### Re: [Cryptography] prism-proof email in the degenerate case

Having a public bulletin board of posted emails, plus a protocol for anonymously finding the ones your key can decrypt, seems like a pretty decent architecture for prism-proof email. The tricky bit of crypto is in making access to the bulletin board both efficient and private. This idea has

### Re: Crypto dongles to secure online transactions

Ben Laurie benl google.com writes: Anyway, I should mention my own paper on this subject (with Abe Singer) from NSPW 2008, Take The Red Pill _and_ The Blue Pill: http://www.links.org/files/nspw36.pdf In writing on page 2 that you do not need to secure what you put in an Amazon shopping basket

### Re: Unattended reboots (was Re: The clouds are not random enough)

Arshad Noor arshad.noor strongauth.com wrote: to the keys, in order for the application to have access to the keys in the crypto hardware upon an unattended reboot, the PINs to the hardware must be accessible to the application. If the application has automatic access to the PINs, then so

### Re: Decimal encryption

Philipp Gühring wote: I am searching for symmetric encryption algorithms for decimal strings. Let's say we have various 40-digit decimal numbers: 2349823966232362361233845734628834823823 3250920019325023523623692235235728239462 0198230198519248209721383748374928601923 As far as I

### Re: Looking through a modulo operation

Matt Ball matt.ball ieee.org wrote Here is a C implementation of __random32: typedef unsigned long u32; struct rnd_state { u32 s1, s2, s3; }; static u32 __random32(struct rnd_state *state) { #define TAUSWORTHE(s,a,b,c,d) ((sc)d) ^ (((s a) ^ s)b) state-s1 = TAUSWORTHE(state-s1, 13,

### Re: Lack of fraud reporting paths considered harmful.

Perry wrote: His firm routinely discovers attempted credit card fraud. However, since there is no way for them to report attempted fraud to the credit card network (the protocol literally does not allow for it), all they can do is refuse the transaction -- they literally have no mechanism to

### Re: Death of antivirus software imminent

From: Alex Alten [EMAIL PROTECTED] Writing in support of CALEA capability to assist prosecuting botnet operators etc ... Generally any standard encrypted protocols will probably eventually have to support some sort of CALEA capability. So you havn't heard that the UK has closed down the

### No PAL please, we're British

According to this BBC story until fairly recently the British military refused to have PALs on nuclear weapons. http://news.bbc.co.uk/1/hi/programmes/newsnight/7097101.stm - The Cryptography Mailing List Unsubscribe by sending

This does not extend the discussion at hand, but it might be useful to some here who may have to deal with FIPS 140-2. On 13 Oct 2007 09:32:44 +1000, Damien Miller wrote: Some comments: * Use of an off-the-shelf algorithm like SHA1 might be nice for tick here for FIPS certification, but

### Re: Full Disk Encryption solutions selected for US Government use

On 8 Oct 2007 10:12:58 -0700, Stephan Somogyi wrote: At 02:11 +1300 09.10.2007, Peter Gutmann wrote: But if you build a FDE product with it you've got to get the entire product certified, not just the crypto component. I don't believe this to be the case. FIPS 140(-2) is about

### Re: Scare tactic?

Ivan Krstic ... But hey, if the peer is malicious or compromised to begin with, it could just as well do DH normally and explicitly send the secret to the listener when it's done. Not much to see here. But it gets more interesting if the endpoints are not completely and solely controlled by

### RE: Another Snake Oil Candidate

On 12 Sep 2007 20:18:22 -0700, Aram Perez wrote: I don't about you, but when I hear terms like (please pardon my cynicism): with military grade AES encryption - Hum, I'll have to ask NIST about that. AES can be permitted for use in classified environments. See

### [cryptography] provable security

It is worth reading: http://www.ams.org/notices/200708/tx070800972p.pdf Pascal - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

