potential new IETF WG on anonymous IPSec

--- begin forwarded text From: Paul Syverson <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: Paul Syverson <[EMAIL PROTECTED]> Subject: potential new IETF WG on anonymous IPSec User-Agent: Mutt/1.4.1i Sender: [EMAIL PROTECTED] List-Id: Primary NymIP discussion list List-Post:

Re: Seth Schoen's Hard to Verify Signatures

Hi, Adam - Yes, that's interesting. Seth Schoen's posting and subsequent blog entries do compare his goals with hashcash and similar stamp minting systems; where hashcash wants to make minting expensive and verification easy, Seth's HTV signatures aim to make signing easy and verifying expensive.

Re: Seth Schoen's Hard to Verify Signatures

Hi I proposed a related algorithm based on time-lock puzzles as a step towards non-parallelizable, fixed-minting-cost stamps in section 6.1 of [1], also Dingledine et al observe the same in [2]. The non-parallelizable minting function is in fact the reverse: sender encrypts (expensively) and the

Seth Schoen's Hard to Verify Signatures

Hal Finney wrote: >[...] "hard to verify signature" [...] >Choose the number of modular squarings, t, that you want the verifier >to have to perform. Suppose you choose t = 1 billion. Now you will >sign your value using an RSA key whose exponent e = 2^t + 1. >The way you sign, even using such a l

Re: MD2 is not one way (!?)

Jason Holt wrote: Includes one titled "The MD2 Hash Function is Not One-Way". That's the first I've heard about MD2; the other breaks were for md4 and md5. Anyone know details? Actually there was a paper analysing the MD2 algorithms back in 1997: N. Rogier and P Chauvaud, "MD2 is not secure with

Re: references on traffic analysis?

On Tue, Sep 07, 2004 at 11:12:03PM -0400, Steve Bellovin wrote: | What are some of the classic, must-read, references on traffic analysis? | (I'm familiar with the Zendian problem, of course.) A. Back, U. Muller, and A. Stiglic, Traffic Analysis Attacks and Trade-Offs in Anonymity Providing System

Re: Some additional info about "Which book for a newbie to cryptography?"

Ok, I have read both yours and Sandy Harris's replies, and looked again at my previous message, and the opinions are kinda ambiguous. I think I will go to the library and pick one of them. anyway, I don't feel I need a book that gets very or too deep, because I really don't have much time for that.

Polymer serves up single photons

TRN 090804 Polymer serves up single photons September 8/15, 2004 By Eric Smalley, Technology Research News Quantum cryptography in theory allows someone to send a secret key and know for sure that the key

Wireless security remains as main threat to mobility

Ottawa Business Journal - News Wireless security remains as main threat to mobility By Ottawa Business Journal Staff Mon, Sep 6, 2004 12:00 AM EST The wireless industry needs a lasting solution to one of its biggest threats: outside i

FSTC Issues Call for Participation for Two New Projects

The Financial Services Technology Consortium wants to assist banks in providing an "authentication service to government agencies"... Cheers, RAH --- begin forwarded text Date: Wed, 08 Sep 2004 11:39:05 -0400 From: Jim Salters <[EMAIL PROTECTED]> Subject: FSTC Issues Call for Participation for

Joux attack against multipreimages

I was looking at Joux's paper again and I noticed that he also had some comments regarding preimage resistance. I believe these imply a weakness even in the construction I proposed of using a double width hash and then collapsing the output down to single width at the end. My argument was that if

references on traffic analysis?

What are some of the classic, must-read, references on traffic analysis? (I'm familiar with the Zendian problem, of course.) --Steve Bellovin, http://www.research.att.com/~smb - The Cryptography Mailing List Un

RE: Maths holy grail could bring disaster for internet

>Mathematicians could be on the verge of solving two separate million dollar >problems. If they are right - still a big if - and somebody really has >cracked the so-called Riemann hypothesis, financial disaster might follow. >Suddenly all cryptic codes could be breakable. No internet transaction >w

Seth Schoen's Hard to Verify Signatures

Seth Schoen of the EFF proposed an interesting cryptographic primitive called a "hard to verify signature" in his blog at http://vitanuova.loyalty.org/weblog/nb.cgi/view/vitanuova/2004/09/02 . The idea is to have a signature which is fast to make but slow to verify, with the verification speed unde

MD2 is not one way (!?)

The list of accepted papers for AsiaCrypt: http://www.iris.re.kr/ac04/ Includes one titled "The MD2 Hash Function is Not One-Way". That's the first I've heard about MD2; the other breaks were for md4 and md5. Anyone know details? -J --

Re: will spammers early adopt hashcash? (Re: Spam Spotlight on Reputation)

On Tue, Sep 07, 2004 at 03:16:21PM -0600, R. A. Hettinga wrote: | Apropos of nothing (specific) here... | | At 4:56 PM -0400 9/7/04, Adam Shostack wrote: | >What do you see as | >equilibrium postal rates | | Remember, boys and girls, prices are *discovered*, not calculated. Heck, | you probably c

Re: will spammers early adopt hashcash? (Re: Spam Spotlight on Reputation)

On Tue, Sep 07, 2004 at 04:13:13PM -0400, Adam Back wrote: | Well we'll see. If they have lots of CPU from zombies and can get and | maintain more with limited effort maybe even they can, and CAMRAM's | higher cost stamp on introductions only will prevail as the preferred | method. Adam,