rying
around the sheet of paper where your 20 PINs are all written
down.
Bear
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
On Tue, 5 Feb 2002, Eugene Leitl wrote:
>Things have been quiet on the "new algorithms" front for a few years.
>But at Crypto last August, Dan Bernstein announced a new design for a
>machine dedicated to NFS using asymptotically fast algorithms and
>optimising memory, CPU power and amount of pa
to NFS using asymptotically fast algorithms and
>> >optimising memory, CPU power and amount of parallelism to minimize
>>
> Bear Responds:
>> I really want to read this paper; if we don't get to see the
>> actual mathematics, claims like this look incredibly like
>
ap now, so yeah, that's probably the way to go.
Isn't Elliptic-Curve patent-encumbered?
Bear
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
other hand, RSA is not the only system
affected. The technique may work on Elliptic Curve systems
as well. Which of these sides is "better" and which "worse"
is something that you will have to work out depending on
your own perspective.
Bear
for
promotional appearances.
or, maybe, we can just leave it at "real artists have day jobs."
Bear
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
On Thu, 21 Mar 2002, McMeikan, Andrew wrote:
>A question and a probe.
>
>Question. Is it possible to have code that contains a private encryption
>key safely? Every way I look at it the answer seems no, yet some degree of
>safety might be possible by splitting an encrypting routine across sev
es, what is identity? For purposes
of your application, I mean -- no point to go off on philosophical
tangents. Answer that, and maybe there'll be a protocol that you
can use.
Bear
-
The C
ozen employees
and after trusting that many people, better crypto would add
essentially nothing to the businessman's security.
For a handy metaphor, you can think of a kilobit-keyed cipher as
a potentially weak link in Lucky's security (worth the
x27;s seems to have
gotten slower lately?
Bear
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
ding of a family wedding,
or an original computer-generated movie, or a demo video for my
buddy's band? 'Cause really, that's the problem as far as I'm
concerned; if the system prevents people from making and
distributing our *own* content with compatible hardware, then
it has to be
quot;true" bell curve -- which is going to be within
epsilon of your true distribution in most cases.
Nice application to privacy, though.
Bear
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
7, and narrow it to 27 to 32.
Etc by the time the guy has placed 20 orders they're
probably going to know his age to within one year.
Bear
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
(using a single
modular-power operation, which is relatively cheap) before it
checks the signature itself.
Bear
On Thu, 20 Jun 2002, Bill Frantz wrote:
>I have been thinking about how to limit denial of service attacks on a
>server which will have to verify signatures
ssive contracts and less financially desperate
on the whole than other artists, have been able to lead the curve in
creating art for the public -- but other kinds of artists need to
follow or the open-source movement is not going to get past this DRM
thing.
business with you if that person wants that
information to remain private.
Bear
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
check and see what it does; I want to
nail that mode of my CPU off so that no software can turn it
on EVER.
I'll skip the digital movies if need be, but to me "trusted
computing" means that *I* can trust my computer, not that
someone else can.
Bear
range your problem so
you don't need division, and you know the approximate size of
the bignums you'll be working with, it can speed things up
noticeably.
Bear
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
a key
dynamically.
Bear
On Wed, 3 Jul 2002, John Saylor wrote:
>Hi
>
>I'm passing some data through a web client [applet-like] and am planning
>on using some crypto to help ensure the data's integrity when the applet
>sends it back to me after it has bee
nexcusable IMO to still be having buffer overflows.
Bear
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
put, and wants
>to use it to make some predictions about the next 60 bits of
>output. She uses the 100 bits to "see back into" the
>hypothetical simple-hash function, learn something about the
>input thereof, and then pushes that forward again through the
>simple-hash
e did not prove
anything about A unless given ~C and we did not prove anything
about C regardless of our assumptions about A.
Bear
-
The Cryptography Mailing List
Unsubscribe by sending "
ot; is going to have to have some skeleton keys
in his or her toolbox, just in order to do legitimate business.
Bear
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
t which is more valuable than movie
tickets, what you want is a protocol that ensures no one using the
data ever has sufficient information to reconstruct more of it
than their particular licit use of it requires.
