[cryptography] Book of possible interest
Spreading the word, as it were... The list is where RTTY idiots like me hang out. -- Dave Horsfall DTM (VK2KFU) Those who don't understand security will suffer. Watson never said: I think there is a world market for maybe five computers. -- Forwarded message -- Date: Wed, 05 Aug 2015 09:57:13 -0400 From: Jim Reeds To: greenkeys@ Subject: [GreenKeys] Book of possible interest I am a long-time lurker, and have just helped publish a book that might be of interest to list members: Breaking Teleprinter Ciphers at Bletchley Park: An edition of I.J. Good, D. Michie and G. Timms: General Report on Tunny with Emphasis on Statistical Methods (1945) James A. Reeds (Editor), Whitfield Diffie (Editor), J. V. Field (Editor) IEEE/Wiley Press, July 2015. (See http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470465891,subjectCd-STZ0.html and http://www.amazon.com/Breaking-Teleprinter-Ciphers-Bletchley-Park/dp/0470465891 for details.) -- Jim Reeds re...@idaccr.org __ ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Unbreakable crypto?
On Sat, 21 Mar 2015, Lee wrote: Would a commonly available large binary file make a good one-time pad? Something like ubuntu-14.10-desktop-amd64.iso12 maybe.. Well, you can't use that one now... -- Dave Horsfall DTM (VK2KFU) Those who don't understand security will suffer. http://www.horsfall.org/spam.html (and check the home page whilst you're there) ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Unbreakable crypto?
On Fri, 20 Mar 2015, stef wrote: Or a reasonably clever and trolling satire on snakeoil products. :) the less optimistic alternative is this being a well-crafted water-holing site targeted at the members of this mailing-list. But wouldn't the members of this list be smart enough to not get taken in? Wouldn't they? I like the idea of it being a troll; it certainly explains a lot. -- Dave Horsfall DTM (VK2KFU) Those who don't understand security will suffer. http://www.horsfall.org/spam.html (and check the home page whilst you're there) ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Unbreakable crypto?
On Thu, 19 Mar 2015, Kevin wrote: This software uses the one-time pad. Have any of you seen this? http://www.unbreakable-crypto.com Hilarious; a secure system marketed for fundamentally insecure computers... -- Dave Horsfall DTM (VK2KFU) Those who don't understand security will suffer. http://www.horsfall.org/spam.html (and check the home page whilst you're there) ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Crypto Vulns
On Sat, 7 Mar 2015, Kevin wrote: No 1 vulnerability of crypto is the user 2nd passphrases 3rd overconfidence 4th trust in the producer 5th believing backdoors are No. 1 I don't agree that the user should be first on that list unless you are talking about poor implementation. How would you arrange them, then? I seem to recall that Enigma was broken largely due to sloppy user practices e.g. weak message key, re-use of keys, repeating same message with a weaker scheme, etc. Used properly, Enigma would've been unbreakable at the time. -- Dave Horsfall DTM (VK2KFU) Bliss is a MacBook with a FreeBSD server. http://www.horsfall.org/spam.html (and check the home page whilst you're there) ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] QODE(quick offline data encryption)
On Tue, 6 Jan 2015, Kevin wrote: I figured I'd start building my own open source encryption algorithm: And how many have you broken so far? -- Dave Horsfall DTM (VK2KFU) Bliss is a MacBook with a FreeBSD server. http://www.horsfall.org/spam.html (and check the home page whilst you're there) ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] The Wandering Music Band
On Wed, 7 Jan 2015, realcr wrote: I am looking for some crypto primitive to solve a problem I have. [...] Fascinating... If it helps, I know a couple of musos who are in that position, and also have a geeky bent, so I'll pass along anything that they may have to say. Deep Purple would have some difficulty, of course (I think Jon Lord was the last founding member, and he left), but Led Zeppelin would have no problem (when Bonzo dropped out, so did they, but Jason -- his son -- has done a gig or two since then). I guess, if it is really a band application as opposed to something more abstract, it boils down to what you mean by descendants. At least one founding member left? Are the offspring of same OK? Some musos can be really purist about this. -- Dave Horsfall DTM (VK2KFU) Bliss is a MacBook with a FreeBSD server. http://www.horsfall.org/spam.html (and check the home page whilst you're there) ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] John Gilmore: Cryptography list is censoring my emails
On Thu, 1 Jan 2015, Sadiq Saif wrote: Spamhaus is one that does this [expanding listings for the intransigent]. I think they start targeting the corporate servers, too, to drive the point home to the suits. More power to 'em... If it wasn't for DNSBLs, email would not be possible (something the frea speach frothers seem to overlook). -- Dave Horsfall DTM (VK2KFU) Bliss is a MacBook with a FreeBSD server. http://www.horsfall.org/spam.html (and check the home page whilst you're there) ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] cost-watch - the cost of the Target breach
