as reported on Good Morning Silicon Valley:
Researchers from UC Berkeley and private security firm Zero-Knowledge
Systems have uncovered a means of disrupting the Wired Equivalent Privacy
(WEP) algorithm, an important part of the 802.11 corporate standard for
wireless computer networks. While
The 'History Channel' cable TV network will air a show about the NSA
tomorrow night January 8, at 8 pm Eastern. Their website says this about
it:
America's Most Secret Agency
The National Security Agency, America's most secret and controversial
agency, is charged with safeguarding the nation's
From ZDNet Asia (last week):
http://www.zdnetasia.com/news/dailynews/story/0,210021,20072964,00.htm
Unbreakable cryptographic communication made possible
26 September 2000
Mitsubishi has successfully realized quantum cryptographic communication
systems as a security system.
TOKYO -
This (rather long) message was posted to the Internet Societal Task Force
(ISTF) discussion list. The ISTF has recently formed a workgroup on
privacy and security which is referred to as PAPSPI. Some of the material
discussed at the symposium on surveillance might be of interest to this
list.
The Council of Eurpoe has released a draft of its cybercrime treaty. The
idea here is to get signatory nations to adopt similar laws as their own
national laws. A news article I read states that the treaty would
criminalize some forms of security testing and analysis.
One provision would
From zdnet.com:
http://www.zdnet.com/zdnn/stories/news/0,4586,2625758,00.html?chkpt=zdhpnews01
Not much available on American Express's website, other than a signup form
to give them your email address so they can send you info on when it is
available.
Security fix: Disposable credit cards?
On Tue, 5 Sep 2000, David Honig wrote:
If you have a secure channel to exchange a passphrase in,
you have no need for PK.
Public key allows digital signatures, which a secure channel for key
exchange doesn't provide. Two parties may choose to use symmetric
encryption for exchanging
There are also existing applications like the time stamper in England,
automated keyservers, mailer add-ins, and anonymous remailers which use
the 2.x formats, so the 'installed base' is more than just individual
users.
The point about old computers is particularly apt, and there are
mini-OSes
In that thread about calling RSA by another name,
William Allen Simpson [EMAIL PROTECTED], wrote:
| Note that somebody is claiming patents on RIPEMD and SHA1, among many
| other problems. I suppose that I shouldn't be surprised. (heavy sigh)
FIPS 180-1 states:
| Patents: Implementations of
From Edupage 28 Jul:
WARRANTS FOR ONLINE DATA SOAR
The federal government has rapidly escalated its seizure of U.S.
citizens' online data in recent years, according to a new study
conducted by USA Today. The results of the study, which show
that the number of search warrants issued for online
On Sat, 29 Jul 2000, Rich Salz wrote:
If the US federal government owns this algorithm, then it can't be
patented.
I'm not sure if you are referring to SHA1 in particular, or in general.
While I don't know about SHA-1, the US Government *can* own patents.
For example, here's one
another GMSV news item:
In the aftermath of the recent publication of a paper suggesting that
digital currency may well render central banks obsolete, a group of
economists have stepped forward to argue that such a thing will never
happen. Why? As the Economist puts it: "Cash leaves no
On Sun, 25 Jun 2000, Don Davis wrote:
i'm sorry, but this is a foolish complaint. their specialty
is as demanding as ours; why demand that they should master
our specialty, when we make no effort to master theirs, and
'You may abuse a tragedy, though you cannot write one. You may scold a
On Fri, 23 Jun 2000, William Allen Simpson wrote:
. . . .
Surprise! Many consumers comparison shop on-line, but quit before
purchasing, making their final purchase at a later time in a
conventional manner. Vendors are now permitted another new fee for
"withdrawal of consent".
-BEGIN PGP SIGNED MESSAGE-
from the documentation for GnuPG:
http://www.gnupg.org/gph/en/pgp2x/t1.html
| Note: Using the extension modules idea.c and rsa.c without licensing the
| patented algorithms they implement may be illegal. I do not recommend
| you use these modules. If you have
For purposes of clarification, the proposed federal law deals with
'electronic signatures' defined as:
| (5) ELECTRONIC SIGNATURE.-- The term electronic signature means an
| electronic sound, symbol, or process, attached to or logically
| associated with a contract or other record and
]
To: "P.J. Ponder" [EMAIL PROTECTED]
Subject: Re: RFC 2828 on Internet Security Glossary (fwd)
There is a new Internet Draft entitled 'Internet Security Glossary' which
defines terms and provides references.
