Re: On the randomness of DNS
Date: Wed, 30 Jul 2008 21:22:59 +0200 From: Pierre-Evariste Dagand [EMAIL PROTECTED] To: Ben Laurie [EMAIL PROTECTED], cryptography@metzdowd.com Subject: Re: On the randomness of DNS [...] For sure, it would be better if we could check the source code and match the implemented RNG against an already known RNG. [...] So... Download BIND and check. URL is http://www.isc.org/index.pl and select bind 9.5.0-P1 and then select BIND-9.5.0-P1 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[IP] Lauren Weinstein's Blog Update: Public Call for Skype to Release Specifications
- Begin Forwarded Message - From: David Farber [EMAIL PROTECTED] Date: Mon, 12 Sep 2005 15:50:41 -0400 Begin forwarded message: Even more important is the eBay privacy policy... From: David Farber [EMAIL PROTECTED] Date: Mon, 12 Sep 2005 15:53:09 -0400 Begin forwarded message: From: Marc [EMAIL PROTECTED] Date: September 12, 2005 12:24:05 PM EDT To: [EMAIL PROTECTED] Subject: RE: [IP] eBay to Acquire Skype Dave; Can anyone on IP project what sort of US regulatory exposure this will place upon Skype? I have my suspicions, but I would prefer the opinions of those more immersed in the field. Well... Based on eBay's stated privacy policy, this will open up pen tracing to LEOs with just a phone call at the least. At the worst, Skype users will soon be getting new software that allows LEOs to backdoor skype crypto and get free access to those phone calls (also based on eBay's stated privacy policy...) From: [EMAIL PROTECTED] Date: September 12, 2005 1:41:43 PM EDT To: [EMAIL PROTECTED] Subject: Lauren Weinstein's Blog Update: Public Call for Skype to Release Specifications Lauren Weinstein's Blog Update: Public Call for Skype to Release Specifications September 12, 2005 http://lauren.vortex.com/archive/000151.html Greetings. As I noted in a href=http://lists.elistx.com/archives/interesting-people/200509/msg00122.html; a recent IP posting/a, eBay's purchase of the popular Skype VoIP service (now official) leads to new concerns over the proprietary nature of Skype's security and encryption systems, which will now be under the control of an extremely large and powerful corporate entity. For eBay and Skype to have a chance of maintaining the goodwill and trust of Skype users, I call on Skype to forthwith release the specifications and implementation details of Skype's encryption and related technologies. This disclosure should ideally be made to the public, but at a minimum to an independent panel of respected security, privacy, and encryption experts, who can rigorously vet the Skype technology and make a public report regarding its security, reliability, and associated issues. --Lauren-- -- Powered by Movable Type Version 2.64 http://www.movabletype.org/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[IP] China Mandates Closed Security Standard
Of interest to security folks... From Dave Farber's IP list.. - Begin Forwarded Message - Date: Tue, 03 Feb 2004 18:33:18 -0500 From: Dave Farber [EMAIL PROTECTED] China Mandates Closed Security Standard The Wi-Fi Alliance and IEEE were apparently taken by surprise when the Chinese government's regulatory arm announced that only devices that included WAPI (Wired Authentication and Privacy Infrastructure) would be legal to sell in China after Dec. 1, 2003. That was the first most companies and individuals had heard of WAPI, which is a home-grown replacement for the broken WEP (Wired Equivalent Privacy) standard that in the rest of the world is being replaced by WPA (Wi-Fi Protected Access) and IEEE 802.11i (due to be finished in 2004). The Chinese apparently didn't want to wait for WPA or 802.11i, and have mandated WAPI on new equipment. Existing gear doesn't have to be trashed, and companies with contracts to deliver equipment that extended past Dec. 1 were allowed to continue to deliver it. Only a handful of Chinese companies are licensed to include WAPI in their equipment, which may force non-Chinese vendors to partner to continue to sell into a growing market. What's worse, WAPI is confidential. It hasn't been openly discussed or tested, and given the nature of China's monitoring of other forms of communication, it's likely that the standard includes a method for interception of ostensibly encrypted traffic. - Archives at: http://www.interesting-people.org/archives/interesting-people/ - End Forwarded Message - --- Gregory Hicks| Principal Systems Engineer Cadence Design Systems | Direct: 408.576.3609 555 River Oaks Pkwy M/S 6B1 | Fax: 408.894.3400 San Jose, CA 95134 | Internet: [EMAIL PROTECTED] The trouble with doing anything right the first time is that nobody appreciates how difficult it was. When a team of dedicated individuals makes a commitment to act as one... the sky's the limit. Just because We've always done it that way is not necessarily a good reason to continue to do so... Grace Hopper, Rear Admiral, United States Navy - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]