Re: The Pointlessness of the MD5 'attacks'

2004-12-22 Thread Sidney Markowitz
This isn't worked out enough to be a proof of concept, but I can imagine a piece of code that has a comment This can't overflow because value X computed from the magic bits table will always be between A and B. Get 0.1% speed boost by leaving out range check here but don't change magic bits.

The Pointlessness of the MD5 attacks

2004-12-22 Thread David Wagner
Ben Laurie writes: Dan Kaminsky's recent posting seems to have caused some excitement, but I really can't see why. In particular, the idea of having two different executables with the same checksum has attracted attention. But the only way I can see to exploit this would be to have code that

The Pointlessness of the MD5 attacks

2004-12-22 Thread David Wagner
Ben Laurie writes: Indeed, but what's the point? If you control the binary, just distribute the malicious version in the first place. Where this argument breaks down is that someone might have partial but not total control over the binary. This partial control might not be enough for them to

Re: The Pointlessness of the MD5 'attacks'

2004-12-22 Thread C. Scott Ananian
On Wed, 15 Dec 2004, Tim Dierks wrote: Here's an example, although I think it's a stupid one, and agree with [...] I send you a binary (say, a library for doing AES encryption) which you test exhaustively using black-box testing. The black-box testing would obviously be the mistake. How can you

Re: The Pointlessness of the MD5 attacks

2004-12-22 Thread Ben Laurie
John Kelsey wrote: So, to exploit this successfully, you need code that cannot or will not be inspected. My contention is that any such code is untrusted anyway, so being able to change its behaviour on the basis of embedded bitmap changes is a parlour trick. You may as well have it ping a website

Re: The Pointlessness of the MD5 attacks

2004-12-22 Thread Ben Laurie
Jay Sulzberger wrote: On Tue, 14 Dec 2004, Ben Laurie wrote: Ondrej Mikle wrote: [snipped many assertions without supporting evidence that MD5 cracks improve attacks] So, to exploit this successfully, you need code that cannot or will not be inspected. My contention is that any such code is

Re: Cryptography Research wants piracy speed bump on HD DVDs

2004-12-22 Thread Ian Grigg
What CR does instead is much simpler and more direct. It tries to cut off any player that has been used for mass piracy. Let me get this right. ... When a pirate makes a copy of a film encoded as SPDC, the output file is cryptographically bound to a set of player decryption keys. So it is

Fwd: The PoinFULLness of the MD5 'attacks'

2004-12-22 Thread james hughes
For this discussion, I think we are missing the point here... 1. With a rogue binary distribution with correct hash, this is -at least- a denial of service where the customer will install the rogue binary and it will crash in the area that the information was changed. MD5 based Tripwire will

Re: SSL/TLS passive sniffing

2004-12-22 Thread Florian Weimer
* Victor Duchovni: The third mode is quite common for STARTTLS with SMTP if I am not mistaken. A one day sample of inbound TLS email has the following cipher frequencies: 8221(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) 6529(using TLSv1 with cipher

DIMACS Workshop on Large-Scale Games at Northwestern University

2004-12-22 Thread Linda Casals
**Call For Papers * DIMACS Workshop on Large-Scale Games April 17 - 19, 2005 **Location: Evanston Campus, Northwestern University, Evanston, Illinois** Organizers: Lance Fortnow,

International meet on cryptology in Chennai

2004-12-22 Thread R.A. Hettinga
http://www.chennaionline.com/colnews/newsitem.asp?NEWSID=%7BE75EFF46-873D-4942-884A-69B736936D6B%7DCATEGORYNAME=Tamil+Nadu Chennai Online News Service - View News Dec 20, 2004 Mon Dharana International meet on cryptology in Chennai Search for More News Chennai, Dec 19: A three-day

Digipass Starts to Make a Mark

2004-12-22 Thread R.A. Hettinga
http://online.wsj.com/article_print/0,,SB110348908376704197,00.html The Wall Street Journal December 20, 2004 Digipass Starts to Make a Mark Vasco Enhances Online Security As Web Banks Gain Popularity By STEVE DE BONVOISIN DOW JONES NEWSWIRES December 20, 2004 BRUSSELS --

Re: International meet on cryptology in Chennai

2004-12-22 Thread R.A. Hettinga
--- begin forwarded text Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys Date: Tue, 21 Dec 2004 00:08:49 -0800 (PST) From: Sarad AV [EMAIL PROTECTED] Subject: Re: International meet on cryptology in Chennai To: R.A. Hettinga [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] --- R.A.

