The Quest For Cryptologic Centralization and the Establishment of NSA:
1940-1952
http://www.fas.org/irp/nsa/quest.pdf
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
On Tue, 29 Nov 2005, Jack Lloyd wrote:
The basic scenario I'm looking at is encrypting some data using a
password-derived key (using PBKDF2 with sane salt sizes and
iteration counts). [...] My inclination is to use the PBKDF2 output
as a key encryption key, rather than using it to directly
Eric Rescorla wrote:
May I ask why you don't just use TLS?
I would if I could, believe me. :o)
The negotiated key will be used for both reliable (TCP-like) and
non-reliable (UDP-like) connections, all tunnelled over a single UDP
port for NAT-busting purposes. For the TCP-like component,
I am designing a transport-layer encryption protocol, and obviously wish
to use as much existing knowledge as possible, in particular TLS, which
AFAICT seems to be the state of the art.
In general, it's probably a good idea to look at existing mechanisms and
analyze why they're not
From: Jack Lloyd [EMAIL PROTECTED]
Sent: Nov 29, 2005 11:08 AM
To: cryptography@metzdowd.com
Subject: Encryption using password-derived keys
The basic scenario I'm looking at is encrypting some data using a
password-derived key (using PBKDF2 with sane salt sizes and iteration
counts). I am not
* Joseph Ashwood [EMAIL PROTECTED] [2005-11-22 02:50 -0800]:
- Original Message -
From: Anton Stiglic [EMAIL PROTECTED]
Subject: RE: Fermat's primality test vs. Miller-Rabin
-Original Message-
From: [Joseph Ashwood]
Subject: Re: Fermat's primality test vs. Miller-Rabin
Hey,
I've been reading through the TCPA documents and thinking a bit about
changes that might give higher assurance to an ordinary PC, or at
least a PC with only minor changes.
Specifically, one of the things I've always been mulling over is a
secure boot sequence. Basically, like the TCPA, I
IMO it is pointless to
write SHA in a language that ``can have properties of programs
proved,'' because test vectors are good enough, and there is no real
assurance that when you write the specification in a machine-readable
form you do not make the same mistake as in your code.
I think you
- Original Message -
From: Nicolas Rachinsky [EMAIL PROTECTED]
Subject: Re: Fermat's primality test vs. Miller-Rabin
* Joseph Ashwood [EMAIL PROTECTED] [2005-11-22 02:50 -0800]:
16384 times
..
If I remember the proof of MR correctly it assumes an odd number. Were
| ...basically, there was suppose to be a binding between the URL the user
| typed in, the domain name in the URL, the domain name in the digital
| certificate, the public key in the digital certificate and something
| that certification authorities do. this has gotten terribly obfuscated
| and
[EMAIL PROTECTED] wrote:
One can look at this in more general terms. For validation to mean
anything,
what's validated has to be the semantically meaningful data - not some
incidental aspect of the transaction. The SSL model was based on the
assumption that the URL was semantically
--- begin forwarded text
Delivered-To: [EMAIL PROTECTED]
Date: Thu, 1 Dec 2005 16:54:00 -0500
To: Philodox Clips List [EMAIL PROTECTED]
From: R. A. Hettinga [EMAIL PROTECTED]
Subject: [Clips] Banks Seek Better Online-Security Tools
Reply-To: [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
It can be useful to derive a key encryption key from the password, and not
use the key derived from the password to directly encrypt data you want to
protect, when the resulting ciphertext can be found in different places
where your encrypted key won't necessarly also be found. For example, to
[EMAIL PROTECTED] wrote:
One can look at this in more general terms. For validation to mean
anything,
what's validated has to be the semantically meaningful data - not some
incidental aspect of the transaction. The SSL model was based on the
assumption that the URL was semantically
Hi,
Apologies if this has been asked before.
The company I work for has been asked to prove the randomness of a random
number generator. I assume they mean an PRNG, but knowing my employer it
could be anything.. I've turned the work down on the basis of having another
gig that week. However, it
15 matches
Mail list logo
