:
List Password // URL
cryptography@metzdowd.comiPoopInYourHat
http://www.metzdowd.com/mailman/options/cryptography/greg%40kinostudios.com
So, my password, iPoopInYourHat, is being sent to me
are failing their jobs.
- Greg
--
Please do not email me anything that you are not comfortable also sharing with
the NSA.
On Oct 1, 2013, at 12:03 PM, Lodewijk andré de la porte l...@odewijk.nl wrote:
It's reasonable as it's not a security sensitive environment. Please for the
love of god
]: YES! - Server.
No passwords, and no fake unsubscribes.
- Greg
--
Please do not email me anything that you are not comfortable also sharing with
the NSA.
On Oct 1, 2013, at 4:56 PM, John Ioannidis j...@tla.org wrote:
On Tue, Oct 1, 2013 at 12:56 PM, Greg g...@kinostudios.com wrote
posted to the list in the first place was because the password was
sent to me in the clear. This thread has been my sole contribution to the list
so far.
- Greg
--
Please do not email me anything that you are not comfortable also sharing with
the NSA.
On Oct 1, 2013, at 6:03 PM, Greg g
I'm interested in cases where Mailman passwords have been abused.
Show me one instance where a nuclear reactor was brought down by an
earthquake! Just one! Then I'll consider spending the $$ on it!
--
Please do not email me anything that you are not comfortable also sharing with
the NSA.
On
it is) in the clear is extremely poor practice and should never be done.
And, if a password is completely unnecessary, it should not be used.
On a side-note (Re: Russ's email and others), I can't believe people are
talking about encryption and key distribution algorithms in reference to this
topic.
- Greg
either click on it or reply
to the message while quoting the link in the body. Sometimes it's also a unique
number in the subject line.
- Greg
--
Please do not email me anything that you are not comfortable also sharing with
the NSA.
On Oct 2, 2013, at 10:40 AM, Markus Wanner mar...@bluegap.ch
This year's Crypto conference is in Santa Barbara August 17-21. The early
registration deadline is July 14th. Full program information is available
at http://www.iacr.org/conferences/crypto2003/2003Program.html .
It'll be great, both technically and socially!
regards,
Greg.
(General Chair
this attack is not going to cost
much more than a cellphone (without subsidies). Patenting the attack
prevents the production of the radio shack (tm) gsm scanner, so that it
at least requires serious attackers, not idle retirees or jealous teenagers.
Greg.
Greg Rose
compromised by this attack.
Greg.
Greg Rose INTERNET: [EMAIL PROTECTED]
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road,http://people.qualcomm.com/ggr/
Gladesville NSW 2111232B EC8F 44C6
on universal hashing.
--
Greg Troxel [EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
That's pretty much what I was talking about when I said that it may be
possible to clone an arbitrarily large proportion of photons - and that
Quantum Cryptography may not actually be secure.
A key point is the probability that the measurement/cloning operation
has of disturbing the
. Adding (and checking) correct padding
(eg. OAEP or PSS, see the PKCS standards) makes it extremely unlikely that
there will be a cube root for the attack to work on.
Others may want to correct me or elaborate further, but I think that's correct.
regards,
Greg.
Greg Rose
dbm uses essentially this philosophy, but the
tree is not binary; rather each node stores up to one disk block's worth of
pointers. Nodes split when they get too full. When the point is to handle a
lot of data, this makes much more sense.
Hope that helps,
Greg.
Greg Rose
,
and there are block ciphers (such as FEAL, same vintage as RC4) that aren't
even vaguely secure.
Greg.
Greg Rose INTERNET: [EMAIL PROTECTED]
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road,http
if that helps, because I certainly got mightily confused while
writing it.
Greg.
Lynn said:
... A security taxonomy, PAIN:
* privacy (aka thinks like encryption)
* authentication (origin)
* integrity (contents)
* non-repudiation
I.e., its provenance?
