- Original Message -
From: "Jerrold Leichter" <[EMAIL PROTECTED]>
Subject: Re: On hash breaks, was Re: First quantum crypto bank transfer
| (they all have backup
| plans that involve the rest of the SHA series and at the very least
| Whirlpool).
Moving to a larger hash function with no u
Joe Ashwood writes:
> Except for RIPEM there were known to be reasons for this, MD5 was
> known to be flawed, SHA-0 was replaced because it was flawed (although
> knowledge of the nature of the flaw was hidden). Even with RIPEM (and SHA-1
> for the same reason) I have plans in place (and have ha
Jerry Leichter writes:
> Joux's attack says: Find single block messages M1 and M1' that collide on
> the "blank initial state". Now find messages M2 amd M2' that collide with
> the (common) final state from M1 and M1'. Then you hav four 2-block
> collisions for the cost of two: M1|M2, M1'|M2, a
| > It strikes me that Joux's attack relies on *two* features of current
| > constructions: The block-at-a-time structure, and the fact that the state
| > passed from block to block is the same size as the output state. Suppose we
| > did ciphertext chaining: For block i, the input to the compre
| > Alternatively, how anyone can have absolute confidence in conventional
| > crypto
| > in a week when a surprise attack appears against a widely-fielded
| > primitive
| > like MD5 is beyond me. Is our certainty about AES's security really any
| > better today than was our certainty about RIPEM
At 02:02 AM 8/23/2004, Florian Weimer wrote:
* Bill Stewart:
> I agree that it doesn't look useful, but "lawful intercept" is harder,
> if you're defining that as "undetected eavesdropping with
> possible cooperation of the telco in the middle",
> because quantum crypto needs end-to-end fiber so th
1) Here's an article from the New York Times.
The headline just about says it all. Reportedly
THEY want voice-over-internet users to pay for
the privilege of having their calls tapped.
> The Call Is Cheap. The Wiretap Is Extra.
http://www.theledger.com/apps/pbcs.dll/article?AID=/20040823/ZNYT01/40
On Thu, Aug 12, 2004 at 03:27:07PM -0700, Jon Callas wrote:
> On 10 Aug 2004, at 5:16 AM, John Kelsey wrote:
>
> >So, how many people on this list have actually looked at the PGP key
> >generation code in any depth? Open source makes it possible for
> >people to look for security holes, but it
Matt Crawford wrote:
Please don't blame the physicists for that. It is still research, but
someone is selling tincture of quantum physics in their snake-oil
bottles. Too bad that may poison the market for a really useful
development a few years from now, but it does help shake the money tree
I wrote:
> Phil Hawkes' paper on the SHA-2 round function has just been
> posted as
> Eprint number 207. It contains rather a lot of detail, unlike
> some of the
> other papers on the subject of hash function collisions.
At 14:17 2004-08-23 -0400, Trei, Peter wrote:
Could you possibly post a direct
Jerry Leichter writes:
> It strikes me that Joux's attack relies on *two* features of current
> constructions: The block-at-a-time structure, and the fact that the state
> passed from block to block is the same size as the output state. Suppose we
> did ciphertext chaining: For block i, the inpu
Jerrold Leichter wrote:
... the comments I've seen on this list and elsewhere have been much
broader, and amount to "QM secure bit distribution is dumb, it solves
no problem we haven't already solved better with classical
techniques."
Most of the comments on this list are more nuanced than that.
| > ... the comments I've seen on this list and elsewhere have been much
| > broader, and amount to "QM secure bit distribution is dumb, it solves
| > no problem we haven't already solved better with classical
| > techniques."
|
| Most of the comments on this list are more nuanced than that.
Perhap
13 matches
Mail list logo
