The only RSA Secret Key Challenge known to be under active attack
at this time is RC5-64, by distributed.net. Last night this reached the
50% mark, having tested 9,225,283,403,065,065,472 keys at the time I
write this, over 1331 days. The current rate is over 210 Gkeys/sec - they
From: Alan Barrett[SMTP:[EMAIL PROTECTED]]
The DMCA said:
No person shall circumvent a technological measure that effectively
controls access to a work protected under this title.
What does effectively mean here?
If it has its plain
[EMAIL PROTECTED][SMTP:[EMAIL PROTECTED]]
In article [EMAIL PROTECTED],
Perry E. Metzger [EMAIL PROTECTED] wrote:
Helger Lipmaa [EMAIL PROTECTED] writes:
Why just not to use a C code?
Because it is typically slower by many times than hand tuned assembler.
Are you sure?
From: Bram Cohen[SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, October 30, 2001 12:36 PM
To: Nelson Minar
Cc: Crypto List
Subject: Re: Yet more stego scare in the New York Times
On Tue, 30 Oct 2001, Nelson Minar wrote:
What's so frustrating about this
[This response probably can't get to all of the lists to which
the original message was addressed to. Feel free to forward
it to those lists, if you can, and to other addresses as needed.
Alex Alten[SMTP:[EMAIL PROTECTED]] wrote:
[.discussion of .NET weaknesses deleted]]
Peter Fairbrother[SMTP:[EMAIL PROTECTED]]
The other and more worrying component picked up the PGP key Scarfo used
his father's prison number! - and virtually nothing else. It didn't
keystrokes. Almost certainly it detected and captured only the PGP logon
when the enter key was
Ben Laurie[SMTP:[EMAIL PROTECTED]] wrote:
[EMAIL PROTECTED] wrote:
Jay D. Dyson writes:
-BEGIN PGP SIGNED MESSAGE-
On Tue, 27 Nov 2001 [EMAIL PROTECTED] wrote:
Hrm, how about a worm with a built-in HTTP server that
There's a much simpler reason why few or no stego'ed messages are
present in usenet images: They form an inefficient and unneeded
Try taking a peek at the Usenet newsgroup alt.anonymous.messages.
Dozens for PGP'd messages a day, from our old friends Secret Squirrel,
(feel free to forward this message in its entirety)
The RSA Data Security Conference is being held
February 18-22, 2001, at the McEnery Convention
Center in San Jose, California.
This is the biggest computer security conference
in the world, with 200 vendors and over 10,000
Rich is correct. I was over the top. In response to my (much
more polite) letter to Mr. Gladman New Scientist, it became
clear that the error was due to a journalist compressing down
his conversation with Mr. Gladman. Brian had been referring
to a (rounded up) bit strength for full 56 bit DES.
Karsten M. Self[SMTP:[EMAIL PROTECTED]] writes:
Note that my reading the language of 1201 doesn't requre that the work
being accessed be copyrighted (and in the case of Afghanistan, there is
a real question of copyright status), circumvention itself is
sufficient, regardless of status of
I read the article (in the dead tree edition), and despite it's
technical inaccuracies, thought it was generally
Don't forget that the MITM attack (which Schneier claims
takes 2^(2n) = 2^112 time), also requires 2^56 blocks
of storage. That's a lot, and the attack ceases to be
One other scheme I've seen, and which, while it doesn't give me
warm fuzzies, seems reasonable, is to issue the
the enduser a smartcard with a keypair on it. The SC generates
the pair onboard, and exports only the public half. The private
half never leaves the SC (there is no function on the card
There are plenty of 'thought experiment' crypto systems which
are utterly infeasible in practice. Rabin's is one.
It does have perfect forward secrecy in that if Eve doesn't know
ahead of transmission time what part of the keystream to grab,
she can't later decrypt the message.
I'm not the local expert on this, but there are SCs with
built-in crypto accelerators. They are designed for the
use I described:
* Generate an RSA key pair on board,
* export the public key,
* re-import the certificate,
* wrap/unwrap a data block
(typically a session key or hash for
[EMAIL PROTECTED][SMTP:[EMAIL PROTECTED]]
Trei, Peter [EMAIL PROTECTED] writes:
One other scheme I've seen, and which, while it doesn't give me warm
seems reasonable, is to issue the the enduser a smartcard with a keypair
it. The SC generates the pair onboard, and exports
Ben Laurie[SMTP:[EMAIL PROTECTED]]
Keyring and Strip are both programs that provide secure DBs on Palms.
Keyring, at least, is free and open source.