Google shows only a few hits
At 15:41 2004-06-19 -0400, Perry E. Metzger wrote:
http://news.bbc.co.uk/1/hi/technology/3804895.stm
No real new info, but some good background. Several familiar names,
such as Ross Anderson, are interviewed.
Gee, a pity they can't calculate 2^128 correctly.
Greg.
Greg Rose
incentive does a miscreant have to
reprogram hundreds or thousands of other
cars???
Until recently, when viruses and worms started to be used to assist
spamming, what incentive did a miscreant have to invade hundreds or
thousands of computers?
Greg.
Greg Rose
about it,
depending which version of the story you've heard. Since he works for the
German NSA-equivalent, I guess he would take this seriously.
Greg.
Greg RoseINTERNET: [EMAIL PROTECTED]
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
).
Xuejia Lai clarified that the paper on E-print has been updated with
correct initial values. They were initially byte-reversed, which they
blamed on Bruce Schneier.
Greg.
Regards,
Mads Rasmussen
Open Communications Security
In the light of day and less inebriated, I'd like to clarify some of what I
wrote last night, and maybe expand a bit. My original account wasn't what
I'd like to think of as a record for posterity.
Greg.
At 13:11 2004-08-18 +1000, Greg Rose wrote:
Xiaoyun Wang was almost unintelligible
At 00:49 2004-08-19 +1000, Greg Rose wrote:
There has been criticism about the Wang et. al paper that it doesn't
explain how they get the collisions. That isn't right. Note that from the
incorrect paper to the corrected one, the delta values didn't change.
Basically, if you throw random numbers
is really message M and a random delta).
But I could also be mistaken on this.
Greg.
Greg RoseINTERNET: [EMAIL PROTECTED]
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr
Phil Hawkes' paper on the SHA-2 round function has just been posted as
Eprint number 207. It contains rather a lot of detail, unlike some of the
other papers on the subject of hash function collisions.
Greg.
Greg RoseINTERNET: [EMAIL PROTECTED]
Qualcomm
link?
http://eprint.iacr.org/2004/207.pdf
Greg.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
load for primality testing.
I must be misunderstanding. Surely. Please?
Greg.
Greg RoseINTERNET: [EMAIL PROTECTED]
Qualcomm Incorporated VOICE: +1-858-651-5733 FAX: +1-858-651-5766
5775 Morehouse Drivehttp://people.qualcomm.com/ggr/
San
this kind of
attack (whether they'd found it or not). We don't have a good analysis of
the data-expansion part, but I'm pretty sure that it'll defeat the Wang
attacks.
Greg.
Greg RoseINTERNET: [EMAIL PROTECTED]
Qualcomm Incorporated VOICE: +1-858-651-5733 FAX
disclosure...
or not.
Greg.
Greg RoseINTERNET: [EMAIL PROTECTED]
Qualcomm Incorporated VOICE: +1-858-651-5733 FAX: +1-858-651-5766
5775 Morehouse Drivehttp://people.qualcomm.com/ggr/
San Diego, CA 92121 232B EC8F 44C6 C853 D68F E107 E6BF
.
(*) actually each layer reduces the space of output keys slightly; not
enough to matter in practice, but it is actually infinitesimally worse than
just doing the hash.
Greg.
Greg RoseINTERNET: [EMAIL PROTECTED]
Qualcomm Incorporated VOICE: +1-858-651-5733
that credit issuers etc. impose
costs on innocent third parties and get away with it.
--
Greg Troxel [EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
as a price setting precedent.
They (NSA) did pay, and they (Certicom) did stick it in our faces.
See, eg., http://www.eweek.com/article2/0,1895,1498136,00.asp . Did
you miss this at the time?
Greg.
Greg RoseINTERNET: [EMAIL PROTECTED]
Qualcomm Incorporated
writing C who seem to think that
they have the right to do it as badly as they like, even though
they know you have to be properly qualified to work in other
fields.
Greg
-
The Cryptography Mailing List
Unsubscribe by sending
On 2005-09-18, Ian G wrote:
Greg Black wrote:
The problem is bad programmers.
