Re: On the orthogonality of anonymity to current market demand

2005-10-31 Thread James A. Donald
-- John Kelsey What's with the heat-death nonsense? Physical bearer instruments imply stout locks and vaults and alarm systems and armed guards and all the rest, all the way down to infrastructure like police forces and armies (private or public) to avoid having the biggest gang end up

Re: [PracticalSecurity] Anonymity - great technology but hardly used

2005-10-31 Thread Alexander Klimov
On Wed, 26 Oct 2005, JЖrn Schmidt wrote: --- Travis H. [EMAIL PROTECTED] wrote: [snip] Another issue involves the ease of use when switching between a [slower] anonymous service and a fast non-anonymous service. I have a tool called metaprox on my website (see URL in sig) that allows

packet traffic analysis

2005-10-31 Thread John Denker
Travis H. wrote: Part of the problem is using a packet-switched network; if we had circuit-based, then thwarting traffic analysis is easy; you just fill the link with random garbage when not transmitting packets. OK so far ... There are two problems with this; one, getting enough

Re: [PracticalSecurity] Anonymity - great technology but hardly used

2005-10-31 Thread Ben Laurie
Travis H. wrote: Part of the problem is using a packet-switched network; if we had circuit-based, then thwarting traffic analysis is easy; you just fill the link with random garbage when not transmitting packets. I considered doing this with SLIP back before broadband (back when my friend

Re: [EMAIL PROTECTED]: Skype security evaluation]

2005-10-31 Thread Peter Gutmann
Jack Lloyd [EMAIL PROTECTED] writes: I just reread those sections and I still don't see anything about RSA encryption padding either. 3.2.2 just has some useless factoids about the RSA implementation (but neglects to mention important implementation points, like if blinding is used, or if

[EMAIL PROTECTED]: Re: [p2p-hackers] P2P Authentication]

2005-10-31 Thread Eugen Leitl
- Forwarded message from Kerry Bonin [EMAIL PROTECTED] - From: Kerry Bonin [EMAIL PROTECTED] Date: Thu, 27 Oct 2005 06:52:57 -0700 To: [EMAIL PROTECTED], Peer-to-peer development. [EMAIL PROTECTED] Subject: Re: [p2p-hackers] P2P Authentication User-Agent: Mozilla Thunderbird 1.0.6

The Pentagon is block NSA patent applications...

2005-10-31 Thread Steven M. Bellovin
http://www.newscientist.com/article.ns?id=dn8223feedId=online-news_rss091 --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to

NY Times reports: NSA falsified Gulf of Tonkin intercepts

2005-10-31 Thread Perry E. Metzger
http://www.nytimes.com/2005/10/31/politics/31war.html?ex=1288414800en=e2f5e341687a2ed9ei=5090partner=rssuserlandemc=rss WASHINGTON, Oct. 28 - The National Security Agency has kept secret since 2001 a finding by an agency historian that during the Tonkin Gulf episode, which helped

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-31 Thread cyphrpunk
On 10/25/05, Travis H. [EMAIL PROTECTED] wrote: More on topic, I recently heard about a scam involving differential reversibility between two remote payment systems. The fraudster sends you an email asking you to make a Western Union payment to a third party, and deposits the requested amount

Re: On Digital Cash-like Payment Systems

2005-10-31 Thread cyphrpunk
On 10/26/05, James A. Donald [EMAIL PROTECTED] wrote: How does one inflate a key? Just make it bigger by adding redundancy and padding, before you encrypt it and store it on your disk. That way the attacker who wants to steal your keyring sees a 4 GB encrypted file which actually holds about a

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-31 Thread cyphrpunk
One other point with regard to Daniel Nagy's paper at http://www.epointsystem.org/~nagydani/ICETE2005.pdf A good way to organize papers like this is to first present the desired properties of systems like yours (and optionally show that other systems fail to meet one or more of these properties);

Re: packet traffic analysis

2005-10-31 Thread Travis H.
Good catch on the encryption. I feel silly for not thinking of it. If your plaintext consists primarily of small packets, you should set the MTU of the transporter to be small. This will cause fragmentation of the large packets, which is the price you have to pay. Conversely, if your

Re: packet traffic analysis

2005-10-31 Thread Travis H.
I assume that the length is explicitly encoded in the legitimate packet. Then the peer for the link ignores everything until the next escape sequence introducing a legitimate packet. I should point out that encrypting PRNG output may be pointless, and perhaps one optimization is to stop

