Re: The bank fraud blame game

-- Stefan Lucks (moved to Bauhaus-University Weimar, Germany) Stefan.Lucks(at)medien.uni-weimar.de -- I love the taste of Cryptanalysis in the morning! -- - The Cryptography Mailing

Re: passphrases with more than 160 bits of entropy

), ... H(P_L,J,P_L,P_1,J,P_1, ..., P_{L-1},J,P_{L-1}) ) Would that be OK for you application? In any case, I think that using a 160-bit hash function as a building block for a universal one-way function with (potentially) much more than 160-bit of entropy is a bit shaky. -- Stefan

Collisions for hash functions: how to exlain them to your boss

to demonstrate how serious hash function collisions should be taken -- even for people without much technical background. And to help you, to explain these issues - to your boss or your management, - to your customers, - to your children ... Have fun Stefan -- Stefan Lucks Th

Re: Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed)

in the case of TCPA. As I wrote in my response to Carl Ellison's response, one of the main advantages of the Chaum/Pedersen style approach is a clear separation of duties. The TCPA misses this separation, and this is a sign of bad security design. -- Stefan Lucks Th. Informatik, Univ. Mannheim