, which are a lot like the
Foolscap references. They are documented at www.erights.org.
Cheers - Bill
---
Bill Frantz| Truth and love must prevail | Periwinkle
(408)356-8506 | over lies and hate. | 16345
to make the same judgements in high security/high risk applications.
Cheers - Bill
---
Bill Frantz|The nice thing about standards| Periwinkle
(408)356-8506 |is there are so many to choose| 16345
Englewood Ave
On 10/9/13 at 7:12 PM, watsonbl...@gmail.com (Watson Ladd) wrote:
On Tue, Oct 8, 2013 at 1:46 PM, Bill Frantz fra...@pwpconsult.com wrote:
... As professionals, we have an obligation to share our
knowledge of the limits of our technology with the people who
are depending on it. We know
On 10/8/13 at 7:38 AM, leich...@lrw.com (Jerry Leichter) wrote:
On Oct 8, 2013, at 1:11 AM, Bill Frantz fra...@pwpconsult.com wrote:
We seriously need to consider what the design lifespan of our
crypto suites is in real life. That data should be
communicated to hardware and software
they can include update in their installation planning.
Cheers - Bill
---
Bill Frantz| If the site is supported by | Periwinkle
(408)356-8506 | ads, you are the product.| 16345
Englewood Ave
www.pwpconsult.com
the cost of the abuse.
Cheers - Bill
-
Bill Frantz| When it comes to the world | Periwinkle
(408)356-8506 | around us, is there any choice | 16345
Englewood Ave
www.pwpconsult.com | but to explore? - Lisa
On 9/30/13 at 4:09 PM, cryptogra...@dukhovni.org (Viktor Dukhovni) wrote:
Just because they're after you, doesn't mean they're controlling
your brain with radio waves. Don't let FUD cloud your judgement.
ROTFLOL!
---
Bill
if the system fails.
Cheers - Bill, NCRC instructor
---
Bill Frantz| If the site is supported by | Periwinkle
(408)356-8506 | ads, you are the product.| 16345
Englewood Ave
www.pwpconsult.com
to be weak to them.
Or NSA could have done what it did with DES and chosen a
construct that didn't have that weakness. We just don't know.
Cheers - Bill
---
Bill Frantz| I don't have high-speed | Periwinkle
(408
not increase the level of user work in cases where there
isn't, in fact, a security problem.
I'm interested in cases where Mailman passwords have been abused.
Cheers - Bill
---
Bill Frantz| If the site is supported
-meta-shift-whoopie which erased the key should the
device be in danger of being captured. And this was a relatively
low security device.
Cheers - Bill
---
Bill Frantz|After all, if the conventional wisdom was
working
judgment based on $$$, Moore's law,
and the speed of DES.
Cheers - Bill
---
Bill Frantz| Privacy is dead, get over| Periwinkle
(408)356-8506 | it. | 16345
Englewood Ave
www.pwpconsult.com
solution I can think of is to audit the output. Look very
carefully at the output of the tool chain, and at the final
piece that loads the configuration data into the device.
Cheers - Bill
---
Bill Frantz|Web
they say they aren't interested
in grandma's cookie recipe. I am, but I like good cookies. :0)
---
Bill Frantz| Privacy is dead, get over| Periwinkle
(408)356-8506 | it. | 16345
Englewood
a indicator of
which methods passed. :-)
Let's add to the list of methods the SSH method of, The same
key used the last time.
I assume users of the CA method would register with the CA in
some maner which would probably cost money. (How the CA
separates me from Bill Frantz, the professional
client, I suspect a reasonable
percentage of people would do it. It is, after all a one time operation.
Cheers - Bill
---
Bill Frantz| If the site is supported by | Periwinkle
(408)356-8506 | ads, you
a $50 limit on my risk from fraud.
Cheers - Bill
---
Bill Frantz| Truth and love must prevail | Periwinkle
(408)356-8506 | over lies and hate. | 16345
Englewood Ave
www.pwpconsult.com
performance
applications to do something like Bill Frantz suggests. It is in the
nature of people in our community to like playing with such things.
Just don't take them *too* seriously please.
Hay, I like playing in the crypto sandbox, and redundancy is a
classic technique. I have seen questions
would have worked too, but the MAC was free. (I
really don't trust my own code very much.)
