In case this is useful to anyone, here's the Windows code to use rdrand, to
complement the gcc version for Unix systems. It'll also be present in the
next release of the cryptlib RNG code, available under a GPL, LGPL, or BSD
license, depending on which you prefer.
#if defined( _MSC_VER )
On 06/27/2011 06:30 PM, Sampo Syreeni wrote:
On 2011-06-20, Marsh Ray wrot
I once looked up the Unicode algorithm for some basic case
insensitive string comparison... 40 pages!
Isn't that precisely why e.g. Peter Gutmann once wrote against the
canonicalization (in the Unicode context,
On 28/06/11 11:25 AM, Nico Williams wrote:
On Tue, Jun 28, 2011 at 9:56 AM, Marsh Rayma...@extendedsubset.com wrote:
Consequently, we can hardly blame users for not using special characters in
their passwords.
The most immediate problem for many users w.r.t. non-ASCII in
passwords is not
And this discussion of ASCII and internationalization has what to do with
cryptography, asks the person on the list is who is probably most capable of
arguing about it but won't? [1]
--Paul Hoffman
[1] RFC 3536, and others
___
cryptography mailing
On 06/28/2011 10:36 AM, Ian G wrote:
On 28/06/11 11:25 AM, Nico Williams wrote:
The most immediate problem for many users w.r.t. non-ASCII in
passwords is not the likelihood of interop problems but the
heterogeneity of input methods and input method selection in login
screens, password input
On 06/28/2011 12:01 PM, Paul Hoffman wrote:
And this discussion of ASCII and internationalization has what to do
with cryptography, asks the person on the list is who is probably
most capable of arguing about it but won't? [1]
It's highly relevant to the implementation of cryptographic systems
On 06/28/2011 12:48 PM, Steven Bellovin wrote:
Wow, this sounds a lot like the way 64-bit DES was weakened to 56 bits.
It wasn't weakened -- parity bits were rather important circa 1974.
(One should always think about the technology of the time.
It's a very reasonable-sounding explanation,
On 2011-06-28, Marsh Ray wrote:
Yes, but in most actual systems the strings are going to get handled.
Is this really necessarily true, or just an artifact of how things are
implemented now? Or even a simple-minded implementation.
Take the case of passwords and usernames. It might make some
On Jun 28, 2011, at 2:46 31PM, Marsh Ray wrote:
On 06/28/2011 12:48 PM, Steven Bellovin wrote:
Wow, this sounds a lot like the way 64-bit DES was weakened to 56 bits.
It wasn't weakened -- parity bits were rather important circa 1974.
(One should always think about the technology of the
On Tue, Jun 28, 2011 at 2:09 PM, Sampo Syreeni de...@iki.fi wrote:
On 2011-06-28, Marsh Ray wrote:
Yes, but in most actual systems the strings are going to get handled.
Is this really necessarily true, or just an artifact of how things are
implemented now? Or even a simple-minded
On 06/28/2011 02:09 PM, Sampo Syreeni wrote:
But a case-insensitive password compare?!? For some reason I don't
think anybody would want to go there, and that almost everybody would
want the system to rather fail safe than to do anything but pass
around (type-tagged) bits. I mean, would anybody
hi all
I'm new to the list, thanks for such nice discussion. I'm not a
programmed but rather advanced used with few decades of experience in
use of encryption.
The most immediate problem for many users w.r.t. non-ASCII in
passwords is not the likelihood of interop problems but the
12 matches
Mail list logo
