Re: Formal notice given of rearrangement of deck chairs on RMS PKItanic

2010-10-06 Thread Matt Crawford
On Oct 6, 2010, at 10:48 AM, Victor Duchovni wrote: On Wed, Oct 06, 2010 at 04:52:46PM +1300, Peter Gutmann wrote: From December 31, 2010 - CAs should stop issuing intermediate and end-entity certificates from roots with RSA key sizes smaller

Re: 2048-bit RSA keys

2010-08-18 Thread Matt Crawford
On Aug 17, 2010, at 10:25 PM, John Gilmore wrote: (Given their prediction that they won't be done with a 1024-bit number within 5 years, but they will be done well within the next decade, which 1024-bit number are they starting to factor now? I hope it's a major key that certifies big

Re: 2048-bit RSA keys

2010-08-16 Thread Matt Crawford
On Aug 15, 2010, at 8:35 PM, Arash Partow wrote: Just out of curiosity, assuming the optimal use of today's best of breed factoring algorithms - will there be enough energy in our solar system to factorize a 2048-bit RSA integer? Computation can be performed with arbitrarily small energy

Re: Intel to also add RNG

2010-07-12 Thread Matt Crawford
On Jul 12, 2010, at 11:22 AM, Perry E. Metzger wrote: The literature makes it clear at this point that short of carefully tearing apart and analyzing the entire chip, you're not going to catch subtle behavioral changes designed to allow attackers backdoor access. I happen to be re-reading

Re: Question regarding common modulus on elliptic curve cryptosystems

2010-03-25 Thread Matt Crawford
On Mar 21, 2010, at 4:13 PM, Sergio Lerner wrote: I looking for a public-key cryptosystem that allows commutation of the operations of encription/decryption for different users keys ( Ek(Es(m)) = Es(Ek(m)) ). I haven't found a simple cryptosystem in Zp or Z/nZ. I think the solution may

Re: Crypto dongles to secure online transactions

2009-11-11 Thread Matt Crawford
On Nov 10, 2009, at 8:44 AM, Jerry Leichter wrote: Whether or not it can, it demonstrates the hazards of freezing implementations of crypto protocols into ROM: Imagine a world in which there are a couple of hundred million ZTIC's or similar devices fielded - and a significant

Re: FileVault on other than home directories on MacOS?

2009-09-23 Thread Matt Crawford
On Sep 21, 2009, at 3:57 PM, Steven Bellovin wrote: Is there any way to use FileVault on MacOS except on home directories? I don't much want to use it on my home directory; it doesn't play well with Time Machine (remember that availability is also a security property); besides, different

Re: The password-reset paradox

2009-02-23 Thread Matt Crawford
On Feb 21, 2009, at 10:26 PM, Charlie Kaufman wrote: Assuming that's true, OTP tokens add costs by introducing new failure modes (e.g., I lost it, I ran it through the washing machine, etc.) Or even more surprising hazards. The token on the

XKCD shows the real world of cryptography to the masses

2009-02-02 Thread Matt Crawford
Perry, I couldn't possibly be the first to pass along today's XKCD, could I? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to

Re: statistical inferences and PRNG characterization

2006-05-22 Thread Matt Crawford
On May 19, 2006, at 6:51, Travis H. wrote: As I understand it, when looking at output, one can take a hypothetical source model (e.g. P(0) = 0.3, P(1) = 0.7, all bits independent) and come up with a probability that the source may have generated that output. One can come up with the

Re: passphrases with more than 160 bits of entropy

2006-03-22 Thread Matt Crawford
Let me rephrase my sequence. Create a sequence of 256 consecutive bytes, with the first byte having the value of 0, the second byte the value of 1, ... and the last byte the value of 255. If you measure the entropy (according to Shannon) of that sequence of 256 bytes, you have maximum

Re: another feature RNGs could provide

2005-12-22 Thread Matt Crawford
On Dec 21, 2005, at 0:10, Ben Laurie wrote: Good ciphers aren't permutations, though, are they? Because if they were, they'd be groups, and that would be bad. A given cipher, with a given key, is a permutation of blocks. (Assuming output blocks and input blocks are the same size.) It may

Re: Japan Puts Its Money on E-Cash

2005-12-13 Thread Matt Crawford
On Dec 12, 2005, at 18:14, R. A. Hettinga wrote: But would it work in a place like the United States, where 24 percent of transactions are made on credit? Some Americans, analysts note, are already using a version of e- cash to bypass toll lanes on highways. Don't take that as a sign

Re: Pseudonymity for tor: nym-0.1 (fwd)

2005-10-02 Thread Matt Crawford
On Sep 29, 2005, at 18:32, Jason Holt wrote: Of course, you can put anything you want in the cert, since the servers know that my CA only certifies 1 bit of data about users (namely, that they only get one cert per scarce resource). One per person is a tough thing to do purely over the

Re: ECC patents?

