At 05:39 AM 5/27/00, Steven M. Bellovin wrote:
That's tricky, too, since the Constitution provides the *defense* with
a guarantee of open trials. At most, there are laws to prevent
"greymail", where the defense threatens to reveal something sensitive.
In that case, the judge reviews its
Tabanelli [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED] [EMAIL PROTECTED]; John Young [EMAIL PROTECTED]
Date: martedì 30 maggio 2000 5.55
Subject: Re: NSA back doors in encryption products
Sergio Tabanelli wrote:
Maybe this is not so important, but I have to repeat that in W2K OS the
NSAKEY is still
IIRC, Technically, it won't catch use of Carmichael numbers, but
there aren't a lot of those.
In the same sense that there aren't a lot of integers, yes.
Message-
From: John Young [EMAIL PROTECTED]
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
Date: venerdì 26 maggio 2000 14.09
Subject: Re: NSA back doors in encryption products
Duncan Campbell has provided his latest exchanges with
Microsoft on the NSA_key, which Microsoft has now refused
to continue (see
At 8:39 AM -0400 5/27/2000, Steven M. Bellovin wrote:
In message v04210109b5531fa89365@[24.218.56.92], "Arnold G.
Reinhold" writes:
o There is the proposed legislation I cited earlier to protect these
methods from being revealed in court. These are not aimed at news
reports (that would never
At 02:39 PM 5/26/00 -0500, Jim Choate wrote:
No, you don't. Sign the source and binaries.
And you trust the software that verifies the signatures why?
At 05:54 AM 5/27/00 +0100, Ben Laurie wrote:
David Honig wrote:
Yes but *once* you've verified the RTL (and from them the masks)
you don't have to worry about some stray applet hosing your security.
You do with software.
Errr ... you do with an FPGA, surely?
Yep. By definition,
... I cannot conceive that the NSA or some even blacker
agency of the US intelligence community has not obtained a complete set
of source code for all major releases and upgrades of Windows and
NT/2000 and probably many major MS applications.
He's right, and not just for Windows...
Under
In message v04210109b5531fa89365@[24.218.56.92], "Arnold G. Reinhold" writes:
At 11:17 AM -0500 5/25/2000, Rick Smith wrote:
o There is the proposed legislation I cited earlier to protect these
methods from being revealed in court. These are not aimed at news
reports (that would never get
At 11:17 AM -0500 5/25/2000, Rick Smith wrote:
As usual with such discussions, lots of traffic hides substantial amounts
of agreement with touches of disagreement.
Agreed. Let me summarize what I am trying to say. Then maybe it is
time to move on.
1. I think citizen access to strong
At 02:08 PM 05/24/2000 +0100, Ben Laurie wrote:
John Gilmore wrote:
Anybody tested the primes in major products lately?
Interesting point ... of course, these days one can produce checkable
certificates of primality - but I'm not aware of any free software to do
it ... is there any?
There's
On Wed, May 24, 2000 at 04:09:45PM -0500, Rick Smith wrote:
The problem is that you're talking about finding some people with top-notch
software development skills that can believably be inserted into Microsoft
under deep cover. They'd have to be able to pursue their backdoor
installation
On Wed, May 24, 2000 at 04:09:45PM -0500, Rick Smith wrote:
Before continuing, let me state my three opinions that this is based on:
1) There is a non-zero risk of backdoors in commercial software, but the
perpetrators are as likely (IMHO more likely) to be outside parties and not
US
In article [EMAIL PROTECTED],
John Gilmore [EMAIL PROTECTED] wrote:
I have a well-founded rumor that a major Silicon Valley company was
approached by NSA in the '90s with a proposal to insert a deliberate
security bug into their products. They declined when they realized
that an allegation
At 06:42 PM 05/24/2000 -0500, Jim Choate wrote:
On Wed, 24 May 2000, Eugene Leitl wrote:
Rick Smith writes:
If NSA/MS are not doing it, they must be pretty stupid, because I'd do
it in their place. The prudent assumption is hence: your online system
can't be completely trusted, whether
At 09:12 AM 05/25/2000 -0700, David Honig wrote:
Your data still goes through an operating system, etc., so the
real issue is a closed system: encrypt on a PDA which is under your
close personal control and does not download new executables. Let your
untrustworthy networked-PC be merely its
From: "Minow, Martin" [EMAIL PROTECTED]
Jim Choate writes:
Bull, the hardware companies aren't any more trustworthy.
I've been recommending the Dallas Semiconductor "iButton"
http://www.ibutton.com for secure storage. The Java version
also lets you implement your own on-chip algorithms so
John Gilmore wrote:
Anybody tested the primes in major products lately?
Interesting point ... of course, these days one can produce checkable
certificates of primality - but I'm not aware of any free software to do
it ... is there any?
Is it time for the Campaign for Real Primes[1]?
Cheers,
At 03:48 PM 05/23/2000 -0700, John Gilmore wrote:
Rick Smith wrote:
If the NSA approaches Microsoft to acquire their support of NSA's
surveillance mission, then the information will have to be shared
with a bunch of people inside Microsoft, and they're not all going
to keep it secret.
Two
Enzo Michelangeli wrote:
- Original Message -
From: Ben Laurie [EMAIL PROTECTED]
To: John Gilmore [EMAIL PROTECTED]
Cc: Rick Smith [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Wednesday, May 24, 2000 9:08 PM
Subject: Re: NSA back doors in encryption products
At 03:48 PM 5/23/00 -0700, John Gilmore wrote:
... I have a well-founded rumor that a major Silicon Valley company was
approached by NSA in the '90s with a proposal to insert a deliberate
security bug into their products. They declined when they realized
that an allegation of the bug NSA wanted
In message 001a01bfc599$355fc440$31cf54ca@emnb, "Enzo Michelangeli" writes:
John Gilmore wrote:
Anybody tested the primes in major products lately?
Interesting point ... of course, these days one can produce checkable
certificates of primality - but I'm not aware of any free software to
Enzo Michelangeli noted some primality checking software:
CERTIFIX is an executable for Win95, Win98, NT (hardware Intel
compatible).
And Ben Laurie wrote:
'nuff said!
Of course, this increases the size of the conspiracy at Microsoft -- if you
have anti-backdoor code, then Microsoft needs
John Gillmore wrote:
Turning down the offer on verifiability grounds left them wondering
whether they really would have done it if it'd been possible to keep
the whole thing secret. The quid pro quo offered by NSA would be that
their products would have no trouble getting through the (at the
Before continuing, let me state my three opinions that this is based on:
1) There is a non-zero risk of backdoors in commercial software, but the
perpetrators are as likely (IMHO more likely) to be outside parties and not
US agencies like NSA.
2) A persistent backdoor in Windows would have to
On Wed, 24 May 2000, Eugene Leitl wrote:
Rick Smith writes:
If NSA/MS are not doing it, they must be pretty stupid, because I'd do
it in their place. The prudent assumption is hence: your online system
can't be completely trusted, whether OpenSource, or not. Encryption
should be done in
Rick Smith wrote:
If the NSA approaches Microsoft to acquire their support of NSA's
surveillance mission, then the information will have to be shared
with a bunch of people inside Microsoft, and they're not all going
to keep it secret.
Two people in Microsoft would need to know. Bill Gates,
27 matches
Mail list logo
