Re: [Cryptography] Why is emailing me my password?
Greg writes: This falls somewhere in the land of beyond-the-absurd. So, my password, iPoopInYourHat, is being sent to me in the clear by your servers. Repeat after me: crypto without a threat model is like cookies without milk. If you are proposing that something needs stronger encryption than ROT-26, please explain the threat model that justifies your choice of encryption and key distribution algorithms. -- --my blog is athttp://blog.russnelson.com Crynwr supports open source software 521 Pleasant Valley Rd. | +1 315-600-8815 Potsdam, NY 13676-3213 | Sheepdog ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Snowden fabricated digital keys to get access to NSA servers?
John Denker writes: It is against NSA policy to attach a thumb drive. I betcha some folks really want to know how he did that without getting caught. Take a mouse. Remove its own electronics. Substitute a Teensy 2 which emulates a mouse AND a thumb drive, but only after a certain combination of mouse keys is pressed. Later, at your leisure, remove the micro-sd card and stick it inside a hollow nickle. Walk out with it. Leave the mouse. Easy-peasy. Trust nothing that plugs into a USB port. Not even an extender cable. -- --my blog is athttp://blog.russnelson.com Crynwr supports open source software 521 Pleasant Valley Rd. | +1 315-600-8815 Potsdam, NY 13676-3213 | Sheepdog ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: Proof of Work - atmospheric carbon
John Levine writes: http://www.taugh.com/epostage.pdf I would also point out that nothing is preventing anyone from implementing their own epostage. Just send your email via a paypal Send Money, accompanied with whatever postage you feel is appropriate. No magic, no standards track epostage, no chicken-and-egg implementation problem, not even any crypto needed. Too boring to actually use, I guess. -- --my blog is athttp://blog.russnelson.com | Delegislation is a slippery Cloudmade supports http://openstreetmap.org/| slope to prosperity. 521 Pleasant Valley Rd. | +1 315-323-1241 | Fewer laws, more freedom. Potsdam, NY 13676-3213 | Sheepdog | (Not a GOP supporter). - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Another Snake Oil Candidate
Damien Miller writes: It protects against the common threat model of lost/stolen USB keys. Remember, crypto without a threat model is like cookies without milk. -- --my blog is athttp://blog.russnelson.com | People have strong opinions Crynwr sells support for free software | PGPok | about economics even though 521 Pleasant Valley Rd. | +1 315-323-1241 | they've never studied it. Potsdam, NY 13676-3213 | Sheepdog | Curious how that is! - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Another Snake Oil Candidate
Dave Korn writes: So by your exacting standards, PGP, gpg, openssh, in fact basically _everything_ is snake oil. No. In fact Aram is saying nothing of interest. Cryptography without a threat model is like motherhood without apple pie. Can't say that enough times. More generally, security without a threat model is by definition going to fail. -- --my blog is athttp://blog.russnelson.com | People have strong opinions Crynwr sells support for free software | PGPok | about economics even though 521 Pleasant Valley Rd. | +1 315-323-1241 | they've never studied it. Potsdam, NY 13676-3213 | Sheepdog | Curious how that is! - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Training your customers to be phishing victims, part umpteen.
Perry E. Metzger writes: The following is a real email, with minor details removed, in which J.P. Morgan Chase works hard to train its customers to become phishing victims. And no DomainKeys cryptographic signature?? You're right - for shame! -- --my blog is athttp://blog.russnelson.com | You can do any damn thing Crynwr sells support for free software | PGPok | you want, as long as you 521 Pleasant Valley Rd. | +1 315-323-1241 | don't expect somebody else Potsdam, NY 13676-3213 | Sheepdog | to pick up the pieces. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: NSA knows who you've called.
[EMAIL PROTECTED] writes: You and I are in agreement, but how do we get the seemingly (to us) plain truth across to others? I've been trying for a good while now, reaching a point where I'd almost wish for a crisis of some sort as persuasiveness is not working. We are probably well off-topic for this list. First they came for the terrorists, and I said nothing because I wasn't a terrorist. Then they came for my phone calls, and I said nothing because I had nothing to hide. Then they came for the cryptographers, and I said nothing because I coulldn't even spel the word. Now I can't hide anything. -- --my blog is athttp://blog.russnelson.com | Microsoft as wall, Crynwr sells support for free software | PGPok | OSI are the sappers. 521 Pleasant Valley Rd. | +1 315-323-1241 | Walls fall stone by stone Potsdam, NY 13676-3213 | Sheepdog | - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]