Re: MD6 withdrawn from SHA-3 competition

2009-07-07 Thread Josh Rubin
Paul Hoffman wrote:
 At 10:39 AM -0700 7/4/09, Hal Finney wrote:
 But how many other hash function candidates would also be excluded if
 such a stringent criterion were applied? Or turning it around, if NIST
 demanded a proof of immunity to differential attacks as Rivest proposed,
 how many candidates have offered such a proof, in variants fast enough
 to beat SHA-2?

 The more important question, and one that I hope gets dealt with, is
 what is a sufficient proof. We know what proofs are, but we don't have
 a precise definition. We know what a proof should look like, sort
 of. Ron and his crew have their own definition, and they can't make
 MD6 work within that definition. But that doesn't mean that NIST
 wouldn't have accepted the fast-enough MD6 with a proof from someone

Mathematicians have a precise definition of what a proof is, thanks to
logicians like David Hilbert and Kurt Goedel. But people in all
disciplines have a terrible time formulating problems, and remembering
the conditions under which a statement was proved. They also quote
theorems incorrectly, and errors propagate through the less
well-reviewed parts of the literature.

Josh Rubin

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to

Re: Obama administration revives Draconian communications intercept plans

2010-09-29 Thread Josh Rubin

 On 9/28/2010 1:47 AM, Florian Weimer wrote:

   Essentially, officials want Congress to require all services that
   enable communications — including encrypted e-mail transmitters like
   BlackBerry, social networking Web sites like Facebook and software
   that allows direct “peer to peer” messaging like Skype — to be
   technically capable of complying if served with a wiretap order. The
   mandate would include being able to intercept and unscramble
   encrypted messages.

Isn't this just a clarification of existing CALEA practice?

In most jurisdictions, if a communications services provider is served
an order to make available communications, it is required by law to
provide it in the clear.  Anything else doesn't make sense, does it?
Service providers generally acknowledge this (including Research In
Motion, so I don't get why they are singled out in the article).

This post from the IETF Wiretapping list [RAVEN] from October, 1999 
may be relevant to the discussion.

Should Tin Cans and String comply with CALEA?

The question has special significance to me as proprietor of

Josh Rubin

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to