At 12:12 PM 12/10/2000 -0500, you wrote:
>
snip ---
>
>Finally, I'd like to see software that employs passphrases offer to
>suggest a passphrase, rather than let the poor user sort through all
>the conflicting -- and often bad
Ray Dillinger <[EMAIL PROTECTED]> writes:
> There are times and places where you can use salt, and times and places
> where you can't. In order to use salt with a passphrase, you have to
> store it somewhere. And that means that a person who has only the
> ciphertext and the passphrase cannot
values
(such as dbm files indexed by encrypted passphrase).
Enzo
- Original Message -
From: "Ray Dillinger" <[EMAIL PROTECTED]>
To: "Enzo Michelangeli" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, December 11, 2000 10:44 AM
Subject: Re:
On Mon, 11 Dec 2000, Enzo Michelangeli wrote:
>--Ray Dillinger wrote:
>
>> There are times and places where you can use salt, and times and places
>> where you can't. In order to use salt with a passphrase, you have to
>> store it somewhere. And that means that a person who has only the
>> ci
On Sun, 10 Dec 2000, Enzo Michelangeli wrote:
>> A more important problem with passphrase-based keys is collisions -
>> two people picking wimpy passwords can end up with the same keys.
>
>Salt should take care of this (as well as reducing the effectiveness
>of dictionary attacks).
There are t
At 3:35 PM -0600 12/7/2000, Rick Smith at Secure Computing wrote:
>At 02:43 PM 12/7/00, Peter Fairbrother wrote:
>
>>In WW2 SOE and OSS used original poems which were often pornographic. See
>>"Between Silk and Cyanide" by Leo Marks for a harrowing account.
>
>Yes, a terrific book. However, the bo
Bram Cohen <[EMAIL PROTECTED]> writes:
> > Is there a reason not to use AES block cipher in a hashing mode
> > if you need a secure digest of some data?
>
> Hashing modes of block ciphers require a re-key for every block, and hence
> are really, really slow.
Well, Rijndael can re-key faster tha
- Original Message -
From: "Bill Stewart" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; "William Allen Simpson"
<[EMAIL PROTECTED]>
Sent: Friday, December 08, 2000 11:58 PM
Subject: Re: migration paradigm (was: Is PG
Rick Smith at Secure Computing <[EMAIL PROTECTED]> writes:
> Now, just how do we intend to address such concerns in our memory-based
> authentication systems? Our whole technology for using memorized secrets is
> built on the belief that people will remember and recite these secrets
> perfectly
At 10:23 AM 12/8/00 -0800, Bram Cohen wrote:
>On Tue, 5 Dec 2000, David Honig wrote:
>
>> Is there a reason not to use AES block cipher in a hashing mode
>> if you need a secure digest of some data?
>
>Hashing modes of block ciphers require a re-key for every block, and hence
>are really, really
At 03:43 PM 12/6/00 -0600, Rick Smith at Secure Computing wrote:
>At 05:04 PM 12/5/00, Ray Dillinger wrote:
>
>>If someone wants to enter "sex" as a password, s/he deserves
>>what s/he gets (although you may put up an "insecure passphrase"
>>warning box for him/her).
>
>The problem is that there's
On Tue, 5 Dec 2000, David Honig wrote:
> Is there a reason not to use AES block cipher in a hashing mode
> if you need a secure digest of some data?
Hashing modes of block ciphers require a re-key for every block, and hence
are really, really slow.
-Bram Cohen
On Wed, Dec 06, 2000 at 08:32:54AM -0200, [EMAIL PROTECTED] wrote:
> I've asked previously, but I hope it won't hurt asking
> again. Has anyone compared the relative speeds of
> (efficient implementations of) the SHA-2 functions and
> Rijndael? Are there any figures available?
There is a speed co
At 02:43 PM 12/7/00, Peter Fairbrother wrote:
>In WW2 SOE and OSS used original poems which were often pornographic. See
>"Between Silk and Cyanide" by Leo Marks for a harrowing account.
Yes, a terrific book. However, the book also contains an important lesson
regarding human memory.
Marks was
From: Rick Smith at Secure Computing <[EMAIL PROTECTED]>
> Does anyone have a citation as to the source of this 1.33 bits/letter
> estimate? In other words, who computed it and how? It's in Stinson's crypto
> book, but he didn't identify its source. I remember tripping over a
> citation for it
on 6/12/00 9:43 pm, Rick Smith at Secure Computing at
[snip]
>> "My name is Ozymandias, king of kings:
>> Look upon my works, ye Mighty, and despair!"
