CORRECTION / RE: Qualified Certificate Request

2005-08-02 Thread Nap van Zuuren
CORRECTION: You are right about the (real life) notaries function, still being necessary. As far as I am informed, by my contributorship within CEN ETSI -EESSI and CEN-NIS, there is still no solution for (very) long TERM Storage AND RETRIEVAL of documents, key pairs, certificates, relating

Re: Possibly new result on truncating hashes

2005-08-02 Thread Hal Finney
John Kelsey writes: The high order bit is that you can't generally guarantee that truncating your hash (chopping off some bits) won't weaken it. That is, if you chop SHA256 off to 160 bits as a replacement for SHA1 (something I'm working on with Niels Ferguson for X9 right now), it's

Re: Last WWII Comanche code talker dies in Oklahoma

2005-08-02 Thread Andreas Hasenack
Em Segunda 01 Agosto 2005 02:40, Udhay Shankar N escreveu: [resending this, after it didn't reach the list first time. I seem to have fallen off the list, and am back on now. I hope this isn't a repeat. /udhay] http://aolsvc.news.aol.com/news/article.adp?id=20050721170009990017 Last WWII

[Clips] Hackers Hit Microsoft Windows Genuine Advantage

2005-08-02 Thread R.A. Hettinga
--- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Mon, 1 Aug 2005 22:34:52 -0400 To: Philodox Clips List [EMAIL PROTECTED] From: R.A. Hettinga [EMAIL PROTECTED] Subject: [Clips] Hackers Hit Microsoft Windows Genuine Advantage Reply-To: [EMAIL PROTECTED] Sender: [EMAIL

[Clips] Clippre: Leaving a trail of tech

2005-08-02 Thread R.A. Hettinga
--- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Mon, 1 Aug 2005 22:38:26 -0400 To: Philodox Clips List [EMAIL PROTECTED] From: R.A. Hettinga [EMAIL PROTECTED] Subject: [Clips] Clippre: Leaving a trail of tech Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED]

Re: Possibly new result on truncating hashes

2005-08-02 Thread Joseph Ashwood
- Original Message - From: John Kelsey [EMAIL PROTECTED] Subject: Possibly new result on truncating hashes How could this work? Suppose we have an algorithm like the Wang attacks on MD5, SHA0, or SHA1 for finding a single collision pair. The algorithm returns a single collision pair

AW: Possibly new result on truncating hashes

2005-08-02 Thread Kuehn, Ulrich
John Kelsey wrote: Unfortunately, we can't make this argument, because this postulated collision algorithm can't be used to find a collision in the whole SHA256 more efficiently than brute force. Let's do the counting argument: Each time we call the 160-bit collision algorithm, we

Ostiary

2005-08-02 Thread Udhay Shankar N
Sounds interesting. Has anybody used this, and are there any comments? Udhay http://ingles.homeunix.org/software/ost/ Tools like ssh and lsh are great for allowing secure remote access to your system. They offer essentially full, flexible remote control of a machine, in an ecrypted and

Re: Last WWII Comanche code talker dies in Oklahoma

2005-08-02 Thread Udhay Shankar N
At 04:55 AM 8/2/2005, Andreas Hasenack wrote: Last WWII Comanche code talker dies in Oklahoma Wasn't that navajo instead? From the article: Chibitty joined the Army in 1941 at Ft. Sill, Oklahoma, when he and other Comanches heard the Army wanted them. Navajo Indians were used for the

Re: Ostiary

2005-08-02 Thread Ian Grigg
On Tuesday 02 August 2005 13:26, Udhay Shankar N wrote: Sounds interesting. Has anybody used this, and are there any comments? Udhay http://ingles.homeunix.org/software/ost/ ... Perhaps you only really need to remotely initiate a limited set of operations. In this case, you don't need

Re: Last WWII Comanche code talker dies in Oklahoma

2005-08-02 Thread Victor Duchovni
On Mon, Aug 01, 2005 at 08:25:35PM -0300, Andreas Hasenack wrote: Em Segunda 01 Agosto 2005 02:40, Udhay Shankar N escreveu: [resending this, after it didn't reach the list first time. I seem to have fallen off the list, and am back on now. I hope this isn't a repeat. /udhay]

Re: Ostiary

2005-08-02 Thread Karl Chen
As an authentication protocol, it looks vulnerable to a time synchronization attack: an attacker that can desynchronize the server and client's clocks predictably can block the client's authentication and use it as his own. (Assuming the server's clock is monotonically increasing, the command can

Re: Possibly new result on truncating hashes

2005-08-02 Thread Hal Finney
Joseph Ashwood writes: From: John Kelsey [EMAIL PROTECTED] Now, this is an attack on SHA256 truncated to 160 bits. Does it lead to an attack on SHA256 as a whole? Actually it does. Such an attack would reduce the difficulty of producing a collision in SHA-256 to 2^(64+(96/2)) or 2^112.

Re: Ostiary

2005-08-02 Thread Nicolas Rachinsky
* Karl Chen [EMAIL PROTECTED] [2005-08-02 09:24 -0700]: As an authentication protocol, it looks vulnerable to a time synchronization attack: an attacker that can desynchronize the server and client's clocks predictably can block the client's authentication and use it as his own. (Assuming the

[fc-announce] CFP FC'06: Financial Cryptography and Data Security

2005-08-02 Thread R.A. Hettinga
--- begin forwarded text To: [EMAIL PROTECTED] From: Avi Rubin [EMAIL PROTECTED] Subject: [fc-announce] CFP FC'06: Financial Cryptography and Data Security Sender: [EMAIL PROTECTED] Date: Tue, 2 Aug 2005 13:58:29 -0400 x-flowed Call for Papers