Re: [Cryptography] Opening Discussion: Speculation on BULLRUN

On 9/6/2013 1:05 PM, Perry E. Metzger wrote: I have re-read the NY Times article. It appears to only indicate that this was *a* standard that was sabotaged, not that it was the only one. In particular, the Times merely indicates that they can now confirm that this particular standard was

Re: 'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps

. -kevin -- Kevin W. Wall The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents.-- Nathaniel Borenstein, co-creator of MIME

Re: 'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps

a long time. Sure hope I'm wrong about that. Maybe one of you real cryptographers can set me straight on this. -kevin -- Kevin W. Wall The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents

Re: 'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps

quite right in their implementation. -kevin -- Kevin W. Wall The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents.-- Nathaniel Borenstein, co-creator of MIME

Proper way to check for JCE Unlimited Strength Jurisdiction Policy files

is 128-bits.) Does that seem like a sound plan or is there more that I need to check? If not, please explain what else I will need to do. Thanks in advance, -kevin wall -- Kevin W. Wall The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come

Re: Proper way to check for JCE Unlimited Strength Jurisdiction Policy files

it if someone could take 5 min to look at this CryptoPolicy source to see if it looks correct. It's only 90 lines including comments and white space. It tried to check the exemption mechanism but am not sure I am understanding it correctly. Thanks, -kevin -Original Message- Kevin W. Wall

Question about Shamir secret sharing scheme

weren't widely available when came up with this scheme back in 1979. So other than perhaps compatibility with other implementations (which we are not really too concerned about) is there any reason to continue to do the calculations over Zp ??? Thanks, -kevin -- Kevin W. Wall The most likely way

Re: Detecting attempts to decrypt with incorrect secret key in OWASP ESAPI

of you said. Regards, -kevin -- Kevin W. Wall The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents.-- Nathaniel Borenstein, co-creator of MIME

Detecting attempts to decrypt with incorrect secret key in OWASP ESAPI

computationally expensive then digital signatures that would allow us to detect attempts to decrypt with the incorrect secret key and/or an adversary attempting to alter the IV prior to the decryption. Thanks in advance to all who respond, -kevin-- Kevin W. Wall The most likely