Robert J. Hansen wrote:
>
> The latest versions of PGP support them.
I've got the most up-to-date version of PGP. In fact, it doesn't support them
_yet_.
The signs are there that they're _almost_ supported - in other words, if you
try to add a DSA2 signing subkey the combo boxes have 1536, 2048,
On Fri, Aug 24, 2007 at 09:33:59AM +0100, [EMAIL PROTECTED] wrote:
> Robert J. Hansen wrote:
> >
> > The latest versions of PGP support them.
>
> I've got the most up-to-date version of PGP. In fact, it doesn't support them
> _yet_.
>
> The signs are there that they're _almost_ supported - in ot
That was a very good explanation of what a hash firewall and a
second-preimage attack are. But I think it gives the impression that all
the hash firewall is good for is protecting against a second-preimage
attack, and therefore is of little importance, since a successful
second-preimage attack on S
On Fri, 24 Aug 2007 20:06, [EMAIL PROTECTED] said:
> Do hash firewalls have any drawbacks (performance decrease, difficult to
> implement, patent issues etc.)? What's the reason DSA doesn't have one?
DSA ist the signature algorithm used with DSS, the Digital Signature
Standard. DSS requires the
On Fri, Aug 24, 2007 at 09:06:24PM +0300, Oskar L. wrote:
> Do hash firewalls have any drawbacks (performance decrease, difficult to
> implement, patent issues etc.)? What's the reason DSA doesn't have one?
I suspect a major reason is the main use of DSA is really DSS - and
DSS was never intended
Oskar L. wrote:
> So if we start with Bob, we need to have 253 more people, to be able to
> make 253 different pairs of which Bob is part of.
We need 22 more people.
In a room of 23 people, there are C(23, 2) different pairs, or 253.
You should probably refresh your knowledge of combinatorics be
Robert J. Hansen wrote:
> In a room of 23 people, there are C(23, 2) different pairs, or 253.
D'oh. This will teach me to read things quickly. Oskar was
specifically saying pairs of which Bob was a part, not total pairs in
the room.
(gets out the brown paper bag)
_
Message: 5
Date: Fri, 24 Aug 2007 08:58:29 -0400
David Shaw wrote:
>
> Thanks for checking this. Can you tell me what happens if you import
> a (GPG created) DSA2 key into PGP? Is PGP then able to verify a DSA2
> signature created with GPG?
No problem. PGP Desktop accepts the GPG-created DSA2 k
Oskar L. wrote:
> calculators designed to show very large numbers can show the result. Now I
> compare all the hashes from one picture to all the hashes from the other.
Doing a birthday attack is highly nontrivial. E.g., to do a birthday
attack on SHA256 requires a minimum, a _minimum_, of over 1
Nigel Brown wrote:
> Right you are. And I should have known better than to doubt Mr Hansen.
In fact, I was wrong--I said PGP supported creating DSA2 keys, which
apparently it doesn't. I foolishly thought that just because I'd seen
PGP support using DSA2 keys, that it meant PGP supported creating
"Robert J. Hansen" wrote:
> This is not my experience. I've received spam addressed to my amateur
> radio call sign (KC0SJE) at a domain that's not directly associated with
> me. I don't know how it was discovered, but for right now I'm leaning
> towards the hypothesis that spammers have made pa
Robert J. Hansen wrote:
> Doing a birthday attack is highly nontrivial. E.g., to do a birthday
> attack on SHA256 requires a minimum, a _minimum_, of over 10**17 joules
> to be liberated as heat. That's about as much as you'd get from an
> entire full-out strategic nuclear exchange between the US
Oskar L. wrote:
> My first guess would be that you are in one of your friends address
> book, and your friend has spyware that got it.
This is not the case. No one had it except me.
> If the amount of resources are so small that even combined they are
> insignificant, then why not use both?
Be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Nigel Brown wrote:
> I should have known better than to doubt Mr Hansen.
Nonsense! Mr. Hansen thrives on "being doubted" as this is what keeps
Him on His toes. :-D *LOL*
Seriously; any time You Question a statement for reasons other than
"That's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Oskar L. wrote:
> Traffic analysis will reveal what time you are active, and how much data
> you are transferring. To only way to protect against it is to download and
> upload all the time at a constant rate. Not worth it in my situation.
It will
Oskar L. wrote:
> I only meant to point out that a birthday attack would have a much better
> chance of finding a collision than a second preimage attack. I'm sorry if
> I made it sound trivial, I know it's not. I just tried to give an example
> of how it works that would be easy to understand.
We
Robert J. Hansen wrote:
> Because there is no such thing as an 'insignificant' amount of
> resources. Everything has a price associated with it. The trick is to
> get the most bang for your buck.
Well I guess what's insignificant to one person might not be to another. I
know some spammers get ad
> Well, except that your attack isn't a birthday attack.
>
> A birthday attack involves making a ton of different messages and
> checking _all_ messages created to find _any_ collision.
>
> Your attack involves taking one particular message and creating
> permutations of it, one after another, look
Oskar L. wrote:
> That the key is authentic means that it is the key Bob wanted you to have,
> and has not been changed in a man-in-the-middle attack or by any other
> means.
This is not the definition I have seen in use in the field. In
formalisms, authentication is usually presented as some var
19 matches
Mail list logo