Re: IBM press release - encryption and authentication

[Enzo Michelangeli]

Apart from the parallelization-friendliness, wouldn't the same result be
achieved by encrypting the concatenation of the plaintext with a MAC
implemented through a fast error detection code (say, a sufficiently long
CRC)? Due to the presence of encryption, the security properties of the
inner MAC don't appear to really matter (as they would in the "DES-CBC
first, then HMAC-MD5" scenario mentioned in the draft for comparison).

Enzo

- Original Message -
From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
To: "P.J. Ponder" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Saturday, December 09, 2000 8:50 AM
Subject: Re: IBM press release - encryption and authentication


> In message
<[EMAIL PROTECTED]>, "P
> .J. Ponder" writes:
> >from: http://www.ibm.com/news/2000/11/30.phtml
> >
> >IBM develops algorithm that encrypts and authenticates simultaneously
> >
>
> More precisely, this is a new mode of operation that does encryption
> and authentication in one pass.  It's also amenable to parallelization,
> thus making it suitable for very high speed networks.  (Traditional
> modes of operation, such as CBC, are problematic, since every block
> depends on the encryption of the previous block.)
>
> --Steve Bellovin
>
>
>

Re: UK Sunday Times: "Steal the face right off your head"

[Ted Lemon]

> Er, how does the criminal's calculation of this change from
> before?  A guy who's going to (pardon the image) chop off
> your hand to get past the hand-scanner is just not likely to
> have many qualms about shooting you first, to keep you from
> squirming or making too much noise.

True enough, but I think your chances of being shot increase if your
hand has to be alive to be used in the scanner.   It's kind of a
ridiculous point, though - my personal preference would be to just
remember a numeric code, and I would probably refuse to work for
somebody who wanted to use my body in this way.

   _MelloN_

Interview with Eben Moglen on the decryption wars

[R. A. Hettinga]

--- begin forwarded text


Date: Wed, 13 Dec 2000 12:06:31 -0500
From: Sina Najafi <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject:   Interview with Eben Moglen on the decryption wars
Sender: [EMAIL PROTECTED]
Reply-To: Sina Najafi <[EMAIL PROTECTED]>

Cabinet magazine has posted online a long version of an interview
conducted in May with Eben Moglen on the cultural implications of the
current "encryption/decryption wars." Moglen is
general counsel to the Free Software Foundation (developer and
distributor of GNU) and a professor at Columbia Law School.

http://www.immaterial.net/page.php3?id=39


#  distributed via : no commercial use without permission
#   is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: [EMAIL PROTECTED] and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: [EMAIL PROTECTED]

--- end forwarded text


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: UK Sunday Times: "Steal the face right off your head"

[John Kelsey]

-BEGIN PGP SIGNED MESSAGE-

At 07:52 PM 12/11/00 -0700, Ted Lemon wrote:

...
>All that this really means is that now the thing the
>criminal needs to bring to the scanner is somewhat larger.
>It might actually *increase* the risk to the person whose
>biometrics are being used, because now there is a large,
>potentially dangerous person that you have to bring with you
>who must remain attached to the authentication device, and
>once you've gotten through the gate, this person's continued
>existance becomes a liability.  So instead of this person
>losing a limb, they lose their life.

Er, how does the criminal's calculation of this change from
before?  A guy who's going to (pardon the image) chop off
your hand to get past the hand-scanner is just not likely to
have many qualms about shooting you first, to keep you from
squirming or making too much noise.

Anyway, all an authentication mechanism can really do is
unlock when the authorized user wants it to unlock.  It's
beyond its powers to figure out whether the authorized user
wants it to unlock because he's got a gun pressed against
his temple, or because he's just been handed a briefcase
full of $100 bills, or because he's a double-agent in the
pay of the bad guys for years.

>  _MelloN_

 --John Kelsey, [EMAIL PROTECTED]
PGP Fingerprint: 5D91 6F57 2646 83F9  6D7F 9C87 886D 88AF
...| ``Slavery's most important legacy may be a painful insight
...| into human nature and into the terrible consequences of
...| unbridled power.'' --Thomas Sowell, _Race and Culture_

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.1 Int. for non-commercial use

Comment: foo

iQCVAwUBOjXWLyZv+/Ry/LrBAQEDngP+JDoCNLjmNbU5+Ph4G8xiVCGCmhO9znct
TOIZbEskVOZgegaFigrlinEtNA4hh/V/+W46/Sc04n5ewP6KeQ/HzaDgqQxvA02l
9i3k95KbFmxEXLH4lhe2PijNsmY+hkdZe5VJw2GUgbZ5lptb1eKhPIs+ANwSOwhM
d5A58J7sTPA=
=9smf
-END PGP SIGNATURE-