William Allen Simpson [EMAIL PROTECTED] writes:
My requirements were (off the top of my head, there were more):
4) an agreed algorithm for generating private keys directly from
the passphrase, rather than keeping a private key database.
Moving folks from laptop to desktop has
It is often useful to include some information associated with a signature
that is not in the hashed portion. There are several reasons for this.
First, some information is not security critical and there is no reason
to hash it. Second, some such information may be subject to change and
Can someone provide or point to a list of tokens which support the
PKCS-11 ("Cryptoki" interface? TIA!
A common misconception about the PGP web of trust is that trust flows
through the web along the signatures. Actually, PGP's trust model is
founded on the principle that "trust isn't transitive". A signature
is never trusted in PGP unless the user has explicitly indicated that
he personally
William Rowden writes:
In the tempting-but-wrong category, one could include samples of the
insecure systems that result when programmers with no cryptanalysis
background create their own cryptographic algorithms.
Yes, and let us hope that Michael Paul Johnson resists the temptation to
plug
Peter Gutmann writes:
The reason why revocation checking is disabled by default is a pragmatic
one, in practice it acts as a "Delay processing each message by a minute
or two" facility (or at least it did a year or so back), so by disabling
it by default the vast masses (who don't know or
James Donald writes:
What is wrong with the original solution proposed in my original
article, http://www.jim.com/jamesd/kong/anon_transfer.htm
The client uses an existing used coin for blinding the newly created
coin, preferably a coin that he got from someone else, not a coin
issued to
Ben Laurie wrote:
lcs Mixmaster Remailer wrote:
This is powerful writing, but one can't escape the thought that making
his advanced technology available on a non-exclusionary basis would be
a significant first step in bringing about this desirable outcome.
I wrote to Brands about free
Stefan Brands' thesis finally came yesterday from Fatbrain, almost two
months after ordering. His techniques are very powerful and interesting,
but unfortunately patented and hence of no practical value for anyone
other than the one licensee. How different the world might be if he
and Chaum had
At 10:16 AM 02/23/2000 -0800, Bill Stewart writes:
At 10:14 PM 02/21/2000 -0800, Greg Broiles wrote:
4759063 Blind signature systems (19 Jul 2005)
4529870 Cryptographic identification, financial transaction, and credential
device (16 Jul 2002)
Interesting - I wonder how much of the
According to Zero Knowledge Systems
http://www.zeroknowledge.com/media/pressrel.asp?rel=0000:
RENOWNED CRYPTOGRAPHER DR. STEFAN BRANDS JOINS ZERO-KNOWLEDGE SYSTEMS;
COMPANY GAINS EXCLUSIVE RIGHTS TO HIS SUITE OF PRIVACY PATENTS
Leading Internet privacy and identity-management
Russell Nelson writes:
Nobody's mentioned the possibility of an encryption system which
always encrypts two documents simultaneously, with two different keys:
one to retrieves the first (real) document, and the second one which
retrieves to the second (innocuous) document.
This idea has been
On Wed, 2 Feb 2000, Martin Minow wrote:
http://www.cryptography.com/intelRNG.pdf.
The one problem I have with the RNG, based on my reading of the
analysis, is that programmers cannot access the "raw" bitstream,
only the stream after the "digital post-processing" that converts
the
Lucky Green writes:
Your post is the third or forth post I have seen in the last year that
claims that Paul concluded that Intel's RNG outputs strong random numbers.
Such as when they said (http://www.cryptography.com/intelRNG.pdf):
Cryptographically, we believe that the Intel RNG is
It may not have been mentioned here, but Intel has
released the programmer interface specs to their RNG, at
http://developer.intel.com/design/chipsets/manuals/298029.pdf.
Nothing prevents the device from being used in Linux /dev/random now.
As for the concerns about back doors, the best
The basic notion of stego is that one replaces 'noise' in a document with
the stego'ed information. Thus, a 'good' stego system must use a crypto
strategy whose statistical properties mimic the noise properties of the
carrying document. Our favorite off the shelf crypto algorithms do *not*
For example, it's possible that this email was written by a political
prisoner in a 3rd world country and he's used steganography to conceal a
message to his friends and family right here in these 3 paragraphs. My
question is, without prior agreement or access to an outside channel, how
are
The problem with Steganography is that there's basically no way to
clue people in to it's location without clueing everyone into it.
That's not a problem. By definition, successful steganography
is undetectable even when you know where to look. Otherwise the
steaganography has failed.
Carl Ellison writes:
The Bloomberg attack didn't require connection hijacking. All that attacker
did was post a newsgroup message with a URL in it.
This is presumably a reference to the incident described in
http://news.cnet.com/news/0-1005-200-341267.html, where a PairGain
employee
Lucky Green [EMAIL PROTECTED] writes:
Over the years, using Wei Dai's term Pipenet (or Pipe-net, as it was spelled
originally) has firmly been established as denotating an anonymous IP
network that uses constant or otherwise data independent "pipes" between the
nodes of the network. Since
THE TRUTH ABOUT ENCRYPTION
Cambridge University cryptography expert Ross Anderson says governments'
efforts to keep encryption technology out of the hands of criminals and
terrorists is misguided: "If I were to hold a three-hour encrypted
conversation with someone in the Medellin drug
21 matches
Mail list logo