Re: More problems with hash functions

2004-08-25 Thread Daniel Carosone
My immediate (and not yet further considered) reaction to the description of Joux' method was that it might be defeated by something as simple as adding a block counter to the input each time. I any case, I see it as a form of dictionary attack, and wonder whether the same kinds of techniques

Hashes, splints, and PRNGs

2004-09-01 Thread Daniel Carosone
I'm really enjoying the current discussion about hash constructions and splints for current algorithms. I will make one observation in that discussion, which is that the proposal for a Hnew (2n - n) seems a little beyond the scope of a field splint that can be done using existing tools and

Re: entropy depletion

2005-01-27 Thread Daniel Carosone
On Tue, Jan 11, 2005 at 03:48:32PM -0500, William Allen Simpson wrote: 2. set the contract in the read() call such that the bits returned may be internally entangled, but must not be entangled with any other read(). This can trivially be met by locking the device for single read access, and

Re: Is 3DES Broken?

2005-02-02 Thread Daniel Carosone
On Mon, Jan 31, 2005 at 10:38:53PM -0500, Steven M. Bellovin wrote: When using CBC mode, one should not encrypt more than 2^32 64-bit blocks under a given key. That comes to ~275G bits, which means that on a GigE link running flat out you need to rekey at least every 5 minutes, which is

Re: SSL stops credit card sniffing is a correlation/causality myth

2005-06-01 Thread Daniel Carosone
On Tue, May 31, 2005 at 06:43:56PM -0400, Perry E. Metzger wrote: So we need to see a Choicepoint for listening and sniffing and so forth. No, we really don't. Perhaps we do - not so much as a source of hard statistical data, but as a source of hard pain. People making (uninformed or

Re: encrypted tapes (was Re: Papers about Algorithm hiding ?)

2005-06-07 Thread Daniel Carosone
On Tue, Jun 07, 2005 at 07:48:22PM -0400, Perry E. Metzger wrote: It happens because some idiot web designer thought it was a nice look, and their security people are too ignorant or too powerless to stop it, that's why. It has nothing to do with cost. The largest non-bank card issuer in

Re: solving the wrong problem

2005-08-09 Thread Daniel Carosone
On Tue, Aug 09, 2005 at 01:04:10AM +1200, Peter Gutmann wrote: That sounds a bit like unicorn insurance [..] However, this is slightly different from what Perry was suggesting. There seem to be at least four subclasses of problem here: 1. ??? : A solution based on a misunderstanding of what

Re: GnuTLS (libgrypt really) and Postfix

2006-02-16 Thread Daniel Carosone
On Tue, Feb 14, 2006 at 04:26:35PM -0500, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Werner Koch writes: I agree. However the case at hand is a bit different. I can't imagine how any application or upper layer will be able to recover from that error (ENOENT when opening

Re: Creativity and security

2006-03-24 Thread Daniel Carosone
On Thu, Mar 23, 2006 at 08:15:50PM -, Dave Korn wrote: As we all know, when you pay with a credit or debit card at a store, it's important to take the receipt with you [..] So what they've been doing at my local branch of Marks Spencer for the past few weeks is, at the end of the

Re: RSA SecurID SID800 Token vulnerable by design

2006-09-15 Thread Daniel Carosone
On Thu, Sep 14, 2006 at 02:48:54PM -0400, Leichter, Jerry wrote: | The problem is that _because there is an interface to poll the token for | a code across the USB bus_, malicious software can *repeatedly* steal new | token codes *any time it wants to*. This means that it can steal codes |

Re: Seagate announces hardware FDE for laptop and desktop machines

2007-10-03 Thread Daniel Carosone
On Tue, Oct 02, 2007 at 03:50:27PM +0200, Simon Josefsson wrote: Without access to the device (I've contacted Hitachi EMEA to find out if it is possible to purchase the special disks) it is difficult to infer how it works, but the final page of the howto seems strange: ... NOTE: All

Re: Gutmann Soundwave Therapy

2008-02-09 Thread Daniel Carosone
Others have made similar points and suggestions, not picking on this instance in particular: On Mon, Feb 04, 2008 at 02:48:08PM -0700, Martin James Cochran wrote: Additionally, in order to conserve bandwidth you might want to make a trade-off where some packets may be forged with small

Re: Gutmann Soundwave Therapy

2008-02-13 Thread Daniel Carosone
On Mon, Feb 11, 2008 at 07:01:07PM +1300, Peter Gutmann wrote: Daniel Carosone [EMAIL PROTECTED] writes: [...] Particularly for the first point, early validation for packet integrity in general can be a useful defensive tool against unknown potential implementation vulnerabilities