Re: KeyGhost

2000-06-19 Thread David Honig
At 05:55 PM 6/19/00 -0400, Lyle Seaman wrote: > >What I really want is a keyboard with a slight variation -- not a >KeyGhost but a KeySpook. It's a tamper-evident keyboard with a >built-in password-protected crypto engine, and a corresponding >driver for the OS. Um, one of those 8-bit stamp cp

Re: Extracting Entropy?

2000-06-19 Thread dmolnar
On Tue, 20 Jun 2000, Ben Laurie wrote: > Matt Blaze wrote: > > > > I should point out that this construction is not designed to obscure the > > input from the output (especially under differential probing), only > > to give you m output bits that depend (each in a different way) on > > the ent

Re: Extracting Entropy?

2000-06-19 Thread William Allen Simpson
-BEGIN PGP SIGNED MESSAGE- Ben Laurie wrote: > > OK, so if I've got a passphrase of arbitrary length, and I wish to > condense it to make a key of length n bits (n > 160), what's the > approved method(s) of doing that? > > I assume it goes without saying that we wish to preserve as much

Re: Extracting Entropy?

2000-06-19 Thread Peter Gutmann
Ben Laurie <[EMAIL PROTECTED]> writes: >OK, so if I've got a passphrase of arbitrary length, and I wish to >condense it to make a key of length n bits (n > 160), what's the >approved method(s) of doing that? PKCS #5 v2 probably contains the best key derivation mechanism, followed closely by TLS,

Re: Extracting Entropy?

2000-06-19 Thread Matt Blaze
> I'm not sure this is so good. In particular, it is entirely linear. > > The function f_{m,n} sending the one-bit input x to the one-bit output > H(m|n|x) is always linear in its input (it always has the form f_{m,n}(x) > = ax + b for appropriate a,b; the value of a,b depends on H,m,n but not >

Re: Extracting Entropy?

2000-06-19 Thread Ben Laurie
Matt Blaze wrote: > > I should point out that this construction is not designed to obscure the > input from the output (especially under differential probing), only > to give you m output bits that depend (each in a different way) on > the entire input. Perhaps I should add that as a requirement

Re: Extracting Entropy?

2000-06-19 Thread Matt Blaze
Well, this is not intended as a general hash function - in particular, the pattern of which input bits affect which output bits depends entirely on the hash function and the bit position and not on the actual input. You expect that flipping any one input bit will flip half the outputs, but its al

Re: KeyGhost

2000-06-19 Thread Lyle Seaman
> At 09:57 PM 6/18/00 -0400, Dave Emery wrote: > > One hopes that the US Customs Service and the other federal > >agencies involved in enforcing Title III of the Omnibus Safe Streets and > >Crime Control Act of 1968 (18 USC 2518) covering devices "primarily > >useful for the serreptitious i

Re: Extracting Entropy?

2000-06-19 Thread Matt Blaze
> OK, so if I've got a passphrase of arbitrary length, and I wish to > condense it to make a key of length n bits (n > 160), what's the > approved method(s) of doing that? > > I assume it goes without saying that we wish to preserve as much entropy > as we can, but I'll say it anyway. I've thoug

Re: Extracting Entropy?

2000-06-19 Thread Ben Laurie
Matt Blaze wrote: > > > OK, so if I've got a passphrase of arbitrary length, and I wish to > > condense it to make a key of length n bits (n > 160), what's the > > approved method(s) of doing that? > > > > I assume it goes without saying that we wish to preserve as much entropy > > as we can, but

Re: Extracting Entropy?

2000-06-19 Thread Matt Blaze
I should point out that this construction is not designed to obscure the input from the output (especially under differential probing), only to give you m output bits that depend (each in a different way) on the entire input. > > OK, so if I've got a passphrase of arbitrary length, and I wish to

Extracting Entropy?

2000-06-19 Thread Ben Laurie
OK, so if I've got a passphrase of arbitrary length, and I wish to condense it to make a key of length n bits (n > 160), what's the approved method(s) of doing that? I assume it goes without saying that we wish to preserve as much entropy as we can, but I'll say it anyway. Cheers, Ben. -- http

Re: KeyGhost

2000-06-19 Thread David Honig
At 09:57 PM 6/18/00 -0400, Dave Emery wrote: > One hopes that the US Customs Service and the other federal >agencies involved in enforcing Title III of the Omnibus Safe Streets and >Crime Control Act of 1968 (18 USC 2518) covering devices "primarily >useful for the serreptitious interceptio

[EFCE2K] very close to EFCE

2000-06-19 Thread R. A. Hettinga
--- begin forwarded text Date: Mon, 19 Jun 2000 13:21:44 +0100 To: "EFCE 2K Conference List" <[EMAIL PROTECTED]> From: Ian Grigg <[EMAIL PROTECTED]> (by way of Fearghas McKay) Subject: [EFCE2K] very close to EFCE Sender: <[EMAIL PROTECTED]> List-Subscribe: This might

ElGamal

2000-06-19 Thread Simon Mark Aronson
Am I right in thinking that ElGamal is entirely unencumbered by patents etc? Also, is there any good source of info for legal issues pertaining to distribution of crypto products in the UK? thanks si

[FYI] European Parliament will vote in july on inquiry committee on Echelon

2000-06-19 Thread Axel H Horns
http://www.heise.de/tp/english/special/ech/6852/1.html CUT - European Parliament will vote in july on inquiry committee on Echelon Jelle van Buuren 15.06.2000 Internal wrangling about procedural mistakes and rumours about B

Serp6f.c

2000-06-19 Thread Larry Weisberg
Does anyone have a Java equivalent of the older version of Serpent found in serp6f.c