Re: What would you like to see in a book on cryptography forprogrammers?
On Today, dmolnar wrote: [Hi, David!] On Thu, 10 Aug 2000, Michael Paul Johnson wrote: What would you like to see covered in a practical book on cryptography for programmers? [snip] Especially examples of tempting, but wrong, things to do. Perhaps this is a pet peeve of mine... In the tempting-but-wrong category, one could include samples of the insecure systems that result when programmers with no cryptanalysis background create their own cryptographic algorithms. The newsgroup sci.crypt is rife with examples; look for authors who only posted a few times. The last such system I remember seeing was a reinvention of the Vignere cipher; before that, I seem to recall an autokey system; somewhat earlier a "one time pad" with a pseudorandom number generator (a LCG or LSFR, I think) appeared. Some footnotes indicating the century in which the system was invented and broken might reinforce the point. -- -William PGP key: http://www.eskimo.com/~rowdenw/pgp/rowdenw.asc until 2001-02-01 Fingerprint: B6E5 9732 3464 97C8 2B70 A031 6BF6 9E5C 16B5 C4000 Of all the gin joints in all the towns in all the world, she walks into mine.
DCSB: Hapgood and Johansson; Post-Napster Models for Digital Commerce (and a special announcement!)
--- begin forwarded text Date: Fri, 11 Aug 2000 10:39:53 -0400 To: [EMAIL PROTECTED], [EMAIL PROTECTED] From: "R. A. Hettinga" [EMAIL PROTECTED] Subject: DCSB: Hapgood and Johansson; Post-Napster Models for Digital Commerce (and a special announcement!) Cc: "Eric S. Johansson" [EMAIL PROTECTED], "Fred Hapgood" [EMAIL PROTECTED], Zulfikar Ramzan [EMAIL PROTECTED], Nicko van Someren [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Reply-To: "R. A. Hettinga" [EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- [Please note the special DCSB 5th Anniversary announcement at the bottom of this message. --RAH] The Digital Commerce Society of Boston Presents Fred Hapgood and Eric Johansson presenting "Post-Napster Business Models for Digital Commerce" Tuesday, September 5th, 2000 12 - 2 PM The Downtown Harvard Club of Boston One Federal Street, Boston, MA The Club's Dress Code is Business Casual Fred Hapgood and Eric Johannson will examine various ideas claiming to represent "online business models for the post- Napster music industry." These include paid admission to interactive online performances, an "official Napster", and systems based on voluntary payments. Attention will be given to how systems based on voluntary payments might work, what kinds of business models make sense in a voluntary payment context, and the implications of voluntary payment structures for other intellectual property issues. Fred Hapgood is a free lance writer specializing in business technology issues and trends. Eric Johansson has over 20 years of high level system and software design experience, with particular emphasis on Internet system design. For the past five years, Eric has headed Internet Guide Services, specializing in the design, configuration, and remediation of complex Internet-based systems. Among others, his clients have included EGG, BBN, AllMedia Solutions, ZipLink, and Harvard Pilgrim Health Care. He has extensive experience with UNIX systems, Internet server configuration/design, and communication architectures. Prior to founding Internet Guide Service, Eric held senior-level engineering positions with Polaroid Corp., Wang Laboratories, Ziff-Davis, and Computervision. This meeting of the Digital Commerce Society of Boston will be held on Tuesday, September 5th, 2000, from 12pm - 2pm at the Downtown Branch of the Harvard Club of Boston, on One Federal Street. The price for lunch is $35.00. This price includes lunch, room rental, A/V hardware if necessary, and the speakers' lunch. The Harvard Club has relaxed its dress code, which is now "business casual", meaning no sneakers or jeans. Fair warning: since we purchase these luncheons in advance, we will be unable to refund the price of your meal if the Club finds you in violation of what's left of its dress code. We need to receive a company check, or a money order, (or, if we actually know you, a personal check) payable to "The Harvard Club of Boston", by Saturday, September 2nd, or you won't be on the list for lunch. Checks payable to anyone else but The Harvard Club of Boston will have to be sent back. Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston, Massachusetts, 02131. Again, they *must* be made payable to "The Harvard Club of Boston", in the amount of $35.00. Please include your e-mail address so that we can send you a confirmation If anyone has questions, or has a problem with these arrangements (We've had to work with glacial A/P departments more than once, for instance), please let us know via e-mail, and we'll see if we can work something out. Upcoming speakers for DCSB are: October Birthday Cake and Champagne DCSB 5th Anniversary NovemberZully Ramzan and Nicko van Someren "A Micropayment Shootout" As you can see, :-), we are actively searching for future speakers. If you are in Boston on the first Tuesday of the month, are a principal in digital commerce, and would like to make a presentation to the Society, please send e-mail to the DCSB Program Committee, care of Robert Hettinga, mailto: [EMAIL PROTECTED]. - Special Announcement! DCSB Turns Five on October 3rd When we started the Digital Commerce Society of Boston (originally the Boston Society for Digital Commerce, we made the name more, um, instantiable, a couple of months later) at lunch on Tuesday, October 3rd, 1995 it was barely proper to consider actually *selling* anything on the internet at all. In the beginning of 1995, most of us figured that *maybe* a few tens of millions of dollars in transactions would be executed on the internet that year. Of course, we all know what happened: at least $150 million was executed on the net in 1995, billions
Re: What would you like to see in a book on cryptography for programme
William Rowden writes: In the tempting-but-wrong category, one could include samples of the insecure systems that result when programmers with no cryptanalysis background create their own cryptographic algorithms. Yes, and let us hope that Michael Paul Johnson resists the temptation to plug his own home-grown ciphers, Sapphire and Diamond. Hopefully he'll realize that including his own ciphers in the book will ruin what little credibility he has as an author.
Re: Book on cryptography for programmers
In case you haven't figured it out, yes, I am seriously contemplating writing such a book. Please keep the good ideas coming. Oh, good. All of the discussion of algorithms is fine, but it seems to me that the most important topic in such a book is how to avoid building yet another crypto system with a ten-ton steel door and a cardboard back wall. I would include some horror stories of failed crypto, and perhaps a few pages on how crypto systems are broken or subverted. Also, you might develop a check list of do's and dont's, e.g.: * Don't try to invent a new crypto systems. Amateurs can't write secure crypto systems, as often as not professionals can't either. * Don't "improve" an existing system. * Do remember that "random" numbers usually aren't, and no amount of massaging them will fix that. * Don't assume that bad guys won't be able to read your source code. * Do have an explicit threat model so you understand why you're developing a crypto program in the first place. People obsess over credit card numbers being stolen in transit over the net, but the real threats are poorly secured DBMS back ends and merchant sites that are not what they appear to be. (Check out www.mcgrawhill.com, for example.) * Do be lazy. Before you try to write a network crypto package, for example, see if you can piggyback on SSL. SSL has its problems, but it's probably better than something you'll invent. * Do consider usability. If a crypto system issues 25 character random passwords every week, the passwords will all be written on post-its stuck on people's screens. If there's a rule not to do that, the post-its will move into the desk drawer. * Don't be seduced into doing something foolish for usability's sake, e.g., self-extracting executables with alleged encrypted data inside. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
Re: Book on cryptography for programmers
On Fri, 11 Aug 2000, John R Levine wrote: * Don't try to invent a new crypto systems. Amateurs can't write secure crypto systems, as often as not professionals can't either. By the way, I would extend this to include "don't try to write your own new crypto code, unless you really, really have to." Also something on how to find and use test vectors.
