--
From: Perry E. Metzger pe...@piermont.com
Subject: Against Rekeying
I'd be interested in hearing what people think on the topic. I'm a bit
skeptical of his position, partially because I think we have too little
experience with real world
--
From: Kevin W. Wall kevin.w.w...@gmail.com
Subject: Re: Detecting attempts to decrypt with incorrect secret key in
OWASP ESAPI
So given these limited choices, what are the best options to the
questions I posed in my original post yesterday?
--
From: Kevin W. Wall kevin.w.w...@gmail.com
Subject: Detecting attempts to decrypt with incorrect secret key in OWASP
ESAPI
The new default for the new encryption / decryption methods is to be
128-bit AES/CBC/PKCS5Padding and use of a random
problem is that I haven't
taken the time to look over the patents on bordering technologies to see if
I believe it is patent safe. Lately, I've been dealing with a lot of patent
weirdness, so I'm more aware of patent issues.
ObNitpick:
Joseph Ashwood wrote:
Since you already have CBC
My apologies for the delay, I had forgotten the draft message.
--
From: Alexander Klimov alser...@inbox.ru
Subject: Attacks against GOST? Was: Protocol Construction
On Sun, 2 Aug 2009, Joseph Ashwood wrote:
So far, evidence supports the idea
-
From: PETER SCHWEITZER pe...@infosecsys.com
Subject: AES, RC4
Referring to your note of August 1: I haven't found anything about
breaking RC4 if used with a newly randomly generated key (unrelated to
any others) for every communication session.
--
From: James A. Donald jam...@echeque.com
Subject: Re: Fast MAC algorithms?
Joseph Ashwood wrote:
RC-4 is broken when used as intended.
...
If you take these into consideration, can it be used correctly?
James A. Donald:
Hence tricky
--
From: Ray Dillinger b...@sonic.net
Subject: Re: Fast MAC algorithms?
I mean, I get it that crypto is rarely the weakest link in a secured
application. Still, why are folk always designing and adopting
cryptographic tools for the next decade or
--
From: James A. Donald jam...@echeque.com
Subject: Re: Fast MAC algorithms?
james hughes wrote:
On Jul 27, 2009, at 4:50 AM, James A. Donald wrote:
No one can break arcfour used correctly - unfortunately, it is tricky to
use it correctly.
--
From: Nicolas Williams nicolas.willi...@sun.com
Sent: Tuesday, July 21, 2009 10:43 PM
Subject: Re: Fast MAC algorithms?
But that's not what I'm looking for here. I'm looking for the fastest
MACs, with extreme security considerations (e.g.,
--
From: Nicolas Williams nicolas.willi...@sun.com
Subject: Fast MAC algorithms?
Which MAC algorithms would you recommend?
I didn't see the primary requirement, you never give a speed requirement.
OMAC-AES-128 should function around 100MB/sec,
--
Sent: Wednesday, July 01, 2009 4:05 PM
Subject: MD6 withdrawn from SHA-3 competition
Also from Bruce Schneier, a report that MD6 was withdrawn from the SHA-3
competition because of performance considerations.
I find this disappointing. With
- Original Message -
From: Victor Duchovni [EMAIL PROTECTED]
To: cryptography@metzdowd.com
Sent: Tuesday, September 16, 2008 2:08 PM
Subject: Re: RSA modulus record
On Tue, Sep 16, 2008 at 09:01:51PM +0200, Weger, B.M.M. de wrote:
There's a new biggest known RSA modulus.
It is (in
- Original Message -
From: Hal Finney [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; cryptography@metzdowd.com
Sent: Sunday, February 10, 2008 9:27 AM
Subject: Re: questions on RFC2631 and DH key agreement
Joseph Ashwood writes:
From: Hal Finney [EMAIL PROTECTED]
Joseph Ashwood writes
- Original Message -
From: Hal Finney [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; cryptography@metzdowd.com
Sent: Wednesday, February 06, 2008 8:54 AM
Subject: Re: questions on RFC2631 and DH key agreement
Joseph Ashwood writes, regarding unauthenticated DH:
I would actually recommend
[to and CC trimmed]
- Original Message -
From: ' =JeffH ' [EMAIL PROTECTED]
To: Hal Finney [EMAIL PROTECTED]; Eric Rescorla
[EMAIL PROTECTED]; [EMAIL PROTECTED]; Joseph Ashwood
[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; cryptography@metzdowd.com
Sent: Thursday, February 07, 2008 2:17 PM
- Original Message -
From: ' =JeffH ' [EMAIL PROTECTED]
Sent: Saturday, February 02, 2008 12:56 PM
Subject: Re: questions on RFC2631 and DH key agreement
If a purportedly secure protocol employing a nominal DH exchange in
order to
establish a shared secret key between a requester and
- Original Message -
From: ' =JeffH ' [EMAIL PROTECTED]
To: Joseph Ashwood [EMAIL PROTECTED]
Cc: cryptography@metzdowd.com
Sent: Monday, February 04, 2008 5:18 PM
Subject: Re: questions on RFC2631 and DH key agreement
I'd scrawled:
If a purportedly secure protocol employing
- Original Message -
From: ' =JeffH ' [EMAIL PROTECTED]
To: cryptography@metzdowd.com
Cc: ' =JeffH ' [EMAIL PROTECTED]
Sent: Friday, February 01, 2008 1:53 PM
Subject: questions on RFC2631 and DH key agreement
(ya and yb) if { p, q, g, j } are known to both parties.
