On Mar 5, 2005, at 11:32, Ed Gerck wrote:
The worse part, however, is that the server side can always fake your
authentication using a third-party because the server side can
always calculate ahead and generate "your next number" for that
third-party to enter -- the same number that you would get f
SK wrote:
Hopefully, once CACert gets it acts together, this will decrease to $0!
SK
and with a little bit of intelligent compression, zero bytes!
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
I have started writing up a bit of an analysis of GBDE, which I
would like to have people comment on before I continue with it.
I.e. am I onto something here or not? I wrote this up very quickly
over a few sleepless nights while trying to get my normal work done
before I left on vacation, so please
On Mar 4, 2005, at 5:23 PM, James A. Donald wrote:
The attacks on MD*/SHA* are weak and esoteric.
On this we respectfuly disagree.
You make it sound trivial. Wang has been working on these results for
over 10 years. She received the largest applause at Crypto 2004 session
from her peers I have ev
- Original Message -
From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
Subject: comments wanted on gbde
I'll just deal with it piece by piece.
Page 3 "decrypting and re-encrypting an entire disk would likely take more
than a day with currently available hardware" is wrong. Assuming 256-bit
On Sat, Mar 05, 2005 at 09:23:11AM -0700, Anne & Lynn Wheeler wrote:
> Victor Duchovni wrote:
> >What is the significance of this? It seems I can get a certificate for
> >two public keys (chosen, not given) while only proving posession of the
> >first. Is there anything else? In what sense is the
I hope this might be of interest.
Alfonso
--- Begin Message ---
Hi All.
I would like to thank Arjen Lenstra, Xiaoyun Wang, and Benne de Weger
for announcing a method for the construction of pairs of colliding
X.509 certificates, and David McGrew for forwarding to the list.
I would like also to poin
Hopefully, once CACert gets it acts together, this will decrease to $0!
SK
On Fri, 04 Mar 2005 15:53:51 -0800, John Gilmore <[EMAIL PROTECTED]> wrote:
> For the privilege of being able to communicate securely using SSL and a
> popular web browser, you can pay anything from $10 to $1500. Clif
>
Steven M. Bellovin wrote:
With
the author's consent, I'm soliciting opinions from this group about it:
http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf
I just gave the paper a quick read and am hoping this is not meant for
production use. The key problems to me appear to be that:
- the paper
Victor Duchovni wrote:
What is the significance of this? It seems I can get a certificate for
two public keys (chosen, not given) while only proving posession of the
first. Is there anything else? In what sense is the second public key
useful to the attacker?
so three kinds of attacks on certificat
Current solutions for two-factor authentication may be weaker than they
seem. Let me present two cases, including SecurID, for comments.
1. First case, without a clock, take a look at:
http://www.ietf.org/internet-drafts/draft-mraihi-oath-hmac-otp-02.txt
Because the algorithm MUST be sequence or c
Victor Duchovni wrote:
What is the significance of this? It seems I can get a certificate for
two public keys (chosen, not given) while only proving posession of the
first. Is there anything else? In what sense is the second public key
useful to the attacker?
the purpose of a certificate is analogo
--- begin forwarded text
From: Tanja Lange <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: ECC 2005 announcement
Date: Sat, 5 Mar 2005 14:40:42 +0100
Organization: DTU
--
THE 9TH WORKSHOP ON E
13 matches
Mail list logo