2005-09-13 Thread Matt Crawford
On Sep 12, 2005, at 11:32, James A. Donald wrote: Someone recently patented the wheel, to show how bad the situation is. That's a bit misleading without the context. Google patented-the- wheel for details. - The

Re: de-identification

2005-06-09 Thread Matt Crawford
On Jun 8, 2005, at 15:19, [EMAIL PROTECTED] wrote: I'd like to come up to speed on the state of the art in de-identification (~=anonymization) of data especially monitoring data (firewall/hids logs, say). I don't know the state of the art, but I can tell you the state of the artless. I had a

Re: [Clips] Paying Extra for Faster Airport Security

2005-06-06 Thread Matt Crawford
The [express-line security] program will be operated by New York-based Verified Identity Pass Inc., a private company run by Steven Brill, whose former ventures included Court TV and The American Lawyer magazine. The program marks the first time a private company has teamed up with the

Re: Bluetooth cracked further

2005-06-03 Thread Matt Crawford
On Jun 3, 2005, at 11:55, Perry E. Metzger wrote: 2) They also have a way of forcing pairing to happen, by impersonating one of the devices and saying oops! I need to pair again! to the other. Do the devices then pair again without user intervention, re-using the PIN that paired them

Re: Citibank discloses private information to improve security

2005-05-30 Thread Matt Crawford
On May 26, 2005, at 13:24, Ed Gerck wrote: A better solution, along the same lines, would have been for Citibank to ask from their account holders when they login for Internet banking, whether they would like to set up a three- or four-character combination to be used in all emails from the

Re: and constrained subordinate CA costs?

2005-03-28 Thread Matt Crawford
On Mar 25, 2005, at 11:55, Florian Weimer wrote: Does anyone have info on the cost of sub-ordinate CA cert with a name space constraint (limited to issue certs on domains which are sub-domains of a your choice... ie only valid to issue certs on sub-domains of Is there a technical option

Re: and constrained subordinate CA costs?

2005-03-28 Thread Matt Crawford
On Mar 25, 2005, at 16:06, Adam Back wrote: There's an X.509v3 NameConstraints extension (which the higher CA would include in the lower CA's cert) but I have the impression that ends system software does not widely support it. And of course if you don't flag it critical, it's not very

Re: Do You Need a Digital ID?

2005-03-25 Thread Matt Crawford
Now that the taxing bodies (US states) have learned not to print the SSN on the mailing label, Illinois has gone further and requires a state-assigned PIN to file or access your tax information over the internet. They helpfully provide you the PIN ... on the mailing label.

Re: PK - OTP?

2005-03-20 Thread Matt Crawford
My educated-layman's opinion is that the following is not feasible, but I'd be happy to be shown wrong ... Given a closed public-key device such as a typical smart card with its limited set of operations (chiefly sign), is it possible to implement a challenge/response function such that * Both

Re: Digital Water Marks Thieves

2005-03-03 Thread Matt Crawford
On Feb 22, 2005, at 10:57, Dan Kaminsky wrote: The point is that the thief should think anything expensive is protected, by which I mean it's too traceable to fence. That would be the thinking of a thief who read the article and took it at face value. A more clever thief would realize that the

Re: Code name Killer Rabbit: New Sub Can Tap Undersea Cables

2005-03-03 Thread Matt Crawford
On Feb 18, 2005, at 19:47, R.A. Hettinga wrote: It does continue to be something of a puzzle as to how they get this stuff back to home base, said John Pike, a military expert at I should think that in many cases, they can simply lease a fiber in the same cable. What could

Re: Digital Water Marks Thieves

2005-02-22 Thread Matt Crawford
that is [...] invisible until illuminated by police officers using ultraviolet light. That's amazing! How do the tiny particles know that it's not a civilian illuminating them with ultraviolet light? And how does Wired reporter Robert Andrews fail to ask that question? Why would it matter? [...]

Re: Digital Water Marks Thieves

2005-02-17 Thread Matt Crawford
On Feb 15, 2005, at 12:40, R.A. Hettinga wrote: Instant, is a property-marking fluid that, when brushed on items like office equipment or motorcycles, tags them with millions of tiny fragments, each etched with a unique SIN (SmartWater identification number) that is registered with the owner's

Re: how to tell if decryption was successfull?

2005-02-02 Thread Matt Crawford
On Feb 1, 2005, at 13:29, Andreas wrote: I was wondering how can one tell if some data was successfully decrypted. Isn't there an assumption going on about what the cleartext data should be? Text? Image? ZIP file? Ziped jpeg? Another cyphertext? rot-13? Embedded checksums or hash codes added

Re: Cryptography Research wants piracy speed bump on HD DVDs

2004-12-22 Thread Matt Crawford
On Dec 15, 2004, at 11:54, Taral wrote: What stops someone using 3 players and majority voting on frame data bits? As I understand it, they use such a huge number of bits for marking, that any reasonably-sized assembly of players will still coincide on some marked bits. (However, I very much

Re: Do We Need a National ID Card?