Re: What would you like to see in a book on cryptography for programme
At 07:20 PM 8/11/00 +, lcs Mixmaster Remailer wrote: William Rowden writes: In the tempting-but-wrong category, one could include samples of the insecure systems that result when programmers with no cryptanalysis background create their own cryptographic algorithms. Yes, and let us hope that Michael Paul Johnson resists the temptation to plug his own home-grown ciphers, Sapphire and Diamond. Hopefully he'll realize that including his own ciphers in the book will ruin what little credibility he has as an author. Actually, I'd rather publish your credible cryptanalysis of those ciphers, if you care to enlighten us. Lacking that, I'll see if I can egg someone else on to do so by writing about them, too. I'm not as concerned about what one anonymous person thinks about my credibility as I am about advancing the state of the art of computer cryptography and making it more accessible to the average programmer. I think that involves a balance where I will promote the best ciphers (i. e. the AES finalists), but also explain the design, analysis, and limitations of my own ciphers. Who else could explain them as well? Seriously, if you know of a real weakness in either the Sapphire II Stream Cipher or the Diamond 2 Block Cipher, please let us all know on this list, especially me. I honestly don't know of one, but I openly admit that I could have missed something. Do I write about these ciphers being victorious over your scrutiny, or about their demise? Either one has value. ___ Michael Paul Johnson [EMAIL PROTECTED]http://ebible.org/mpj
Re: Book on cryptography for programmers
At 04:00 PM 8/11/00 -0400, dmolnar wrote: On Fri, 11 Aug 2000, John R Levine wrote: * Don't try to invent a new crypto systems. Amateurs can't write secure crypto systems, as often as not professionals can't either. By the way, I would extend this to include "don't try to write your own new crypto code, unless you really, really have to." Also something on how to find and use test vectors. Good suggestions. Actually, I think that rather than a flat-out "don't try to write your own," a listing of what it takes to do it right, together with pointing out the existence of free or inexpensive libraries that already do what you want to do, should be most effective. The same goes for cipher design. Some people actually do it well, but only after they have studied what was done before, tried cracking a few, etc. I'd really like to get people to think about sensitive data life cycles, too. Good cryptography can be so easy to defeat with simple blunders in applications. ___ Michael Paul Johnson [EMAIL PROTECTED]http://ebible.org/mpj
Final Program CHES 2000
--- begin forwarded text Date: Fri, 11 Aug 2000 08:48:43 -0400 (EDT) From: Christof Paar [EMAIL PROTECTED] To: CHES Workshop: ; Subject: Final Program CHES 2000 Sender: [EMAIL PROTECTED] Reply-To: Christof Paar [EMAIL PROTECTED] FINAL PROGRAM CHES 2000 --- Workshop on Cryptographic Hardware and Embedded Systems Worcester Polytechnic Institute Worcester, Massachusetts, August 17-18, 2000 http://ece.wpi.edu/Research/crypt/ches --- === WEDNESDAY, AUGUST 16th == 5:00 - 10:00 pm REGISTRATION AND RECEPTION Evening Registration and Reception at Atwater Kent Building, WPI (Shuttle Service will be provided between WPI, the Crowne Plaza Hotel and the Courtyard Marriott Hotel) === THURSDAY, AUGUST 17th === 7:00 - 8:45 am REGISTRATION AND CONTINENTAL BREAKFAST Registration at Atwater Kent Building, WPI Continental Breakfast (Shuttle Service will be provided between WPI, the Crowne Plaza Hotel and Courtyard Marriott) 8:45 - 9:15 am WELCOME Welcome by Jack Carney (Provost, WPI) Introductory remarks by Cetin Koc and Christof Paar 9:15 - 9:55 am INVITED TALK Alfred Menezes, University of Waterloo, Canada Elliptic curve cryptography in constrained environments. 