No, the problem is good programmers. When K R
wrote C in the early 70s
K R did not write C, they wrote a book about C. R was the
creator of the language, with some inspiration and collaboration
from some
handling. The C goto statement is purely a local goto
and scares nobody who has grown up.
Greg
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
or two.
Greg.
Greg RoseINTERNET: [EMAIL PROTECTED]
Qualcomm Incorporated VOICE: +1-858-651-5733 FAX: +1-858-651-5766
5775 Morehouse Drivehttp://people.qualcomm.com/ggr/
San Diego, CA 92121 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081
with the fifth
word. The fact that the four words don't change is the giveaway that
it's a feistel structure. The later SHAs have a more complicated
structure, blurring the boundary a bit, but I'd still call them
unbalanced Feistel.
Greg
unlikely to
be anything like the benefits I have gained from online banking.
Greg
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
in the use of the current technology, but it turns out to be not
practical to use.
Greg
pgp3qLCcQF5wT.pgp
Description: PGP signature
(that is, the passphrase's) entropy.
You can add randomness from another source, and increase the total
entropy, but I don't think that is relevant to the original question.
Greg.
-
The Cryptography Mailing List
Unsubscribe by sending
might be easier
than the integer factorization problem. (At least, the above is my
understanding.)
Greg.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
. Wash doesn't have any
cryptographers.
I hardly think that you can discount the skills of Josh Beneloh and
Brian LaMacchia.
That changes in the fall: they hired an excellent young cryptographer
named Yoshi Kohno.
Damn, I was trying to hire Yoshi...
Greg
LaMacchia.
Who is discounting? I said they are good people but that they work
for Microsoft and not for the University of Washington.
Yes, my apologies, I misparsed your statement.
Greg.
-
The Cryptography Mailing List
Unsubscribe
://www.cryptico.com/Files/Filer/rabbit_contest.pdf.
Dan did *not* make the presentation. He was on the program but didn't speak.
Greg.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
, what browsers used OpenSSL and/or their
own broken code, and need to be patched? I have no idea.
Thanks to Alex Gantman for asking the question...
Greg.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
crappetycrap
would still be considered valid. There's a lot of code out there that
ignored the fact that after the FFs was specific ASN.1 stuff, and
just treated it as a defined part of the padding.
Greg.
-
The Cryptography Mailing
of trying to use it,
because you'll never be secure that way.
I just have to mention that e=2 is Rabin signatures, and they have
different and very stringent requirements for signatures. Maybe the
same problem exists, maybe it doesn't, I don't know.
Greg
for Unix - with the
Gnu libraries for portable access to object/ executable files, it could
be done relatively easily.
The sum command has existed in Unixes since before VMS existed.
Checksum has too many characters in the name ;-).
Greg
be
surprised if there weren't any out there in the wild.
Greg
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
, jpegs, mpegs,
mp3s, ...) that I've pointed it at, fails one or more of the tests.
True random-looking-ness is hard to find... :-)
Greg.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
a
(smallish) number of distinct such cycles. But since you'd have to
wait a very long time before this mattered, it isn't a practical
worry.
Greg.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography
.
Greg.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
, Greg
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
that you agreed the
key with the person you think you agreed it with? It's turtles all
the way down.)
Greg.
saqib
http://www.linkedin.com/in/encryption
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
Victor Duchovni [EMAIL PROTECTED] writes:
Secure in what sense? Did I miss reading about the part of QKD that
addresses MITM (just as plausible IMHO with fixed circuits as passive
eavesdropping)?
It would be good to read the QKD literature before claiming that QKD is
always unauthenticated.
and search for the Codes
and Ciphers Heritage Trust. I helped them rebuild Colossus a couple of
years ago, and have just donated some more (thanks, Perry). Note,
though, minimum donation is $500.
Greg.
-
The Cryptography Mailing List
is a very long time to wait. You'd need to make this
two orders of magnitude faster before it would have a hope of being
interesting. (And for me, it would have to be at least four orders of
magnitude faster before I could consider it to be useful.)