So if p, q, g
- Original Message -
From: Tero Kivinen [EMAIL PROTECTED]
Sent: Monday, October 15, 2007 5:47 AM
Subject: Re: Password hashing
Joseph Ashwood writes:
On NetBSD HMAC-SHA1:
There is a shortcut in the design as listed, using the non-changing
password
as the key allows
Just combining several of my thoughts into a single email.
On the Red Hat proposal:
Why does every undereducated person believe that complexity==security? It is
far better to rely on little things called proofs. There are several
proofs out there with significant impact on this. In particular
- Original Message -
From: Jim Gellman [EMAIL PROTECTED]
To: Joseph Ashwood [EMAIL PROTECTED]
Cc: Cryptography cryptography@metzdowd.com
Sent: Saturday, October 13, 2007 1:25 PM
Subject: Re: Password hashing
I'm not sure I follow your notation. Are you saying that IV[n] is the
n'th
- Original Message -
From: Matthias Bruestle [EMAIL PROTECTED]
Subject: Private Key Generation from Passwords/phrases
What do you think about this?
I think you need some serious help in learning the difference between 2^112
and 112, and that you really don't seem to have much grasp
- Original Message -
From: James A. Donald [EMAIL PROTECTED]
Subject: Status of SRP
The obvious solution to the phishing crisis is the widespread deployment
of SRP, but this does not seem to happening. SASL-SRP was recently
dropped. What is the problem?
The problem is that you're
- Original Message -
From: Ed Gerck [EMAIL PROTECTED]
Subject: [!! SPAM] Re: Is AES better than RC4
Joseph Ashwood wrote:
SOP: discard first 100's of bytes
This is part of the lack of key agility.
Using it securely requires so much in the way of heroic efforts
SOP: hash
- Original Message -
From: Ed Gerck [EMAIL PROTECTED]
Subject: [!! SPAM] Re: Is AES better than RC4
Please note that my email was way different in scope. My opening
sentence, where I basically said that it does not make much sense
to compare RC4 with AES, was cut in your quote -- but
RC4 should have been retired a decade ago, that it has not is due solely to
the undereducated going with whatever's fastest. It's time we allowed RC4
to stay dead.
Joe
-
The Cryptography Mailing List
- Original Message -
From: James A. Donald [EMAIL PROTECTED]
Subject: [!! SPAM] Re: Is AES better than RC4
--
Joseph Ashwood wrote:
RC4 should have been retired a decade ago,
Why?
It is in general distuingable from random, actually quite quickly.
The first few bytes are so
- Original Message -
From: J. Bruce Fields [EMAIL PROTECTED]
Subject: Re: Creativity and security
On Fri, Mar 24, 2006 at 06:47:07PM -, Dave Korn wrote:
IOW, unless we're talking about a corrupt employee with a photographic
memory and telescopic eyes,
Tiny cameras are pretty
- Original Message -
From: Travis H. [EMAIL PROTECTED]
Subject: passphrases with more than 160 bits of entropy
I was thinking that one could hash the first block, copy the
intermediate state, finalize it, then continue the intermediate result
with the next block, and finalize that.
- Original Message -
From: Michael Cordover [EMAIL PROTECTED]
Subject: Re: quantum chip built
John Denker wrote:
My understanding is that quantum computers cannot easily do anything.
Probably one of the best statements so far, certainly QC and easy don't go
together very well at
- Original Message -
From: Jörn Schmidt [EMAIL PROTECTED]
Subject: Re: Countries that ban the use of crypto?
[China bans cryptography]
I'm not going to out anyone on this, but even a quick search of Skype finds
quite a few individuals who make use of cryptography in China. So I
- Original Message -
From: Anton Stiglic [EMAIL PROTECTED]
Subject: RE: Fermat's primality test vs. Miller-Rabin
Ok after making that change, and a few others. Selecting only odd numbers
(which acts as a small seive) I'm not getting much useful information. It
appears to be such
- Original Message -
From: Sidney Markowitz [EMAIL PROTECTED]
Subject: Re: Fermat's primality test vs. Miller-Rabin
Joseph Ashwood wrote:
Granted this is only a test of the
generation of 128 numbers, but I got 128 primes (based on 128 MR rounds).
