• > Subscription page
• > Subscribe via email
• > Mailing List Archive
• > Disk Encryption Suites
• > FDE Impact Analysis

• > ReplayCall

Re: "Cube" cryptanalysis?
Thu, 21 Aug 2008 13:55:00 +0000

David Wagner wrote:> It's a brilliant piece of research. If you weren't at CRYPTO, you missed> an outstanding talk (and this wasn't the only one!).Yes, the program chair and committee did a great job. Whatsisname? Oh, yeah, David Wagner.Greg.---------------------------------------------------------------------The Cryptography Mailing ListUnsubscribe by sending "unsubscribe cryptography" to .. .. read more..

Inscrypt 2008 CFP
Thu, 21 Aug 2008 13:32:00 +0000

Forwarded:From: "Peng Liu" To: Cc: "Peng Liu" , "D LIN" Reply-To: "Peng Liu" ------------------------------------------------------------------------ We are sorry if you receive multiple copies! ------------------------------------------------------------------------ .. .. read more..

Re: "Cube" cryptanalysis?
Thu, 21 Aug 2008 07:16:00 +0000

Steve Bellovin writes:>Greg, assorted folks noted, way back when, that Skipjack looked a lot>like a stream cipher. Might it be vulnerable?I'm still absorbing Adi's new ideas, and I haven't looked at this in anydetail, so anything I say should be taken with an enormous grain of salt.But, off-hand, I'd guess not. I don't see anything that immediatelymakes me worried about Skipjack, or AES for .. .. read more..

Re: "Cube" cryptanalysis?
Wed, 20 Aug 2008 21:40:00 +0000

James Muir wrote:> Greg Rose wrote:>> Basically, any calculation with inputs and outputs can be represented as>> an (insanely complicated and probably intractable) set of binary>> multivariate polynomials. So long as the degree of the polynomials is>> not too large, the method allows most of the nonlinear terms to be>> cancelled out, even though the attacker can't possibly handle them. Then>> .. .. read more..

Re: [p2p-hackers] IETF rejects Obfuscated TCP
Wed, 20 Aug 2008 21:23:00 +0000

At Wed, 20 Aug 2008 13:27:50 -0700,Adam Langley wrote:>> On Wed, Aug 20, 2008 at 1:15 PM, Alex Pankratov wrote:>> Based on this reply alone I'm not sure I follow. I also read quickly>> through your exchange on TCPM and your comments appear to be specific>> to Adam's draft.>>>> My comment was not related to either a latency or a potential performance>> problems of TLS. It .. .. read more..

RE: [p2p-hackers] IETF rejects Obfuscated TCP
Wed, 20 Aug 2008 20:15:00 +0000

> -----Original Message-----> From: Eric Rescorla [mailto:ekr@networkresonance.com]> Sent: August 20, 2008 12:29 PM> To: Alex Pankratov> Cc: 'Eric Rescorla'; 'theory and practice of decentralized computer> networks'; cryptography@metzdowd.com> Subject: Re: [p2p-hackers] IETF rejects Obfuscated TCP>> At Wed, 20 Aug 2008 11:59:48 -0700,> Alex Pankratov wrote:>>> May I ask what you're trying to .. .. read more..

Re: [p2p-hackers] IETF rejects Obfuscated TCP
Wed, 20 Aug 2008 19:28:00 +0000

At Wed, 20 Aug 2008 11:59:48 -0700,Alex Pankratov wrote:>> May I ask what you're trying to accomplish? Recall that TLS doesn't>> start until a TCP connection has been established, so there's>> aready a proof of the round trip.>>>> That said, a mechanism of this type has already been described>> for DTLS (RFC 4347), so no new invention would be needed.>> My comment was in a context of a .. .. read more..

RE: [p2p-hackers] IETF rejects Obfuscated TCP
Wed, 20 Aug 2008 18:59:00 +0000

> -----Original Message-----> From: owner-cryptography@metzdowd.com [mailto:owner-> cryptography@metzdowd.com] On Behalf Of Eric Rescorla> Sent: August 20, 2008 10:31 AM> To: Alex Pankratov> Cc: 'theory and practice of decentralized computer networks';> cryptography@metzdowd.com> Subject: Re: [p2p-hackers] IETF rejects Obfuscated TCP[snip]> May I ask what you're trying to accomplish? Recall that .. .. read more..

