-then-sign or sign-then-encrypt is equally secure.
Is this really true? My feeling was that the principle from Krawczyk's
paper should apply to the public key setting as well.
Did anyone anyone ever publish a follow up to [2] ? I wasn't able to
find any.
Regards,
Mads Rasmussen
[1] Hugo
I haven't seen this mentioned here:
Ben Adida did a Phd thesis on voting at MIT (ended this August)
http://ben.adida.net/research/phd-thesis.pdf
At his blog there is more material available such as conference slides,
paper etc.
http://benlog.com/ (end of page)
--
Mads Rasmussen
LEA
://www.cs.colorado.edu/~jrblack/md5toolkit.tar.gz
--
Mads Rasmussen
LEA - Laboratório de Ensaios e Auditoria
(Cryptographic Certification Laboratory)
Office: +55 11 4208 3873
Mobile: +55 11 9655 8885 Skype: mads_work
http://www.lea.gov.br
that they cannot
store those many qubits COHERENTLY. To store reliably individual qubits
is not that difficult, but to prevent entangled systems from interacting
with the environment is very, very difficult.
Maybe someone else can give more information?
--
Mads Rasmussen
LEA
it couldn't get out of the US, now when it isn't considered a
weapon anymore it cannot enter the country ;-)
--
Mads Rasmussen
Security Consultant
Open Communications Security
+55 11 3345 2525
-
The Cryptography Mailing List
Anyone knows whether there will be webcasts from this years Crypto
conference?
--
Mads Rasmussen
Security Consultant
Open Communications Security
+55 11 3345 2525
-
The Cryptography Mailing List
Unsubscribe by sending
and Christian Rechberger and Vincent Rijmen
pp. 145
Still work in progress, these two papers are just appetizers ;-)
--
Mads Rasmussen
Security Consultant
Open Communications Security
+55 11 3345 2525
-
The Cryptography Mailing List
account except for .004 grams of gold.
--
Mads Rasmussen
Security Consultant
Open Communications Security
+55 11 3345 2525
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Ian G wrote:
Stefan Brands just posted on my blog (and I saw
reference to this in other blogs, posted anon)
saying that it seems that Schneier forgot to
mention that the paper has a footnote which
says that the attack on full SHA-1 only works
if some padding (which SHA-1 requires) is not
done.
I
Bill Stewart wrote:
That's still a serious risk for a bank,
since the scammer can use it to log in to the web site
and then do a bunch of transactions quickly;
it's less vulnerable if the bank insists on a new SecurID hit for
every dangerous transaction, but that's too annoying for most customers.
?
Any news on Antoine Joux and his attack on SHA-0? how did he create the
collision previously announced on sci.crypt?
Regards,
Mads Rasmussen
Open Communications Security
-
The Cryptography Mailing List
Unsubscribe by sending
Eric Rescorla wrote:
P.S. AFAIK, although Dobbertin was able to find preimages for
reduced MD4, there still isn't a complete break in MD4. Correct?
Dobbertin published a complete break of MD4 (namely, a breaking algorithm and some
collisions found with it) in the Journal of Cryptology.
Mads
12 matches
Mail list logo