Re: [cryptography] Cryptome’s searing critique of Snowden Inc.

(Note: Removed some mailing lists that I am not subscribed to.) On Sun, Feb 14, 2016 at 5:38 AM, John Young wrote: > > Cryptome's searing critique of Snowden Inc. > > http://timshorrock.com/?p=2354 One thing that I'm not quite getting here that perhaps you can explain. Ms.

Re: [cryptography] Java RNG

On Wed, Dec 30, 2015 at 10:24 AM, Givon Zirkind wrote: > Does anyone have any thoughts on the randomness of the Java random number > generator? You really need to be more specific. Here are some things to consider in no particular order: 1) java.util.Random vs.

Re: [cryptography] fonts and viruses

On Dec 15, 2015 9:49 AM, "Marcus Brinkmann" < marcus.brinkm...@ruhr-uni-bochum.de> wrote: > > I'd start here: > > http://www.cvedetails.com/vulnerability-list/vendor_id-9705/product_id-17354/opec-1/Pango-Pango.html > > But if you are looking for specific examples, I don't know any. > > What you

[cryptography] Fwd: [SC-L] Silver Bullet: Whitfield Diffie

Seems as though this interview might be of interest to those on these lists. I've not listened to it yet so I don't know how interesting it may be. -kevin P.S. - Happy Gnu Year to all of you. Sent from my Droid; please excuse typos. -- Forwarded message -- From: Gary McGraw

Re: [cryptography] Browser JS (client side) crypto FUD

[Note: Dropped cypherpunks list as I'm not subscribed to that list.] On Sat, Jul 26, 2014 at 11:03 AM, Lodewijk andré de la porte l...@odewijk.nl wrote: http://matasano.com/articles/javascript-cryptography/ Is surprisingly often passed around as if it is the end-all to the idea of client side

Re: [cryptography] Best practices for paranoid secret buffers

On Wed, May 7, 2014 at 8:15 AM, Jeffrey Walton noloa...@gmail.com wrote: On Tue, May 6, 2014 at 11:56 PM, Tony Arcieri basc...@gmail.com wrote: Can anyone point me at some best practices for implementing buffer types for storing secrets? There are the general coding rules at cryptocoding.net

Re: [cryptography] question about heartbleed on Linux

On Thu, Apr 10, 2014 at 1:09 PM, Scott G. Kelly sc...@hyperthought.com wrote: A friend and I were discussing this. If the memory management is lazy (doesn't clear on page allocation/free), and if processes don't clear their own memory, I wondered if heartbleed would expose anything. My friend

Re: [cryptography] NSA Molecular Nanotechnology hardware trojan

On Jan 6, 2014 10:29 AM, Krassimir Tzvetanov mailli...@krassi.biz wrote: Guys, are you trying to kill this list as well? Can you, please, move this discussion to the sci-fi or theory of conspiracy _forums_. Indeed; let's not feed the trolls! -kevin Sent from my Droid; please excuse typos.

Re: [cryptography] NSA Molecular Nanotechnology hardware trojan

On Jan 6, 2014 10:29 AM, Krassimir Tzvetanov mailli...@krassi.biz wrote: Guys, are you trying to kill this list as well? Can you, please, move this discussion to the sci-fi or theory of conspiracy _forums_. Indeed; let's not feed the trolls! -kevin Sent from my Droid; please excuse typos.

Re: [cryptography] To Protect and Infect Slides

On Tue, Dec 31, 2013 at 3:13 PM, Jacob Appelbaum ja...@appelbaum.netwrote: Kevin W. Wall: On Tue, Dec 31, 2013 at 3:10 PM, John Young j...@pipeline.com wrote: 30c3 slides from Jacob Appelbaum: http://cryptome.org/2013/12/appelbaum-30c3.pdf (3.8MB) And you can find his actual prez

Re: [cryptography] To Protect and Infect Slides

On Tue, Dec 31, 2013 at 3:10 PM, John Young j...@pipeline.com wrote: 30c3 slides from Jacob Appelbaum: http://cryptome.org/2013/12/appelbaum-30c3.pdf (3.8MB) And you can find his actual prez here: https://www.youtube.com/watch?v=b0w36GAyZIA Worth the hour, although I'm sure your blood

Re: [cryptography] Password Blacklist that includes Adobe's Motherload?

