Paul Hoffman wrote:
> At 2:29 PM -0500 11/15/05, Steven M. Bellovin wrote:
>> I mostly agree with you, with one caveat: the complexity of a spec can
>> lead to buggier implementations.
>
> Well, then we fully agree with each other. Look at the message formats
> used in the protocols they have atta
>From: [EMAIL PROTECTED]
>Sent: Nov 16, 2005 12:26 PM
>Subject: Re: the effects of a spy
...
>Remember Clipper? It had an NSA-designed 80-bit encryption
>algorithm. One interesting fact about it was that it appeared to be
>very aggressively designed. Most published algorithms will, for
>examp
At 11:20 AM +0100 11/17/05, Florian Weimer wrote:
These bugs have been uncovered by a PROTOS-style test suite. Such
test suites can only reveal missing checks for boundary conditions,
leading to out-of-bounds array accesses and things like that. In
other words, trivial implementation errors whi
The answer you are looking for is Karnaugh logic maps. This will produce
an unoptimized set of gate logic that represents say S-boxes or E-tables.
>From there you can find smaller gate logic compliments that produce the
same logic map. Christopher Abad and I researched this heavily a few
years
>From: "Travis H." <[EMAIL PROTECTED]>
>Sent: Nov 16, 2005 11:37 PM
>To: David Wagner <[EMAIL PROTECTED]>
>Cc: cryptography@metzdowd.com
>Subject: Re: timing attack countermeasures (nonrandom but unpredictable delays)
...
>I don't follow; averaging allows one to remove random variables from
>the o
| > In many cases, the observed time depends both on the input and on some
| > other random noise. In such cases, averaging attacks that use the same
| > input over and over again will continue to work, despite the use of
| > a pseudorandom input-dependent delay. For instance, think of a timing
|
Travis,
Have a look at Karnough Maps, which is a matrix Boolean algebra
reduction technique. I understand that there are more advanced
computational algorithms at this point. But, I believe that they build
off of the principle of adjacency found in a Karnough Map matrix.
Best regards,
--
Mike
--
Florian Weimer <[EMAIL PROTECTED]> writes:
>* Perry E. Metzger:
>
>> I haven't been following the IPSec mailing lists of late -- can anyone
>> who knows details explain what the issue is?
>
>These bugs have been uncovered by a PROTOS-style test suite. Such test
>suites can only reveal missing chec
* Perry E. Metzger:
> I haven't been following the IPSec mailing lists of late -- can anyone
> who knows details explain what the issue is?
These bugs have been uncovered by a PROTOS-style test suite. Such
test suites can only reveal missing checks for boundary conditions,
leading to out-of-boun
Thomas Sjögren wrote:
> On Tue, Nov 08, 2005 at 05:58:04AM -0600, Travis H. wrote:
> > The only thing close that I've seen is Bestcrypt, which is commercial
> > and has a Linux and Windows port. I don't recall if the Linux port
> > came with source or not.
>
> http://www.truecrypt.org/
>
> "True
> In many cases, the observed time depends both on the input and on some
> other random noise. In such cases, averaging attacks that use the same
> input over and over again will continue to work, despite the use of
> a pseudorandom input-dependent delay. For instance, think of a timing
> attack
Does anyone have any references on how one would go about creating
manipulating the boolean equations that govern symmetric ciphers?
I know that most of the time ciphers describe an algorithm, often
using tables (S-boxes and E-tables) in lieu of providing equations,
and I'm wondering how one goes
> actually justified for cryptosystems: It turned out, on the key escrow side
> of the protocol design, NSA actually fell over the edge, and there was a
> simple attack (Matt Blaze's work, as I recall).
Details on the so-called LEAF blower here:
http://www.crypto.com/papers/eesproto.pdf
--
http:/
13 matches
Mail list logo
