Re: Nullsoft's WASTE communication system

2003-06-04 Thread Steven M. Bellovin
The AP wire reports that the founder of Nullsoft, Justin Frankel, plans to resign in the wake of WASTE being pulled. http://www.nytimes.com/aponline/technology/AP-AOL-Nullsoft.html --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com

Re: Pre-cursor to Non-Secret Encryption

2003-06-18 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], John Young writes: Related: We have a three-year-old FOIA request to NSA for information on: The invention, discovery and development of non-secret encryption (NSE) and public key cryptography (PKC) by United Kingdom, United States, or any other nation's

Re: authentication and ESP

2003-06-20 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], martin f krafft writes : As far as I can tell, IPsec's ESP has the functionality of authentication and integrity built in: RFC 2406: 2.7 Authentication Data The Authentication Data is a variable-length field containing an Integrity Check Value (ICV)

Re: New toy: SSLbar

2003-06-24 Thread Steven M. Bellovin
It's a toolbar for Mozilla (and related web browsers) that automatically displays the SHA1 or MD5 fingerprint of the SSL certificate when you visit an SSL secured web site. You could of course click the little padlock icon and dig through a couple of dialogs to see it, but it's much easier

Re: New toy: SSLbar

2003-06-25 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Ian Grigg writes: Also, to impune the plug-in arrangement is to impune all plug-ins, and to impune the download from an unknown is to impune all downloads from unknowns. Sounds about right... ... I.e., download this fantastic tool which just so annoyingly

Re: Attacking networks using DHCP, DNS - probably kills DNSSEC

2003-06-29 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Bill Stewart writes: Somebody did an interesting attack on a cable network's customers. They cracked the cable company's DHCP server, got it to provide a Connection-specific DNS suffic pointing to a machine they owned, and also told it to use their DNS server. This

Re: Attacking networks using DHCP, DNS - probably kills DNSSEC

2003-06-30 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Simon Josefsson writes: Of course, everything fails if you ALSO get your DNSSEC root key from the DHCP server, but in this case you shouldn't expect to be secure. I wouldn't be surprised if some people suggest pushing the DNSSEC root key via DHCP though, because

Re: Attacking networks using DHCP, DNS - probably kills DNSSEC NOT

2003-06-30 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Simon Josefsson writes: Bill Stewart [EMAIL PROTECTED] writes: * Your laptop see and uses the name yahoo.com.attackersdomain.com. You may be able to verify this using your DNSSEC root key, if the attackersdomain.com people have set up DNSSEC for their spoofed

Re: Monoculture

2003-10-01 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Perry E. Metzger writes: Unfortunately, those parts are rather dangerous to omit. 0) If you omit the message authenticator, you will now be subject to a range of fine and well documented cut and paste attacks. With some ciphers, especially stream ciphers,

Re: anonymous DH MITM

2003-10-03 Thread Steven M. Bellovin
move. You have to be careful how you apply it; sometimes, there are attacks. See Steven M. Bellovin and Michael Merritt, An Attack on the Interlock Protocol When Used for Authentication, in IEEE Transactions on Information Theory 40:1, pp. 273-275, January 1994, http://www.research.att.com/~smb

Re: A-B-a-b encryption

2003-11-17 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Perry E.Metzger writes: Hmm. You need a cipher such that given B(A(M)) and A you can get B(M). I know of only one with that property -- XOR style stream ciphers. Unfortunately that makes for a big flaw, so I'm not sure we should throw out our Diffie-Hellman

Re: Open Source Embedded SSL - Export Questions

2003-11-26 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], J Harper writes: SSLv3 protocol implementation Simple ASN.1 parsing Cipher suites: TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA I understand the need to conserve space; that said, I strongly urge you to consider AES as

Re: Problems with GPG El Gamal signing keys?

