Bruce Schneier

Learn More
The New Books and Multimedia column contains brief descriptions of new books in the computer communications field. Each description has been abstracted from the publisher's descriptive materials, minus most of the advertising superlatives, after this material has been checked for accuracy against a copy of the book. Publishers wishing to have their books(More)
We improve the best attack on Rijndael reduced to 6 rounds from complexity 2 to 2. We also present the first known attacks on 7and 8-round Rijndael. The attacks on 8-round Rijndael work for 192bit and 256-bit keys. Finally, we discuss the key schedule of Rijndael and describe a related-key attack that can break 9-round Rijndael with 256-bit keys.
Twofish is a 128-bit block cipher that accepts a variable-length key up to 256 bits. The cipher is a 16-round Feistel network with a bijective F function made up of four key-dependent 8-by-8-bit S-boxes, a fixed 4-by-4 maximum distance separable matrix over GF(2), a pseudo-Hadamard transform, bitwise rotations, and a carefully designed key schedule. A fully(More)
In many real-world applications, sensitive information must be kept it log files on an untrusted machine. In the event that an attacker captures this machine, we would like to guarantee that he will gain little or no information from the log files and to limit his ability to corrupt the log files. We describe a computationally cheap method for making all(More)
In many real-world applications, sensitive information must be kept in log files on an untrusted machine. In the event that an attacker captures this machine, we would like to guarantee that he will gain little or no information from the log files and to limit his ability to corrupt the log files. We describe a computationally cheap method for making all(More)
The SSL protocol is intended to provide a practical , application-layer, widely applicable connection-oriented mechanism for Internet client/server communications security. This note gives a detailed technical analysis of the cryptographic strength of the SSL 3.0 protocol. A number of minor aws in the protocol and several new active attacks on SSL are(More)
We provide a second preimage attack on all n-bit iterated hash functions with Damgard-Merkle strengthening and n-bit intermediate states, allowing a second preimage to be found for a 2-messageblock message with about k× 2 + 2n−k+1 work. Using SHA1 as an example, our attack can find a second preimage for a 2 byte message in 2 work, rather than the previously(More)