Status of SRP

2006-06-04 Thread Beryllium Sphere LLC
On 6/3/06, Florian Weimer |Perry's Cryptography mailing list| ... wrote: We have no real-world studies how users make their day-to-day trust decisions when using the Internet. We do have a beginning, in the study done by Garfinkel, Miller and Wu at MIT

Re: Status of opportunistic encryption

2006-06-04 Thread Thomas Harold
James A. Donald wrote: Attacks on DNS are common, though less common than other attacks, but they are by scammers, not TLA agencies, perhaps because they are so easily detected. All logons should move to SRP to avoid the phishing problem, as this is the most direct and strongest solution for

Re: Status of SRP

2006-06-04 Thread Jeffrey Altman
James A. Donald wrote: -- Jeffrey Altman wrote: Unfortunately, SRP is not the solution to the phishing problem. The phishing problem is made up of many subtle sub-problems involving the ease of spoofing a web site and the challenges involved in securing the enrollment and password

Re: Status of attacks on AES?

2006-06-04 Thread Marcos el Ruptor
I skimmed this. The start of the article says that after 3 rounds AES achieves perfect diffusion?! 1. It's complete diffusion, not perfect diffusion. Perfect diffusion is a property meaning something completely different. 2. My post incorrectly stated that cryptographers believed that the AES

Re: Status of opportunistic encryption

2006-06-04 Thread Thierry Moreau
Thomas Harold wrote, in part: I do suspect at some point that the lightweight nature of DNS will give way to a heavier, encrypted or signed protocol. Economic factors will probably be the driving force (online banking). E.g. RFC4033, RFC4034, RFC4035. - Thierry