Re: questions about RNGs and FIPS 140

2010-08-26 Thread travis+ml-cryptography
On Thu, Aug 26, 2010 at 06:25:55AM -0400, Jerry Leichter wrote: [F]IPS doesn't tell you how to *seed* your deterministic generator. In effect, a FIPS-compliant generator has the property that if you start it with an unpredictable seed, it will produce unpredictable values. That brings

questions about RNGs and FIPS 140

2010-08-25 Thread travis+ml-cryptography
Hey all, Looking for feedback on this section on RNGs: http://www.subspacefield.org/security/security_concepts/index.html#tth_sEc29 Equations are broken in HTML, but clear in PDF: http://www.subspacefield.org/security/security_concepts/security_concepts.pdf I am aware the Renyi entropy link is

phpwn: PHP cookie PRNG flawed (Netscape redux)

2010-08-05 Thread travis+ml-cryptography
https://media.blackhat.com/bh-us-10/whitepapers/Kamkar/BlackHat-USA-2010-Kamkar-How-I-Met-Your-Girlfriend-wp.pdf Hey, another PRNG is broken. Raise your hand if you're surprised. -- A Weapon of Mass Construction My emails do not have attachments; it's a digital signature that your mail program

Re: Intercepting Microsoft wireless keyboard communications

2009-07-17 Thread travis+ml-cryptography
On Tue, Dec 11, 2007 at 02:01:03PM -0500, j...@tla.org wrote: How many bits (not just data, also preamble/postamble, sync bits, etc.) is the keyboard sending for each keystroke anyway? FWIW, it is likely sending keyboard scan codes: http://en.wikipedia.org/wiki/Scancode It doesn't send the

work factor calculation for brute-forcing crypto

2009-07-17 Thread travis+ml-cryptography
Hi folks, Assume for a moment that we have a random number generator which is non-uniform, and we are using it to generate a key. What I'd like to do is characterize the work factor involved in brute-force search of the key space, assuming that the adversary has knowledge of the characteristics

Re: Seagate announces hardware FDE for laptop and desktop machines

2009-06-12 Thread travis+ml-cryptography
Reading really old email, but have new information to add. On Wed, Oct 03, 2007 at 02:15:38PM +1000, Daniel Carosone wrote: Speculation: the drive always encrypts the platters with a (fixed) AES key, obviating the need to track which sectors are encrypted or not. Setting the drive password

padding attack vs. PKCS7

2009-06-12 Thread travis+ml-cryptography
http://www.matasano.com/log/1749/typing-the-letters-a-e-s-into-your-code-youre-doing-it-wrong/ Towards the end of this rather offbeat blog post they describe a rather clever attack which is possible when the application provides error messages (i.e. is an error oracle) for PKCS7 padding in e.g.

Code makers and breakers of WWII era

2008-06-04 Thread travis+ml-cryptography
http://news.cnet.com/2300-1029_3-6240826-1.html?tag=ne.gall.pg -- Crypto ergo sum. https://www.subspacefield.org/~travis/ Truth does not fear scrutiny or competition, only lies do. If you are a spammer, please email [EMAIL PROTECTED] to get blacklisted.

quantum cryptography broken?

2008-04-21 Thread travis+ml-cryptography
http://www.kurzweilai.net/news/frame.html?main=/news/news_single.html?id%3D8471 Quantum cryptography broken KurzweilAI.net, April 20, 2008 Two Swedish scientsts, Jorgen Cederlof, now of Google, and Jan-Ake Larsson of Link In a paper published in IEEE Trans. Inf Theory, 54: 1735-1741 (2008), they