### Re: FIPS 140-2, PRNGs, and entropy sources

On 9 Jul 2007 16:08:33 -0600, Darren Lasko wrote: 2) Does FIPS 140-2 have any requirements regarding the quality of the entropy source that is used for seeding a PRNG? Yes. The requirement imposed by FIPS 140-2 (http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf) are in section

### Re: can a random number be subject to a takedown?

A lot of sites have been getting DMCA takedowns for the HD-DVD processing key that got leaked recently. My question to the assembled: are cryptographic keys really subject to DMCA subject to takedown requests? I suspect they are not copyrightable under the criterion from the phone directory

### Re: How important is FIPS 140-2 Level 1 cert?

On 27 Dec 2006 14:10:10 -0500, Thor Lancelot Simon wrote: On Tue, Dec 26, 2006 at 05:36:42PM +1300, Peter Gutmann wrote: In addition I've heard of evaluations where the generator is required to use a monotonically increasing counter (clock value) as the seed, so you can't just use the PRNG

### Re: How important is FIPS 140-2 Level 1 cert?

On 22 Dec 2006 11:43:58 -0500, Perry E. Metzger wrote: [I was asked to forward this anonymously. --Perry] From: [Name Withheld] To: cryptography@metzdowd.com Subject: Re: How important is FIPS 140-2 Level 1 cert? Paul Hoffman [EMAIL PROTECTED] wrote: At 11:25 AM -0500 12/21/06, Saqib

### Re: classical crypto programmatic aids

Travis, Does anyone here know of any computer-based aids for breaking classical cryptosystems? I'm thinking in particular of the ones in Body of Secrets, which are so short that I really hope they're monoalphabetic substitutions. But I'm interested in these sorts of programs more

### Re: Pseudonymity for tor: nym-0.1 (fwd)

From: Bill Frantz [EMAIL PROTECTED] system, for example, recognition of the number on an image. In fact, This solution is subject to a rather interesting attack, which to my knowledge has not yet been named, although it is occasionally used Stealing Cycles from Humans is the name I know for

### Re: European country forbids its citizens from smiling for passport photos

From: William Allen Simpson [EMAIL PROTECTED] Do you really need to click on this link to know which one it is? http://cbs5.com/watercooler/watercooler_story_258152613.html Which one it is depends what the meaning of one is. Announced in multiple news sources last year:

### Re: The cost of online anonymity

From: R.A. Hettinga [EMAIL PROTECTED] http://news.bbc.co.uk/1/low/programmes/click_online/4227578.stm Digital evidence expert at the London School of Economics, Peter Sommer says: A few years ago I was very much in favour of libertarian computing. What changed my mind was the

### Re: encrypted tapes

From: Perry E. Metzger [EMAIL PROTECTED] It is worse than that. At least one large accounting company sends new recruits to a boot camp where they learn how to conduct security audits by rote. They then send these brand new 23 year old security auditors out to conduct security audits, with

### Re: encrypted tapes (was Re: Papers about Algorithm hiding ?)

From: Charles M. Hannum [EMAIL PROTECTED] I can name at least one obvious case where sensitive data -- namely credit card numbers -- is in fact something you want to search on: credit card billing companies like CCbill and iBill. Without the ability to search by CC#, customers are pretty

### Re: Is finding security holes a good idea?

From: Eric Rescorla [EMAIL PROTECTED] Is finding security holes a good idea? Paper:http://www.dtc.umn.edu/weis2004/rescorla.pdf Slides: http://www.dtc.umn.edu/weis2004/weis-rescorla.pdf In section 1 there's a crucial phrase not properly followed up: significant opportunity cost

### Re: Reliance on Microsoft called risk to U.S. security

From: bear [EMAIL PROTECTED] Heh. You looked at my mail headers, didn't you? Yes, I use pine - primarily *because* of that property. It treats all incoming messages as text rather than live code. BUGTRAQ in the last 3 years lists over 80 mails on pine - including reference to this recently