Re: NSA on AES2
"Hardware Performance Simulations of ..." is an exercise in irrelevance. NSA (hi, guys, tough stuff these remailer chains ?) wants us to believe that if a cypher is 2x faster in someone's implementation than some other cipher's implementation on the same process, then that is a criteria for selection. Or that it matters in any way. No shit. And now time will be spent on these evaluations, and presented in color slides, with bar graphs and pie charts, right ? While crypto celebrities chant in the background. ROT-13 is not in the contest, is it ? First, encryption is one of the most computation-intensive tasks in mass use (so meterological models and similar do not count). More cycles per bit processed usually means that brute forcing the cypher is harder. Burning cycles is a part of being a cipher (not sufficient, of course.) Second, what we really want to know is what NSA knows about candidates that we will find out in 20 years (that's what happened with DES.) And third, are Feistel nets doomed (cryptanalyzed) ? Looking at the history of crypto, it's about the time for the major paradigm shift. Unselfish help in creating AES by the agency whose sole purpose is to read traffic is a clear sign that something is ROTten. Would you buy a radar detector from highway patrol ?
RE: NSA on AES2
-- From: No User[SMTP:[EMAIL PROTECTED]] "Hardware Performance Simulations of ..." is an exercise in irrelevance. NSA (hi, guys, tough stuff these remailer chains ?) wants us to believe that if a cypher is 2x faster in someone's implementation than some other cipher's implementation on the same process, then that is a criteria for selection. Or that it matters in any way. No shit. Yes, speed in hardware matters. While there has been a lot of groups studying performance in software, far fewer have looked at HW implementations. Don't try to argue that Moore's law will solve the problem; people's hunger for bandwidth grows faster - if you want to encrypt a gigabit VPN at a corporate firewall, or megabit connections to a G3 (video) cellphone, going the HW route is very cost-effective. I'm glad that the NSA is looking at this - it's not as if no one else is allowed to, or that the AES selection process will place undue credibility on their reccomendations. [...] First, encryption is one of the most computation-intensive tasks in mass use (so meterological models and similar do not count). More cycles per bit processed usually means that brute forcing the cypher is harder. Burning cycles is a part of being a cipher (not sufficient, of course.) [As someone on this list used to say, he who will not do arithmetic is doomed to speak nonsense]. Beyond a certain key length, brute force ceases to be an interesting attack. Consider: 18 months ago, distributed.net and Deep Crack found a 56 bit DES key in 23 hours, searching 24% of the key space. There is also a 64 bit RC5 challenge underway at distributed.net. D.net is almost 25% of the way through that one, but it's taken 2.5 *years* to do so. With a 128 bit key, even if you could test 1key/cycle on a billion 1GHz processors, it would take trillions of years to get to the 25% mark. The protons will decay before that happens. Second, what we really want to know is what NSA knows about candidates that we will find out in 20 years (that's what happened with DES.) What we know about DES and the NSA is: They greatly strengthened the S-boxes against differential analysis, a technique not in the open literature at the time. They did not strengthen it against linear analysis - perhaps they did not know about it. The key was shortened from 64 to 56 bits: a move which many believe, then and now, was to allow the NSA to build key-crackers (though I've heard arguments that the extra 8 bits in the original Lucifer design did not add to the security of the cipher). And third, are Feistel nets doomed (cryptanalyzed) ? Looking at the history of crypto, it's about the time for the major paradigm shift. Unselfish help in creating AES by the agency whose sole purpose is to read traffic is a clear sign that something is ROTten. Would you buy a radar detector from highway patrol ? Free-floating paranoia over the NSA's unknown level of cryptanalytic superiority is easy to throw around, but where's the evidence? The AES design process is so open compared to the DES design process (which produced a pretty damn good cipher for it's time), and so many more independent groups are taking part, that it's a reasonable bet that it would be very hard for the NSA to spike the process. No one is going to passively accept changes reccomended by the NSA. If you have particular concerns about Feistal networks, reveal them. Calling for a 'major paradigm shift' to some new, unspecified, and unanalyzed system is not helpful. Peter Trei [EMAIL PROTECTED] Disclaimer. The above is my personal opinon, and does not neccesarily represent that of my employer. In the interests of openess, be aware that my employer is sponsoring one of the AES finalists (RC6). pt
(Fwd) biometrics
I just read schneirs latest cryptogram and it brought out a few issues I have been thinking about for a while wrt biometrics. at http://www.counterpane.com/insiderisks1.html he says: "Biometrics are unique identifiers, but they are not secrets. You leave your fingerprints on everything you touch, and your iris patterns can be observed anywhere you look. " Has there been any work that anyone knows of applying anonymous digital cash style blinding algorithms to biometric databases? Is this feasible? ie, coupled with a passphrase or a smart card or both, can a biometric database be constructed so that the data is blinded and your biometric data cannot be stolen and used without knowing the blinding factor (presumably kept safe).
Metallica lawyer on Napster users: 'Most of these people were lying'
From my "There's safety in numbers" file... May 16, 2000 12:18 PM PT Metallica will not sue the Napster users who say they were mistakenly banned from the music download site, the rock band's lawyer Howard King said Tuesday. "It's simply unrealistic to sue 30,000 people -- it's economically ridiculous, " King said. "That doesn't mean you didn't commit a crime if you don't get sued. ... Maybe one or two or three of these 30,000 people were erroneously named. Most of these people were lying, probably all of them." Full story to follow. -- Marilynn Wheeler, ZDNet News IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages. Get your FREE, totally secure email address at http://www.hushmail.com.
