On Thu, Aug 26, 2010 at 06:25:55AM -0400, Jerry Leichter wrote:
[F]IPS doesn't tell you how to *seed* your deterministic generator. In
effect, a FIPS-compliant generator has the property that if you start it
with an unpredictable seed, it will produce unpredictable values.
Looking for feedback on this section on RNGs:
Equations are broken in HTML, but clear in PDF:
I am aware the Renyi entropy link is
Hey, another PRNG is broken. Raise your hand if you're surprised.
A Weapon of Mass Construction
My emails do not have attachments; it's a digital signature that your mail
On Tue, Dec 11, 2007 at 02:01:03PM -0500, j...@tla.org wrote:
How many bits (not just data, also preamble/postamble, sync bits, etc.)
is the keyboard sending for each keystroke anyway?
FWIW, it is likely sending keyboard scan codes:
It doesn't send the
Assume for a moment that we have a random number generator which is
non-uniform, and we are using it to generate a key.
What I'd like to do is characterize the work factor involved in
brute-force search of the key space, assuming that the adversary
has knowledge of the characteristics
Reading really old email, but have new information to add.
On Wed, Oct 03, 2007 at 02:15:38PM +1000, Daniel Carosone wrote:
Speculation: the drive always encrypts the platters with a (fixed) AES
key, obviating the need to track which sectors are encrypted or
not. Setting the drive password
Towards the end of this rather offbeat blog post they describe a
rather clever attack which is possible when the application provides
error messages (i.e. is an error oracle) for PKCS7 padding in e.g.
Crypto ergo sum. https://www.subspacefield.org/~travis/
Truth does not fear scrutiny or competition, only lies do.
If you are a spammer, please email [EMAIL PROTECTED] to get blacklisted.
Quantum cryptography broken
KurzweilAI.net, April 20, 2008
Two Swedish scientsts, Jorgen Cederlof, now of Google, and Jan-Ake
Larsson of Link In a paper published in IEEE Trans. Inf Theory, 54:
1735-1741 (2008), they
I've been working on the randomness and unpredictability this morning
instead of doing my taxes, and found these links:
The section on randomness, entropy, etc. is here:
I've got two presentations I've given on encrypted storage technologies here:
There's also a book I'm writing, if anyone is interested.
I need a better strategy for being less analytical.
For a good time on my
So at the company I work for, most of the internal systems have
expired SSL certs, or self-signed certs. Obviously this is bad.
I know that if we had IT put our root cert in the browsers, that we
could then generate our own SSL certs.
Are there any options that don't involve adding a new root
The stream is deaf, yet sings its melody for all to hear.
For a good time on my email blacklist, email [EMAIL PROTECTED]
Description: PGP signature
On Wed, Dec 19, 2007 at 08:22:09AM +0100, Luis Martin wrote:
I am not sure I understood what you want but here's my suggestion.
The problem is that client code assumes that there is a fixed (constant)
relationship between the size of the output and the size of the input,
and does its own memory
So... supposing I was going to design a crypto library for use within
a financial organization, which mostly deals with credit card numbers
and bank accounts, and wanted to create an API for use by developers,
does anyone have any advice on it?
It doesn't have to be terribly complete, but it does
On Thu, Nov 15, 2007 at 10:28:43AM +0200, [EMAIL PROTECTED] wrote:
There's a dependency from negotiated capabililities
to the cryptographic things included in the first message
from client to server (since e.g. what algorithm is
used by the client, or even what certificate is selected,
On Tue, Nov 13, 2007 at 08:35:52AM +0200, [EMAIL PROTECTED] wrote:
The extra messages might be irrelevant for cryptography,
but they're not irrelevant for security or functionality.
E.g. in SSL, you have capability/feature negotiation
(cipher suites, trusted CAs, in TLS 1.2 also signature
On Mon, May 21, 2007 at 04:32:10PM -0400, Victor Duchovni wrote:
On Mon, May 21, 2007 at 02:44:28PM -0400, Perry E. Metzger wrote:
My take: clearly, 1024 bits is no longer sufficient for RSA use for
high value applications, though this has been on the horizon for some
time. Presumably, it
On Tue, Oct 09, 2007 at 06:08:44PM +1300, Peter Gutmann wrote:
how do you want access to the keys controlled? ACLs? Who sets the ACLs? Who
can manage them? How are permissions managed? What's the UI for this? Under
what conditions is sharing allowed? If sharing is allowed, how do you
Does anyone have information on:
1) The ECAES weakness that led to ECIES
2) Any known weaknesses of ECIES
3) Relative performance figures between ECC routines like ECIES
and D/H (or possibly RSA, though IES is based on EC-DH)
I can generate the last if these figures are not available.
Jon Callas, CTO and CSO of PGP Corp., responded that this [previously
undocumented] feature was required by unnamed customers and that
competing products have similar functionality.
So I'm looking for a minimum cost transformation with _only_ the
Given a set of m input bits X, produce a set of n output bits Y such
that knowledge of some subset of X and Y gives a minimum knowledge of
the remainder (of Y if that makes it simple, but of X would be
Mail list logo