Re: picking a hash function to be encrypted

2006-05-17 Thread Eric Rescorla
Travis H. [EMAIL PROTECTED] writes:

 On 5/14/06, Victor Duchovni [EMAIL PROTECTED] wrote:
 Security is fragile. Deviating from well understood primitives may be
 good research, but is not good engineering. Especially fragile are:

 Point taken.  This is not for a production system, it's a research thing.

 TLS (available via OpenSSL) provides integrity and authentication, any
 reason to re-invent the wheel? It took multiple iterations of design
 improvements to get TLS right, even though it was designed by experts.

 IIUC, protocol design _should_ be easy, you just perform some
 finite-state analysis and verify that, assuming your primitives are
 ideal, no protocol-level operations break it.  The 7th Usenix Security
 Symposium has a paper where the authors built up SSL 3.0 to find out
 what attack each datum was meant to prevent.  They used mur-phi, which
 has been used for VLSI verification (i.e. large numbers of states).
 ATT published some code to do it too (called SPIN).  It's effective
 if the set of attacks you're protecting against is finite and
 enumerable (for protocol design, I think it should be; reflection,
 replay, reorder, suppress, inject, etc.).  I wouldn't consider
 fielding a protocol design without sanity-checking it using such a
 tool.  Was there an attack against TLS which got past FSA, or did the
 experts not know about FSA?

There have been a number of attacks on TLS since Mitchell et al's
paper was published in 1998. The most well known are the attacks
on CBC mode described in http://www.openssl.org/~bodo/tls-cbc.txt.

-Ekr

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


anyone have New Hash Functions and their Use in Authentication and Set Equality

2006-05-17 Thread Travis H.

I've googled for New Hash Functions and their Use in Authentication
and Set Equality and found several citations but no electronic
copies.  I don't have access to a library that might have it, does
anyone here have one?  Thanks.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)

2006-05-17 Thread Anne Lynn Wheeler

http://www.garlic.com/~lynn/rfcidx14.htm#4492

4492 I
Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer 
Security (TLS), Blake-Wilson S., Bolyard N., Gupta V., Hawk C., Moeller 
B., 2006/05/16 (35pp) (.txt=72231) (Refs 2246, 3268, 3279, 3280, 4346, 
4366) (was draft-ietf-tls-ecc-12.txt)


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NSA knows who you've called.

2006-05-17 Thread Russ Nelson
[EMAIL PROTECTED] writes:
  You and I are in agreement, but how do we get
  the seemingly (to us) plain truth across to
  others?  I've been trying for a good while now,
  reaching a point where I'd almost wish for a
  crisis of some sort as persuasiveness is not
  working.
  
  We are probably well off-topic for this list.

First they came for the terrorists, and I said nothing because I
wasn't a terrorist.  Then they came for my phone calls, and I said
nothing because I had nothing to hide.  Then they came for the
cryptographers, and I said nothing because I coulldn't even spel the
word.  Now I can't hide anything.

-- 
--my blog is athttp://blog.russnelson.com   | Microsoft as wall,
Crynwr sells support for free software  | PGPok | OSI are the sappers.
521 Pleasant Valley Rd. | +1 315-323-1241   | Walls fall stone by stone
Potsdam, NY 13676-3213  | Sheepdog  | 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: the meaning of linearity, was Re: picking a hash function to be encrypted

2006-05-17 Thread Kuehn, Ulrich

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
  
 The thing I've always wondered about stream ciphers is why we only
 talk about linear ones.  A stream cipher is fundamentally constructed
 of two things:  A stream of bits (alleged to be unpredictable) as
 long as the plaintext; and a combining function that takes one
 plaintext bit and one stream bit and produces a ciphertext bit.
 The combining function has to conserve information.  If you only
 combine single bits, there are only two possible functions:  XOR
 and the complement of XOR.  But consider RC4:  It actually generates
 a byte at a time.  We just choose to use that byte as a vector of
 8 bits.  For plaintexts that are multiples of 8 bits long - just
 about everything these days - there are many possible combining
 functions.  Most aren't even close to linear.
 

I am not sure this will add to the security of the whole thing. My reasoning 
behind that is:

The combining function needs to be invertible (we want to recover the 
plaintext, don't we?), so we have an 8-bit block cipher with an 8-bit key 
(supplied by the key stream generator). 

