Selected posts and emails

General cryptography

• Payer-anonymous micropayments
• Using pseudorandomness without sacrificing forward secrecy
• Discrete log bit security
• Uniform security for Diffie-Hellman key exchange
• Blinding Diffie-Hellman
• Statistically distinguishing two random sources
• Detecting Clipper backdoors
• Comments on Digicash's ecash scheme, and some clarifications: [2] [3]
• PhD programs in cryptography
• Random mappings (beware: some errors found!)
• Entropy measures
• Combining ciphers
• Fair coin flips by phone
• Asking about crypt(3), and later answering my own question with a collision in crypt(3); see also this note.
• Fixed points of DES
• ECB o CFB = CBC: a note on modes of encryption
• The paranoid spy: optimal solutions to a secret-sharing problem (beware: slight bugs found near the end)
• A possible entropy crunching algorithm
• Techniques for fast distributed/parallel modular exponentiation
• Loss of entropy due to iteration of a hash function
• Truncation attacks on Hash-then-Encrypt (for CBC mode encryption)
• Attacks on Hash-then-Encrypt (for stream cipher encryption)
• The need for MACs
• Encrypt-then-Authenticate explained
• Use AES, not Twofish

Cryptanalysis

• S-1
• RC4 weak keys
• Colston's stream cipher
• NSEA (beware; some errors found)
• ZAES
• DES with independent keys
• Triple DES
• Executing encrypted code
• Extended-width-DES CBC-MAC
• Hashing with SL_2
• Variable size block ciphers
• Efficiently iterable hash functions
• The man-in-the-middle meets voice encryption
• Two LCPRNGs
• Factoring with a hint, and an earlier post
• Comments on using discrete logs in GF(p^2), i.e. Lucas sequences
• Breaking CBC when the key is used as IV
• Breaking PCBC when the key is used as IV
• HexaDES (a widened triple-DES variant) broken
• Cryptanalysis of des|tran|des|tran|des, Carl Ellison's 3-DES variant (note that a more general attack has been found by Paul Crowley)
• Cryptanalysis of CISCO's "Private Link" encryption protocol, as used in CISCO PIX routers
• Pitfalls when extending hash functions
• Speeding up dictionary attacks on MS Chap v2
• Time-space tradeoffs in attacking 40-bit versions of MS Chap v2
• Weaknesses in the WAP forum's WTLS protocol
• Weaknesses in ciphers that use a variable number of rounds

Computer security

• Exploiting security holes via the Web
• Endpoint security
• Netscape hole, and more explanation
• Weak RNG in Netscape
• Weakness in the Netware RNG?
• A weakness in Lan Manager password security
• A setuid nobody shell
• Using ptrace for good and for evil

Math

• A,B,C combinatorics
• Spaced objects
• Prime sequences
• A problem similar to difference sets (with applications to differential cryptanalysis) mostly solved

General computer programming

• Postscript -> ascii translator
• Passing file descriptors between processes, and some responses
• Interactive rsh
• Process tracing and system call interposition

Miscellaneous

• A note on banking privacy
• A note on public transparency and the intelligence community