The assumption that "having cracked a cipher" leads to "can make lots
of money from the break" is one held mostly by those who have never
attacked real systems, which have evolved with lots of checks and
balances.
The very best way to make money from cracking ciphers seems to be to
patent the brea
"Scott Guthery" <[EMAIL PROTECTED]> writes:
> Suppose. Just suppose. That you figured out a factoring
> algorithm that was polynomial. What would you do? Would
> you post it immediately to cypherpunks?Well, OK, maybe
> you would but not everyone would. In fact some might
> even imagine the
> There are a number of standard building blocks (3DES, AES, RSA, HMAC,
> SSL, S/MIME, etc.). While none of these building blocks are known
> to be secure ..
So for the well-meaning naif, a literature search should result in "no
news is good news." Put more plainly, if you looked up hash and didn
"Scott Guthery" <[EMAIL PROTECTED]> writes:
> When I drill down on the many pontifications made by computer
> security and cryptography experts all I find is given wisdom. Maybe
> the reason that folks roll their own is because as far as they can see
> that's what everyone does. Roll your own th
In order to increase hardware efficiency, the 8-bit S-boxes of Anubis
have been designed by combining 4-bit S-boxes with bit permutations in
two layers. 4-bit S-boxes always have quadratic equations.
Hence if you would be worried about algebraic attacks on AES, you probably
should also worry abo
What do you folks think about Anubis [1] ?
I don't understand the maths, but I would *like* to think that Rijndael's
positive results (mostly, its lack of negative results) would apply to Anubis
while Rijndael's negatives (such as the hypothetical algebraic solution)
wouldn't.
Regards,
Zooko
Ryan Lackey writes:
> I need to find some relatively widely deployed applications which have
> frequent user interactions (rapid clicking on links, from as large a
> population of links as possible, and also form filling and such).
>
> (it should be pretty obvious what this is for)
It's not, real
In message <[EMAIL PROTECTED]>, "John Brothers"
writes:
>
>> Any license that you may
>> believe you acquired with the Software is void, revoked and terminated.
>
>
>Can you void and/or revoke the GPL?
It doesn't matter if the GPL statement wasn't inserted by the real
owner of the work. Note
John Kelsey wrote:
>
> At 10:29 AM 5/30/03 -0400, Anton Stiglic wrote:
>
> >So what happened to passphrase guessing? That's got to be
> >one of the weakest links. Unless their private key wasn't
> >stored on the device?
>
> One thought: How hard would it be to write a Palm app to use the
> in
At 04:33 PM 5/30/03 -0700, bear wrote:
...
Blowfish has been around longer than Rijndael; I think AES may not yet
have gotten as much cryptographic attention as Blowfish's several-year
headstart has given it. I think that a "perfect cipher" of Blowfish's
block size would necessarily be less secure
At 10:29 AM 5/30/03 -0400, Anton Stiglic wrote:
So what happened to passphrase guessing? That's got to be
one of the weakest links. Unless their private key wasn't
stored on the device?
One thought: How hard would it be to write a Palm app to use the
interaction between several devices to deri
At 01:22 PM 5/29/03 -0400, Ian Grigg wrote:
The following appears to be a bone fide case of a
threat model in action against the PGP program.
...
Two comments:
a. It sure seems like it would be a pain to enter a long passphrase on one
of these things, so that seems like the most plausible attac
I tried to notify the BIS that I was posting some code and I got this
error back:
> <[EMAIL PROTECTED]>:
> 170.110.31.61 failed after I sent the message.
> Remote host said: Can't create transcript file ./xfh4VJhUa02511: No space left on
> device
>
> <[EMAIL PROTECTED]>:
> 170.110.31.61 failed aft
> Any license that you may
> believe you acquired with the Software is void, revoked and terminated.
Can you void and/or revoke the GPL? On one hand, the files are clearly
marked as copyright NullSoft, but on the other, they are also clearly
distributed with the GPL as the license in the header
On 30 May 2003, Eric Rescorla wrote:
>bear <[EMAIL PROTECTED]> writes:
>There are three possibilities here:
>E(M) || H(E(M)) -> This is radically insecure.
>E(M) || H(M)-> This is still quite dangerous. If the attacker
> can somehow reset the IV, then they can mount
>
Eric Rescorla wrote:
>E(M) || H(M)-> This is still quite dangerous. If the attacker
> can somehow reset the IV, then they can mount
> an attack on the first cipher block.
Also, it can violate confidentiality. If M is guessable,
the guess can be confirmed
16 matches
Mail list logo
