Hi everyone,
I'm Allen Schaaf and I'm primarily an information security
analyst - I try to look at things like a total stranger and ask
all the dumb questions hoping to stumble on one or two that
hadn't been asked before that will reveal a potential risk.
I'm currently consulting at a very
Joseph,
The whole issue of entropy is a bit vague for me - I don't
normally work at that end of things - so could you point to a
good tutorial on the subject, or barring having a reference
handy, could you give an overview?
Thanks,
Allen
Joseph Ashwood wrote:
- Original Message
, but with proprietary
code, fergetit.
Closed-source doesn't mean that it is snake-oil. If that was the
case, the Microsoft's EFS, and Kerberos implementation would be snake
oil too.
As I recall there have been a few problems with Kerberos in the past.
Best,
Allen
the long history of industrial espionage in the corporate
world I'm sure that there are probably small teams working to
collect information that have somewhat more resources than an
individual or outsider group might have, making the effort
required feasible.
Thoughts?
Best,
Allen
Leichter
for the lifespan of the
person, which could be 70+ years after the medical record is
created. Think of the MRI of a kid to scan for some condition
that may be genetic in origin and has to be monitored and
compared with more recent results their whole life.
Thanks,
Allen
an easy
attack?
Thanks,
Allen
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Vlad SATtva Miller wrote:
Allen wrote on 31.01.2007 01:02:
I'll skip the rest of your excellent, and thought provoking post as it
is future and I'm looking at now.
From what you've written and other material I've read, it is clear that
even if the horizon isn't as short as five years
the entropy of
ideographic languages? Pictographic? Hieroglyphic?
Thanks,
Allen
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
identifiable data in encrypted form in their
offices, but when they send me the quote it's in plain text in an
e-mail!
Thinking through all aspects of the design and application of a
security model is mostly lacking as far as I can tell.
Best,
Allen
Hadmut Danisch wrote:
Hi,
has this been
,
could the attack be generalized so that it could be used against
other enterprises that use the same software? (It is very(!)
widely deployed), and D) am I missing something in my thinking?
Thanks,
Allen
-
The Cryptography
Sorry gang. In my response to David I forgot to provide the link
to a brief history of ulcers from the CDC which is very
interesting from the point of view of how long it takes for
experts to accept evidence.
http://www.cdc.gov/ulcer/history.htm
Have fun.
Allen
of governance and protecting
people who hold divergent views or beliefs from intimidation.
Best,
Allen
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
of a plug, but I'm not getting anything for
it, just letting people know that there are good folk out there.
Best,
Allen
Bill Squier wrote:
On Apr 29, 2007, at 11:47 AM, Perry E. Metzger wrote:
Slightly off topic, but not deeply. Many of you are familiar with
John Young's Cryptome web site
will work for at least a few days I imagine:
http://cryptome.org/cryptome-shut.htm
Okay gang,
The URL/URI is
http://www.sound-by-design.com/cryptome/Cryptome.htm
It has a lot of the shut down stuff down the page a bit. Sorry,
no internal links and no images.
Allen
will work for at least a few days I imagine:
http://cryptome.org/cryptome-shut.htm
Okay gang,
I've loaded it at:
http://www.sound-by-design.com/cryptome/cryptome-shut.htm
Sorry, no images and internal links but at least the bulk is there.
Best,
Allen
are the downside risks for Sony in doing
this?
What am I missing in this picture?
Thanks,
Allen
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
targets and the ducks are small and have wings.
Best,
Allen
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
themselves are neutral.
Best,
Allen
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
. This might work if the compromise of the CA
happened *after* the original certificate was issued, but what if
the compromise was long standing? Is there any way to accomplish this?
Thoughts?
Best to all,
Allen
cryptography, to assist us
in achieving well founded trust relationships.
Best,
Allen
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
would have to happen
before we wouldn't trust *any* public key to represent who we
think it does?
How will dissident groups keep from getting compromised when
fighting oppression?
Best,
Allen
-
The Cryptography Mailing
enough shares
to cover vacations, out of range, and other vagaries of human
existence.
BTW, on the net is a demo of secret sharing:
http://point-at-infinity.org//demo.html
Allen
Peter Gutmann wrote:
Charles Jackson [EMAIL PROTECTED] writes:
Is anyone aware of a commercial product
for, say John the
Ripper on a P4 3GHz with 1GB of memory (or some other commodity
level computer) to the tera (soon to be peta it looks like) flop
ratings on super computers?
Thanks,
Allen
-
The Cryptography Mailing List
always loved the old saw, Be careful what you wish for, you
just might get it. My addendum is that you will probably not
like the unintended consequences.
Best,
Allen
-
The Cryptography Mailing List
Unsubscribe by sending
and just renders errors.
