On Thu, 12 Sep 2013, Nico Williams wrote:
Note: you don't just want BTNS, you also want RFC5660 -- IPsec
channels. You also want to define a channel binding for such channels
(this is trivial).
To summarize: IPsec protects discrete *packets*, not discrete packet
*flows*. This means that
On Sun, 8 Sep 2013, Daniel Cegiełka wrote:
Subject: Re: [Cryptography] Opening Discussion: Speculation on BULLRUN
http://www.youtube.com/watch?v=K8EGA834Nok
Is DNSSEC is really the right solution?
That is the most unprofessional talk I've seen djb give. He bluffed a
bunch of fanboys with
On Fri, 8 Oct 2010, Perry E. Metzger wrote:
I have a client with the following problem. They would like to
encrypt all of their Windows workstation drives, but if they do that,
the machines require manual intervention to enter a key on every
reboot. Why is this a problem? Because installations
On Thu, 26 Aug 2010, d...@geer.org wrote:
as previously mentioned, somewhere back behind everything else ... there
is strong financial motivation in the sale of the SSL domain name digital
certificates.
While I am *not* arguing that point, per se, if having a
better solution would require,
On Tue, 17 Aug 2010, Steven Bellovin wrote:
They also suggest that a 3-4 year phase-out of 1024-bit moduli is the proper
course.
Note that this is because they take into consideration that secrets have
to be unbreakable for decade(s), which is not the case for all uses of
RSA. For example in
On Mon, 2 Aug 2010, Nicolas Williams wrote:
If that was a major issue, then SSL would have been much more successful
then it has been.
How should we measure success?
The default mode for any internet communication is encrypted
By that measure TLS has been so much more successful than
On Mon, 2 Aug 2010, Yaron Sheffer wrote:
In addition to the mitigations that were discussed on the list, such machines
could benefit from seeding /dev/random (or periodically reseeding it) from
the *host machine's* RNG. This is one thing that's guaranteed to be different
between VM instances.
On Mon, 2 Aug 2010, Perry E. Metzger wrote:
For example, in the internet space, we have http, smtp, imap and other
protocols in both plain and ssl flavors. (IPSec was originally
intended to mitigate this by providing a common security layer for
everything, but it failed, for many reasons. Nico
Hi,
I've heard rumors of an attack on the SHA-2 family reducing complexity of
SHA256 to something less or equal of 112 bits.
This attack will apparently be announced in a few days - perhaps at Black Hat or
Def Con?
I would be interested in knowing more.
Paul
On Thu, 29 Jul 2010, Richard Salz wrote:
At shutdown, a process copies /dev/random to /var/random-seed which is
used on reboots.
Is this a good, bad, or shrug, whatever idea?
I suppose the idea is that all startup procs look the same ?
better then not.
A lot of (pseudo)random comes from disk
On Fri, 16 Jul 2010, Taral wrote:
Neat, but not (yet) useful... only these TLDs have DS records:
The rest will follow soon. And it is not that you had to stop those
TLD trust anchors just now.
Several are using old SHA-1 hashes...
old ?
Paul
On Mon, 12 Jul 2010, Ben Laurie wrote:
On 2 July 2010 13:19, Eugen Leitl eu...@leitl.org wrote:
http://www.technologyreview.com/printer_friendly_article.aspx?id=25670channel=Briefingssection=Microprocessors
Tuesday, June 29, 2010
Nanoscale Random Number Circuit to Secure Future Chips
Intel
On Mon, 12 Jul 2010, Eric Murray wrote:
Then there's FIPS- current 140 doesn't have a provision for HW RNG.
They certify software RNG only, presumeably because proving a HW RNG to be
random enough is very difficult. So what's probably the primary market
(companies who want to meet FIPS) isn't
13 matches
Mail list logo