On Thu, Nov 14, 2013 at 6:07 PM, Patrick Mylund Nielsen cryptogra...@patrickmylund.com wrote: On Thu, Nov 14, 2013 at 5:57 PM, Ben Laurie b...@links.org wrote: On 14 November 2013 03:29, shawn wilson ag4ve...@gmail.com wrote: This is the only thing I've seen (haven't really looked):

Re: [cryptography] urandom vs random

On Fri, Aug 23, 2013 at 12:54 AM, Patrick Pelletier c...@funwithsoftware.org wrote: On 8/22/13 9:40 AM, Nico Williams wrote: My suggestion is /dev/urandomN where N is one of 128, 192, or 256, and represents the minimum entropy estimate of HW RNG inputs to date to /dev/urandomN's pool. If

Re: [cryptography] best practices for hostname validation when using JSSE

On Fri, Aug 9, 2013 at 3:03 PM, Patrick Pelletier c...@funwithsoftware.org wrote: One thing mentioned in the Most Dangerous Code in the World paper (and I've verified experimentally) is that JSSE doesn't validate the hostname against the X.509 certificate, so if one uses JSSE naively, one is

[cryptography] Recommendations for glossary of cryptographic terms

I am trying to wrap of the writing of the cryptography section of the new OWASP Dev Guide 2013 and rather than writing all my definitions, my thought was to just refer to some good glossary of cryptographic terms rather than doing all that work over again (and probably not as well). Does anyone

[cryptography] Interesting presentation on CryptDB

There is very interesting presentation at Microsoft Research by MIT PhD candidate Raluca Ada Popa on CryptoDB over at: http://research.microsoft.com/apps/video/default.aspx?id=178914 CryptDB works as a trusted proxy used on the application side and is completely transparent to the database

[cryptography] OT: Skype-Based Malware Forces Computers into Bitcoin Mining

You know Bitcoin must have arrived when this is going on. (For that matter, I even heard Bitcoin mentioned on NPR a few days ago.) As reported on IEEE Computer Society's _Computing Now_ news site:

[cryptography] Privacy-Preserving Photo Sharing via crypto

http://www.usc.edu/uscnews/newsroom/news_release.php?id=3017 Interesting use of crypto, not a lot of details here. Haven't checked the USENIX proceedings yet though. However, somewhat disturbing though that software developed via NFS grants on the U.S. taxpayer's dime can be patented. -kevin --

Re: [cryptography] ICIJ's project - comment on cryptography tools

Some OT comments to an OT response... On Mon, Apr 8, 2013 at 8:30 AM, ianG i...@iang.org wrote: On 7/04/13 09:38 AM, Nico Williams wrote: [big snip] We've built a house of cards, not so much on the Internet as on the web (but not only!). Web application security is complete mess. And

Re: [cryptography] Here's What Law Enforcement Can Recover From A Seized iPhone

On Thu, Mar 28, 2013 at 7:27 PM, Jon Callas j...@callas.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [Not replied-to cryptopolitics as I'm not on that list -- jdcc] Ditto. On Mar 28, 2013, at 3:23 PM, Jeffrey Goldberg jeff...@goldmark.org wrote: Do hardware manufacturers and

[cryptography] RSA SecurID breach (was Re: Here's What Law Enforcement Can Recover From A Seized iPhone)

Note subject change. On Thu, Mar 28, 2013 at 9:36 PM, Steven Bellovin s...@cs.columbia.edu wrote: All excellent, well articulated points. I guess that means that RSA Security is an insane company then since that's pretty much what they did with the SecurID seeds. Well, we don't really know

