workshop on unwanted Internet traffic
Readers of this list may be interesting the the SRUTI -- Steps Towards Reducing Unwanted Traffic on the Internet -- workshop. See http://www.research.att.com/~bala/srut for details. --Steve Bellovin, http://www.research.att.com/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Swiss NEMA rotor machine for sale on EBay
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=2252451747ssPageName=ADME:B:SS:US:1 I'm sure we'll see the usual complaints about people being unable to view it... --Steve Bellovin, http://www.research.att.com/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
CAs for spies?
Have you ever wondered what CA a spy agency would trust? In the case of the Mossad, it's Thawte. Go to http://www.mossad.gov.il/Mohr/MohrTopNav/MohrEnglish/MohrAboutUs/ and click Contact Us or Application Form. You'll get an SSL-protected connection, with a 1024-bit RSA key (with MD5) in a certificate issued by Thawte. The connection itself used 256-bit AES. --Steve Bellovin, http://www.research.att.com/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
The EU pursues quantum crypto because of Echelon
http://www.computerworld.com/securitytopics/security/story/0,10801,93220,00.html?from=homeheads I'm not sure what more to say, given my opinion of the general utility of quantum crypto --Steve Bellovin, http://www.research.att.com/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
AES suitable for protecting Top Secret information
I haven't seen this mentioned on the list, so I thought I'd toss it out. According to http://www.nstissc.gov/Assets/pdf/fact%20sheet.pdf , AES is acceptable for protecting Top Secret data. Here's the crucial sentence: The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. --Steve Bellovin, http://www.research.att.com/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Spy Letters from the American Revolution
Readers of this list may be interested in http://www.si.umich.edu/spies/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
safety of Pohlig-Hellman with a common modulus?
Is it safe to use Pohlig-Hellman encryption with a common modulus? That is, I want various parties to have their own exponents, but share the same prime modulus. In my application, a chosen plaintext attack will be possible. (I know that RSA with common modulus is not safe.) --Steve Bellovin, http://www.research.att.com/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
yahoo to use public key technology for anti-spam
http://edition.cnn.com/2003/TECH/internet/12/05/spam.yahoo.reut/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Additional Proposed Hash Function (Forwarded)
--- Forwarded Message Date: Tue, 02 Dec 2003 13:40:32 -0500 To: [EMAIL PROTECTED] From: Elaine Barker [EMAIL PROTECTED] Subject: Additional Proposed Hash Function NIST is proposing a change notice for FIPS 180-2, the Secure Hash Standard that will specify an additional hash function, SHA-224, that is based on SHA-256. The change notice is available at http://csrc.nist.gov/publications/drafts.html. NIST requests comments for the change notice by January 16, 2004. Comments should be addressed to [EMAIL PROTECTED] --Steve Bellovin, http://www.research.att.com/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
traffic analysis of phone calls?
Slightly off-topic, but a reminder of the sort of thing that ordinary crypto doesn't hide. http://www.silicon.com/news/59-51/1/5093.html?rolling=2 IT Myths: Colombian drugs gang's mainframe-assisted assassinations? Did drugs barons really use multi-million pound systems to see who was grassing to informants...? Colombian drug running, police raids and the assassination of informants isn't something that has an obvious link to mainframe technology but in the first of our series investigating IT myths this was certainly the most intriguing. The story has it that Colombian drugs cartels in the 1990s were using massive mainframe computer systems to analyse telephone billing records they had 'borrowed' from phone companies to find out which people in their cartels were on the blower to Colombian police and US agents. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of Firewalls book) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]