hellman   105

« earlier    

A Few Thoughts on Cryptographic Engineering: Attack of the week: Logjam
Here it is in a nutshell: if the server supports DHE-EXPORT, the attacker can 'edit' the negotiation messages sent from the a client -- even if the client doesn't support export DHE -- replacing the client's list of supported ciphers with only export DHE. The server will in turn send back a signed 512-bit export-grade Diffie-Hellman tuple, which the client will blindly accept -- because it doesn't realize that the server is negotiating the export version of the ciphersuite. From its perspective this message looks just like 'standard' Diffie-Hellman with really crappy parameters.

All this tampering should run into a huge snag at the end of the handshake, when he client and server exchange Finished messages embedding include a MAC of the transcript. At this point the client should learn that something funny is going on, i.e., that what it sent no longer matches what the server is seeing. However, the loophole is this: if the attacker can recover the Diffie-Hellman secret quickly -- before the handshake ends -- she can forge her own Finished messages. In that case the client and server will be none the wiser.

The upshot of all of this is that about two weeks of pre-computation is sufficient to build a table that allows you to perform the downgrade against most export-enabled servers in just a few minutes (see the chart at right). This is fast enough that it can be done before the TLS connection timeout. Moreover, even if this is not fast enough, the connection can often be held open longer by using clever protocol tricks, such as sending TLS warning messages to reset the timeout clock.
Logjam  Diffie  Hellman  Diffie-Hellman  DH  EXPORT 
may 2015 by tj45
NPR: Cracking Open Encryption Standards (mp3)
"Recent revelations about the extent of NSA surveillance have put even the standards by which encryption systems are designed into question. Encryption experts Matthew Green, Phillip Zimmerman, and Martin Hellman discuss what makes a code secure and the limits of privacy in the modern age."

Source: http://www.npr.org/2013/10/04/229206779/cracking-open-encryption-standards
npr  interview  martin  hellman  matthew  green  phil  zimmerman  nsa  privacy  mp3  from delicious
october 2013 by pascalvanhecke
The Factoring Dead: Preparing for the Cryptopocalypse
Warum alle schnellstmöglich auf ECC umsteigen sollten. Oder: Warum RSA und DH bald schneller berechenbar sein könnten.
RSA  DHE  Diffie  Hellman  ECC 
august 2013 by tj45
Audio: New “Beyond the Book” Podcast Features Interview with GlueJar’s Eric Hellman | LJ INFOdocket
We want to offer rightsholders the opportunity to get a one-time payment in exchange for making their books into Creative Commons-licensed e-books. And the way we’re going to do this is by crowd-funding campaigns,” Hellman explains for CCC’s Chris Kenneally. “So if you have a favorite book, a book that’s important to you, a book that means a lot to you, that you’ve read, and you want everybody else in the world to read it, we’re going to offer you the opportunity to join with thousands of people like you to come up with the money to turn it into a book that’s free to everybody, everywhere.”
crowdfunding  biblioothèques  bibl  openaccess  Hellman  gluejar  unglue 
may 2012 by sentinelle

« earlier    

related tags

2009  2010  aaron  accessibility  acquisitions  advertising  ala  algebra  amazon  ambiguity  annotations  argument  article  authority-files  backdoor  bangalore  bias  bibl  biblioothèques  bibo  blog  blog_post  blogging  blogs  boingboing  book  books  bookstores  boston  budgets  business-models  c4l11  cataloging  citations  cliff  code4lib  coding  collection-development  color  commercials  commnad  commons  communication  communities  copyright  cost-per-click  creative  cross-site-scripting  crossrefopenurl  crowdfunding  crowds  crpytography  crypto  cryptography  culture  data-verification  design  dh  dhe  diffe  diffie-hellman  diffie  digiization  digitization  distribution  doi  downloads  drm\  dvd  ebooks  ebsco  ecc  economies-of-scale  edward  elliptical  ellis  encryption  english  ereaders  ereading  eric  exchange  explain  export  facebook  film  full-text-indexing  global-rights-movement  globalization  gluejar  google  googlebooks  government  green  handle  history  hours  humor  identifiers  identities  ifttt  ill  indexing  india  industry  info  interesting  interview  inverse-network-effect  ipad  isbn13  japan  javascript  key  kindle  kobo  language  librarians  libraries  library  licenses  linkeddata  links  logjam  mac  marc  martin  matthew  metadata  metcalfe's-law  monographs  mp3  name-disambiguation  negotiation  netlibrary  network-effect  nginx  noise  non-profits  npr  nsa  oclc  ontologies  open  openaccess  opensource  orcid  paper  patron-driven  pedantic-web  performance  phil  piracy  pki  pop  privacy  provenanc  public-libraries  public  publishing  python  quotes  rallies  reading  recommended  reference  replication  reputation  research  resolving-conflicts  rivest–shamir–adleman  road_to_nowhere  rsa  scholarly-communication  search-inside  secure  security  semantic_web  semanticweb  seo  social  ssl  starbucks  steve-erickson  storefront-libraries  superbowl  supply-chains  swartz  technology  tenure  text-to-speech  threshhold-effect  todo  totebags  trash  truth-providers  tufte  tumblr  twitter  u  unglue  uni  unicode  upc  url-shorting  user-interfaces  video  virtual-browse  web2.0  whitelabel  zimmerman 

Copy this bookmark: