Re: Can you keep a secret? This encrypted drive can...
On Sat, 4 Nov 2006, Ralf Senderek wrote: On the unencrypted filesystem: # > time dd if=/dev/zero of=cryptogram bs=1MB count=50 50+0 records in 50+0 records out 5000 bytes (50 MB) copied, 0.216106 seconds, 231 MB/s real0m0.257s user0m0.000s sys 0m0.252s Unless you have a disk array in your laptop, that performance is an artifact of buffering. Here are unbuffered and buffered numbers for my rather new desktop machine: $ hdparm -t /dev/sda /dev/sda: Timing buffered disk reads: 174 MB in 3.01 seconds = 57.79 MB/sec $ hdparm -T /dev/sda /dev/sda: Timing cached reads: 5188 MB in 2.00 seconds = 2595.82 MB/sec The 25MB/sec number for your encrypted partition looks like it's probably right, though: $ openssl speed aes-256-cbc [...] The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-256 cbc 52071.66k55008.98k55609.83k55984.13k55776.36k - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Can you keep a secret? This encrypted drive can...
| ...Compusec is great for home / personal use. It is cheap i.e. $0.00 | (Free), and does not slow down the computer as much as the other | products. But that is because it only support 128 bit AES, which is a | major drawback as most enterprise settings require at least 256 bit | AES Just wondering about this little piece. How did we get to 256-bit AES as a requirement? Just what threat out there justifies it? There's no conceivable brute-force attack against 128-bit AES as far out as we can see, so we're presumably begin paranoid about an analytic attack. But is there even the hint of an analytic attack against AES that would (a) provide a practical way in to AES-128; (b) would not provide a practical way into AES-256? What little I've seen in the way of proposed attacks on AES all go after the algebraic structure (with no real success), and that structure is the same in both AES-128 and AES-256. -- Jerry - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Phd thesis on voting
I haven't seen this mentioned here: Ben Adida did a Phd thesis on voting at MIT (ended this August) http://ben.adida.net/research/phd-thesis.pdf At his blog there is more material available such as conference slides, paper etc. http://benlog.com/ (end of page) -- Mads Rasmussen LEA - Laboratório de Ensaios e Auditoria ICP-Brasil (Brazilian PKI Cryptographic Certification Laboratory) Office: +55 11 4208 3873 Mobile: +55 11 9655 8885 Skype: mads_work http://www.lea.gov.br - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Cypherpunks make the OED :-)
On Sun, 05 Nov 2006 02:10:28 -0800, Bill Stewart <[EMAIL PROTECTED]> wrote: > James Gleick's NYT article on the OED mentions "cypherpunk" > among the words recently added to the dictionary. > > http://www.nytimes.com/2006/11/05/magazine/05cyber.html?pagewanted=all > > The page requires registration to access, though there are enough > popular pseudonyms that have done so; I don't know if any of the > "cypherpunks/somepassword" combinations still work; > I've been using one of the no-response email systems for my login. > > http://www.oed.com/help/updates/latest-additions.html > > I don't have a subscription to the online dictionary to > see what they said about it. > University libraries are useful... Cypherpunk, n. Computing slang. A person who uses encryption when sending emails in order to ensure privacy, esp. from government authorities. 1992 Mondo 2000 No. 8. 37/4 I've heard that cypherpunks are already distributing their encrypted email software, which is quick and slick. 1995 Wired Jan. 149/1 Parekh, a young, anarchistic cypherpunk, is dedicated to privacy through strong cryptography. 2005 P. KEEFE Chatter vii. 169 Their articles were translated from Danish into English and French and replicated again and again on the Web, posted on Cryptome and debated by Cypherpunks, forwarded around by e-mail. They are open to comments and criticisms... One caveat: for citations, they want *only* written works for the citation section. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Can you keep a secret? This encrypted drive can...