The RFC is part of the IETF PKIX working group; revisions and comments are
There is a new Internet Draft entitled 'Internet Security Glossary' which
defines terms and provides references. One purpose of the new glossary is
to harmonize usage within Internet standards documents. See end of
message for the URL.
related to the recent discussion on defining 'forward
European Union sets free export of encryption products
Jelle van Buuren 22.05.2000
EU sets encryption free, USA protest
The European ministers of Foreign Affairs are expected to decide monday to
lift all barriers to the export of encryption software to countries
outside the European Union.
Microsoft is funding an initiative at Xerox's Palo Alto Reseach Center on
digital rights management. Lots of press hype available at their sites.
They are touting an 'open' standard initiative called XrML, which is an
attempt to harmonize digital rights syntax. There is a lengthy web form
from the RFC distribution list:
A new Request for Comments is now available in online RFC libraries.
RFC 2792
Title: DSA and RSA Key and Signature Encoding for the
KeyNote Trust Management System
Author(s): M. Blaze, J. Ioannidis, A. Keromytis
Would this work? Maybe it's too simple.
1. A sends B an encrypted file.
2. Sometime later, A sends B the decryption key.
I haven't had a chance to read all the links listed here, yet, due to the
press of other matters.
It does sound like an interesting problem, which may depend on a
Beijing slammed over encryption
---
A United States Congressman has criticised new encryption regulations
released by Beijing, calling them a major invasion of privacy against
computer users worldwide, including US citizens.
On Tue, 25 Jan 2000, Rick Smith wrote:
. . . .
For example, many stego implementations involve embedding data in the low
order bits of a graphical image. Those low order bits undoubtedly have some
measurably non-random statistical properties. Once we replace those bits
with data, the bits
I think this is a security model issue. Steganography is useful if there
is some out of band communication ahead of time. If there is no way to
let the receiving party know that he or she will be receiving a hidden
message, and how to retreive it, then steganography isn't useful. Without
the
By 1970-71 the US Air Force was testing its own facilities for emanations,
and as a low grade enlisted person with a Top Secret/Crypto clearance, I
was allowed to see the results of a test conducted against a facility
where I worked. The site used KY-8's and KY-28's, and we thought we were
very
On Tue, 23 Nov 1999, Robert Hettinga wrote:
(quoting an article in the _The Standard_ by Keith Perine)
. . . .
For years, the U.S. government, led by FBI director Louis Freeh, has argued
that the U.S. must keep a tight lid on the export of data-scrambling
products that guard information
Bruce Schneier noted in the latest 'Crypto-Gram' a paper on key sizes
written by Arjen Lenstra and Eric Verheul:
http://www.cryptosavvy.com
The paper explains the methods used to arrive at various estimates.
One interesting note is the expected weakness of the US Digital Signature
Standard
On Fri, 17 Sep 1999, Robert Hettinga wrote:
skipping over the Industrial Revolution and the Louisiana Purchase
We must also recognize the inherent security risks posed by the
spread of and dependence on "open systems" and ready accessibility.
The Defense Department's situation is
On Fri, 17 Sep 1999, Greg Broiles wrote:
. . . .
What scares me is the possibility that there won't even be an argument
about whether or not a particular clump of ciphertext decodes to a
particular bit of plaintext because I don't think it'll be possible to
cross-examine prosecution
On Thu, 9 Sep 1999, Adam Back wrote:
This general area of discussion -- software modification
authentication -- is a bit fuzzy: if you can modify the software you
can patch out the check of the signature (a correctly placed NOP is
known to do it).
One of the things SET had right was
*
Edupage is a service of EDUCAUSE, an international nonprofit
association dedicated to transforming education through
information technologies.
*
. . . .
PANEL VOTES TO RESTRICT SCRAMBLING
On Wed, 2 Jun 1999 [EMAIL PROTECTED] wrote:
We are investigating the use of public key certificates, either x509, SPKI
or other, to establish trust among two `strangers` (parties without a prior
long term relationship). We will appreciate any feedback, and are looking
forward to serious
The Hushmail website (https://www.hushmail.com/) notes that the service
was reviewed by security experts and it seems at first glance to have some
interesting features. Source code for the Java is available for review,
too.
Any views on this?
tech overview:
From NewsScan, which is sort of a follow-on thing from the people who used
to do Edupage (John Gehl Suzanne Douglas):
. . . .
ARCOT PLANS TO OUTSMART SMART CARDS
Internet startup Arcot Systems is advocating a new approach to buying over
the Internet. Arcot's software authenticates
35 matches
Mail list logo