Re: [Cryptography] The paranoid approach to crypto-plumbing

On Mon, Sep 16, 2013 at 12:44 PM, Bill Frantz wrote: > Symmetric encryption: > > Two algorithms give security equal to the best of them. Three > protect against meet-in-the-middle attacks. Performing the > multiple encryption at the block level allows block cyphers to > be combined with s

Re: [Cryptography] real random numbers

Let me a try a different way of stating (what I think is) Denker's point. >From docs for my RNG, at: ftp://ftp.cs.sjtu.edu.cn:990/sandy/maxwell/ Discussing Denker's Turbid, found at: http://www.av8n.com/turbid/paper/turbid.htm (Quoting) The unique advantage of Turbid is that it provably delivers

Re: [Cryptography] Thoughts on hardware randomness sources

On Tue, Sep 10, 2013 at 10:59 AM, Marcus D. Leech wrote: > I wonder what people's opinions are on things like the randomsound daemon > that is available for Linux. I have not looked at that. A well thought out & well documented RNG based on a sound card is: http://www.av8n.com/turbid/paper/turbid

Re: [Cryptography] Using Raspberry Pis

On Mon, Aug 26, 2013 at 4:12 PM, Phillip Hallam-Baker wrote: > I really like RPis as a cryptographic tool. The only thing that would make > them better is a second Ethernet interface so they could be used as a > firewall type device. Two things to look at. Onion Pi turns one into a WiFi hotspot &

Re: Intel to also add RNG

On 7/13/10, Perry E. Metzger wrote: > It is disturbing to me that people oppose this so much. Yes. A hardware RNG seems an obvious Good Thing. Not a complete solution, but a very useful component. > For a lot of applications -- servers run in isolation, networking > equipment, etc. -- having

What is required for trust?

India recently forbade some Chinese companies from bidding on some cell phone infrastructure projects, citing national security concerns: http://www.chinatechnews.com/2010/05/25/12102-indias-bsnl-excludes-chinas-huawei-zte-from-gsm-bidding Of course, the Chinese gov't and companies are by no mean

Re: hedging our bets -- in case SHA-256 turns out to be insecure

On 11/12/09, David-Sarah Hopwood wrote: > Sandy Harris wrote: > > On 11/8/09, Zooko Wilcox-O'Hearn wrote: > > > >> Therefore I've been thinking about how to make Tahoe-LAFS robust against > >> the possibility that SHA-256 will turn out to

Re: hedging our bets -- in case SHA-256 turns out to be insecure

On 11/8/09, Zooko Wilcox-O'Hearn wrote: > Therefore I've been thinking about how to make Tahoe-LAFS robust against > the possibility that SHA-256 will turn out to be insecure. NIST are dealing with that via the AHS process. Shouldn't you just use their results? > We could use a different hash

Re: TLS man in the middle

On 11/6/09, mhey...@gmail.com wrote: > >From > and > > >From what I gather, when TLS client certificates are used, an attacker > can post a command to a victim server and have it authenticated by a

Re: Factoring attack against RSA based on Pollard's Rho

a^2 and b^2 mod 9, mod 16, or by combining those mod 144. Mod 25, mod 49 et cetera gave constraints but not unique solutions. After playing with this a while, I concluded that it was not actually useful, -- Sandy Harris, Quanzhou, Fujian, China -

Fwd: 80-bit security? (Was: Re: SHA-1 collisions now at 2^{52}?)

n a week for 9,000 euro. 256 of them would break a 64-bit cipher in a week. This is within reach for a high-stakes industrial espionage situation, say Boeing and Airbus competing for big orders. -- Sandy Harris, Quanzhou, Fujian, China - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Re: [tahoe-dev] SHA-1 broken!

A-1 certainly would not be trivial, but it looks feasible. -- Sandy Harris, Quanzhou, Fujian, China - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Re: CSPRNG algorithms

endium.org/wiki/Random_number#Random_sequences_from_physical_phenomena It is a wiki so if you can improve it, please do. No doubt Wikipedia has a list as well. All the usual crypto texts have chapters on it, too. -- Sandy Harris, Quanzhou, Fujian, China

Re: Destroying confidential information from database

ystems have become much more common and, for all I know the attack technology may have changed too. Is there a more recent analysis or is Guttman still the best reference? -- Sandy Harris, Quanzhou, Fujian, China - The Crypto

Re: CPRNGs are still an issue.

encrypting unless some enemy might get the text and using things an an enemy can get is exactly what you do not want here. However, it is cheap and random-looking, and the volume is proportional to the amount of crypto done, so it might help in some cases. -- Sandy Harris, Quanzhou, Fuj

Hybrid cipher paper

8 and RC4-128 to get a cipher that takes a 256-bit key and is significantly faster than AES-256, and arguably more secure. One is immune to algebraic attacks. -- Sandy Harris, Quanzhou, Fujian, China - The Cryptography Mailing

Re: combining entropy

.. At some point, you may find yourself designing a hash. If that happens, just give up and use a standard hash. -- Sandy Harris, Quanzhou, Fujian, China - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Fake popup study

>From Slashdot: Psychologists gave university students phony popups with various malware warning signs. Many just clicked. http://arstechnica.com/news.ars/post/20080923-study-confirms-users-are-idiots.html -- Sandy Harris, Quanzhou, Fujian, Ch

Re: Lava lamp random number generator made useful?

