Re: crypto component services - is there a market?
Stefan Kelm wrote: Here in Europe, e-invoicing very slowly seems to be becoming a (or should I say "the"?) long-awaited application for (qualified) electronic signatures. Since electronic invoices need to be archived in most countries some vendors apply time-stamps and recommend to re-apply time-stamps from time to time. recent post/thread with some discussion of the business of digital certificates ... as distinct from either digital and/or electronic signatures. http://www.garlic.com/~lynn/2007h.html#28 sizeof() was: The Perfect Computer - 36 bits? one of the exploits for the "changing" the burden of proof scenario (mentioned in the above post) ... since the incentive is significant ... is where the merchant produces a digital signature plus corresponding digital certificate purported to be from the other party. the underlying digital signature stuff was designed for providing authentication and integrity for the transaction. there was never any provisions for it to ever provide intent and/or handle the situation of establishing the inverse ... i.e. in traditional digital signature & digital certificate paradigm ... there is no way of proving what, if any, digital signature and digital certificate were originally appended to the transaction/invoice. this somewhat gets into the area of non-repudiation services (where some of the trusted time-stamping have periodically wandered into) ... i.e. for individuals, digital signature isn't representative of a human signature and intent ... it is purely does (what digital signatures were originally designed for) authentication and integrity. other parts of the same thread related to digital signatures http://www.garlic.com/~lynn/2007h.html#20 sizeof() was: The Perfect Computer - 36 bits? http://www.garlic.com/~lynn/2007h.html#22 sizeof() was: The Perfect Computer - 36 bits? http://www.garlic.com/~lynn/2007h.html#26 sizeof() was: The Perfect Computer - 36 bits? http://www.garlic.com/~lynn/2007h.html#27 sizeof() was: The Perfect Computer - 36 bits? possibly being able to force changing of burden of proof ... is analogous to some past discussions about "dual-use" attack ... again where there was possibility of allowing digital signatures to wander into the arena of human signatures and intent ... a thread that started in this mailing list http://www.garlic.com/~lynn/aadsm17.htm#57 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm17.htm#59 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm18.htm#1 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm18.htm#2 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm18.htm#3 dual-use digital signature vulnerability http://www.garlic.com/~lynn/aadsm18.htm#56 two-factor authentication problems http://www.garlic.com/~lynn/aadsm19.htm#27 Citibank discloses private information to improve security http://www.garlic.com/~lynn/aadsm19.htm#41 massive data theft at MasterCard processor http://www.garlic.com/~lynn/aadsm19.htm#43 massive data theft at MasterCard processor http://www.garlic.com/~lynn/aadsm20.htm#0 the limits of crypto and authentication http://www.garlic.com/~lynn/aadsm21.htm#5 Is there any future for smartcards? http://www.garlic.com/~lynn/aadsm21.htm#13 Contactless payments and the security challenges http://www.garlic.com/~lynn/aadsm23.htm#13 Court rules email addresses are not signatures, and signs death warrant for Digital Signatures - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: AES128-CBC Question
On Fri, Apr 20, 2007 at 08:56:32AM +1200, Sidney Markowitz wrote: > Aram Perez wrote, On 19/4/07 6:29 PM: > > Is there any danger in using AES128-CBC with a fixed IV of all zeros? > > Here is some discussion about doing this, in the context of PGP doing > just that and why PGP inserts random characters at the begining of the > plaintext. Kerberos V calls this a "confounder" (a block of randomly selected bits that is prepended to plaintext prior to encryption). Nico -- - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: crypto component services - is there a market?
Stefan Kelm wrote: Same with digital timestamping. Here in Europe, e-invoicing very slowly seems to be becoming a (or should I say "the"?) long-awaited application for (qualified) electronic signatures. Hmmm... last I heard, qualified certificates can only be issued to individuals, and invoicing (of the e-form that the regulations speak) can only be done by VAT-registered companies. Is that not the case? How is Germany resolving the contradictions? Since electronic invoices need to be archived in most countries some vendors apply time-stamps and recommend to re-apply time-stamps from time to time. Easier to invoice with paper! iang - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: AES128-CBC Question
Aram Perez wrote, On 19/4/07 6:29 PM: > Is there any danger in using AES128-CBC with a fixed IV of all zeros? Here is some discussion about doing this, in the context of PGP doing just that and why PGP inserts random characters at the begining of the plaintext. http://archive.cert.uni-stuttgart.de/openpgp/2003/04/msg00026.html It points out that a fixed IV results in information leakage if the first block or more of plaintext is the same in two messages encrypted with the same key. Sidney Markowitz http://www.sidney.com - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: AES128-CBC Question
Am Mittwoch, den 18.04.2007, 23:29 -0700 schrieb Aram Perez: > Hi Folks, > > Is there any danger in using AES128-CBC with a fixed IV of all zeros? This is > being proposed for a standard "because that's how SD cards implemented it". That depends. What would be a valid attack on a SD-card? signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: AES128-CBC Question
On Wed, Apr 18, 2007 at 11:29:45PM -0700, Aram Perez wrote: > Is there any danger in using AES128-CBC with a fixed IV of all zeros? This is > being proposed for a standard "because that's how SD cards implemented it". > Is the same key ever used to encrypt multiple streams? This is a protocol question, not an algorithm question, so you need a security review of the protocol (which you have not described). -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAILMorgan Stanley confidentiality or privilege, and use is prohibited. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
AES128-CBC Question
Adam Perez writes: >Is there any danger in using AES128-CBC with a fixed IV of all zeros? Yes. If you encrypt two messages with a common prefix under the same key, that fact will be readily apparent from the ciphertexts. This may leak information about the plaintext, depending upon the structure of your messages. Any decent crypto book will tell you about this weakness and recommend against use of CBC with a fixed IV. This is elementary stuff; I think you may need to get someone with more experience in cryptography advising you on these design questions. Of course, the fact that someone else uses bad design (if that is even correct) is not a good excuse for using poor practice yourself. WEP does all sorts of crazy things, but that doesn't mean you should copy what WEP does. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
AES128-CBC Question
Hi Folks, Is there any danger in using AES128-CBC with a fixed IV of all zeros? This is being proposed for a standard "because that's how SD cards implemented it". Thanks, Aram Perez - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: crypto component services - is there a market?
> Same with digital timestamping. Here in Europe, e-invoicing very slowly seems to be becoming a (or should I say "the"?) long-awaited application for (qualified) electronic signatures. Since electronic invoices need to be archived in most countries some vendors apply time-stamps and recommend to re-apply time-stamps from time to time. Cheers, Stefan. T.I.S.P. - Lassen Sie Ihre Qualifikation zertifizieren vom 25.-30.06.2007 - http://www.secorvo.de/college/tisp/ Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]