Re: Entropy and PRNGs

Ben Laurie wrote: Given recent discussion, this is perhaps a good moment to point at a paper I wrote a while back on PRNGs for Dr. Dobbs, where, I'll bet, most of you didn't read it. http://www.apache-ssl.org/randomness.pdf I just took a look at the first couple of pages. IMHO it has much room f

Re: AOL Help : About AOL® PassCode

Richard Clayton wrote: Actually I have been waiting for phishing with MITM to appear for some time (I haven't any yet - if somebody has, I'd be interested to hear about), I've been shown something similar last July ... which was, IIRC, a PayPal phish where the web page you went to checked t

Re: AOL Help : About AOL® PassCode

In article <[EMAIL PROTECTED]>, Joerg Schneider <[EMAIL PROTECTED]> writes >Florian Weimer wrote: >> I think you can forward the PassCode to AOL once the victim has >> entered it on a phishing site. Tokens à la SecurID can only help if > >Indeed. > >> the phishing schemes *require* delayed exploi

Atom demo fixes quantum errors

Always On Atom demo fixes quantum errors TRN NewsTeam | TRN [] | POSTED: 01.07.05 @09:47 Although quantum computers promise fantastic speed for certain types of very large problems, the logical components of quantum computers --

[PadLock] PadLock patches for linux kernel 2.6.10 (fwd from [EMAIL PROTECTED])

From: Michal Ludvig <[EMAIL PROTECTED]> Subject: [PadLock] PadLock patches for linux kernel 2.6.10 To: [EMAIL PROTECTED] Date: Fri, 7 Jan 2005 17:24:02 +0100 (CET) From: Michal Ludvig <[EMAIL PROTECTED]> Date: Fri, 7 Jan 2005 17:24:02 +0100 (CET) To: [EMAIL PROTECTED] Subject: [PadLock] PadLock p

Re: entropy depletion

I wrote: >> A long string produced by a good PRNG is conditionally compressible in the sense that we know there exists a shorter representation, but at the same time we believe it to be conditionally incompressible in the sense that the adversaries have no feasible way of finding a shorter represe

Re: entropy depletion (was: SSL/TLS passive sniffing)

>From: John Denker <[EMAIL PROTECTED]> >Sent: Jan 5, 2005 2:06 PM >To: Enzo Michelangeli <[EMAIL PROTECTED]> >Cc: cryptography@metzdowd.com >Subject: Re: entropy depletion (was: SSL/TLS passive sniffing) ... >You're letting your intuition about "usable randomness" run roughshod over >the formal de

Re: entropy depletion

| > | > random number generator this way. Just what *is* | > good enough? | | That's a good question. I think there is a good answer. It | sheds light on the distinction of pseudorandomness versus | entropy: | | A long string produced by a good PRNG is conditionally | compressib

[fc-announce] FC05 registration to open next week

--- begin forwarded text User-Agent: Microsoft-Entourage/11.1.0.040913 From: "Stuart E. Schechter" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: [fc-announce] FC05 registration to open next week Sender: [EMAIL PROTECTED] Date: Fri, 07 Jan 2005 11:00:54 -0500 Registration for Financial

Entropy and PRNGs

Given recent discussion, this is perhaps a good moment to point at a paper I wrote a while back on PRNGs for Dr. Dobbs, where, I'll bet, most of you didn't read it. http://www.apache-ssl.org/randomness.pdf One day, I plan to implement the API I describe there. Cheers, Ben. -- http://www.apache-s

Re: entropy depletion

Jerrold Leichter asked: random number generator this way. Just what *is* good enough? That's a good question. I think there is a good answer. It sheds light on the distinction of pseudorandomness versus entropy: A long string produced by a good PRNG is conditionally compressible in

[ISN] SSL VPNs Will Grow 54% A Year, Become Defacto Access Standard: Report

--- begin forwarded text Date: Fri, 7 Jan 2005 06:41:49 -0600 (CST) From: InfoSec News <[EMAIL PROTECTED]> To: isn@attrition.org Subject: [ISN] SSL VPNs Will Grow 54% A Year, Become Defacto Access Standard: Report Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] http://www.informat

Re: entropy depletion (was: SSL/TLS passive sniffing)

| > You're letting your intuition about "usable randomness" run roughshod | > over the formal definition of entropy. Taking bits out of the PRNG | > *does* reduce its entropy. | | By how much exactly? I'd say, _under the hypothesis that the one-way | function can't be broken and other attacks fai

OpenVPN and "SSL VPNs"

Hi, I already stumbled several times over OpenVPN but never had the time to look at it in detail. Now I had but didn't find many infos except "many lucky users" and few negative outputs. I have two open points: a) It would be good to hear from this community if there are any negative aspects of Ope

Re: entropy depletion (was: SSL/TLS passive sniffing)

On Thu, Jan 06, 2005 at 04:35:05PM +0800, Enzo Michelangeli wrote: > By how much exactly? I'd say, _under the hypothesis that the one-way > function can't be broken and other attacks fail_, exactly zero; in the > real world, maybe a little more. Unfortunately for your analysis, *entropy* assumes t

Re: entropy depletion (was: SSL/TLS passive sniffing)

> From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Enzo > Michelangeli > Sent: Tuesday, January 04, 2005 7:50 PM > > This "entropy depletion" issue keeps coming up every now and > then, but I still don't understand how it is supposed to > happen. If the PRNG uses a really non-i