--- begin forwarded text
Delivered-To: [EMAIL PROTECTED]
Date: Fri, 24 Jun 2005 20:08:37 -0400
To: Philodox Clips List [EMAIL PROTECTED]
From: R.A. Hettinga [EMAIL PROTECTED]
Subject: [Clips] FINCEN's SARs: IRS probing possible data security breaches
Reply-To: [EMAIL PROTECTED]
Sender:
On 6/24/05, Perry E. Metzger [EMAIL PROTECTED] wrote:
For the record, the guys at Fidelity Investments have always seemed to
me to have their act together on security, unlike lots of other
A few years ago I did some consulting at Fidelity Investments, writing
code to spider their own websites
At 02:44 AM 6/20/2005, Peter Gutmann wrote:
Stephan Neuhaus [EMAIL PROTECTED] writes:
Concerning the practical use of AES, you may be right (even though it would
be nice to have some advice on what one *should* do instead).
Would switching to triple-AES (or double-AES) or something help?
Yeah,
Victor Duchovni wrote:
(b) Is there a better way to scramble the timing of an AES operation
without going to the last resort of padding everyting to worst-case timing?
Perhaps something along the lines of:
Provably Secure Masking of AES: http://eprint.iacr.org/2004/101.pdf
Just found
Here's an amusing example of optimization: On the PowerPC 7450 (G4e),
integer multiplication is faster by one cycle if the second operand is
between -131072 and 131071. Ever use multiplication in cryptography?
Jerrold Leichter writes:
There are only a couple of roads forward:
- Develop
Jon Callas writes:
So let's conduct a small thought experiment. Take the set of timings T,
where it is the timings of all possible AES keys on a given computer.
(It's going to be different depending on cpu, compiler, memory, etc.)
Order that set so that the shortest timing is t_0 and the
| Suppose you have something that is inadvertently an
| oracle - it encrypts stuff from many different users
| preparatory to sending it out over the internet, and
| makes no effort to strongly authenticate a user.
|
| Have it encrypt stuff into a buffer, and on a timer
| event, send out the
--- begin forwarded text
Delivered-To: [EMAIL PROTECTED]
Date: Sat, 25 Jun 2005 09:20:49 -0400
To: Philodox Clips List [EMAIL PROTECTED]
From: R.A. Hettinga [EMAIL PROTECTED]
Subject: [Clips] [p2p-hackers] WPES 2005: Deadline extension (June 30)
Reply-To: [EMAIL PROTECTED]
Sender: [EMAIL
On Thu, 23 Jun 2005, Jerrold Leichter wrote:
Consider what it means to create an optimizing compiler (or some
kind of opti- mization in hardware - the issues are the same, but
I'll talk in terms of a compiler for definiteness.) The input is
source code; the output is a bunch of
On 6/21/05, Florian Weimer [EMAIL PROTECTED] wrote:
Also there are several attacks on Chip n' PIN as deployed here in
the UK, starting with the fake reader attacks - for
instance, a fake reader says you are authorising a payment for
$6.99 while in fact the card and PIN are being used to
--
James A. Donald:
Suppose you have something that is inadvertently an
oracle - it encrypts stuff from many different users
preparatory to sending it out over the internet, and
makes no effort to strongly authenticate a user.
Have it encrypt stuff into a buffer, and on a timer
11 matches
Mail list logo