CFP, Security In Storage Workshop

2003-06-19 Thread James Hughes
and civilian areas. Accepted papers will be published by IEEE Press in the workshop's post-proceedings. Program Co-Chairs James Hughes (StorageTek, USA) Jack Cole (US Army Research Laboratory, USA) Program Committee Donald Beaver (Seagate, USA) Randal Burns (Johns Hopkins University, USA) Yongdae Kim

Security In Storage Workshop, Oct 31. Call for Participation

2003-10-05 Thread james hughes
Security Protocol, Michael Factor, Dalit Naor, Noam Rinetzky, Julian Satran (IBM), David Nagle (Panasas), and Don Beaver, Erik Riedel (Seagate) IEEE Standard for Encrypted Storage, James Hughes (Storage Technology Corporation

Re: Al Qaeda crypto reportedly fails the test

2004-08-15 Thread james hughes
In message [EMAIL PROTECTED], John Denker writes: Here's a challenge directly relevant to this group: Can you design a comsec system so that pressure against a code clerk will not do unbounded damage? What about pressure against a comsec system designer? If I understand your question correctly,

CRYPTO2004 Rump Session Presentations, was Re: A collision in MD5'

2004-08-17 Thread james hughes
Hello: This is Jim Hughes, General Chair of CRYPTO2002. There are three significant Rump session papers on hash collisions that will be presented, including an update on this one (and about 40 other short papers on other aspects of cryptography). As the session firms up, more information it

Re: CRYPTO2004 Rump Session Presentations, was Re: A collision in MD5'

2004-08-17 Thread james hughes
I have 2 items of note for this list. 1. The web site is updated with program and the times. http://www.iacr.org/conferences/crypto2004/rump.html 2. I was typing fast, and mistyped my title. I am General Chair this year, not 2002 as was stated. Enjoy. On Aug 17, 2004, at 1:39 PM, james

Re: references on traffic analysis?

2004-09-10 Thread james hughes
On Sep 7, 2004, at 11:12 PM, Steve Bellovin wrote: What are some of the classic, must-read, references on traffic analysis? (I'm familiar with the Zendian problem, of course.) In looking through my library, I came across two references (I would not say 'must read' though). Code Breakers (David

Re: IBM's original S-Boxes for DES?

2004-10-04 Thread james hughes
In a personal interview with Walt Tuchman (IBM at the time, worked for StorageTek when I met him, now retired) he described the process for creating the s-boxes. A set of mathematical requirements were created and candidate s-boxes meeting these requirements would be printed out on a regular

Fwd: The PoinFULLness of the MD5 'attacks'

2004-12-22 Thread james hughes
For this discussion, I think we are missing the point here... 1. With a rogue binary distribution with correct hash, this is -at least- a denial of service where the customer will install the rogue binary and it will crash in the area that the information was changed. MD5 based Tripwire will

Re: Is 3DES Broken?

2005-02-02 Thread james hughes
On Jan 31, 2005, at 10:38 PM, Steven M. Bellovin wrote: When using CBC mode, one should not encrypt more than 2^32 64-bit blocks under a given key. That comes to ~275G bits, which means that on a GigE link running flat out you need to rekey at least every 5 minutes, which is often impractical.

Re: Is 3DES Broken?

2005-02-04 Thread james hughes
On Feb 2, 2005, at 1:32 PM, bear wrote: On Mon, 31 Jan 2005, Steven M. Bellovin wrote: snip re: 3des broken? [Moderator's note: The quick answer is no. The person who claims otherwise is seriously misinformed. I'm sure others will chime in. --Perry] [snip] When using CBC mode, one should not

Re: link-layer encryptors for Ethernet?

