Re: crypto component services - is there a market?

2007-04-19 Thread Stefan Kelm
 Same with digital timestamping.

Here in Europe, e-invoicing very slowly seems to be
becoming a (or should I say the?) long-awaited
application for (qualified) electronic signatures.
Since electronic invoices need to be archived in
most countries some vendors apply time-stamps and
recommend to re-apply time-stamps from time to time.

Cheers,

Stefan.


T.I.S.P.  -  Lassen Sie Ihre Qualifikation zertifizieren
vom 25.-30.06.2007 - http://www.secorvo.de/college/tisp/

Stefan Kelm
Security Consultant

Secorvo Security Consulting GmbH
Ettlinger Strasse 12-14, D-76137 Karlsruhe
Tel. +49 721 255171-304, Fax +49 721 255171-100
[EMAIL PROTECTED], http://www.secorvo.de/
PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B

Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: AES128-CBC Question

2007-04-19 Thread Victor Duchovni
On Wed, Apr 18, 2007 at 11:29:45PM -0700, Aram Perez wrote:

 Is there any danger in using AES128-CBC with a fixed IV of all zeros? This is 
 being proposed for a standard because that's how SD cards implemented it.
 

Is the same key ever used to encrypt multiple streams?

This is a protocol question, not an algorithm question, so you need a
security review of the protocol (which you have not described).

-- 

 /\ ASCII RIBBON  NOTICE: If received in error,
 \ / CAMPAIGN Victor Duchovni  please destroy and notify
  X AGAINST   IT Security, sender. Sender does not waive
 / \ HTML MAILMorgan Stanley   confidentiality or privilege,
   and use is prohibited.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: AES128-CBC Question

2007-04-19 Thread Erik Tews
Am Mittwoch, den 18.04.2007, 23:29 -0700 schrieb Aram Perez:
 Hi Folks,
 
 Is there any danger in using AES128-CBC with a fixed IV of all zeros? This is 
 being proposed for a standard because that's how SD cards implemented it.

That depends. What would be a valid attack on a SD-card?


signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


Re: AES128-CBC Question

2007-04-19 Thread Sidney Markowitz
Aram Perez wrote, On 19/4/07 6:29 PM:
 Is there any danger in using AES128-CBC with a fixed IV of all zeros?

Here is some discussion about doing this, in the context of PGP doing
just that and why PGP inserts random characters at the begining of the
plaintext.

 http://archive.cert.uni-stuttgart.de/openpgp/2003/04/msg00026.html

It points out that a fixed IV results in information leakage if the
first block or more of plaintext is the same in two messages encrypted
with the same key.

 Sidney Markowitz
 http://www.sidney.com

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: crypto component services - is there a market?

2007-04-19 Thread Ian G

Stefan Kelm wrote:

Same with digital timestamping.


Here in Europe, e-invoicing very slowly seems to be
becoming a (or should I say the?) long-awaited
application for (qualified) electronic signatures.



Hmmm... last I heard, qualified certificates can only be 
issued to individuals, and invoicing (of the e-form that the 
regulations speak) can only be done by VAT-registered companies.


Is that not the case?  How is Germany resolving the 
contradictions?




Since electronic invoices need to be archived in
most countries some vendors apply time-stamps and
recommend to re-apply time-stamps from time to time.



Easier to invoice with paper!

iang

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: AES128-CBC Question

2007-04-19 Thread Nicolas Williams
On Fri, Apr 20, 2007 at 08:56:32AM +1200, Sidney Markowitz wrote:
 Aram Perez wrote, On 19/4/07 6:29 PM:
  Is there any danger in using AES128-CBC with a fixed IV of all zeros?
 
 Here is some discussion about doing this, in the context of PGP doing
 just that and why PGP inserts random characters at the begining of the
 plaintext.

Kerberos V calls this a confounder (a block of randomly selected bits
that is prepended to plaintext prior to encryption).

Nico
-- 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: crypto component services - is there a market?

2007-04-19 Thread Anne Lynn Wheeler

Stefan Kelm wrote:

Here in Europe, e-invoicing very slowly seems to be
becoming a (or should I say the?) long-awaited
application for (qualified) electronic signatures.
Since electronic invoices need to be archived in
most countries some vendors apply time-stamps and
recommend to re-apply time-stamps from time to time.


recent post/thread with some discussion of the business of
digital certificates ... as distinct from either digital
and/or electronic signatures.
http://www.garlic.com/~lynn/2007h.html#28 sizeof() was: The Perfect Computer - 
36 bits?

one of the exploits for the changing the burden of proof scenario
(mentioned in the above post) ... since the incentive is significant 
... is where the merchant produces a digital signature plus corresponding

digital certificate purported to be from the other party.

the underlying digital signature stuff was designed for providing
authentication and integrity for the transaction. there was never
any provisions for it to ever provide intent and/or handle the
situation of establishing the inverse ... i.e. in traditional
digital signature  digital certificate paradigm ... there is
no way of proving what, if any, digital signature and digital
certificate were originally appended to the transaction/invoice.

this somewhat gets into the area of non-repudiation services
(where some of the trusted time-stamping have periodically
wandered into) ... i.e. for individuals, digital signature isn't 
representative of a human signature and intent ... it is

purely does (what digital signatures were originally designed
for) authentication and integrity. 


other parts of the same thread related to digital signatures
http://www.garlic.com/~lynn/2007h.html#20 sizeof() was: The Perfect Computer - 
36 bits?
http://www.garlic.com/~lynn/2007h.html#22 sizeof() was: The Perfect Computer - 
36 bits?
http://www.garlic.com/~lynn/2007h.html#26 sizeof() was: The Perfect Computer - 
36 bits?
http://www.garlic.com/~lynn/2007h.html#27 sizeof() was: The Perfect Computer - 
36 bits?

possibly being able to force changing of burden of proof ... is analogous to
some past discussions about dual-use attack ... again where there was 
possibility
of allowing digital signatures to wander into the arena of human signatures and
intent ... a thread that started in this mailing list
http://www.garlic.com/~lynn/aadsm17.htm#57 dual-use digital signature 
vulnerability
http://www.garlic.com/~lynn/aadsm17.htm#59 dual-use digital signature 
vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#1 dual-use digital signature 
vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#2 dual-use digital signature 
vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#3 dual-use digital signature 
vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#56 two-factor authentication problems
http://www.garlic.com/~lynn/aadsm19.htm#27 Citibank discloses private 
information to improve security
http://www.garlic.com/~lynn/aadsm19.htm#41 massive data theft at MasterCard 
processor
http://www.garlic.com/~lynn/aadsm19.htm#43 massive data theft at MasterCard 
processor
http://www.garlic.com/~lynn/aadsm20.htm#0 the limits of crypto and 
authentication
http://www.garlic.com/~lynn/aadsm21.htm#5 Is there any future for smartcards?
http://www.garlic.com/~lynn/aadsm21.htm#13 Contactless payments and the 
security challenges
http://www.garlic.com/~lynn/aadsm23.htm#13 Court rules email addresses are not 
signatures, and signs death warrant for Digital Signatures

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]