That doesn't make sense, unless I'm
- Original Message -
From: Sidney Markowitz [EMAIL PROTECTED]
Subject: Re: Fermat's primality test vs. Miller-Rabin
Joseph Ashwood wrote:
byte [] rawBytes = new byte[lenNum/8];
rand.nextBytes(rawBytes);
curNum = new BigInteger(rawBytes);
curNum = BigInteger.ONE.or(new
- Original Message -
From: Nicolas Rachinsky [EMAIL PROTECTED]
Subject: Re: Fermat's primality test vs. Miller-Rabin
* Joseph Ashwood [EMAIL PROTECTED] [2005-11-22 02:50 -0800]:
16384 times
..
If I remember the proof of MR correctly it assumes an odd number. Were
- Original Message -
From: Anton Stiglic [EMAIL PROTECTED]
Subject: RE: Fermat's primality test vs. Miller-Rabin
-Original Message-
From: [Joseph Ashwood]
Subject: Re: Fermat's primality test vs. Miller-Rabin
I think much of the problem is the way the number is being applied
- Original Message -
From: Anton Stiglic [EMAIL PROTECTED]
Subject: RE: Fermat's primality test vs. Miller-Rabin
The general consensus is that for 500-bit numbers one needs only 6 MR
tests for 2^{-80} error probability [1]:
My own tests disagreed with this, 512-bits seemed to have a
- Original Message -
From: Charlie Kaufman [EMAIL PROTECTED]
Subject: FW: Fermat's primality test vs. Miller-Rabin
In practice, the probability of randomly choosing a Carmichael number of
size 250 bits is vanishingly small.
I would say that finding any Carmichael number without
- Original Message -
From: Travis H. [EMAIL PROTECTED]
Subject: semi-preditcable OTPs
Despite [flawed OTPs], the NSA wasn't able to crack any messages.
My question is, why? I think I know the reason, and that is that any
predictability in a symbol of the OTP correlated to a
- Original Message -
Subject: [Tom Berson Skype Security Evaluation]
Tom Berson's conclusion is incorrect. One needs only to take a look at the
publicly available information. I couldn't find an immediate reference
directly from the Skype website, but it uses 1024-bit RSA keys, the
- Original Message -
From: Travis H. [EMAIL PROTECTED]
Subject: SecurID and garage door openers
Similarly, how do those garage door openers with rolling codes work,
given that the user may have pressed the button many times
accidentally while out of range of the receiver?
My
- Original Message -
From: John Kelsey [EMAIL PROTECTED]
Subject: Possibly new result on truncating hashes
How could this work? Suppose we have an algorithm like the
Wang attacks on MD5, SHA0, or SHA1 for finding a single
collision pair. The algorithm returns a single collision
pair
- Original Message -
From: Victor Duchovni [EMAIL PROTECTED]
Subject: Re: EMV [was: Re: Why Blockbuster looks at your ID.]
Whose loses do these numbers measure?
- Issuer Bank?
- Merchant?
- Consumer?
- Total?
I'd say that you've fairly well hit the nail on the head. I've
- Original Message -
From: Steven M. Bellovin [EMAIL PROTECTED]
Subject: how to phase in new hash algorithms?
We all understand the need to move to better hash algorithms than SHA1.
At a minimum, people should be switching to SHA256/384/512; arguably,
Whirlpool is the right way to go.
- Original Message -
From: Steven M. Bellovin [EMAIL PROTECTED]
Subject: comments wanted on gbde
I'll just deal with it piece by piece.
Page 3 decrypting and re-encrypting an entire disk would likely take more
than a day with currently available hardware is wrong. Assuming 256-bit
AES,
- Original Message -
From: Lee Parkes [EMAIL PROTECTED]
Subject: ATM machine security
Hi,
I'm working on a project that requires a benchmark against which to judge
various suppliers. The closest that has similar requirements is the ATM
industry. To this end I'm looking for any papers,
- Original Message -
From: Joseph Ashwood [EMAIL PROTECTED]
Sent: Friday, February 18, 2005 3:11 AM
[the attack is reasonable]
Reading through the summary I found a bit of information that means my
estimates of workload have to be re-evaluated. Page 1 Based on our
estimation, we expect
- Original Message -
From: Dave Howe [EMAIL PROTECTED]
Subject: Re: SHA1 broken?
