A combination of factors unexpectedly kept me away from moderation
duties for a few weeks. I'll be forwarding highlights of the backlog
shortly.
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing
Leichter, Jerry [EMAIL PROTECTED] writes:
I seem to recall some (IBM?) research in which you wore a ring with an RFID-
like chip in it. Move away from your machine for more than some preset time
and it locks. I'm sure we'll see many similar ideas come into use.
There were commercial products
Philipp Gühring wrote:
I had the feeling that Microsoft wants to abandon the usage of client
certificates completely, and move the people to CardSpace instead.
But how do you sign your emails with CardSpace? CardSpace only does the
realtime authentication part of the market ...
It's not
Dan Kaminsky [EMAIL PROTECTED] writes:
For example, the following construction:
Start with an RNG. Retrieve 64K of random data. Assume there might be a
bias somewhere in there, but that at least 256 bits are good. SHA-256 the
data. AES-256 encrypt the data with the result from the SHA-256.
A lot of people seem to agree with what Declan McCullagh writes here:
It's going to make us rethink how we handle laptops in sleep mode and servers
that use
encrypted filesystems (a mail server, for instance).
What I'd like to know is why people weren't already rethinking this
when people
So at the company I work for, most of the internal systems have
expired SSL certs, or self-signed certs. Obviously this is bad.
I know that if we had IT put our root cert in the browsers, that we
could then generate our own SSL certs.
Are there any options that don't involve adding a new root
On Thu, 21 Feb 2008 13:37:20 -0800
Ali, Saqib [EMAIL PROTECTED] wrote:
Umm, pardon my bluntness, but what do you think the FDE stores the
key in, if not DRAM? The encrypting device controller is a computer
system with a CPU and memory. I can easily imagine what you'd need
to build to do
So I recently re-read Lawrence Wright's controversial piece in the
New Yorker profiling Director of National Intelligence Mike McConnell.
(http://www.newyorker.com/reporting/2008/01/21/080121fa_fact_wright)
While the piece's glimpse into the administration's attitudes toward
torture
and
Microsoft recently published the specs for a pile of previously undocumented
or semi-documented protocols and data formats. One of them covers the
atrociously-named Health Certificates, which have nothing to do with
healthcare but are used to indicate compliance of systems with security
policies.
Various browsers (e.g. Firefox and IE) recently implemented the latest fashion
in security, EV certs (already discussed on this list in the past) and
blacklists, neither of which have much effect on phishing but both of which
make great security fashion statements.
Unfortunately, it looks like
Hi Folks,
Does anyone have a review on the upcoming book Modern Cryptanalysis:
Techniques for Advanced Code Breaking by Christopher Swenson?
Thanks,
Aram Perez
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
Dear all,
[Apologies if you get multiple copies of this email.]
Mixmaster 3.0 has been released this week. This is the first major version
release since 2.9, and a continuation of that code, though it incorporates
numerous improvements, feature enhancements, and bug-fixes. It is
recommended that
Hi,
This may be out of the remit of the list, if so a pointer to a more
appropriate forum would be welcome.
In Applied Crypto, the use of padding for CBC encryption is suggested
to be met by ending the data block with a 1 and then all 0s to the end
of the block size.
Is this not introducing a
http://www.dailyprogress.com/servlet/Satellite?pagename=CDP/MGArticle/CDP_BasicArticlec=MGArticlecid=1173354778618path=
The article is not real clear about the level of physical
dissection actually used, but it does appear that progress is
being made on that front as well.
Allen
http://www.physorg.com/news123951684.html
The technique is called EPIC, short for Ending Piracy of Integrated
Circuits. It relies on established cryptography methods and introduces
subtle changes into the chip design process. But it does not affect the
chips' performance or power consumption.
David G. Koontz wrote:
http://www.physorg.com/news123951684.html
Two more articles:
http://arstechnica.com/news.ars/post/20080309-fighting-the-black-market-crypto-locks-for-cpus-other-ics.html
This one has a bit of the technical description
Two papers of interest in evaluating the paper
http://www.eecs.umich.edu/~imarkov/pubs/conf/date08-epic.pdf
EPIC: Ending Piracy of Integrated Circuits
Jarrod A. Roy?, Farinaz Koushanfar? and Igor L. Markov?
?The University of Michigan, Department of EECS, 2260 Hayward Ave., Ann
Arbor, MI
http://computerworld.co.nz/news.nsf/scrt/3FF9713E23292846CC25740A0069243E
The Dutch government has issued a warning about the security of access keys
that are based on the widely used Mifare Classic RFID chip.
The warning comes in a week when two research teams independently
demonstrated hacks
ANNOUNCING: Allmydata.org Tahoe version 0.9
We are pleased to announce the release of version 0.9 of allmydata.org
Tahoe.
Allmydata.org Tahoe is a secure, decentralized, fault-tolerant
filesystem. All of the source code is available under a Free
Software, Open Source licence (or two).
This
Ken Buchanan wrote:
A lot of people seem to agree with what Declan McCullagh writes here:
It's going to make us rethink how we handle laptops in sleep mode and
servers that use
encrypted filesystems (a mail server, for instance).
What I'd like to know is why people weren't already
On Mon, 25 Feb 2008, Ken Buchanan wrote:
Adam Boileau demonstrated finding passwords, but of course we already
know that it's easy to locate cryptographic keys in large volumes of
data (Shamir, van Someren: http://citeseer.ist.psu.edu/265947.html).
This was implemented (in part by some of my
| Hi,
|
| This may be out of the remit of the list, if so a pointer to a more
| appropriate forum would be welcome.
|
| In Applied Crypto, the use of padding for CBC encryption is suggested
| to be met by ending the data block with a 1 and then all 0s to the end
| of the block size.
|
| Is this
Are there any options that don't involve adding a new root CA?
Assuming your sites all use subdomains of your company domain,
a wildcard cert for *.whatever might do the trick. It's relatively
expensive, but you can use the same cert in all your servers.
I would think this would be rather
On Fri, 7 Mar 2008 15:04:49 +0100
COMINT [EMAIL PROTECTED] wrote:
Hi,
This may be out of the remit of the list, if so a pointer to a more
appropriate forum would be welcome.
In Applied Crypto, the use of padding for CBC encryption is suggested
to be met by ending the data block with a 1
[EMAIL PROTECTED] wrote:
So at the company I work for, most of the internal systems have
expired SSL certs, or self-signed certs. Obviously this is bad.
Sorta. TLS gets along with self signed just fine though, and obviously
you can choose to accept a root or unsigned cert on a per-client
25 matches
Mail list logo
