Re: More problems with hash functions

2004-08-25 Thread Daniel Carosone
My immediate (and not yet further considered) reaction to the description of Joux' method was that it might be defeated by something as simple as adding a block counter to the input each time. I any case, I see it as a form of dictionary attack, and wonder whether the same kinds of techniques

Re: Cryptography and the Open Source Security Debate

2004-08-25 Thread Ben Laurie
lrk wrote: On Thu, Aug 12, 2004 at 03:27:07PM -0700, Jon Callas wrote: On 10 Aug 2004, at 5:16 AM, John Kelsey wrote: So, how many people on this list have actually looked at the PGP key generation code in any depth? Open source makes it possible for people to look for security holes, but it

Re: On hash breaks, was Re: First quantum crypto bank transfer

2004-08-25 Thread John Kelsey
From: Jerrold Leichter [EMAIL PROTECTED] Sent: Aug 24, 2004 7:18 AM To: Joseph Ashwood [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: On hash breaks, was Re: First quantum crypto bank transfer [[Note: I've tried to sort out who wrote what, but something odd was going on in the quoting of

Re: New directions for hash function designs (was: More problems with hash functions)

2004-08-25 Thread Thierry Moreau
Hal Finney wrote: Another of the Crypto talks that was relevant to hash function security was by Antoine Joux, discoverer of the SHA-0 collision that required 2^51 work. Joux showed how most modern hash functions depart from the ideal of a random function. The problem is with the iterative

RFC 3833 Threat analysis of the domain name system (DNS)

2004-08-25 Thread Anne Lynn Wheeler
as always ... can go to and either scroll down the summary page to the 3833 summary and then retrieve the actual RFC by clicking on the .txt= field. In this case it is also possible to click on Term (term-RFC#) in the RFC's listed by section ... and