$25MM figure:
http://lists.jammed.com/ISN/2003/10/0097.html
More details about what's covered:
http://www.nsa.gov/ia/industry/crypto_elliptic_curve.cfm
http://www.nsa.gov/ia/industry/crypto_suite_b.cfm
William
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
They paid $25MM.
William
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of James A. Donald
> Sent: Thursday, September 15, 2005 12:54 PM
> To: cryptography@metzdowd.com
> Subject: RE: ECC patents?
>
> --
> Whyte, William:
> > It hints that onl
At 09:54 2005-09-15 -0700, James A. Donald wrote:
I doubt that the NSA paid any money whatsoever for this
license, making it profoundly unimpressive as evidence
that *any* curves have a plausible valid patent. If the
NSA paid real money, the patent holders would be
sticking it in our face as a p
If the NSA paid anything significant for any of the
curves, we would be told.
You were better off not responding; you have lost your credibility on
this topic.
Given
the NSA's history of secrecy; and
the fact that it's common practice to not disclose
(financial) terms
In message <[EMAIL PROTECTED]>, "James A. Donald" writes:
>--
>Whyte, William:
>> It hints that only some particular curves have been
>> licensed. It could be that NSA has decided not to buy
>> a license for the other curves, or it could be that
>> operations on those curves aren't patented.
James A. Donald wrote:
> --
> Whyte, William:
>
>>It hints that only some particular curves have been
>>licensed. It could be that NSA has decided not to buy
>>a license for the other curves, or it could be that
>>operations on those curves aren't patented. The
>>presentation doesn't give
--
Whyte, William:
> It hints that only some particular curves have been
> licensed. It could be that NSA has decided not to buy
> a license for the other curves, or it could be that
> operations on those curves aren't patented. The
> presentation doesn't give enough information to
> estab
Victor Duchovni wrote:
>> Joint works with [...]
>
>Is it politically correct to not cite DJB in this context [...]
The phrase "joint work with XXX" means that this was a collaboration
between XXX and the speaker. If DJB wasn't part of the collaboration,
then of course he wouldn't be on that lis
Interesting new paper:
http://www.cs.berkeley.edu/~tygar/papers/Keyboard_Acoustic_Emanations_Revisited/preprint.pdf
We examine the problem of keyboard acoustic emanations. We
present a novel attack taking as input a 10-minute sound recording
of a user typing English text using a keyboar
Some clarification of the proposal:
Initialization:
===
client has dedicated pw(server) to each server (today's situation).
Client is supposed to be able to identify server based on the server's
certificate etc., e.g. using TrustBar over regular browser.
Client also installs the pw-
At 12:29 PM -0400 9/14/05, Steven M. Bellovin wrote:
>TODAY * TODAY * TODAY * WEDNESDAY, Sept. 14 2005
So, I saw this here at Farquhar Street at 14:55EST, jumped in the shower,
thus missing the train 13:20 train at Rozzy Square :-), instead took the
bus, and then the T, and got to MIT's New Funny
Date: Wed, 14 Sep 2005 18:30:22 -0400 (EDT)
From: Dan Rubenstein <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
The Department of Electrical Engineering at Columbia University invites you
to attend
THE ARMSTRONG MEMORIAL LECTURE
Monday, September 19 - 3:00pm
Davis Auditorium (Schapiro/Host)
Host:
there is somewhat an anciallary philosphical issue. most of the current
password-based systems have been oriented towards a static environment
... contributing to a mindset that addresses authentication technology
as a static issue.
The PKI paradigm even goes further with contributing to a somewha
> http://www1.ietf.org/proceedings_new/04nov/slides/saag-2/sld9.htm:
>
> What is Really Covered
> o The use of elliptic curves defined over GF(p) where p is a prime
> number greater than 2^255 when the product satisfies the Field of
> Use conditions
> o Both compressed and uncom
On Wed, Sep 14, 2005 at 12:29:39PM -0400, Steven M. Bellovin wrote:
> Taken together, these works have reduced the cost of factoring by many
> orders of magnitude, making it feasible, for example, to factor
> 1024-bit integers within one year at the cost of about US$1M (as
> opposed to the trillio
>From: rbg9000 <[EMAIL PROTECTED]>
>Sent: Sep 8, 2005 3:01 PM
>To: cryptography@metzdowd.com
>Subject: multiple keys to 1
>Sorry, I really don't know much about encryption, and my
>google searches haven't turned up much. I wondering if it's
>possible to reduce a set of symmetric keys (aes, twofis
In message <[EMAIL PROTECTED]>, Amir Herzberg writes:
>
>Amazon have this lovely service: if you tell if you forgot your pw, they
>send you to:
>https://www.amazon.com/exec/obidos/self-service-forgot-password-get-email-done
>/104-2901457-0883904
>
>where they ask you to confirm your identity... u
Amir Herzberg wrote:
> Excellent point. From which follows the question: can we improve the
> security of password-based web login, with less drastic changes - at
> least in the servers? Or is TLS-PSK the best/only way for us to improve
> pw-based web login?
>
> I think we can. For simplicity and
18 matches
Mail list logo