RE: The password-reset paradox

2009-02-23 Thread Charlie Kaufman
I would assume (hope?) that when you have an OTP token, you get two factor authentication and don't stop needing a password. You would need a password either to unlock the OTP device or to enter alongside the OTP value. Otherwise, someone who finds your token can impersonate you. Assuming that's

RE: DNSSEC to be strangled at birth.

2007-04-07 Thread Charlie Kaufman
I wonder if the DHS has any idea what it's asking for. The news totally mangled what you might be able to do with that key. Even people on this list have trouble figuring it out. Perhaps they just heard about this root key thing, thought it sounded cool and important, and since they recently

RE: Factorization polynomially reducible to discrete log - known fact or not?

2006-07-10 Thread Charlie Kaufman
I believe this has been known for a long time, though I have never seen the proof. I could imagine constructing one based on quadratic sieve. I believe that a proof that the discrete log problem is polynomially reducible to the factorization problem is much harder and more recent (as in

It's almost enough to make you feel sorry for Diebold

2005-12-19 Thread Charlie Kaufman
Reportedly, some people demonstrated falsifying votes on Diebold voting machines using only resources and techniques available to thousands of election workers. It will be interesting to see the fallout. These weaknesses have apparently long been known, but denied by Diebold.

FW: Fermat's primality test vs. Miller-Rabin

2005-11-10 Thread Charlie Kaufman
(resending after bounce) -Original Message- From: Charlie Kaufman Sent: Tuesday, November 08, 2005 3:11 PM To: 'Travis H.'; 'cryptography@metzdowd.com' Subject: RE: Fermat's primality test vs. Miller-Rabin Is that the distinction that makes Miller-Rabin a stronger primality test? Yes

FW: How broad is the SPEKE patent.

2005-11-10 Thread Charlie Kaufman
(resending after bounce) -Original Message- From: Charlie Kaufman Sent: Wednesday, November 09, 2005 8:59 PM To: 'James A. Donald'; [EMAIL PROTECTED]; cryptography@metzdowd.com Subject: RE: How broad is the SPEKE patent. James A. Donald said: Does SPEKE claim to patent any uses

FW: How broad is the SPEKE patent.

2005-11-10 Thread Charlie Kaufman
(resending after bounce) -Original Message- From: Charlie Kaufman Sent: Wednesday, November 09, 2005 9:54 PM To: 'Steven M. Bellovin'; James A. Donald Cc: [EMAIL PROTECTED]; cryptography@metzdowd.com Subject: RE: How broad is the SPEKE patent. - Steven M. Bellovin wrote: Radia

RE: Propping up SHA-1 (or MD5)

2005-03-25 Thread Charlie Kaufman
and for checking one. --Charlie Kaufman -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Laurie Sent: Monday, March 21, 2005 3:57 AM To: Cryptography; [EMAIL PROTECTED] Subject: Propping up SHA-1 (or MD5) It was suggested at the SAAG meeting

RE: Propping up SHA-1 (or MD5)

2005-03-25 Thread Charlie Kaufman
protocols. --Charlie Kaufman p.s. Your formulae below have unbalanced parentheses, but I can guess what you probably meant. -Original Message- From: Ben Laurie [mailto:[EMAIL PROTECTED] Sent: Thursday, March 24, 2005 2:39 AM To: Charlie Kaufman Cc: Cryptography; [EMAIL PROTECTED

RE: I'll show you mine if you show me, er, mine

2005-03-15 Thread Charlie Kaufman
James A. Donald said: There seem to be a shitload of protocols, in addition to SPEKE and DH-EKE ... Can anyone suggest a well reviewed, unpatented, protocol that has the desired properties? Unpatented will be your biggest hurdle. I collaborated on the development of a strong password protocol