On Oct 6, 2010, at 10:48 AM, Victor Duchovni wrote:
On Wed, Oct 06, 2010 at 04:52:46PM +1300, Peter Gutmann wrote:
December 31, 2010 - CAs should stop issuing intermediate and end-entity
certificates from roots with RSA key sizes smaller
On Aug 17, 2010, at 10:25 PM, John Gilmore wrote:
(Given their prediction that they won't be done with a 1024-bit number
within 5 years, but they will be done well within the next decade,
which 1024-bit number are they starting to factor now? I hope it's a
major key that certifies big
On Aug 15, 2010, at 8:35 PM, Arash Partow wrote:
Just out of curiosity, assuming the optimal use of today's best of breed
factoring algorithms - will there be enough energy in our solar system to
factorize a 2048-bit RSA integer?
Computation can be performed with arbitrarily small energy
On Jul 12, 2010, at 11:22 AM, Perry E. Metzger wrote:
literature makes it clear at this point that short of carefully
tearing apart and analyzing the entire chip, you're not going to catch
subtle behavioral changes designed to allow attackers backdoor
I happen to be re-reading
On Mar 21, 2010, at 4:13 PM, Sergio Lerner wrote:
I looking for a public-key cryptosystem that allows commutation of the
operations of encription/decryption for different users keys
( Ek(Es(m)) = Es(Ek(m)) ).
I haven't found a simple cryptosystem in Zp or Z/nZ.
I think the solution may
On Nov 10, 2009, at 8:44 AM, Jerry Leichter wrote:
Whether or not it can, it demonstrates the hazards of freezing
implementations of crypto protocols into ROM: Imagine a world in
which there are a couple of hundred million ZTIC's or similar
devices fielded - and a significant
On Sep 21, 2009, at 3:57 PM, Steven Bellovin wrote:
Is there any way to use FileVault on MacOS except on home
directories? I don't much want to use it on my home directory; it
doesn't play well with Time Machine (remember that availability is
also a security property); besides, different
On Feb 21, 2009, at 10:26 PM, Charlie Kaufman wrote:
Assuming that's true, OTP tokens add costs by introducing new
failure modes (e.g.,
I lost it, I ran it through the washing machine, etc.)
Or even more surprising hazards.
The token on the
Perry, I couldn't possibly be the first to pass along today's XKCD,
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
On May 19, 2006, at 6:51, Travis H. wrote:
As I understand it, when looking at output, one can take a
hypothetical source model (e.g. P(0) = 0.3, P(1) = 0.7, all bits
independent) and come up with a probability that the source may have
generated that output.
One can come up with the
Let me rephrase my sequence. Create a sequence of 256 consecutive
bytes, with the first byte having the value of 0, the second byte
the value of 1, ... and the last byte the value of 255. If you
measure the entropy (according to Shannon) of that sequence of 256
bytes, you have maximum
On Dec 21, 2005, at 0:10, Ben Laurie wrote:
Good ciphers aren't permutations, though, are they? Because if they
were, they'd be groups, and that would be bad.
A given cipher, with a given key, is a permutation of blocks.
(Assuming output blocks and input blocks are the same size.) It may
On Dec 12, 2005, at 18:14, R. A. Hettinga wrote:
But would it work in a place like the United
States, where 24 percent of transactions are made on credit?
Some Americans, analysts note, are already using a version of e-
bypass toll lanes on highways.
Don't take that as a sign
On Sep 29, 2005, at 18:32, Jason Holt wrote:
Of course, you can put anything you want in the cert, since the
servers know that my CA only certifies 1 bit of data about users
(namely, that they only get one cert per scarce resource).
One per person is a tough thing to do purely over the
On Sep 12, 2005, at 11:32, James A. Donald wrote:
Someone recently patented the wheel, to show how bad the
That's a bit misleading without the context. Google patented-the-
wheel for details.
On Jun 8, 2005, at 15:19, [EMAIL PROTECTED] wrote:
I'd like to come up to speed on the state of the
art in de-identification (~=anonymization) of data
especially monitoring data (firewall/hids logs, say).
I don't know the state of the art, but I can tell you the state of the
artless. I had a
The [express-line security] program will be operated by New York-based
Verified Identity Pass Inc., a private company run by Steven Brill,
whose former ventures included Court TV and The American Lawyer
magazine. The program marks the first time a private company has
teamed up with the
On Jun 3, 2005, at 11:55, Perry E. Metzger wrote:
2) They also have a way of forcing pairing to happen, by impersonating
one of the devices and saying oops! I need to pair again! to the
Do the devices then pair again without user intervention, re-using the
PIN that paired them
On May 26, 2005, at 13:24, Ed Gerck wrote:
A better solution, along the same lines, would have been for Citibank
ask from their account holders when they login for Internet banking,
whether they would like to set up a three- or four-character
to be used in all emails from the
On Mar 25, 2005, at 11:55, Florian Weimer wrote:
Does anyone have info on the cost of sub-ordinate CA cert with a name
space constraint (limited to issue certs on domains which are
sub-domains of a your choice... ie only valid to issue certs on
sub-domains of foo.com).
Is there a technical option
On Mar 25, 2005, at 16:06, Adam Back wrote:
There's an X.509v3 NameConstraints extension (which the higher CA
include in the lower CA's cert) but I have the impression that ends
system software does not widely support it. And of course if you
flag it critical, it's not very
Now that the taxing bodies (US states) have learned not to print the
SSN on the mailing label, Illinois has gone further and requires a
state-assigned PIN to file or access your tax information over the
internet. They helpfully provide you the PIN ... on the mailing label.
