CodeCon 2009 Call for Presentations

2009-01-09 Thread Len Sassaman
CodeCon 2009
April 17-19, 2009
San Francisco CA, USA

Call For Presentations

CodeCon is the premier showcase of cutting edge software development. It
is an excellent opportunity for programmers to demonstrate their work and
keep abreast of what's going on in their community.

All presentations must include working demonstrations, ideally accompanied
by source code. Presentations must be done by one of the active developers
of the code in question. We emphasize that demonstrations be of *working*

We hereby solicit papers and demonstrations.

* Papers and proposals due: February 15, 2009
* All Authors notified: March 1, 2009

Possible topics include, but are by no means restricted to:

* community-based web sites - forums, weblogs, personals
* development tools - languages, debuggers, version control
* file sharing systems - swarming distribution, distributed search
* security products - mail encryption, intrusion detection, firewalls
* malware analysis - detection, compensation, and mitigation of
  emerging threats


As a new feature this year, CodeCon will be presenting a Biohack! track.
While we will continue our tradition of presenting only one talk at a
time, a portion of one of the days' talks will be reserved for interesting
biotechnology hacking projects. A key requirement for these presentations
is ease of reproduction with minimal access to expensive laboratory

Example topics include:

* Purifying DNA using common household items
* Developing genetically-modified bacteria in a kitchen laboratory
* Using specially-designed software to assist in bioengineering
* The use of simple bioengineering techniques to solve real-world

Ideal Biohack! Track submissions will have a strong emphasis on the
hack portion of the talk -- in the last few years, there has been a
strong growth in the community of biology hackers; we aim to bring these
hackers together to discuss their techniques for inexpensive, at home
experimentation in biological engineering research.


Presentations will be 30 minutes long, with an additional 15 minutes
allocated for QA. Overruns will be truncated.

Submission details:

Submissions are being accepted immediately. Acceptance dates are
February 7th and March 1st. After the first acceptance date, submissions
will be either accepted, rejected, or deferred to the second acceptance

The conference language is English.

The conference venue is open to all ages.

Ideally, technical demonstrations should be usable by attendees with
802.11b connected devices either via a web interface, or locally on
Windows, UNIX-like, or MacOS platforms. Cross-platform applications are
most desirable. Biohacking demonstrations should be viewable with a
presenter-provided camera, or prepared movies for projection.

To submit, send mail to including the
following information:

* Project name
* Code track or Biohack! track
* url of project home page
* tagline - one sentence or less summing up what the project does
* names of presenter(s) and urls of their home pages, if they have any
* one-paragraph bios of presenters, optional, under 100 words each
* project history, under 150 words
* what makes the project novel -- how it differs from similar projects
* what will be done in the project demo, under 200 words
* slides to be shown during the presentation, if applicable
* future plans

General Chairs: Jonathan Moore and Bram Cohen
Program Chair: Jered Floyd and Len Sassaman

Program Committee:

* Jon Callas, PGP, USA
* Bram Cohen, BitTorrent, USA
* Roger Dingledine, The Tor Project, USA
* Jered Floyd, Permabit, USA
* Ben Laurie, Google, UK
* David Molnar, University of California, Berkeley, USA
* Jonathan Moore, Mosuki, USA
* Meredith L. Patterson, Osogato, USA
* Andrew S. Peek, Integrated DNA Technologies, USA
* Len Sassaman, Katholieke Universiteit Leuven, BE
* Cliff Skolnick
* Paul Syverson, Naval Research Laboratory, USA
* [Others may be added]


If your organization is interested in sponsoring CodeCon, we would love to
hear from you. In particular, we are looking for sponsors for social meals
and parties on any of the three days of the conference, as well as
sponsors of the conference as a whole and donors of door prizes. If you
might be interested in sponsoring any of these aspects, please contact the
conference organizers at

Press policy:

CodeCon provides a limited number of passes to qualifying press.
Complimentary press passes will be evaluated on request. Everyone is
welcome to pay the low registration fee to attend without an official
press credential.


If you have questions about CodeCon, or would like to contact the
organizers, please mail Please note this address
is only for questions and 

BIS looking for feedback on export controls

2009-01-09 Thread Noah Salzman
The BIS is looking for feedback on export controls, however, this is  
for foreign products. It does affect US makers of cryptography  
products if their products are re-packaged by a foreign entity.


74 FR 413

Request for Public Comment on Foreign Produced Encryption Items That  
are made from U.S.-origin Encryption technology or software

To determine the appropriate extent and scope of U.S. export controls  
on foreign products that are direct products of U.S. origin encryption  
technology or software, BIS is considering making subject to the  
Export Administration Regulations (EAR) all foreign items that would  
be controlled for Encryption Items (“EI”) reasons under the EAR (i.e.,  
that would be classified under ECCN 5A002 or 5D002) if they are the  
direct product of U.S.-origin ECCN 5E002 technology or ECCN 5D002  
software. BIS is seeking information regarding the impact this change  
would have on both U.S. exporters of encryption technology and  
software and foreign manufacturers of products that are derived in  
part or whole from U.S.-origin encryption technology or software.  
Comments are due March 9, 2009. 

