Nullsoft's WASTE communication system

2003-05-31 Thread Bill Stewart - Overview - Security section - Network design - Slashdot discusssion Nullsoft, who did

Re: PGP Encryption Proves Powerful

2003-06-04 Thread Bill Stewart
At 11:38 AM 05/30/2003 -0700, John Young wrote: If the FBI cannot crack PGP that does not mean other agencies with greater prowess cannot. It is unlikely that the capability to crack PGP would be publicly revealed for that would close an invaluable source of information. . Still, it is

Re: PGP Encryption Proves Powerful

2003-06-04 Thread Bill Stewart
At 08:17 AM 06/03/2003 -0700, bear wrote: what he said was with cryptanalysis alone. Rubber-hose methods are not cryptanalysis, and neither is password guessing. Eh? Password guessing certainly is. I'm not aware of a PGP port to the Psion, but at least the Psion 3/3a/3c generation were 8086-like

Re: New vs Old (was Snake Oil)

2003-06-04 Thread Bill Stewart
At 08:53 AM 06/03/2003 -0700, bear wrote: IDEA is still a good cipher as far as I know, but PGP has been driven away from it in the US due to intellectual-property issues. Rather than continue with incompatible versions for use inside/outside the USA, they're switching to CAST (although this is

Re: Maybe It's Snake Oil All the Way Down

2003-06-04 Thread Bill Stewart
At 11:38 AM 06/03/2003 -0400, Ian Grigg wrote: I (arbitratrily) define the marketplace for SSL as browsing. ... There, we can show statistics that indicate that SSL has penetrated to something slightly less than 1% of servers. For transmitting credit card numbers on web forms, I'd be surprised if

Attacking networks using DHCP, DNS - probably kills DNSSEC

2003-06-28 Thread Bill Stewart
Somebody did an interesting attack on a cable network's customers. They cracked the cable company's DHCP server, got it to provide a Connection-specific DNS suffic pointing to a machine they owned, and also told it to use their DNS server. This meant that when your machine wanted to look up

Re: Attacking networks using DHCP, DNS - probably kills DNSSEC

2003-06-29 Thread Bill Stewart
At 11:15 PM 06/28/2003 -0400, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Bill Stewart writes: This looks like it has the ability to work around DNSSEC. Somebody trying to verify that they'd correctly reached would instead verify that they'd correctly reached

Re: Attacking networks using DHCP, DNS - probably kills DNSSEC

2003-06-30 Thread Bill Stewart
At 11:49 PM 06/29/2003 +0200, Simon Josefsson wrote: No, I believe only one of the following situations can occur: * Your laptop see and uses the name, and the DNS server translate them into If your laptop knows the DNSSEC root key, the attacker

Re: Is cryptography where security took the wrong branch?

2003-09-07 Thread Bill Stewart
Ian Grigg wrote: Pretty much. Trust in the certificate world means that a CA has authorised a web server to conduct crypto stuff. and James Donald and Lynn Wheeler also brought up the issues of who's certifying what, True Names, etc. SSL certs are really addressing (I won't say solving, exactly)

Re: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Bill Stewart
Trei, Peter wrote: Why the heck would a government agency have to break the GSM encryption at all? The encryption is only on the airlink, and all GSM calls travel through the POTS land line system in the clear, where they are subject to warranted wiretaps. Breaking GSM is only of useful if you

Re: New authentication protocol, was Re: Tinc's response to 'Linux's answer to MS-PPTP'

2003-09-30 Thread Bill Stewart
=Step 1: Exchange ID messages. An ID message contains the name of the tinc daemon which sends it, the protocol version it uses, and various options (like which cipher and digest algorithm it wants to use). By name of the tinc daemon, do you mean identification information? That data

Re: New authentication protocol, was Re: Tinc's response to 'Linux's answer to MS-PPTP'

2003-09-30 Thread Bill Stewart
If we use RSA encryption, then both sides know their message can only be received by the intended recipient. If we use RSA signing, then we both sides know the message they receive can only come from the assumed sender. For the purpose of tinc's authentication protocol, I don't see the

RE: Open Source Embedded SSL - (License and Memory)

