So as the RSA patent is expiring, and the PGP folks are pissed at RSA
for various underhand legal shenanigans, can we expect a PGP version
with RSA on by default, perhaps released midnight 20 September as a
ceromonial event at the party?
What about a GnuPG version which includes RSA and IDEA, by
Frank Tobin writes:
> My proposal is realistic in the face that RFC 2440 is the standard
> to follow. One problem that people face today is that they still
> only think there are 3 real classes of PGP implementations out
> there; PGP 2.x, PGP 5.x and above, and GnuPG. However, as more and
> mor
I beg to differ. The fastest way to get people to upgrade is if the
new version works with the old version. There are still many pgp2.x
users who don't upgrade because they then lose the ability to
communicate with other 2.x users.
If PGP Inc had done the right thing and made pgp5.x backwards
No, it's not just you, it is indeed broken. So there are a number of
culprits:
- Probably mainly RSA for being difficult to deal with, and in general
letting lose a bunch of rabid lawyers on the crypto community.
Fortunately the patent has no expired.
- PGP/NAI for shipping versions without RS
Someone pointed out this information to me.
The European Telecommunications Standards Institute (ETSI) have
granted access to allow everyone, not just members, to their
specifications. These include the GSM specs. Start here:
http://webapp.etsi.org/publicationssearch/
Adam
Bill Stewart writes:
> 448 bits sounds a lot like MD5-based encryption - perhaps
> Luby-Rackoff or MDC? Or a homegrown system, doing successive MD5s
> or something? MD5 is no longer the safest hash these days
More likely Blowfish for two reasons i) the article mentioned blowfish
at the bot
David Conrad writes:
> On Wed, 2 Dec 1998, Dianelos Georgoudis wrote:
> > I will include a random delay to invalidate timing attacks.
>
> The right solution is to ensure that all encryptions, decryptions,
> signings, or signature verifications take the same amount of time.
> (The maximum, wor
Forwarded below Nicholas Bohm (a lawyer and frequent poster to
ukcrypto) injecting some reality into ex NSA lawyer Stewart Baker's
FUD.
Adam
==
Date: Tue, 08 Dec 1998 22:28:34 +
To: [EMAIL PROTECTED]
From: Nicholas Bohm <[E
Jeff.Hodges writes:
> quick semi-newbie question..
>
> [EMAIL PROTECTED] said:
> > But if a certified public key can be used for encryption and not just
> > signature verification, the corresponding private key must be
> > escrowed, and available to law enforcement within an hour of a
> > war
Writing about PGP's key recovery mechanism (CMR (Commercial Message
Recovery) or ADK (Additional Decryption Key)), Dave Del Torto quotes
from a letter he sent to [EMAIL PROTECTED]:
> I'm not aware of the KRA's public position on the recovery of
> plaintext using cryptographically sound and ethic
re. the use of a serial cable rather than an air gap / sneaker net
(floppy disk).
One thing that occurs is that if you were not careful the system might
be used to mount a timing attack against the back-end machine. See
Paul Kocher's RSA timing attack.
Timing attacks may be possible without co
Colin and others write about getting at the raw data stream (in the P3
HRNG). This is obviously a good thing for the reasons others have
discussed (fewer transistors, better assurance, you get my vote on
that Colin).
However, if the threat model is a highly resourced attacker (such as
say a hos
Wei Dai writes:
> Suppose you have a payment system that works like this:
>
> [check settlment procedure]
>
> [...]
>
> But to move away from terminology for a moment, if people really want
> instant settlement and don't care too much about privacy, is there any
> reason to expect that somethi
could cache or store the domain / public key binding and detect
rogue domain updates.
Adam
[1] `The Eternity Service', Ross Anderson,
http://www.cl.cam.ac.uk/users/rja14/eternity/eternity.html
[2] Eternity Server, Adam Back,
http://www.dcs.ex.ac.uk/~aba/eternity/announce.txt
http://www.dcs.ex
Ben writes:
> Anonymous wrote:
> > The ability to register a few identities which would survive a challenge
> > won't be too helpful for people who want to secretly register thousands
> > of DNs without their duplicity being detected...
>
> Sure, but suppose I own a block of flats, or an office
Anonymous writes:
> Adam Back writes:
> > The basic problem is that chaumian credentials are transferable.
>
> That's a good thing about Anna Lysyanskaya's credential system.
> [...] to let someone else use one of your [...] credentials, you
> have to give them
Bill proposes an alternative DNS system to allow third party
verification of server integrity, which I'll comment on below.
A meta-comment though, is that my earlier proposal (as well as Bill's
proposal) are essentially integrity verification functions on the
domain database. They don't prevent
Eric Rescorla writes:
> Vin McLellan <[EMAIL PROTECTED]> writes:
> > If you are waiting for NIST to offer the sort of full crypto module
> > validation tests that are offered to provide assurance for the DSA/Fortezza
> > version of FIPS-186(a), don't hold your breath.
>
> I'm not. I'd simply
Tom Weinstein writes:
> I think your view only makes sense if you are only interested in
> protecting yourself against entities who have $100,000 (or $50,000,
> or whatever) to build a DES cracking machine. If, on the other
> hand, you're also worried about 12 year old kids who pass around
> lis
Tom Weinstein writes:
> Adam Back wrote:
> > Jeff Schiller writes:
> >
> > > I presume that the TLS WG is planning to use DES to replace the RC4
> > > 40 bit cipher that was used for export compliance.
> >
> > I saw no indication that this was the
On how to stego pgp messages. First you have to ensure that the data
you are stegoing has a rectangular distribution with even probability
of {0,1} for each bit, and apply your stego technique. Various ideas
have been discussed, but as anonymous suggests this has all been
worked out for PGP 2.x
Anonymous writes about competition for /dev/random arising from other
processes and from processes using /dev/urandom which will use
/dev/random when available. ("Use" in the sense that it reseeds using
the /dev/random, and I take it from anonymous analysis actually
removes bytes from /dev/rando
btw. I had a go at reverse engineering Lotus Notes a few months back
to get the NSA's key out of it. I found the key, and the DN
(Distinguished Name -- the name attatched to the key) was 'Big
Brother'. Spooky huh? Someone at IBM had a sense of humor, or a
sense of resentment about having to im
[This struck me as having an entropy of at least 2048 bits so I'm
passing it on --Perry]
Anonymous provided the NSA and Microsoft CAPI keys in hex, so here are
their RSA CAPI keys formatted as PGP keys. I've signed them.
I put the keys at:
http://www.dcs.ex.ac.uk/~aba/nsakey/
Ad
This general area of discussion -- software modification
authentication -- is a bit fuzzy: if you can modify the software you
can patch out the check of the signature (a correctly placed NOP is
known to do it).
However, and for example in the FIPS 140-1 crypto software validation
program, you
Several people (Carl Ellison?, others) have suggested over the years
of the key escrow debate that if the government wants a voluntary key
escrow system all they have to do is publish a public key, and anyone
wanting to use it can Cc them.
A good source of a public key we know is the NSA's publi
Anonymous writes:
> Consider the following system, not yet completely practical, but perhaps
> with some more work it could be made so. Features:
>
> - A "mint" is used only to create the initial allocation of ecash.
>After that it is not needed.
>
> - Complete anonymity as with Chaum ec
27 matches
Mail list logo