I'm guessing that even the botnets in current use couldn't do it
in any reasonable time frame nor is the storage space available
at an affordable price for any but three letter agencies.
Am I correct?
Allen
/1401val2006.htm#682
Best,
Allen
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
for it but few understand that
you have to work at it constantly.
Best,
Allen
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
William Allen Simpson wrote:
[snip]
Actually, I deal with notaries regularly. I've always had to
physically sign while watched by the notary. They always
read the stuff notarized, and my supporting identification,
because they are notarizing a signature (not a document).
And yes
William Allen Simpson wrote:
[snip]
The whole point of a notary is to bind a document to a person. That the
person submitted two or more different documents at different times is
readily observable. After all, the notary has the document(s)!
No, the notary does not have the documents *after
, nails or heads.
Best,
Allen
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
http://www.dailyprogress.com/servlet/Satellite?pagename=CDP/MGArticle/CDP_BasicArticlec=MGArticlecid=1173354778618path=
The article is not real clear about the level of physical
dissection actually used, but it does appear that progress is
being made on that front as well.
Allen
at as a potential model.
Best,
Allen
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
double hulls now. But
that still didn't prevent the Busan from spilling 58,000 gallons
of bunker oil in the San Francisco Bay. If they hadn't had a
double hull, how much would the have spilled?
Oh, well, given how risk adverse we tend to be it is odd the
choices we make.
Best,
Allen
by adventuresome minds to see how
*few* gates are needed to compromise a chip's security much like
the self replicating code referenced by Ken Thompson in his paper?
Best,
Allen
-
The Cryptography Mailing List
Unsubscribe
. The agency is not yet ready to announce the results of the
test, according to Jan Walker, a spokeswoman for the agency.
H
Best,
Allen
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography
and a cat or a child laughing or just
happy and the degree of reliability of the differentiation. I've
done a bit of looking around and don't find much. Does anyone
have knowledge of or a pointer to someone who might know where
to look about this?
Thanks,
Allen
,
Allen
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
://www.magicjack.com/1/index.asp).
The software is:
http://zfoneproject.com/getstarted.html
Best,
Allen
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
old K6-II can crack this in less than one minute as there
are only 1.11*10^6 possible.
You can lead a horse to water
Best,
Allen
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
Arshad Noor wrote:
While programmers or business=people could be ill-informed, Allen,
I think the greater danger is that IT auditors do not know enough
about cryptography, and consequently pass unsafe business processes
and/or software as being secure.
This is the reason why we in the OASIS
Nicolas Williams wrote:
On Mon, Jun 30, 2008 at 07:16:17AM -0700, Allen wrote:
Given this, the real question is, /Quis custodiet ipsos custodes?/
Putting aside the fact that cryptographers aren't custodians of
anything, it's all about social institutions.
Well, I wouldn't say they aren't
was
developed by Ogden's Voice Commerce Group in partnership with U.S.
speech software firm Nuance Communications.
Best,
Allen
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Is there an upper limit on the number of RSA Public/Private 1024 bit
key pairs possible? If so what is the relationship of the number of
1024 bit to the number of 2048 and 4096 bit key pairs?
Thanks,
Allen
-
The Cryptography
?
Given that those in charge rarely listen in any case, perhaps they
are trying to promote stress related health problems in a secret
conspiracy with doctors. ;-
Best,
Allen
-
The Cryptography Mailing List
Unsubscribe by sending
because of a lack of oversight by the
general cryptography community.
Best Regards,
Allen
Original Message
Subject: [ekmi] Public Review of SKSML v1.0
Date: Thu, 24 Jul 2008 22:04:49 -0400
From: Mary McRae [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Organization: OASIS
Yet more that is implausible:
http://www.securstar.com/products_drivecrypt.php
Best,
Allen
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
expired.
I'm running Firefox 3.01, and Java 6 Update 7.
The error appears to be with Java as that is the window that pops up.
Best,
Allen
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
Peter Gutmann wrote:
Allen [EMAIL PROTECTED] writes:
I just got a warning that a certificate had expired and yet the data in it
says:
[From: Tue Aug 05 17:00:00 PDT 2003,
To: Mon Aug 05 16:59:59 PDT 2013]
The error message says: The digital signature was generated with a trusted
I'm a bit surprised no one has mentioned the Red Hat server being
hacked and the certificated being compromised on Fedora.
http://www.eweek.com/c/a/Security/Red-Hat-Digital-Keys-Violated-By-Intruder/
Best,
Allen
?search=0xBB678C30op=index
Yes, I regard the combination of Thunderbird + Enigmail + GPG as the
best existing solution for secure email.
What does anyone think of of the combo?
Best,
Allen
-
The Cryptography Mailing List
?
Thanks,
Allen
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
We knew it was coming, right?
