Learn More
The New Books and Multimedia column contains brief descriptions of new books in the computer communications field. Each description has been abstracted from the pub-lisher's descriptive materials, minus most of the advertising superlatives, after this material has been checked for accuracy against a copy of the book. Publishers wishing to have their books(More)
The SSL protocol is intended to provide a practical , application-layer, widely applicable connection-oriented mechanism for Internet client/server communications security. This note gives a detailed technical analysis of the cryptographic strength of the SSL 3.0 protocol. A number of minor flaws in the protocol and several new active attacks on SSL are(More)
Twofish is a 128-bit block cipher that accepts a variable-length key up to 256 bits. The cipher is a 16-round Feistel network with a bijective F function made up of four key-dependent 8-by-8-bit S-boxes, a fixed 4-by-4 maximum distance separable matrix over GF(2 8), a pseudo-Hadamard transform, bitwise rotations, and a carefully designed key schedule. A(More)
In many real-world applications, sensitive information must be kept it log files on an untrusted machine. In the event that an attacker captures this machine, we would like to guarantee that he will gain little or no information from the log files and to limit his ability to corrupt the log files. We describe a computationally cheap method for making all(More)
T he information security literature is filled with risk pathologies, heuristics that we use to help us evaluate risks. I've collected them from many different sources. When you look over the list of exaggerated and downplayed risks in the table here, the most remarkable thing is how reasonable so many of them seem. This makes sense for two reasons. One,(More)