2005-02-09 Thread james hughes
The following device is a layer 2 tunneling device that has 256 bit AES at up to 400Mb/s. http://blueridgenetworks.com/products/index.htm http://blueridgenetworks.com/support/borderguard_vpn__serv_res_ctr.htm Hope this helps On Feb 8, 2005, at 11:29 AM, Russell Nelson wrote: Steven M. Bellovin

Re: [IP] One cryptographer's perspective on the SHA-1 result

2005-03-06 Thread james hughes
On Mar 4, 2005, at 5:23 PM, James A. Donald wrote: The attacks on MD*/SHA* are weak and esoteric. On this we respectfuly disagree. You make it sound trivial. Wang has been working on these results for over 10 years. She received the largest applause at Crypto 2004 session from her peers I have

SISW05, the 3rd International IEEE Security in Storage Workshop

2005-07-09 Thread james hughes
by the IEEE Computer Society Press in the workshop proceedings and become part of the IEEE Digital Library. Workshop Sponsor - Jack Cole (US Army Research Laboratory, USA) Program Chair - James Hughes (StorageTek, USA) Program Committee - Don Beaver (USA) - John Black (University of Colorado, USA

Re: webcast of crypto rumpsession this year?

2005-08-12 Thread James Hughes
At this time I believe the answer is no. I set it up last year and have not this year. I take it that there is interest? I will send an email to the group if this changes. Thanks jim On Aug 12, 2005, at 9:07 AM, Mads Rasmussen wrote: Anyone knows whether there will be webcasts from this

Re: Another entry in the internet security hall of shame....

2005-08-29 Thread james hughes
In listening to this thread hearing all the hyperbole on both sides, I would suggest that we may need more fuel to the fire. There was a rump presentation at the recent Crypto on the use of Ceremonies (which, pardon my misstatement in advance, is claimed to be computer protocols with the

Looking for fast KASUMI implementation

2005-12-15 Thread james hughes
Hello list: I have research project that is looking for a fast -software- implementation of the KASUMI block cipher. I have found many papers on doing this in hardware, but nothing in software. While free is better (as is beer), I will consider a purchase. FYI, KASUMI is the

Re: compressing randomly-generated numbers

2006-08-11 Thread james hughes
On Aug 9, 2006, at 8:44 PM, Travis H. wrote: Hey, I was mulling over some old emails about randomly-generated numbers and realized that if I had an imperfectly random source (something less than 100% unpredictable), that compressing the output would compress it to the point where it was

Crypto rump session to be webcast.

2006-08-21 Thread james hughes
All: The Rump session of this year's Crypto conference will be webcast Aug. 22 (tomorrow) starting at 19:30 pacific. Other timezones here: http://tinyurl.com/otxxu and the webcast will be broadcast in Quicktime and will be available here: rtsp://qtss.id.ucsb.edu/crypto.sdp

Re: news story - Jailed ID thieves thwart cops with crypto

2006-12-21 Thread james hughes
On Dec 20, 2006, at 8:44 AM, [EMAIL PROTECTED] wrote: http://news.com.com/Jailed+ID+thieves+thwart+cops+with+crypto/ 2100-7348_3-6144521.html [...] According to the Crown Prosecution Service (CPS), which confirmed that Kostap had activated the encryption after being arrested, it

Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?

2007-01-22 Thread james hughes
On Jan 19, 2007, at 4:06 AM, Bill Stewart wrote: [...] if you're trying to protect against KGB-skilled attacks [...] On the other hand, if you're trying to protect against lower-skilled attackers, [...] I always find these arguments particularly frustrating. By slowly raising the bar

Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?

2007-01-22 Thread james hughes
On Jan 18, 2007, at 6:57 PM, Saqib Ali wrote: When is the last time you checked the code for the open source app that you use, to make sure that it is written properly? 30 seconds ago. What mode is it using? How much information is encrypted under a single key. Was the implementation

Security In Storage Workshop- Extended Deadline

2007-06-09 Thread James Hughes
Call for papers, submission deadline now June 15th. The 4th International Security In Storage Workshop will be held September 27, 2007 (Thursday) at Paradise Point Resort and Spa in San Diego, California, USA. The workshop is co-located with the 24th IEEE Conference on Mass Storage Systems

Re: debunking snake oil

2007-09-03 Thread james hughes
I am all for humor... Can you give us a hand with how to find this patent? On Sep 2, 2007, at 2:27 PM, Axel Horns wrote: On Fri, August 31, 2007 18:54, Stephan Neuhaus wrote: Fun, See German patent document DE10027974A1 (application was refused in 2006). Axel H. Horns