Bear
-
On 10 Aug 2002, Eric Rescorla wrote:
>It's generally a bad idea to sign RSA data directly. The RSA
>primitive is actually quite fragile. At the very least you should
>PKCS-1 pad the data.
>
>-Ekr
This is true. Cyclopedia Cryptologia has a short article detailing
some of the attacks against di
. They'll get
their asses handed to them on a platter.
Bear
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
n the best amateurs
any more - and I doubt they ever have.
I am an extremist. That's me under the banner that says
"Real Artists Have Day Jobs and Real Computers Can Copy Files."
Bear
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
t and can never be
made secure.
Now, you're talking about a system that gives people the opportunity
to HIDE THE CODE, and telling us that's security?! What the hell
are you smoking?! You are confusing real security mistakes with the
ability to DETECT real security mistakes!
revent any
code from being read by any software.
Bear
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
any other
applications. And as long as IE is actually separate from your
OS (if you're running it on your Mac, or under WINE from Linux,
for example), it shouldn't give him/her access to anything
inside the OS.
Bear
-
On Thu, 29 Aug 2002, John S. Denker wrote:
>bear wrote:
>> Given that, I think a cracker could subvert IE normally, but that
>> wouldn't result in any access to the protected space of any other
>> applications. And as long as IE is actually separate from your
>
p track of prefiguration states.
I'm not a quantum physicist; I could be wrong here. In
fact, I'm probably wrong here. But can anyone explain
to me *why* I'm wrong here?
Bear
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
hat these people are any more
trustworthy than those whose actions you decry. The only
difference is that the scale of abuses which can be perpetrated
by them is staggeringly large compared to the minor abuse of
someone copying a song or running a program out of licen
kens inserted; just the thing for mutually
suspicious parties to store confidential shared data on.
Anyway; it's nothing particularly great for remote authentication;
but it's *extremely* cool for local authentication.
Bear
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
de on the basis of whether or not they make this promise.
Basically, they're offering something they didn't have to offer
in order to release it under the OpenSSL license; if they'd
simply released it under the OpenSSL license, you'd have fewer
options, not more.
minimum security they are
requiring. But experience shows that people willing to
reject self-signed certs and poor ciphers always seem to
be willing to accept the even poorer cipher named plaintext.
This is completely irrational; either you need security or
you don't.
't seem to involve
code talkers, and appeared to be entirely fictional... --Perry]
Bear
On Wed, 2 Oct 2002, Bill Frantz wrote:
>While vacationing in Scotland this summer I had a conversation with a
>gentleman who said that the British had used Scottish Gael
than the strongest (we
use whizbang patented strong encryption algorithm!) that
determines security. It's basically a matter of consumer
protection, and it's really something that security and crypto
people need to do within the industry. It has to be within
the industry, because this is stu
On Tue, 22 Oct 2002, Wei Dai wrote:
>On Tue, Oct 22, 2002 at 11:09:41AM -0700, bear wrote:
>> Reviewing his files, Bob
>> finds that he has a January 21 document and a September 30
>> document which have the same MAC.
>>
>> What does Bob do now? How does this
#x27;t afford to annoy users enough (or require them to
think enough) to get that level of security.
Bear
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
mpt her to revoke it). Reviewing his files, Bob
finds that he has a January 21 document and a September 30
document which have the same MAC.
What does Bob do now? How does this get Bob the ability to
create something Alice didn't sign, but whic
ptimizing the snot out of it
and abstracting away operations that don't add security, in
order to make it fast enough to be competitive - after
which it might bear only a dim resemblance to the hard problem
that inspired it anyhow.
Offhand, I'd say that since it isn't a practical c
be long gone.
Check history. There is a long list of companies that made cipher
machines or invented ciphers, patented them, and went broke. It isn't
a coincidence, nor a recent development.
Bear
r admitted to me that they were wrong,
I noted that in their next patch release, it was listed number
one in the list of critical bugfixes.
Bear
(who now notes that the company is no longer extant)
---
postmarks will still cost money, but the software to get them from
USPS doesn't have to be as proprietary or restricted as microsoft is
undoubtedly making theirs) it could become very useful. If it becomes
widespread, I might start discarding unread all email from parties
unknown to me that d
out so that porting it becomes just a matter of providing a few
definitions in a well-documented file.
