Fw: NIST announces approval of SP 800-38D specifying GCM
Begin forwarded message: Date: Tue, 27 Nov 2007 16:22:51 -0500 From: Morris Dworkin <[EMAIL PROTECTED]> To: undisclosed-recipients:; Subject: NIST announces approval of SP 800-38D specifying GCM FYI, yesterday NIST announced the approval of Special Publication 800-38D, which specifies Galois/Counter Mode (GCM), an AES mode of operation for authenticated encryption with associated data. GCM was submitted to NIST by David McGrew and John Viega. The announcement appears on the NIST website, at http://csrc.nist.gov/ , and the URL for the document is http://csrc.nist.gov/publications/PubsSPs.html#800-38D . --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: fyi: Adi Shamir's microprocessor bug attack
James A. Donald wrote: James Muir wrote: > Can anyone think of a deployed implementation of RSA > signatures that would be vulnerable to the attack > Shamir mentions? Hashing and message blinding would > seem to thwart it. As I said, public key encryption has long been known to be weak against chosen plaintext and chosen cryptotext - so protocols have long been designed to prevent this sort of attack. If they are not so designed, they were known to be weak before this attack was discovered. I completely agree with you. Good public key cryptography should be designed to resist chosen message attacks. This has been a standard part of cryptographic theory since the 80s. But this is an implementation attack, and real world implementations don't necessarily follow all the rules of cryptographic theory. If you or anyone else happened to know of a single real-world implementation of RSA signatures that is vulnerable to this fault attack, then that might give some justification for the incredible media coverage it has received. I can't think of any, and my feeling is that this announcement has been over-hyped (and presented without proper perspective). -James - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Protocols and Systems for Privacy Preserving Protection of Digital Identity
Interesting Presentation: http://www.cerias.purdue.edu/news_and_events/events/calendar/[EMAIL PROTECTED] Format: iPod compatible MP4 Video - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]