Re: [Cryptography] prism-proof email in the degenerate case

> Having a public bulletin board of posted emails, plus a protocol > for anonymously finding the ones your key can decrypt, seems > like a pretty decent architecture for prism-proof email. > The tricky bit of crypto is in making access to the bulletin > board both efficient and private. This idea

Re: Crypto dongles to secure online transactions

Ben Laurie writes: > Anyway, I should mention my own paper on this subject (with Abe > Singer) from NSPW 2008, "Take The Red Pill _and_ The Blue Pill": > http://www.links.org/files/nspw36.pdf In writing on page 2 that you do not need to secure what you put in an Amazon shopping basket until you

Re: Unattended reboots (was Re: The clouds are not random enough)

Arshad Noor wrote: > to the keys, in order for the application to have access to the keys in > the crypto hardware upon an unattended reboot, the PINs to the hardware > must be accessible to the application. If the application has automatic > access to the PINs, then so does an attacker who mana

Re: Decimal encryption

Philipp Gühring wote: > I am searching for symmetric encryption algorithms for decimal strings. > > Let's say we have various 40-digit decimal numbers: > 2349823966232362361233845734628834823823 > 3250920019325023523623692235235728239462 > 0198230198519248209721383748374928601923 > > As far as I

Re: Looking through a modulo operation

"Matt Ball" wrote > Here is a C implementation of __random32: > > typedef unsigned long u32; > struct rnd_state { u32 s1, s2, s3; }; > static u32 __random32(struct rnd_state *state) > { > #define TAUSWORTHE(s,a,b,c,d) ((s&c)<>b) > > state->s1 = TAUSWORTHE(state->s1, 13, 19, 4294967294UL, 1

Re: Lack of fraud reporting paths considered harmful.

Perry wrote: > His firm routinely discovers attempted credit card fraud. However, > since there is no way for them to report attempted fraud to the credit > card network (the protocol literally does not allow for it), all they > can do is refuse the transaction -- they literally have no mechanism

Re: Death of antivirus software imminent

From: Alex Alten <[EMAIL PROTECTED]> Writing in support of CALEA capability to assist prosecuting botnet operators etc ... > Generally any standard encrypted protocols will probably eventually have > to support some sort of CALEA capability. So you havn't heard that the UK has closed down the "

No PAL please, we're British

According to this BBC story until fairly recently the British military refused to have PALs on nuclear weapons. http://news.bbc.co.uk/1/hi/programmes/newsnight/7097101.stm - The Cryptography Mailing List Unsubscribe by sending "u

Re: Password hashing

This does not extend the discussion at hand, but it might be useful to some here who may have to deal with FIPS 140-2. On 13 Oct 2007 09:32:44 +1000, Damien Miller wrote: > Some comments: > > * Use of an off-the-shelf algorithm like SHA1 might be nice for "tick here > for FIPS certification", b

Re: Full Disk Encryption solutions selected for US Government use

On 8 Oct 2007 10:12:58 -0700, Stephan Somogyi wrote: > At 02:11 +1300 09.10.2007, Peter Gutmann wrote: > >> But if you build a FDE product with it you've got to get the entire product >> certified, not just the crypto component. > > I don't believe this to be the case. > > FIPS 140(-2) is about

Re: Scare tactic?

Ivan Krstic > ... But hey, if the peer is malicious or compromised to begin with, > it could just as well do DH normally and explicitly send the secret > to the listener when it's done. Not much to see here. But it gets more interesting if the endpoints are not completely and solely controlled b

RE: Another Snake Oil Candidate

On 12 Sep 2007 20:18:22 -0700, Aram Perez wrote: > I don't about you, but when I hear terms like (please pardon my > cynicism): > "with military grade AES encryption" - Hum, I'll have > to ask NIST > about that. AES can be permitted for use in classified environments. See http://csrc.nist.

[cryptography] provable security

It is worth reading: http://www.ams.org/notices/200708/tx070800972p.pdf Pascal - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: FIPS 140-2, PRNGs, and entropy sources

On 9 Jul 2007 16:08:33 -0600, Darren Lasko wrote: >>> 2) Does FIPS 140-2 have any requirements regarding the quality of the >>> entropy source that is used for seeding a PRNG? >> Yes. The requirement imposed by FIPS 140-2 >> (http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf) >> are in

Re: can a random number be subject to a takedown?

