Until now, the best complete differential path (to our knowledge)
has complexity 2^63
The new path presented has complexity 2^52 - a significant reduction.
Practical collisions are within resources of a well funded organisation.
We are continuing our search for differential paths where the
From: Zooko O'Whielacronx zo...@zooko.com
Subject: [tahoe-dev] SHA-1 broken! (was: Request for hash-dependency in
Tahoe security.)
To: nejuc...@gmail.com, tahoe-...@allmydata.org
Date: Wed, 29 Apr 2009 15:59:05 -0600
Reply-To: tahoe-...@allmydata.org
On Apr 29, 2009, at 11:51 AM, Nathan
McDonald, Hawkes and Pieprzyk claim that they have reduced the collision
strength of SHA-1 to 2^{52}.
Slides here:
http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf
Thanks to Paul Hoffman for pointing me to this.
-Ekr
I'm back up for air again. The message backlog will be moved out over
the next few days, not necessarily in chronological order.
Perry
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to
IOP New Journal of Physics, Volume 11, April, 2009
Editorial page describing focus, with table of contents:
http://www.iop.org/EJ/abstract/1367-2630/11/4/045005/
TOC has links to freely downloadable copies of the papers.
--
-
I was just reading through the WiMAX PKI documentation [0]... this uses PGP to
issue device and server X.509 certificates for use in WiMAX networks:
Name is an identifying name for the recipient that will be used as an
authenticated identity by the CA signing system. This is the identifier
ANNOUNCING Tahoe, the Least-Authority Filesystem, v1.4
The allmydata.org team is pleased to announce the release of version
1.4.1 of Tahoe, the Lightweight-Authorization Filesystem. This is the
first release of Tahoe-LAFS which was created solely as a labor of love
by volunteers -- it is no
The whole story's at:
http://www.wired.com/politics/security/news/2009/04/fleetcom
it appears that Brazilians wanting to communicate on the cheap are using US
FLTSATCOM links to talk to each other. This works because the communication
channel was open, not encrypted, lots of people used it to
http://www.wired.com/print/science/discoveries/magazine/17-05/ff_kryptos
Mission Impossible: The Code Even the CIA Can't Crack
By Steven Levy Email 04.20.09
The sculpture named Kryptos at CIA headquarters contains a secret message ?
but not even the agency's brightest can crack its code.
Begin forwarded message:
From: Eugen Leitl eu...@leitl.org
Date: April 22, 2009 1:05:51 PM GMT-04:00
To: i...@postbiota.org, cypherpu...@al-qaeda.net
Subject: [tahoe-dev] NEWSFLASH -- Coder Goes Crazy! Laptop Versus Axe!
Film At 11!
- Forwarded message from Zooko O'Whielacronx
The CNG SDK contains documentation, code, and tools designed to help
you develop cryptographic applications and libraries targeting the
Windows Vista SP1, Windows Server 2008 R2, and Windows 7 Operating
Systems.
While poking around Google Books, I stumbled on the following two
references that might be of interest to this list. The first is cited
by Kahn.
\emph{The Military Telegraph During the Civil War in the United States:
With an Exposition of Ancient and Modern Means of Communication,
and of the
Liberated from LiveJournal :-):
Title: Fully Homomorphic Encryption Using Ideal Lattices
Speaker: Craig Gentry, Stanford University
Time/Place: 11 am, 18 March, Wozniak Lounge
[Ed. note: 4th floor, Soda Hall, UC Berkeley]
Abstract:
We propose a fully homomorphic encryption scheme -- i.e., a
http://www.google.com/hostednews/ap/article/ALeqM5jFmxwZmt8V4URihSIugJroZE4yKgD974J72O0
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
On Sat, Mar 07, 2009 at 05:40:31AM +1300, Peter Gutmann wrote:
Given that, when I looked a couple of years ago, TPM support for
public/private-key stuff was rather hit-and-miss and in some cases seemed to
be entirely absent (so you could use the TPM to wrap and unwrap stored private
keys
But
Thor Lancelot Simon t...@rek.tjls.com writes:
On Sat, Mar 07, 2009 at 05:40:31AM +1300, Peter Gutmann wrote:
Given that, when I looked a couple of years ago, TPM support for
public/private-key stuff was rather hit-and-miss and in some cases seemed to
be entirely absent (so you could use the TPM
Quoting:
A top federal cybersecurity official resigned this week in a letter
sharply critical of what he described as a power grab by the
National Security Agency.