2003-12-01 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Anton Stiglic writes : By the way, is the paper by Phong Q. Nguyen describing the vulnerability available somewhere? This note appeared on the IETF OpenPGP mailing list. -- Subject: Re: Removing Elgamal signatures From: David Shaw [EMAIL PROTECTED] Date: Mon, 1

Re: yahoo to use public key technology for anti-spam

2003-12-07 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], bear writes: But you should be sending mails via *your* SMTP server, and should be connecting to that SMTP server using SSL and authentication. Open relays encourage spam. People shouldn't be relaying mail via just any SMTP server. This is generally how I work

Re: The future of security

2004-05-25 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Ian Grigg writes: Security architects will continue to do most of their work with little or no crypto. And rightly so, since most security problems have nothing to do with the absence of crypto. j. a cryptographic solution for spam and viruses won't be found.

Re: The future of security

2004-05-26 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Anton Stiglic writes: - Original Message - From: Steven M. Bellovin [EMAIL PROTECTED] j. a cryptographic solution for spam and viruses won't be found. This ties into the same thing: spam is *unwanted* email, but it's not *unauthorized*. Crypto

Re: The future of security

2004-05-26 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Ben Laurie writes: Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Anton Stiglic write s: - Original Message - From: Steven M. Bellovin [EMAIL PROTECTED] j. a cryptographic solution for spam and viruses won't be found. This ties into the same

Re: SMTP over TLS

2004-06-02 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Perry E. Metzger writes: I view link encryption for SMTP -- i.e. SMTP over TLS -- as having two functions. 1) It frustrates vacuum cleaner mail tapping efforts to some degree. 2) It can be used effectively for authenticating the posting of a mail message from an

Re: Is finding security holes a good idea?

2004-06-14 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Ben Laurie writes: What you _may_ have shown is that there's an infinite number of bugs in any particularly piece of s/w. I find that hard to believe, too :-) Or rather, that the patch process introduces new bugs. Let me quote from Fred Brooks' Mythical

Re: Question on the state of the security industry (second half not necessarily on topic)

2004-07-08 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Jason H olt writes: [...] I had the same question about the NSA when some friends were interviewing there. Apparently investigators will just show up at your house and want to know all sorts of things about your friends, who you may or may not know to be in the

Re: EZ Pass and the fast lane ....

2004-07-10 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], John Gilmore writes: If they could read the license plates reliably, then they wouldn't need the EZ Pass at all. They can't. It takes human effort, which is in short supply. There are, in fact, toll roads that try to do that; see, for example,

Re: Using crypto against Phishing, Spoofing and Spamming...

2004-07-21 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Ian Grigg writes: Don't be silly. It's not a threat because people generally use SSL. Back in the old days, password capture was a very serious threat. It went away with SSH. It seems to me quite likely that it would be a problem with web browsing in the

Re: Al Qaeda crypto reportedly fails the test

2004-08-10 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], John Denker writes: Here's a challenge directly relevant to this group: Can you design a comsec system so that pressure against a code clerk will not do unbounded damage? What about pressure against a comsec system designer? That is, of course, one of the primary

Re: [anonsec] Re: potential new IETF WG on anonymous IPSec (fwd from [EMAIL PROTECTED]) (fwd from [EMAIL PROTECTED])

2004-09-13 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Peter Gutmann writes: Eugen Leitl [EMAIL PROTECTED] writes: Maybe it's worth doing some sort of generic RFC for this security model to avoid scattering the same thing over a pile of IETF WGs, things like the general operational principles (store a hash of the

Re: IBM's original S-Boxes for DES?

2004-10-04 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Nicolai Moles -Benfell writes: Hi, A number of sources state that the NSA changed the S-Boxes (and reduced the ke y size) of IBM's original DES submission, and that these change were made to strengthen the cipher against differential/linear/?? cryptanalysis. Does

Re: workshop on unwanted Internet traffic

2004-12-09 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Steve Bellov in writes: Readers of this list may be interesting the the SRUTI -- Steps Towards Reducing Unwanted Traffic on the Internet -- workshop. See http://www.research.att.com/~bala/srut for details. CORRECTION: it's http://www.research.att.com/~bala/sruti

Re: The Reader of Gentlemen's Mail, by David Kahn

2005-01-09 Thread Steven M. Bellovin
of Yardley's success with women. I have no idea if that's true, though moralistic revulsion may be closer. But I wonder if the root of the personal antagonism may be more that of the technocrat for the manager... --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb

Re: entropy depletion

2005-01-26 Thread Steven M. Bellovin
the purported escrow key generation algorithm for Clipper? See http://www.eff.org/Privacy/Newin/Cypherpunks/930419.denning.protocol for details. The algorithm was later disavowed, but I've never been convinced that the disavowal was genuine.) --Prof. Steven M. Bellovin, http

Cryptanalytic attack on an RFID chip

2005-01-29 Thread Steven M. Bellovin
in aluminum foil. I suspect that a more practical form factor is a spring-loaded conductive sleeve that normally surrounds the RFID chip, but is push back either manually or on key insertion. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb

Re: Is 3DES Broken?

2005-02-01 Thread Steven M. Bellovin
. That's a Big Number of seconds. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: how to tell if decryption was successfull?

2005-02-02 Thread Steven M. Bellovin
of ways to tell, but you generally have to have some idea what you're looking for. For two examples of how to do it, see http://www1.cs.columbia.edu/~smb/papers/probtxt.ps (or .pdf) and http://www1.cs.columbia.edu/~smb/papers/recog.ps (or .pdf) --Prof. Steven M. Bellovin, http

Re: Dell to Add Security Chip to PCs

2005-02-05 Thread Steven M. Bellovin
problems that aren't solvable with today's technology? Other than protecting keys -- and, of course, DRM -- I'm very far from convinced of it. The fault, dear Brutus, is not in our stars but in ourselves. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb

link-layer encryptors for Ethernet?

2005-02-07 Thread Steven M. Bellovin
Are there any commercial link-layer encryptors for Ethernet available? I know that Xerox used to make them, way back when, but are there any current ones, able to deal with current speeds (and connectors)? --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb

Re: link-layer encryptors for Ethernet?

2005-02-09 Thread Steven M. Bellovin
box. At the least, their Administrator's Guide talks about using IP Protocol 50. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe

Re: link-layer encryptors for Ethernet?

2005-02-09 Thread Steven M. Bellovin
and the circuits rerouted to satellite. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

2005-02-09 Thread Steven M. Bellovin
that the certificate really was issued to some string of Kanji, and instead sees the IDN encoding? That's less than helpful -- he or she would have no way whatsoever of verifying the certificate. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb

Re: link-layer encryptors for Ethernet?

2005-02-10 Thread Steven M. Bellovin
for. The KG-235, which your second URL took me to, is for TS/SCI traffic -- *way* above what I need... --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

2005-02-10 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Amir Herzberg writes: Steve, my point was not the trivial fact that TrustBar would not display the homograph; suppose it did... even then, the user is _asked_ about the certificate, since it was signed by an unusual CA that the user did not specify as `to be

SHA-1 cracked

2005-02-16 Thread Steven M. Bellovin
parallel hash function collision finders, but it's an impressive achievement nevertheless -- especially since it comes just a week after NIST stated that there were no successful attacks on SHA-1. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb

Re: SHA-1 cracked

2005-02-17 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Alexandre Dulaunoy writes: On Tue, 15 Feb 2005, Steven M. Bellovin wrote: According to Bruce Schneier's blog (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html), a team has found collisions in full SHA-1. It's probably not a practical threat

Re: [IP] One cryptographer's perspective on the SHA-1 result

2005-03-03 Thread Steven M. Bellovin
of epicycles. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: FUD about CGD and GBDE

2005-03-03 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Thor Lancelot Simon writes: On Thu, Mar 03, 2005 at 05:31:34PM +0100, Poul-Henning Kamp wrote: In message [EMAIL PROTECTED], ALeine writes: Not necessarily, if one were to implement the ideas I proposed I believe the performance could be kept at the same level as

NSA warned Bush it needed to monitor networks

2005-03-13 Thread Steven M. Bellovin
http://www.nytimes.com/aponline/national/AP-Spy-Agency-Documents.html WASHINGTON (AP) -- The National Security Agency warned President Bush in 2001 that monitoring U.S. adversaries would require a ``permanent presence'' on networks that also carry Americans' messages that are protected from

how to phase in new hash algorithms?

