Re: First quantum crypto bank transfer

2004-08-24 Thread Jerrold Leichter
| ... the comments I've seen on this list and elsewhere have been much | broader, and amount to QM secure bit distribution is dumb, it solves | no problem we haven't already solved better with classical | techniques. | | Most of the comments on this list are more nuanced than that. Perhaps we

Re: First quantum crypto bank transfer

2004-08-24 Thread John Denker
Jerrold Leichter wrote: ... the comments I've seen on this list and elsewhere have been much broader, and amount to QM secure bit distribution is dumb, it solves no problem we haven't already solved better with classical techniques. Most of the comments on this list are more nuanced than that.

Re: More problems with hash functions

2004-08-24 Thread Hal Finney
Jerry Leichter writes: It strikes me that Joux's attack relies on *two* features of current constructions: The block-at-a-time structure, and the fact that the state passed from block to block is the same size as the output state. Suppose we did ciphertext chaining: For block i, the input

RE: Bad day at the hash function factory

2004-08-24 Thread Greg Rose
I wrote: Phil Hawkes' paper on the SHA-2 round function has just been posted as Eprint number 207. It contains rather a lot of detail, unlike some of the other papers on the subject of hash function collisions. At 14:17 2004-08-23 -0400, Trei, Peter wrote: Could you possibly post a direct

Re: Cryptography and the Open Source Security Debate

2004-08-24 Thread lrk
On Thu, Aug 12, 2004 at 03:27:07PM -0700, Jon Callas wrote: On 10 Aug 2004, at 5:16 AM, John Kelsey wrote: So, how many people on this list have actually looked at the PGP key generation code in any depth? Open source makes it possible for people to look for security holes, but it sure

The Call Is Cheap. The Wiretap Is Extra

2004-08-24 Thread John Denker
1) Here's an article from the New York Times. The headline just about says it all. Reportedly THEY want voice-over-internet users to pay for the privilege of having their calls tapped. The Call Is Cheap. The Wiretap Is Extra.

Re: First quantum crypto bank transfer

2004-08-24 Thread Bill Stewart
At 02:02 AM 8/23/2004, Florian Weimer wrote: * Bill Stewart: I agree that it doesn't look useful, but lawful intercept is harder, if you're defining that as undetected eavesdropping with possible cooperation of the telco in the middle, because quantum crypto needs end-to-end fiber so there's

Re: On hash breaks, was Re: First quantum crypto bank transfer

2004-08-24 Thread Jerrold Leichter
| Alternatively, how anyone can have absolute confidence in conventional | crypto | in a week when a surprise attack appears against a widely-fielded | primitive | like MD5 is beyond me. Is our certainty about AES's security really any | better today than was our certainty about RIPEM - or

Re: More problems with hash functions

2004-08-24 Thread Jerrold Leichter
| It strikes me that Joux's attack relies on *two* features of current | constructions: The block-at-a-time structure, and the fact that the state | passed from block to block is the same size as the output state. Suppose we | did ciphertext chaining: For block i, the input to the

Re: More problems with hash functions

2004-08-24 Thread Hal Finney
Jerry Leichter writes: Joux's attack says: Find single block messages M1 and M1' that collide on the blank initial state. Now find messages M2 amd M2' that collide with the (common) final state from M1 and M1'. Then you hav four 2-block collisions for the cost of two: M1|M2, M1'|M2, and so

Re: On hash breaks, was Re: First quantum crypto bank transfer

2004-08-24 Thread Hal Finney
Joe Ashwood writes: Except for RIPEM there were known to be reasons for this, MD5 was known to be flawed, SHA-0 was replaced because it was flawed (although knowledge of the nature of the flaw was hidden). Even with RIPEM (and SHA-1 for the same reason) I have plans in place (and have had

Re: On hash breaks, was Re: First quantum crypto bank transfer

2004-08-24 Thread Joseph Ashwood
- Original Message - From: Jerrold Leichter [EMAIL PROTECTED] Subject: Re: On hash breaks, was Re: First quantum crypto bank transfer | (they all have backup | plans that involve the rest of the SHA series and at the very least | Whirlpool). Moving to a larger hash function with no