- Payer-anonymous micropayments
- Using pseudorandomness without sacrificing forward secrecy
- Discrete log bit security
- Uniform security for Diffie-Hellman key exchange
- Blinding Diffie-Hellman
- Statistically distinguishing two random sources
- Detecting Clipper backdoors
- Comments on Digicash's ecash scheme, and some clarifications: [2] [3]
- PhD programs in cryptography
- Random mappings (beware: some errors found!)
- Entropy measures
- Combining ciphers
- Fair coin flips by phone
- Asking
about
**crypt(3)**, and later answering my own question with a collision in**crypt(3)**; see also this note. - Fixed points of DES
- ECB o CFB = CBC: a note on modes of encryption
- The paranoid spy: optimal solutions to a secret-sharing problem (beware: slight bugs found near the end)
- A possible entropy crunching algorithm
- Techniques for fast distributed/parallel modular exponentiation
- Loss of entropy due to iteration of a hash function
- Truncation attacks on Hash-then-Encrypt (for CBC mode encryption)
- Attacks on Hash-then-Encrypt (for stream cipher encryption)
- The need for MACs
- Encrypt-then-Authenticate explained
- Use AES, not Twofish

- S-1
- RC4 weak keys
- Colston's stream cipher
- NSEA (beware; some errors found)
- ZAES
- DES with independent keys
- Triple DES
- Executing encrypted code
- Extended-width-DES CBC-MAC
- Hashing with SL_2
- Variable size block ciphers
- Efficiently iterable hash functions
- The man-in-the-middle meets voice encryption
- Two LCPRNGs
- Factoring with a hint, and an earlier post
- Comments on using discrete logs in GF(p^2), i.e. Lucas sequences
- Breaking CBC when the key is used as IV
- Breaking PCBC when the key is used as IV
- HexaDES (a widened triple-DES variant) broken
- Cryptanalysis of des|tran|des|tran|des, Carl Ellison's 3-DES variant (note that a more general attack has been found by Paul Crowley)
- Cryptanalysis of CISCO's "Private Link" encryption protocol, as used in CISCO PIX routers
- Pitfalls when extending hash functions
- Speeding up dictionary attacks on MS Chap v2
- Time-space tradeoffs in attacking 40-bit versions of MS Chap v2
- Weaknesses in the WAP forum's WTLS protocol
- Weaknesses in ciphers that use a variable number of rounds

- Exploiting security holes via the Web
- Endpoint security
- Netscape hole, and more explanation
- Weak RNG in Netscape
- Weakness in the Netware RNG?
- A weakness in Lan Manager password security
- A setuid nobody shell
- Using ptrace for good and for evil

- A,B,C combinatorics
- Spaced objects
- Prime sequences
- A problem similar to difference sets (with applications to differential cryptanalysis) mostly solved

- Postscript -> ascii translator
- Passing file descriptors between processes, and some responses
- Interactive rsh
- Process tracing and system call interposition