Re: SSL/TLS passive sniffing

2004-12-22 Thread John Denker
Florian Weimer wrote: Would you recommend to switch to /dev/urandom (which doesn't block if the entropy estimate for the in-kernel pool reaches 0), and stick to generating new DH parameters for each connection, No, I wouldn't. or ... generate them once per day and use it for several connections?

Re: Cryptography Research wants piracy speed bump on HD DVDs

2004-12-22 Thread Matt Crawford
On Dec 15, 2004, at 11:54, Taral wrote: What stops someone using 3 players and majority voting on frame data bits? As I understand it, they use such a huge number of bits for marking, that any reasonably-sized assembly of players will still coincide on some marked bits. (However, I very much

Re: SSL/TLS passive sniffing

2004-12-22 Thread Victor Duchovni
On Sun, Dec 19, 2004 at 05:24:59PM +0100, Florian Weimer wrote: * Victor Duchovni: The third mode is quite common for STARTTLS with SMTP if I am not mistaken. A one day sample of inbound TLS email has the following cipher frequencies: 8221(using TLSv1 with cipher

Re: The Pointlessness of the MD5 attacks

2004-12-22 Thread Ben Laurie
David Wagner wrote: Ben Laurie writes: Dan Kaminsky's recent posting seems to have caused some excitement, but I really can't see why. In particular, the idea of having two different executables with the same checksum has attracted attention. But the only way I can see to exploit this would be

Re: Do We Need a National ID Card?

2004-12-22 Thread Matt Crawford
On Dec 22, 2004, at 8:53, R.A. Hettinga wrote: Do we need a national ID card? The comment period on NIST's draft FIPS-201 (written in very hasty response to Homeland Security Presidential Directive HSPD-12) ends tomorrow. The draft, as written, enables use of the card by Smart IEDs and for

Re: The Pointlessness of the MD5 attacks

2004-12-22 Thread John Kelsey
From: Ben Laurie [EMAIL PROTECTED] Sent: Dec 22, 2004 12:24 PM To: David Wagner [EMAIL PROTECTED] Cc: cryptography@metzdowd.com Subject: Re: The Pointlessness of the MD5 attacks ... Assuming you could find a collision s.t. the resulting decryption looked safe with one version and unsafe with the

Re: SSL/TLS passive sniffing

2004-12-22 Thread Florian Weimer
* Victor Duchovni: The Debian folks have recently stumbled upon a problem in this area: Generating the ephemeral DH parameters is expensive, in terms of CPU cycles, but especailly in PRNG entropy. The PRNG part means that it's not possible to use /dev/random on Linux, at least on servers.

Re: Cryptography Research wants piracy speed bump on HD DVDs

2004-12-22 Thread Taral
On Wed, Dec 22, 2004 at 10:58:11AM -0600, Matt Crawford wrote: On Dec 15, 2004, at 11:54, Taral wrote: What stops someone using 3 players and majority voting on frame data bits? As I understand it, they use such a huge number of bits for marking, that any reasonably-sized assembly of

pgp global directory bugged instructions

2004-12-22 Thread Adam Back
So PGP are now running a pgp key server which attempts to consilidate the inforamtion from the existing key servers, but screen it by ability to receive email at the address. So they send you an email with a link in it and you go there and it displays your key userid, keyid, fingerprint and email

Border Patrol hails new ID system

2004-12-22 Thread R.A. Hettinga
http://www.washingtontimes.com/functions/print.php?StoryID=20041220-103705-9177r The Washington Times www.washingtontimes.com Border Patrol hails new ID system By Jerry Seper THE WASHINGTON TIMES Published December 21, 2004 Border Patrol agents assigned to U.S. Customs and Border Protection