Re: [IP] SHA-1 cracked?

2005-02-22 Thread J.A. Terranson
On Wed, 16 Feb 2005, Ben Laurie wrote: A work factor of 2^69 is still a serious amount of work. Yep. Does anyone recall DeepCrack's specs? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Quadriplegics think before they write stupid pointless shit...because they have to type

Re: SHA-1 cracked

2005-02-22 Thread Mads Rasmussen
Ian G wrote: Stefan Brands just posted on my blog (and I saw reference to this in other blogs, posted anon) saying that it seems that Schneier forgot to mention that the paper has a footnote which says that the attack on full SHA-1 only works if some padding (which SHA-1 requires) is not done. I

Re: Digital Water Marks Thieves

2005-02-22 Thread mis
at the risk of being accused of being humor impaired: the particles are ignorant. it's the police officers that need to know to look for the taggants. civilians could look, but might not have access to the semantic content in the database. this is similar, i think to the taggants that are

Cybercash on Vacation

2005-02-22 Thread R.A. Hettinga
http://www.technologyreview.com/articles/05/03/issue/forward_cybercash.asp?p=0 Technology Review TechnologyReview.com Print | Forums Cybercash on Vacation By Peter Wayner March 2005 Back in 1996, a small handful of cryptographers, bankers, and blue-sky thinkers were debating, on Internet

Re: SHA-1 cracked

2005-02-22 Thread John Kelsey
From: Joseph Ashwood [EMAIL PROTECTED] Sent: Feb 17, 2005 12:15 AM To: cryptography@metzdowd.com Subject: Re: SHA-1 cracked This attack means that we need to begin the process for a quick and painless retirement of SHA-1 in favor of SHA-256/384/512 in the immediate future and begin further

Re: SHA-1 cracked

2005-02-22 Thread Ian G
John Kelsey wrote: Anyone know where we could find the paper? It'd be kind-of convenient when trying to assess the impact of the attack if we knew at least a few details The *words* part I typed in here: http://www.financialcryptography.com/mt/archives/000357.html I skipped the examples.

Re: Digital Water Marks Thieves

2005-02-22 Thread Sidney Markowitz
Matt Crawford wrote: How do the tiny particles know that it's not a civilian illuminating them with ultraviolet light? And how does Wired reporter Robert Andrews fail to ask that question? And other people complain about how someone can spray their paint on someone else's valuable and then

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

2005-02-22 Thread Ben Laurie
Taral wrote: On Wed, Feb 09, 2005 at 07:41:36PM +0200, Amir Herzberg wrote: Want to protect your Mozilla/FireFox from such attacks? Install our TrustBar: http://TrustBar.Mozdev.org (this was the first time that I had a real reason to click the `I don't trust this authority` button...) Opinions?

Re: SHA-1 cracked

2005-02-22 Thread Hal Finney
Ian Grigg writes: Stefan Brands just posted on my blog (and I saw reference to this in other blogs, posted anon) saying that it seems that Schneier forgot to mention that the paper has a footnote which says that the attack on full SHA-1 only works if some padding (which SHA-1 requires) is

Re: Digital Water Marks Thieves

2005-02-22 Thread Dan Kaminsky
Matt Crawford wrote: On Feb 15, 2005, at 12:40, R.A. Hettinga wrote: Instant, is a property-marking fluid that, when brushed on items like office equipment or motorcycles, tags them with millions of tiny fragments, each etched with a unique SIN (SmartWater identification number) that is

Re: SHA-1 cracked

2005-02-22 Thread Jim McCoy
On Feb 16, 2005, at 9:15 PM, Joseph Ashwood wrote: - Original Message - From: Steven M. Bellovin [EMAIL PROTECTED] Subject: SHA-1 cracked It's probably not a practical threat today, since it takes 2^69 operations to do it I will argue that the threat is realizable today, and highly

Re: SHA-1 cracked

2005-02-22 Thread Greg Rose
At 22:33 2005-02-16 +, Ian G wrote: Steven M. Bellovin wrote: According to Bruce Schneier's blog (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a team has found collisions in full SHA-1. It's probably not a practical threat today, since it takes 2^69 operations to do it

Re: [p2p-hackers] SHA1 broken?

