Re: Al Qaeda crypto reportedly fails the test

2004-08-10 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], John Denker writes: Here's a challenge directly relevant to this group: Can you design a comsec system so that pressure against a code clerk will not do unbounded damage? What about pressure against a comsec system designer? That is, of course, one of the primary

NSA Overcomes Fiber-Optic and Encryption

2004-08-10 Thread R. A. Hettinga
--- begin forwarded text Date: Mon, 09 Aug 2004 20:19:35 -0700 To: [EMAIL PROTECTED] From: John Young [EMAIL PROTECTED] Subject: NSA Overcomes Fiber-Optic and Encryption Sender: [EMAIL PROTECTED] Excerpt below from a Baltimore Sun article of August 8, 2004. Some of it could be true, but.

RE: Microsoft .NET PRNG (fwd)

2004-08-10 Thread Anton Stiglic
There is some detail in the FIPS 140 security policy of Microsoft's cryptographic provider, for Windows XP and Windows 2000. See for example http://csrc.nist.gov/cryptval/140-1/140sp/140sp238.pdf where they say the RNG is based on FIPS 186 RNG using SHS. The seed is based on the collection of

Re: Cryptography and the Open Source Security Debate

2004-08-10 Thread John Kelsey
From: lrk [EMAIL PROTECTED] Sent: Aug 6, 2004 1:04 PM To: R. A. Hettinga [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Cryptography and the Open Source Security Debate ... More dangerous is a key generator which deliberately produces keys which are easy to factor by someone knowing

How a Digital Signature Works

2004-08-10 Thread R. A. Hettinga
http://www.businessweek.com/print/technology/content/aug2004/tc20040810_3053_tc024.htm?tc Business Week AUGUST 10, 2004 NEWS ANALYSIS :TECH By Stephen H. Wildstrom How a Digital Signature Works Microsoft's new Service Pack makes life tough for programs lacking the proper electronic

Re: How a Digital Signature Works

2004-08-10 Thread Matt Crawford
NEWS ANALYSIS :TECH By Stephen H. Wildstrom How a Digital Signature Works Is this a count the errors contest? I count six. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Microsoft .NET PRNG (fwd)

2004-08-10 Thread Ed Gerck
The PRNG should be the least concern when using MSFT's cryptographic provider. The MSFT report 140sp238.pdf says: RSAENH stores keys in the file system, but relies upon Microsoft Windows XP for the encryption of the keys prior to storage. Not only RSAENH writes keys to a