that the CIA really wants to cloak cyberwar activities,
or they want to learn the flaws of the product so they can penetrate
anonymity. (Why not -- according to CNN, the NSA claims that Osama bin
Laden has better communications technology than we do)
--Steve Bellovin, http://www.research.att.com/~smb
Today's Wall Street Journal reports that the FBI is changing the name
of Carnivore. It will now be known as the DCS1000 -- the "DCS" stands
for "Data Collection System".
Clearly, that resolves all of the problems with it.
--Steve Bellovin, http://www.research.att.com/~smb
licly available.
The attack is quite expensive; it requires O(2^64) operations, several
terabytes of memory, and 2^22 signed messages.
--Steve Bellovin, http://www.research.att.com/~smb
oints, not the
transmission!
--Steve Bellovin, http://www.research.att.com/~smb
75-5237
FAX: (301) 948-1233
[EMAIL PROTECTED]
***
--- End of Forwarded Message
--Steve Bellovin
The draft Carnivore report is at
http://www.usdoj.gov/jmd/publications/carniv_entry.htm
I haven't checked yet to see if any of the redactions are reversible...
--Steve Bellovin
ut of litigation."
A final decision will be made in November.
--Steve Bellovin
According to today's Wall Street Journal, the judge in the DeCSS case
against 2600 publisher Eric Corley (better known as Emmanuel Goldstein)
has asked both sides to submit briefs on whether or not software is
speech, and hence protected by the First Amendment.
--
anticipate that. And you know, we specifically
>-- that specifically was rejected and left out of the bill when it was
>passed. We're
>having enough trouble trying to manage what we're trying to do under CALEA. I
>don't see extending it at this point.
--- End of Forwarded Message
--Steve Bellovin
e not heard of
GEE, and as far as I knew the ministry used online machines. Does
anyone have any details on either this system or its solution?
--Steve Bellovin
--Steve Bellovin
(Note to ipsec@ readers -- this is a follow-up to a discussion on the
cryptography list a week or so ago. To spare folks who subscribe to both, I've
directed followups to the cryptography list ONLY. Subscription to it is via
[EMAIL PROTECTED])
Following my exchange of notes with Ron Rive
I spent the week at the Fast Software Encryption and AES-3 conferences
in New York. The big news is that there was no big news. All five
candidates still look solid, and there were at least as many papers
on performance as on cryptanalytic results. Not only that, the
former were more enlighteni
opy is on order...
--Steve Bellovin
Are there any freely-available secret-sharing packages around? Specifically,
I need to be able to set up modestly complex policies to protect a sensitive
signature key.
While source code would be best, I'd also be interested in smart card-based
products.
--Steve Bellovin
more about this? I know that Zimmerman (ab)used
U.S. facilities to transmit the message, but it was encrypted in 0075 code, as
I recall.
--Steve Bellovin
According to the Wall Street Journal, nine Internet firms (AOL, Amazon.com,
Yahoo, eBay, Excite@Home, DoubleClick, Inktomi, theglobe.com, and Lycos) have
formed a Washington lobbying group. The purpose is to focus on issues of
concern to Internet companies. The article does list privacy regulat
Shamir's paper describing his design for a factoring machine is now
available (with permission) at http://www.research.att.com/~smb/twinkle.ps --
I'll leave it there for a few weeks.
To: [EMAIL PROTECTED]
From: Dave Farber <[EMAIL PROTECTED]>
Subject: IP: "Intercepting the Internet"
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: [EMAIL PROTECTED]
Precedence: list
Reply-To: [EMAIL PROTECTED]
>From: "Caspar Bowden" <[EMAIL PROTECTED]>
>To: "Dave Far
Before cheering too much about McCain's apparent change of heart, it's
worth doing some arithmetic. 64-bit ciphers are vulnerable to a brute
force attack that costs 256 times what an attack on the same 56-bit
cipher would cost. Plug in EFF's 250K and you see that a similar design
would cost $64M
> But what you imply, that PGP (and other programs that request passwords
> and passphrases from the user) should be more picky in what it accepts, is
> an excellent idea. Of course, it's impossible to force the user to choose
> a good passphrase, but requiring no fewer than, say, 12 characters t
In message <00a701be4bcc$7c9f9f80$[EMAIL PROTECTED]>, "Jitze Couperus"
writes:
>
> Some 30 years later, I find the paper cited by Steve Bellovin
> on "Probable Plaintext Cryptanalysis" to be extrememely
> interesting - in particular it cites another p
In message <003901be4af4$ea5b9a20$[EMAIL PROTECTED]>, "Jitze Couperus"
writes:
> John Mckay wrote:
>
> About the "sideways add" or pop-count instruction - indeed
> Seymour Cray's first supercomputer (the Control Data 6600)
> sported such an instruction, as did all subsequent Control
> Data machi
In message <[EMAIL PROTECTED]>, Colin Plumb writes:
>
> Well, as I mentioned, I said so in fairly emphatic terms once already,
> although I don't know whether such access was planned or if my comments
> had any effect. I'm having another, more detailed discussion with the
> responsible designers
Intel has announced a number of interesting things at the RSA conference.
The most important, to me, is the inclusion of a hardware random number
generator (based on thermal noise) in the Pentium III instruction set.
They also announced hardware support for IPSEC.
I asked a friendly patent attorney. The Patent Office accepts what are
called "statutory invention registrations" that serve this purpose.
I don't know how to file one, or what they cost.
According to today's Wall Street Journal, RSA is going to market
"compatible technology" developed by Eric Young and Tim Hudson,
via an Australian subsidiary. This is an end-run around the export
rules, and has already been approved by the U.S. Dept of Commerce.
"The key to that is neither U.S. t
In message <[EMAIL PROTECTED]>, Jim Gillogly writes:
> "Arnold G. Reinhold" <[EMAIL PROTECTED]> writes:
> > ... descriptions on the CipherSaber web site http://ciphersaber.gurus.com .
> ..
>
> > Any comments, suggestions, endorsements and publicity are welcome.
>
> I'll endorse it -- the pages g
In message <896C7C3540C3D111AB9F00805FA78CE2013F85F3@MSX11002>, "Brown, R Ken"
writes:
>
> More to the point - I have*only* seen that Reuters press release or comments
> based on it so far.
The NY Times story is at
http://www.nytimes.com/library/tech/98/12/biztech/articles/04encrypt.html
29 matches
Mail list logo