Re: deterministic random numbers in crypto protocols -- Re: Possibly questionable security decisions in DNS root management

2009-11-02 Thread Bill Frantz
zo...@zooko.com (Zooko Wilcox-O'Hearn) on Thursday, October 29, 2009 wrote: I'm beginning to think that *in general* when I see a random number required for a crypto protocol then I want to either deterministically generate it from other data which is already present or to have it

Re: Security of Mac Keychain, Filevault

2009-11-02 Thread Steven Bellovin
On Oct 29, 2009, at 11:25 PM, Jerry Leichter wrote: A couple of days ago, I pointed to an article claiming that these were easy to break, and asked if anyone knew of security analyses of these facilities. I must say, I'm very disappointed with the responses. Almost everyone attacked

Re: Truncating SHA2 hashes vs shortening a MAC for ZFS Crypto

2009-11-02 Thread Zooko Wilcox-O'Hearn
Dear Darren J Moffat: I don't understand why you need a MAC when you already have the hash of the ciphertext. Does it have something to do with the fact that the checksum is non-cryptographic by default (http://docs.sun.com/app/ docs/doc/819-5461/ftyue?a=view ), and is that still true?

Re: Truncating SHA2 hashes vs shortening a MAC for ZFS Crypto

2009-11-02 Thread Alexander Klimov
On Fri, 30 Oct 2009, Darren J Moffat wrote: The SHA256 checksums are used even for blocks in the pool that aren't encrypted and are used for detecting and repairing (resilvering) block corruption. Each filesystem in the pool has its own wrapping key and data encryption keys. Due to some

Re: Truncating SHA2 hashes vs shortening a MAC for ZFS Crypto

2009-11-02 Thread Nicolas Williams
On Sun, Nov 01, 2009 at 10:33:34PM -0700, Zooko Wilcox-O'Hearn wrote: I don't understand why you need a MAC when you already have the hash of the ciphertext. Does it have something to do with the fact that the checksum is non-cryptographic by default (http://docs.sun.com/app/

First Test for Election Cryptography

2009-11-02 Thread Ali, Saqib
http://www.technologyreview.com/web/23836/ saqib http://replaycall.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: Security of Mac Keychain, Filevault

2009-11-02 Thread Jerry Leichter
On Nov 1, 2009, at 10:32 PM, Steven Bellovin wrote: On Oct 29, 2009, at 11:25 PM, Jerry Leichter wrote: A couple of days ago, I pointed to an article claiming that these were easy to break, and asked if anyone knew of security analyses of these facilities. I must say, I'm very

Re: Security of Mac Keychain, Filevault

2009-11-02 Thread Jerry Leichter
On Nov 2, 2009, at 5:36 PM, Jeffrey I. Schiller wrote: - Jerry Leichter leich...@lrw.com wrote: for iPhone's and iPod Touches, which are regularly used to hold passwords (for mail, at the least). I would not (do not) trust the iPhone (or iPod Touch) to protect a high value password.