Re: Full Disk Encryption solutions selected for US Government use

2007-10-10 Thread james hughes
On Oct 8, 2007, at 4:27 AM, Steven M. Bellovin wrote: On Mon, 18 Jun 2007 22:57:36 -0700 Ali, Saqib [EMAIL PROTECTED] wrote: US Government has select 9 security vendors that will product drive and file level encryption software. See:

Re: Password hashing

2007-10-12 Thread james hughes
I forgot to add the links... http://people.redhat.com/drepper/sha-crypt.html http://people.redhat.com/drepper/SHA-crypt.txt On Oct 11, 2007, at 10:19 PM, james hughes wrote: A proposal for a new password hashing based on SHA-256 or SHA-512 has been proposed by RedHat but to my

Password hashing

2007-10-12 Thread james hughes
A proposal for a new password hashing based on SHA-256 or SHA-512 has been proposed by RedHat but to my knowledge has not had any rigorous analysis. The motivation for this is to replace MD-5 based password hashing at banks where MD-5 is on the list of do not use algorithms. I would prefer

Re: Snake oil crypto of the day: BabelSecure Samurai

2008-04-22 Thread james hughes
The company and all it's assets are for sale. Starting price $20M. http://babelsecure.com/property.aspx On Apr 16, 2008, at 8:49 PM, Ali, Saqib wrote: See: http://babelsecure.com/challenge.aspx Snake-oil sales pitch: The creators of BabelSecure are so confident in the ability and

Call for papers for the Security in Storage Workshop 2008, due May 30th

2008-05-22 Thread james hughes
to James Hughes ([EMAIL PROTECTED]) by May 30th. Thanks Jim Hughes - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Call for presentations: Cryptographic e-voting systems for the IACR

2008-05-22 Thread james hughes
The International Association for Cryptologic Research (http://www.iacr.org/ ) is seeking presentations and demos of e-voting systems. For its next meeting in August-17, 2008 (in Santa-Barbara, CA, USA), the IACR board would like to invite presentations and demos of cryptographic e-voting

Crypto2008 rump session to be webcast

2008-08-16 Thread james hughes
All: The Crypto2008 rump session will be webcast live starting at 19:30 on August 19th. The details will be posted on the iacr website at http://www.iacr.org Local times are http://tinyurl.com/6xrln9 Enjoy. Jim PS. Please feel free to forward this as widely as possible.

Re: Crypto Craft Knowledge

2009-02-20 Thread James Hughes
On Feb 14, 2009, at 12:54 PM, David Molnar wrote: Ben Laurie wrote: [snip discussion of bad crypto implementation practices] Because he is steeped in the craft knowledge around crypto. But most developers aren't. Most developers don't even have the right mindset for secure coding, let alone

Re: SHA-3 Round 1: Buffer Overflows

2009-02-24 Thread james hughes
On Feb 24, 2009, at 6:22 AM, Joachim Strömbergson wrote: Aloha! Ian G wrote: However I think it is not really efficient at this stage to insist on secure programming for submission implementations. For the simple reason that there are 42 submissions, and 41 of those will be thrown away,

Fwd: SMS 4 algorithm implemented as a spreasheet.

2009-02-25 Thread james hughes
Building a reference implementation of a cipher can be an invaluable aid to writing code. Building a cipher in a spreadsheet, while some may suggest is strange, is a valid way to effectively describe a cipher in a visual sense. This has been done before with The Illustrated DES

Re: Destroying confidential information from database

2009-04-30 Thread james hughes
On Mar 9, 2009, at 10:32 PM, Mads wrote: I know of procedures and programs to erase files securely from disks, Guttman did a paper on that What I don't know is how to securely erase information from a database. If the material is that sensitive, and you only want to selectively

Re: Warning! New cryptographic modes!