If something still has porting problems, I'd say it hasn't been
ported enough.
Bear
-
The
mous money. That's one of the reasons I
advocate the "everyone is potentially a mint" model -- the expenses of
issue, and the cost of doing business uphill against trust until one's
issue is trusted, should be shared in something like equal proportions
by people who un
t they have a different motive. Therefore
the public skepticism regarding the truth of their assertions about
their motivations seems fairly solidly grounded on fact.
Bear
( who likes a fair amount of stuff that is only
that affect one
another, then effective opposition to global unity may be reduced, and
we can all become better servants and markets to our corporate
masters.
All power to the dromedariat!
Bear
PS. If you happen to be mentally defective, you may not recog
ormation to assure that the keypair is not
contain a "weak key" if the encryption algorithm has weak
keys.
Encrypt(Encrypt(P, Kbob), Kalice) = P
Encrypt(Encrypt(P, Kalice), Kbob) = P
Bear
--
ication date of the pamphlet I
saw it in if I can find it around here.
Bear
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
ot; breaches would
be valuable reading material for security consultants, HR
staff, employers, designers, and psychologists. It's not
actually the study of cryptography, but it's a topic near
and dear to the heart of those who need security, just as
Matt's paper on
27;s hard to swallow, because even consumers ought not to
be that stupid. But it's even worse than that, because people who
ought to know better (and people who *DO* know better, their own
ethics and customers' best interests be damned) are even *DEVELOPING*
for this
ng attacks and several other failure modes if
used without padding. For details on what that means, read the
cyclopedia cryptologia article on RSA.
http://www.disappearing-inc.com/R/rsa.html
Bear
---
tle fleet. Appalling does not being to
>describe it].
Battlefield systems have been that way forever. Battlefield
information only has to remain secure for a few seconds to a few
hours, and they exploit that to the max in making the systems flexible
and fast enough for actual use. You want ap
Actually, it is re-using a pad, exactly. It's just a pseudorandom
pad (stream cipher) instead of a one-time pad.
And while WEP had problems, it didn't have that particular problem.
New messages with the "same" key would use a later chunk of
, natural law party, and
communist party all offer you a bottle of beer for a record of your
vote for them next year, there's no reason why you shouldn't go home
without a six-pack.
Bear
-
ded to purge it before
sticking it back in your wallet. The guy would enter his PIN,
stick the card in the PCMCIA slot, and the machine would unlock.
Slick little device, actually.
Now can we get one that uses more than 5 digits for a key?
Bear
-
eaks - just throw a cpu at it and you're done.
Bear
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
s from now will be
deployed according to the decisions we make about such systems
now.
Bear
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
it a one-pass operation. I'd
be surprised if they don't then "scan" routinely as people go through
the security booths in airports, and if you've been scanned before
they make sure it matches, and if you haven
ully anonymous transactions; it leaves them holding the bag if
anything goes wrong. Anonymous transactions require a different
market, which has barely begun to make itself felt in a meaningful way
(read: by being willing to pay for it) to anyone who has pockets deep
enough to do the development.
tity to others.
"I know this guy. We spent a couple years working on X together."
is different in kind from "I met this guy once in my life, and he
had a driver license that said his name was mike."
Bear
---
On Tue, 25 Mar 2003, Ian Grigg wrote:
>On Monday 24 March 2003 19:26, bear wrote:
>> him running roughshod over the law. He set up routing tables
>> to fool DNS into thinking his machine was the shortest distance
>> from the courthouse where she worked to her home ISP a
s to have more
appeal to people in protecting financial transactions and the
former to people who are more concerned about personal privacy.
Bear
-
The Cryptography Mailing List
Unsubscribe by se
hosen.
Of course the consumer gets to make that choice. I can go into my browser's
keyring and delete root certs that have been sold, ever. And I routinely
do. A fair number of sites don't work for me anymore, but I
On Tue, 25 Mar 2003, Ian Grigg wrote:
>On Tuesday 25 March 2003 12:07, bear wrote:
>But, luckily, there is a way to turn the above
>subjective morass of harm into an objective
>hard number: civil suit. Presumably, (you
>mentioned America, right?) this injured party
>
67 matches
Mail list logo