Re: [cryptography] Cryptographers win Turing award

On Mar 14, 2013 7:52 AM, ianG i...@iang.org wrote: snip ACM Press release is helpful: http://www.acm.org/press-room/news-releases/2013/turing-award-12 Wikipedia is too: http://en.wikipedia.org/wiki/Probabilistic_encryption better copy of the 1984 article:

[cryptography] Recommendations for crypto package for ASP.NET 4.5

Hi list, I'm looking for some crypto package (preferably FOSS) that supports some sort of authenticated encryption cipher mode (prefer GSM or CCM, but anything without patent encumbrances will probably do) that will work for ASP.NET 4.5 out-of-the-box. It can be built from C code if there is a

Re: [cryptography] side channel analysis on phones

Ian, Hopefully some more food for thought. However, given that neither Android development nor side-channels is where my expertise lies, I can't guarantee that such food won't cause undue illness. ;-) On Sat, Mar 9, 2013 at 5:06 AM, ianG i...@iang.org wrote: On Mar 8, 2013 5:46 AM, Ethan

Re: [cryptography] Q: CBC in SSH

On Mon, Feb 11, 2013 at 6:20 PM, Peter Gutmann pgut...@cs.auckland.ac.nzwrote: snip ... I don't understand the resistance either, in the case of TLS it's such a trivial change (in my case it was two lines of code added and two lines swapped, alongside hundreds of lines of ad-hockery

Re: [cryptography] any reason to prefer one java crypto library over another

At long last, a question that I can (almost) answer! ;-) On Tue, Jan 29, 2013 at 9:05 PM, travis+ml-rbcryptogra...@subspacefield.org wrote: First, are there any documented vulns in java cryptography providers, such that one would prefer one over another? I'm not aware of any outstanding

[cryptography] Rocra malware targets files encrypted by Acid Cryptofiler

May be of some interest to this group. Looks like another US intelligence cyber-espionage malware has been reported by Kaspersky, this time primarily targeting former Soviet-block republics. Full story is here:

Re: [cryptography] phishing/password end-game (Re: Why anon-DH ...)

On Wed, Jan 16, 2013 at 9:21 PM, d...@geer.org wrote: To clarify: I think everyone and everything should be identified by their public key,... Would re-analyzing all this in a key-centric model rather than a name-centric model offer any insight? (key-centric meaning that the key is

Re: [cryptography] yet another certificate MITM attack

Relevant to this thread, but OT to the charter of this list. On Sat, Jan 12, 2013 at 5:46 AM, Jeffrey Walton noloa...@gmail.com wrote: On Sat, Jan 12, 2013 at 4:27 AM, ianG i...@iang.org wrote: On 11/01/13 02:59 AM, Jon Callas wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Others

Re: [cryptography] current limits of proving MITM (Re: Gmail and SSL)

[A bit OT. Sorry] On Sun, Dec 16, 2012 at 5:51 PM, Jeffrey Walton noloa...@gmail.com wrote: On Sun, Dec 16, 2012 at 4:48 AM, ianG i...@iang.org wrote: On 16/12/12 11:47 AM, Adam Back wrote: [snip] On Sun, Dec 16, 2012 at 10:52:37AM +0300, ianG wrote: [...] we want to prove that a certificate

Re: [cryptography] Questions about crypto in Oracle TDE

On Sun, Nov 11, 2012 at 7:34 AM, Florian Weimer f...@deneb.enyo.de wrote: * Kevin W. Wall: Oracle TDE is being looked at as oneoption because it is thought to be more or less transparent to application itself and its JDBC code. If it's transparent, it's unlikely to help against relevant

Re: [cryptography] Questions about crypto in Oracle TDE

On Thu, Nov 8, 2012 at 6:22 PM, Morlock Elloi morlockel...@yahoo.com wrote: We have been using a different approach for securing particular fields in the database. The main issue with symmetric ciphers inside (distributed) systems is that the encrypting entity is always the most numerous

Re: [cryptography] Public Key Pinning Extension for HTTP (draft-ietf-websec-key-pinning-01)

On Nov 1, 2012 5:23 PM, Jeffrey Walton noloa...@gmail.com wrote: Hi All, I was reading through Public Key Pinning Extension for HTTP (draft-ietf-websec-key-pinning-01, http://tools.ietf.org/html/draft-ietf-websec-key-pinning-01). Section 3.1. Backup Pins, specifies that a backup should be

Re: [cryptography] Data breach at IEEE.org: 100k plaintext passwords.

