Does anyone have good English docs on the Chinese SMx algorithms?
Interested in descriptions and analyses, similarities to US standards etc.
--
http://www.subspacefield.org/~travis/ | if spammer then j...@subspacefield.org
"Computer crime, the glamor crime of the 1970s, will become in the
1980s
On Sun, Jan 17, 2016 at 11:49:20PM -0800,
travis+ml-rbcryptogra...@subspacefield.org wrote:
> On Sun, Jan 17, 2016 at 08:31:44PM -, John Levine wrote:
> > >1) Can we use SAT (or another NPC problem) as a POW?
> >
> > Meybe. Remember that a POW has to be hard to compute but easy
> > to
http://gfverif.cryptojedi.org/
(Humorous logo of Evariste Galois and a checkmark elided)
Cryptographic software needs to be correct: even a tiny bug can have
disastrous consequences for security, as illustrated by Brumley,
Barbosa, Page, and Vercauteren exploiting an ECDH carry bug in OpenSSL
https://www.corelan.be/index.php/2016/01/06/crypto-in-the-box-stone-age-edition/
--
http://www.subspacefield.org/~travis/ | if spammer then j...@subspacefield.org
"Computer crime, the glamor crime of the 1970s, will become in the
1980s one of the greatest sources of preventable business loss."
On Sun, Jan 17, 2016 at 08:31:44PM -, John Levine wrote:
> >1) Can we use SAT (or another NPC problem) as a POW?
>
> Meybe. Remember that a POW has to be hard to compute but easy
> to verify and each instance should be roughly the same difficulty.
> My impression is that some SAT problems
So I'm sure I'm not the first person to muse on the mining POW problem
and its lack of social value apart from being hard. Let me lay out a
few links I've been reading in my "copious" free time and risk
sounding naive by musing a bit. Hopefully those of you with more
knowledge can correct me
I'm embarrassed by the long, rambling post. It was notes to myself,
which I then circulated to my friends and forwarded without editing.
I should summarize.
0) Bitcoin is amazing technology. Truly neat. Many related ideas,
must have taken a long time to develop. Impressive. Caught
me
Anyone know of any sort of ZKS or homomorphic encryption processing
for finsys?
Apart from IFC, where might I read about that?
--
http://www.subspacefield.org/~travis/
I'm feeling a little uncertain about this random generator of numbers.
pgpjVA97EU0vQ.pgp
Description: PGP signature
http://threatpost.com/crypto-model-based-on-human-cardiorespiratory-coupling/105284
This is nonsense, right? Unbounded in the sense of relying on secrecy of the
unbounded number of algorithms?
--
http://www.subspacefield.org/~travis/
Remediating... like a BOSS.
pgpN5LxP8p9JX.pgp
Just saying...
They have signatures now, but there's no way to effectively audit them or
expire them.
--
http://www.subspacefield.org/~travis/
pgp7CZOSVg650.pgp
Description: PGP signature
___
cryptography mailing list
cryptography@randombit.net
Hi,
So, my problem is to create a format-preserving injective function
which is non-invertible (at least computationally).
Since it's format preserving, it has to be a bijection, I'm guessing
that basically boils down to a (computationally strong?) random
permutation, for a domain of size =/=
On Wed, Jan 30, 2013 at 12:01:24PM +0300, ianG wrote:
So my message is: DIY crypto rocks [5]. JCE/provider crypto is so
not the answer I've forgotten what the question is. With Java in
particular, life is very bipolar, there is such a gulf between the
bureaucracy of the Oracle and the
Thinking out loud;
One reason why PBKDF2 requires the original password is so that you don't
repeatedly
hash the same thing, and end up a short cycle, where e.g. hash(x) = x. At
that
point, repeated iterations don't do anything.
I just realized, you don't necessarily need to put the original
I want to find common improper usages of OpenSSL library for SSL/TLS.
Can be reverse-engineered from a how to properly use OpenSSL FAQ,
probably, but would prefer information to the first point rather than
its complement.
--
http://www.subspacefield.org/~travis/
Any sufficiently advanced magic
Any reason PBKDF2 shouldn't be used for (storing) hashed passwords?
Seems like it solves many problems:
1) slowing down guesses (at cost of slowing valid entries too)
2) parameterized iteration
3) IV/salt/uniquification
4) widely deployed, tested
5) difficult to parallelize (iterations)
6)
On Mon, Dec 20, 2010 at 10:46:30AM -0800,
travis+ml-rbcryptogra...@subspacefield.org wrote:
libnss, at least on Linux, checks that the signing cert (chain) is valid
at the time of signature - as opposed to present time. (It may check
present time as well - not sure on that).
This makes for
On Mon, Dec 20, 2010 at 10:46:30AM -0800,
travis+ml-rbcryptogra...@subspacefield.org wrote:
libnss, at least on Linux, checks that the signing cert (chain) is valid
at the time of signature - as opposed to present time. (It may check
present time as well - not sure on that).
This makes for
Ran across this course syllabus and papers on the web.
Just skimmed one, seemed like people here might be interested:
http://www.cs.utexas.edu/~shmat/courses/cs395t_fall04/cs395t_notes.html
ObSocialNetworking:
I run the Bay Area (Hackers Association / Security Enthusiasts)
meetings and mailing
On Fri, May 20, 2011 at 05:18:16PM -0500, Nico Williams wrote:
I wonder if A/V shouldn't use something similar?