[Clips] US spy agency's patents under security scrutiny

2005-10-31 Thread R.A. Hettinga
--- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Sat, 29 Oct 2005 08:19:44 -0400 To: Philodox Clips List [EMAIL PROTECTED] From: R.A. Hettinga [EMAIL PROTECTED] Subject: [Clips] US spy agency's patents under security scrutiny Reply-To: [EMAIL PROTECTED] Sender: [EMAIL

Re: On Digital Cash-like Payment Systems

2005-10-31 Thread John Kelsey
From: cyphrpunk [EMAIL PROTECTED] Sent: Oct 27, 2005 9:15 PM To: James A. Donald [EMAIL PROTECTED] Cc: cryptography@metzdowd.com, [EMAIL PROTECTED] Subject: Re: On Digital Cash-like Payment Systems On 10/26/05, James A. Donald [EMAIL PROTECTED] wrote: How does one inflate a key? Just make it

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-31 Thread cyphrpunk
On 10/28/05, Daniel A. Nagy [EMAIL PROTECTED] wrote: Irreversibility of transactions hinges on two features of the proposed systetm: the fundamentally irreversible nature of publishing information in the public records and the fact that in order to invalidate a secret, one needs to know it;

Symmetric ciphers as hash functions

2005-10-31 Thread Arash Partow
Hi all, How does one properly use a symmetric cipher as a cryptographic hash function? I seem to be going around in circles. Initially I thought you choose some known key and encrypt the data with the key, using either the encrypted text or the internal state of the cipher as the hash value,

[Clips] Security 2.0: FBI Tries Again To Upgrade Technology

2005-10-31 Thread R.A. Hettinga
--- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Mon, 31 Oct 2005 07:29:37 -0500 To: Philodox Clips List [EMAIL PROTECTED] From: R.A. Hettinga [EMAIL PROTECTED] Subject: [Clips] Security 2.0: FBI Tries Again To Upgrade Technology Reply-To: [EMAIL PROTECTED] Sender: [EMAIL

Some thoughts on high-assurance certificates

2005-10-31 Thread Peter Gutmann
A number of CAs have started offering high-assurance certificates in an attempt to... well, probably to make more money from them, given that the bottom has pretty much fallen out of the market when you can get a standard certificate for as little as $9.95. The problem with these certificates is

Re: packet traffic analysis

2005-10-31 Thread John Denker
In the context of: If your plaintext consists primarily of small packets, you should set the MTU of the transporter to be small. This will cause fragmentation of the large packets, which is the price you have to pay. Conversely, if your plaintext consists primarily of large packets, you

RE: [EMAIL PROTECTED]: Skype security evaluation]

2005-10-31 Thread Whyte, William
A similar approach enabled Bleichenbacher's SSL attack on RSA with PKCS#1 padding. This sounds very dangerous to me. William -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of cyphrpunk Sent: Friday, October 28, 2005 5:07 AM To: [EMAIL PROTECTED];

AW: [EMAIL PROTECTED]: Skype security evaluation]

2005-10-31 Thread Kuehn, Ulrich
-Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von cyphrpunk Gesendet: Freitag, 28. Oktober 2005 06:07 An: [EMAIL PROTECTED]; cryptography@metzdowd.com Betreff: Re: [EMAIL PROTECTED]: Skype security evaluation] Wasn't there a rumor last year

Re: Some thoughts on high-assurance certificates

2005-10-31 Thread Anne Lynn Wheeler
Peter Gutmann wrote: And therein lies the problem. The companies providing the certificates are in the business of customer service, not of running FBI-style special background investigations that provide a high degree of assurance but cost $50K each and take six months to complete. The same

Re: Symmetric ciphers as hash functions

2005-10-31 Thread James Muir
Tom Shrimpton (http://www.cs.pdx.edu/~teshrim/) does research in this area (ie. using block ciphers to build hash functions). See the papers on his web site; in particular: Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV [pdf] [ps] John Black, Phillip

HTTPS mutual authentication alpha release - please test

2005-10-31 Thread Nick Owen
Happy Halloween! In what we hope will be a Halloween tradition, we have new release available for testing. WiKID is pleased to announce the alpha release of a major upgrade under the GPL featuring a cryptographic method of mutual authentication for HTTPS: WiKID-2.1: SOMETHING_WiKID_THIS_WAY_COMES