Re: EC Plans Cybersecurity Agency (Fwd)
fyi EUROPEAN COMMISSION PLANS CYBERSECURITY AGENCY There's more information at the official site: http://europa.eu.int/eeurope Cheers, Stefan. --- Dipl.-Inform. Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Albert-Nestler-Strasse 9, D-76131 Karlsruhe Tel. +49 721 6105-461, Fax +49 721 6105-455 E-Mail [EMAIL PROTECTED], http://www.secorvo.de --- PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Columbia crypto box
At 10:43 PM 2/11/2003 -0800, Bill Frantz wrote: I wrote: (IIRC, basically what the device did was reveal 16 bits of a DES key.) It has been pointed out to me that they were even more clever than that. (This technique could allow a dictionary attack on known/probable plain text.) What they did instead was, take a 56 bit DES key through a one way function, zero certain bits so only 40 are variable, take the result through another one way function, and use the result as a DES key for encryption. For details see US patent 5,323,464: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2Sect2=HITOFFp=1u=/netahtml/search-bool.htmlr=47f=Gl=50co1=ANDd=ptxts1=Matyas.INZZ.OS=IN/MatyasRS=IN/Matyas This *still* allows a dictionary attack; in fact, it allows a more powerful one than revealing 16 bits of the key does. If you just reveal 16 bits of the key, then an adversary either needs to store 2^56 dictionary entries, or enumerate 2^40 keys. If you do as CDMF does, there are effectively only 2^40 possible 56-bit keys; these can be precomputed and stored on eg. tape. (7.5 terabytes, well within tape library range 10 years ago.) So you can *still* brute force the keys just as easily, noting that all this really does is avoid two hash function invokations per key. More, though, you can now compute and store (in comparable tape space) the dictionary, so CDMF *does* allow a precomputed dictionary attack that requires only storage for 2^40 dictionary entries (whatever size they are). So CDMF isn't that neat, really... Greg. Greg Rose INTERNET: [EMAIL PROTECTED] Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199 Level 3, 230 Victoria Road,http://people.qualcomm.com/ggr/ Gladesville NSW 2111232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Stupid security measures, a contest
Human rights watchdog Privacy International has launched a quest to find the World's Most Stupid Security Measure. http://www.theregister.co.uk/content/55/29279.html -- It is seldom that liberty of any kind is lost all at once. -Hume - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Stupid security measures, a contest
At 10:11 AM 2/12/03 -0500, Adam Shostack wrote: Human rights watchdog Privacy International has launched a quest to find the World's Most Stupid Security Measure. I can't imagine this is the stupidest, but there's a state office building in Missouri where (no doubt due to some Directive From On High), they've put up a wooden shack in front of the main entrance, where anyone going in or out has to pass through a metal detector. The wooden shack isn't directly in front of the entrance, however--probably, that would make life too hard on the smokers, who now have to go outside to smoke. It's more like about 50' in front of it, completely unconnected to the building. The really entertaining bit is that, since most people going into the building are basically law abiding (state employees), most people seem to go through the shack and get checked for weapons, rather than around the shack to save time. --John Kelsey, [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]