My educated-layman's opinion is that the following is not feasible,
but I'd be happy to be shown wrong ...
Given a closed public-key device such as a typical smart card with
its limited set of operations (chiefly sign), is it possible to
implement a challenge/response function such that
On Feb 22, 2005, at 10:57, Dan Kaminsky wrote:
The point is that the thief should think anything expensive is
protected, by which I mean it's too traceable to fence.
That would be the thinking of a thief who read the article and took it
at face value. A more clever thief would realize that the
On Feb 18, 2005, at 19:47, R.A. Hettinga wrote:
It does continue to be something of a puzzle as to how they get this
back to home base, said John Pike, a military expert at
I should think that in many cases, they can simply lease a fiber in the
same cable. What could
that is [...] invisible until illuminated by police
officers using ultraviolet light.
That's amazing! How do the tiny particles know that it's not a
civilian illuminating them with ultraviolet light?
And how does Wired reporter Robert Andrews fail to ask that question?
Why would it matter?
On Feb 15, 2005, at 12:40, R.A. Hettinga wrote:
Instant, is a property-marking fluid that, when
brushed on items like office equipment or motorcycles, tags them with
millions of tiny fragments, each etched with a unique SIN (SmartWater
identification number) that is registered with the owner's
On Feb 1, 2005, at 13:29, Andreas wrote:
I was wondering how can one tell if some data was successfully
decrypted. Isn't there an assumption going on about what the cleartext
data should be? Text? Image? ZIP file? Ziped jpeg? Another cyphertext?
Embedded checksums or hash codes added
On Dec 15, 2004, at 11:54, Taral wrote:
What stops someone using 3 players and majority voting on frame data
As I understand it, they use such a huge number of bits for marking,
that any reasonably-sized assembly of players will still coincide on
some marked bits.
(However, I very much
On Dec 22, 2004, at 8:53, R.A. Hettinga wrote:
Do we need a national ID card?
The comment period on NIST's draft FIPS-201 (written in very hasty
response to Homeland Security Presidential Directive HSPD-12) ends
tomorrow. The draft, as written, enables use of the card by Smart
IEDs and for
On Sep 6, 2004, at 21:52, R. A. Hettinga wrote:
But the proof should give us more understanding of how the
primes work, and therefore the proof might be translated into something
that might produce this prime spectrometer. If it does, it will bring
whole of e-commerce to its knees, overnight.
On Aug 31, 2004, at 15:56, John Denker wrote:
4) Don't forget the _recursion_ argument. Take their favorite
algorithm (call it XX). If their claims are correct, XX should
be able to compress _anything_. That is, the output of XX
should _always_ be at least one bit shorter than the input.
certificates. The public key data is public, and it's a random
bitpattern where nobody would ever notice a few different bits.
If someone finds a collision for microsoft's windows update cert (or a
number of other possibilities), and the fan is well and truly buried
Correct me if I'm wrong
physics in their snake-oil
bottles. Too bad that may poison the market for a really useful
development a few years from now, but it does help shake the money tree
for research. And physics can use every dime it can get right now.
Matt Crawford [EMAIL PROTECTED
I'm wondering how applicable RPOW is. Generally speaking, all
the practical applications I can think of for a proof-of-work
are defeated if proofs-of-work are storable, transferable, or
I have some code to play online games with cryptographic protection,
cards and dice,
and I am
NEWS ANALYSIS :TECH
By Stephen H. Wildstrom
How a Digital Signature Works
Is this a count the errors contest? I count six.
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
E-commerce attack imminent; Sudden increase in port scanning for SSL
doesn't look good.
... aka not necessarily an attack on SSL itself ... but identifying
end-points with open SSL ports as attack targets i.e. end-points with
Don't dismiss possibilities for wireless data eavesdropping without
considering the possibilities of this new chip
and its friends
On Apr 15, 2004, at 8:58 PM, Ed Gerck wrote:
Currently, voter privacy is absolute in the US and does not depend
even on the will of the courts. For example, there is no way for a
judge to assure that a voter under oath is telling the truth about how
they voted, or not.
For many years in the 90's
On Dec 27, 2003, at 10:01 AM, Ben Laurie wrote:
Note that there is no theoretical reason that it should be possible
to figure out the public key given the private key, either, but it so
happens that it is generally possible to do so
So what's this generally possible business about?
On Dec 14, 2003, at 8:26 AM, Steve Bellovin wrote:
Last time such a machine appeared, some people reported that ebay
blocked their access to the listing. That included one person in the
Curious. I can
On Thursday, Oct 9, 2003, at 04:31 America/Chicago, Peter Clay wrote:
If you want a VPN that road warriors can use, you have to do it with
If someone out there wants to write VPN software that becomes widely
then they should make a free IP-over-TCP solution that works on
BTW, you can decrease the wavelength of a photon by bouncing it off
Sure. To double the energy (halve the wavelength), move the mirror at
70% of the speed of light. And since you don't know exactly when the
photon is coming, keep it moving at that speed ...
Well, that's the question - is Eve allowed to
forward packets, in the act of listening, or
is that the Mallory's job? I don't know.
You can't measure a single-particle state without at least some chance
of destroying the state. (Even quantum non-demolition methods affect
the measured system a
Matt Crawford [EMAIL PROTECTED] writes:
... Netscrape ind Internet Exploder each have a hack for
honoring the same cert for multiple server names. Opera seems to honor at
least one of the two hacks, and a cert can incorporate both at once.
Mail list logo