-kevin Sent from my Droid; please excuse typos. On Sep 25, 2012 1:39 PM, Jeffrey Walton noloa...@gmail.com wrote: In case anyone on the list might be affected... [Please note: I am not the I' in the text below] http://ieeelog.com For shame. This should make for a nice article in a future

Re: [cryptography] Data breach at IEEE.org: 100k plaintext passwords.

I'm thinking the IEEE should pick up the membership dues for 2013 for all those 100k users. :-p -kevin Sent from my Droid; please excuse typos. ___ cryptography mailing list cryptography@randombit.net

Re: [cryptography] Key extraction from tokens (RSA SecurID, etc) via padding attacks on PKCS#1v1.5

On Mon, Jul 2, 2012 at 1:56 AM, Jeffrey Walton noloa...@gmail.com wrote: On Sat, Jun 30, 2012 at 11:11 PM, Noon Silk noonsli...@gmail.com wrote: From: http://blog.cryptographyengineering.com/2012/06/bad-couple-of-years-for-cryptographic.html [snip] Direct link to the paper:

Re: [cryptography] Intel RNG

Marsh, Am I missing something? On Fri, Jun 22, 2012 at 1:06 PM, Marsh Ray ma...@extendedsubset.com wrote: On 06/21/2012 09:05 PM, ianG wrote: On 22/06/12 06:53 AM, Michael Nelson wrote: [snip] It's a natural human question to ask. I want to see what's under the hood. But it seems there is

Re: [cryptography] data integrity: secret key vs. non-secret verifier; and: are we winning?

On Wed, May 2, 2012 at 5:01 AM, Darren J Moffat darren.mof...@oracle.com wrote: On 05/02/12 06:33, Kevin W. Wall wrote: primitives that do not include *any* AE cipher modes at all. Some great examples are in the standard SunJCE that comes with the JDK (you have to use something like

Re: [cryptography] [info] The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)

On Mar 24, 2012 3:29 AM, Marsh Ray ma...@extendedsubset.com wrote: On 03/24/2012 01:28 AM, J.A. Terranson wrote: Ah... Probably not. Think Jim Bell et al. I suspect it is far more likely that the vast majority of subscribers here are listed in the Potentially Dangerous category, if

Re: [cryptography] trustwave admits issuing corporate mitm certs

On Mon, Feb 27, 2012 at 6:08 PM, coderman coder...@gmail.com wrote: On Sat, Feb 25, 2012 at 4:54 PM, Marsh Ray ma...@extendedsubset.com wrote: ... Still it might be worth pointing that if Wells Fargo really wanted to forbid a Trustwave network-level MitM, SSL/TLS provides the capability to

Re: [cryptography] US Appeals Court upholds right not to decrypt a drive

On Sun, Feb 26, 2012 at 8:36 PM, James A. Donald jam...@echeque.com wrote: On 2012-02-27 3:35 AM, Jon Callas wrote: Remember what I said -- they're law enforcement and border control. In their world, Truecrypt is the same thing as a suitcase with a hidden compartment. When someone crosses a

Re: [cryptography] US Appeals Court upholds right not to decrypt a drive

On Sat, Feb 25, 2012 at 2:50 AM, Jon Callas j...@callas.org wrote: [snip] But to get to the specifics here, I've spoken to law enforcement and border control people in a country that is not the US, who told me that yeah, they know all about TrueCrypt and their assumption is that *everyone*

