Re: Was anybody actually able to watch the Crypto2009 video cast?

On Aug 19, 7:36 pm, "Dave -Turner" <ad...@xxxxxxxxx> wrote:
re:http://qtss.id.ucsb.edu/crypto2009/rump.sdp

I tried with several viewers including Realplayer which should've had no
problems, but was unable to watch any of the Crypto2009 Rump session, and a
few other sci.crypt'ers reported the same result.

Was anybody actually able to watch it???

I posted the following on the cryptography mailing list:

Target collisions for MD5 can be calculated in seconds on a laptop,
based on just a small change in the first block of input. There was
also a semi-successful demo of MD5 certificate problems; you could
join the special wireless network, and any https connection would be
silently proxied using the fake CA certificate generated a few
months
ago. (You had to set your clock back to 2004, though, since the CA
certificate was intentionally generated to be long expired).

The SHA-1 attack complexity of 2^52 was a correct improvement to an
incorrect result. Don't currently have an accurate estimate; IIUC
it's
bounded above by 2^56.

The related-key attacks on AES have been extended to AES-192, and
also
to some sort of non-standard AES-128, but it wasn't clear to me what
it was that they did. AES-128 as standardized is still (and likely
to
remain) safe.

The National Museum of Computing (at Bletchley Park in England) is
doing interesting stuff, but is still starved for cash. There is a
501(c)3 you can donate to for tax deductibility and corporate
matching, if people want to donate.

Don't run algorithms on secret data in the cloud; it's not too
difficult for an attacker to get themselves assigned to the same
machine and use timing/cache attacks to recover your keys.

(At that point I was tired and inebriated and left.)

Greg.
.

Relevant Pages

  • Re: On Bushs Watch, Two Americans Killed, Scores Injured In Terrorist Attacks
    ... Under President-Elect HUSSEIN's watch, ... Scores Injured in Terrorist Attacks ... MUMBAI, India -- The bodies of five hostages have been found at ... a Jewish center in Mumbai, according to reports, and fighting still ...
    (alt.politics.bush)
  • Re: MD5 crack for digital certificates
    ... Message hash computed (in this instance using MD5) ... Message hash appended to certificate. ... against three distinct types of attacks: ...
    (Pen-Test)
  • Re: Server authentication
    ... I'm trying to figure out just what types of attacks would work if you allow ... subvert everything BUT the requirement for a certificate / hostname match -- ... up server authentication, then SSL/TLS still provides great security against ... This secondary authentication is performed ...
    (microsoft.public.platformsdk.security)
  • Re: OLN Live Broadcast Not Live?
    ... At one point Phil talked about the two attacks, in the 3 man break,that happened during the break. ... If you can watch the TV and your PC, you could figure out whether the broadcast is delayed. ... Or you could listen to Eurosport and watch OLN at the same time. ...
    (rec.bicycles.racing)
  • Re: Terminal Services over a VPN
    ... It's been quite a while since my Windows 2000 Server classes. ... Or do I/we have to use someone like Verisign to generate the certificate? ... Attacks (active attacks that allow an attacker who can alter data on the connection between server and client to completely intercept data on the connection). ...
    (microsoft.public.windows.terminal_services)