Original Message
Subject: [announce] THC releases video and tool to backup/modify
ePassports
Date: Mon, 29 Sep 2008 10:00:26 +
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
http://freeworld.thc.org/thc-epassport/
29th September 2008
both the user and administrator configure a per
host secret was apparently out of the question.
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
-
The Cryptography Mailing List
!
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
for a reversal.
It's pretty damn rare, he said. I have never seen it happen.
...
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
-
The Cryptography Mailing List
Unsubscribe by sending
phone
conversations that are temporarily stored in electronic routers
during transmission.
[page 51-52]
As this is a US Court of Appeals, it sets precedent that other courts
will use, and directly applies to all ISPs in the NE US.
--
William Allen Simpson
Key fingerprint = 17 40 5E 67
and magic numbers, generally transmitted
verbatum. However, since we have a ready source of non-blocking keying
material in /dev/urandom, it seems to be better to use that instead of
the blocking critical resource
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9
on the chin, and stick in the random(5)
page the description of how reliable the device
meets the requirement.
(This might be a resend, my net was dropping all
sorts of stuff today and I lost the original.)
That's OK, the writing was clearer the second time around.
--
William Allen Simpson
Key
be different if they are wrongfully
assuming that their communications are encrypted by what they believe is
strong encryption when if fact it may be very very low.
--
Mark Allen Earnest
Lead Systems Programmer
Emerging Technologies
The Pennsylvania State University
smime.p7s
Description: S/MIME
spoofing useless if they decide to make it
so that only IE could connect to ISS. Again though, doing so would piss
off a great many of their customers, some of who are slowly jumping ship
to other solutions anyway.
--
Mark Allen Earnest
Lead Systems Programmer
Emerging Technologies
The Pennsylvania
in return.
--
Mark Allen Earnest
Lead Systems Programmer
Emerging Technologies
The Pennsylvania State University
Lt Commander
Centre County Sheriff's Office Search and Rescue
KB3LYB
smime.p7s
Description: S/MIME Cryptographic Signature
PK with PKI. Almost NOBODY has
ever done PKI right. The I is the part everyone conveniently forgets
when they claim otherwise.
--
Mark Allen Earnest
Lead Systems Programmer
Emerging Technologies
The Pennsylvania State University
KB3LYB
smime.p7s
Description: S/MIME Cryptographic Signature
in practice for trust.
--
Mark Allen Earnest
Lead Systems Programmer
Emerging Technologies
The Pennsylvania State University
KB3LYB
smime.p7s
Description: S/MIME Cryptographic Signature
for prime time.
(seen at http://isthatlegal.org)
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
considerations.
Compare with Photuris [RFC-2522], where undergraduate (Keromytis) and
graduate (Spatscheck, Provos) students independently were able to
complete interoperable implementations (in their spare time) in a
month or so
So, no, some security folks didn't ignore this ;-)
--
William Allen
.
Again, the ISAKMP flaws were foreseeable and avoidable. And Photuris
was written before the existence of ISAKMP.
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
-
The Cryptography
is the community to replace ISAKMP with something more robust?
Provos' Photuris code could be running on all the BSDs in a few months.
Maybe sooner, were payment involved.
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
]):
Date: Sun, 15 Aug 1999 10:00:01 -0400
From: William Allen Simpson [EMAIL PROTECTED]
Catching up, and after talking with John Kelsey and Sandy Harris at
SAC'99, it seems clear that there is some consensus on these lists that
the semantics of /dev/urandom need improvement
.
Of course, AFAICT, the trailing key makes the various recent attacks
on MD5 and SHA1 entirely inapplicable.
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
-
The Cryptography Mailing
Perry E. Metzger wrote:
http://www.usatoday.com/news/washington/2006-05-10-nsa_x.htm
Legal analysis from Center for Democracy and Technology at:
http://www.cdt.org/publications/policyposts/2006/8
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html
The vulnerability allows an attacker to exhaust the IKE resources on a
remote VPN concentrator by starting new IKE sessions faster than the
concentrator expires them from its queue. By doing this, the attacker
fills up the
Leichter, Jerry wrote:
| note that there have been (at least) two countermeasures to DES brute-force
| attacks ... one is 3DES ... and the other ... mandated for some ATM networks,
| has been DUKPT. while DUKPT doesn't change the difficulty of brute-force
| attack on single key ... it creates a
I often say, Rub a pair of cryptographers together, and you'll
get three opinions. Ask three, you'll get six opinions. :-)
However, he's talking about security, which often isn't quantifiable!
And don't get me ranting about provable security Had a small
disagreement with somebody at
James A. Donald wrote:
This attack does not require the certifier to be
compromised.
You are referring to a different page (that I did not reference).
Never-the-less, both attacks require the certifier to be compromised!