2009-05-22 Thread james hughes
I believe that mode has been renamed EME2 because people were having a fit over the *. On May 14, 2009, at 12:37 AM, Jon Callas wrote: I'd use a tweakable mode like EME-star (also EME*) that is designed for something like this. It would also work with 512-byte blocks.

Re: Seagate announces hardware FDE for laptop and desktop machines

2009-06-14 Thread james hughes
On Jun 10, 2009, at 4:19 PM, travis+ml-cryptogra...@subspacefield.org wrote: Reading really old email, but have new information to add. On Wed, Oct 03, 2007 at 02:15:38PM +1000, Daniel Carosone wrote: Speculation: the drive always encrypts the platters with a (fixed) AES key, obviating

Re: 112-bit prime ECDLP solved

2009-07-17 Thread james hughes
On Jul 14, 2009, at 12:43 PM, James A. Donald wrote: 2033130 Subsequent expansions in computing power will involve breaking up Jupiter to build really big computers, and so forth, which will slow things down a bit. So 144 bit EC keys should be good all the way to the singularity and

Re: Fast MAC algorithms?

2009-07-23 Thread james hughes
Note for Moderator. This is not crypto but TOE being the solution to networking performance problems is a perception that is dangerous to leave in the crypto community. On Jul 23, 2009, at 11:45 PM, Nicolas Williams wrote: On Thu, Jul 23, 2009 at 05:34:13PM +1200, Peter Gutmann wrote:

Re: Fast MAC algorithms?

2009-07-24 Thread james hughes
there are insecure implementation...). James Hughes hugh...@mac.com writes: TOEs that are implemented in a slow processor in a NIC card have been shown many times to be ineffective compared to keeping TCP in the fastest CPU (where it is now). The problem with statements like

Re: cleversafe says: 3 Reasons Why Encryption is Overrated

2009-07-26 Thread james hughes
On Jul 24, 2009, at 9:33 PM, Zooko Wilcox-O'Hearn wrote: [cross-posted to tahoe-...@allmydata.org and cryptogra...@metzdowd.com] Disclosure: Cleversafe is to some degree a competitor of my Tahoe- LAFS project. ... I am tempted to ignore this idea that they are pushing about encryption

Re: Fast MAC algorithms?

2009-07-26 Thread james hughes
On Jul 27, 2009, at 4:50 AM, James A. Donald wrote: From: Nicolas Williams nicolas.willi...@sun.com For example, many people use arcfour in SSHv2 over AES because arcfour is faster than AES. Joseph Ashwood wrote: I would argue that they use it because they are stupid. ARCFOUR should

Re: Unattended reboots

2009-08-03 Thread james hughes
On Aug 2, 2009, at 4:00 PM, Arshad Noor wrote: Jerry Leichter wrote: How does a server, built on stock technology, keep secrets that it can use to authenticate with other servers after an unattended reboot? Without tamper-resistant hardware that controls access to keys, anything the

Re: cleversafe says: 3 Reasons Why Encryption is Overrated

2009-08-09 Thread james hughes
On Aug 6, 2009, at 1:52 AM, Ben Laurie wrote: Zooko Wilcox-O'Hearn wrote: I don't think there is any basis to the claims that Cleversafe makes that their erasure-coding (Information Dispersal)-based system is fundamentally safer, e.g. these claims from [3]: a malicious party cannot recreate

Crypto'09 Rump session to be webcast

2009-08-14 Thread james hughes
The first Crypto rump session took place in 1981 and was immediately heralded as the most important meeting in cryptography. Each subsequent Crypto rump session has reached a new level of historical significance, outstripped only by the Crypto rump sessions that followed it. The

Re: Crypto'09 Rump session to be webcast

2009-08-18 Thread james hughes
:56 AM, james hughes wrote: The first Crypto rump session took place in 1981 and was immediately heralded as the most important meeting in cryptography. Each subsequent Crypto rump session has reached a new level of historical significance, outstripped only by the Crypto rump sessions

Re: Certainty

2009-08-21 Thread james hughes
Caution, the following contains a rant. On Aug 19, 2009, at 3:28 PM, Paul Hoffman wrote: I understand that creaking is not a technical cryptography term, but certainly is. When do we become certain that devastating attacks on one feature of hash functions (collision resistance) have any

Re: FileVault on other than home directories on MacOS?

