Re: another feature RNGs could provide

2005-12-27 Thread David Malone
On Tue, Dec 27, 2005 at 03:26:59AM -0600, Travis H. wrote: On 12/26/05, Ben Laurie [EMAIL PROTECTED] wrote: Surely if you do this, then there's a meet-in-the middle attack: for a plaintext/ciphertext pair, P, C, I choose random keys to encrypt P and decrypt C. If E_A(P)=D_B(C), then your

Re: another feature RNGs could provide

2005-12-28 Thread David Malone
On Tue, Dec 27, 2005 at 11:34:15PM +, Ben Laurie wrote: If you don't have sufficient plain/ciphertext, then of course you can choose incorrect pairs. Yep - that's my point. The thing to note is that for an arbitrary permutation, knowing the image of n plaintexts tells you (almost) nothing

Re: Linux RNG paper

2006-03-23 Thread David Malone
On Thu, Mar 23, 2006 at 01:55:30AM -0600, Travis H. wrote: It's annoying that the random number generator code calls the unpredictable stuff entropy. It's unpredictability that we're concerned with, and Shannon entropy is just an upper bound on the predictability. Unpredictability cannot be

Re: Entropy Definition (was Re: passphrases with more than 160 bits of entropy)

2006-03-27 Thread David Malone
On Sat, Mar 25, 2006 at 07:26:51PM -0500, John Denker wrote: Executive summary: Small samples do not always exhibit average behavior. That's not the whole problem - you have to be looking at the right average too. For the long run encodability of a set of IID symbols produced with probability

Re: statistical inferences and PRNG characterization

2006-05-22 Thread David Malone
On Fri, May 19, 2006 at 06:51:55AM -0500, Travis H. wrote: As I understand it, when looking at output, one can take a hypothetical source model (e.g. P(0) = 0.3, P(1) = 0.7, all bits independent) and come up with a probability that the source may have generated that output. One cannot,

Re: open source disk crypto update

2007-04-26 Thread David Malone
On Wed, Apr 25, 2007 at 03:32:43PM -0500, Travis H. wrote: I think a simple evolution would be to make /boot and/or /root on removable media (e.g. CD-ROM or USB drive) so that one could take it with you. Marc Schiesser gave a tutorial at EuroBSDcon 2005 on encrypting the whole hard drive on

Irish blood donor records

2008-02-21 Thread David Malone
It seems that disk containing records of the Irish Blood Transfusion service seems to have been stolen in New York: http://www.rte.ie/news/2008/0219/blood.html Thankfully, the data was encrypted. The head of the IBTS said on the news that there was a remote possibility of access, roughly

Re: Firewire threat to FDE

2008-03-21 Thread David Malone
On Wed, Mar 19, 2008 at 02:25:36PM -0400, Leichter, Jerry wrote: [This has been thrashed out on other lists.] Just how would that help? As I understand it, Firewire and PCMCIA provide a way for a device to access memory directly. The OS doesn't have to do anything - in fact, it *can't* do

Re: work factor calculation for brute-forcing crypto

2009-07-19 Thread David Malone
On Fri, Jul 17, 2009 at 01:37:43PM -0500, travis+ml-cryptogra...@subspacefield.org wrote: I'm curious if there's a way to express this calculation as a mathematical formula, rather than an algorithm, but right now I'm just blanking on how I could do it. This has been dubbed the guesswork of a