Re: Zfone and ZRTP :: encryption for voip protocols
On Wed, 15 Mar 2006, Ed Gerck wrote: cybergio wrote: Zfone :: http://www.philzimmermann.com/EN/zfone/index.html ...it achieves security without reliance on a PKI, key certification, trust models, certificate authorities, or key management... Good. But, uf course, there's a trust model and you need to rely on it. Points to them for making it explicit. ...allows the detection of man-in-the-middle (MiTM) attacks by displaying a short authentication string for the users to read and compare over the phone. Depends on the trust model. May not work. This is incomplete. The paragraph goes on to say: we still get fairly decent authentication against a MiTM attack, based on a form of key continuity. It does this by caching some key material to use in the next call, to be mixed in with the next call's DH shared secret, giving it key continuity properties analogous to SSH. The SSH trust model has certainly proved itself as useful, and is probably perfectly appropriate for semi-adhoc telephony where voice nuance offers an additional means of detecting phonies (pun!). The screenshot on that page seems to indicate only three [a-z0-9] characters form the key fingerprint. My first impression was that this was insufficient, but it is probably a good tradeoff. It is short enough that people will actually use it, and an attacker might only get a couple of tries of getting it wrong (in a 2^15 bit space) before a human would be very suspicious. -d - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
World of Warcraft massive surveillance...
We live in a world where the technology exists that the government or other technically sophisticated group is able to monitor and analyze a substantial fraction of the communications of the world's population, or can track their movements throughout the day, or keep tabs on their financial transactions. And that world is called World of Warcraft. http://terranova.blogs.com/terra_nova/2006/03/confessions_of_.html [Hat tip to Bruce Schneier's blog.] Perry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
MD5 collisions in one minute
Hi all, You might be interested in knowing that my MSc student Marc Stevens has found a considerable speedup of MD5 collision generation. His improvements of Wang's method enables one to make MD5 collisions typically in one minute on a PC; sometimes it takes a few minutes, and sometimes only a few seconds. His paper (shortly to appear on the Cryptology ePrint Archive) can be found on http://www.win.tue.nl/hashclash/, where we've also made his software available (source code and a Win32 executable). Grtz, Benne de Weger - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Call for Participation: HOPE#6, July 21-23
Colleagues: The sixth HOPE (Hackers On Planet Earth) conference is taking place this summer, on July 21-23 at New York City's Hotel Pennsylvania. This is a semi-unofficial invitation to the members of this list, to participate in this unique event. The HOPE Number Six conference is inviting proposals for: - conference-style presentations on all matters of technology, especially those with security or social relevance; - exhibitions of all scale, including demonstrations, artworks, on-site collaborations, etc.; and, - vendor displays. Not including the auditorium areas, there is an additional 20,000 square feet, or 1800 square meters, of space for all types of relevant activities to take place. As usual, we expect the conference to attract thousands of attendees from diverse groups. As a participant, your audience and collaborators will include technology professionals, scientists and academics, underground researchers and engineers, artists, activists, journalists, spooks, a few celebrities, and many individuals overlapping and/or defying these categories. The official Call for Participation and other information can be found at: http://www.hopenumbersix.net/cfp.html Please submit your proposals to speakers(at)2600(dot)com. Thanks, and hope to see you there! DCL - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]