Cheers - Bill
-
Bill Frantz| The first thing you need when | Periwinkle
(408)356-8506 | using a perimeter defense
safer if the data is also protected with a well-examined
algorithm which does not have those properties.
Cheers - Bill (who has finally caught up with the list)
---
Bill Frantz| Re: Computer reliability, performance
On 9/16/13 at 12:36 PM, leich...@lrw.com (Jerry Leichter) wrote:
On Sep 16, 2013, at 12:44 PM, Bill Frantz fra...@pwpconsult.com wrote:
After Rijndael was selected as AES, someone suggested the really paranoid
should super encrypt with
all 5 finalests in the competition. Five level super
signature
algorithms, sends both, and checks both. I think it meets the
no worse than the best of the two test.
Cheers - Bill
---
Bill Frantz|We used to quip that password is the most common
408-356-8506 | password
/
---
Bill Frantz| Truth and love must prevail | Periwinkle
(408)356-8506 | over lies and hate. | 16345
Englewood Ave
www.pwpconsult.com | - Vaclav Havel | Los Gatos,
CA 95032
___
The cryptography mailing list
cryptography
, there's always AMD.
Cheers - Bill
---
Bill Frantz| gets() remains as a monument | Periwinkle
(408)356-8506 | to C's continuing support of | 16345
Englewood Ave
www.pwpconsult.com | buffer overruns. | Los
to share this with interested parties
via email, but
no posting is allowed on web sites. For a free subscription,
(and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
Cheers - Bill
---
Bill
to find a ceramic
tile store. The paper yellow pages had survived being left in
the driveway in the rain and I used it.
However, I agree that this is the 2% case for many parts of the world.
Cheers - Bill
---
Bill Frantz
to go any further than this.
Cheers - Bill
---
Bill Frantz| I like the farmers' market | Periwinkle
(408)356-8506 | because I can get fruits and | 16345
Englewood Ave
www.pwpconsult.com | vegetables without stickers
for everyone.
Cheers - Bill
---
Bill Frantz| I like the farmers' market | Periwinkle
(408)356-8506 | because I can get fruits and | 16345 Englewood Ave
www.pwpconsult.com | vegetables without stickers. | Los Gatos, CA
target companies...
Cheers - Bill
---
Bill Frantz|After all, if the conventional wisdom was working, the
408-356-8506 | rate of systems being compromised would be going down,
www.periwinkle.com | wouldn't
, but that seems a minor inconvenience.
This kind of device sounds like a fine device for a banking industry
committee to specify.
Cheers - Bill
-
Bill Frantz| Airline peanut bag: Produced | Periwinkle
(408)356-8506
using a
non-deterministic key, then there doesn't seem to be anything obvious wrong
with the approach. (But remember, I'm far from an expert.)
Cheers - Bill
---
Bill Frantz|After all, if the conventional wisdom was working
in their database on a
certain date. Fat chance it will happen.
Cheers - Bill
---
Bill Frantz|Web security is like medicine - trying to do good for
408-356-8506 |an evolved body of kludges - Mark Miller
www.periwinkle.com
if you're not going to lock the key schedule?)
You should probably use the encrypted swap feature on the Mac.
System Preferences - Security - Use secure virtual memory.
Cheers - Bill
---
Bill Frantz| gets() remains
for the first introduction, and something
more robust for subsequent sessions, these attack scenarios would be less
likely.
Cheers - Bill
---
Bill Frantz| gets() remains as a monument | Periwinkle
(408)356-8506 | to C's
. The popularity of the noscript plugin for Firefox means
that perhaps I'm not the only one out in left field.
Cheers - Bill
---
Bill Frantz| gets() remains as a monument | Periwinkle
(408)356-8506 | to C's continuing
bothered. There
is probably safe profit in skimming small amounts from large number of
machines just like there was profit in skimming the round off in payroll
calculations.
Cheers - Bill
-
Bill Frantz| The first thing you
compromising their machines. I could see the operators moving toward
being legitimate security firms, protecting computers against compromise in
exchange for some of the proof of work (POW) money.
Cheers - Bill
-
Bill Frantz
and far between.
Short of building special random number generation hardware, does
anyone have any suggestions for additional sources?
Cheers - Bill
---
Bill Frantz| Barack Hussein Obama, President of the United States.
408
of the CNCI.
Multidisciplinary contributions from organizations with cybersecurity
interests are especially encouraged.