2005-03-20 Thread Steven M. Bellovin
be doing now? There's no emergency on SHA1, but we do need to start, and soon. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe

Re: NSA warned Bush it needed to monitor networks

2005-03-20 Thread Steven M. Bellovin
A few days ago, I posted this: WASHINGTON (AP) -- The National Security Agency warned President Bush in 2001 that monitoring U.S. adversaries would require a ``permanent presence'' on networks that also carry Americans' messages that are protected from government eavesdropping. ... ``Make no

Re: Encryption plugins for gaim

2005-03-20 Thread Steven M. Bellovin
, what you really need to watch out for is the transcript files on your own machine... --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe

Re: Schneier: SHA-1 has been broken - Time for a second thought about SDLH ?

2005-03-20 Thread Steven M. Bellovin
it. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Moore says his law won't last

2005-05-20 Thread Steven M. Bellovin
http://www.vnunet.com/news/1162433 Something like this cannot continue forever, he said. The dimensions are small enough now that we're approaching the size of atoms and that's a fundamental block. I think the law has another 10-20 years before fundamental limits

Three NIST Special Pubs for Review (Forwarded)

2005-05-20 Thread Steven M. Bellovin
in the subject line. Elaine Barker 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Phone: 301-975-2911 --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe

Re: What happened with the session fixation bug?

2005-05-31 Thread Steven M. Bellovin
a real threat, too. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: SSL stops credit card sniffing is a correlation/causality myth

2005-05-31 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Ian G writes: On Tuesday 31 May 2005 02:17, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], James A. Donald writes: -- PKI was designed to defeat man in the middle attacks based on network sniffing, or DNS hijacking, which turned out to be less

Re: Citibank discloses private information to improve security

2005-05-31 Thread Steven M. Bellovin
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

analysis of the Witty worm

2005-06-02 Thread Steven M. Bellovin
that the authors could gather about network configurations at different sites: as we all know, traffic analysis is a powerful technique. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography

Re: encrypted tapes (was Re: Papers about Algorithm hiding ?)

2005-06-07 Thread Steven M. Bellovin
were fraudulent use of logins and passwords. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: AmEx unprotected login site

2005-06-08 Thread Steven M. Bellovin
verify the numbers; I know from experience that he's competent and has his hear in the right place re security). --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe

Re: AmEx unprotected login site

2005-06-08 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Perry E. Metzger writes: Steven M. Bellovin [EMAIL PROTECTED] writes: They're still doing the wrong thing. Unless the page was transmitted to you securely, you have no way to trust that your username and password are going to them and not to someone who cleverly sent

Re: analysis of the Witty worm

2005-06-13 Thread Steven M. Bellovin
and ps) and a slide show are inaccessible, and are not in Google's cache. Anyone saved a copy? It's on Vern's web page: http://www.icir.org/vern/papers/witty-draft.pdf or http://www.icir.org/vern/papers/witty-draft.ps --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

AES cache timing attack

2005-06-16 Thread Steven M. Bellovin
warning people even against doing their own implementations. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: de-identification

2005-06-16 Thread Steven M. Bellovin
(the remote fingerprinting paper mentioned this one), etc. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

massive data theft at MasterCard processor

2005-06-20 Thread Steven M. Bellovin
there --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: [Forwarded] RealID: How to become an unperson.

2005-07-06 Thread Steven M. Bellovin
to be answered about any such system before it's even possible to discuss it intelligently. And whenever I enter the US, I have to give the fingerprints of my index fingers and they take a picture of me. That's worse than an ID card. Agreed. --Steven M. Bellovin, http

new NSA chief named

2005-07-07 Thread Steven M. Bellovin
http://www.baltimoresun.com/news/nationworld/bal-te.nsa07jul07,1,6042171.story?coll=bal-home-headlinesamp;cset=truectrack=1cset=true --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography

the limits of crypto and authentication

2005-07-09 Thread Steven M. Bellovin
to log int o E-Gold, checks your balance, and drains your account except for .004 grams of gold. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending

Re: Why Blockbuster looks at your ID.