However, since Palms have no MMU, there's no security against hostile
other apps, which makes them pretty useless devices for this kind
[The SSSCA would require all devices capable of
carrying media content to have hardware locks
to prevent copyright violations. Essentially,
it turns all computers as closed as set-top
boxes - and about as useful.
for background -pt ]
I might be able to help you. I was the person who
initiated the the DES Challenges, getting RSA
Data Security to sponsor them, and working
with people in RSA Labs on their design (this
was before I switched employers to RSA).
I also wrote one of the search engines.
I have a fair bit of data,
[Note: I'm just passing on posts from sci.crypt. I've
not confirmed this independently
It appears that not every product which uses smart
cards is secure
From: [EMAIL PROTECTED] (Philippe Mestral)
Distributed.net, which has won several of the RSA Secret Key
challenges, and is currently 73% of the way through the
RC5-64 contest, has lost it's ISP.
From their front page:
- start quote
We need your help!
URGENT: We have recently learned that our
Bruce Schneier writes in the April 15, 2002, CRYPTO-GRAM,
But there's no reason to panic, or to dump existing systems. I don't
Bernstein's announcement has changed anything. Businesses today
Russell Nelson[SMTP:[EMAIL PROTECTED]] wrote
Derek Atkins writes:
I think it's really about degree. I don't agree that having a
non-empty threat model implies you a paranoid.
Yes, you're right (and Phil Pennock points out that I meant
intersection, not union). Dictionary.com defines
R. A. Hettinga[SMTP:[EMAIL PROTECTED]]
At 3:54 PM -0400 on 4/16/02, Trei, Peter wrote:
Well, Lucky's not a business, and he's certainly not a military
institution (despite his fondness for ordnance). What does that
leave? Most of us who know him got a little chuckle out
Now, I'm sure no one on this list would trust MSVC6 rand() for anything
important, but this post from sci crypt (which I have not cofirmed)
may be of interest:
- start quote -
Newsgroups: sci.crypt, sci.crypt.random-numbers
Subject: Warning: MSVC6 rand function
Actually, it's unlikely that anyone would embed watermarks in billboard
ads, or in ads in general. Copying an ad is usually a Good Thing from
the advertiser's point of view - more exposure. It's only the program
material which needs protection.
To get back to security; could I use this to defeat
From: Nomen Nescio[SMTP:[EMAIL PROTECTED]]
Sent: Thursday, May 30, 2002 12:20 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: FC: Hollywood wants to plug analog hole, regulate A-D
Peter Trei writes:
My mind has been boggled, my
To: [EMAIL PROTECTED]
Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
Subject: Re: DOJ proposes US data-rentention law.
Trei, Peter wrote:
- start quote -
Cyber Security Plan Contemplates U.S. Data Retention Law
John S. Denker[SMTP:[EMAIL PROTECTED]] wrote:
Peter Gutmann wrote:
Actually I'm amazed no printer vendor has ever gone after companies who
third-party Smartchips for remanufactured printer cartridges. This
the perfect thing to hit with the DMCA universal
Lucky Green[SMTP:[EMAIL PROTECTED]]
On 11 Jul 2002 at 1:22, Lucky Green wrote:
Trusted roots have long been bought and sold on the
as any other commodity. For surprisingly low amounts, you
too can own
a trusted root that comes pre-installed
Jon Callas[SMTP:[EMAIL PROTECTED]]
On 8/1/02 1:14 PM, Trei, Peter [EMAIL PROTECTED] wrote:
So my question is: What is your reason for shielding your identity?
You do so at the cost of people assuming the worst about your
Is this a tacit way to suggest that the only
AARG! Anonymous[SMTP:[EMAIL PROTECTED]] writes
Now, there is an optional function which does use the manufacturer's key,
but it is intended only to be used rarely. That is for when you need to
transfer your sealed data from one machine to another (either because you
Russell Nelson[SMTP:[EMAIL PROTECTED]] writes:
You're wearing your programmer's hat when you say that. But the
problem isn't programming, but is instead economic. Switch hats. The
changes that you list above may or may not offer some security
advantages. Who cares? What really matters
Niels Ferguson[SMTP:[EMAIL PROTECTED]] wrote:
Well, I'm tired of this. AARG, or whoever is hiding behind this pseudonym,
is obviously not reading the responses that I send, as he keeps asking
questions I already answered. I'm not going to waste more of my time
responding to this. This is
First, the official PR release:
Distributed Team Collaborates to Solve Secret-Key Challenge
Contest designed to keep the cryptographic community updated
on new achievements and help organizations maintain highest
levels of security
Ralf-P. Weinmann[SMTP:[EMAIL PROTECTED]] wrote:
On Thu, Sep 26, 2002 at 02:45:12PM -0700, John Gilmore wrote:
After getting that getting started, though, I suggest beginning a
brute-force attack on the GSM cellphone encryption algorithm. That's
in use in hundreds of
Branchaud, Marc writes:
Any thoughts on this device? At first glance, it doesn't seem
Lovely idea of two-factor authentication:
The user then enters their user name (something they know) and the
8-digit Quizid passcode
[Moderator's note: FYI: no pragma is needed. This is what C's
volatile keyword is for. Unfortunately, not everyone writing in C
knows the language. --Perry]
Those of us who write code need to be reminded of this
now and then.
