On 7/10/10 11:19 AM, Perry E. Metzger wrote:
ATT debuts a new encrypted voice service. Anyone know anything about
it?
http://news.cnet.com/8301-13506_3-20018761-17.html
(Hat tip to Jacob Applebaum's twitter feed.)
JavaScript needs to be enabled:
On 28/09/10 1:26 AM, Perry E. Metzger wrote:
From the New York Times, word that the Obama administration wants to
compel access to encrypted communications.
http://www.nytimes.com/2010/09/27/us/27wiretap.html
Someone should beat up the FBI for using specious arguments:
But as an example,
http://www.boingboing.net/2010/09/27/obama-administration.html
A good first point of interest clearinghouse site for the issue can be found
on Boing Boing.
It points to a Green Greenwald article on Salon and the ACLU.
There's also a nice piece at the Cato Institute
On 14/09/10 3:58 PM, John Gilmore wrote:
http://arstechnica.com/business/news/2010/09/intels-walled-garden-plan-to-put-av-vendors-out-of-business.ars
In describing the motivation behind Intel's recent purchase of McAfee
for a packed-out audience at the Intel Developer Forum, Intel's Paul
On 18/08/10 3:46 AM, Peter Gutmann wrote:
Alexander Klimov alser...@inbox.ru writes:
Each real-time check reveals your interest in the check. What about privacy
implications?
(Have you ever seen a PKI or similar key-using design where anyone involved in
speccing or deploying it genuinely
What looks like to be an applicable paper. Not the same set of authors as
the earlier reference to USENIX.
Experimental Security Analysis of a Modern Automobile
Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, and
Tadayoshi Kohno
Department of Computer Science and Engineering
http://arstechnica.com/tech-policy/news/2010/08/after-spyware-failed-uae-gives-up-and-bans-blackberries.ars
By John Timmer
Discussing in general terms RIM's Blackberry email server connections to
their servers in Canada's encryption resistance to United Arab Emirates
monitoring efforts when used
Jerry Leichter wrote:
On Nov 8, 2009, at 2:07 AM, John Levine wrote:
At a meeting a few weeks ago I was talking to a guy from BITS, the
e-commerce part of the Financial Services Roundtable, about the way
that malware infected PCs break all banks' fancy multi-password logins
since no matter
Peter Gutmann wrote:
John Gilmore g...@toad.com writes:
The theory that we should build good and useful tools capable of monopoly
and totalitarianism, but use social mechanisms to prevent them from being
used for that purpose, strikes me as naive.
There's another problem with this theory
Jerry Leichter wrote:
I commented earlier that $3200 seemed surprisingly cheap. One of the
articles on this claimed this was absurdly expensive - typical DoD gold
plating. Well ... the real price of a standard Blackberry is a couple
of hundred dollars, and put one in a room with a speaker
http://www.freedom-to-tinker.com/blog/felten/researchers-show-how-forge-site-certificates
By Ed Felten - Posted on December 30th, 2008 at 11:18 am
Today at the Chaos Computing Congress, a group of researchers (Alex Sotirov,
Marc Stevens, Jake Appelbaum, Arjen Lenstra, Benne de Weger, and David
http://blog.wired.com/27bstroke6/2008/12/berlin.html
More coverage on the MD5 collisions.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
http://www.cs.columbia.edu/~smb/blog//2008-12/2008-12-30.html
Steve mentions the social pressures involved in disclosing the vulnerability:
Verisign, in particular, appears to have been caught short. One of the CAs
they operate still uses MD5. They said:
The RapidSSL certificates are
Charles Jackson wrote:
I probably should not be commenting, not being a real device guy. But,
variations in temperature and time could be expected to change SSD timing.
Temperature changes will probably change the power supply voltages and shift
some of the thresholds in the devices.
JOHN GALT wrote:
StealthMonger wrote:
This may help to explain the poor uptake of encrypted email. It would
be useful to know exactly what has been discovered. Can you provide
references?