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to

[ [fc-announce] Financial Crypto February 23-26 in Barbados, Early Registration Deadline Approaching]

2009-01-09 Thread R. Hirschfeld
From: Tyler Moore
Subject: [fc-announce] Financial Crypto February 23-26 in Barbados,
Early Registration Deadline Approaching
Date: Wed, 7 Jan 2009 21:58:44 -0500

Call for Participation

Financial Cryptography and Data Security '09

Thirteenth International Conference
February 23-26, 2009
Accra Beach Hotel  Resort

Early registration deadline approaching fast!  Register by January 21
to receive a discount.  For full details, visit:

Also, reserve your hotel room by January 22 in order to guarantee availability:

Financial Cryptography and Data Security is a major international
forum for research, advanced development, education, exploration and
debate regarding information assurance in the context of finance and
commerce. We have assembled a vibrant program featuring 21 peer-
reviewed research paper presentations, two panels (on the economics
of information security and on authentication), and a keynote address
by David Dagon.  To view the complete program, visit:

We look forward to seeing you in Barbados!

Tyler Moore
FC '09 General Chair
fc-announce mailing list

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to

Bitcoin v0.1 released

2009-01-09 Thread Satoshi Nakamoto
Announcing the first release of Bitcoin, a new electronic cash
system that uses a peer-to-peer network to prevent double-spending.
It's completely decentralized with no server or central authority.

See for screenshots.

Download link:

Windows only for now.  Open source C++ code is included.

- Unpack the files into a directory
- It automatically connects to other nodes

If you can keep a node running that accepts incoming connections,
you'll really be helping the network a lot.  Port 8333 on your
firewall needs to be open to receive incoming connections.

The software is still alpha and experimental.  There's no guarantee
the system's state won't have to be restarted at some point if it
becomes necessary, although I've done everything I can to build in
extensibility and versioning.

You can get coins by getting someone to send you some, or turn on
Options-Generate Coins to run a node and generate blocks.  I made
the proof-of-work difficulty ridiculously easy to start with, so
for a little while in the beginning a typical PC will be able to
generate coins in just a few hours.  It'll get a lot harder when
competition makes the automatic adjustment drive up the difficulty.
Generated coins must wait 120 blocks to mature before they can be

There are two ways to send money.  If the recipient is online, you
can enter their IP address and it will connect, get a new public
key and send the transaction with comments.  If the recipient is
not online, it is possible to send to their Bitcoin address, which
is a hash of their public key that they give you.  They'll receive
the transaction the next time they connect and get the block it's
in.  This method has the disadvantage that no comment information
is sent, and a bit of privacy may be lost if the address is used
multiple times, but it is a useful alternative if both users can't
be online at the same time or the recipient can't receive incoming

Total circulation will be 21,000,000 coins.  It'll be distributed
to network nodes when they make blocks, with the amount cut in half
every 4 years.

first 4 years: 10,500,000 coins
next 4 years: 5,250,000 coins
next 4 years: 2,625,000 coins
next 4 years: 1,312,500 coins

When that runs out, the system can support transaction fees if
needed.  It's based on open market competition, and there will
probably always be nodes willing to process transactions for free.

Satoshi Nakamoto

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to

MD5 considered harmful today, SHA-1 considered harmful tomorrow

2009-01-09 Thread Dustin D. Trammell
On Tue, 2008-12-30 at 11:51 -0800, Hal Finney wrote:
 Therefore the highest priority should be for the six bad CAs to change
 their procedures, at least start using random serial numbers and move
 rapidly to SHA1. As long as this happens before Eurocrypt or whenever
 the results end up being published, the danger will have been averted.
 This, I think, is the main message that should be communicated from this
 important result.

Nearly everything I've seen regarding the proposed solutions to this
attack have involved migration to SHA-1.  SHA-1 is scheduled to be
decertified by NIST in 2010, and NIST has already recommended[1] moving
away from SHA-1 to SHA-2 (256, 512, etc.).  Collision attacks have
already been demonstrated[2] against SHA-1 back in 2005, and if history
tells us anything then things will only get worse for SHA-1 from here.
By not moving directly to at least SHA-2 (until the winner of the NIST
hash competition is known), these vendors are likely setting themselves
up for similar attacks in the (relatively) near future.


Dustin D. Trammell
Security Researcher
BreakingPoint Systems, Inc.

Description: This is a digitally signed message part

On the topic of Asking the drunk...

2009-01-09 Thread Peter Gutmann


The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to

OpenPGP:SDK v0.9 released

2009-01-09 Thread Ben Laurie
I thought people might be interested in this now somewhat-complete,
BSD-licensed OpenPGP library...


There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit. - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to