Greg
of this entire effort.
Greg.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
as well as s-boxes... the
addition carries represent high degree terms.
Greg.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Perry E. Metzger wrote:
Greg Rose [EMAIL PROTECTED] writes:
His example was an insanely complicated theoretical LFSR-based stream
cipher; recovers keys with 2^28 (from memory, I might be a little
out), with 2^40 precomputation, from only about a million output
bits. They are working on applying
Steven M. Bellovin wrote:
Greg, assorted folks noted, way back when, that Skipjack looked a lot
like a stream cipher. Might it be vulnerable?
Hmmm, interesting. I'm getting increasingly closer to talking through my
hat, but...
Skipjack has an 8x8 S-box, so by definition the maximum degree
talk or Wang's rump session (breaking
MD5, SHA-0, HAVAL, ...) is the high point of Crypto for me... I think Cube.
Greg.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
James Muir wrote:
Greg Rose wrote:
Basically, any calculation with inputs and outputs can be represented as
an (insanely complicated and probably intractable) set of binary
multivariate polynomials. So long as the degree of the polynomials is
not too large, the method allows most
David Wagner wrote:
It's a brilliant piece of research. If you weren't at CRYPTO, you missed
an outstanding talk (and this wasn't the only one!).
Yes, the program chair and committee did a great job. Whatsisname? Oh,
yeah, David Wagner.
Greg
,
Greg.
(cc:ed back to the crypto list)
Matt Ball wrote:
Hi Greg,
I don't think we've met, but I'm also at the crypto conference, and
happened to be sitting next to Adi and showed him this e-mail thread.
He mentioned that the following text was a little misleading:
On Wed, Aug 20, 2008 at 2:40 PM
be fast
enough.
hope that helps,
Greg.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Hal Finney wrote:
So, you don't have a 133-bit block cipher lying around? No worries, I'll
sell you one ;-). Actually that is easy too. Take a trustworthy 128-bit
block cipher like AES. To encrypt, do:
1. Encrypt the first 128 bits (ECB mode)
2. Encrypt the last 128 bits (also ECB mode).
I
... otherwise generate more bits. This is about as simple as
it gets.
Greg.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
) opinion that the current attacks can't be extended
to the SHA-2 family, due to the avalanche effect in the data
expansion, which is significantly different to the designs of its
ancestors. SHA-2 would need a new breakthrough.
Greg
Greetings list members,
I have published a unique factoring method related to Pollard's Rho that
is published here:
http://blog.liveammo.com/2009/06/factoring-fun/
Any feedback would be appreciated.
-
The Cryptography
for an attacker to get themselves assigned to the same
machine and use timing/cache attacks to recover your keys.
(At that point I was tired and inebriated and left.)
Greg.
On 2009 Aug 19, at 2:01 , Perry E. Metzger wrote:
Watching the rump session online briefly last night, I saw
particularly related, but there was a presentation at
Eurocrypt about MD5 preimages earlier this year. Or maybe it was MD4...
Greg.
Of course, I still believe in hash algorithm agility: regardless of
how preimage attacks will be found, we need to be able to deal with
them immediately.
--Paul
leak information.
Greg.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
this surprise anyone?
-Greg
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Unfortunately I can't remember the author, but there was a paper
showing that an encrypted counter was secure to use as IVs for CBC
mode. So encrypting a shorter random IV should also be secure.
Greg.
On 2010 Jun 2, at 9:36 , Ralph Holz wrote:
Dear all,
A colleague dropped in yesterday
-protected, it thoughtfully installs a keystroke logger as well
Ah, the irony of a trojan stealing something that, because of lack of PKI, is
essentially useless anyway...
100 years from now they'll be blaming the trojan for lack of a certificate
infrastructure.
Greg
quickly, if
it hasn't already.
--
Greg Broiles
gbroi...@gmail.com (Lists only. Not for confidential communications.)
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
76 matches
Mail list logo