents. The most commonly suggested documents were: Peter Gutmann's paper on the subject: http://www.cryptoapps.com/~peter/06_random.pdf The Yarrow design document: http://www.counterpane.com/yarrow.html Other l

Code-breaker reveals a diarist to rival Pepys

2003-08-29 Thread R. A. Hettinga
The Telegraph Code-breaker reveals a diarist to rival Pepys (Filed: 29/08/2003) A Puritan's journal written in cryptic shorthand to foil the King's men paints a vivid picture of 1600s Lo

Re: Beware of /dev/random on Mac OS X

2003-08-29 Thread Tim Dierks
At 05:01 PM 8/28/2003, Peter Hendrickson wrote: First, the entropy pool in Yarrow is only 160 bits. From Section 6 "Open Questions and Plans for the Future" of the Yarrow paper referenced above: > Yarrow-160, our current construction, is limited to at most 160 bits > of security by the size of its

Re: traffic analysis

2003-08-29 Thread kent
On Thu, Aug 28, 2003 at 08:06:07AM -0400, John S. Denker wrote: [...] > The solution I outlined is modelled after > procedures that governments have used for decades > to defend against traffic analysis threats to > their embassies and overseas military bases. > > More specifically, anybody who th

[Mac_crypto] Introducing SaferWep

2003-08-29 Thread R. A. Hettinga
--- begin forwarded text Status: U From: James Moore <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [Mac_crypto] Introducing SaferWep Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] List-Id: Macintosh Cryptography List-Post: List-Help:

Re: PRNG design document?

2003-08-29 Thread Ben Laurie
Anton Stiglic wrote: > - Original Message - > From: "Bob Baldwin PlusFive" <[EMAIL PROTECTED]> > To: "Tim Dierks" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Friday, August 22, 2003 1:00 PM > Subject: Re: PRNG design document? > > > >>Tim, >> One issue to consider is whet

Re: PRNG design document?

2003-08-29 Thread Ben Laurie
Thor Lancelot Simon wrote: > On Fri, Aug 22, 2003 at 10:00:14AM -0700, Bob Baldwin PlusFive wrote: > >>Tim, >> One issue to consider is whether the system >>that includes the PRNG will ever need a FIPS-140-2 >>rating. For example, people are now working on >>a FIPS-140 validation for OpenSSL

Conspiracy to hide bits (was: traffic analysis)

2003-08-29 Thread Jim McCoy
On Wednesday, August 27, 2003, at 04:09 PM, An Metet wrote: This is from http://www.lawnerds.com/testyourself/criminal_rules.html: Check out a better source (specifically 18 U.S.C. 371), or http://www.rense.com/general9/cons.htm. A person is guilty of conspiracy if: - Two or more people agree

Re: traffic analysis

2003-08-29 Thread Ryan Lackey
Quoting John S. Denker <[EMAIL PROTECTED]>: > More specifically, anybody who thinks the scheme > I described is vulnerable to a timing attack isn't > paying attention. I addressed this point several > times in my original note. All transmissions > adhere to a schedule -- independent of the amoun

Re: traffic analysis

2003-08-29 Thread Anonymous
John S. Denker writes: > More specifically, anybody who thinks the scheme > I described is vulnerable to a timing attack isn't > paying attention. I addressed this point several > times in my original note. All transmissions > adhere to a schedule -- independent of the amount, > timing, meaning,

Re: traffic analysis

2003-08-29 Thread Adam Back
On Thu, Aug 28, 2003 at 08:06:07AM -0400, John S. Denker wrote: > A couple of people wrote in to say that my remarks > about defending against traffic analysis are "not > true". As 'proof' they cite [1] > > which proves nothing of the sort. I agree it doesn't prove anything directly. However if

Beware of /dev/random on Mac OS X

2003-08-29 Thread Peter Hendrickson
It's a /dev/urandom which has been labeled "/dev/random". It claims to be a Yarrow implementation so is presumably only 160 bits strong. (See http://www.counterpane.com/yarrow-notes.html.) >From http://www.hmug.org/man/4/urandom.html: > /dev/urandom is a compatibility nod to Linux. On Linux, /dev

Re: traffic analysis

2003-08-29 Thread David Wagner
John S. Denker wrote: >More specifically, anybody who thinks the scheme >I described is vulnerable to a timing attack isn't >paying attention. I addressed this point several >times in my original note. All transmissions >adhere to a schedule -- independent of the amount, >timing, meaning, and oth