Special Invitation
Congratulations! Megaporn.com is giving you one month free that's ten pornsites for 30 days FREE You have received this email because you were a member of the Erotica family once and we want you back We have randomly selected a chosen few for this one time special offer. We guarantee you will never find a better deal than this! That's right first 30 days free and your membership will then renew for only $9.95 a month for as long as you wish, that's a savings of $60 a month. It doesn't get any better than this! This is no joke you have been randomly selected from our database to win 30 days FREE and after your free 30 days, you only pay $9.95 a month until you decide to cancel, but remember this is a one time offer so take advantage of it now! And let the good times Roll. Membership to Megaporn.com includes Erotica.com Asiankitty.com Strokmag.com Tranzone.com Do-me-live.com Newnymphos.com Babyonboard.com Agedladies.com Queensize.com And all of our new content Pam Tommy video Houston 's gangbang as seen on Howard Stern Minx Manor Live voyeur house Geisha house Casting couch New online Magazines Tons of new Pictures, Videos, and live feeds Too much to list so what are you waiting for click on the link below for your Special deal. go to http://www.secure-billing.net/cdjoin2.asp?sitename=megapornpromoid=91330. Thank you and we hope to see you back at Erotica again very soon.
In a wireless world, wiretaps are bigger and better than ever.
[In the early '70s a friend and her husband (who was an active, though not successful cocaine dealer) fell on hard times. They eventually stopped paying their telephone bills. Months later, with an unpaid balance in the thousands, the phone still hadn't been disconnected. In fact, they hadn't even been notified of an impending disconnection. A coincedence? I think not. So for those of you involved in dubious activities. One test of whether your phones may be tapped is to stop paying the bill.ay not have long to wait.] By Kevin Poulsen May 15, 2000 6:16 AM PT If you were to list the many fine attributes typically associated with the FBI, technological prescience wouldn't normally make the top ten. But I need only walk down the street to see just how forward-looking the bureau has been with their wiretapping work. http://www.infosecuritymag.com/securitywire/ IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages. Get your FREE, totally secure email address at http://www.hushmail.com.
RE: NSA on AES2
The point of a cypher is to be secure. Ability to encrypt OC192 is not a substitute. While I agree that NSA did a great con job on crypto community, that is not a reason not to do the best one can. You fear that we are playing with broken toys and wasting our time. What else is there to do ? Use of one time pad is not yet a practical option for general public, and those in need already use it. Other countries will probably follow Japan and design their own 256 bit Feistels - AES reeks far too much of USG presence. This will create some interesting interoperability issues, especially if banksfollow the suite and start doing custom designs. Anyone interested in a Crypto Gateway startup ?
nuovi visitatori?
Title: Siete interessati ad inviare via e- volete inviare via e-mail la vostra proposta commerciale a persone ed aziende interessate ai vostri prodotti? disponiamo di una banca dati mondiale di e-mail di consumatori e possiamo invitarli a visitare il vostro sito. per maggiori informazioni: WB MARKETING [EMAIL PROTECTED] 02 89546192 Questa è attualmente la promozione più efficace ed economica
Re: (Fwd) biometrics
: And the advantage of using this over using passphrases is what, exactly? Well biometrics have some nice properties that make them hard to forge or lose, but the one of the problems schneir points out is that if your biometric data is kept in a database and that is compromised, its a lot worse than a password database being compromised, because you can't be issued with a new face, or fingerprint etc. I was wondering if there is a protocol that can keep the data in the database blinded, so that if it is stolen, it is useless. The blinding factor could be in a smart card, or passphrase dependent or both, adding another level of security. I am unsure if it is feasible, of if it resolves to a 'trusted client' type situation, where at some stage the biometric must be in the clear.
RE: NSA on AES2
At 01:54 PM 05/16/2000 -0600, Anonymous wrote: look no further than DES. Whit Diffie (see his forward to 'Cracking DES') was speculating about bruting DES from *before* the day it was published in 1975. Read Weiner's 1993 paper on building Last year I heard Diffie say (at PECSENC meeting) that "Exportable means breakable" AES is exportable, I assume. Do you agree with Diffie ? The rules have changed since Diffie made that statement; at the time it was definitely true, except to the extent that special people could get special permission for limited-use exports (e.g. banks could export 3DES gear, because the Feds understand that they don't want large amounts of money to leak away, and because banks have to tell the Feds whatever they want anyway.) The current rules, as Peter points out, are confusing and byzantine, but almost anybody can export real crypto almost anywhere now, at least if they get permission, which the Feds are supposed to grant. The AES candidates were designed in a reasonably open process, with the expectation that the export rules would either fall entirely, or else be relaxed at least to the point that banks and big companies could export crypto. The openness was partly for the usual crypto reasons (can't trust something that hasn't been well-analyzed), and partly to avoid the decades of FUD about secret NSA backdoors that plagued DES. Some of the design teams even have (gasp!) non-Americans in them. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