2003-11-29 Thread Bill Stewart
[Moderator's note: I'd really like to shut down the What license? debate --Perry] At 12:52 AM 11/27/2003 -0800, J Harper wrote: 1) Not GPL or LPGL, please. I'm a fan of the GPL for most things, but for embedded software, especially in the security domain, it's a killer. I'm supposed to allow

Re: Open Source Embedded SSL - Export Questions

2003-11-29 Thread Bill Stewart
At 02:45 PM 11/27/2003 +1100, Greg Rose wrote: At 12:27 PM 11/27/2003, Thor Lancelot Simon wrote: RC4 is extremely weak for some applications. A block cipher is greatly preferable. I'm afraid that I can't agree with this howling logical error. RC4 is showing its age, but there are other stream

Re: example: secure computing kernel needed

2003-12-14 Thread Bill Stewart
At 02:41 PM 12/14/2003 +, Dave Howe wrote: Paul A.S. Ward wrote: I'm not sure why no one has considered the PC banking problem to be a justification for secure computing. Specifically, how does a user know their computer has not been tampered with when they wish to use it for banking

Re: Difference between TCPA-Hardware and a smart card (was: example:secure computing kernel needed)

2003-12-22 Thread Bill Stewart
At 09:38 AM 12/16/2003 -0500, Ian Grigg wrote: In the late nineties, the smart card world worked out that each smart card was so expensive, it would only work if the issuer could do multiple apps on each card. That is, if they could share the cost with different uses (or users). Of course, at

Re: Microsoft publicly announces Penny Black PoW postage project

2003-12-29 Thread Bill Stewart
At 09:37 PM 12/26/2003 -0500, Adam Back wrote: The 2nd memory [3] bound paper (by Dwork, Goldber and Naor) finds a flaw in in the first memory-bound function paper (by Adabi, Burrows, Manasse, and Wobber) which admits a time-space trade-off, proposes an improved memory-bound function and also in

Re: [camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project

2003-12-31 Thread Bill Stewart
At 07:46 PM 12/30/2003 +, Richard Clayton [EMAIL PROTECTED] wrote: [what about mailing lists] Obviously you'd have to whitelist anybody's list you're joining if you don't want your spam filters to robo-discard it. moan I never understand why people think spam is a technical problem :( let

Re: The future of security

2004-06-02 Thread Bill Stewart
At 05:15 AM 6/2/2004, Ben Laurie wrote: SPF will buy me one thing forever: I won't get email telling me I sent people spam and viruses. Unfortunately, that won't work for me. My email address is at, the mail forwarding service where the main proponent of SPF works, but my SMTP service

Re: Using crypto against Phishing, Spoofing and Spamming...

2004-07-28 Thread Bill Stewart
At 03:20 AM 7/18/2004, Enzo Michelangeli wrote: Can someone explain me how the phishermen escape identification and prosecution? Gaining online access to someone's account allows, at most, to execute wire transfers to other bank accounts: but in these days anonymous accounts are not exactly easy

Re: Cryptome on ABC Evening News?

2004-08-17 Thread Bill Stewart
forgotten the derivation of VH coordinates... Bill Stewart [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: First quantum crypto bank transfer

2004-08-22 Thread Bill Stewart
At 01:00 PM 8/21/2004, Florian Weimer wrote: However, I still don't believe that quantum cryptography can buy you anything but research funding (and probably easier lawful intercept because end-to-end encryption is so much harder). I agree that it doesn't look useful, but lawful intercept is

Re: First quantum crypto bank transfer

2004-08-24 Thread Bill Stewart
At 02:02 AM 8/23/2004, Florian Weimer wrote: * Bill Stewart: I agree that it doesn't look useful, but lawful intercept is harder, if you're defining that as undetected eavesdropping with possible cooperation of the telco in the middle, because quantum crypto needs end-to-end fiber so there's

Re: ?splints for broken hash functions

2004-09-06 Thread Bill Stewart
how about this simpler construction? (IV1) - B1 - B2 - B3 - ... Bk - H1 (IV2) - B1 - B2 - B3 - ... Bk - H2 This approach and the cache Block 1 until the end approach are both special-case versions of maintain more state attacks. This special case maintains 2*(size of hash output) bits of

Re: Compression theory reference?