Re: [p2p-hackers] IETF rejects Obfuscated TCP
Wed, 20 Aug 2008 18:31:00 +0000

>> May I ask what you're trying to accomplish?>I assume which uses the TCPconnection setup to do a key agreement. Slick but apparentlysusceptible to DoS.-Michael Heyman---------------------------------------------------------------------The Cryptography Mailing ListUnsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com .. .. read more..

Re: [p2p-hackers] IETF rejects Obfuscated TCP
Wed, 20 Aug 2008 17:31:00 +0000

At Tue, 19 Aug 2008 20:57:33 -0700,Alex Pankratov wrote:>> CC'ing cryptography mail list as it may be of some interest to the > folks over there.>>> -----Original Message----->> From: p2p-hackers-bounces@lists.zooko.com [mailto:p2p-hackers->> bounces@lists.zooko.com] On Behalf Of Lars Eggert>> Sent: August 19, 2008 5:34 PM>> To: David Barrett; theory and practice of decentralized computer> .. .. read more..

Re: "Cube" cryptanalysis?
Wed, 20 Aug 2008 16:12:00 +0000

Greg Rose wrote:> Basically, any calculation with inputs and outputs can be represented as > an (insanely complicated and probably intractable) set of binary > multivariate polynomials. So long as the degree of the polynomials is > not too large, the method allows most of the nonlinear terms to be > cancelled out, even though the attacker can't possibly handle them. Then > you solve a tractable .. .. read more..

Re: "Cube" cryptanalysis?
Wed, 20 Aug 2008 13:11:00 +0000

someone wrote:> what about RC4, the most important stream> cipher in the Internet world?So I cornered Adi for a while. Of course he'd thought of almosteverything I wanted to ask.You're not the first to think of RC4 (I confess I wasn't either). No, ifyou try to express shuffling as a polynomial, its degree is off the planet.As for some of the other things I said:when you compound s-boxes, the .. .. read more..

RE: [p2p-hackers] IETF rejects Obfuscated TCP
Wed, 20 Aug 2008 03:57:00 +0000

CC'ing cryptography mail list as it may be of some interest to the folks over there.> -----Original Message-----> From: p2p-hackers-bounces@lists.zooko.com [mailto:p2p-hackers-> bounces@lists.zooko.com] On Behalf Of Lars Eggert> Sent: August 19, 2008 5:34 PM> To: David Barrett; theory and practice of decentralized computer> networks> Subject: Re: [p2p-hackers] IETF rejects Obfuscated TCP>> On .. .. read more..

Re: Kiwi expert cracks chip passport
Wed, 20 Aug 2008 01:23:00 +0000

[Not sure if this is still of general list interest, let's take the followups off-list. If anyone else wants to be included in the off-list discussion, let me know].Stefan Kelm writes:>Did the "Golden Reader Tool" (GRT) recognize the Cardman reader w/o any>modifications? The most current version I have (GRT v2.9) says in the>"ePassport Reader List":>> - Integrated .. .. read more..

Re: "Cube" cryptanalysis?
Wed, 20 Aug 2008 00:37:00 +0000

Steven M. Bellovin wrote:> Greg, assorted folks noted, way back when, that Skipjack looked a lot> like a stream cipher. Might it be vulnerable?Hmmm, interesting. I'm getting increasingly closer to talking through my hat, but...Skipjack has an 8x8 S-box, so by definition the maximum degree of the polynomials for a trip through the S-box is 8 (but it could be lower... I don't know off the top of .. .. read more..

Re: "Cube" cryptanalysis?
Wed, 20 Aug 2008 00:12:00 +0000

Greg, assorted folks noted, way back when, that Skipjack looked a lotlike a stream cipher. Might it be vulnerable? --Steve Bellovin, http://www.cs.columbia.edu/~smb---------------------------------------------------------------------The Cryptography Mailing ListUnsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com .. .. read more..