On Sat, 6 Dec 2014, Jerry Leichter wrote: The British banks have always been much better at fobbing responsibility off on consumers than the American banks - hardly something to be proud of. (I don't know what the state of play is in the rest of the world.) If it's any help, Australian law tends to follow British law, and is slowly rolling out CP; Europe, of course, has had it for ages. And yes, Australian banks used to sue their customers too, for such things as reporting weaknesses in their own systems. -- Dave Horsfall DTM (VK2KFU) Bliss is a MacBook with a FreeBSD server. http://www.horsfall.org/spam.html (and check the home page whilst you're there)___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] random number generator
On Fri, 21 Nov 2014, d...@deadhat.com wrote: OK, if you think my Jytter TRNG is weak, I did not say it was weak. I said Jytter (and any other algorithm) is deterministic when run on an entropy free platform. This is a simple fact. By all meas design new and interesting ways to extract platform entropy, but condition your claims on that entropy being there. Indeed, and I'm still waiting for this claim to be vindicated: ``Jytter does all of this and has been validated and proven by the worlds leading random number experts'' The OP shouldn't have any hesitation in naming these worlds [sic] leading random number experts, nor in providing pointers to such proofs. As a dabbler in crypto and with a mathematical background, I really would like to learn from these experts. -- Dave Horsfall DTM (VK2KFU) Bliss is a MacBook with a FreeBSD server. http://www.horsfall.org/spam.html (and check the home page whilst you're there) ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] random number generator
On Fri, 21 Nov 2014, Stu wrote: Jytter does all of this and has been validated and proven by the worlds leading random number experts. Its been validated as a TRNG (not a PRNG) that operates in userspace. And its only 11 assembly language instructions. And just who would these experts be, exactly? -- Dave Horsfall DTM (VK2KFU) Bliss is a MacBook with a FreeBSD server. http://www.horsfall.org/spam.html (and check the home page whilst you're there) ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] any updates on shellshock?
On Sat, 4 Oct 2014, Kevin wrote: Hello. I am wondering if we have any knew info on shellshock? How much of a threat is it at this point? Patch Tuesday anyone? Last I heard, vulnerabilities are still being discovered (but not exploited); the old many eyeballs trick works after all. -- Dave ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] I'd like to add you to my professional network on LinkedIn
On Sun, 27 Jul 2014, David Jr Adamson wrote: I'd like to add you to my professional network on LinkedIn. Looks like some dweeb needs to learn something about computer security i.e. don't let untrusted third parties raid your address book and spam everyone in it. Then again, he probably uses Windoze, so there's little hope. -- Dave ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Best practices for paranoid secret buffers
On Wed, 7 May 2014, Kevin wrote: [...] Should finalizers be explicit or implicit? (or should an implicit finalizer try to make sure buffers are finalized if you don't do it yourself?) Probably time to mention this classic: http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf In brief, can you trust your compiler? I'm told that one version actually escaped from BBN, but thankfully it ran on hardware (a P40, I think) that exists only in museums. -- Dave ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Best practices for paranoid secret buffers
On Tue, 6 May 2014, Tony Arcieri wrote: Should finalizers be explicit or implicit? (or should an implicit finalizer try to make sure buffers are finalized if you don't do it yourself?) I've never trusted OSs that cleared buffers in the finaliser. Do it yourself, then you know it's done. For that matter, I've never trusted malloc() either, but at least calloc() promises to clear it. Are paranoid buffers worth the effort? Are the threats they'd potentially mitigate realistic? Are there too many other things that can go wrong (e.g. rewindable VMs) for this to matter? Even paranoids have enemies :-) -- Dave ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] DES history
On Mon, 5 May 2014, Marcus Brinkmann wrote: It is well known that the DES S-Boxes were specifically designed (by the NSA, no less, back in the good ol' days) to protect against that attack. If I recall Schneier, the S-boxes were *modified* by the NSA, not designed. -- Dave ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] DES history
A question about DES. Did anyone ever try map or graph the routes through the S-boxes? I mean pictorially. Do the routes produce some kind of wave or path, that have (or have not) relationships with the other routes? Mentioned in Schneier, I believe. -- Dave ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography