Archive for the ‘cpsc433’ Category

New NSA Security Standard

Monday, March 7th, 2005

The National Security Agency has released a new, recommended set of cryptographic standards for securing sensitive and unclassified data. The standard, called “Suite B,” specifies Elliptic-Curve algorithms for public-key cryptography along with the existing AES and SHA standards for symmetric cryptography and hashing.


Sunday, March 6th, 2005

If you’re not at least a little paranoid by the time you finish this class, then I haven’t been doing my job: from our friends at CAIDA comes “Remote physical device fingerprinting.”

Every computer clock has a bit of skew caused by tiny differences in the hardware. This causes the clock to be slightly different from every other clock, and it could be used to uniquely indentify your computer. It turns out that you can measure this skew from almost anywhere on the Internet, even from behind a firewall. Which means that, potentially, your computer can be tracked even if connects to the Internet through different networks…

Paranoid yet?

An Illustrated Guide to Cryptographic Hashes

Wednesday, February 23rd, 2005

I’ve added a link to Steve Friedl’s An Illustrated Guide to Cryptographic Hashes to the course outline. I’ll say about this page what I said about the Kerberos paper: if you have trouble following the book, see if this helps.

Cracking DES

Wednesday, February 23rd, 2005

For the full story on DES, see Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design.

Assignment Update

Tuesday, February 22nd, 2005

I’ve updated the assignment sheet with a more detailed list of guidelines, based on common problems with the first set of summaries. Please take a few moments to read them prior to turning in Assignment 2.

Big Crypto News

Wednesday, February 16th, 2005

From Bruce Schneier’s weblog: SHA-1 has been broken. Two weeks from now we’ll be talking about hash functions. By that time it may be confirmed, and we’ll talk about the implications.

More reading material

Tuesday, February 15th, 2005

I’ve added another article to the March 10 reading on Kerberos: “Designing an Authentication System: a Dialogue in Four Scenes.”

I know, I know, yet more reading; but if you run into trouble while reading Section 14.1, try this article and see if it clears things up.

How to Read Mathematics

Thursday, February 10th, 2005

From the Computer Science Department at Stonehill College: How to Read Mathematics.

Linear and Differential Cryptanalysis Tutorial

Wednesday, February 9th, 2005

On Thursday, we’ll be talking about cryptanalysis. I’ll give you an overview of the linear and differential techniques, but if you want to know more, check out A Tutorial on Linear and Differential Cryptanalysis by Howard M. Keys.

The Two-Page Limit

Wednesday, February 9th, 2005

I received an e-mail asking how firm I intend to be about the two-page limit for Thursday’s assignment.

The short version of the answer is “pretty firm.”

The long version of the answer is that you should consider two pages to be a firm lower limit — go much more than a paragraph under two pages, and you’re not likely to get full credit for having completed the assignment.

The upper limit is slightly more flexible. Take three pages, if you feel like you need the space. But I do not want more than that — I don’t grade by volume. If you can’t get it in three, get some help editing. If you can’t find someone to help you edit, come by during office hours (I am available Wednesday afternoon) and ask for help, or send me e-mail.