On Thursday,2009-08-27, at 19:14 , James A. Donald wrote:
Zooko Wilcox-O'Hearn wrote:
Right, and if we add algorithm agility then this attack is
possible even if both SHA-2 and SHA-3 are perfectly secure!
Consider this variation of the scenario: Alice generates a
filecap and gives it to
On Aug 31, 2009, at 13:20, Jerry Leichter wrote:
It can “...intercept all audio data coming and going to the Skype
process.”
Interesting, but is this a novel idea? As far as I can see, the
process intercepts the audio before it reaches Skype and after it has
left Skype. Isn't that the
Darren J Moffat darren.mof...@sun.com asks:
Ignoring performance for now what is the consensus on the suitabilty of
using AES-GMAC not as MAC but as a hash ?
Would it be safe ?
The key input to AES-GMAC would be something well known to the data
and/or software.
No, I don't think this
On Aug 28, 2009, at 8:25 PM, R.A. Hettinga wrote:
...and now GPG.
So, Snow Leopard is crypto-less?
To be strictly accurate, the problem is with GPGMail, the plugin that
integrates GPG with Apple's Mail application (as Mail internals
changed significantly between Leopard and Snow
Hal Finney wrote:
Darren J Moffat darren.mof...@sun.com asks:
Ignoring performance for now what is the consensus on the suitabilty of
using AES-GMAC not as MAC but as a hash ?
Would it be safe ?
The key input to AES-GMAC would be something well known to the data
and/or software.
No, I
On Thu, Aug 27, 2009 at 8:45 AM, Darren J Moffat wrote:
Ignoring performance for now what is the consensus on the suitabilty of using
AES-GMAC not as MAC but as a hash ?
Would it be safe ?
The key input to AES-GMAC would be something well known to the data and/or
software.
The only
Hi all,
I have implemented RNG using AES algorithm in CTR mode.
To test my implementation I needed some test vectors.
How ever I searched on the CSRC site, but found the test vectors for AES_CBC
not for AES CTR.
Please can any one tell me where to look for the test vectors to test RNG
using
On Aug 26, 2009, at 6:26 AM, Ben Laurie wrote:
On Mon, Aug 10, 2009 at 6:35 PM, Peter Gutmannpgut...@cs.auckland.ac.nz
wrote:
More generally, I can't see that implementing client-side certs
gives you much
of anything in return for the massive amount of effort required
because the
problem
So How Do You Manage Your Keys Then, part 3 of 5
In part one of this series [1] I described how Tahoe-LAFS combines
decryption, integrity-checking, identification, and access into one
bitstring, called an immutable file read-cap (short for
capability). In part two [2] I described how
Steven Bellovin wrote:
This returns us to the previously-unsolved UI problem: how -- with
today's users, and with something more or less like today's browsers
since that's what today's users know -- can a spoof-proof password
prompt be presented?
When the user clicks on a button generated by
Steven Bellovin s...@cs.columbia.edu writes:
This returns us to the previously-unsolved UI problem: how -- with today's
users, and with something more or less like today's browsers since that's
what today's users know -- can a spoof-proof password prompt be presented?
Good enough to satisfy
11 matches
Mail list logo