The attack was to generate a multitude of predictions
for the US
Weger, B.M.M. de wrote:
The parlor trick demonstrates a weakness of the pdf format, not MD5.
I disagree. We could just as easy have put the collision blocks
in visible images.
Parlor trick.
... We could just as easy have used MS Word
documents, or any document format in which there is some
James A. Donald wrote:
Not true. Because they are notarizing a signature, not
a document, they check my supporting identification,
but never read the document being signed.
This will be my last posting. You have refused several requests to stick
to the original topic at hand.
Apparently,
Weger, B.M.M. de wrote:
See http://www.win.tue.nl/hashclash/TargetCollidingCertificates/
...
Our first chosen-prefix collision attack has complexity of about
2^50, as described in our EuroCrypt 2007 paper. This has been
considerably improved since then. In the full paper that is in
preparation
Personally, I thought this horse was well drubbed, but the moderator let
this message through, so he must think it important to continue
James A. Donald wrote:
William Allen Simpson wrote:
The notary would never sign a hash generated by
somebody else. Instead, the notary generates its
Francois Grieu wrote:
That's because if Tn is known (including chosen) to some person,
then (due to the weakness in MD5 we are talking about), she can
generate Dp and Dp' such that
S( MD5(Tn || Dp || Cp || Cn) ) = S( MD5(Tn || Dp' || Cp || Cn) )
whatever Cp, Cn and S() are.
First of all, the
We had many discussions about this 15 years ago
You usually have predictable plaintext. A cipher that isn't strong enough
against a chosen/known plaintext attack has too many other protocol
problems to worry about mere padding!
For IPsec, we originally specified random padding with 1
I've changed the subject. Some of my own rants are about mathematical
cryptographers that are looking for the perfect solution, instead of
practical security solution. Always think about the threat first!
In this threat environment, the attacker is unlikely to have perfect
knowledge of the
It seems like enough time has passed to post publicly, as some of these
are now common knowledge:
Ben Laurie wrote:
William Allen Simpson wrote:
Keep in mind that the likely unpredictability is about 2**24. In many
or most cases, that will be implementation limited to 2**18 or less.
Why
James A. Donald wrote:
Peter Gutmann wrote:
Unfortunately I think the only way it (and a pile of other things as
well) may get stamped out is through a multi-pronged approach that
includes legislation, and specifically properly thought-out
requirements
I agree. I'm sure this is a
Jerry Leichter wrote:
...
accurately states that AES-128 is thought to be secure within the state
of current and expected cryptographic knowledge, it propagates the meme
of the short key length of only 128 bits. A key length of 128 bits is
beyond any conceivable brute force attack - in and
Perry E. Metzger wrote:
[Snip admirably straightforward threat and requirements analysis]
Yes, you can attempt to gather randomness at run time, but there are
endless ways to screw that up -- can you *really* tell if your random
numbers are random enough? -- and in a cheap device with low
Nicolas Williams wrote:
Getting DNSSEC deployed with sufficiently large KSKs should be priority #1.
I agree. Let's get something deployed, as that will lead to testing.
If 90 days for the 1024-bit ZSKs is too long, that can always be
reduced, or the ZSK keylength be increased -- we too can
It bugs me that so many of the input words are mostly zero. Using the
TLS Sequence Number for the nonce is certainly going to be mostly zero
bits. And the block counter is almost all zero bits, as you note,
(In the case of the TLS, limits on the plaintext size mean that the
first counter
On 9/11/13 6:00 AM, Alexandre Anzala-Yamajako wrote:
Chacha20 being a stream cipher, the only requirement we have on the ICV is
that it doesn't repeat isn't ?
You mean IV, the Initialization Vector. ICV is the Integrity Check Value,
usually 32-64 bits appended to the packet. Each is
On 9/11/13 10:27 AM, Adam Langley wrote:
[attempt two, because I bounced off the mailing list the first time.]
On Tue, Sep 10, 2013 at 9:35 PM, William Allen Simpson
william.allen.simp...@gmail.com wrote:
Why generate the ICV key this way, instead of using a longer key blob
from TLS
On 9/11/13 10:37 AM, Adam Langley wrote:
On Tue, Sep 10, 2013 at 10:59 PM, William Allen Simpson
william.allen.simp...@gmail.com wrote:
Or you could use 16 bytes, and cover all the input fields There's no
reason the counter part has to start at 1.
It is the case that most of the bottom
On 10/11/13 7:34 PM, Peter Gutmann wrote:
Phillip Hallam-Baker hal...@gmail.com writes:
Quick question, anyone got a good scheme for key stretching?
http://lmgtfy.com/?q=hkdfl=1
Yeah, that's a weaker simplification of the method I've always
advocated, stopping the hash function before the
91 matches
Mail list logo