Given known plaintext and corresponding ciphertext, there should not be too 
many keys that map the plaintext to the ciphertext. I don't have the 
probability at hand how many such 'collisions' you would expect from 256 random 
permutations, but intuitively I would not expect too many. However, I could be 
wrong here and would like to be corrected in this case.

Regards,
Ulrich


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


IPICS summer course in Computer Security

2006-05-17 Thread George Danezis
Call for Participation

Intensive Program on Information and Communication Security
IPICS 2006 Summer Course
17-28 July 2006, K.U. Leuven, Belgium
https://www.cosic.esat.kuleuven.be/ipics2006/?i=S

Special Focus: Privacy Technology (26-28 July)

IPICS is a two week long summer school intended for final year
undergraduate students, master students and starting PhD candidates, as
well as those in the private sector, that wish to learn about the
foundations of computer and communication security. IPICS takes the
format of a two week course, taught by internationally renowned
researchers and experts.

The special theme this year is Privacy Technology, with 3 days
especially devoted to it. The special privacy course will cover:

* Introduction, by the father of Privacy Technologies,
  David Chaum
* Identity management and privacy
  Marit Hansen (ICPP, Schleswig-Holstein, Germany)
* Anonymous credential systems and e-cash
  Jan Camenisch (IBM Zürich, Switserland)
* Election schemes
  Peter Ryan (Newcastle University, U.K.)
* Privacy policies, languages and applications
  Simone Ficher-Hübner (Karlstadt University, Sweden)
* Location privacy and mobile devices
  Kai Rannenberg (Goethe University Frankfurt, Germany)
* Anonymous communications
  Dogan Kesdogan (Technical University of Aachen, Germany)
* Privacy public policy, law and economics
  Jos Dumortier (Katholieke Universiteit Leuven - ICRI, Belgium)

Other topics will include:

* Introduction to security and course overview (Bart Preneel, KU Leuven),
* Computer crime and abuse (Nathan Clarke, Plymouth),
* Business continuity planning (Gerald Quirchmayr, Vienna),
* Cryptology (Bart Preneel, KU Leuven),
* Authorization and access control (Günther Pernul, Regensburg),
* PKI and PMI (Javier Lopez, Malaga),
* Biometry (Pim Tuyls, KU Leuven),
* Network Security (Sokrates Katsikas, Greece),
* Cybercrime Investigation (Ahmed Patel),
* RFID Security (Karl Posch, T.U.Graz),
* Electronic commerce (Keith Martin, Royal Holloway),
* Smart cards (Helena Handschuh, Spansion, France),
* Trusted computing (Klaus Kursawe, Philips Eindhoven),
* Secure hardware (Lejla Batina, Nele Mentens, KU Leuven),
* eID cards (Danny De Cock, KU Leuven),
* Security of C and C++ programs (Yves Younan, KU Leuven)
(Full program at:
 https://www.cosic.esat.kuleuven.be/ipics2006/course_program.shtml?i=S)

Registration:

Registration is FREE for students. Academics are charged (150 euros) and
industry participants are charged 500 euros for L-SEC members or 650
euros for non-members.

We ask those interested to register as soon as possible, and before July
7th at:
(Academics:)
https://www.cosic.esat.kuleuven.be/ipics2006/application.shtml?i=S
 (Industry:)
http://l-sec.emsecure.net/optiext/optiextension.dll?ID=gQeugRexMggM

A limited supply of accommodation is available through KU Leuven, that
you need to book well in advance through the registration process. More
details on alternative hotels and local arrangements can be found at:
https://www.cosic.esat.kuleuven.be/ipics2006/practical_info.shtml?i=S

Contacts and further information:

Web: https://www.cosic.esat.kuleuven.be/ipics2006/index.shtml?i=S
Email:
George Danezis (George.Danezis at esat kuleuven be)
Claudia Diaz (Claudia.Diaz at esat kuleuven be)
Prof. Bart Preneel (Bart.Preneel at esat kuleuven be)

Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


It's funny because it's true...

2006-05-17 Thread Perry E. Metzger

Cartoon of the day:

http://www.ibiblio.org/Dave/Dr-Fun/df200605/df20060517.jpg

[Hat tip to Steve Bellovin for pointing it out to me...]

-- 
Perry E. Metzger[EMAIL PROTECTED]

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]