The iconic Paper explaining this is Why Johnny Can't Encrypt available
here:
Ali, Saqib wrote:
Does anyone have more info on the following:
http://snurl.com/75m3f
I couldn't find any other article that talked about it. The pay per
news is the only item I found.
It was tough to google for, because of all of the new references to Clinton
era articles.
google
Perry E. Metzger wrote:
http://www.eff.org/press/archives/2008/08/19
You wonder if it was MTBA exhibit 4 that tipped their case against the
MTBA's injunction, using Roblimo's article on Sklyarov, quoting reactions to
Dmitry Sklyarov's arrest for a DMCA violation on July 16, 2001, wherein:
http://www.stuff.co.nz/4659100a28.html?source=RSStech_20080817
Peter Gutmann has gotten himself in the news along with Adam Laurie and
Jeroen van Beek for altering the passport microchip in a passport.
Think of this as a local boy makes good piece of news, well worth it for the
picture of
Jim Youll wrote:
these have been circulating for hours, but they are content-free title
slides...
On Aug 9, 2008, at 7:38 PM, Ivan Krstić wrote:
On Sat, 09 Aug 2008 17:11:11 -0400, Perry E. Metzger
[EMAIL PROTECTED]
wrote:
Las Vegas - Three students at the Massachusetts Institute of
David G. Koontz wrote:
Sherri Davidoff wrote:
You know how memory is, little things get squishy with the passage of years.
As soon as I saw the post up on cryptography I asked myself was that 1972 or
1974?
Privacy Act of 1972
That should be 1974.
http://www.law.cornell.edu/uscode/html/uscode05
Sherri Davidoff wrote:
Matt Blaze wrote:
Once sensitive or personal data is captured, it stays around forever,
and the longer it does, the more likely it is that it will end up
somewhere unexpected.
Great point, and a fundamental lesson-of-the-moment for the security
industry. To take it
Ali, Saqib wrote:
Quoting the Foxbusiness article:
Permanent Privacy (patent pending) has been verified by Peter
Schweitzer, one of Harvard's top cryptanalysts, and for the inevitable
cynics Permanent Privacy is offering $1,000,000 to anyone who can
decipher a sample of ciphertext.
I did a
zooko wrote:
On Jun 12, 2008, at 4:35 PM, David G. Koontz wrote:
There's the aspect of competition.
I've also wondered if a reason they didn't release it is because they
bought
the 'IP' from someone.
Those are good guesses, David, and I guessed similar things myself and
inquired
Lawerence Spracklen's Blog:
http://blogs.sun.com/sprack/entry/detailed_t2_crypto_info
Detailed T2 crypto info
Very detailed info on the UltraSPARC T2 cryptographic accelerators can be
found here on the OpenSPARC website (the pertinent info can be found in
chapter-21 of the doc)
Posted
Steven M. Bellovin wrote:
http://www.gcn.com/online/vol1_no1/45946-1.html
http://www.gdc4s.com/documents/D-SMEPED-6-1007_p21.pdf
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
Steven M. Bellovin wrote:
http://www.gcn.com/online/vol1_no1/45946-1.html
http://www.afcea.org/signal/articles/templates/Signal_Article_Template.asp?articleid=1346zoneid=210
-
The Cryptography Mailing List
Unsubscribe by
http://www.physorg.com/news123951684.html
The technique is called EPIC, short for Ending Piracy of Integrated
Circuits. It relies on established cryptography methods and introduces
subtle changes into the chip design process. But it does not affect the
chips' performance or power consumption.
David G. Koontz wrote:
http://www.physorg.com/news123951684.html
Two more articles:
http://arstechnica.com/news.ars/post/20080309-fighting-the-black-market-crypto-locks-for-cpus-other-ics.html
This one has a bit of the technical description
http://itnews.com.au/News/71553,chip-lock-aims
Two papers of interest in evaluating the paper
http://www.eecs.umich.edu/~imarkov/pubs/conf/date08-epic.pdf
EPIC: Ending Piracy of Integrated Circuits
Jarrod A. Roy?, Farinaz Koushanfar? and Igor L. Markov?