Indeed so. however, the argument in 1998, a FPGA machine broke a DES
key in 72 hours, therefore TODAY... assumes that (a) the problems are
comparable, and (b) that moores law has been applied to FPGAs
- Original Message -
From: Steven M. Bellovin [EMAIL PROTECTED]
Subject: SHA-1 cracked
It's probably not a practical
threat today, since it takes 2^69 operations to do it
I will argue that the threat is realizable today, and highly practical. It
is well documented that in 1998 RSA
- Original Message -
From: David Wagner [EMAIL PROTECTED]
Subject: Simson Garfinkel analyses Skype - Open Society Institute
In article [EMAIL PROTECTED] you write:
Is Skype secure?
The answer appears to be, no one knows. The report accurately reports
that because the security
- Original Message -
From: Lee Parkes [EMAIL PROTECTED]
Subject: 3DES performance
I'm working on a project for a company that involves the use of 3DES. They
have
asked me to find out what the overheads are for encrypting a binary file.
There
will be quite a lot of traffic coming in
I'm currently looking into implementing a single sign-on solution for
distributed services.
Be brave, there's more convolutions and trappings there than almost anywhere
else.
Since I'm already using OpenSSL for various SSL/x.509 related things,
I'm most astonished by the almost total absence of
- Original Message -
From: Jerrold Leichter [EMAIL PROTECTED]
Subject: Re: On hash breaks, was Re: First quantum crypto bank transfer
| (they all have backup
| plans that involve the rest of the SHA series and at the very least
| Whirlpool).
Moving to a larger hash function with no
- Original Message -
From: Ian Grigg [EMAIL PROTECTED]
Subject: Question on the state of the security industry
Here's my question - is anyone in the security
field of any sort of repute being asked about
phishing, consulted about solutions, contracted
to build? Anything?
I am
- Original Message -
From: John Gilmore [EMAIL PROTECTED]
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, June 17, 2004 10:31 AM
Subject: Re: A National ID: AAMVA's Unique ID
The solution then is obvious, don't have a big central database. Instead
use
a distributed database.
- Original Message -
From: Amir Herzberg [EMAIL PROTECTED]
Subject: recommendations/evaluations of free / low-cost crypto libraries
I will appreciate experience-reports/evaluations/comparisons with free
or low cost (and in particular zero `per seat` cost) crypto libraries,
- Original Message -
From: Ian Grigg [EMAIL PROTECTED]
Subject: threat modelling tool by Microsoft?
Has anyone tried out the threat modelling tool
mentioned in the link below, or reviewed the
book out this month:
http://aeble.dyndns.org/blogs/Security/archives/000419.php
I played
Although I am against any national ID, at least as far terrorist
identification goes (note that the Social Security Number that every
American has IS a national ID card), I feel that a discussion on how to do
it properly is a worthwhile endeavor.
- Original Message -
From: Peter Clay
I've moved this to the top because I feel it is the most important statement
that can be made
Hadmut said :
Security doesn't
necessarily mean cryptography.
- Original Message -
From: Hadmut Danisch [EMAIL PROTECTED]
Subject: Re: The future of security
On Mon, Apr 26, 2004 at
- Original Message -
From: Axel H Horns [EMAIL PROTECTED]
Subject: Can Skype be wiretapped by the authorities?
Is something known about the details of the crypto protocol within
Skype? How reliable is the encryption?
While Skype is generally rather protective of their protocol, there
- Original Message -
From: R. A. Hettinga [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, December 10, 2003 8:47 AM
Subject: Zero Knowledge Authentication? (was Cryptolog Unicity
Software-Only Digital Certificates)
Launch Marks the First Commercial Use of Zero-Knowledge
- Original Message -
From: Ian Grigg [EMAIL PROTECTED]
Sent: Saturday, October 11, 2003 1:22 PM
Subject: Re: NCipher Takes Hardware Security To Network Level
Is there any reason to believe that people who
know nothing about security can actually evaluate
questions about security?
And a response. I have taken the liberty of copying the various portions of
the contents of the webpage to this email for response. I apologize for the
formatting confusion which may mistake Peter Gutmann's comments with those
of the semi-anonymous misinformed person under scrutiny.
I would have
- Original Message -
From: Steve Schear [EMAIL PROTECTED]
Subject: Re: Digital cash and campaign finance reform
At 04:51 PM 9/8/2003 -0700, Joseph Ashwood wrote:
- Original Message -
From: Steve Schear [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
[anonymous
- Original Message -
From: Ian Grigg [EMAIL PROTECTED]
Sent: Sunday, September 07, 2003 12:01 AM
Subject: Re: Is cryptography where security took the wrong branch?
That's easy to see, in that if SSL was oriented
to credit cards, why did they do SET? (And,
SHTTP seems much closer to
- Original Message -
From: Steve Schear [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
[anonymous funding of politicians]
Comments?
Simple attack: Bob talks to soon to be bought politician. Tomorrow you'll
recieve a donation of $50k, you'll know where it came from.
Next day,
67 matches
Mail list logo