Pi, randomness, entropy, unpredictability

2008-04-16 Thread travis+ml-cryptography
I've been working on the randomness and unpredictability this morning instead of doing my taxes, and found these links: http://crd.lbl.gov/~dhbailey/pi/ http://pisearch.lbl.gov/ The section on randomness, entropy, etc. is here:

presentations about encrypted storage

2008-03-29 Thread travis+ml-cryptography
I've got two presentations I've given on encrypted storage technologies here: http://www.subspacefield.org/security/ There's also a book I'm writing, if anyone is interested. -- https://www.subspacefield.org/~travis/ I need a better strategy for being less analytical. For a good time on my

delegating SSL certificates

2008-03-15 Thread travis+ml-cryptography
So at the company I work for, most of the internal systems have expired SSL certs, or self-signed certs. Obviously this is bad. I know that if we had IT put our root cert in the browsers, that we could then generate our own SSL certs. Are there any options that don't involve adding a new root

crypto quotes

2008-01-26 Thread travis+ml-cryptography
http://www.amk.ca/quotations/cryptography/ -- URL:https://www.subspacefield.org/~travis/ The stream is deaf, yet sings its melody for all to hear. For a good time on my email blacklist, email [EMAIL PROTECTED] pgpqS3cxnwgDl.pgp Description: PGP signature

Re: crypto class design

2007-12-20 Thread travis+ml-cryptography
On Wed, Dec 19, 2007 at 08:22:09AM +0100, Luis Martin wrote: I am not sure I understood what you want but here's my suggestion. The problem is that client code assumes that there is a fixed (constant) relationship between the size of the output and the size of the input, and does its own memory

crypto class design

2007-12-18 Thread travis+ml-cryptography
So... supposing I was going to design a crypto library for use within a financial organization, which mostly deals with credit card numbers and bank accounts, and wanted to create an API for use by developers, does anyone have any advice on it? It doesn't have to be terribly complete, but it does

Re: refactoring crypto handshakes (SSL in 3 easy steps)

2007-11-30 Thread travis+ml-cryptography
On Thu, Nov 15, 2007 at 10:28:43AM +0200, [EMAIL PROTECTED] wrote: There's a dependency from negotiated capabililities to the cryptographic things included in the first message from client to server (since e.g. what algorithm is used by the client, or even what certificate is selected,

Re: refactoring crypto handshakes (SSL in 3 easy steps)

2007-11-15 Thread travis+ml-cryptography
On Tue, Nov 13, 2007 at 08:35:52AM +0200, [EMAIL PROTECTED] wrote: The extra messages might be irrelevant for cryptography, but they're not irrelevant for security or functionality. E.g. in SSL, you have capability/feature negotiation (cipher suites, trusted CAs, in TLS 1.2 also signature

Re: 307 digit number factored

2007-10-10 Thread travis+ml-cryptography
On Mon, May 21, 2007 at 04:32:10PM -0400, Victor Duchovni wrote: On Mon, May 21, 2007 at 02:44:28PM -0400, Perry E. Metzger wrote: My take: clearly, 1024 bits is no longer sufficient for RSA use for high value applications, though this has been on the horizon for some time. Presumably, it

Re: kernel-level key management subsystem

2007-10-10 Thread travis+ml-cryptography
On Tue, Oct 09, 2007 at 06:08:44PM +1300, Peter Gutmann wrote: how do you want access to the keys controlled? ACLs? Who sets the ACLs? Who can manage them? How are permissions managed? What's the UI for this? Under what conditions is sharing allowed? If sharing is allowed, how do you

ECC vs. D/H or RSA

2007-10-05 Thread travis+ml-cryptography
Does anyone have information on: 1) The ECAES weakness that led to ECIES 2) Any known weaknesses of ECIES 3) Relative performance figures between ECC routines like ECIES and D/H (or possibly RSA, though IES is based on EC-DH) I can generate the last if these figures are not available. BTW, I

Undocumented Bypass in PGP Whole Disk Encryption

2007-10-05 Thread travis+ml-cryptography
http://it.slashdot.org/article.pl?sid=07/10/04/1639224from=rss Interesting quote: Jon Callas, CTO and CSO of PGP Corp., responded that this [previously undocumented] feature was required by unnamed customers and that competing products have similar functionality. --

magnifying unpredictability and common subexpressions

2007-08-08 Thread travis+ml-cryptography
So I'm looking for a minimum cost transformation with _only_ the following characteristic: Given a set of m input bits X, produce a set of n output bits Y such that knowledge of some subset of X and Y gives a minimum knowledge of the remainder (of Y if that makes it simple, but of X would be