2004-09-06 Thread Bill Stewart
-bit messages. Therefore 512 = 1024. Bear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] Bill Stewart [EMAIL PROTECTED

Re: potential new IETF WG on anonymous IPSec

2004-09-11 Thread Bill Stewart
that information at the same time. Bill Stewart [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: potential new IETF WG on anonymous IPSec

2004-09-13 Thread Bill Stewart
enough at them to do the work of running a MITM attack? Encryption against passive eavesdroppers makes password-stealing and traffic analysis harder, so it's probably worth the risk, but that wasn't the choice that FreeSWAM made. Bill Stewart [EMAIL PROTECTED

Re: public-key: the wrong model for email?

2004-09-17 Thread Bill Stewart
At 10:19 PM 9/15/2004, Ed Gerck wrote: Yes, PKC provides a workable solution for key distribution... when you look at servers. For email, the PKC solution is not workable (hasn't been) and gives a false impression of security. For example, the sender has no way of knowing if the recipient's key is

Re: Linux-based wireless mesh suite adds crypto engine support

2004-09-29 Thread Bill Stewart
you've got complete documentation, even if Ken Thompson wasn't helping write your compilers. Bill Stewart At 05:21 AM 9/25/2004, R. A. Hettinga wrote: ... Sep. 24, 2004 The first commercial software product to exploit the cryptographic

Re: Linux-based wireless mesh suite adds crypto engine support

2004-10-04 Thread Bill Stewart
been leaked for the passive eavesdropper. Bill Stewart [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Printers betray document secrets

2004-10-21 Thread Bill Stewart
then, inkjet printers are dirt cheap; when they're on sale, they're essentially a free enclosure in a box of overpriced printer cartridges, so even of the printer wants to rat out the user and it's not easy to change the serial number PROM, you can just replace the printer. Bill Stewart [EMAIL

Re: Are new passports [an] identity-theft risk?

2004-10-28 Thread Bill Stewart
. It doesn't take a lot of power to power them; not sure what it takes to fry them. Bill Stewart [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

RE: Banks Test ID Device for Online Security

2005-01-05 Thread Bill Stewart
transaction, but that's too annoying for most customers. Bill Stewart [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Encryption plugins for gaim

2005-03-20 Thread Bill Stewart
At 10:19 PM 3/13/2005, Adam Fields wrote: Given what may or may not be recent ToS changes to the AIM service, I've recently been looking into encryption plugins for gaim. AOL says that the ToS bits are only for things like chatrooms; user-to-user AIM traffic doesn't even go through their servers.

Re: how email encryption should work

2005-05-20 Thread Bill Stewart
new address and new key, but that seems a bit awkward, since you need a convenient way to include the new keys for people who whitelist you or who you only want to send encrypted mail to. Thanks; Bill Stewart

Re: Papers about Algorithm hiding ?

2005-06-06 Thread Bill Stewart
At 01:14 PM 6/3/2005, [EMAIL PROTECTED] wrote: I think we are already in a state where practically everybody that has a computer has crypto available, and it's not difficult to use it! Of course they have it - the problem is having crypto in a way that's not suspicious, and suspicious is

Re: AES cache timing attack

2005-06-25 Thread Bill Stewart
At 02:44 AM 6/20/2005, Peter Gutmann wrote: Stephan Neuhaus [EMAIL PROTECTED] writes: Concerning the practical use of AES, you may be right (even though it would be nice to have some advice on what one *should* do instead). Would switching to triple-AES (or double-AES) or something help? Yeah,

Re: the limits of crypto and authentication

2005-07-12 Thread Bill Stewart
At 09:29 PM 7/9/2005, Perry E. Metzger wrote: The Blue Card, so far as I can tell, was poorly thought out beyond its marketing potential. I knew some folks at Amex involved in the development of the system, and I did not get the impression they had much of a coherent idea of what the

Re: ISAKMP flaws?

