> actually justified for cryptosystems: It turned out, on the key escrow side
> of the protocol design, NSA actually fell over the edge, and there was a
> simple attack (Matt Blaze's work, as I recall).
Details on the so-called LEAF blower here:
http://www.crypto.com/papers/eesproto.pdf
--
http:/
Does anyone have any references on how one would go about creating
manipulating the boolean equations that govern symmetric ciphers?
I know that most of the time ciphers describe an algorithm, often
using tables (S-boxes and E-tables) in lieu of providing equations,
and I'm wondering how one goes
> In many cases, the observed time depends both on the input and on some
> other random noise. In such cases, averaging attacks that use the same
> input over and over again will continue to work, despite the use of
> a pseudorandom input-dependent delay. For instance, think of a timing
> attack
Thomas Sjögren wrote:
> On Tue, Nov 08, 2005 at 05:58:04AM -0600, Travis H. wrote:
> > The only thing close that I've seen is Bestcrypt, which is commercial
> > and has a Linux and Windows port. I don't recall if the Linux port
> > came with source or not.
>
> http://www.truecrypt.org/
>
> "True
* Perry E. Metzger:
> I haven't been following the IPSec mailing lists of late -- can anyone
> who knows details explain what the issue is?
These bugs have been uncovered by a PROTOS-style test suite. Such
test suites can only reveal missing checks for boundary conditions,
leading to out-of-boun
Florian Weimer <[EMAIL PROTECTED]> writes:
>* Perry E. Metzger:
>
>> I haven't been following the IPSec mailing lists of late -- can anyone
>> who knows details explain what the issue is?
>
>These bugs have been uncovered by a PROTOS-style test suite. Such test
>suites can only reveal missing chec
Travis,
Have a look at Karnough Maps, which is a matrix Boolean algebra
reduction technique. I understand that there are more advanced
computational algorithms at this point. But, I believe that they build
off of the principle of adjacency found in a Karnough Map matrix.
Best regards,
--
Mike
--
| > In many cases, the observed time depends both on the input and on some
| > other random noise. In such cases, averaging attacks that use the same
| > input over and over again will continue to work, despite the use of
| > a pseudorandom input-dependent delay. For instance, think of a timing
|
>From: "Travis H." <[EMAIL PROTECTED]>
>Sent: Nov 16, 2005 11:37 PM
>To: David Wagner <[EMAIL PROTECTED]>
>Cc: cryptography@metzdowd.com
>Subject: Re: timing attack countermeasures (nonrandom but unpredictable delays)
...
>I don't follow; averaging allows one to remove random variables from
>the o
The answer you are looking for is Karnaugh logic maps. This will produce
an unoptimized set of gate logic that represents say S-boxes or E-tables.
>From there you can find smaller gate logic compliments that produce the
same logic map. Christopher Abad and I researched this heavily a few
years
At 11:20 AM +0100 11/17/05, Florian Weimer wrote:
These bugs have been uncovered by a PROTOS-style test suite. Such
test suites can only reveal missing checks for boundary conditions,
leading to out-of-bounds array accesses and things like that. In
other words, trivial implementation errors whi
>From: [EMAIL PROTECTED]
>Sent: Nov 16, 2005 12:26 PM
>Subject: Re: the effects of a spy
...
>Remember Clipper? It had an NSA-designed 80-bit encryption
>algorithm. One interesting fact about it was that it appeared to be
>very aggressively designed. Most published algorithms will, for
>examp
Paul Hoffman wrote:
> At 2:29 PM -0500 11/15/05, Steven M. Bellovin wrote:
>> I mostly agree with you, with one caveat: the complexity of a spec can
>> lead to buggier implementations.
>
> Well, then we fully agree with each other. Look at the message formats
> used in the protocols they have atta
13 matches
Mail list logo
