Re: Can you keep a secret? This encrypted drive can...
On Thu, 2 Nov 2006, Alexander Klimov wrote: I guess many people here have tried full disk encryption for themselves, do you notice any difference in performance or not? Yes and no! I use dm-crypt on a Linux laptop with FC5. On the encrypted filesystem: # > df /dev/mapper/secure 309895213342 80553 73% /secure # > time dd if=/dev/zero of=cryptogram bs=1MB count=50 50+0 records in 50+0 records out 5000 bytes (50 MB) copied, 1.96366 seconds, 25.5 MB/s dd if=/dev/zero of=cryptogram bs=1MB count=50 0.00s user 0.52s system 25% cpu 2.023 total On the unencrypted filesystem: # > time dd if=/dev/zero of=cryptogram bs=1MB count=50 50+0 records in 50+0 records out 5000 bytes (50 MB) copied, 0.216106 seconds, 231 MB/s real0m0.257s user0m0.000s sys 0m0.252s The factor 9.05 making the the unencrypted filesystem faster than the encrypted one really does not make a difference for me for anything I do. I'd be happy with 1 MB/s and I got 25! (using AES-256) Regards Ralf Senderek *.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.* * Ralf Senderek <[EMAIL PROTECTED]> http://senderek.com* What is privacy * * Sandstr. 60 D-41849 Wassenberg +49 2432-3960 * without * * PGP: AB 2C 85 AB DB D3 10 E7 CD A4 F8 AC 52 FC A9 ED *Pure Crypto? * 49466008763407508762442876812634724277805553224967086648493733366295231438448 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: thoughts on one time pads
On Thu, 26 Jan 2006, Travis H. wrote: > All I've got to say is, I'm on this like stink on doo-doo. Being the > thorough, methodical, paranoid person I am, I will be grateful for any > pointers to prior work and thinking in this area. You may wish to look at: Ueli M . Maurer: Conditionally-Perfect Secrecy and a Provably-Secure Randomized Cipher in: Journal of Cryptography, vol 5, no. 1, pp. 53-66, 1992 (available online) and Ferguson, Schneier, Wagner: Security Weaknesses in Maurer-Like Randomized Stream Ciphers published on Schneier's website Regards Ralf Senderek *.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.* * Ralf Senderek <[EMAIL PROTECTED]> http://senderek.com* What is privacy * * Sandstr. 60 D-41849 Wassenberg +49 2432-3960 * without * * PGP: AB 2C 85 AB DB D3 10 E7 CD A4 F8 AC 52 FC A9 ED *Pure Crypto? * 49466008763407508762442876812634724277805553224967086648493733366295231438448 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: X.509 / PKI, PGP, and IBE Secure Email Technologies
On Fri, 9 Dec 2005, Ed Gerck wrote: > [...] at least the grand > picture should exist beforehand. This is what this thread's subject > paper is about, the grand picture for secure email and why aren't > we there yet (Phil's PGP is almost 15 years old) -- what's missing. > and Bill Stewart wrote: > Popularity of a product is critical to its security; > you don't gain anonymity if the Feds can recognize that > you're one of the dozen users of a given application. > Your mom can use Skype, but nobody she knows uses Crypto Kong, > and I only know a few people who use PGP to email their mom. > But some of the Instant Messaging systems use crypto; > too bad that they're continually trying to be incompatible > with each other to gain market share. I think what's missing is the understanding that there cannot be secure email without the persons involved acting responsible and knowing their role in the process. Your mother will probably expect the computer to do the job for her (mine will never expect anything from computers) rejecting any responsibility for her email's security. In my opinion establishing secure email this way is impossible despite the fact that encryption is (relatively) easy if our algorithms work as expected and you have the correct high-quality public key. And even if Instant Messaging systems would use the same crypto people will use them like cell phones without any consciousness of their own responsibility for key validation. Getting good crypto into mass products can help but does not eliminate the necessity for checking essential properties of the system they use. How we can make this job as reliable as possible is the question at the heart of the problem. Ralf Senderek *.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.* * Ralf Senderek <[EMAIL PROTECTED]> http://senderek.com* What is privacy * * Sandstr. 60 D-41849 Wassenberg +49 2432-3960 * without * * PGP: AB 2C 85 AB DB D3 10 E7 CD A4 F8 AC 52 FC A9 ED *Pure Crypto? * 49466008763407508762442876812634724277805553224967086648493733366295231438448 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Schneier: SHA-1 has been broken - Time for a second thought about SDLH ?
