At 11:38 AM 05/30/2003 -0700, John Young wrote:
If the FBI cannot crack PGP that does not mean other
agencies with greater prowess cannot. It is unlikely that
the capability to crack PGP would be publicly revealed
for that would close an invaluable source of information.
.
Still, it is
Lucky Green [EMAIL PROTECTED] writes:
I trust that we can agree that the volume of traffic and number of
transactions protected by SSL are orders of magnitude higher than those
protected by SSH. As is the number of users of SSL. The overwhelming majority
of which wouldn't know ssh from telnet.
On Tue, 3 Jun 2003 [EMAIL PROTECTED] wrote:
I confess to being confused - though admittedly part of the blame for this
is my own ignorance.
I remember a time when PGP was a command line application. The only
algorithms it used were IDEA (symmetric), RSA (assymetric) and MD5 (hash). I
came to
At 08:17 AM 06/03/2003 -0700, bear wrote:
what he said was with cryptanalysis alone.
Rubber-hose methods are not cryptanalysis, and
neither is password guessing.
Eh? Password guessing certainly is.
I'm not aware of a PGP port to the Psion, but at least the
Psion 3/3a/3c generation were 8086-like
On Tue, 2003-06-03 at 07:04, Peter Gutmann wrote:
That's a red herring. It happens to use X.509 as its preferred bit-bagging
format for public keys, but that's about it. People use self-signed certs,
certs from unknown CAs [0], etc etc, and you don't need certs at all if you
don't need them,
The AP wire reports that the founder of Nullsoft, Justin Frankel, plans
to resign in the wake of WASTE being pulled.
http://www.nytimes.com/aponline/technology/AP-AOL-Nullsoft.html
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com
At 08:53 AM 06/03/2003 -0700, bear wrote:
IDEA is still a good cipher as far as I know, but PGP has been driven
away from it in the US due to intellectual-property issues. Rather than
continue with incompatible versions for use inside/outside the USA, they're
switching to CAST (although this is
At 11:38 AM 06/03/2003 -0400, Ian Grigg wrote:
I (arbitratrily) define the marketplace for SSL as browsing.
...
There, we can show statistics that indicate that SSL
has penetrated to something slightly less than 1% of servers.
For transmitting credit card numbers on web forms,
I'd be surprised if
On Tue, Jun 03, 2003 at 06:17:12PM -0400, John Kelsey wrote:
At 01:25 PM 6/3/03 -0700, Eric Blossom wrote:
...
I agree end-to-end encryption is worthwhile if it's available, but even
when someone's calling my cellphone from a normal landline phone, I'd like
it if at least the over-the-air
At 03:04 PM 6/3/2003 -0700, James A. Donald wrote:
I never figured out how to use a certificate to authenticate a
client to a web server, how to make a web form available to one
client and not another. Where do I start?
What I and everyone else does is use a shared secret, a
password stored on
Tim Dierks wrote:
At 09:11 AM 6/3/2003, Peter Gutmann wrote:
Lucky Green [EMAIL PROTECTED] writes:
Given that SSL use is orders of magnitude higher than that of SSH, with no
change in sight, primarily due to SSL's ease-of-use, I am a bit puzzled by
your assertion that ssh, not SSL, is
11 matches
Mail list logo
