Re: migration paradigm (was: Is PGP broken?)
At 02:43 PM 12/7/00, Peter Fairbrother wrote: >In WW2 SOE and OSS used original poems which were often pornographic. See >"Between Silk and Cyanide" by Leo Marks for a harrowing account. Yes, a terrific book. However, the book also contains an important lesson regarding human memory. Marks was responsible for training agents in crypto procedures to use while operating behind enemy lines, and he was also responsible for decrypting the messages they sent back. Marks found himself organizing a cryptanalysis team (independent of Bletchley) primarily for the purpose of cracking of mis-encrypted messages received from their own agents. In short, the agents mis-remembered their poems and used their faulty recollection as the basis for their encryption. Now, just how do we intend to address such concerns in our memory-based authentication systems? Our whole technology for using memorized secrets is built on the belief that people will remember and recite these secrets perfectly. Some applications could take more of a 'biometric pattern matching' strategy that measures the distance between the actual passphrase and a stored pattern. But this won't provide us with a secret we can use in crypto applications like PGP. Rick. [EMAIL PROTECTED] roseville, minnesota
Re: migration paradigm (was: Is PGP broken?)
From: Rick Smith at Secure Computing <[EMAIL PROTECTED]> > Does anyone have a citation as to the source of this 1.33 bits/letter > estimate? In other words, who computed it and how? It's in Stinson's crypto > book, but he didn't identify its source. I remember tripping over a > citation for it in the past 6 months, but can't find it in my notes. According to Kahn's "The Codebreakers", 1996, ISBN 0-684-83130-9 pp 759-762 Shannon did frequency counts of 1, 2 and 3 letter n-graphs and asked people to guess the next letter in incomplete passages of English. -- ## # Antonomasia [EMAIL PROTECTED] # # See http://www.notatla.demon.co.uk/# ##
Re: Re: migration paradigm (was: Is PGP broken?)
On Wed, Dec 06, 2000 at 08:32:54AM -0200, [EMAIL PROTECTED] wrote: > I've asked previously, but I hope it won't hurt asking > again. Has anyone compared the relative speeds of > (efficient implementations of) the SHA-2 functions and > Rijndael? Are there any figures available? There is a speed comparison of many ciphers and hash functions, including SHA-2 and Rijndael, at http://weidai.com/benchmarks.html.
DOD rescues Iridium
From http://www.defenselink.mil/news/Dec2000/b12062000_bt729-00.html The Department of Defense, through its Defense Information Systems Agency, last night awarded Iridium Satellite LLC of Arnold, Md., a $72 million contract for 24 months of satellite communications services. This contract would provide unlimited airtime for 20,000 government users over the Iridium satellite network. The contract includes options which, if exercised, would bring the cumulative value of this contract to $252 million and extend the period of performance to December 2007. The Department has taken this action because the Iridium system offers state-of-the-art technology. It features on-satellite signal processing and inter-satellite crosslinks allowing satellite-mode service to any open area on earth. It provides mobile, cryptographically secure telephone services to small handsets anywhere on the globe, pole-to-pole, 24 hours a day. The system and its DoD enhancements will provide handheld service currently not available. ... "Iridium will not only add to our existing capability, it will provide a commercial alternative to our purely military systems. This may enable real civil/military dual use, keep us closer to the leading edge technologically, and provide a real alternative for the future," said Dave Oliver, principal deputy undersecretary of Defense (Acquisition, Technology and Logistics). Iridium Satellite LLC is now purchasing the operating assets of Iridium LLC and its existing subsidiaries, pursuant to a Nov. 22, 2000 order of the U.S. Bankruptcy Court for the Southern District of New York. ... Early next year, Iridium will offer a classified capability. Classified service will not only be provided for users already registered to the DoD gateway, but will also be extended to new users from DoD, other federal agencies, and selected allied governments. [Works out to $150/handset/month, not unreasonable for secure, 4*Pi coverage. I wonder how many units will end up in the hands of political appointees? It could become the status symbol of the next administration. -- agr]