2004-12-22 Thread Matt Crawford
On Dec 22, 2004, at 8:53, R.A. Hettinga wrote: Do we need a national ID card? The comment period on NIST's draft FIPS-201 (written in very hasty response to Homeland Security Presidential Directive HSPD-12) ends tomorrow. The draft, as written, enables use of the card by Smart IEDs and for

Re: Maths holy grail could bring disaster for internet

2004-09-07 Thread Matt Crawford
On Sep 6, 2004, at 21:52, R. A. Hettinga wrote: But the proof should give us more understanding of how the primes work, and therefore the proof might be translated into something that might produce this prime spectrometer. If it does, it will bring the whole of e-commerce to its knees, overnight.

Re: Compression theory reference?

2004-09-01 Thread Matt Crawford
On Aug 31, 2004, at 15:56, John Denker wrote: 4) Don't forget the _recursion_ argument. Take their favorite algorithm (call it XX). If their claims are correct, XX should be able to compress _anything_. That is, the output of XX should _always_ be at least one bit shorter than the input. Then

Re: How thorough are the hash breaks, anyway?

2004-08-31 Thread Matt Crawford
certificates. The public key data is public, and it's a random bitpattern where nobody would ever notice a few different bits. If someone finds a collision for microsoft's windows update cert (or a number of other possibilities), and the fan is well and truly buried in it. Correct me if I'm wrong

Re: First quantum crypto bank transfer

2004-08-23 Thread Matt Crawford
physics in their snake-oil bottles. Too bad that may poison the market for a really useful development a few years from now, but it does help shake the money tree for research. And physics can use every dime it can get right now. Matt Crawford [EMAIL PROTECTED

Re: RPOW - Reusable Proofs of Work

2004-08-20 Thread Matt Crawford
I'm wondering how applicable RPOW is. Generally speaking, all the practical applications I can think of for a proof-of-work are defeated if proofs-of-work are storable, transferable, or reusable. I have some code to play online games with cryptographic protection, cards and dice, and I am

Re: How a Digital Signature Works

2004-08-10 Thread Matt Crawford
NEWS ANALYSIS :TECH By Stephen H. Wildstrom How a Digital Signature Works Is this a count the errors contest? I count six. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: E-commerce attack imminent; Sudden increase in port scanning for SSL doesn't look good

2004-07-23 Thread Matt Crawford
E-commerce attack imminent; Sudden increase in port scanning for SSL doesn't look good. ... aka not necessarily an attack on SSL itself ... but identifying end-points with open SSL ports as attack targets i.e. end-points with open SSL

Re: Satellite eavesdropping of 802.11b traffic

2004-05-28 Thread Matt Crawford
Don't dismiss possibilities for wireless data eavesdropping without considering the possibilities of this new chip and its friends - The

Re: voting

2004-04-20 Thread Matt Crawford
On Apr 15, 2004, at 8:58 PM, Ed Gerck wrote: Currently, voter privacy is absolute in the US and does not depend even on the will of the courts. For example, there is no way for a judge to assure that a voter under oath is telling the truth about how they voted, or not. For many years in the 90's

Re: I don't know PAIN...

2003-12-29 Thread Matt Crawford
On Dec 27, 2003, at 10:01 AM, Ben Laurie wrote: Note that there is no theoretical reason that it should be possible to figure out the public key given the private key, either, but it so happens that it is generally possible to do so So what's this generally possible business about? Well, AFAIK

Re: NEMA rotor machine offered again on ebay

2003-12-15 Thread Matt Crawford
On Dec 14, 2003, at 8:26 AM, Steve Bellovin wrote: ViewItemitem=2210624662ssPageName=ADME:B:SS:US:1 Last time such a machine appeared, some people reported that ebay blocked their access to the listing. That included one person in the U.S. Curious. I can

Re: quantum hype

2003-09-22 Thread Matt Crawford
BTW, you can decrease the wavelength of a photon by bouncing it off moving mirrors. Sure. To double the energy (halve the wavelength), move the mirror at 70% of the speed of light. And since you don't know exactly when the photon is coming, keep it moving at that speed ...

Re: Who is this Mallory guy anyway?

2003-09-22 Thread Matt Crawford
Well, that's the question - is Eve allowed to forward packets, in the act of listening, or is that the Mallory's job? I don't know. You can't measure a single-particle state without at least some chance of destroying the state. (Even quantum non-demolition methods affect the measured system a

Re: An attack on paypal

2003-06-12 Thread Matt Crawford
Matt Crawford [EMAIL PROTECTED] writes: ... Netscrape ind Internet Exploder each have a hack for honoring the same cert for multiple server names. Opera seems to honor at least one of the two hacks, and a cert can incorporate both at once. /C=US/ST=Illinois/L=Batavia/O=Fermilab/OU