Re: [cryptography] Combined cipher modes

...@iang.org wrote: On 20/02/12 18:11 PM, Kevin W. Wall wrote: Hi list, This should be a pretty simple question for this list, so please pardon my ignorance. But better to ask than to continue in ignorance. :-) NIST refers to combined cipher modes as those supporting *both* authenticity

[cryptography] Combined cipher modes

Hi list, This should be a pretty simple question for this list, so please pardon my ignorance. But better to ask than to continue in ignorance. :-) NIST refers to combined cipher modes as those supporting *both* authenticity and confidentiality, such as GCM and CCM. So my first question: Are

Re: [cryptography] trustwave admits issuing corporate mitm certs

On Wed, Feb 15, 2012 at 12:49 AM, Jeffrey Walton noloa...@gmail.com wrote: On Sun, Feb 12, 2012 at 8:17 PM, Steven Bellovin s...@cs.columbia.edu wrote: On Feb 12, 2012, at 6:31 AM, Harald Hanche-Olsen wrote: [Jeffrey Walton noloa...@gmail.com (2012-02-12 10:57:02 UTC)] (1) How can a company

Re: [cryptography] Password non-similarity?

On Tue, Jan 3, 2012 at 8:07 PM, d...@geer.org wrote:   So I would conjecture, at least in cases like this where users only   login infrequently, that the password change policy every N days   be done away with, or at the very least, we make N something   reasonably long, like 365 or more

Re: [cryptography] Password non-similarity?

On 2012/1/2 lodewijk andré de la porte lodewijka...@gmail.com: The reason for regular change is very good. It's that the low-intensity brute forcing of a password requires a certain stretch of time. Put the change interval low enough and you're safer from them. This may make sense in specific

Re: [cryptography] Password non-similarity?

On Mon, Jan 2, 2012 at 7:12 PM, Craig B Agricola cr...@theagricolas.org wrote: On Sun, Jan 01, 2012 at 03:16:39AM -, John Levine wrote: Where's this log?  Wherever it is, it's on a system that also has their actual password. If I wanted to reverse engineer passwords, this doesn't strike

Re: [cryptography] Password non-similarity?

On Tue, Dec 27, 2011 at 6:12 PM, Steven Bellovin s...@cs.columbia.edu wrote: [snip] Here's a heretical thought: require people to change their passwords -- and publish the old ones.  That might even be a good idea... I'm not sure if you were just being facetious here or if you were serious, but

Re: [cryptography] Password non-similarity?

On Sat, Dec 31, 2011 at 9:02 PM, Bernie Cosell ber...@fantasyfarm.com wrote: On 1 Jan 2012 at 11:02, Peter Gutmann wrote: Bernie Cosell ber...@fantasyfarm.com writes: On 31 Dec 2011 at 15:30, Steven Bellovin wrote: Yes, ideally people would have a separate, strong password, changed

Re: [cryptography] Password non-similarity?

On Sat, Dec 31, 2011 at 9:56 PM, Jeffrey Walton noloa...@gmail.com wrote: On Sat, Dec 31, 2011 at 9:05 PM, Kevin W. Wall kevin.w.w...@gmail.com wrote: On Tue, Dec 27, 2011 at 6:12 PM, Steven Bellovin s...@cs.columbia.edu wrote: [snip] Here's a heretical thought: require people to change

Re: [cryptography] Password non-similarity?

On Sat, Dec 31, 2011 at 10:24 PM, Randall Webmail rv...@insightbb.com wrote: From: Kevin W. Wall kevin.w.w...@gmail.com Boy, the latter sounds like advice that a black hat hacker would give someone to ensure simple dictionary attacks are successful. Your dog's name? Really??? Beats

Re: [cryptography] Password non-similarity?

On Sat, Dec 31, 2011 at 10:32 PM, Jeffrey Walton noloa...@gmail.com wrote: On Sat, Dec 31, 2011 at 10:29 PM, Kevin W. Wall kevin.w.w...@gmail.com wrote: On Sat, Dec 31, 2011 at 9:56 PM, Jeffrey Walton noloa...@gmail.com wrote: On Sat, Dec 31, 2011 at 9:05 PM, Kevin W. Wall kevin.w.w

Re: [cryptography] Password non-similarity?