?The University of Michigan, Department of EECS, 2260 Hayward Ave., Ann
Arbor, MI
http://computerworld.co.nz/news.nsf/scrt/3FF9713E23292846CC25740A0069243E
The Dutch government has issued a warning about the security of access keys
that are based on the widely used Mifare Classic RFID chip.
The warning comes in a week when two research teams independently
demonstrated hacks
Hal Finney wrote:
Looking at the block diagram for the new Toshiba circuit, and comparing
with the Intel design, one concern I have is with attacks on the device
via external electromagnetic fields which could modulate current flows
and potentially influence internal random numbers. Intel
http://www.stuff.co.nz/4365478a28.html
An Islamist website often used by al Qaeda supporters is promoting
encryption software which it says will help Islamic militants communicate
with greater security on the internet.
The Mujahideen Secrets 2 software was promoted as the first Islamic program
http://www.news.com.au/story/0,23599,22345160-2,00.html
APEC security arrangements have been thrown into disarray with the theft of
digitally encrypted police radios and a bullet-proof vest.
The Sunday Telegraph reports that statewide memos have been issued to police
working during the APEC
Peter Thermos wrote:
Interesting comment from Skype:
The disruption was triggered by a massive restart of our users' computers
across the globe within a very short timeframe as they re-booted after
receiving a routine set of patches through Windows Update.
and
We can confirm
http://www.nvlabs.in/?q=node/32
Vipin Kumar of of NVLabs had announced a break of TPM and a
demonstration of a break into Bitlocker, (presumably using TPM) to be
presented at Black Hat 2007. The presentation has been pulled.
Significance to the exchanges on cryptography under this subject stem
Looking for TPM enterprise adoption.
The current version of TPM was adopted in March o f 2006, which should
have limited TPM up take.
There's an article in Network World
http://www.networkworld.com/allstar/2006/092506-chip-security-papa-gino.html
from September 2006 talking about a restaurant
Peter Gutmann wrote:
David G. Koontz [EMAIL PROTECTED] writes:
There are third party TPM modules, which could allow some degree of
standardization:
As I said in my previous message, just because they exist doesn't mean they'll
do anything if you plug them into a MB with the necessary
David G. Koontz wrote:
I picked on one motherboard, a Gigabyte GA-P3-DQ6 which has the 20 pin
header for the IEI TPM pluggable. After an extensive investigation I
found no direct evidence you can actually do as Peter states and roll
your own building a TPM enabled system. That includes
Peter Gutmann wrote:
Ian Farquhar (ifarquha) [EMAIL PROTECTED] writes:
For example: the Gigabyte GA-965QM-DS2 (rev 2.0) which features security
enhancement by TPM. More common (ASUS, Foxconn) was the TPM Connector,
which seemed to be a hedged bet, by replacing the cost of the TPM chip with
Hal Finney wrote:
My question to the assembled: are cryptographic keys really subject to
DMCA subject to takedown requests? I suspect they are not
copyrightable under the criterion from the phone directory
precedent.
A sample demand letter from the AACS Licensing Authority appears at:
I've seen this quite some time in the past, it wasn't for public
disclosure. Periodically I've looked for a copy on the internet.
This is from Strech Inc., their Software Configurable Processor.
http://www.pdcl.eng.wayne.edu/msp6/MSP6_Workshop_Keynote_2004_POSTING.pdf
The stuff on DES
Perry E. Metzger wrote:
http://www.nytimes.com/2005/10/31/politics/31war.html?ex=1288414800en=e2f5e341687a2ed9ei=5090partner=rssuserlandemc=rss
WASHINGTON, Oct. 28 - The National Security Agency has kept secret
since 2001 a finding by an agency historian that during the Tonkin
Gulf
42 matches
Mail list logo