an easy addition to others, this strikes me as a good solution. -- Sandy Harris, Quanzhou, Fujian, China - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Cruising the stacks and finding stuff

any symmetric cipher key size less than the public key size, your overheads are the same. -- Sandy Harris, Nanjing, China - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Cruising the stacks and finding stuff

ey (256 times harder than DES) in a second (a few 100 thousand times faster). Brute force against a 96-bit key should take 2^32 times as long. Since pi seconds is a nano-century, that's somewhat over a century. For a 128-bit key, over 2^32 centuries. If brute force is the best attack, this is o

Re: Gutmann Soundwave Therapy

fine. Does tinc do something that IPsec cannot? -- Sandy Harris, Nanjing, China - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Death of antivirus software imminent

current/index.html The aptly named RFC 1984 is also relevant. Among the more obvious problems are the fact that complexity is bad for security, that the US government has some history of abusing wiretaps, and that other governments who would have access to any such technology are even less

Re: Password vs data entropy

llion years instead. So, if your crypto is sound,128 bits should theorectically be enough for any data and any human time scale. Practice and theory can differ, though, and you cannot be utterly certain there's not some unpublished attack that does awful things to the crypto. I'd use

Re: Password hashing

hashes? It looks to me like this wold make dictionary attacks harder too. -- Sandy Harris, Nanjing, China - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: debunking snake oil

unbreakable scheme, .. You can get a few spectacularly boneheaded ones from Sklyarov's Defcon presentation, the one he was arrested for. Link here. http://www.cs.cmu.edu/~dst/Adobe/Gallery/ -- Sandy Harris, Nanjing, China ---

Re: ad hoc IPsec or similiar

"initiate-only" IPsec; it does not handle incoming connections. However, that may be enough for many client machines that live in dynamic address space. -- Sandy Harris Quanzhou, Fujian, China - The Cryptography Mai

Re: ad hoc IPsec or similiar

ees/freeswan-2.00/doc/quickstart.html There is an RFC based on that work: ftp://ftp.rfc-editor.org/in-notes/rfc4322.txt The FreeS/WAN project has ended. I do no know if the follow-on projects, openswan.org and strongswan.org, support OE. -- Sandy Harris Qu

Re: Entropy of other languages

Travis H. <[EMAIL PROTECTED]> wrote: On Wed, Feb 07, 2007 at 05:42:49AM -0800, Sandy Harris wrote: > He starts from information theory and an assumption that > there needs to be some constant upper bound on the > receiver's per-symbol processing time. From there, with > n

Re: Entropy of other languages

;s equation simplifies to Zipf's Law, the well-known rule about word, letter or sound frequencies in linguistics. I'm not sure if you can also get Pareto's Law which covers income & wealth distributions in economics. -- Sandy Harris Quanzhou, Fujian, China -

Status of opportunistic encryption

stic Encryption using the Internet Key Exchange (IKE) RFC 4025 A Method for Storing IPsec Keying Material in DNS and that both of FreeS/WAN's successor projects (openswan.org and strongswan.org) mention it in their docs. However, I don't know if it actually being used. -- Sandy Harris

Re: Entropy Definition (was Re: passphrases with more than 160 bits of entropy)

estroy it, but no amount of any kind of processing can increase it. > * Can you add or increase entropy? > You can add more entropy, either from another source or more from the same source. That is the only way to increase it. -- Sandy Harris Zhuhai, Guangdong, China

Re: 3DES performance

Lee Parkes wrote: Hi, I'm working on a project for a company that involves the use of 3DES. They have asked me to find out what the overheads are ... Some info at: http://www.freeswan.org/freeswan_trees/freeswan-2.06/doc/performance.html --

Re: potential new IETF WG on anonymous IPSec

Zooko O'Whielcronx wrote: On 2004, Sep 09, , at 16:57, Hal Finney wrote: ... an extension to IPsec to allow for unauthenticated connections. Presently IPsec relies on either pre-shared secrets or a trusted third party CA to authenticate the connection. No. It can also use RSA public keys without e

Re: cryptograph(y|er) jokes?

bear wrote: Bob and Alice routinely discuss bombs, terrorism, tax cheating, sexual infidelity, and deviant sex over the internet. They conspire to commit crimes, share banned texts and suppressed news, or topple tyrannical governments whose agents eavesdrop on their every communication. They do a

Re: cryptograph(y|er) jokes?

Hadmut Danisch wrote: does anyone know good jokes about cryptography, cryptographers, or security? There's always the sys admin's mantra: I know I'm paranoid, but I worry about whether I'm paranoid enough. FreeS/WAN docs have links to several collections of crypto quotes, many funny: http://www

Re: efficiency?? vs security with symmetric crypto? (Re: Tinc's response to "Linux's answer to MS-PPTP")

Adam Back wrote: What conceivable trade-offs could you have to make to get acceptable performance out of symmetric crypto encrypted+authenticated tunnel? All ciphers you should be using are like 50MB/sec on a 1Ghz machine!! There's fairly detailed performance data for Linux FreeS/WAN IPsec http://

Re: authentication and ESP

John S. Denker wrote: On 06/19/2003 01:49 PM, martin f krafft wrote: > As far as I can tell, IPsec's ESP has the functionality of > authentication and integrity built in: It depends on what you mean by "built in". 1) The RFC provides for ESP+authentication but does not require ESP to use authent