Re: Trillian Secure IM

2007-10-13 Thread Andrew Odlyzko 
To add to the reference, a preprint is available online at

  http://www.dtc.umn.edu/~odlyzko/doc/arch/prime.discrete.logs.pdf

A companion paper that was used crucially in the solution, "Solving
large sparse linear systems over finite fields," pp. 109-133 in  
"Advances in Cryptology - CRYPTO '90," A. J. Menezes and S. A. Vanstone 
(eds.), Springer Verlag, Lecture Notes in Computer Science #537 (1991)
is available at

  http://www.dtc.umn.edu/~odlyzko/doc/arch/sparse.linear.eqs.pdf

Andrew Odlyzko, http://www.dtc.umn.edu/~odlyzko

   


  > On Fri Oct 12, Steve Bellovin wrote:

  On Thu, 11 Oct 2007 21:50:06 -0700
  Bill Stewart <[EMAIL PROTECTED]> wrote:

  > 
  > > > | Which is by the way exactly the case with SecureIM. How
  > > > | hard is it to brute-force 128-bit DH ? My "guesstimate"
  > > > | is it's an order of minutes or even seconds, depending
  > > > | on CPU resources.
  > 
  > Sun's "Secure NFS" product from the 1980s had 192-bit Diffie-Hellman,
  > and a comment in one of the O'Reilly NFS books says that
  >  "However, by 1990, advances in RISC processors produced
  >  workstation machines that could, by brute force,
  >  derive the private key from any public key in under a day."
  > but that in 1987 there were still a lot of Motorola 68010 machines
  > that took several minutes to generate keys so they didn't want it
  > longer. I'm guessing that a 1990 RISC machine was around 50 MIPS,
  > so it's maybe 1/100 the speed of a modern single-core CPU.
  > 
  > 128-bit DH sounds like as good a decision as using 40-bit RC4 keys
  > would be today.
  > 
  It wasn't just brute force, it was math.

  @Article{ nfscrack, 
author= {Brian A. LaMacchia and Andrew M. Odlyzko},
journal   = {Designs, Codes, and Cryptography},
pages = {46--62},
title = {Computation of Discrete Logarithms in Prime Fields},
volume= {1},
year  = {1991},
annote= {Describes how the authors cryptanalyzed Secure RPC.}
  }



--Steve Bellovin, http://www.cs.columbia.edu/~smb

  -
  The Cryptography Mailing List
  Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Workshop on Economics and Information Security, May 13-14, Minneapolis

2004-04-20 Thread Andrew Odlyzko 
The 3rd Annual Workshop on Economics and Information Security
will be held Thursday and Friday, May 13-14 (right after the
Oakland conference) on the campus of the University of Minnesota
in Minneapolis.  General information, including a tentative
schedule, is available at

  http://www.dtc.umn.edu/weis2004

Early registration with reduced fees closes on April 25.

Andrew Odlyzko

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Call for Papers: 2004 Workshop on Economics and Information Security

2003-12-05 Thread Andrew Odlyzko 



 The Third Annual Workshop on
   Economics and Information Security
   (WEIS04)
   May 13-14, 2004
   University of Minnesota
   http://www.dtc.umn.edu/weis2004

Submissions due: March 1, 2004

   How much should we spend to secure our computer systems?  Can we
determine which investments will provide the best protection?  How will
we know when we've reached our goals?  Can market forces ensure that
firms will act to improve security?  Can incentives align the goals of
employees with the security goals of their employers?

   While security technologies have benefited from decades of study,
there has been a dearth of research into decision making tools required
to choose among these technologies and employ them properly.  The
growing importance of information security and the failings of
technology-centric approaches have made security economics an area ripe
for new research.  There is much work to be done both in applying
existing economic tools to today's security questions and in pioneering
new economic approaches to address problems unique to the study of
security.

   The Third Annual Workshop on Economics and Information Security (WEIS04)
is a successor to the two pioneering workshops on this subject, held in
2002 at UC Berkeley and in 2003 at Univ. Maryland.  Information about them
is available at URLs given at end.

   We encourage economists, computer scientists, security specialists,
business school faculty, and industry experts to submit original research 
to the 2004 conference.  We would especially like to encourage collaborative 
research from authors in multiple fields.  Among past and suggested topics are:

   Game theoretic security models  Analysis of security solutions market
   Security investment optimizationThreat modeling
   Information sharing Risk management
   Algorithmic mechanism designSecurity metrics
   DRM and customer lock-inSecurity loss estimation
   Economics of privacyCyberterrorism
   Behavioral security economics   Economics of pseudonyms
   Reputation systems  Case studies

   There will be no printed proceedings of this workshop, but as with the
preceding workshops, authors of accepted papers will be encouraged to post
their papers and presentation decks on the conference site. There may later be
a printed volume of selected papers from the workshop, similar to the volume
based on the first two workshops that is in preparation.

   Submissions should not exceed approximately 8,000 words (i.e., about 12 single
spaced pages in a standard 11 point font). They must be submitted by March 1,
2004. Position papers of significantly shorter length are also welcome.
Notification of acceptance for the program will be sent by April 1, 2004.
Submissions should be sent, preferably in PDF format, to [EMAIL PROTECTED]
For general information about the conference, check the website:
http://www.dtc.umn.edu/weis2004/ or email [EMAIL PROTECTED]

Program Committee:

   Alessandro Acquisti, Heinz School, Carnegie Mellon University
   Ross Anderson, Computer Laboratory, Cambridge University
   Jean Camp, Kennedy School of Government, Harvard University
   Li Gong, Sun Microsystems
   Larry Gordon, Smith School of Business, University of Maryland
   Marty Loeb, Smith School of Business, University of Maryland
   Andrew Odlyzko (co-chair), Digital Technology Center, University of 
 Minnesota
   Stuart Schechter, Division of Engineering and Applied Sciences, Harvard 
   Bruce Schneier (co-chair), Counterpane Internet Security
   Doug Tygar, Computer Science and Information Management, UC Berkeley
   Hal Varian, School of Information Management and Systems and Economics 
 Dept., UC Berkeley

Local Steering Committee:

   Beth Allen, Economics Dept. and Supply Chain Research Center
   Massoud Amin, Electrical and Computer Engineering Dept. and Center for 
 Development of Technological Leadership
   Dan Burk, School of Law
   Laura Gurak, Department of Rhetoric and Internet Studies Center
   Rob Kauffman, Information and Decision Sciences and MIS Research Center, 
 Carlson School of Management
   Yongdae Kim, Computer Science and Engineering Dept.
   Vipin Kumar, Computer Science and Engineering Dept. and Army High 
 Performance Computing Research Center
   Andrew Odlyzko (chair), Digital Technology Center


Sponsor: Digital Technology Center, University of Minnesota

Cosponsors at the University of Minnesota: 

  Center for Development of Technological Leadership
  Computer Science and Engineering Department
  Department of Economics
  Department of Rhetoric
  Electrical and Computer Engineering Department
  Internet Studies Center
  MIS Research Center, Carlson School of Management
  School of Law




Note: UR