RE: Elcomsoft trying to patent faster GPU-based password cracker

I was the person who originated the DES Challenges at RSA, and also helped set up and run them. I knew that there was a stealth effort underway at SGI, but didn't know any of the details. A good deal of cool stuff came out of the contests. Other prior art against this patent would include usin

Re: question re practical use of secret sharing

RSA's BSAFE 6.2.1.0 supports Bloom-Shamir secret sharing. Peter Trei Principal Engineer RSA: the Security Division of EMC. Disclaimer: I am not a spokesperson for RSA or EMC. -Original Message- Charles Jackson asks: > A quick question. > Is anyone aware of a commercial product that im

RE: Russian cyberwar against Estonia?

Bill Stewart wrote: > At 01:04 PM 5/18/2007, Trei, Peter wrote: >> If the Russians aren't behind this, who else should be suspected? It >> isn't like Estonia has a wide selection of enemies. :-) > There are three likely suspects > - the actual Russian gove

RE: Russian cyberwar against Estonia?

Dave Korn wrote: >On 18 May 2007 05:44, Alex Alten wrote: >> This may be a bit off the crypto topic, > You betcha! >> but it is interesting nonetheless. >> >> Russia accused of unleashing cyberwar to disable Estonia >> http://www.guardian.co.uk/print/0,,329864981-103610,00.html >> >> Estonia

RE: padlocks with backdoors - TSA approved

Taral wrote: > I'm just waiting for someone with access to photograph said keys and > post it all over the internet. Let us hope that happnes - it won't make passenger security worse, and would demonstrate that The Emperor Has No Clothes. Even if that doesn't happen, it is presumabley feasible

RE: Entropy of other languages

Travis H. wrote: On Sun, Feb 04, 2007 at 03:46:41PM -0800, Allen wrote: [...] > What about other languages? Does anyone know the relative entropy of > other alphabetic languages? What about the entropy of ideographic > languages? Pictographic? Hieroglyphic? IIRC, it turned out that Egyptian he

FW: Entropy of other languages

Steven M. Bellovin wrote: > > On Sun, 04 Feb 2007 15:46:41 -0800 > Allen <[EMAIL PROTECTED]> wrote: > > > Hi gang, > > > > An idle question. English has a relatively low entropy as a > language. > > Don't recall the exact figure, but if you look at words that start > > with "q" it is very lo

RE: SSL Cert Prices & Notes

It is with some irony I note that this message from Peter Saint-Andre failed a signature check - startcom isn't among the trusted roots in my copy of Outlook. Peter Trei -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Saint-Andre Sent: Wednesday,

RE: Unforgeable dialog.

Piers Bowness wrote: > This is concept is surprisingly complex. Once the attacker sees the "secure" dialog, > what prevents them from using the same techniques and/or code to create a visually > > identical spoof? (Hi Piers!) I actually dealt with this in a former job, where I wrote a proxy fo

RE: thoughts on one time pads

You missed the old standby - the microwave oven. The disk remains physically intact (at least after the 5 seconds or so I've tried), but a great deal of pretty arcing occurs in the conductive data layer. Where the arcs travel, the data layer is vapourized. The end result is an otherwise intact d

RE: long-term GPG signing key

Alexander Klimov wrote: >On Wed, 11 Jan 2006, Ian G wrote: >> Even though triple-DES is still considered to have avoided that trap, >> its relatively small block size means you can now put the entire >> decrypt table on a dvd (or somesuch, I forget the maths). > This would need 8 x 2^{64} byte

RE: Another entry in the internet security hall of shame....

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Peter Saint-Andre > Sent: Wednesday, August 24, 2005 4:56 PM > To: cryptography@metzdowd.com > Subject: Re: Another entry in the internet security hall of shame > > > Tim Dierks wrote: > > [resendin

From [IP] i secure cell phone via software

Interesting encrypted VoIP application for Symbian GSM phones. Peter Trei > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf > Of David Farber > Sent: Monday, April 25, 2005 9:58 AM > To: Ip > Subject: [IP] i secure cell phone via software > > > http://ww

FW: [IP] One cryptographer's perspective on the SHA-1 result

Full disclosure: Burt Kaliski and I share an employer. Peter Trei -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David Farber Sent: Wednesday, February 23, 2005 7:48 PM To: Ip Subject: [IP] One cryptographer's perspective on the SHA-1 result From: "Kalis

RE: SHA1 broken?

Actually, the final challenge was solved in 23 hours, about 1/3 Deep Crack, and 2/3 Distributed.net. They were lucky, finding the key after only 24% of the keyspace had been searched. More recently, RC5-64 was solved about a year ago. It took d.net 4 *years*. 2^69 remains non-trivial. Peter -

RSA Conference, and BA Cypherpunks

Once again, the RSA Conference is upon us, and many of the corrospondents on these lists will be in San Francisco. I'd like to see if anyone is interested in getting together. We've done this before. At past conferences, we've had various levels of participation, from 50 down to 3. Since the BAC

RE: Dell to Add Security Chip to PCs

Erwann ABALEA > On Wed, 2 Feb 2005, Trei, Peter wrote: > > > Seeing as it comes out of the TCG, this is almost certainly > > the enabling hardware for Palladium/NGSCB. Its a part of > > your computer which you may not have full control over. > > Please stop relay

RE: Dell to Add Security Chip to PCs

Seeing as it comes out of the TCG, this is almost certainly the enabling hardware for Palladium/NGSCB. Its a part of your computer which you may not have full control over. Peter Trei Tyler Durden > ANyone familiar with computer architectures and chips able to > answer this > question: > > Th

