Re: Symmetric ciphers as hash functions

2005-11-03 Thread Travis H.
Not so... the SHA family are all unbalanced Feistel structures. Sorry, I guess I am thinking of AES. I don't know where I got the doesn't need to be invertible bit, I must be conflating it with something else. He should also take a look at OCB, CCM, and CBC-MAC modes. Perhaps he intends to

RE: [EMAIL PROTECTED]: Skype security evaluation]

2005-11-03 Thread Marcel Popescu
From: [EMAIL PROTECTED] [mailto:owner- [EMAIL PROTECTED] On Behalf Of Peter Gutmann I can't understand why they didn't just use TLS for the handshake (maybe YASSL) and IPsec sliding-window + ESP for the transport (there's a free minimal implementation of this whose name escapes me for use by

Re: HTTPS mutual authentication alpha release - please test

2005-11-03 Thread Nick Owen
cyphrpunk wrote: On 10/31/05, Nick Owen [EMAIL PROTECTED] wrote: The system works this way: Each WiKID domain now can include a 'registered URL' field and a hash that website's SSL certificate. When a user wants to log onto a secure web site, they start the WiKID token and enter their PIN. The

Re: HTTPS mutual authentication alpha release - please test

2005-11-03 Thread Nick Owen
What threat is this supposed to defend against? Is it phishing? I don't see how it will help, if the bogus site has a valid certificate. Yes, phishing. The token client isn't checking to see if the cert is valid, it's only checking to see if it's the same as the one that is on the WiKID