Cheers - Bill
-
Bill Frantz| When it comes to the world | Periwinkle
(408)356-8506
the same way as the real world one has.
Cheers - Bill
-
Bill Frantz| The first thing you need when | Periwinkle
(408)356-8506 | using a perimeter defense is a | 16345 Englewood Ave
www.pwpconsult.com | perimeter
on the basis that they cannot be trusted to
protect themselves adequately.
My 96 year old mother does not have a check book or credit cards.
All her bills are paid through her lawyer's office. QED.
Cheers - Bill
---
Bill Frantz
---
Bill Frantz|We used to quip that password is the most common
408-356-8506 | password. Now it's 'password1.' Who said users haven't
www.periwinkle.com | learned anything about security? -- Bruce Schneier
they don't use it
to track people's trips.
If one were paranoid, one could put a different ID into the
transponder for each trip, and only put the one it was issued with
into it for toll crossings. :-)
Cheers - Bill
---
Bill
securely recognize a
site, we can form our own trust decisions, without the necessity of
involving third parties.
Cheers - Bill
-
Bill Frantz| The first thing you need when | Periwinkle
(408)356-8506 | using a perimeter
-
Bill Frantz| The first thing you need when | Periwinkle
(408)356-8506 | using a perimeter defense is a | 16345 Englewood Ave
www.pwpconsult.com | perimeter. | Los Gatos, CA 95032
-
Bill Frantz| The first thing you need when | Periwinkle
(408)356-8506 | using a perimeter defense is a | 16345 Englewood Ave
www.pwpconsult.com | perimeter. | Los Gatos, CA 95032
-
The Cryptography
/distrib/vattp/index.html
[2] http://www.erights.org/elib/distrib/vattp/SSLvsDataComm.html
---
Bill Frantz| gets() remains as a monument | Periwinkle
(408)356-8506 | to C's continuing support of | 16345 Englewood Ave
. And in all cases,
OSes should give the user more support in making sound decisions.
See for example: http://www.skyhunter.com/marcs/granmaRulesPola.html
Cheers - Bill
-
Bill Frantz| The first thing you need when
from virus scanners.
Cheers - Bill
---
Bill Frantz| I like the farmers' market | Periwinkle
(408)356-8506 | because I can get fruits and | 16345 Englewood Ave
www.pwpconsult.com | vegetables without stickers. | Los
---
Bill Frantz| I like the farmers' market | Periwinkle
(408)356-8506 | because I can get fruits and | 16345 Englewood Ave
www.pwpconsult.com | vegetables without stickers. | Los Gatos, CA 95032
in an exchange can be represented. (A terabit/second is
10**12 bits/second. 32 bits can represent a million seconds at that
data rate. 64 bits can represent much longer data items.)
Cheers - Bill
---
Bill Frantz| gets
---
Bill Frantz| gets() remains as a monument | Periwinkle
(408)356-8506 | to C's continuing support of | 16345 Englewood Ave
www.pwpconsult.com | buffer overruns. | Los Gatos, CA 95032
- Bill
-
Bill Frantz| The first thing you need | Periwinkle
(408)356-8506 | when using a perimeter | 16345 Englewood Ave
www.pwpconsult.com | defense is a perimeter.| Los Gatos, CA 95032
the petname or
trustbar tools to provide the memory that make self-signed certs like
SSH keys.
Cheers - Bill
-
Bill Frantz| The first thing you need | Periwinkle
(408)356-8506 | when using a perimeter | 16345
remaining correct
during maintenance. This level of coupling between caller and callee is
too risky for reliable software.
Cheers - Bill
-
Bill Frantz| The first thing you need | Periwinkle
(408)356-8506 | when using
One issue I have not seen addressed in these contactless payment systems is
the needs of people who carry multiple payment instruments. A simple example
is a personal and a corporate credit card.
Cheers - Bill
-
Bill Frantz
On 9/21/05, [EMAIL PROTECTED] (Nick Owen) wrote:
Interesting question. I know that we can solve it on a
application-enabled cell phone with public keys - each service has only
swapped public keys so you can have any number. Can such a thing be
done on an RFID card too?
Bill Frantz wrote:
One
-
Bill Frantz| The first thing you need | Periwinkle
(408)356-8506 | when using a perimeter | 16345 Englewood Ave
www.pwpconsult.com | defense is a perimeter.| Los Gatos, CA 95032
for System Programming.
