On Mon, 2 May 2005, sunder wrote:
Yeah, but these days, I'd go with the largest flash drive I could
afford. USB2 or otherwise. I don't believe you can recover data from
these once you actually overwrite the bits (anyone out there know any
different?).
There are lots of pitfalls in
On Thu, 3 Feb 2005, Erwann ABALEA wrote:
And do you seriously think that you can't do that, it's technically not
possible is a good answer? That's what you're saying. For me, a better
answer is you don't have the right to deny my ownership.
Yes, Senator McCarthy, I do in fact feel safer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hiawatha's Research
Jason Holt [EMAIL PROTECTED]
June, 2004, released into the public domain.
Dedicated to Eric Rescorla, with apologies to Longfellow.
(E. Rescorla may be substituted for Hiawatha throughout.)
Hiawatha, academic,
he could start ten
[Adam and I are taking this discussion off-list to spare your inboxes, but
this message seemed particularly relevant. Perhaps we'll come back later if
we come up with anything we think will be of general interest.]
-J
On Tue, 11 May 2004, Adam Back
[Adam and I are taking this discussion off-list to spare your inboxes, but
this message seemed particularly relevant. Perhaps we'll come back later if
we come up with anything we think will be of general interest.]
-J
On Tue, 11 May 2004, Adam Back
On Mon, 10 May 2004, Adam Back wrote:
On Mon, May 10, 2004 at 03:03:56AM +, Jason Holt wrote:
[...] Actually, now that you mention Chaum, I'll have to look into
blind signatures with the BF IBE (issuing is just a scalar*point
multiply on a curve).
I think you mean so that the CA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 10 May 2004, Adam Back wrote:
After that I was presuming you use a signature to convince the server
that you are authorised. Your comment however was that this would
necessarily leak to the server whether you were a doctor or an AIDs
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 10 May 2004, Adam Back wrote:
OK that sounds like it should work. Another approach that occurs is
you could just take the plaintext, and encrypt it for the other
attributes (which you don't have)? It's usually not too challenging
to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 10 May 2004, Adam Back wrote:
After that I was presuming you use a signature to convince the server
that you are authorised. Your comment however was that this would
necessarily leak to the server whether you were a doctor or an AIDs
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 10 May 2004, Adam Back wrote:
OK that sounds like it should work. Another approach that occurs is
you could just take the plaintext, and encrypt it for the other
attributes (which you don't have)? It's usually not too challenging
to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, 9 May 2004, Adam Back wrote:
and seeing that it is a completely different proposal essentially
being an application of IBE, and extension of the idea that one has
multiple identities encoding attributes. (The usual attribute this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, 9 May 2004, Adam Back wrote:
and seeing that it is a completely different proposal essentially
being an application of IBE, and extension of the idea that one has
multiple identities encoding attributes. (The usual attribute this
Several things:
* Using the output to seed MD5 for the next block exposes that part of the
state of the RNG. Might be better to use half the MD5 output as seed for the
next block, and the other half as output data.
* Your RNG takes input from an attackable source. I can significantly reduce
(Re: my paper at http://eprint.iacr.org/2002/151/ )
Stefan Brands wrote:
- The system is subject to a simple attack. The problem lies with the
multiplication of the hashes. Let's take the Chaum blinding as an
[...]
(For our readers at home, that was the vulnerability I mentioned in
(Re: my paper at http://eprint.iacr.org/2002/151/ )
Stefan Brands wrote:
- The system is subject to a simple attack. The problem lies with the
multiplication of the hashes. Let's take the Chaum blinding as an
[...]
(For our readers at home, that was the vulnerability I mentioned in
(Re: my paper at http://eprint.iacr.org/2002/151/ )
Let me first point out that Dr. Stefan Brands noted an insecurity in
my system which would allow malicious users to obtain issuer signatures on
arbitrary documents.
This is due to the fact that users aren't prevented from using
I've submitted a pre-print of my anonymous credential system to the IACR
ePrint server. Thanks to all of you who responded to the questions I posted
here while working on it. I'd love to hear feedback from any and all before I
sumbit it for publication; particularly, I want to make sure I
I've submitted a pre-print of my anonymous credential system to the IACR
ePrint server. Thanks to all of you who responded to the questions I posted
here while working on it. I'd love to hear feedback from any and all before I
sumbit it for publication; particularly, I want to make sure I
[...]
Speaking of anonymous, you should give credit in your paper to Anonymous
for discovering the possibility of marking Lucre coins, in a coderpunks
posting at
http://www.mail-archive.com/coderpunks@toad.com/msg02186.html, and for
inventing the Type II Defence, both in the posting above
I'm working on designing the programming projects for a data security class.