> A lot of sites have been getting DMCA takedowns for the HD-DVD > processing key that got leaked recently. > My question to the assembled: are cryptographic keys really subject to > DMCA subject to takedown requests? I suspect they are not > copyrightable under the criterion from the phone direc

Re: How important is FIPS 140-2 Level 1 cert?

On 27 Dec 2006 14:10:10 -0500, Thor Lancelot Simon wrote: > On Tue, Dec 26, 2006 at 05:36:42PM +1300, Peter Gutmann wrote: >> In addition I've heard of evaluations where the generator is required to use >> a >> monotonically increasing counter (clock value) as the seed, so you can't just >> use th

Re: How important is FIPS 140-2 Level 1 cert?

On 22 Dec 2006 11:43:58 -0500, Perry E. Metzger wrote: > [I was asked to forward this anonymously. --Perry] > > From: [Name Withheld] > To: cryptography@metzdowd.com > Subject: Re: How important is FIPS 140-2 Level 1 cert? > > Paul Hoffman <[EMAIL PROTECTED]> wrote: > >> At 11:25 AM -0500 12/21/

Re: classical crypto programmatic aids

Travis, > Does anyone here know of any computer-based aids for breaking > classical cryptosystems? I'm thinking in particular of the ones in > "Body of Secrets", which are so short that I really hope they're > monoalphabetic substitutions. But I'm interested in these sorts of > programs more ge

Re: Pseudonymity for tor: nym-0.1 (fwd)

From: Bill Frantz <[EMAIL PROTECTED]> > >system, for example, recognition of the number on an image. In fact, > This solution is subject to a rather interesting attack, which to my > knowledge has not yet been named, although it is occasionally used "Stealing Cycles from Humans" is the name I k

Re: European country forbids its citizens from smiling for passport photos

From: William Allen Simpson <[EMAIL PROTECTED]> > Do you really need to click on this link to know which one it is? > http://cbs5.com/watercooler/watercooler_story_258152613.html Which one it is depends what the meaning of one is. Announced in multiple news sources last year: http://news.bbc

Re: The cost of online anonymity

From: "R.A. Hettinga" <[EMAIL PROTECTED]> > > Digital evidence expert at the London School of Economics, Peter Sommer > says: "A few years ago I was very much in favour of libertarian computing. > > "What changed my mind wa

Re: encrypted tapes (was Re: Papers about "Algorithm hiding" ?)

From: "Charles M. Hannum" <[EMAIL PROTECTED]> > I can name at least one obvious case where "sensitive" data -- namely credit > card numbers -- is in fact something you want to search on: credit card > billing companies like CCbill and iBill. Without the ability to search by > CC#, customers a

Re: encrypted tapes

From: "Perry E. Metzger" <[EMAIL PROTECTED]> > It is worse than that. At least one large accounting company sends new > recruits to a "boot camp" where they learn how to conduct "security > audits" by rote. They then send these brand new 23 year old "security > auditors" out to conduct security "

Re: Compression theory reference?

From: Hadmut Danisch <[EMAIL PROTECTED]> > It can be easily shown that there is no lossless > compression method which can effectively compress every possible > input. > Therefore, I need a book about computer science or encoding theory, > which explicitely says that this is impossible, in a wa

Re: Is finding security holes a good idea?

From: Eric Rescorla <[EMAIL PROTECTED]> >Is finding security holes a good idea? >Paper:http://www.dtc.umn.edu/weis2004/rescorla.pdf >Slides: http://www.dtc.umn.edu/weis2004/weis-rescorla.pdf In section 1 there's a crucial phrase not properly followed up: "significant opportunity c

Re: Reliance on Microsoft called risk to U.S. security

From: bear <[EMAIL PROTECTED]> > Heh. You looked at my mail headers, didn't you? Yes, I use pine - > primarily *because* of that property. It treats all incoming messages > as text rather than live code. BUGTRAQ in the last 3 years lists over 80 mails on pine - includi

Re: Reliance on Microsoft called risk to U.S. security

From: Jeroen C.van Gelderen <[EMAIL PROTECTED]> > > This is really rather naive. Users don't > > understand pop dialogues, they raise their stress level, always > > clicking > > "yes" makes the problem go away. > > True. But don't you think that this may be in part because the popup > dialogue