2005-11-30 Thread Bill Stewart
At 06:56 PM 11/18/2005, William Allen Simpson wrote: | tromped around the office singing, Every bit is sacred / Every bit | is great / When a bit is wasted / Phil gets quite irate. | Consider this to be one of the prime things to correct. Personally, | I think that numbers should never

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-08 Thread Bill Stewart
, they don't appear to state a policy of always digitally signing all transactions, so I'm a bit concerned beyond the more blatant phishing risks. Thanks; Bill Stewart - The Cryptography Mailing List Unsubscribe

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-10 Thread Bill Stewart
At 09:40 AM 12/8/2005, Aram Perez wrote: On Dec 7, 2005, at 10:24 PM, James A. Donald wrote: Software is cheaper than boats - the poorest man can afford the strongest encryption, but he cannot afford the strongest boat. If it is that cheap, then why are we having this discussion? Why isn't

Re: crypto for the average programmer

2005-12-18 Thread Bill Stewart
At 03:34 PM 12/14/2005, [EMAIL PROTECTED] wrote: An application programmer who is using PKCS1 doesn't even need to know the small amount of ASN.1 in the spec... libraries that implement RSA PKCS1 take care of the ASN.1 for the programmer. This is in fact one reason that ASN.1 exploits have

Re: A small editorial about recent events.

2005-12-18 Thread Bill Stewart
At 10:58 AM 12/18/2005, Perry E. Metzger wrote: The President claims he has the prerogative to order such surveillance. The law unambiguously disagrees with him. There are minor exceptions in the law, but they clearly do not apply in this case. They cover only the 15 days after a declaration of

Re: another feature RNGs could provide

2005-12-22 Thread Bill Stewart
Good ciphers aren't permutations, though, are they? Because if they were, they'd be groups, and that would be bad. Actually, by definition, a cipher should be a permutation from the set of plaintexts to the set of ciphertexts. It has to be 1 to 1 bijective or it isn't an encryption

Re: EDP (entropy distribution protocol), userland PRNG design

2006-02-08 Thread Bill Stewart
At 01:01 AM 2/4/2006, Travis H. wrote: Assume further that it is not cost-effective to furnish each with a HWRNG, even one as inexpensive as a sound card (for example, they may not have a spare slot on the motherboard nor built-in sound). ... Suppose that /dev/random is too slow (SHA-1 was never

Re: NPR : E-Mail Encryption Rare in Everyday Use

2006-03-01 Thread Bill Stewart
Somebody, probably Florian, wrote: I couldn't find a PGP key server operator that committed itself to keeping logs confidential and deleting them in a timely manner (but I didn't look very hard, either). Keyservers are a peripheral issue in PGP - important for convenience and for quick

Re: bounded storage model - why is R organized as 2-d array?

2006-03-10 Thread Bill Stewart
At 10:37 AM 3/9/2006, Chris Palmer wrote: Right, but even though a 1.5GHz machine is a bit old (heh...) for a workstation, my dinky little Linksys WRT54GC wireless AP still needs to AES-encrypt a theoretical maximum of 54Mbps when I turn on WPA. Unless you're using your Linksys for

Re: VoIP and phishing

2006-04-29 Thread Bill Stewart
There are two sides to the voice phishing here - - getting the target to call a phone number you've emailed him - using cheap voice calls to call the target with your offer. VOIP doesn't affect the former case much, since the target is paying for the call, but it does separate callee geography

Re: Hamiltonian path as protection against DOS.

2006-08-16 Thread Bill Stewart
Crypto is usually about economics and scalability. If you're doing this for DOS/DDOS prevention, you don't need the NP-completeness perfection you get from Hamiltonian paths or similar problems - SHA is fine, or any other hash that's quick to verify and hard to reverse. Even MD5 is probably

Public Key Cryptography 30th Anniversary Event - 10/26, Mountain View CA

2006-09-21 Thread Bill Stewart
From: Computer History Museum [EMAIL PROTECTED] Subject: Public Key Cryptography 30th Anniversary Event - October 26 Celebrating 30 years of Public Key Cryptography (PKC) Join the Computer History Museum for a special public event celebrating 30 years of public key cryptography. This memorable

Cypherpunks make the OED :-)

2006-11-06 Thread Bill Stewart
James Gleick's NYT article on the OED mentions cypherpunk among the words recently added to the dictionary. The page requires registration to access, though there are enough popular pseudonyms that have done so; I don't know

Re: cellphones as room bugs

2006-12-11 Thread Bill Stewart
At 11:26 AM 12/9/2006, Daniel F. Fisher wrote: Ian Farquhar (ifarquha) wrote The other problem for this technique is battery life. Suppose this worked by recording from mic to memory and then transmitting later. This leads to a bunch of questions: By what factor could transmission

Re: Private Key Generation from Passwords/phrases

2007-01-19 Thread Bill Stewart
At 01:55 PM 1/18/2007, John Denker wrote: We would be better off maintaining just the one technical definition of entropy, namely S = sum_i P_i log(1/P_i). If you want to talk about something else, call it something else ... or at least make it clear that you are using the term in a nontechnical

Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?

