Re: Physical security rather than crypto---but perhaps of interest

2009-07-17 Thread Ali, Saqib
Since we are on this topic: You don’t need to be a crowned Ranger class master hacker to sneak into someone’s email or facebook account these days. Which means that you’re not simply being a nervous nellie if you’re worried about security. In fact, users of public WiFi should be worried. If you

Re: 112-bit prime ECDLP solved

2009-07-17 Thread james hughes
On Jul 14, 2009, at 12:43 PM, James A. Donald wrote: 2033130 Subsequent expansions in computing power will involve breaking up Jupiter to build really big computers, and so forth, which will slow things down a bit. So 144 bit EC keys should be good all the way to the singularity and

Re: Intercepting Microsoft wireless keyboard communications

2009-07-17 Thread travis+ml-cryptography
On Tue, Dec 11, 2007 at 02:01:03PM -0500, wrote: How many bits (not just data, also preamble/postamble, sync bits, etc.) is the keyboard sending for each keystroke anyway? FWIW, it is likely sending keyboard scan codes: It doesn't send the

XML signature HMAC truncation authentication bypass

2009-07-17 Thread Leandro Meiners
XML Signature Syntax and Processing (XMLDsig) is a W3C recommendation for providing integrity, message authentication, and/or signer authentication services for data. XMLDsig is commonly used by web services such as SOAP. The XMLDsig recommendation includes support for HMAC truncation, as

work factor calculation for brute-forcing crypto

2009-07-17 Thread travis+ml-cryptography
Hi folks, Assume for a moment that we have a random number generator which is non-uniform, and we are using it to generate a key. What I'd like to do is characterize the work factor involved in brute-force search of the key space, assuming that the adversary has knowledge of the characteristics

Re: 112-bit prime ECDLP solved

2009-07-17 Thread Tanja Lange
So with about 1 000 000 USD and a full year you would get 122 bits already now and agencies have a bit more budget than this! Furthermore, the algorithm parallelizes extremely well and can handle a batch of 100 targets at only 10 times the cost. No it cannot handle a bunch of a hundred