Re: MD5 collisions?

2004-08-18 Thread David Honig 
At 09:04 PM 8/17/04 -0400, R. A. Hettinga wrote:
At 7:33 PM -0500 8/17/04, Declan McCullagh wrote:
One is enough. Less is more. Let's eliminate redundancy, thus eliminating
redundancy.

LMAO RAH :-)



=
36 Laurelwood Dr
Irvine CA 92620-1299

VOX: (714) 544-9727 (home) mnemonic: P1G JIG WRAP
VOX: (949) 462-6726 (work -don't leave msgs, I can't pick them up)
   mnemonic: WIZ GOB MRAM
ICBM: -117.7621, 33.7275
HTTP: http://68.5.216.23:81 (back up, but not 99.999% reliable)
PGP PUBLIC KEY: by arrangement

Send plain ASCII text not HTML lest ye be misquoted

--

Don't 'sir' me, young man, you have no idea who you're dealing with
Tommy Lee Jones, MIB



No, you're not 'tripping', that is an emu ---Hank R. Hill

Re: Did you *really* zeroize that key?

2002-11-07 Thread David Honig 
At 03:55 PM 11/7/02 +0100, Steven M. Bellovin wrote:
Regardless of whether one uses volatile or a pragma, the basic point 
remains:  cryptographic application writers have to be aware of what a 
clever compiler can do, so that they know to take countermeasures.

Wouldn't a crypto coder be using paranoid-programming 
skills, like *checking* that the memory is actually zeroed? 
(Ie, read it back..)  I suppose that caching could still
deceive you though?

I've read about some Olde Time programmers
who, given flaky hardware (or maybe software), 
would do this in non-crypto but very important apps.