2007-01-19 Thread Bill Stewart
As far as Full Disk Encryption's usefulness as a term goes, I'd distinguish between several different kinds of applications for encrypting the contents of a disk 1 - The disk drive or maybe disk controller card (RAID, SCSI, etc.) encrypts all the bits written to the drive and

Re: Private Key Generation from Passwords/phrases

2007-01-24 Thread Bill Stewart
With 4K possible salts, you'd need a very large password file to have more than a very few collisions, Definition of very large can vary. (alliteration intended).[...] UCSD has maybe 60,000 active users. I think very large is very common in the University environment. Different decade,

Re: 128 bit number T-shirt?

2007-05-02 Thread Bill Stewart
I'd like one with Wearing an integer is not circumvention. on the back or some such. :) Large Integers are Not A Crime :-) On the other hand, isn't the key really an MD5 hash of some haiku about OK, so we know that DVD-CSS was Just Not Good Enough ?

RE: Russian cyberwar against Estonia?

2007-05-21 Thread Bill Stewart
At 01:04 PM 5/18/2007, Trei, Peter wrote: If the Russians aren't behind this, who else should be suspected? It isn't like Estonia has a wide selection of enemies. :-) There are three likely suspects - the actual Russian government (or some faction thereof) - Russian Mafia for whatever reasons

Re: Quantum Cryptography

2007-06-30 Thread Bill Stewart
At 08:51 AM 6/28/2007, Alexander Klimov wrote: I suspect there are two reasons for QKD to be still alive. First of all, the cost difference between quantum and normal approaches is so enormous that a lot of ignorant decision makers actually believe that they get something extra for this money.

Re: How the Greek cellphone network was tapped.

2007-07-16 Thread Bill Stewart
At 10:59 PM 7/9/2007, Florian Weimer wrote: Uh-oh, no. The protocol characteristics don't change depending on who is selling you the device. Of course they do, at least in the US, where the mobile phones are generally carrier-specific, often locked, and generally don't have open designs. In

Re: How the Greek cellphone network was tapped.

2007-07-19 Thread Bill Stewart
At 07:37 AM 7/12/2007, Eric Cronin wrote: With current CPUs and audio codecs you can get decent voice quality over 9600bps. Yes and no. There are lots of 8kbps codecs, and some 6.5 and 5.3kbps codecs, all off which give acceptable voice quality if transmission's ok. (And you can reduce

RE: Trillian Secure IM

2007-10-12 Thread Bill Stewart
| Which is by the way exactly the case with SecureIM. How | hard is it to brute-force 128-bit DH ? My guesstimate | is it's an order of minutes or even seconds, depending | on CPU resources. Sun's Secure NFS product from the 1980s had 192-bit Diffie-Hellman, and a comment in one of the

Re: 2008: The year of hack the vote?

2007-12-30 Thread Bill Stewart
Dan wrote: Let's not do this or we'll have to talk about JF Kennedy who, at least, bought his votes with real money. That's because Democrats had become more professional, and the tradition of buying votes with whiskey only works for the retail level, not wholesale. Dan also wrote: May I

Re: Botnets on Unix

2008-01-20 Thread Bill Stewart
At 11:04 AM 1/18/2008, Ray Dillinger wrote: More than half the servers on the Internet - the very most desirable machines for botnet operators, because they have huge storage and huge bandwidth - run some form of Unix, and yet, since 1981 and the Morris Worm, you've never heard of a botnet