Re: "Cube" cryptanalysis?
Tue, 19 Aug 2008 23:53:00 +0000

Perry E. Metzger wrote:> Greg Rose writes:>> His example was an insanely complicated theoretical LFSR-based stream>> cipher; recovers keys with 2^28 (from memory, I might be a little>> out), with 2^40 precomputation, from only about a million output>> bits. They are working on applying the technique to real>> ciphers... Trivium, which is a well-respected E*Stream cipher, is in> .. .. read more..

Re: "Cube" cryptanalysis?
Tue, 19 Aug 2008 23:20:00 +0000

Greg Rose writes:> His example was an insanely complicated theoretical LFSR-based stream> cipher; recovers keys with 2^28 (from memory, I might be a little> out), with 2^40 precomputation, from only about a million output> bits. They are working on applying the technique to real> ciphers... Trivium, which is a well-respected E*Stream cipher, is in> their sights.>> My team's .. .. read more..

Re: "Cube" cryptanalysis?
Tue, 19 Aug 2008 22:38:00 +0000

Perry E. Metzger wrote:> According to Bruce Schneier...>> http://www.schneier.com/blog/archives/2008/08/adi_shamirs_cub.html>> ...Adi Shamir described a new generalized cryptanalytic attack at> Crypto today.>> Anyone have details to share?Stunningly smart, and an excellent and understandable presentation.Basically, any calculation with inputs and outputs can be represented as an (insanely .. .. read more..

"Cube" cryptanalysis?
Tue, 19 Aug 2008 22:12:00 +0000

According to Bruce Schneier...http://www.schneier.com/blog/archives/2008/08/adi_shamirs_cub.html...Adi Shamir described a new generalized cryptanalytic attack atCrypto today.Anyone have details to share?Perry---------------------------------------------------------------------The Cryptography Mailing ListUnsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com .. .. read more..

Re: EFF press release on the gag order being lifted.
Tue, 19 Aug 2008 21:37:00 +0000

Perry E. Metzger wrote:> http://www.eff.org/press/archives/2008/08/19> You wonder if it was MTBA exhibit 4 that tipped their case against theMTBA's injunction, using Roblimo's article on Sklyarov, quoting reactions toDmitry Sklyarov's arrest for a DMCA violation on July 16, 2001, wherein: Jennifer Granick, the clinical director of Stanford University's Center for Internet and Society, has also .. .. read more..

EFF press release on the gag order being lifted.
Tue, 19 Aug 2008 19:57:00 +0000

http://www.eff.org/press/archives/2008/08/19-- Perry E. Metzger perry@piermont.com---------------------------------------------------------------------The Cryptography Mailing ListUnsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com .. .. read more..

Re: Boston subway restraining order quashed.
Tue, 19 Aug 2008 19:43:00 +0000

At 03:33 PM 8/19/2008 -0400, Perry E. Metzger wrote:>http://blog.wired.com/27bstroke6/2008/08/federal-judge-t.htmlMBTA's claim was based on CFAA, the Computer Fraud and Abuse Act. Properly, the judge decided (in effect) that CFAA only applies to messing with computers (a legal term of fanciful art), not to speaking about software that might mess with computers.The more interesting question, .. .. read more..

Boston subway restraining order quashed.
Tue, 19 Aug 2008 19:33:00 +0000

http://blog.wired.com/27bstroke6/2008/08/federal-judge-t.html-- Perry E. Metzger perry@piermont.com---------------------------------------------------------------------The Cryptography Mailing ListUnsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com .. .. read more..

Re: Voting machine security
Tue, 19 Aug 2008 18:18:00 +0000

On Mon, Aug 18, 2008 at 09:24:33AM -0700, Eric Rescorla wrote:[...]> Without directly addressing the question of the quality of Diebold's> offerings, I actually don't think the criticism implied here is> entirely fair. If you're going to have voting machines, even precinct> count optical scanners (and because of the complexity of US elections,> hand counting is quite expensive), you likely want .. .. read more..

© Cryptography and Encryption Mailing List