At 12:43 PM 6/10/03 -0400, Jeffrey Kay wrote:
number (which I now use Call Intercept to avoid telephone solicitors).
But for privacy reasons, some folks will not automatically forward
their phone number. You either deny them access or require them
to jump through extra hoops (redial w/ special
At 03:38 PM 6/11/03 -0600, Anne Lynn Wheeler wrote:
even before e-commerce, the real
BBB process was that people called up the BBB and got realtime information
i.e. it was an online, realtime process.
the equiivalent for an online, internet paradigm (as opposed to something
left over
At 05:47 PM 6/11/03 -0700, Bill Frantz wrote:
To try to reflect some of David's points with a real-world situation. I
was at work, with a brand new installation of PGP. I wanted to send some
confidential data home so I could work with it. However I didn't have my
home key at work, so I didn't
At 03:41 PM 6/13/03 -0700, Bill Frantz wrote:
The HighFire project at Cryptorights
http://www.cryptorights.org/research/highfire/ is planning on building a
web of trust rooted in the NGOs who will be using the system. Each NGO
will have a signing key. A NGO will sign the keys of the people
At 11:40 AM 7/8/03 -0600, Anne Lynn Wheeler wrote:
A hardware token that requires a PIN/password to operate can be considered
two-factor authentication (something you have and something you know).
I was going to comment on how a simple plastic debit card
that includes a photo provides the
At 12:30 AM 7/15/03 -0400, Don Davis wrote:
An electrical engineer at Washington University
in St. Louis has devised a theory that sets the
limits for the amount of data that can be hidden
in a system and then provides guidelines for how
to store data and decode it. Contrarily, the
theory
At 01:01 PM 8/27/03 -0700, Jim McCoy wrote:
While IANL, it seems that the whole anonymity game has a flaw that
doesn't even require a totalitarian regime. I would direct you to the
various laws in the US (to pick a random example :) regarding
conspiracy. Subscribing to an anonymity service
At 04:50 PM 9/2/03 -0400, Duncan Frissell wrote:
Anyone have any pointers to non destructive methods of rendering Smart
Chips unreadable? Just curious.
DCF
Perhaps I'm being dense but how could this be non-destructive?
Do you mean non-obvious? Or reversible?
If the usual microwave games
At 03:32 PM 9/7/03 -0400, R. A. Hettinga wrote:
If the cellphone companies in 197 countries want to correct the code errors
that expose them to trickery and abuse, they will have to call in each
customer to make a change in the cellphone's programming, or replace all of
the cellular phones used by
At 05:04 PM 9/8/03 -0400, Trei, Peter wrote:
Why the heck would a government agency have to break the GSM encryption
at all? The encryption is only on the airlink, and all GSM calls travel
through
the POTS land line system in the clear, where they are subject to
warranted wiretaps.
Breaking GSM
At 08:34 AM 9/24/03 -0400, Greg Troxel wrote:
A consequence of the infinite CPU assumption is that ciphers like AES,
hash functions like SHA-1, etc. are all considered useless by the
purist QC community. Thus, people talk about doing authentication
with families of universal hash functions. This
At 03:38 PM 10/6/03 -0400, Ian Grigg wrote:
I'm asking myself whether anonymous DH is confusingly named.
Perhaps it should be called psuedonymous DH because it creates
psuedonyms for the life of the session? Or, we need a name
that describes the creation of psuedonyms, de novo, from
an anonymous
At 07:11 PM 10/22/03 -0400, Perry E. Metzger wrote:
Indeed. Imagine if we waited until airplanes exploded regularly to
design them so they would not explode, or if we had designed our first
suspension bridges by putting up some randomly selected amount of
cabling and seeing if the bridge
At 09:13 AM 12/26/03 -0800, Steve Schear wrote:
http://news.bbc.co.uk/2/hi/technology/3324883.stm
Mr Wobber and his group calculated that if there are 80,000
seconds in a day, a computational price of a 10-second levy
would mean spammers would only be able to send about 8,000
messages a day, at
At 03:37 PM 4/12/04 -0400, Perry E. Metzger wrote:
QC can only run over a dedicated fiber over a short run, where more
normal mechanisms can work fine over any sort of medium -- copper, the
PSTN, the internet, etc, and can operate without distance limitation.
Nice essay. I especially liked the
At 08:40 AM 6/16/04 -0700, Eric Rescorla wrote:
the search patterns used by blackhats - we are all human and are likely
to be drawn to similar bugs.
Prof Nancy Levenson once did a study where separate teams coded
solutions to the same problem. The different teams' code often erred
in the same
At 02:09 PM 7/28/04 -0400, Adam Back wrote:
The difference is if the CA does not generate private keys, there
should be only one certificate per email address, so if two are
discovered in the wild the user has a transferable proof that the CA
is up-to-no-good. Ie the difference is it is
At 04:34 PM 8/20/04 -0500, Matt Crawford wrote:
I'm wondering how applicable RPOW is.
If you think of POW as a possible SPAM mitigation
As spam mitigation, it might work better than
hashcash. As cash, it lacks the anonymity of
bearer-documents (tm) since there is one
clearing house. This
At 12:34 AM 8/27/04 +0100, Ian Grigg wrote:
David Honig wrote:
Security Engineer, according to Schneier...
I don't like that term for 3 reasons: firstly, when we
build stuff, security should be top-to-bottom, integrated
in, and not seen as an add-on, an after-thought. That
is, the overall
At 06:02 PM 9/1/04 +0300, Marcel Popescu wrote:
From: Marcel Popescu [EMAIL PROTECTED]
Hence my question: is there some approximate hash function (which I
could
use instead of SHA-1) which can verify that a text hashes very close to
a
value? So that if I change, say, tabs into spaces, I won't
At 12:58 PM 9/27/04 -0600, Anne Lynn Wheeler wrote:
At 11:03 PM 9/24/2004, Peter Gutmann wrote:
A few days ago I was chatting with some people working on a government IT
project who had a rather complex security problem that they needed help
with.
They have a large number of users with Windows
At 03:25 PM 9/30/04 -0700, John Gilmore wrote:
Crypto hardware that generates random numbers can't be tested in
production in many useful ways. My suggestion would be to XOR a
hardware-generated and a software-generated random number stream. If
one fails, whether by accident, malice, or design,
Bumber sticker:
Remember, the NSA is Backing You Up
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
23 matches
Mail list logo