On Thu, 2 Nov 2006, Alexander Klimov wrote: > I guess many people here have tried full disk encryption for > themselves, do you notice any difference in performance or not? I've been using Matt Blaze's CFS (cryptographic file system) to encrypt personal E-mail archives since 1994 or so. CFS is about the slowest cryptographic file system around: it's implemented outside the kernel (via an NFS loopback mount), so there are lots of userland <--> kernel transitions and data copies going on. And it uses 3DES, which is a lot slower than (eg) AES. Despite all that, CFS performance is just fine. Back when I started using CFS, on a 33 MHz SPARC, the performance hit was noticable but tolerable. Now, when multi-GHz laptops abound, the CFS performance hit is really a drop in the bucket for normal interactive use on moderate-sized files. As a test, I just tried time dd if=/dev/arandom bs=65536 count=512 of=32m (to time writing 32 MB of random data to disk) on my laptop (Lenovo/IBM Thinkpad T43P, OpenBSD 3.9-stable). I ran the command three times (with different file names each time) on each of: (a) a CFS directory backed by my laptop's /home file system, (b) my laptop's /home file system (BSD FFS with soft dependencies), and (c) my laptop's /tmp file system (a memory file system) I was careless/lazy, so these trials all started with the system at its "idling" clock rate (600 MHz), and let the system ramp up the clock rate as needed once it noticed the CPU usage. The times (wall-clock seconds from the 'time' command) were pretty consistent for each of the 3 trials: (a) 10.33 10.75 9.69 (b) 2.12 2.08 2.05 (c) 1.84 1.89 1.85 So... even for 32-MB files, CFS only takes about 8 seconds for the encryption. For smaller files the hit is truly negligible -- when I tried this test on 64K files there was no difference in times between (a), (b), and (c) within the timing noise. ciao, -- -- "Jonathan Thornburg -- remove -animal to reply" <[EMAIL PROTECTED]> Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut), Golm, Germany, "Old Europe" http://www.aei.mpg.de/~jthorn/home.html "Washing one's hands of the conflict between the powerful and the powerless means to side with the powerful, not to be neutral." -- quote by Freire / poster by Oxfam - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Cypherpunks make the OED :-)
James Gleick's NYT article on the OED mentions "cypherpunk" among the words recently added to the dictionary. http://www.nytimes.com/2006/11/05/magazine/05cyber.html?pagewanted=all The page requires registration to access, though there are enough popular pseudonyms that have done so; I don't know if any of the "cypherpunks/somepassword" combinations still work; I've been using one of the no-response email systems for my login. http://www.oed.com/help/updates/latest-additions.html I don't have a subscription to the online dictionary to see what they said about it. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Can you keep a secret? This encrypted drive can...
On Thu, 2 Nov 2006, Alexander Klimov wrote: I guess many people here have tried full disk encryption for themselves, do you notice any difference in performance or not? Yes and no! I use dm-crypt on a Linux laptop with FC5. On the encrypted filesystem: # > df /dev/mapper/secure 309895213342 80553 73% /secure # > time dd if=/dev/zero of=cryptogram bs=1MB count=50 50+0 records in 50+0 records out 5000 bytes (50 MB) copied, 1.96366 seconds, 25.5 MB/s dd if=/dev/zero of=cryptogram bs=1MB count=50 0.00s user 0.52s system 25% cpu 2.023 total On the unencrypted filesystem: # > time dd if=/dev/zero of=cryptogram bs=1MB count=50 50+0 records in 50+0 records out 5000 bytes (50 MB) copied, 0.216106 seconds, 231 MB/s real0m0.257s user0m0.000s sys 0m0.252s The factor 9.05 making the the unencrypted filesystem faster than the encrypted one really does not make a difference for me for anything I do. I'd be happy with 1 MB/s and I got 25! (using AES-256) Regards Ralf Senderek *.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.* * Ralf Senderek <[EMAIL PROTECTED]> http://senderek.com* What is privacy * * Sandstr. 60 D-41849 Wassenberg +49 2432-3960 * without * * PGP: AB 2C 85 AB DB D3 10 E7 CD A4 F8 AC 52 FC A9 ED *Pure Crypto? * 49466008763407508762442876812634724277805553224967086648493733366295231438448 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
A new generation of hash functions SNMAC
We would like to announce: - A new cryptographic primitive SBC (special block cipher) - A family of hash functions SNMAC as candidates for hash functions of new generation The paper "A New Concept of Hash Functions SNMAC Using a Special Block Cipher and NMAC/HMAC Constructions" was sent to EUROCRYPT 2007. Its extended version is available as IACR eprint Report 2006/376, http://eprint.iacr.org/2006/376.pdf. We ought to publish concrete instances of SBC (special block cipher DN) and of SNMAC (hash function HDN) on SNMAC homepage as soon as it will be possible (waiting for an approval of the publication). SNMAC homepage: http://cryptography.hyperlink.cz/SNMAC/SNMAC_EN.html The paper contains also an explanation why we need the new cryptographic primitive for hash functions. It also describes the procedure, which led to proposals of SBC and SNMAC. We hope that the new concept will be discussed. Vlastimil Klima, http://cryptography.hyperlink.cz/ -- Pokerová mánie - 6 freerollových turnajů o 5000 USD! http://im.impact.as/sign/betway/ - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Can you keep a secret? This encrypted drive can...
