Re: Trusted timestamping
+ Fearghas McKay : > http://www.itconsult.co.uk/stamper.htm > > Has been around since ~1995 and just works whenever I have used it, > albeit some time ago. It publishes time stamp info on Usenet, > comp.security.pgp.announce which shows the last activity was in > 2002... > > http://groups.google.com/group/comp.security.pgp.announce/browse_thread/thread/d25667d87c1740f6# > > Which seems to support your viewpoint. As explained at http://www.itconsult.co.uk/stamper/stampnew.htm they moved to alt.security.pgp in 2002. But ... the latest timestamp summary I can see there is from May 2009, so I guess the point stands, unless it's just google groups that won't cooperate. (Hmmm, my news server doesn't even carry alt.security.gpg, so I can't check further. Not a good sign.) - Harald - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
xkcd has cracked the Voynich manuscript
Really: http://xkcd.com/593/ 8-) - Harald [Moderator's note: I would not have forwarded but I got several postings. --Perry] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Kaminsky finds DNS exploit
+ John Kemp <[EMAIL PROTECTED]>: > It does seem he would like an air of some mystery to exist though > until he makes his presentation about the issue at Defcon - did he, > himself, discover something new? We'll just have to wait, unless we > go play with the BIND code ourselves. Unless he is merely blowing smoke, it would seem that he discovered some little twist that makes the known vulnerability much more easily exploitable than previously assumed. That would explain his statement: the patch fixes a well known vulnerability, and as a side effect stops the more serious attack, in effect making it hard to tell what is involved in that attack from reading the patch. - Harald - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: What is a proof?
+ "James A. Donald" <[EMAIL PROTECTED]>: > If a proof is a record of a mental journey in which one person has > discovered an important truth, and then made a record of that > journey adequate so that a second person can walk the same path and > see the same truth, then cryptography could do with more and better > proofs. As a mathematician with a somewhat limited knowledge of cryptography (and hence mostly a lurker on this list), I feel strangely compelled to respond. First, I like your metaphor. If I might build further on it, it would be to point out that the first person to explore unknown terrain often finds the journey ardous and difficult: He ends up scaling vertical cliffs and crossing raging rivers, only later to discover that there was an easier path. Should he not then record the easier path, rather than the difficult one that he himself followed initially? > If, on the other hand, a proof is an argument impressively decorated > with mathematical sounding jargon, cryptography could do with a good > deal fewer of them. Agreed. But sometimes what may seem like jargon made to impress is more analogous to a road, or maybe an all-terrain vehicle, that makes the wilderness available with less effort (and incidentally makes it less wild, but maybe this is where we should leave the metaphor behind). There is nothing wrong with jargon and big theories if they fill a real need other than inflating the ego of their originators or scaring away outsiders. - Harald - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Find me a hash
Susan Landau has an article in the upcoming March issue of Notices of the AMS: "Find me a hash." There is a short preview of the article here: http://www.eurekalert.org/pub_releases/2006-02/ams-dsa020106.php it even includes a "non-public" (whatever that means) link to the paper itself: http://www.ams.org/staff/jackson/fea-landau.pdf Readers of the cryptography list may not learn anything new from it, but it seems like a nice summary of the present state of affairs. The article opens by calling hash function the duct tape of cryptography, and ends with these words: What is the theory of hash functions? It is not often that mathematicians are asked to develop a theory for duct tape, but there is a clear and present need to do so now for cryptographic hash functions. - Harald - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Beware of /dev/random on Mac OS X
+ Tim Dierks <[EMAIL PROTECTED]>: | Can anyone who believes that only having 160 bits of entropy | available is an interesting weakness tell me why? That is an interesting discussion that I don't feel qualified to participate in (but look forward to following), but I think it's a good idea to keep that issue separate from the one raised by Peter: /dev/urandom is for those situations where guaranteed entropy is not seen as needed, whereas /dev/random, by design, is for the very most "paranoid". Apple should not have violated the specification of /dev/random in this way. The right thing for them to do, if they are unable or unwilling to provide a true /dev/random, is to not provide the device at all, and just settle for /dev/urandom. - Harald - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]