search for: cryptanalysis

...ch to rain smack down upon the non-believers and other intellectual trilobites. For verification: 1) do a quick web search 2) read Shannon's experiment 3) Cover an unseen word in an ordinary book and see if you can guess it correctly every second to fourth time. Consider a lucrative career in cryptanalysis if you are consistently successful... I, Zone Lee Free, encrypted, secure Web-based email at www.hushmail.com

...ke many folk, I need to report the fits obtained from ppr to the greater, outside, non-R world. It is fairly obvious how to use the terms alpha and beta to report on directionality and importance. It has proven difficult to report on the spline fits generated. We are moving into some "cryptanalysis" of the uncommented "predict" code with the "ppr" method in order to locate the information, and can report, if warranted. The question: How can one simply recover the spline knots and the spline parameters associated with a particular fit? Are we missing something o...

...shcipher *c) +{ + /* + * Chacha20-Poly1305 does not benefit from data-based rekeying, + * per "The Security of ChaCha20-Poly1305 in the Multi-user Setting", + * Degabriele, J. P., Govinden, J, Gunther, F. and Paterson K. + * ACM CCS 2021; https://eprint.iacr.org/2023/085.pdf + * + * Cryptanalysis aside, we do still want do need to prevent the SSH + * sequence number wrapping and also to rekey to provide some + * protection for long lived sessions against key disclosure at the + * endpoints, so arrange for rekeying every 2**32 blocks as the + * 128-bit block ciphers do (i.e. every 32GB d...

...1305 does not benefit from data-based rekeying, + * per "The Security of ChaCha20-Poly1305 in the Multi-user Setting", + * Degabriele, J. P., Govinden, J, Gunther, F. and Paterson K. + * ACM CCS 2021; https://eprint.iacr.org/2023/085.pdf<https://eprint.iacr.org/2023/085.pdf> + * + * Cryptanalysis aside, we do still want do need to prevent the SSH + * sequence number wrapping and also to rekey to provide some + * protection for long lived sessions against key disclosure at the + * endpoints, so arrange for rekeying every 2**32 blocks as the + * 128-bit block ciphers do (i.e. every 32GB data)...

...n it is highly unfortunate if one of the keys turns out to be a no-op. Why does 3DES only use 2 keys and not three? Because you could use 3 keys and still only get 112 bits of security. Why does DES use 56 bits of key, and not say 64? Because DES has close to 56 bits of real security. (Differential cryptanalysis has a complexity comparable to 54 bits, right?) It is easy to make more bits "influence" the output of your cryptographic algorithms, but it is hard to make them actually cryptographically matter. -- REW] -- Raul

...; + * Chacha20-Poly1305 does not benefit from data-based rekeying, > + * per "The Security of ChaCha20-Poly1305 in the Multi-user Setting", > + * Degabriele, J. P., Govinden, J, Gunther, F. and Paterson K. > + * ACM CCS 2021; https://eprint.iacr.org/2023/085.pdf > + * > + * Cryptanalysis aside, we do still want do need to prevent the SSH > + * sequence number wrapping and also to rekey to provide some > + * protection for long lived sessions against key disclosure at the > + * endpoints, so arrange for rekeying every 2**32 blocks as the > + * 128-bit block ciphers do (i...

I was wondering if there was something specific to the internal chacha20 cipher as opposed to OpenSSL implementation. I can't just change the block size because it breaks compatibility. I can do something like as a hack (though it would probably be better to do it with the compat function): if (strstr(enc->name, "chacha")) *max_blocks = (u_int64_t)1 << (16*2);

...m data-based rekeying, > + * per "The Security of ChaCha20-Poly1305 in the Multi-user Setting", > + * Degabriele, J. P., Govinden, J, Gunther, F. and Paterson K. > + * ACM CCS 2021; https://eprint.iacr.org/2023/085.pdf<https://eprint.iacr.org/2023/085.pdf> > + * > + * Cryptanalysis aside, we do still want do need to prevent the SSH > + * sequence number wrapping and also to rekey to provide some > + * protection for long lived sessions against key disclosure at the > + * endpoints, so arrange for rekeying every 2**32 blocks as the > + * 128-bit block ciphers do (i...

Hi, I was discussing the common practice of disk eradication used by many firms for security. I was thinking this may be a useful feature of ZFS to have an option to eradicate data as its removed, meaning after the last reference/snapshot is done and a block is freed, then write the eradication patterns back to the removed blocks. By any chance, has this been discussed or considered before?

For the encryption functionality in the ZFS filesystem we use AES in CCM or GCM mode at the block level to provide confidentiality and authentication. There is also a SHA256 checksum per block (of the ciphertext) that forms a Merkle tree of all the blocks in the pool. Note that I have to store the full IV in the block. A block here is a ZFS block which is any power of two from 512 bytes to

(Sorry, third time -- last one, promise, just giving it a subject line!) OK, a second machine hosted at the same hosting company has also apparently been hacked. Since 2 of out of 3 machines hosted at that company have now been hacked, but this hasn't happened to any of the other 37 dedicated servers that I've got hosted at other hosting companies (also CentOS, same version or almost),