2009-09-28 Thread james hughes
On Sep 22, 2009, at 5:57 AM, Darren J Moffat wrote: Ivan Krsti wrote: TrueCrypt is a fine solution and indeed very helpful if you need cross-platform encrypted volumes; it lets you trivially make an encrypted USB key you can use on Linux, Windows and OS X. If you're *just* talking about

Re: hedging our bets -- in case SHA-256 turns out to be insecure

2009-11-16 Thread james hughes
On Nov 11, 2009, at 10:03 AM, Sandy Harris wrote: On 11/8/09, Zooko Wilcox-O'Hearn zo...@zooko.com wrote: Therefore I've been thinking about how to make Tahoe-LAFS robust against the possibility that SHA-256 will turn out to be insecure. NIST are dealing with that via the AHS process.

Re: [Not] Against Rekeying

2010-03-25 Thread james hughes
On Tue, Mar 23, 2010 at 11:21:01AM -0400, Perry E. Metzger wrote: Ekr has an interesting blog post up on the question of whether protocol support for periodic rekeying is a good or a bad thing: http://www.educatedguesswork.org/2010/03/against_rekeying.html On Mar 23, 2010, at 4:23 PM, Adam

Re: Encryption and authentication modes

2010-07-14 Thread james hughes
On Jul 14, 2010, at 1:52 AM, Florian Weimer wrote: What's the current state of affairs regarding combined encryption and authentication modes? I've implemented draft-mcgrew-aead-aes-cbc-hmac-sha1-01 (I think, I couldn't find test vectors), but I later came across CCM and EAX. CCM has the

Re: [Cryptography] FIPS, NIST and ITAR questions

2013-09-03 Thread james hughes
Hashes aren't ITAR covered is a fact…. from Revised U.S. Encryption Export Control Regulations, January 2000 at http://epic.org/crypto/export_controls/regs_1_00.html 3. It was not the intent of the new Wassenaar language for ECCN 5A002 to be more restrictive concerning Message

[Cryptography] Fwd: NYTimes.com: N.S.A. Foils Much Internet Encryption

2013-09-05 Thread james hughes
The following is from a similar list in Europe. Think this echoes much on this list but has an interesting twist about PFS cipher suites. Begin forwarded message: From: Paterson, Kenny [kenny.pater...@rhul.ac.uk] Sent: Friday, September 06, 2013 12:03

Re: [Cryptography] In the face of cooperative end-points, PFS doesn't help

2013-09-07 Thread james hughes
On Sep 7, 2013, at 1:50 PM, Peter Fairbrother zenadsl6...@zen.co.uk wrote: On 07/09/13 02:49, Marcus D. Leech wrote: It seems to me that while PFS is an excellent back-stop against NSA having/deriving a website RSA key, it does *nothing* to prevent the kind of cooperative endpoint scenario

Re: [Cryptography] Bruce Schneier has gotten seriously spooked

2013-09-08 Thread james hughes
On Sep 7, 2013, at 6:30 PM, James A. Donald jam...@echeque.com wrote: On 2013-09-08 4:36 AM, Ray Dillinger wrote: But are the standard ECC curves really secure? Schneier sounds like he's got some innovative math in his next paper if he thinks he can show that they aren't. Schneier

Re: [Cryptography] In the face of cooperative end-points, PFS doesn't help

2013-09-08 Thread james hughes
On Sep 7, 2013, at 8:16 PM, Marcus D. Leech mle...@ripnet.com wrote: But it's not entirely clear to me that it will help enough in the scenarios under discussion. If we assume that mostly what NSA are doing is acquiring a site RSA key (either through donation on the part of the site,

Re: [Cryptography] In the face of cooperative end-points, PFS doesn't help

2013-09-08 Thread james hughes
On Sep 8, 2013, at 1:47 PM, Jerry Leichter leich...@lrw.com wrote: On Sep 8, 2013, at 3:51 PM, Perry E. Metzger wrote: In summary, it would appear that the most viable solution is to make the end-to-end encryption endpoint a piece of hardware the user owns (say the oft mentioned $50

Re: [Cryptography] What TLS ciphersuites are still OK?

