Re: depleting the random number generator

[Arnold G. Reinhold]

At 8:35 AM -0700 7/21/99, James A. Donald wrote:
--
At 09:24 PM 7/19/99 +0100, Ben Laurie wrote:
 So what you are saying is that you'd be happy to run your server
 forever on an inital charge of 128 bits of entropy and no more
 randomness ever?

Yes, though I would probably prefer an initial charge of 1684 bits of
entropy.  (the number of possible internal states of an RC4 state
machine used as a pseudo random number generator.)


One nice advantage of using RC4 as a nonce generator is that you can easily
switch back and forth between key setup and code byte generation. You can
even do both at the same time. (There is no need to reset the index
variables.) This allows you to intersperse entropy deposits and withdrawals
at will.

In particular, if you deposit the time of each entropy withdrawal, the
proposed denial of service attack that started this thread would actually
replenish a few bits of entropy with each service request.

In addition RC4 is simple, making the code easy to inspect, and about as
fast as you can get in software.


Arnold Reinhold

Re: If only you knew what we knew

[Ben Laurie]

"James A. Donald" wrote:
 
 --
 From time to time the spooks have a talk with various people about the
 restrictions on cryptography, and those people stop opposing the
 restrictions, and tell us "if only you knew what we knew"

i.e. how much dirt the spooks have on them :-)

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
 - Indira Gandhi

Re: House committee ditches SAFE for law enforcement version

[Declan McCullagh]

I'm going to sleep soon so let me try a short answer...

The House Rules committee decides what legislation will go to the House
floor, what amendments will be in order, and in what sequence they will be
presented (which is often very important). The House Rules committee is in
a practice an extension of the (Republican) leadership of the House, which
has expressed public support for SAFE, but has, as we say in DC, other
constituencies to consider as well.

Even SAFE's supporters envision a best-case scenario in which a reasonable
version of SAFE (read: no domestic controls beyond crypto-in-a-crime, some
export relaxation) goes to the House floor. But then killer amendments,
either along the lines of the president-can-do-whatever-he-wants Armed
Services version or one with domestic controls, will be in order and could
be attached to the bill on the floor.

So the real fight seems to be shaping up over the amendments.

Some House GOP leaders told me recently that they expected a floor vote
before the August recess (I put this in an article, but don't have the URL
offhand). This is now hardly likely, so look for something in the fall.

Keep in mind that there are reasonable arguments that no crypto legislation
is the best solution given the current politics -- and the other steps that
are necessary, such as approval by the more-conservative Senate and
overcoming a presidential veto. Anything that clears those hurdles is not
going to be what the industry really wants, I'll wager. And every version
of SAFE that I've read would make it much more difficult to challenge in
court on 1A grounds. So much for Bernsteinesque suits against SAFE if it
becomes law: You're outta luck.

-Declan


At 10:54 PM 7-24-99 -0400, Marc Horowitz wrote:
Declan McCullagh [EMAIL PROTECTED] writes:

 The sponsor of yesterday's amendment, Rep. Weldon, said that he wants to
 have a classified briefing //on the House floor// to scare members into
 voting his way. Look for killer amendments to SAFE to be offered during
 that floor vote, perhaps even ones with domestic controls.

Procedurally, what does he need to do to make this happen?  Can any
member of the house do it?  Can the Speaker do this on his own, does
it require a vote of the rules committee, the full house, or what?
Also, the Supremes often use legislative history when making rulings.
What would they do in a case like this?  Is there any precedent?

I'm wondering if there's some way to take advantage of having so many
cooks.  

Also, when was the last time there was a classified briefing on the
house floor like this?  I would think that something so unusual would
cause some eyebrows to raise even outside the pro-crypto community.