On Thu, 5 Jun 2003 19:52:28 -0700, Kevin Elliott said:
> Out of curiosity, how does the performance of AES compare to Blowfish
> (seeing as how performance would be the obvious advantage of Blowfish
Encrypt/decrypt time for Libgcrypt:
Algo ECB CBC CFB CT
On Thu, 5 Jun 2003, Kevin Elliott wrote:
>Out of curiosity, how does the performance of AES compare to Blowfish
>(seeing as how performance would be the obvious advantage of Blowfish
>over 3DES)? Also are there any patent/license constraints on AES
>(the main reason I think Blowfish has become
At 17:05 -0700 on 5/30/03, Eric Rescorla wrote:
Blowfish has been around longer than Rijndael; I think AES may not yet
have gotten as much cryptographic attention as Blowfish's several-year
headstart has given it.
I just looked in citeseer and it seems to me that AES has gotten much
more atten
The AP wire reports that the founder of Nullsoft, Justin Frankel, plans
to resign in the wake of WASTE being pulled.
http://www.nytimes.com/aponline/technology/AP-AOL-Nullsoft.html
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com
In order to increase hardware efficiency, the 8-bit S-boxes of Anubis
have been designed by combining 4-bit S-boxes with bit permutations in
two layers. 4-bit S-boxes always have quadratic equations.
Hence if you would be worried about algebraic attacks on AES, you probably
should also worry abo
What do you folks think about Anubis [1] ?
I don't understand the maths, but I would *like* to think that Rijndael's
positive results (mostly, its lack of negative results) would apply to Anubis
while Rijndael's negatives (such as the hypothetical algebraic solution)
wouldn't.
Regards,
Zooko
In message <[EMAIL PROTECTED]>, "John Brothers"
writes:
>
>> Any license that you may
>> believe you acquired with the Software is void, revoked and terminated.
>
>
>Can you void and/or revoke the GPL?
It doesn't matter if the GPL statement wasn't inserted by the real
owner of the work. Note
At 04:33 PM 5/30/03 -0700, bear wrote:
...
Blowfish has been around longer than Rijndael; I think AES may not yet
have gotten as much cryptographic attention as Blowfish's several-year
headstart has given it. I think that a "perfect cipher" of Blowfish's
block size would necessarily be less secure
> Any license that you may
> believe you acquired with the Software is void, revoked and terminated.
Can you void and/or revoke the GPL? On one hand, the files are clearly
marked as copyright NullSoft, but on the other, they are also clearly
distributed with the GPL as the license in the header
On 30 May 2003, Eric Rescorla wrote:
>bear <[EMAIL PROTECTED]> writes:
>There are three possibilities here:
>E(M) || H(E(M)) -> This is radically insecure.
>E(M) || H(M)-> This is still quite dangerous. If the attacker
> can somehow reset the IV, then they can mount
>
Eric Rescorla wrote:
>E(M) || H(M)-> This is still quite dangerous. If the attacker
> can somehow reset the IV, then they can mount
> an attack on the first cipher block.
Also, it can violate confidentiality. If M is guessable,
the guess can be confirmed
> It's utterly baffling to me why people like this choose to design
> their own thing rather than just using SSL.
Totally agree. At this point in time, if it's a TCP based protocol
and it isn't built on SSL/TLS, it should pretty much be treated
as snake oil, I'd say. Perhaps some kind of evangel
bear <[EMAIL PROTECTED]> writes:
> On 30 May 2003, Eric Rescorla wrote:
> >Bill Stewart <[EMAIL PROTECTED]> writes:
> >(1) They use MD5 instead of HMAC for message authentication. Scary.
>
> If MD5 itself is to be trusted as a hash function, this is not
> particularly scary. They are using MD5 ov
On 30 May 2003, Eric Rescorla wrote:
>Bill Stewart <[EMAIL PROTECTED]> writes:
>
>(0) Their messages don't appear have any sequence numbers, making them
>potentially open to a wide variety of integrity attacks. They have some sort
>of guid but unless you intend to keep a record of all gu
And now we see this when you go to the page...
very interesting.
nick
---begin---
NOTICE OF UNAUTHORIZED SOFTWARE
An unauthorized copy of Nullsoft's copyrighted software was briefly posted on this website on or about Wednesday May 28,
2003. The software was identified as "WASTE" (the "Software") a
- Original Message -
From: "R. A. Hettinga" <[EMAIL PROTECTED]>
Subject: CDR: Re: Nullsoft's WASTE communication system
> It's been pulled -- and mirrored :-). Nullsoft's part of AOHell. Gee, I
> wonder how *that* happened...
It should've be
Bill Stewart <[EMAIL PROTECTED]> writes:
> http://www.nullsoft.com/free/waste/ - Overview
> http://www.nullsoft.com/free/waste/security.html - Security section
> http://www.nullsoft.com/free/waste/network.html - Network design
> http://slashdot.org/article.pl?sid=03/05/29/0140241&mode=thread&tid=1
At 1:33 AM -0700 5/29/03, Bill Stewart wrote:
>Nullsoft, who did Winamp and Gnutella, just released a package called W A
>S T E
>which does encrypted communications within small groups of people.
It's been pulled -- and mirrored :-). Nullsoft's part of AOHell. Gee, I
wonder how *that* happened...
At 01:33 AM 5/29/2003 -0700, Bill Stewart wrote:
http://www.nullsoft.com/free/waste/ - Overview
http://www.nullsoft.com/free/waste/security.html - Security section
http://www.nullsoft.com/free/waste/network.html - Network design
http://slashdot.org/article.pl?sid=03/05/29/0140241&mode=thread&tid=12
http://www.nullsoft.com/free/waste/ - Overview
http://www.nullsoft.com/free/waste/security.html - Security section
http://www.nullsoft.com/free/waste/network.html - Network design
http://slashdot.org/article.pl?sid=03/05/29/0140241&mode=thread&tid=126&tid=93
- Slashdot discusssion
Nullsoft, who d
20 matches
Mail list logo