Rod Beckström, director of Homeland Security's National
Cybersecurity Center, said in his letter that NSA
On Sat, Mar 07, 2009 at 07:36:25AM +1300, Peter Gutmann wrote:
In any case though, how big a deal is private-key theft from web servers?
What examples of real-world attacks are there where an attacker stole a
private key file from a web server, brute-forced the password for it, and then
I know of procedures and programs to erase files securely from disks,
Guttman did a paper on that
What I don't know is how to securely erase information from a database.
I cannot assume that the vendor solves this matter, anyone have a clue?
Regards,
Mads Rasmussen
http://www.ilounge.com/index.php/news/comments/chinese-hackers-crack-itunes-store-gift-codes-sell-certificates/
Chinese hackers crack iTunes Store gift codes, sell certificates
By Charles Starrett
Senior Editor, iLounge
Published: Tuesday, March 10, 2009
A group of Chinese hackers has
The assertion occasionally comes up that since the NSA cannot legally
eavesdrop on Americans, it outsources to the UK or one of the other
Echelon countries. It turns out that that's forbidden, too -- see
Section 2.12 of Executive Order 12333
I have never seen a good catalog of computationally-strong
pseudo-random number generators. It seems that everyone tries to roll
their own in whatever application they are using, and I bet there's a
lot of waste and inefficiency and re-inventing the wheel involved.
If this true, or is there a
Thor Lancelot Simon t...@rek.tjls.com writes:
Almost no web servers run with passwords on their private key files. Believe
me. I build server load balancers for a living and I see a _lot_ of customer
web servers -- this is how it is.
Ah, that kinda makes sense, it would parallel the experience
On Sun, Mar 15, 2009 at 12:26:39AM +1300, Peter Gutmann wrote:
I was hoping someone else would leap in about now and question this, but I
guess I'll have to do it... maybe we have a different definition of what's
required here, but AFAIK there's an awful lot of this kind of hardware
floating
Steven M. Bellovin wrote:
We've become prisoners of dogma here. In 1979, Bob Morris and Ken
Thompson showed that passwords were guessable. In 1979, that was
really novel. There was a lot of good work done in the next 15 years
on that problem -- Spaf's empirical observations, Klein's '90
What I don't know is how to securely erase information from a
database.
I cannot assume that the vendor solves this matter, anyone have a
clue?
I'd say your assumption is valid. This is not to disrespect the
database vendors, but to point out that their risk modelling is
generally
On Mon, Mar 9, 2009 at 10:32 PM, Mads m...@lsitec.org.br wrote:
I know of procedures and programs to erase files securely from disks,
Guttman did a paper on that
Yes, but that paper is over ten years old. In the meanwhile, disk
designs and perhaps encoding schemes have changed, journaling
Eric Rescorla e...@networkresonance.com writes:
McDonald, Hawkes and Pieprzyk claim that they have reduced the collision
strength of SHA-1 to 2^{52}.
Slides here:
http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf
Thanks to Paul Hoffman for pointing me to this.
This is
On Mar 9, 2009, at 10:32 PM, Mads wrote:
I know of procedures and programs to erase files securely from
disks, Guttman did a paper on that
What I don't know is how to securely erase information from a
database.
If the material is that sensitive, and you only want to selectively
On Sat, Mar 14, 2009 at 3:16 AM, Travis
travis+ml-cryptogra...@subspacefield.org wrote:
I have never seen a good catalog of computationally-strong
pseudo-random number generators. It seems that everyone tries to roll
their own in whatever application they are using, and I bet there's a
lot of
On 2009 Apr 30, at 4:31 , Perry E. Metzger wrote:
Eric Rescorla e...@networkresonance.com writes:
McDonald, Hawkes and Pieprzyk claim that they have reduced the
collision
strength of SHA-1 to 2^{52}.
Slides here:
http://eurocrypt2009rump.cr.yp.to/
837a0a8086fa6ca714249409ddfae43d.pdf
On Apr 30, 2009, at 4:31 PM, Perry E. Metzger wrote:
Eric Rescorla e...@networkresonance.com writes:
McDonald, Hawkes and Pieprzyk claim that they have reduced the
collision
strength of SHA-1 to 2^{52}.
Slides here:
http://eurocrypt2009rump.cr.yp.to/
837a0a8086fa6ca714249409ddfae43d.pdf
Greg Rose g...@qualcomm.com writes:
This is a very important result. The need to transition from SHA-1
is no longer theoretical.
It already wasn't theoretical... if you know what I mean. The writing
has been on the wall since Wang's attacks four years ago.
Sure, but this should light a fire
33 matches
Mail list logo