Alexander Klimov <[EMAIL PROTECTED]> writes: >If a PC is used by an interactive user, it is irrelevant how much access time >is increased, as far as the user cannot see a difference without a timer. >Several times I have read that disk encryption is not noticeable. I agree that in most cases the access-time argument is a red herring. Back when I wrote SFS (DOS-based FDE that ran on 386's), I got plenty of feedback from users that the slowdown was barely or not at all noticeable. The only time I've really noticed it (using current FDE software, not on a 25 MHz 386) is when copying large amounts of data onto an encrypted partition, but that's (a) a very rare event and (b) somewhat slow anyway even for an unencrypted copy. Peter. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
[EMAIL PROTECTED]: [fc-announce] USEC'07 CFP Extended Deadline (Nov 12)]
From: Rachna Dhamija <[EMAIL PROTECTED]> Subject: [fc-announce] USEC'07 CFP Extended Deadline (Nov 12) To: [EMAIL PROTECTED] Date: Mon, 30 Oct 2006 15:34:40 -0800 Please note that the USEC'07 submission deadline has been extended from November 5 to November 12. This workshop will be co-located with Financial Cryptography and Data Security (FC'07). Please notify your colleagues of the new deadline, and encourage them to make a submission. - -- FINAL CALL FOR PAPERS Usable Security (USEC'07) http://www.usablesecurity.org/ February 15-16, 2007 Lowlands, Scarborough, Trinidad/Tobago A workshop co-located with The Eleventh Conference on Financial Cryptography and Data Security (FC'07) Submissions Due Date EXTENDED: November 12, 2006, 11:59pm, PST Some of the most challenging problems in designing and maintaining secure systems involve human factors. A great deal remains to be understood about users' capabilities and motivations to perform security tasks. Usability problems have been at the root of many widely reported security failures in high-stakes financial, commercial and voting applications. USEC'07 seeks submissions of novel research from academia and industry on all theoretical and practical aspects of usable security in the context of finance and commerce. The workshop will bring together an interdisciplinary group of researchers and practitioners, allowing experts in human-computer interaction, cryptography, data security and public policy to explore emerging problems and solutions. ==Organizers== Program Chair: Rachna Dhamija, Harvard University Program Committee: Ross Anderson, University of Cambridge Steven Bellovin, Columbia University Dan Boneh, Stanford University Simson Garfinkel, Harvard University Raquel Hill, Indiana University Jason Hong, Carnegie Mellon University Burt Kaliski, RSA Security and RSA Laboratories Robert Miller, Massachusetts Institute of Technology Andrew Patrick, National Research Council Canada Angela Sasse, University College London Dan Schutzer, Financial Services Technology Consortium Sean Smith, Dartmouth College J. D. Tygar, U.C. Berkeley Paul van Oorschot, Carleton University Ka-Ping Yee, U.C. Berkeley Tara Whalen, Dalhousie University General Chair: Stuart Schechter, MIT Lincoln Laboratory ==Submission Categories== USEC'07 invites submissions in three categories: (1) research papers, (2) abstracts and demos, and (3) working sessions. For all accepted submissions, at least one author must attend the conference and present the work. Research Papers Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Research paper submissions should be at most 12 pages, excluding bibliography and appendices (appendices may include usability study materials and data). Accepted submissions will appear both in a pre-proceedings, available at the workshop, and in a formal proceedings. After receiving feedback from the workshop, authors will have the opportunity to revise their papers before submitting a camera-ready draft for the final proceedings. Abstracts and Demos Submissions in this category should consist of a short summary of work (1-3 pages in length) to be reviewed by the Program Committee, along with a short biography of the presenters. Accepted submissions will be presented at the conference, and a one-page abstract will be published in the conference proceedings. Where appropriate, software or hardware demonstrations are encouraged as part of the presentations in these sessions. Working Sessions We are soliciting topics for working sessions at the intersection of usability, security, finance and commerce. Working sessions will explore topics in depth with significant participation from audience members. Proposals for working sessions should include the proposed topic, format (e.g., panel of invited experts, moderated discussion session, design exercises), prospective participants, time required and a plan for engaging participation from audience members. ==Important Dates== Paper Submission: November 12, 2006 Author Notification: December 15, 2006 Camera-ready for Pre-Proceedings: January 31, 2007 FC'07 Dates: February 12-15, 2007 USEC'07 Dates: February 15-16, 2007 Camera-ready for Final Proceedings: March 15, 2007 ___ fc-announce mailing list [EMAIL PROTECTED] http://mail.ifca.ai/mailman/listinfo/fc-announce -- - The Cryptography Mailing List U
Re: Can you keep a secret? This encrypted drive can...
I compile a lot of software on my laptop, and I *certainly notice* the difference between my office laptop (no encryption) and my travel laptop (with FDE). The laptops are exactly the same, with the same image loaded. The only difference is the FDE software that is installed on the travel laptop. That is why I did an analysis of various FDE solutions to find the best one for my needs. The key thing I was interested was that it must be AES 256, reasonably fast, inexpensive, and offer key recovery in case of password loss. The final outcome of the analysis is available @ http://www.xml-dev.com/blog/index.php?action=viewtopic&id=250 Compusec is great for home / personal use. It is cheap i.e. $0.00 (Free), and does not slow down the computer as much as the other products. But that is because it only support 128 bit AES, which is a major drawback as most enterprise settings require at least 256 bit AES. Compusec also has a great online support forum where you can get your questions answered by Compusec employees and other experienced users. I ended up purchasing both Utimaco and Pointsec. They are excellent products. They both support AES 256. The downside is that they are little bit expensive (Pointsec:$170 ; Utimaco:$200) and slow. The best thing is they both offer great password / encryption key recovery capabilities. You can create a recovery disk with both products. They also offer password recovery using Challenge / Response sequence, where the IT Helpdesk can perform a Challenge/Response sequence with the user to help them recover the password or reset it to a new one. Off course Challenge/Response password recovery is the NOT most secure, especially if the user is remote, but you have the option to disable it on the laptop if you want. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]