Re: RSA gets a reprieve?

2005-07-05 Thread Florian Weimer
* Michael Heyman: www.newscientist.com/channel/info-tech/mg18625054.000 ATTEMPTS to build quantum computers could run up against a fundamental limit on how long useful information can persist inside them. My local source of quantum computing knowledge says that the conclusions

Re: /dev/random is probably not

2005-07-05 Thread Florian Weimer
* Jason Holt: You may be correct, but readers should also know that, at least in Linux: /usr/src/linux/drivers/char/random.c: * All of these routines try to estimate how many bits of randomness a * particular randomness source. They do this by keeping track of the * first and second

Re: /dev/random is probably not

2005-07-05 Thread Charles M. Hannum
On Sunday 03 July 2005 05:21, Don Davis wrote: From: Charles M. Hannum [EMAIL PROTECTED] Date: Fri, 1 Jul 2005 17:08:50 + While I have found no fault with the original analysis, ...I have found three major problems with the way it is implemented in current systems. hi, mr. hannum

Re: /dev/random is probably not

2005-07-05 Thread Dan Kaminsky
So the funny thing about, say, SHA-1, is if you give it less than 160 bits of data, you end up expanding into 160 bits of data, but if you give it more than 160 bits of data, you end up contracting into 160 bits of data. This works of course for any input data, entropic or not. Hash saturation?

Feature or Flaw?

2005-07-05 Thread Lance James
Hi all, I wanted to introduce something that has probably been known for some time now, but has never been really addressed due to possible conflicting views of how SSL certificates should work, and where the CA's should (or should not) fit in. As we all know, the recent attention to the

ECRYPT Workshop on RFID and Light-Weight Crypto

2005-07-05 Thread Elisabeth Oswald
** CALL FOR PARTICIPATION ** ECRYPT Workshop on RFID and Light-Weight Crypto July 14-15, 2005 IAIK, Graz University of Technology , Austria Organizers: Vincent Rijmen, Graz University of

Re: Feature or Flaw?

2005-07-05 Thread Amir Herzberg
Lance James wrote: ... https://slam.securescience.com/threats/mixed.html This site is set so that there is a frame of https://www.bankone.com inside my https://slam.securescience.com/threats/mixed.html site. The imaginative part is that you may have to reverse the rolls to understand the

Re: Feature or Flaw?

2005-07-05 Thread Florian Weimer
* Lance James: Feature, or flaw? Couldn't you just copy (or proxy all content) and get the same effect without using frames at all? Maybe I'm just missing something. - The Cryptography Mailing List Unsubscribe by sending

Re: /dev/random is probably not

2005-07-05 Thread John Kelsey
From: Charles M. Hannum [EMAIL PROTECTED] Sent: Jul 3, 2005 7:42 AM To: Don Davis [EMAIL PROTECTED] Cc: cryptography@metzdowd.com Subject: Re: /dev/random is probably not ... Also, I don't buy for a picosecond that you have to gather all timings in order to predict the output. As we know from

Re: Feature or Flaw?

2005-07-05 Thread Lance James
Amir Herzberg wrote: Lance James wrote: ... https://slam.securescience.com/threats/mixed.html This site is set so that there is a frame of https://www.bankone.com inside my https://slam.securescience.com/threats/mixed.html site. The imaginative part is that you may have to reverse the

Re: Feature or Flaw?

2005-07-05 Thread Lance James
Florian Weimer wrote: * Lance James: Feature, or flaw? Couldn't you just copy (or proxy all content) and get the same effect without using frames at all? How would you go about doing that and still get the SSL Lock to remain as the banks? Can you give an example? Maybe I'm

Re: Feature or Flaw?

2005-07-05 Thread Florian Weimer
* Lance James: Couldn't you just copy (or proxy all content) and get the same effect without using frames at all? How would you go about doing that and still get the SSL Lock to remain as the banks? Can you give an example? In both cases, you have the SSL lock on your own certificate. At

Re: Feature or Flaw?

2005-07-05 Thread Lance James
Florian Weimer wrote: * Lance James: Couldn't you just copy (or proxy all content) and get the same effect without using frames at all? How would you go about doing that and still get the SSL Lock to remain as the banks? Can you give an example? In both cases, you have

Re: Feature or Flaw?

2005-07-05 Thread Lance James
Amir Herzberg wrote: Lance James wrote: ... https://slam.securescience.com/threats/mixed.html This site is set so that there is a frame of https://www.bankone.com inside my https://slam.securescience.com/threats/mixed.html site. The imaginative part is that you may have to reverse the

[Forwarded] RealID: How to become an unperson.

2005-07-05 Thread Perry E. Metzger
I'm forwarding this article, originally from the Cypherpunks mailing list (I saw it on Dave Farber's Interesting People) because I find the security implications important. HOWEVER, I'm warning in advance that I'm not going to forward a lot of followups, especially if they are unoriginal and/or

Re: Feature or Flaw?

2005-07-05 Thread Jeremiah Rogers
This site is set so that there is a frame of https://www.bankone.com inside my https://slam.securescience.com/threats/mixed.html site. The imaginative part is that you may have to reverse the rolls to understand the impact of this (https://www.bankone.com with

Re: Feature or Flaw?

2005-07-05 Thread Florian Weimer
* Lance James: And as stated above, reverse the effect and it would be the banks in scenarios such as XSS. In case of XSS or CSRF, you have lost anyway. The web was not designed as a presentation service for transaction processing, especially if the transactions involve significant value.

Re: Feature or Flaw?

2005-07-05 Thread Lance James
Florian Weimer wrote: * Lance James: And as stated above, reverse the effect and it would be the banks in scenarios such as XSS. In case of XSS or CSRF, you have lost anyway. The web was not designed as a presentation service for transaction processing, especially if the

Time-Memory-Key tradeoff attacks?

2005-07-05 Thread Perry E. Metzger
The following has appeared in the IACR preprint archive. I would appreciate comments. The author certainly has reasonable credentials, but the document is low on detail: http://eprint.iacr.org/2005/207 Some Thoughts on Time-Memory-Data Tradeoffs Author: Alex Biryukov Abstract: In this

[ANNOUNCE] OpenSSL 0.9.8 released

2005-07-05 Thread Richard Levitte - VMS Whacker
OpenSSL version 0.9.8 released == OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.8 of our open source toolkit for SSL/TLS. This new OpenSSL

[OT] The Nazification Of America, Part 2 (Day 5) (fwd)

2005-07-05 Thread J.A. Terranson
I was unaware that (a) this had hit Farber, or that (b) it had been cross posted to cryptography, prior to my second posting - which is attached below (for the sake of completeness). //Alif -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF -- Forwarded message -- Date:

Re: [Forwarded] RealID: How to become an unperson.

2005-07-05 Thread hadmut
Don't laugh. This is exactly the problem I had with my german identity card. In Germany, you are required to possess either an identity card or a passport once you reach the age of 16. If you're younger you can just have a children's passport in case you need for travelling. Usually applying