Bruce Schneier wrote: (in Cryptogram) > SHA-1 has been broken. Not a reduced-round version. Not a simplified version. > The real thing. > > "One-way hash functions are supposed to have two properties. One, they're one > way. This means that it is easy to take a message and compute the hash value, > but it's impossible to take a hash value and recreate the original message. > (By 'impossible' I mean 'can't be done in any reasonable amount of time.') > Two, they're collision free. This means that it is impossible to find two > messages that hash to the same hash value. The cryptographic reasoning behind > these two properties is subtle, and I invite curious readers to learn more in > my book Applied Cryptography. > > "Breaking a hash function means showing that either -- or both -- of those > properties are not true." > > Last month, three Chinese cryptographers showed that SHA-1 is not > collision-free. That is, they developed an algorithm for finding collisions > faster than brute force. [ ... ] > Jon Callas, PGP's CTO, put it best: "It's time to walk, but not run, to the > fire exits. You don't see smoke, but the fire alarms have gone off." That's > basically what I said last August. > > "It's time for us all to migrate away from SHA-1. [ ... ] > > "Most of the hash functions we have, and all the ones in widespread use, are > based on the general principles of MD4. Clearly we've learned a lot about > hash functions in the past decade, and I think we can start applying that > knowledge to create something even more secure." And that is why I ask to give the Shamir Discrete Logarithm Hash Funktion a second thought. At leeast we have a proof of collision resistance under the assumption that factoring is infeasible for the modulus used. And that it more than we ever had regarding the MD4 series. BTW, choosing the next generation hash function should - as I think - not be dominated by terms of performance. (i.e done in the olde fashion) Ralf Senderek *.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.* * Ralf Senderek <[EMAIL PROTECTED]> http://senderek.com* What is privacy * * Sandstr. 60 D-41849 Wassenberg +49 2432-3960 * without * * PGP: AB 2C 85 AB DB D3 10 E7 CD A4 F8 AC 52 FC A9 ED *Pure Crypto? * 49466008763407508762442876812634724277805553224967086648493733366295231438448 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Problems with GPG El Gamal signing keys?
On Thu, 27 Nov 2003, Werner Koch wrote: > Yes, yes, I should have removed ElGamal signing key support back in > 1998 when there was no more need for it. I recall that some folks > begged me not to do that and I took the wrong decision. I think no-one will blame you for this, you couldn't have known the effects. But what are we going to learn? Heading for far less complexity is the future! Regards Ralf Senderek *.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.* * Ralf Senderek <[EMAIL PROTECTED]> http://senderek.de * What is privacy * * Sandstr. 60 D-41849 Wassenberg +49 2432-3960 * without * * PGP: AB 2C 85 AB DB D3 10 E7 CD A4 F8 AC 52 FC A9 ED *Pure Crypto? * 49466008763407508762442876812634724277805553224967086648493733366295231438448 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Simple SSL/TLS - Some Questions
On Mon, 6 Oct 2003, Ian Grigg wrote: (answering Jill's questions) > The only question I wasn't quite sure of > was whether, if I take your code, and modify it, > can I distribute a binary only version, and keep > the source changes proprietary? I'd strongly recommend to think about some code-signing which would best be included in the source code but could as well be distributed as separate signature files. Including a note in your licence (whatever it will turn out to be) this will not only help to spot and reject unauthorized and dubious attempts to "improve" your code but will also deter those who might call your code "crap" without having seen the "real thing". Good luck. Ralf *.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.* * Ralf Senderek <[EMAIL PROTECTED]> http://senderek.de * What is privacy * * Sandstr. 60 D-41849 Wassenberg +49 2432-3960 * without * * PGP: AB 2C 85 AB DB D3 10 E7 CD A4 F8 AC 52 FC A9 ED *Pure Crypto? * 49466008763407508762442876812634724277805553224967086648493733366295231438448 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
The Pure Crypto Project is released into the public domain
-BEGIN PURE-CRYPTO SIGNED MESSAGE- The development of the Pure Crypto Project has now finished and the source code is finally released into the public domain. http://senderek.de/pcp/release There is a detailed explanation of the security mechanisms and the background of PCP in http://senderek.de/security/pcp-protection.html I'd like to thank everyone who had supported the development with constructive criticism and helpful hints. Ralf Senderek -BEGIN PURE-CRYPTO SIGNATURE- Hash: SDLH *** based on modular exponentiation and RSA alone *** Ralf Senderek, Wassenberg PCP signingkey 2003 <[EMAIL PROTECTED]> 25958032129854687932657359023881789067615223206769084549252083817701673635916478066451442739272409695432768892327091119955449106519210830940788017364200647426776939035963437924650466140653374164639095531127457251096969368134246401229854317278214790952108232304719334951046143931853036507848781896094422733831171511446825977175759419953334942627329020239718812579256503089309028102255938929278430717387498628586439358045328606841270655376672619190792218866509905138949190124291282590808234947292681044889977767097191953045774717004560559416349715717406817521786793391297428420236953949886297123601451 -END PURE-CRYPTO SIGNATURE- - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]