Datamation, May 1969. 15(5): p. 68-76. URL:
http://home.nycap.rr.com/pflass/plisprg.htm
Cheers - Bill
---
Bill Frantz| gets() remains as a monument | Periwinkle
(408)356-8506 | to C's
-
Bill Frantz| The first thing you need | Periwinkle
(408)356-8506 | when using a perimeter | 16345 Englewood Ave
www.pwpconsult.com | defense is a perimeter.| Los Gatos, CA 95032
-
The Cryptography Mailing
a good master password, and a site name, and hashes them together to
produce a site-specific password.
Cheers - Bill
-
Bill Frantz| The first thing you need | Periwinkle
(408)356-8506 | when using a perimeter
practitioner skilled in the art
as to be non-patentable (except in the USA, where obviousness is no barrier).
In any case I put it into the public domain.
---
Bill Frantz| gets() remains as a monument | Periwinkle
(408
following a hyperlink, you
need only check that the expected reminder note is being displayed. If so, you
can be sure you are using the same site you have in the past.
Cheers - Bill
-
Bill Frantz| The first thing you need
-
Bill Frantz| There's nothing so clear as a | Periwinkle
(408)356-8506 | vague idea you haven't written | 16345 Englewood Ave
www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
-
Bill Frantz| There's nothing so clear as a | Periwinkle
(408)356-8506 | vague idea you haven't written | 16345 Englewood Ave
www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
-
Bill Frantz| There's nothing so clear as a | Periwinkle
(408)356-8506 | vague idea you haven't written | 16345 Englewood Ave
www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
in transit. I suppose
it also provides some level of security because someone wanting to do a
quick grab from luggage will probably pick a less-secured piece.\
Cheers - Bill
-
Bill Frantz| There's nothing so clear
code to subvert KeyKOS. How do people feel about this form of
argument?
Cheers - Bill
-
Bill Frantz| There's nothing so clear as a | Periwinkle
(408)356-8506 | vague idea you haven't written | 16345 Englewood
- Bill
-
Bill Frantz| There's nothing so clear as | Periwinkle
(408)356-8506 | vague idea you haven't written | 16345 Englewood Ave
www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
, our degree of trust in an HTML should be less, and we
shouldn't trust a Word format renderer at all (thanks to Word Macro
viruses).
At 9:21 PM -0700 9/30/03, Peter Gutmann wrote:
Bill Frantz [EMAIL PROTECTED] writes:
The real problem is that the viewer software, whether it is an editor, PDF
protocols seems to be obvious,
although the inspector part seems to be more ad hoc and community based.
(But there's no building permit either.)
Cheers - Bill
-
Bill Frantz| There's nothing so clear as | Periwinkle
At 8:12 AM -0700 9/27/03, [EMAIL PROTECTED] wrote:
On Fri, 26 Sep 2003, Bill Frantz wrote:
The real problem is that the viewer software, whether it is an editor, PDF
viewer, or a computer language interpreter, runs with ALL the user's
privileges. If we ran these programs with a minimum
would just go away.
See:
http://www.combex.com/tech/edesk.html
http://www.combex.com/papers/darpa-review/index.html
http://www.combex.com/papers/darpa-report/index.html
Cheers - Bill
-
Bill Frantz| There's nothing so
Note that proposals such as Tyler Close's YURL
http://www.waterken.com/dev/YURL/ avoid the issue of trust in the
TTP/CA. As such, I find them attractive whenever they can be used.
Cheers - Bill
-
Bill Frantz| There's
-
Bill Frantz | A Jobless Recovery is | Periwinkle -- Consulting
(408)356-8506 | like a Breadless Sand- | 16345 Englewood Ave.
[EMAIL PROTECTED] | wich. -- Steve Schear | Los Gatos, CA 95032, USA
.
But with a key server, I didn't have to bother Carl to send me my key. Or
depend on him being online when I needed it.
Cheers - Bill
-
Bill Frantz | Due process for all| Periwinkle -- Consulting
(408)356-8506
of PL/I for
the lack of buffer overruns in Multics. However, in the Unix/Linux/PC/Mac
world, a successor language has not yet appeared.
YMMV - Bill
-
Bill Frantz | Due process for all| Periwinkle -- Consulting
77 matches
Mail list logo