James A. Donald[SMTP:[EMAIL PROTECTED]] wrote:
Reading the Wifi report,
it seems their customers stampeded them and demanded that the
security hole be fixed, fixed a damned lot sooner than they
intended to fix it.
The PO tried marketing this service about 6 years ago.
As far as I can see, this is almost identical to the last try.
It failed in the marketplace then, and I see no reason
whatsoever to think it will suceed now.
Having a feature certified as secure by a federal agency
John Gilmore[SMTP:[EMAIL PROTECTED]] writes:
How does this latest development change the picture? If there is no
Hollings bill, does this mean that Trusted Computing will be voluntary,
as its proponents have always claimed? And if we no longer have such
Adam Shostack[SMTP:[EMAIL PROTECTED]] writes:
I believe that DRM systems will require not just an authorized boot
sequence, but a secure remote attestation that that boot sequence was
followed, and a secure attestation as to the versions of the software
on your system. So, while a
Sent: Tuesday, February 04, 2003 11:42 AM
To: Dave Farber
Cc: Trei, Peter; [EMAIL PROTECTED]
Subject: Re: A talk on Intellectual Property and National Defense
I think Peter was responding to me, not you.
And no, I'm not proposing
Matthew Byng-Maddick[SMTP:[EMAIL PROTECTED]] writes:
On Sun, Feb 09, 2003 at 11:43:55PM -0500, Donald Eastlake 3rd wrote:
been that you either throw away the first 256 bytes of stream key output
or use a different key on every message. WEP does neither. TKIP, the new
Arnold G. Reinhold[SMTP:[EMAIL PROTECTED]] wrote:
It's worth remembering that the original WEP used 40 bit keys. For
some time, RC4 with 40 bit keys was the only crypto system that could
be exported without a license. It's hard for me to believe that
export concerns were not the primary
Steven M. Bellovin[SMTP:[EMAIL PROTECTED]] wrote:
m, Trei, Peter writes:
If I recall correctly (dee3: Can you help?) WEP is actually derived
from the encryption system used in the Apple Mobile Messaging
System, a PCMCIA paging card made for the Newton
Pete Chown[SMTP:[EMAIL PROTECTED]]
Arnold G. Reinhold wrote:
Indeed, but it is important to remember just how thickheaded the
anti-crypto effort of the '80s and '90s was and how much damage it did.
As a footnote to those times, 2 ** 40 is 1,099,511,627,776. My PC can
Ian Brown[SMTP:[EMAIL PROTECTED] wrote:
Ed Gerck wrote:
Printing a paper receipt that the voter can see is a proposal
that addresses one of the major weaknesses of electronic
voting. However, it creates problems that are even harder to
solve than the silent subversion of
Francois Grieu[SMTP:[EMAIL PROTECTED]
Peter Trei wrote:
I'd prefer that the printed receipt be retained at the polling
station, after the voter has had an opportunity to examine it.
This serves two purposes: First, it prevents the vote selling
described above, and second, if a
John Kelsey[SMTP:[EMAIL PROTECTED]
At 11:08 PM 3/12/03 +0100, Krister Walfridsson wrote:
This is not completely true -- I have seen some high-end cards that use
the PIN code entered by the user as the encryption key. And it is quite
easy to do similar things on Java cards...
Sidney Markowitz writes:
They both require that the use of such technologies be for
the purpose of committing a crime.
The Massachusetts law defines as a crime:
(b) Offense defined.--Any person commits an offense if he knowingly
(1) possesses, uses, manufactures, develops, assembles,
reusch[SMTP:[EMAIL PROTECTED] wrote:
Via the Cryptome, http://www.cryptome.org/, RU sure, look
I'm amazed at their claims of radio interception. One would
expect that all US military communications, even trivial ones,
If you (or anyone) goes, I'm sure we'd all appreciate some
notes on what transpired. I understand 17 different bills are
being considered at this hearing, so don't blink or
you may miss it.
From: Derek Atkins[SMTP:[EMAIL PROTECTED]
Mail list logo