2013-09-09 Thread james hughes
On Sep 9, 2013, at 9:29 AM, Ben Laurie b...@links.org wrote: Perry asked me to summarise the status of TLS a while back ... luckily I don't have to because someone else has: http://tools.ietf.org/html/draft-sheffer-tls-bcp-00 In short, I agree with that draft. And the brief summary is:

Re: [Cryptography] What TLS ciphersuites are still OK?

2013-09-09 Thread james hughes
On Sep 9, 2013, at 2:49 PM, Stephen Farrell stephen.farr...@cs.tcd.ie wrote: On 09/09/2013 05:29 PM, Ben Laurie wrote: Perry asked me to summarise the status of TLS a while back ... luckily I don't have to because someone else has: http://tools.ietf.org/html/draft-sheffer-tls-bcp-00 In

Re: [Cryptography] What TLS ciphersuites are still OK?

2013-09-10 Thread james hughes
On Sep 9, 2013, at 9:10 PM, Tony Arcieri basc...@gmail.com wrote: On Mon, Sep 9, 2013 at 9:29 AM, Ben Laurie b...@links.org wrote: And the brief summary is: there's only one ciphersuite left that's good, and unfortunately its only available in TLS 1.2: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

Re: [Cryptography] [TLS] New Version Notification for draft-sheffer-tls-bcp-00.txt

2013-09-10 Thread james hughes
On Sep 9, 2013, at 7:30 PM, Michael Ströder michael at stroeder.com wrote: Peter Gutmann wrote: Do you have numbers about the relative and absolute performance impact? Personally I don't see performance problems but I can't prove my position with numbers. MBA-2:tmp synp$ openssl

Re: [Cryptography] Gilmore response to NSA mathematician's make rules for NSA appeal

2013-09-25 Thread james hughes
Je n'ai fait celle-ci plus longue que parce que je n’ai pas eu le loisir de la faire plus courte. On Sep 23, 2013, at 12:45 PM, John Kelsey crypto@gmail.com wrote: On Sep 18, 2013, at 3:27 PM, Kent Borg kentb...@borg.org wrote: You foreigners actually have a really big vote here. It

Re: [Cryptography] Gilmore response to NSA mathematician's make rules for NSA appeal

2013-09-28 Thread james hughes
http://www.nytimes.com/2013/09/27/opinion/have-a-nice-day-nsa.html On Sep 25, 2013, at 3:14 PM, John Kelsey crypto@gmail.com wrote: Right now, there is a lot of interest in finding ways to avoid NSA surveillance. In particular, Germans and Brazilians and Koreans would presumably rather

Re: [Cryptography] Sha3

2013-10-05 Thread james hughes
On Oct 3, 2013, at 9:27 PM, David Johnston d...@deadhat.com wrote: On 10/1/2013 2:34 AM, Ray Dillinger wrote: What I don't understand here is why the process of selecting a standard algorithm for cryptographic primitives is so highly focused on speed. ~ What makes you think Keccak is

Re: [Cryptography] Sha3

2013-10-05 Thread james hughes
On Oct 5, 2013, at 12:00 PM, John Kelsey crypto@gmail.com wrote: http://keccak.noekeon.org/yes_this_is_keccak.html From the authors: NIST's current proposal for SHA-3 is a subset of the Keccak family, one can generate the test vectors for that proposal using the Kecca kreference code. and

Re: [Cryptography] Crypto Standards v.s. Engineering habits - Was: NIST about to weaken SHA3?

2013-10-05 Thread james hughes
On Oct 2, 2013, at 7:46 AM, John Kelsey crypto@gmail.com wrote: Has anyone tried to systematically look at what has led to previous crypto failures? T In the case we are now, I don't think that it is actually crypto failures (RSA is still secure, but 1024 bit is not. 2048 DHE is still