On Sun, 2007-01-14 at 21:07 +0100, Erik Tews wrote:
Am Samstag, den 13.01.2007, 19:03 -0800 schrieb Richard Powell:
I was hoping someone on this list could provide me with a link to a
tool
that would enable me to dump the raw HTTP data from a web request that
uses SSL/HTTPS. I have full
On Sat, 2007-01-13 at 19:03 -0800, Richard Powell wrote:
I was hoping someone on this list could provide me with a link to a tool
that would enable me to dump the raw HTTP data from a web request that
uses SSL/HTTPS. I have full access to the server, but not to the
client, and I want to know
Thanks for the responses. I found the solution thanks to one of the
suggestions off this list.
Basically, just setup stunnel to accept the encrypted stream and forward
it to a clear server and then sniffed the stream.
Thanks again
Richard
On Sat, 2007-01-13 at 19:03 -0800, Richard Powell
On Sun, Jan 14, 2007 at 03:31:22PM -0500, Steven M. Bellovin wrote:
On Sat, 13 Jan 2007 18:26:52 -0500
John Ioannidis [EMAIL PROTECTED] wrote:
Citibank send me periodic reminders to switch to an electronic-only
statement so that I am better protected against identity theft.
The advice
Joseph Ashwood wrote:
- Original Message - From: Matthias Bruestle
[EMAIL PROTECTED]
What do you think about this?
I think you need some serious help in learning the difference between
2^112 and 112, and that you really don't seem to have much grasp of the
entire concept.
Please
On 1/11/07, Joseph Ashwood [EMAIL PROTECTED] wrote:
112 bits of entropy is 112 bits of entropy...anything else and you're
into the world of trying to prove equivalence between entropy and
work which work in physics but doesn't work in computation
because next year the work level will be
An article on how to use freely available Full Disk Encryption (FDE)
products to protect the secrecy of the data on your laptops. FDE
solutions helps to prevent data leaks in case the laptop is stolen or
goes missing. The article includes a brief intro, benefits, drawbacks,
some tips, and a
More information, and questions about the validity of the project:
http://it.slashdot.org/article.pl?sid=07/01/11/1859218
http://cryptome.org/wikileaks/wikileaks-leak.htm
http://cryptome.org/wikileaks/wikileaks-leak2.htm
Jeremy
-Original Message-
From: [EMAIL PROTECTED]
In the last couple of days I have been considering implementing an
LRW mode for CGD (http://www.imrryr.org/~elric/cgd) (CryptoGraphic
Disk), but I haven't really seen a lot of cryptanalysis of it or
found the canonical implementation.
Has anyone here done the research? And if it is generally
On Mon, 15 Jan 2007 08:39:18 -0800
Saqib Ali [EMAIL PROTECTED] wrote:
An article on how to use freely available Full Disk Encryption (FDE)
products to protect the secrecy of the data on your laptops. FDE
solutions helps to prevent data leaks in case the laptop is stolen or
goes missing. The
On Mon, 15 Jan 2007 08:39:18 -0800
Saqib Ali [EMAIL PROTECTED] wrote:
An article on how to use freely available Full Disk Encryption (FDE)
products to protect the secrecy of the data on your laptops. FDE
solutions helps to prevent data leaks in case the laptop is stolen or
goes missing. The
On Tue, 16 Jan 2007, Steven M. Bellovin wrote:
[[about full-disk encryption]]
In most situations, disk encryption is useless and probably harmful.
It's useless because you're still relying on the OS to prevent access
to the cleartext through the file system, and if the OS can do that it
can do
At 06:32 AM 1/16/2007, Steven M. Bellovin wrote:
Disk encryption, in general, is useful when the enemy has physical
access to the disk. Laptops -- the case you describe on your page --
do fit that category; I have no quarrel with disk encryption for them.
It's more dubious for desktops and
On Tue, 16 Jan 2007 07:56:22 -0800
Steve Schear [EMAIL PROTECTED] wrote:
At 06:32 AM 1/16/2007, Steven M. Bellovin wrote:
Disk encryption, in general, is useful when the enemy has physical
access to the disk. Laptops -- the case you describe on your page --
do fit that category; I have no
Dr. Bellovin,
In most situations, disk encryption is useless and probably harmful.
It's useless because you're still relying on the OS to prevent access
to the cleartext through the file system, and if the OS can do that it
can do that with an unencrypted disk.
I am not sure I understand
Legal access is a special case -- what is the law (and practice) in any
given country on forced access to keys? If memory serves, Mike Godwin
Yup. Disk Crypto has a ugly side as well, as highlighted by the recent
incident where FBI was unable to crack the encryption used by a
pedophile and
On Tue, 16 Jan 2007 08:19:41 -0800
Saqib Ali [EMAIL PROTECTED] wrote:
Dr. Bellovin,
In most situations, disk encryption is useless and probably harmful.
It's useless because you're still relying on the OS to prevent
access to the cleartext through the file system, and if the OS can
do
Yes, encrypted disks aren't much good unless the OS also encrypts
(at least) swap space. I note that OpenBSD ships with swap-space
I think you are confusing Disk Encryption with Full Disk Encryption
(FDE). They are two different beast.
FDE encrypts the entire boot drive, including the OS,
Steven M. Bellovin wrote:
On Tue, 16 Jan 2007 07:56:22 -0800
Steve Schear [EMAIL PROTECTED] wrote:
At 06:32 AM 1/16/2007, Steven M. Bellovin wrote:
Disk encryption, in general, is useful when the enemy has physical
access to the disk. Laptops -- the case you describe on your page --
do
Steven M. Bellovin wrote:
...
Legal access is a special case -- what is the law (and practice) in any
given country on forced access to keys? If memory serves, Mike Godwin
-- a lawyer who strongly supports crypto, etc. -- has opined that under
US law, a subpoena for keys would probably be
On Sun, Jan 14, 2007 at 03:31:22PM -0500, Steven M. Bellovin wrote:
| Anyway -- we're so focused in this group on the Internet that we
| sometimes forget about physical world attacks. Theft of financial data
| (and financial objects, such as checks and credit cards) from physical
| mailboxes (or
21 matches
Mail list logo