>
> So the 'new dictonary' for pass phrase attacks contains all the chestnuts
> from all the school lit books in the country. I expect there's a l
At 3:43 PM -0600 12/6/2000, Rick Smith at Secure Computing wrote:
>Does anyone have a citation as to the source of this 1.33
>bits/letter estimate? In other words, who computed it and how? It's
>in Stinson's crypto book, but he didn't identify its source. I
>remember tripping over a citation fo
At 05:04 PM 12/5/00, Ray Dillinger wrote:
>If someone wants to enter "sex" as a password, s/he deserves
>what s/he gets (although you may put up an "insecure passphrase"
>warning box for him/her).
The problem is that there's no objective way of knowing when a passphrase
becomes 'insecure' since
David Wagner wrote:
> David Honig wrote:
> > Is there a reason not to use AES block cipher
> > in a hashing mode if you need a secure digest
> > of some data?
>
> Yes. The standard hashing modes provide only
> 128-bit hash digests, and for long-term collision-
> resistance, we'd probably like
David Honig wrote:
>Is there a reason not to use AES block cipher in a hashing mode
>if you need a secure digest of some data?
Yes. The standard hashing modes provide only 128-bit hash digests, and
for long-term collision-resistance, we'd probably like longer outputs.
Also, Rijndael has not b
On Tue, 05 Dec 2000, Bram Cohen wrote:
> > [SHA-2 looks pretty good. What's your problem with it? --Perry]
>
> It's slow.
Just how slow? Are you sure you tried a production implementation? What
efficiency figures do you have (say, SHA-256 vs. SHA-1 vs. Rijndael)?
Paulo Barreto.
At 3:04 PM -0800 12/5/2000, Ray Dillinger wrote:
>On Tue, 5 Dec 2000, Arnold G. Reinhold wrote:
>
...
> >I believe there are applications where a passphrase generated key is
>>preferable.
>
>>I think a standard such as Mr. Simpson suggests is a worthwhile idea.
>>No one is forced to use a standar
At 11:59 PM 12/4/00 -0800, Alan Olsen wrote:
>The
>review of the system during the audit was less than nice, but they still
>wanted to go ahead with it.
Didn't they set themselves up for extra liability when fraud
is committed due to their *now conscious* lack of diligence?
Ignorance is bliss
At 11:19 PM 12/4/00 -0800, Bram Cohen wrote:
>On Mon, 4 Dec 2000, William Allen Simpson wrote:
>
>> We could use the excuse of AES implementation to foster a move to a
>> new common denominator.
>
>AES is silly without an equivalently good secure hash function, which we
>don't have right now.
>
In message <[EMAIL PROTECTED]>, Bram Coh
en writes:
>On Mon, 4 Dec 2000, Bram Cohen wrote:
>>
>> [SHA-2 looks pretty good. What's your problem with it? --Perry]
>
>It's slow. It's fast enough for most applications, but then again so is
>3DES - either you care about speed or you don't, and if you
On Tue, 5 Dec 2000, Arnold G. Reinhold wrote:
>At 7:20 PM + 12/4/2000, lcs Mixmaster Remailer wrote:
>>William Allen Simpson <[EMAIL PROTECTED]> writes:
>>> 4) an agreed algorithm for generating private keys directly from
>>> the passphrase, rather than keeping a private key database.
On Mon, 4 Dec 2000, Bram Cohen wrote:
>
> [SHA-2 looks pretty good. What's your problem with it? --Perry]
It's slow. It's fast enough for most applications, but then again so is
3DES - either you care about speed or you don't, and if you do, SHA2 just
doesn't rank up there with Rijndael.
-Bram
At 7:20 PM + 12/4/2000, lcs Mixmaster Remailer wrote:
>William Allen Simpson <[EMAIL PROTECTED]> writes:
>> My requirements were (off the top of my head, there were more):
>>
>> 4) an agreed algorithm for generating private keys directly from
>> the passphrase, rather than keeping a priva
On Tue, 5 Dec 2000, Enzo Michelangeli wrote:
> I'm not sure about this, unless you assume that the best attacks are based
> on dictionary search (which, for PK algorithms, can be pretty
> time-consuming). Let's suppose that the entropy of the passphrase only
> amounts to 100 bits: my gut feeling
On Mon, 4 Dec 2000, William Allen Simpson wrote:
> We could use the excuse of AES implementation to foster a move to a
> new common denominator.
AES is silly without an equivalently good secure hash function, which we
don't have right now.
[SHA-2 looks pretty good. What's your problem with it?
- Original Message -
From: "lcs Mixmaster Remailer" <[EMAIL PROTECTED]>
Sent: Tuesday, December 05, 2000 3:20 AM
> William Allen Simpson <[EMAIL PROTECTED]> writes:
> > My requirements were (off the top of my head, there were more):
> >
> > 4) an agreed algorithm for generating private
William Allen Simpson <[EMAIL PROTECTED]> writes:
> My requirements were (off the top of my head, there were more):
>
> 4) an agreed algorithm for generating private keys directly from
> the passphrase, rather than keeping a private key database.
> Moving folks from laptop to desktop h
32 matches
Mail list logo