2005-07-09 Thread Steven M. Bellovin
on my credit card has long since expired. They've never asked me for an update. Maybe they're using a reputation system?) --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List

Re: the limits of crypto and authentication

2005-07-09 Thread Steven M. Bellovin
authenticated? (I alluded to this in a 1997 panel session talk; see http://www.cs.columbia.edu/~smb/talks/ncsc-97/index.htm ) --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List

Re: mother's maiden names...

2005-07-14 Thread Steven M. Bellovin
customers.) --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

draft paper: Deploying a New Hash Algorithm

2005-07-21 Thread Steven M. Bellovin
Eric Rescorla and I have written a paper Deploying a New Hash Algorithm. A draft is available at http://www.cs.columbia.edu/~smb/papers/new-hash.ps and http://www.cs.columbia.edu/~smb/papers/new-hash.pdf . Here's the abstract: As a result of recent discoveries, the strength of hash

Re: draft paper: Deploying a New Hash Algorithm

2005-07-25 Thread Steven M. Bellovin
. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: draft paper: Deploying a New Hash Algorithm

2005-08-05 Thread Steven M. Bellovin
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: solving the wrong problem

2005-08-06 Thread Steven M. Bellovin
-- that a lot of people try to solve the wrong problem. Here, though, we have a tool. It remainds to be determined if it's a hammer, screwdriver, or wrench, and hence what problems to apply it to. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

Re: faster SHA-1 attacks?

2005-08-17 Thread Steven M. Bellovin
the attack will get even better. Shamir noted that 2^63 is within reach of a distributed Internet effort to actually find one. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List

Re: How many wrongs do you need to make a right?

2005-08-17 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Florian Weimer writes: * Steven M. Bellovin: In message [EMAIL PROTECTED], Florian Weimer writes: Can't you strip the certificates which have expired from the CRL? (I know that with OpenPGP, you can't, but that's a different story.) OTOH, I wouldn't be concerned

Re: Another entry in the internet security hall of shame....

2005-08-26 Thread Steven M. Bellovin
-- not the computational cost; the management cost -- is quite high; you need to get authentic public keys for all of your correspondents. That's beyond the ability of most people. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

Re: Another entry in the internet security hall of shame....

2005-08-26 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Chris Kuethe writes: On 8/26/05, Steven M. Bellovin [EMAIL PROTECTED] wrote: ... If you don't trust your (or your correspondents') IM servers, it may be a different situation. I haven't read Google's privacy policies for IM; if it's anything like gmail, they're

Re: e2e all the way (Re: Another entry in the internet security hall of shame....)

2005-08-26 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Adam Back writes: On Fri, Aug 26, 2005 at 11:41:42AM -0400, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Adam Back writes: Thats broken, just like the WAP GAP ... for security you want end2end security, not a secure channel to an UTP (untrusted third

Re: MD5 Collision, Visualised

2005-08-28 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Ben Laurie writes: I wrote some code to show the internal state of MD5 during a collision... http://www.shmoo.com/md5-collision.html Very nice, though you need to give a scale of rounds -- how many horizontal lines per round? --Steven M

Re: ECC patents?

2005-09-13 Thread Steven M. Bellovin
(or licensed) by Sun. For obvious reasons, it's remarkably hard to get someone to say that they don't have a claim on some product. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing

Re: Clearing sensitive in-memory data in perl

2005-09-13 Thread Steven M. Bellovin
? --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

MIT talk: Special-Purpose Hardware for Integer Factoring

2005-09-14 Thread Steven M. Bellovin
, James Hughes and Paul Leyland. --- End of Forwarded Message --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL

Re: Amazon's

2005-09-15 Thread Steven M. Bellovin
at your account, which will display the last 5 digits of your credit cards. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography

[Colloquium] ARMSTRONG LECTURE on Quantum Crypto and Optical Networks (Forwarded)

2005-09-15 Thread Steven M. Bellovin
to seeing you there! ___ Colloquium mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/colloquium -- --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

Re: ECC patents?

