Re: cryptograph(y|er) jokes?

2004-06-24 Thread Arnold G. Reinhold
At 11:56 PM +0200 6/19/04, Hadmut Danisch wrote: Hi, does anyone know good jokes about cryptography, cryptographers, or security? Q: How many cryptographers does it take to change a light bulb? A: XIGHCBS --- There was a story in the NY Times many years ago about an apartment

Re: Is finding security holes a good idea?

2004-06-16 Thread Arnold G. Reinhold
The Mythical Man-Month is a great book, but it's almost 30 years old. Brooks considered OS/360 to be hopelessly bloated. My favorite quote (from Chapter 5, The Second System Effect, p. 56): For example, OS/360 devotes 26 bytes of the permanently resident date-turnover routine to the proper

Re: Satellite eavesdropping of 802.11b traffic

2004-05-28 Thread Arnold G. Reinhold
At 9:19 PM -0400 5/27/04, Perry E. Metzger wrote: R. A. Hettinga [EMAIL PROTECTED] writes: At 12:35 PM -0400 5/27/04, John Kelsey wrote: Does anyone know whether the low-power nature of wireless LANs protects them from eavesdropping by satellite? It seems to me that you'd need a pretty big dish

Re: The future of security

2004-05-25 Thread Arnold G. Reinhold
At 8:21 PM +0100 4/26/04, Graeme Burnett wrote: Hello folks, I am doing a presentation on the future of security, which of course includes a component on cryptography. That will be given at this conference on payments systems and security: http://www.enhyper.com/paysec/ Would anyone there have any

Re: Definitions of Security?

2004-04-15 Thread Arnold G. Reinhold
At 4:01 PM +0200 4/14/04, [EMAIL PROTECTED] wrote: Hi, I'm looking for interesting and unusal defitions of the term Security (or secure). I'm fully aware that it is difficult or impossible to give a precise, compact, and universal definitions, and some book authors explicitely say so. However,

Re: AES suitable for protecting Top Secret information

2004-04-15 Thread Arnold G. Reinhold
I was the one who updated the Wikipedia entry . It was shortly before the cryptography list came back up. I found the June 2003 CNSS fact sheet while looking for other information on NIST's standards program. The first reference that I found that suggested AES could be used for classified was

Re: voting

2004-04-09 Thread Arnold G. Reinhold
At 8:24 AM -0400 4/8/04, Perry E. Metzger wrote: Trei, Peter [EMAIL PROTECTED] writes: I think Perry has hit it on the head, with the one exception that the voter should never have the receipt in his hand - that opens the way for serial voting fraud. The receipt should be exposed to the voter

Re: [Mac_crypto] Apple should use SHA! (or stronger) to authenticate software releases

2004-04-05 Thread Arnold G. Reinhold
. - don davis, boston To: [EMAIL PROTECTED] From: Arnold G. Reinhold [EMAIL PROTECTED] Subject: [Mac_crypto] Apple should use SHA! (or stronger) to authenticate software releases Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] List-Id: Macintosh Cryptography mac_crypto.vmeng.com

Re: [Mac_crypto] Apple should use SHA! (or stronger) to authenticate software releases

2004-04-05 Thread Arnold G. Reinhold
At 4:51 PM +0100 4/5/04, Nicko van Someren wrote: ... While I agree that it is somewhat lax of Apple to be using MD5 for checking its updates it's far from clear to me that an attack of the sort described above would ever be practical. The problem is that the while there are methods for

Re: [Fwd: Re: Non-repudiation (was RE: The PAIN mnemonic)]

2004-01-09 Thread Arnold G. Reinhold
I did a Google search on irrebuttable presumption and found a lot of interesting material. One research report on the State of Connecticut web site http://www.cga.state.ct.us/2003/olrdata/ph/rpt/2003-R-0422.htm says: The Connecticut Supreme Court and the U. S. Supreme Court have held that

Re: why penny black etc. are not very useful

2003-12-31 Thread Arnold G. Reinhold
At 11:12 AM + 12/31/03, Ben Laurie wrote: Perry E. Metzger wrote: In my opinion, the various hashcash-to-stop-spam style schemes are not very useful, because spammers now routinely use automation to break into vast numbers of home computers and use them to send their spam. They're not paying

RE: Protection against offline dictionary attack on static files

2003-11-16 Thread Arnold G. Reinhold
Jill's approach to key stretching is not quite the same as the traditional iterated hash. It imposes no cost at encryption time, you only have to work at decryption. This might be valuable when you want to save your files as the Gestapo is breaking down your door. I've been working on a

Re: quantum hype

2003-09-21 Thread Arnold G. Reinhold
At 6:38 PM -0400 9/18/03, John S. Denker wrote: Yes, Mallory can DoS the setup by reading (and thereby trashing) every bit. But Mallory can DoS the setup by chopping out a piece of the cable. The two are equally effective and equally detectable. Chopping is cheaper and easier. Other

Re: PGP Encryption Proves Powerful

2003-05-31 Thread Arnold G. Reinhold
At 1:22 PM -0400 5/29/03, Ian Grigg wrote: The following appears to be a bone fide case of a threat model in action against the PGP program. Leaving aside commentary on the pros and cons within this example, there is a desparate lack of real experience in how crypto systems are attacked. IMHO,