The rsync rolling CRC is useful for detecting insertions an deletions
-- i.e., remote diff.
Right, but right now some anti-virus does hashes over the whole file,
or so I've heard,
Hmm, after sending this to some of you I remembered this list :-)
Just a quick thought, I noticed the other day that rsync uses a
rolling MD4 hash or something like that to detect changes in a
window of data.
I wonder if A/V shouldn't use something similar?
I assume MD4 is an outdated
So, there's an interesting problem I ran into:
Suppose you need to obfuscate symbols in a symbol file, and to be able
to look them up later to analyze crash dumps.
Suppose further that the symbol file format is kinda weird, and so you
can't re-create the symbol file from scratch.
IOW, the
On Thu, Jan 20, 2011 at 12:49:26PM +1100, Noon Silk wrote:
Sounds to me like the simplist solution is just a one-time pad[1]. It
won't increase the size, and from the sounds of your environment, you
can just keep the keys locally, and use them only when you do the
debugging. But perhaps I'm
On Thu, Jan 20, 2011 at 01:36:55PM +1100, Noon Silk wrote:
Hah. I'm not sure how to take that; if you knew people wouldn't get
the idea from your original message why wouldn't you clarify it up
front?
It's hard to know in what ways people will misunderstand you,
for the same reason it's hard
On Wed, Jan 19, 2011 at 10:22:19PM -0500, Tim Dierks wrote:
Do the following:
1. You will need to make a choice of either leaking identifier length
Done.
2. Develop a one-to-one mapping between symbols expressible in your grammar
and numeric values with a finite scope. [...]
3. You now
Hey all,
I'm attempting to create an extensive archive of papers on -graphy and
-analysis, locally stored and broken down by category/hierarchy,
according to my own personal taxonomy. Maybe one day I'll try to
figure out how to annotate their metadata in some way, possibly a
Is Perry ok?
I hain't seen anything since 8 Oct...
--
Good code works on most inputs; correct code works on all inputs.
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/
If you are a spammer, please
On Wed, Dec 22, 2010 at 09:52:53PM -0800,
travis+ml-rbcryptogra...@subspacefield.org wrote:
The description of the attack is here:
http://news.ycombinator.com/item?id=2029640
And, well...
http://www.mail-archive.com/cryptography@metzdowd.com/msg07521.html
Actually this was the email I
So a co-worker ran into this lately;
libnss, at least on Linux, checks that the signing cert (chain) is valid
at the time of signature - as opposed to present time. (It may check
present time as well - not sure on that).
This makes for problems if you renew the cert, since the new cert will
On Sat, Nov 27, 2010 at 08:19:39AM -0800, coderman wrote:
there are more than a few trivial protections in various
implementations [not OpenSSL current, per se] that cover usual cache
line side channels but leaky sieve in branch prediction cache or
hyper-threading context. and what other
Hey I don't know what it's called, but I'm wondering how one binds a
challenge/response (or whatever you authenticate with) inside a secure
tunnel to prevent the peer from relaying it on to another party to
answer.
I assume it could be as simple as signing a nonce and some parameter
of the
BTW, I have a RNG mlist for those who are interested in such discussions:
http://lists.bitrot.info/mailman/listinfo/RNG
I've thrown out some egd-like ideas as well, including a system that
allows randomly-generated bits to flow from the box with the RNG over
a LAN to the systems that need them,
I don't know if anyone else noticed this but...
Storage systems are basically a subclass of protocols; they're
unidirectional (with no acknowledgements). IOW, you're sending
messages to yourself at some (future) point in space-time.
The recipient cannot respond, so is necessarily
PKCS#7 Oracle Attack Links:
http://www.subspacefield.org/security/security_concepts/index.html#tth_sEc30.5
--
I find your ideas intriguing and would like to subscribe to your newsletter.
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. |
Sent this 10 Jun 2009; Perry did not approve post to list because of
too many messages in one day. I had posted once prior that day,
drawing attention to Ptacek's description of the PKCS#7 Oracle attack
that affected millions of ASP.NET apps. ;-)
Anyway, in case anyone wanted a compilation of
On Wed, Sep 08, 2010 at 12:12:42PM -0700,
travis+ml-rbcryptogra...@subspacefield.org wrote:
A few things leap to mind:
Skipjack and LEAFblower
LANMAN password hashing
http://thedailywtf.com/Articles/So-You-Hacked-Our-Site!.aspx
http://en.wikipedia.org/wiki/A5/1
Also The Art of Intrusion
I'm curious how OTP tokens work.
They only emit a few digits, and they can be resynced with the server
by entering two values, so if I'm thinking correctly, two values must
capture the entire state of the device (the seed for a PRNG or
whatever they use). I assume that there's something in place
Hey all,
Wondering if anyone has good links for key management documents.
I'm betting that NIST has a SP 800 on it; any others?
I'm curious what best practices are, esp. with details on specific
systems like GPG and OpenSSL.
For example, key length and revocation practices are obvious, but
how
37 matches
Mail list logo