Re: Changes in Russian licensing of cryptraghical tools

2008-01-21 Thread Bill Stewart
At 12:23 AM 1/20/2008, Alexander Klimov wrote: Given what is required to get a license (for example, 4.b in the first document, says that one must have people trained in information security), I guess the new law is not supposed to limit use of cryptography by ordinary people, but to limit

Re: Toshiba shows 2Mbps hardware RNG

2008-02-10 Thread Bill Stewart
At 07:02 PM 2/9/2008, Peter Gutmann wrote: I've always wondered why RNG speed is such a big deal for anything but a few highly specialised applications. For security use you've got two options: 1. Use it with standard security protocols, in which case you need all of 128 or so bits every now

Re: On the randomness of DNS

2008-07-31 Thread Bill Stewart
Ben wrote: But just how GREAT is that, really? Well, we don' t know. Why? Because there isn't actually a way test for randomness. Your DNS resolver could be using some easily predicted random number generator like, say, a linear congruential one, as is common in the rand() library

Re: combining entropy

2008-10-29 Thread Bill Stewart
This isn't enough. Somehow, you have to state that the values emitted on demand in any given round i (where a round consists of exactly one demand on all N member and produces a single output result) cannot receive any input from any other members. Otherwise, if N=2 and member 0 produces true

Re: the skein hash function

2008-10-30 Thread Bill Stewart
Eugen Leitl and Stephan Somogyi [EMAIL PROTECTED] wrote about the Skein hash function announcement. One thing I noticed on a first read-through was a discussion of speed for ASICs vs.

Re: Proof of Work - atmospheric carbon

2009-01-31 Thread Bill Stewart
At 10:40 AM 1/30/2009, Thomas Coppi wrote: Just out of curiosity, does anyone happen to know of any documented examples of a botnet being used for something more interesting than just sending spam or DDoS? There are good botnets and bad botnets. Good ones ask you if you want to join, bad ones

Re: XML signature HMAC truncation authentication bypass

2009-07-29 Thread Bill Stewart
At 05:11 PM 7/27/2009, Jon Callas wrote: By the way, do you think it's safe to phase out MD5? That will break all the PGP 2 users. Depends - if you're only replacing it with SHA-1, it's probably not worthwhile.. And if you're breaking things anyway, might as well replace most of the

Re: Possibly questionable security decisions in DNS root management

2009-10-25 Thread Bill Stewart
At 12:14 PM 10/22/2009, David Wagner wrote: Back to DNSSEC: The original criticism was that DNSSEC has covert channels. So what? If you're connected to the Internet, covert channels are a fact of life, DNSSEC or no. The added risk due to any covert channels that DNSSEC may enable is somewhere

Re: A mighty fortress is our PKI, Part II

2010-07-31 Thread Bill Stewart
At 07:16 AM 7/28/2010, Ben Laurie wrote: SSH does appear to have got away without revocation, though the nature of the system is s.t. if I really wanted to revoke I could almost always contact the users and tell them in person. This doesn't scale very well to SSL-style systems. Unfortunately,

Re: 2048-bit RSA keys

2010-08-16 Thread Bill Stewart
At 01:54 PM 8/16/2010, Perry E. Metzger wrote: On Mon, 16 Aug 2010 12:42:41 -0700 Paul Hoffman wrote: At 11:35 AM +1000 8/16/10, Arash Partow wrote: Just out of curiosity, assuming the optimal use of today's best of breed factoring algorithms - will there be enough

Re: Haystack (helping dissidents?)

2010-09-29 Thread Bill Stewart On Thu, Sep 16, 2010 at 04:49:19PM +, M.R. wrote: | I said (something like) this when Haystack first appeared on this | list... | | Words dissidents and oppressive regimes have no place in | serious discussions among cryptographers. Once we start assigning | ethical

Stanford 10/7/2010 -- Lessons from the Haystack Affair

2010-09-29 Thread Bill Stewart
Potentially interesting lecture if you're in the Bay Area From: Reply-To: Subject: Liberation Technology 10/7/2010 -- Lessons from the Haystack Affair Date: Mon, 27 Sep 2010 13:40:55 -0700 (PDT) STANFORD FREEMAN SPOGLI INSTITUTE FOR INTERNATIONAL

Re: [Cryptography] Using Raspberry Pis

2013-08-27 Thread Bill Stewart
Custom built hardware will probably be the smartest way to go for an entrepreneur trying to sell these in bulk to people as home gateways anyway Meanwhile, while Phill may have spent $25 for a USB Ethernet, I frequently see them on sale for $10 and sometimes $5.

