Re: Looking for Source of AES code

2004-09-14 Thread Brian Gladman
Damien O'Rourke wrote:
Hi,
I have some AES code here in C and I am trying to find it's author and
source.  I can't find
it on the Internet so I figure it was taken from a book.  Now I don't want
to send the entire
code to the list for obvious reasons however I was hoping you could help me
from the following
small snippet.  Maybe the use of  _fastcall  might jog someone's memory.
If there is
code that appears similar to this but is not exactly the same I would
appreciate the source
of that also.
void _fastcall encrypt(FILE *Encryption_File, FILE *Encrypted_File, unsigned
*expkey)
{
uchar in[16], out[16];
unsigned state[NumberOfBytes], rnd, i;
while (!feof(Encryption_File))
{
  uchar k=0;
   fread(in,sizeof(uchar),16,Encryption_File);/
   *(state+0)= *(in+0)24 | *(in+1) 16  | *(in+2)8  | *(in+3);
   *(state+1)= *(in+4)24 | *(in+5) 16  | *(in+6)8  | *(in+7)  ;
   *(state+2)= *(in+8)24 | *(in+9) 16  | *(in+10)8 | *(in+11)  ;
   *(state+3)= *(in+1)24 | *(in+3) 16  | *(in+14)8 | *(in+15)  ;
I don't know whose code it is but it has bugs in it.
The line above should be:
 *(state+3)= *(in+12)24 | *(in+13) 16  | *(in+14)8 | *(in+15);
I doubt that this is the only problem in this code either.
[snip]
Brian Gladman
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


pci hardware for secure crypto storage (OpenSSL/OpenBSD)

2004-09-14 Thread Eugen Leitl

I'm looking for (cheap, PCI/USB) hardware to store secrets (private key) and
support crypto primitives (signing, cert generation). It doesn't have to be
fast, but to support loading/copying of secrets in physically secure environments, and
not generate nonextractable secret onboard. Environment is
OpenBSD/Linux/OpenSSL/gpg.

Any suggestions?

-- 
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07078, 11.61144http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net


pgpFez8InSggV.pgp
Description: PGP signature


Re: will spammers early adopt hashcash? (Re: Spam Spotlight on Reputation)

2004-09-14 Thread Russell Nelson
(everybody is on the mailing list; why all the CC's?)

Adam Back writes:
  Will it be enough -- we don't know yet, but if widely deployed it
  would make spammers adapt.  We just don't yet know how they will
  adapt.

Cryptography is not about math; it's not about secrets; it's not about
security.  It's about economics.  I'd really like to see people NOT
talk about the security of cryptography, but instead of about the cost
of it.  If the cost of breaking a system exceeds the value of an
identifiable message, nobody will bother breaking it.  If the cost of
using a system exceeds the value of the system, nobody will bother
using it.

So, in this context, Ben  Richards paper is not so much that
hashcash won't work but instead the value of using hashcash is
exceeded by the cost of using it.

-- 
--My blog is at angry-economist.russnelson.com  | Violence never solves
Crynwr sells support for free software  | PGPok | problems, it just changes
521 Pleasant Valley Rd. | +1 212-202-2318 voice | them into more subtle
Potsdam, NY 13676-3213  | FWD# 404529 via VOIP  | problems.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: pci hardware for secure crypto storage (OpenSSL/OpenBSD)

2004-09-14 Thread David Shaw
On Tue, Sep 14, 2004 at 10:31:11AM +0200, Eugen Leitl wrote:
 
 I'm looking for (cheap, PCI/USB) hardware to store secrets (private
 key) and support crypto primitives (signing, cert generation). It
 doesn't have to be fast, but to support loading/copying of secrets
 in physically secure environments, and not generate nonextractable
 secret onboard. Environment is OpenBSD/Linux/OpenSSL/gpg.

Since your environment includes GPG, then I think the OpenPGP
smartcard meets pretty well what you are requesting.  Combine it it
with a USB smartcard reader, and the card becomes USB, too ;)

http://www.silicon-trust.com/pdf/secure_8/48_ppc.pdf
http://www.g10code.de/p-card.html

David

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


No Paper for Md. Anti-Touchscreen Voters

2004-09-14 Thread R. A. Hettinga
http://www.telegram.com/apps/pbcs.dll/article?Date=20040914Category=APAArtNo=409141037SectionCat=Template=printart

Article published Sep 14, 2004

No Paper for Md. Anti-Touchscreen Voters

By TOM STUCKEY
Associated Press Writer

 Maryland's highest court Tuesday rejected demands for additional
safeguards for touchscreen voting machines, saying elections officials have
done everything necessary to ensure the paperless devices are accurate and
secure.

The Court of Appeals also rejected a call to allow citizens who do not
trust touchscreen voting to use paper ballots in the Nov. 2 general
election.

The decision came in a two-paragraph order issued less than three hours
after the judges heard arguments on a suit brought by TrueVoteMD. The
citizens group alleges the electronic machines, used statewide for the
first time in March, are vulnerable to fraud and that the state cannot
guarantee fair and accurate election results.

Lead plaintiff Linda Schade said that although the decision was not a
surprise, it means voters are going to be forced to vote on an insecure
system.

Schade said the state delayed the suit so long that judges found
themselves challenged to find a remedy for this upcoming election that
could be implemented in time.

Linda Lamone, state election laws administrator, said outside the courtroom
that making significant changes in the voting system at this late date
would have created chaos on Election Day.

Asked about the security of the state's 16,000 Diebold AccuVote-TS
electronic machines, Lamone said, I'm very confident they are accurate and
secure.

TrueVoteMD wants the state to equip all electronic machines with printers
that would make a copy of each vote, although it acknowledged in court that
it was too late to do that for the November election.

For the upcoming vote, the group had sought paper ballots for voters who
mistrust the computer voting system, as well as additional security
measures, such as installing Microsoft Windows software patches on the
computers used to tabulate votes.

The group contends paper records would ensure that votes were properly
recorded and could be used for recounts.

We're basically playing Russian roulette, TrueVoteMD lawyer Ryan Phair
said as he listed potential problems with electronic machines. We know
there is vulnerability. It is just a matter of time until it happens.

Assistant Attorney General Michael Berman said more than 20 successful
elections have been held in Maryland using the Diebold machines with no
evidence of fraud or allegations of inaccurate vote counts.

Phair mentioned allegations of glitches with computerized systems in other
states, but said it might be impossible to detect widespread fraud such as
rewriting of software to skew election results.

Phair said TrueVoteMD will continue its legal battle to force the state to
use printers on electronic machines in future elections.

Also Tuesday, a local election judge was ordered to return to the
Montgomery County elections board an electronic voting machine that U.S.
Sen. Barbara Mikulski, D-Md., had trouble using in a weekend demonstration.
The machine marked the wrong vote when Mikulski's hand brushed against the
screen, and it took her several attempts to correct the vote.

The election judge, Stan Boyd, had tests performed on the machine, but
would not elaborate on the tests or any findings.

Kevin Karpinski, an attorney for the county board, said any problems
testing might uncover could be misleading because the machine was only for
demonstration purposes and does not have updated software that will be used
in the November election.
-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]