Re: Encryption and authentication modes

2010-07-15 Thread markus reichelt
* james hughes wrote:

 If there is no room for or an integrity field, you can look at

A not so well-known statement of said PDF certainly is the following,
especially in light of today's storage device capacities:

The length of the data unit for any instance of an implementation of
XTS-AES shall not exceed 2^20 AES blocks.

It seems to have made it smartly into openbsd, at least this
commit-info hints it:

left blank, right bald

Description: PGP signature

NXP sues to silence security researchers (Mifare Classic related)

2008-07-11 Thread markus reichelt

I've just stumbled upon this article which you might find

left blank, right bald

Description: PGP signature

Re: Philips/NXP/Mifare CRYPTO1 mostly reverse-engineered

2008-01-02 Thread markus reichelt
* markus reichelt [EMAIL PROTECTED] wrote:

 * Ralf-Philipp Weinmann [EMAIL PROTECTED] wrote:
  My colleague Erik took photos of the slides which I put up on
  Zooomr [0]. A video recording of the talk should be available
  shortly and will be linked here.
 preliminary link for the video:

it's now on google video:

left blank, right bald

Description: PGP signature

Re: Philips/NXP/Mifare CRYPTO1 mostly reverse-engineered

2007-12-31 Thread markus reichelt
* Ralf-Philipp Weinmann [EMAIL PROTECTED] wrote:

 My colleague Erik took photos of the slides which I put up on
 Zooomr [0]. A video recording of the talk should be available
 shortly and will be linked here.

preliminary link for the video:

left blank, right bald

Description: PGP signature

Re: Linux RNG paper

2006-05-04 Thread markus reichelt
* Travis H. [EMAIL PROTECTED] wrote:

 1) In the paper, he mentions that the state file could be altered
 by an attacker, and then he'd know the state when it first came up. 
 Of course, if he could do that, he could simply install a trojan in
 the OS itself, so this is not really that much of a concern.  If
 your hard drives might be altered by malicious parties, you should
 be using some kind of cryptographic integrity check on the contents
 before using them.  This often comes for free when encrypting the

Agreed; but regarding unix systems, I know of none crypto
implementation that does integrity checking. Not just de/encrypt the
data, but verify that the encrypted data has not been tampered with.

A however unlikely and far-fetched analogy would be someone altering
an encrypted root fs so that f.e. /etc/hosts.deny would decrypt
differently. Such things tend to stay unnoticed when not some kind of
IDS is used, for the very fact that all the common (more or less
skillfully crafted) crypto implementations simply fail to do
integrity checking; dm-crypt, loop-aes, mainline cryptoloop,
truecrypt, bestcrypt, CrossCrypt, ...

However, though preventing the unnoticed modification of an encrypted
device is undoubtedly a goal to strive for, this is not what those
crypto implementations try to achieve. They just work towards safely
and reliably de/encrypting one's data; some more, some less.

left blank, right bald
still, loop-aes is the way to go.

Description: PGP signature

Re: MD5 trick

2006-04-19 Thread markus reichelt

 Of course, it is a trick. Yesterday I updated my paper Tunnels in
 Hash Functions: MD5 Collisions Within a Minute
 ( and MD5 collision program

just being curious: from what you write, it looks like a pure
win-only source. do you happen to have a version that compiles on
some kind of unix?

left blank, right bald

Description: PGP signature

Re: NPR : E-Mail Encryption Rare in Everyday Use

2006-04-19 Thread markus reichelt
* Ian G [EMAIL PROTECTED] wrote:

 So, why not always sign messages to a list that permits
 It's hard to see the benefit, and it is easy to see the potential
 cost.  In a litiguous world, we are (slightly) better off not using
 messages that are going to haunt us in years to come.  As a
 principle, I'd never advise anyone to sign any message unless they
 could state what that meant.

Well, I for one value the spreading of cryptographic means higher
than what might happen due to some misguided lawyer. with all the
lost privacy due to so-called protection laws from all the
evildoers this has only strengthened my resolve. after all, the
lawyers are still there even if one doesn't use cryptographic means.

In my world there's just too much lobbyism involved not to take
action in the vital field of privacy. Most people using electronic
communications either believe that some occasional eavesdropping is
ok (for they have nothing to hide; an arguement solely given by the
state in some 1984 manner), or they don't grasp the extent of
eavesdropping possibilities, or they just don't bother. not bothering
is just equally bad as giving in to the state because if one remains
passive, it is not likely that one will change one's perception
easily switching to actively propagate one's ideals (because of a
certain receptiveness to state arguements). and nowadays it's hard
enough to change things even if one is actively involved.

 It could well be that this is a difference in view across the
 Atlantic.  It seems that many (continental) Europeans do not
 perceive a threat to themselves from things they write; whereas the
 English-centric world is more NDA obsessed.

I guess you mean Non-Disclosure Agreement by NDA. All those acronyms;
it's about time the A takes action.

I haven't really perceived it the way you describe, but I don't work
in an environment where such things could matter at all. I'm in the
scientific community (chemistry), and there limits of talk (if you
get the meaning) are described pretty well, and this only affects
some areas of competition.

Given that some individual or even organisation keeps track of its
employees' writings in/on public media, I barely see the benefits
apart from some cases where it comes to leaking info which is already
prohibited by some kind of Non-Disclosure Agreement. those exist here
too, but with all the transparency about it, one really has to be
utterly stupid to mess things up.

From what you write I get the impression that even the slightest hint
about even the slightest clue may cause one harm. In my opinion this
fuels fear, just like telling a teenager not to ever fall in love
because he'll only get hurt anyway. we have misguided lawyers here
too, far too many of them in fact, for about over 20 years, and they
need to get an income. all that increased sueing stuff can be traced
back to the growing numbers of lawyers hitting the open market. not
that it offers a solution but there's still the bottom of the ocean
or the moon, and mars may be an issue soon...

 Quite frankly, I wouldn't have thought this topic would emerge the
 way it has on a cryptography mailinglist. Maybe it's about time to
 publish my article Why Cryptography Is Important In Modern Life
 after all (don't hold your breath; with me being pretty busy it's
 not due until after eastern).
 Cryptography is a tool, not a religion, notwithstanding the desires
 of many to deify it.  It is the application that delivers benefits,
 and properly thought out apps generally use as little crypto as
 they can get away with.  Top-down applications thinking says use
 the tool that does the job whereas bottom-up, toolbox thinking
 says use this tool because it's so cool!

I guess you got me wrong, and I'm not sure I get your top-down,
bottom-up analogies. Anyway, I'm not propagating means of
cryptography because of a religious hype or something. to clarify
this, me and my friends are not amused by officials having the legal
means to listen in on email communications, phone conversations, etc.
both without prior suspicion and some kind of notification of the
person(s) being listened in to, let alone legal backup (it was
rendered redundant anyway). because of the terrorist-threat-hype such
processes are now accelerated to fit only the state's benefits, yet
they sold as a citizen's benefit altogether. we have a saying here (i
hope it carries over, i'm not a native english speaker): working at
such a hectic pace replaces an intellectual calm.

From what I wrote above I guess it can be boiled down to this. Means
of cryptography are valued because of the possibility to protect
one's privacy that the state obviously has deemed unnecessary, for
good citizens surely don't have something to hide. simply put, since
we all don't walk the street naked, the state always wins. such a
state is out of balance, and checks are most likely still in place
where they possibly can't influence a larger picture.