2005-02-22 Thread R.A. Hettinga
--- begin forwarded text To: [EMAIL PROTECTED] Subject: Re: [p2p-hackers] SHA1 broken? Date: Thu, 17 Feb 2005 14:25:36 -0800 (PST) From: [EMAIL PROTECTED] (Hal Finney) Reply-To: Peer-to-peer development. [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] The problem with the attack scenario where two

Gates not his cocky self at RSA conference

2005-02-22 Thread R.A. Hettinga
http://software.itmanagersjournal.com/print.pl?sid=05/02/17/198257 IT Manager's Journal Tracking the Evolution of IT Title Gates not his cocky self at RSA conference Date 2005.02.17 14:33 By Roger Smith Topic Security Story URL SAN FRANCISCO -- Hardcore open source security

Re: ATM machine security

2005-02-22 Thread Joseph Ashwood
- Original Message - From: Lee Parkes [EMAIL PROTECTED] Subject: ATM machine security Hi, I'm working on a project that requires a benchmark against which to judge various suppliers. The closest that has similar requirements is the ATM industry. To this end I'm looking for any papers,

Cryptographers to Hollywood: prepare to fail on DRM

2005-02-22 Thread R.A. Hettinga
http://www.theregister.co.uk/2005/02/17/drm_security_shortcomings/print.html The Register Biting the hand that feeds IT Cryptographers to Hollywood: prepare to fail on DRM By John Leyden (john.leyden at theregister.co.uk) Published Thursday 17th February 2005 19:37 GMT RSA 2005 Movie

Many Wireless Security Breaches Reported At (RSA) Security Conference

2005-02-22 Thread Ian G
(As I've said many times, security breaches reported at conferences full of security people don't count as a predictor of what's out in the real world as a threat. But, it makes for interesting reading and establishes some metric on the ease of the attack. iang)

Re: Digital Water Marks Thieves

2005-02-22 Thread Matt Crawford
that is [...] invisible until illuminated by police officers using ultraviolet light. That's amazing! How do the tiny particles know that it's not a civilian illuminating them with ultraviolet light? And how does Wired reporter Robert Andrews fail to ask that question? Why would it matter? [...]

Re: SHA1 broken?

2005-02-22 Thread Joseph Ashwood
- Original Message - From: Joseph Ashwood [EMAIL PROTECTED] Sent: Friday, February 18, 2005 3:11 AM [the attack is reasonable] Reading through the summary I found a bit of information that means my estimates of workload have to be re-evaluated. Page 1 Based on our estimation, we expect

SHA-1 results available

2005-02-22 Thread Jack Lloyd
http://theory.csail.mit.edu/~yiqun/shanote.pdf No real details, just collisions for 80 round SHA-0 (which I just confirmed) and 58 round SHA-1 (which I haven't bothered with), plus the now famous work factor estimate of 2^69 for full SHA-1. As usual, Technical details will be provided in a

Re: SHA-1 cracked

2005-02-22 Thread Douglas F . Calvert
On Feb 15, 2005, at 11:29 PM, Steven M. Bellovin wrote: nevertheless -- especially since it comes just a week after NIST stated that there were no successful attacks on SHA-1. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb Should anything be read into the timing of the

Code name Killer Rabbit: New Sub Can Tap Undersea Cables

2005-02-22 Thread R.A. Hettinga
http://wcbs880.com/topstories/topstories_story_049165912.html/resources_storyPrintableView WCBS 880 | wcbs880.com Experts: New Sub Can Tap Undersea Cables * USS Jimmy Carter Will Be Based In Washington State Feb 18, 2005 4:55 pm US/Eastern The USS Jimmy Carter, set to join the

Re: SHA1 broken?

2005-02-22 Thread Joseph Ashwood
- Original Message - From: Dave Howe [EMAIL PROTECTED] Subject: Re: SHA1 broken? Indeed so. however, the argument in 1998, a FPGA machine broke a DES key in 72 hours, therefore TODAY... assumes that (a) the problems are comparable, and (b) that moores law has been applied to FPGAs

Re: ATM machine security

2005-02-22 Thread Alex Alten
You may want to look at US Patents 4,268,715 and 4,268,715. I believe these are among the core group of ATM patents. - Alex At 09:58 AM 2/17/2005 +0100, Lee Parkes wrote: Hi, I'm working on a project that requires a benchmark against which to judge various suppliers. The closest that has similar