9:55 - 10:55 am IMPLEMENTATION OF ELLIPTIC CURVE CRYPTOSYSTEMS S. Okada, N. Torii, K. Ito, and M. Takenaka. Implementation of elliptic curve cryptographic coprocessor over GF(2^m) on FPGA. G. Orlando and C. Paar. A high-performance reconfigurable elliptic curve processor for GF(2^m). J. W. Chung, S. G. Sim, and P. J. Lee. Fast implementation of elliptic curve defined over GF(p^m) on CalmRISC with MAC2424 coprocessor. 10:55 - 11:15 am BREAK 11:15 - 12:35 pm POWER AND TIMING ANALYSIS ATTACKS A. Shamir. Protecting smart cards from passive power analysis with detached power supplies. R. Mayer-Sommer. Smartly analyzing the simplicity and the power of simple power analysis on Smartcards. M. A. Hasan. Power analysis attacks and algorithmic approaches to their countermeasures for Koblitz curve cryptosystems. W. Schindler. A timing attack against RSA with the Chinese Remainder Theorem. 12:35 - 2:00 pm LUNCH BREAK 2:00 - 3:20 pm HARDWARE IMPLEMENTATION OF BLOCK CIPHERS A. Dandalis, V. K. Prasanna, and J. D. P. Rolim. A comparative study of performance of AES final candidates using FPGAs. C. Patterson. A dynamic FPGA implementation of the Serpent Block Cipher. S. Trimberger, R. Pang, and A. Singh. A 12 Gbps DES Encryptor/Decryptor core in an FPGA. H. Leitold, W. Mayerwieser, U. Payer, K. C. Posch, R. Posch, and J. Wolkerstorfer. A 155 Mbps triple-DES network encryptor. 3:20 - 3:40 pm BREAK 3:40 - 5:00 pm HARDWARE ARCHITECTURES J. Goodman and A. Chandrakasan. An energy efficient reconfigurable public-key cryptography processor architecture. J. Groszschaedl. High-Speed RSA Hardware based on Barret's Modular Reduction Method. C. Walter. Data integrity in hardware for modular arithmetic. T. Kato, S. Ito, J. Anzai, and N. Matsuzaki. A design for modular exponentiation coprocessor in mobile telecommunication terminals. 6:00 - 9:00 pm CHES BANQUET 7:00 - 9:00 pm Shuttle Service will be provided between WPI, the Crowne Plaza Hotel and Courtyard Marriott === FRIDAY, AUGUST 18TH == 8:00 - 9:00 am REGISTRATION AND CONTINENTAL BREAKFAST Registration at Atwater Kent Building, WPI Continental Breakfast (Shuttle Service will be provided between WPI, the Crowne Plaza Hotel and Courtyard Marriott) 9:00 - 9:40 am INVITED TALK David Naccache, Gemplus, France. How to explain side channel leakage to your kids. 9:40 - 10:40 am POWER ANALYSIS ATTACKS J.-S. Coron and L. Goubin. On Boolean and arithmetic masking against differential power analysis. T. S. Messerges. Using second-order power analysis to attack DPA resistant software. C. Clavier, J.-S. Coron, and N. Dabbous. Differential power analysis in the presence of hardware countermeasures. 10:40 - 11:00 am BREAK 11:00 - 12:00 pm ARITHMETIC ARCHITECTURES H. Wu. Montgomery multiplier and squarer in GF(2^m). E. Savas, A. F. Tenca, and C. K. Koc. A scalable and unified multiplier architecture for finite fields GF(p) and GF(2^m). G. Hachez and J.-J. Quisquater. Montgomery exponentiation with no final subtraction: Improved results. 12:00 - 1:30 pm LUNCH BREAK 1:30 - 2:10 pm PHYSICAL SECURITY AND CRYPTANLYSIS S. H. Weingart. Physical security devices for computer subsystems: A survey of attacks and defenses. T. Pornin and J. Stern. Software-Hardware Trade-offs: application to A5/1 Cryptanalysis. 2:10 - 2:50 pm NEW SCHEMES AND ALGORITHMS J. Hoffstein and J. Silverman. MiniPASS: Authentication and digital signatures in a constrained environment. M. Joye, P. Paillier, and S. Vaudenay. Efficient generation