On Thursday,2009-08-27, at 19:14 , James A. Donald wrote:
Zooko Wilcox-O'Hearn wrote:
Right, and if we add algorithm agility then this attack is
possible even if both SHA-2 and SHA-3 are perfectly secure!
Consider this variation of the scenario: Alice generates a
filecap and gives it to Bo
On Aug 31, 2009, at 13:20, Jerry Leichter wrote:
It can “...intercept all audio data coming and going to the Skype
process.”
Interesting, but is this a novel idea? As far as I can see, the
process intercepts the audio before it reaches Skype and after it has
left Skype. Isn't that the sa
Darren J Moffat asks:
> Ignoring performance for now what is the consensus on the suitabilty of
> using AES-GMAC not as MAC but as a hash ?
>
> Would it be safe ?
>
> The "key" input to AES-GMAC would be something well known to the data
> and/or software.
No, I don't think this would work. In g
On Aug 28, 2009, at 8:25 PM, R.A. Hettinga wrote:
...and now GPG.
So, Snow Leopard is crypto-less?
To be strictly accurate, the problem is with GPGMail, the plugin that
integrates GPG with Apple's Mail application (as Mail internals
changed significantly between Leopard and Snow Leopa
Hal Finney wrote:
Darren J Moffat asks:
Ignoring performance for now what is the consensus on the suitabilty of
using AES-GMAC not as MAC but as a hash ?
Would it be safe ?
The "key" input to AES-GMAC would be something well known to the data
and/or software.
No, I don't think this would
On Thu, Aug 27, 2009 at 8:45 AM, Darren J Moffat wrote:
>
> Ignoring performance for now what is the consensus on the suitabilty of using
> AES-GMAC not as MAC but as a hash ?
>
> Would it be safe ?
>
> The "key" input to AES-GMAC would be something well known to the data and/or
> software.
>
> T
http://blogs.zdnet.com/storage/?p=565
"NSA spooks gather for a colleague’s retirement party at a bar. What
they don’t know is that an RFID scanner is picking them out - and a
wireless Bluetoothwebcam is taking their picture.
Could that really happen? It already did.
(The Feds got a taste
Hi all,
I have implemented RNG using AES algorithm in CTR mode.
To test my implementation I needed some test vectors.
How ever I searched on the CSRC site, but found the test vectors for AES_CBC
not for AES CTR.
Please can any one tell me where to look for the test vectors to test RNG
using
On Aug 26, 2009, at 6:26 AM, Ben Laurie wrote:
On Mon, Aug 10, 2009 at 6:35 PM, Peter Gutmann> wrote:
More generally, I can't see that implementing client-side certs
gives you much
of anything in return for the massive amount of effort required
because the
problem is a lack of server auth, n
So How Do You Manage Your Keys Then, part 3 of 5
In part one of this series [1] I described how Tahoe-LAFS combines
decryption, integrity-checking, identification, and access into one
bitstring, called an "immutable file read-cap" (short for
"capability"). In part two [2] I described how u
Steven Bellovin wrote:
This returns us to the previously-unsolved UI problem: how -- with
today's users, and with something more or less like today's browsers
since that's what today's users know -- can a spoof-proof password
prompt be presented?
When the user clicks on a button generated by
Steven Bellovin writes:
>This returns us to the previously-unsolved UI problem: how -- with today's
>users, and with something more or less like today's browsers since that's
>what today's users know -- can a spoof-proof password prompt be presented?
Good enough to satisfy security geeks, no, be
Begin forwarded message:
From: Radu Sion
Date: September 4, 2009 12:14:45 PM GMT-04:00
To: fc-annou...@ifca.ai
Subject: [fc-announce] Financial Crypto and Data Security 2010:
speakers and workshops [submission deadline: September 15, 2009]
Financial Cryptography and Data Security
Tenerife
13 matches
Mail list logo
