sci.crypt
  Home FAQ Contact Sign in
sci.crypt only
 
Advanced search
July 2008
motuwethfrsasuw
 123456 27
78910111213 28
14151617181920 29
21222324252627 30
28293031    31
2008
 Jan   Feb   Mar   Apr 
 May   Jun   Jul   Aug 
 Sep   Oct   Nov   Dec 
2008 2007 2006  
total
sci.crypt Profile…
RELATED GROUPS

POPULAR GROUPS
 Up
  truecrypt equivalent with dm-crypt         


Author: Piergiorgio Sartor
Date: Jul 21, 2008 13:45

Hello,

I hope this is the correct NG to post such a question,
but I need some advice from experts about something is
"floating" in my mind.

I was playing around with some disk encryption tools,
namely truecrypt, dm-crypt and luks, and comparison
of features was, of course, happening.

So, truecrypt has, among other things, the possibility
to have cascade encryption and the encrypted header.

While truecrypt is also available under Linux, I was
wondering if it would be possible to create an equivalent
system using dm-crypt and luks.

The concept would be to use luks over a dm-crypt device,
which is over another dm-crypt device.
Show full article (2.07Kb)
no comments
  Unsigned CSR vulnerability         


Author: JHAF
Date: Jul 21, 2008 07:54

RFC 2986 (PKCS #10: Certification Request Syntax Specification Version
1.7) describes a vulnerability related to an unsigned CSR:

"The signature on the certification request prevents an entity from
requesting a certificate with another party's public key. Such an
attack would give the entity the minor ability to pretend to be the
originator of any message signed by the other party. This attack is
significant only if the entity does not know the message being signed
and the signed part of the message does not identify the signer. The
entity would still not be able to decrypt messages intended for the
other party, of course."

Another vulnerability could arise if unsigned CSRs weakens non-
repudiation. Let's suppose that Alice is requesting a certificate and
does know that the CSR will go unsigned to the RA/CA. After the
certificate is issued, she repudiates a purchase statement signed with
the private key saying that "she didn´t have access to the private
key" or "she didn't control it". Will an impartial observer (say, a
judge) consider reasonable this declaration?

JHAF
2 Comments
  Need to purchase AES code for Windows         


Author: Neil W.
Date: Jul 21, 2008 05:24

I have downloaded the AES code for several freeware implementations from the
Web, none of which have passed the Monte Carlo output tests when compiled
into a Win32 application (GUI or Console). Interestingly, they passed all
the other tests.

Most likely I am making some incredibly simple and stupid mistake. However,
I really need some working source code plus visual studio project files.

Is there someplace I can purchase some working AES source code, plus project
files that have been proven to pass the Monte Carlo tests in Win32
applications (and hopefully x64 applications as well).

Thanks.
8 Comments
  One time pad         


Author: jmorton123
Date: Jul 21, 2008 04:36

I was doing some searching and came across some software but it
doesn't seem to be available any longer.

It's called Original Absolute Privacy.

Does anyone have a copy or know how I can get a copy?

The website is not up.

Thanks.

jmorton123@rock dot com
25 Comments