Given that many real organizations have hundreds of front end
machines sharing RSA private keys, theft of RSA keys may very well be
much easier in many cases than broader forms of sabotage.
Or we could make it easy to have one separate RSA key per front end, signed
using the main RSA key of
On 18/09/13 00:56 AM, John Gilmore wrote:
Forwarded-By: David Farber d...@farber.net
Forwarded-By: Annie I. Anton Ph.D. aian...@mindspring.com
http://www.zdnet.com/nsa-cryptanalyst-we-too-are-americans-720689/
NSA cryptanalyst: We, too, are Americans
Speaking as a non-American, you guys
On 2013-09-17 Max Kington mking...@webhanger.com wrote:
[snip]
Hence, store in the clear, keep safe at rest using today's archival mechanism
and when that starts to get dated move onto the next one en-masse, for all
your media not just emails.
[snip]
I would tend to agree for environments
On 18 Sep 2013 07:44, Christoph Gruber gr...@guru.at wrote:
On 2013-09-17 Max Kington mking...@webhanger.com wrote:
[snip]
Hence, store in the clear, keep safe at rest using today's archival
mechanism and when that starts to get dated move onto the next one
en-masse, for all your media not
A level beyond marketing talk, but nowhere near technical detail. Still a bit
more than has been previously described. Links to some perhap
http://www.quora.com/Apple-Secure-Enclave/What-is-Apple%E2%80%99s-new-Secure-Enclave-and-why-is-it-important
There's a link to an ARM site with a
On Tue, Sep 17, 2013 at 11:48:40PM -0700, Christian Huitema wrote:
Given that many real organizations have hundreds of front end
machines sharing RSA private keys, theft of RSA keys may very well be
much easier in many cases than broader forms of sabotage.
Or we could make it easy to
Another consideration is that the NSA isn't the only bad actor out
there. Improving the robustness of TLS and other security protocols will
defend against other attacks.
___
The cryptography mailing list
cryptography@metzdowd.com
A few clarifications
1) PRISM-Proof is a marketing term
I have not spent a great deal of time looking at the exact capabilities of
PRISM vs the other programs involved because from a design point they are
irrelevant. The objective is to harden/protect the infrastructure from any
ubiquitous,
On 17/09/13 23:52 PM, John Kemp wrote:
On Sep 17, 2013, at 2:43 PM, Phillip Hallam-Baker hal...@gmail.com
I am sure there are other ways to increase the work factor.
I think that increasing the work factor would often result in
switching the kind of work performed to that which is easier
Everybody has to write a statement. The statement that most convinces the
public that we're okay gets published and a big-o-bonus. You guys have 3
days.
___
The cryptography mailing list
cryptography@metzdowd.com
On Tue, Sep 17, 2013 at 8:01 PM, John Gilmore g...@toad.com wrote:
Techdirt takes apart his statement here:
https://www.techdirt.com/articles/20130917/02391824549/nsa-needs-to-give-its-rank-and-file-new-talking-points-defending-surveillance-old-ones-are-stale.shtml
NSA Needs To Give Its
On 18/09/2013 01:50, John Gilmore wrote:
Re Big Data: I have never seen data that could be abused by someone
who didn't have a copy of it. My first line of defense of privacy is
to deny copies of that data to those who would collect it and later
use it against me. This is exactly the policy
On 9/18/13 10:44 AM, Phillip Hallam-Baker wrote:
The enterprise bridge control center certainly does not seem to be Hayden's
style either. Hayden is not the type to build a showboat like that.
Moving abit OT:
On the PBS Newshour coverage of this story, the showed the website of DBI
Architects
On 18 September 2013 15:30, Viktor Dukhovni cryptogra...@dukhovni.orgwrote:
On Tue, Sep 17, 2013 at 11:48:40PM -0700, Christian Huitema wrote:
Given that many real organizations have hundreds of front end
machines sharing RSA private keys, theft of RSA keys may very well be
much easier
On 9/18/13 at 6:08 AM, hal...@gmail.com (Phillip Hallam-Baker) wrote:
If I am trying to work out if an email was really sent by my bank then I
want a CA type security model because less than 0.1% of customers are ever
going to understand a PGP type web of trust for that particular purpose.
But
On Wed, Sep 18, 2013 at 08:04:04PM +0100, Ben Laurie wrote:
This is only realistic with DANE TLSA (certificate usage 2 or 3),
and thus will start to be realistic for SMTP next year (provided
DNSSEC gets off the ground) with the release of Postfix 2.11, and
with luck also a DANE-capable
On 09/18/2013 01:31 PM, Walter van Holst wrote:
What makes me a tad bitter is that we apparantly live in a world with
two classes: US citizens and the subhuman rest of it. NSA-style
blanket surveillance violates the fundamental right to privacy and
ultimately also the fundamental right to
On Sep 18, 2013, at 4:05 AM, ianG i...@iang.org wrote:
On 17/09/13 23:52 PM, John Kemp wrote:
On Sep 17, 2013, at 2:43 PM, Phillip Hallam-Baker hal...@gmail.com
I am sure there are other ways to increase the work factor.
I think that increasing the work factor would often result in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2013-09-14 08:53, Peter Fairbrother wrote:
I get that 1024 bits is about on the edge, about equivalent to 80
bits or a little less, and may be crackable either now or sometime
soon.
Moti Young and others wrote a book back in the 90's (or
On Wed, Sep 18, 2013 at 08:47:17PM +, Viktor Dukhovni wrote:
On Wed, Sep 18, 2013 at 08:04:04PM +0100, Ben Laurie wrote:
This is only realistic with DANE TLSA (certificate usage 2 or 3),
and thus will start to be realistic for SMTP next year (provided
DNSSEC gets off the ground)
Walter van Holst walter.van.ho...@xs4all.nl writes:
These are not rights that are solely vested in the exceptional Americans. The
Bill of Tights [...]
For people unfamiliar with this one, it's the bit that reads:
Congress shall make no law respecting the wearing of hosiery, or prohibiting
21 matches
Mail list logo