RE: Banks Test ID Device for Online Security

R.A. Hettinga wrote: > Okay. So AOL and Banks are *selling* RSA keys??? > Could someone explain this to me? > No. Really. I'm serious... > > Cheers, > RAH > The slashdot article title is really, really misleading. In both cases, this is SecurID. Peter -

RE: RSA Implementation in C language

Admittedly somewhat old and creaky, but try Googling RSAREF. I don't know where that stands for IP rights (presumably we still have copyright), bout for research it's a startin point. Peter > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Sandeep N

RE: Financial identity is *dangerous*? (was re: Fake companies, real money)

James A. Donald wrote: > R.A. Hettinga wrote: > > [The mobile phone is] certainly getting to be like Chaum's > > ideal crypto device. You own it, it has its own I/O, and it > > never leaves your sight. > > Is there a phone that is programmable enough to store secrets > on and sign and decrypt st

RE: Financial identity is *dangerous*? (was re: Fake companies, real money)

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Aaron Whitehouse > Sent: Saturday, October 23, 2004 1:58 AM > To: Ian Grigg > Cc: [EMAIL PROTECTED] > Subject: Re: Financial identity is *dangerous*? (was re: Fake > companies, > real money) > > > >

How thorough are the hash breaks, anyway?

[Disclaimer: I've never claimed to be a mathematician, nor even a cryptographer:my business card says 'cryptoengineer'. I've always tried more to understand how to properly use cryptographic primitives than to understand the deep theory of their construction. I go to people who know the theory

DES: Now 'really most sincerely dead'

Back in late 1996, I wrote to Jim Bidzos, proposing an RSA Challenge to break single DES by brute force computation. Later in 1997, the first DES Challenge was successfully completed. Its taken another 7 years, but NIST has finally pulled single DES as a supported mode. Favorite line: "DES i

EZ Pass followup.

This may be of interest to the folks discussing EZ pass. On ne.transportation, there is a thread regarding the subject, titled: Surveillance Equipment on I-95? The most interesting post follows. Peter Trei From: [EMAIL PROTECTED] "John F. Carr" wrote: > In artic

RE: Security clampdown on the home PC banknote forgers

[EMAIL PROTECTED] wrote: > > It's time to start wearing t-shirts bearing the image of a > banned banknote. > (To circumvent counterfeiting laws, wear the banknote of a > foreign country). > Imagine the frustration of the police when they can't > photocopy your picture. > >From the original a

RE: Satellite eavesdropping of 802.11b traffic

R. A. Hettinga > At 12:35 PM -0400 5/27/04, John Kelsey wrote: > >Does anyone know whether the low-power nature of wireless > LANs protects > >them from eavesdropping by satellite? > > It seems to me that you'd need a pretty big dish in orbit to > get that kind > of resolution. > > The Keyhole

RE: EU seeks quantum cryptography response to Echelon

Tom Shaddack wrote: > On Tue, 18 May 2004, Tyler Durden wrote: > > > "Monyk believes there will be a global market of several > million users once > > a workable solution has been developed. A political > decision will have to > > be taken as to who those users will be in order to prevent > te

RE: voting

> Ed Gerck[SMTP:[EMAIL PROTECTED] > > John Kelsey wrote: > > > > At 11:05 AM 4/9/04 -0400, Trei, Peter wrote: > > > > >1. The use of receipts which a voter takes from the voting place to > 'verify' > > >that their vote was

RE: voting

"privacy" wrote: [good points about weaknesses in adversarial system deleted] > It's baffling that security experts today are clinging to the outmoded > and insecure paper voting systems of the past, where evidence of fraud, > error and incompetence is overwhelming. Cryptographic

RE: voting

> Perry E. Metzger wrote: > > I'm a believer in the KISS principle. > > A ballot that is both machine and human readable and is constructed by > machine seems ideal. You enter your votes, a card drops down, you > verify it and drop it in a slot. Ideally, the cards would be marked > with something

RE: Firm invites experts to punch holes in ballot software

> Ian Grigg[SMTP:[EMAIL PROTECTED] wrote: > > Trei, Peter wrote: > > Frankly, the whole online-verification step seems like an > > unneccesary complication. > > It seems to me that the requirement for after-the-vote > verification ("to prove your vote was count

RE: Firm invites experts to punch holes in ballot software

Major Variola (ret) wrote: >Peter, what would be wrong with having a machine in the booth that >prints >any valid receipt BUT is not connected to the voting system. "To vote >use the red machine; if you're being coerced you can use the blue >machine >to print as many receipts as intimidators." >

RE: Firm invites experts to punch holes in ballot software

>Firm invites experts to punch holes in ballot software > The company's software is designed to let voters verify that their ballots >were properly handled. It assigns random identification numbers to ballots >and candidates. After people vote, they get a receipt that shows which >candidates the

RE: Code breakers crack GSM cellphone encryption

> David Honig[SMTP:[EMAIL PROTECTED] wrote: > > At 02:37 AM 9/9/03 +1000, Greg Rose wrote: > >At 05:18 PM 9/7/2003 -0700, David Honig wrote: > >>"Laughing my ass off." Since when do governments care about patents? > >>How would this help/harm them from exploiting it? Not that > >>high-end LEOs

RE: U.S. seeks OSCE pact on biometric passports

> Duncan Frissell[SMTP:[EMAIL PROTECTED] writes: > > Anyone have any pointers to non destructive methods of rendering Smart > Chips unreadable? Just curious. > > > On Mon, 1 Sep 2003, R. A. Hettinga wrote: > > > > r>