Re: RNG quality verification

2005-12-22 Thread Peter Gutmann
Victor Duchovni <[EMAIL PROTECTED]> writes: >On Thu, Dec 22, 2005 at 10:28:47AM +0100, Philipp G?hring wrote: >> I think the better way would be if I had a possibility to verify the quality >> of the random numbers used in a certificate request myself, without the >> dependence on the vendor. > >Th

RNG quality verification

2005-12-22 Thread David Wagner
Philipp G#ring <[EMAIL PROTECTED]> writes: >I have been asked by to verify the quality of the random numbers which are >used for certificate requests that are being sent to us, to make sure that >they are good enough, and we don´t issue certificates for weak keys. Go tell whoever wrote your requ

Re: RNG quality verification

2005-12-22 Thread Philipp Gühring
Hi Travis, > The only thing is, you cannot test in randomness, That´s true, but I can test non-randomness. And if I don´t detect non-randomness, I can assume randomness to a certain extent. > and it is an abuse > of statistics to make predictions about individual events -- Wasn´t that one o

Re: A small editorial about recent events.

2005-12-22 Thread Ian Brown
[EMAIL PROTECTED] wrote: Clinton's Asst. A.G. http://www.chicagotribune.com/news/opinion/chi-0512210142dec21,0,3553632.story? coll=chi-newsopinioncommentary-hed Dog bites man: Asst. A.G. claims executive branch has extremely broad "wartime" powers to surveil Americans (with some contradictory

Re: A small editorial about recent events.

2005-12-22 Thread David G. Koontz
[EMAIL PROTECTED] wrote: Clinton's Asst. A.G. http://www.chicagotribune.com/news/opinion/chi-0512210142dec21,0,3553632.story? coll=chi-newsopinioncommentary-hed Dick Morris http://www.drudgereport.com/flash7.htm --dan Yet President Bush as publicly stated it requires a court order to wireta

Comparison of secure email technologies

2005-12-22 Thread Ed Gerck
Thanks for the comments. A new version of the work paper "Comparison Of Secure Email Technologies X.509 / PKI, PGP, and IBE" is available at The Blog (link in the paper page) contains the most relevant public input; private input is also apprecia

Re: RNG quality verification

2005-12-22 Thread Travis H.
On 12/22/05, Philipp Gühring <[EMAIL PROTECTED]> wrote: > So if I extract the key, remove the first and the last bit, then I should have > the pure random numbers that are being used. If I do that with lots of keys, > I should have a good amount of random material for the usual statistical > tests.

Re: RNG quality verification

2005-12-22 Thread Victor Duchovni
On Thu, Dec 22, 2005 at 10:28:47AM +0100, Philipp G?hring wrote: > I think the better way would be if I had a possibility to verify the quality > of the random numbers used in a certificate request myself, without the > dependence on the vendor. This is impossible. You don't see the raw "random

Re: RNG quality verification

2005-12-22 Thread Alexander Klimov
On Thu, 22 Dec 2005, Philipp [iso-8859-1] G?hring wrote: > > I have been asked by to verify the quality of the random numbers which are > used for certificate requests that are being sent to us, to make sure that > they are good enough, and we don?t issue certificates for weak keys. Consider an im

Re: browser vendors and CAs agreeing on high-assurance certificates

2005-12-22 Thread Thor Lancelot Simon
On Sun, Dec 18, 2005 at 09:47:27AM -0800, James A. Donald wrote: > > Has anyone been attacked through a certificate that > would not have been issued under stricter security? The > article does not mention any such attacks, nor have I > ever heard of such an attack. Ought we forget that two su

Re: another feature RNGs could provide

2005-12-22 Thread Travis H.
On 12/21/05, Perry E. Metzger <[EMAIL PROTECTED]> wrote: > > Good ciphers aren't permutations, though, are they? Because if they > > were, they'd be groups, and that would be bad. > > Actually, by definition, a cipher should be a permutation from the set > of plaintexts to the set of ciphertexts. I

RNG quality verification

2005-12-22 Thread Philipp Gühring
Hi, I have been asked by to verify the quality of the random numbers which are used for certificate requests that are being sent to us, to make sure that they are good enough, and we don´t issue certificates for weak keys. The client applications that generate the keys and issue the certificate

Re: A small editorial about recent events.

2005-12-22 Thread dan
Clinton's Asst. A.G. http://www.chicagotribune.com/news/opinion/chi-0512210142dec21,0,3553632.story? coll=chi-newsopinioncommentary-hed Dick Morris http://www.drudgereport.com/flash7.htm --dan - The Cryptography Mailing List

Re: another feature RNGs could provide

2005-12-22 Thread Bill Stewart
> Good ciphers aren't permutations, though, are they? Because if they > were, they'd be groups, and that would be bad. Actually, by definition, a cipher should be a permutation from the set of plaintexts to the set of ciphertexts. It has to be 1 to 1 bijective or it isn't an encryption algorith

Re: browser vendors and CAs agreeing on high-assurance certificates

2005-12-22 Thread James A. Donald
-- Peter Gutmann > In fact the real situation is even worse than this. > Although there has been plenty of anecdotal evidence > of the ineffectiveness of SSL certificates over the > years, it wasn.t until mid-2005 (ten years after > their introduction) that a rigorous study of the

RE: another feature RNGs could provide

2005-12-22 Thread Anton Stiglic
>Actually, by definition, a cipher should be a permutation from the set >of plaintexts to the set of ciphertexts. It has to be 1 to 1 bijective >or it isn't an encryption algorithm. > >Therefore, if you want an ergodic sequence of size 2^N, a counter >encrypted under an N bit block cipher will do i

Re: another feature RNGs could provide

2005-12-22 Thread Ben Laurie
Matt Crawford wrote: > On Dec 21, 2005, at 0:10, Ben Laurie wrote: >> Good ciphers aren't permutations, though, are they? Because if they >> were, they'd be groups, and that would be bad. > > A given cipher, with a given key, is a permutation of blocks. (Assuming > output blocks and input blocks

Re: another feature RNGs could provide

2005-12-22 Thread Matt Crawford
On Dec 21, 2005, at 0:10, Ben Laurie wrote: Good ciphers aren't permutations, though, are they? Because if they were, they'd be groups, and that would be bad. A given cipher, with a given key, is a permutation of blocks. (Assuming output blocks and input blocks are the same size.) It may

Re: permutations +- groups

2005-12-22 Thread John Denker
Ben Laurie wrote: Good ciphers aren't permutations, though, are they? Because if they were, they'd be groups, and that would be bad. There are multiple misconceptions rolled together there. 1) All of the common block ciphers (good and otherwise) are permutations. To prove this, it suffices t