2005-09-15 Thread Steven M. Bellovin
, --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Java: Helping the world build bigger idiots

2005-09-19 Thread Steven M. Bellovin
against the law. From Tony Hoare's 1980 Turing Award lecture. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL

Guideline for Implementing Cryptography In the Federal Government

2005-09-20 Thread Steven M. Bellovin
http://csrc.nist.gov/publications/drafts/800-21-Rev1_September2005.pdf --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography

Re: Java: Helping the world build bigger idiots

2005-09-22 Thread Steven M. Bellovin
, and that's far more than crypto. Sometimes, in fact, the two conflict. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography

Re: PKI too confusing to prevent phishing, part 28

2005-09-27 Thread Steven M. Bellovin
are doing the wrong thing, the problem isn't the people, it's the mechanism they're being asked to use. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe

Re: Venona not all decrypted?

2005-10-13 Thread Steven M. Bellovin
Have a look at http://www.nsa.gov/publications/publi00039.cfm . The one-time pad was used to superencrypt a codebook; two different codebooks were used. Most of the successful decryptions were done by 1952; there was some additional help from a partial codebook recovered in 1953. Here's the

Re: NSA Suite B Cryptography

2005-10-15 Thread Steven M. Bellovin
. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: semi-preditcable OTPs

2005-10-25 Thread Steven M. Bellovin
value. Non-random digits in such a setting are more or less irrelevant, unless there is enough of a pattern that it helps you strip off the superencipherment. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

The Pentagon is block NSA patent applications...

2005-10-31 Thread Steven M. Bellovin
http://www.newscientist.com/article.ns?id=dn8223feedId=online-news_rss091 --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography

Re: Symmetric ciphers as hash functions

2005-11-01 Thread Steven M. Bellovin
. As for the dictionary size -- they felt (probably correctly) that the size expansion was already large enough that that wasn't a feasible path for the attacker. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

RSA-640 factored

2005-11-09 Thread Steven M. Bellovin
http://mathworld.wolfram.com/news/2005-11-08/rsa-640/ --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: How broad is the SPEKE patent.

2005-11-09 Thread Steven M. Bellovin
to spend the money on legal fees to fight that claim, per a story I heard. Have a look at http://web.archive.org/web/20041018153649/integritysciences.com/history.html for some history. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

cryptography and security-related papers from North Korea

2005-11-15 Thread Steven M. Bellovin
I stumbled on the following link:http://cryptome.org/dprk/dprk-papers.htm --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography

Re: ISAKMP flaws?

2005-11-15 Thread Steven M. Bellovin
that stress parsers. So far, they've been extremely successful against IKEv1, ASN.1, SNMP, and more. This should surprise no one and depress everyone. http://www.ee.oulu.fi/research/ouspg/protos/index.html is the home page for this project. --Steven M. Bellovin, http

Re: ISAKMP flaws?

2005-11-15 Thread Steven M. Bellovin
be implemented poorly, but complex ones have more places to go wrong. (It's instructive, I might add, to read RFC 1025, especially the part about dirty blows.) --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

the effects of a spy

2005-11-15 Thread Steven M. Bellovin
Bruce Schneier's newsletter Cryptogram has the following fascinating link: http://www.fas.org/irp/eprint/heath.pdf It's the story of effects of a single spy who betrayed keys and encryptor designs. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

Re: ISAKMP flaws?

2005-11-18 Thread Steven M. Bellovin
M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

the early history of NSA

2005-12-02 Thread Steven M. Bellovin
The Quest For Cryptologic Centralization and the Establishment of NSA: 1940-1952 http://www.fas.org/irp/nsa/quest.pdf --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List

NSA declassifies some Vietnam-era SIGINT

2005-12-03 Thread Steven M. Bellovin
http://www.nsa.gov/vietnam/ These are the documents related to the claim that NSA suppressed many of the intercepts relating to the so-called Gulf of Tonkin incident. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

  1   2   3   >