James Donald writes:
> My understanding is that no actual vulnerabilities have
> been found in Rijndael. What has been found are reasons
> to suspect that vulnerabilities will be found.
Yes, I think that's correct on the theoretical side. I was also thinking
of some of the implementation issues
Zooko writes:
> By the way, the traditional practice of using a hash function as a
> component of a MAC should, in my humble opinion, be retired in favor of
> the Carter-Wegman alternative such as Poly-1305 AES [7].
This is a great topic where there are lots of pros and cons. The CW
MACs like U
Jerrold,
I can corroborate the quote in that much of SarbOx and
other recent regs very nearly have a guilty unless proven
innocent quality, that banks (especially) and others are
called upon to prove a negative: X {could,did} not happen.
California SB1386 roughly says the same thing: If you canno
On Tue, Jul 11, 2006 at 01:02:27PM -0400, Leichter, Jerry wrote:
[...]
> Business ultimately depends on trust. There's some study out there -
> I don't recall a reference - that basically finds that the level of
> trust is directly related to the level of economic success of an
> economy. There a
Yep, the phishers finally started doing it. If it becomes a threat to them,
they will adapt.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Anne & Lynn Wheeler
Sent: Tuesday, July 11, 2006 10:39 AM
To: cryptography@metzdowd.com
Subject: Re: Phishers Defea
Maybe you haven't heard but Tiger is being analysed against collision attack
At FSE 2006 Kelsey and Stefan Lucks presented a paper on Tiger
John Kelsey, Stefan Lucks: Collisions and Near-Collisions for
Reduced-Round Tiger, Preproceedings of FSE 2006.
Abstract:
We describe a collision-findin
Lance James wrote:
Full article at http: // blog.washingtonpost.com / securityfix /
happen to mention more than a year ago ... that it would be subject to
mitm-attacks ... recent comment on the subject
http://www.garlic.com/~lynn/aadsm24.htm#33 Threatwatch - 2-factor tokens
attacked by phishe
| That's not a change. You should never have granted unlimited trust to
| insiders. Just as most organizations do not have the same person handling
| accounts payable and vendor selection, you should have checks and balances in
| IT as well.
There have always been parts of the business where you ne
Hal:
Thanks for the news about the planned NIST-sponsored hash function
competition. I'm glad to hear that it is in the works.
Yesterday I profiled my on-line data backup application [1] and
discovered that for certain operations one third of the time is spent in
SHA-1. For that reason, I'
That's not a change. You should never have granted unlimited trust to
insiders. Just as most organizations do not have the same person handling
accounts payable and vendor selection, you should have checks and balances
in IT as well.
-Stiennon
At 07:49 AM 7/11/2006, [EMAIL PROTECTED] wrote:
...from a round-table discussion on identity theft in the current
Computerworld:
IDGNS: What are the new threats that people aren't thinking
about?
CEO Dean Drako, Sana Security Inc.: There has been a market
change over the last five-to-six years, primarily due to
Charlie Kaufman wrote:
I believe this has been "known" for a long time, though I have never seen the
proof. I could imagine constructing one based on quadratic sieve.
I believe that a proof that the discrete log problem is polynomially reducible
to the factorization problem is much harder and
C A L L F O R P A P E R S
The 4th International Workshop for
Technology, Economy and Legal Aspects of
Virtual Goods
Organized by the GI Working Group ECOM
and in parallel with
Hal Finney wrote:
> I had not heard that there had been an official
> decision to hold a new competition for hash functions
> similar to AES. That is very exciting! The AES
> process was one of the most interesting events to have
> occured in the last few years in our field.
>
> Seemed like one o
http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2fa
ctor_1.html
Thought this might interest some.
-Lance James
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAI
Full article at http: // blog.washingtonpost.com / securityfix /
Citibank Phish Spoofs 2-Factor Authentication
Security experts have long touted the need for financial Web sites to move
beyond mere passwords and implement so-called "two-factor authentication" --
the second factor being something
16 matches
Mail list logo