two-factor authentication problems

2005-03-06 Thread Ed Gerck
Current solutions for two-factor authentication may be weaker than they seem. Let me present two cases, including SecurID, for comments. 1. First case, without a clock, take a look at: http://www.ietf.org/internet-drafts/draft-mraihi-oath-hmac-otp-02.txt Because the algorithm MUST be sequence or

Re: comments wanted on gbde

2005-03-06 Thread Joseph Ashwood
- Original Message - From: Steven M. Bellovin [EMAIL PROTECTED] Subject: comments wanted on gbde I'll just deal with it piece by piece. Page 3 decrypting and re-encrypting an entire disk would likely take more than a day with currently available hardware is wrong. Assuming 256-bit AES,

Re: [IP] One cryptographer's perspective on the SHA-1 result

2005-03-06 Thread james hughes
On Mar 4, 2005, at 5:23 PM, James A. Donald wrote: The attacks on MD*/SHA* are weak and esoteric. On this we respectfuly disagree. You make it sound trivial. Wang has been working on these results for over 10 years. She received the largest applause at Crypto 2004 session from her peers I have

Re: comments wanted on gbde

2005-03-06 Thread Roland Dowdeswell
I have started writing up a bit of an analysis of GBDE, which I would like to have people comment on before I continue with it. I.e. am I onto something here or not? I wrote this up very quickly over a few sleepless nights while trying to get my normal work done before I left on vacation, so