Re: [Cryptography] IPv6 and IPSEC

2013-09-03 Thread Bill Stewart
At 01:53 PM 8/29/2013, Taral wrote: Oh, wait. I misread the requirement. This is a pretty normal requirement -- your reverse DNS has to be valid. So if you are 3ffe::2, and that reverses to, then better resolve to 3ffe::2. For IPv4, that's a relatively normal

Re: [Cryptography] FIPS, NIST and ITAR questions

2013-09-04 Thread Bill Stewart
At 03:06 PM 9/3/2013, Jerry Leichter wrote: On Sep 3, 2013, at 3:16 PM, Faré wrote: Can't you trivially transform a hash into a PRNG, a PRNG into a cypher, and vice versa? No. [...] I don't actually know if there exists a construction of a PRNG from a cryptographically

Re: [Cryptography] In the face of cooperative end-points, PFS doesn't help

2013-09-07 Thread Bill Stewart
At 06:49 PM 9/6/2013, Marcus D. Leech wrote: It seems to me that while PFS is an excellent back-stop against NSA having/deriving a website RSA key, it does *nothing* to prevent the kind of cooperative endpoint scenario that I've seen discussed in other forums, prompted by the latest

Re: [Cryptography] Why prefer symmetric crypto over public key crypto?

2013-09-07 Thread Bill Stewart
On 7/09/13 09:05 AM, Jaap-Henk Hoepman wrote: Public-key cryptography is less well-understood than symmetric-key cryptography. It is also tetchier than symmetric-key crypto, and if you pay attention to us talking about issues with nonces, counters, IVs, chaining modes, and all that, you see

Re: [Cryptography] Bruce Schneier has gotten seriously spooked

2013-09-08 Thread Bill Stewart
At 12:09 PM 9/7/2013, Chris Palmer wrote: On Sat, Sep 7, 2013 at 1:33 AM, Brian Gladman wrote: Why would they perform the attack only for encryption software? They could compromise people's laptops by spiking any popular app. Because NSA and GCHQ are much more

Re: [Cryptography] People should turn on PFS in TLS (was Re: Fwd: N.S.A. Foils Much Internet Encryption)

2013-09-11 Thread Bill Stewart
At 10:39 AM 9/11/2013, Phillip Hallam-Baker wrote: Perfect Forward Secrecy is not perfect. In fact it is no better than regular public key. The only difference is that if the public key system is cracked then with PFS the attacker has to break every single key exchange and not just the keys in

Re: [Cryptography] Thoughts on hardware randomness sources

2013-09-14 Thread Bill Stewart
At 08:32 PM 9/13/2013, Jerry Leichter wrote: If by server you mean one of those things in a rack at Amazon or Google or Rackspace - power consumption, and its consequence, cooling - is *the* major issue these days. Also, the servers used in such data centers don't have multiple free USB

Re: [Cryptography] real random numbers

2013-09-14 Thread Bill Stewart
At 10:04 AM 9/12/2013, John Denker wrote: Quantum noise is the low-temperature asymptote, and thermal noise is the high-temperature asymptote of the /same/ physical process. So ... could we please stop talking about radioactive random number generators and quantum random number generators?

Re: [Cryptography] TLS2

2013-10-01 Thread Bill Stewart
At 02:27 PM 9/30/2013, James A. Donald wrote: On 2013-09-30 18:02, Adam Back wrote: If we're going to do that I vote no ASN.1, and no X.509. Just BNF format like the base SSL protocol; Granted that ASN.1 is incomprehensible and horrid, but, since there is an ASN.1 compiler that generates C

Re: [Cryptography] AES-256- More NIST-y? paranoia

2013-10-08 Thread Bill Stewart
On Oct 4, 2013, at 12:20 PM, Ray Dillinger wrote: So, it seems that instead of AES256(key) the cipher in practice should be AES256(SHA256(key)). Is it not the case that (assuming SHA256 is not broken) this defines a cipher effectively immune to the related-key attack? So you're