What do you think of this one?
I love its intrinsic irony, but can we actually get away with requiring it for
a university class? I mean, Elcomsoft really is in court for this. My
University is unfortunately not
I'm working on designing the programming projects for a data security class.
What do you think of this one?
I love its intrinsic irony, but can we actually get away with requiring it for
a university class? I mean, Elcomsoft really is in court for this. My
University is unfortunately not
Roy M. Silvernail[SMTP:[EMAIL PROTECTED]]
Given internet access from a private intranet, through an HTTP
proxy out of the user's control, is it possible to establish a secure
tunnel to an outside server? I'd expect that ordinary SSL
connections will secure user - proxy and proxy - server
On Tue, 23 Jul 2002, Adam Back wrote:
[...]
However, it is possible for the proxy to have its own CA which has
been added to your browser. Then it acts as a man in the middle and
pretends to be the remote host to you, and vice versa. In that
case, it works as you describe, watching the
Well, I got such a good response from my last technical question that I'll try
again :)
If it's actually secure, it'll go really well with my credential system.
Trent generates primes p,q. He publishes n=pq and some random value g.
Trent calculates a and a' such that aa' = 1 % (p-1)(q-1) and
Maybe you could say more about the details of your credential system.
Such a system built on Wagner blinding might be very interesting.
I've been thinking it would be nice to post my entire paper here (and
maybe on sci.crypt.research) before sending it off to the journals. What are
the
Maybe you could say more about the details of your credential system.
Such a system built on Wagner blinding might be very interesting.
I've been thinking it would be nice to post my entire paper here (and
maybe on sci.crypt.research) before sending it off to the journals. What are
the
But actually another solution is much simpler, which is to do blinding
as just h * g^b, without a y factor. That works fine as long as the
bank is known not to be misbehaving. Ben's paper shows how the bank
can use a ZK proof to show that it is raising to the same power k every
time,
In his paper on Lucre (2nd defence against marking):
http://anoncvs.aldigital.co.uk/lucre/
Ben Laurie gives this as a (possibly patent-free) blinding technique,
where h is the message, and g is the public generator:
r = blind(h) = h^y * g^b (mod p)
To sign,
s =
In his paper on Lucre (2nd defence against marking):
http://anoncvs.aldigital.co.uk/lucre/
Ben Laurie gives this as a (possibly patent-free) blinding technique,
where h is the message, and g is the public generator:
r = blind(h) = h^y * g^b (mod p)
To sign,
s =
In Applied Cryptography, p. 87 (2nd ed., heading Bit Commitment Using One-Way
Functions) Schneier specifies that Alice must generate 2 random bit strings
before hashing, and then send one along with the hash as her commitment:
commitment = H(R1, R2, b), R1
Then she sends R2 and her bit to
Ian Grigg wrote:
[...]
SSL for commerce is readily in place without batting an eyelid these days.
Costs are still way too high. This won't change until
browsers are shipped that treat self-signed certs as being
valid. Unfortunately, browser manufacturers believe in
cert-ware for a
In Applied Cryptography, p. 87 (2nd ed., heading Bit Commitment Using One-Way
Functions) Schneier specifies that Alice must generate 2 random bit strings
before hashing, and then send one along with the hash as her commitment:
commitment = H(R1, R2, b), R1
Then she sends R2 and her bit to
Ian Grigg wrote:
[...]
SSL for commerce is readily in place without batting an eyelid these days.
Costs are still way too high. This won't change until
browsers are shipped that treat self-signed certs as being
valid. Unfortunately, browser manufacturers believe in
cert-ware for a
On Thu, 30 May 2002, Ian Grigg wrote:
[...]
And, in practice this is how it goes. No thief ever bothers
to do an MITM, even over *un*encrypted traffic. They simply
hack into the machines and steal it all. That's why there
has never been a case of CCs sniffed over the net and being
used to
Ian Grigg wrote:
[...]
SSL for commerce is readily in place without batting an eyelid these days.
Costs are still way too high. This won't change until
browsers are shipped that treat self-signed certs as being
valid. Unfortunately, browser manufacturers believe in
cert-ware for a
On Thu, 30 May 2002, Ian Grigg wrote:
[...]
And, in practice this is how it goes. No thief ever bothers
to do an MITM, even over *un*encrypted traffic. They simply
hack into the machines and steal it all. That's why there
has never been a case of CCs sniffed over the net and being
used to
36 matches
Mail list logo