On Fri, Dec 30, 2011 at 8:40 PM, Randall Webmail rv...@insightbb.com wrote: On Tue, 27 Dec 2011 15:54:35 -0500 (EST), Jeffrey Walton noloa...@gmail.com wrote: Hi All, We're bouncing around ways to enforce non-similarity in passwords over time: password1 is too similar too password2 (and

Re: [cryptography] implementation of NIST SP-108 KDFs?

Adam, On Wed, Dec 28, 2011 at 5:51 PM, Adam Back a...@cypherspace.org wrote: As there are no NIST KAT / test vectors for the KDF defined in NIST SP 108, I wonder if anyone is aware of any open source implementations of them to use for cross testing? I am not aware of any NIST test vectors,

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On Fri, Dec 2, 2011 at 1:07 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: [snip] OK, so it does appear that people seem genuinely unaware of both the fact that this goes on, and the scale at which it happens.  Here's how it works: 1. Your company or organisation is concerned about the

[cryptography] Bitcoin featured the IEEE Spectrum

In case anyone is interested... http://spectrum.ieee.org/computing/networks/the-worlds-first-bitcoin-conference/ -kevin -- Blog: http://off-the-wall-security.blogspot.com/ The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're

Re: [cryptography] validating SSL cert chains timestamps

On Fri, Oct 7, 2011 at 5:56 PM, Peter Gutmann pgut...@cs.auckland.ac.nzwrote: travis+ml-rbcryptogra...@subspacefield.org writes: If we assume that the lifetime of the cert is there to limit its window of vulnerability to factoring, brute force, and other attacks against computational

[cryptography] Duong-Rizzo TLS attack (was 'Re: SSL is not broken by design')

On Mon, Sep 19, 2011 at 12:42 PM, Marsh Ray ma...@extendedsubset.com wrote: IMHO, as far as crypto protocols go the TLS protocol itself is pretty solid as long as the endpoints restrict themselves to negotiating the right options. On that note, there's a little more info coming out on the

[cryptography] DigiNotar news

The DigiNotar breach made the IEEE Spectrum: http://spectrum.ieee.org/riskfactor/telecom/security/diginotar-certificate-authority-breach-crashes-egovernment-in-the-netherlands/?utm_source=techalertutm_medium=emailutm_campaign=091511 I only skimmed it and while I didn't see anything new, it is a

Re: [cryptography] An appropriate image from Diginotar

On Tue, Aug 30, 2011 at 1:02 PM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: http://www.diginotar.com/Portals/0/Skins/DigiNotar_V7_COM/image/home/headerimage/image01.png The guy in the background must have removed his turban/taqiyah for the photo. In keeping with the impersonation theme and

Re: [cryptography] OT: Found: the missing link in RSA SecurID hack Read more: Found: the missing link in RSA SecurID hack

On Fri, Aug 26, 2011 at 11:36 PM, Jeffrey Walton noloa...@gmail.com wrote: It kind of takes the wind out of the sails of the Advanced Persistent Threat defense http://www.pcpro.co.uk/news/security/369556/found-the-missing-link-in-rsa-securid-hack: Pretty much what I've been saying all

Re: [cryptography] OT: RSA's Pwnie Award

On Mon, Aug 8, 2011 at 8:00 PM, Jeffrey Walton noloa...@gmail.com wrote: In case anyone is interested, RSA won a Pwnie for lamest vendor response for its RSA SecurID token compromise: http://pwnies.com/winners/ What, you didn't like that APT excuse? ;-) Rightly deserved, I'd say. -kevin --

Re: [cryptography] preventing protocol failings

On Wed, Jul 13, 2011 at 11:39 AM, Andy Steingruebl a...@steingruebl.com wrote: On Wed, Jul 13, 2011 at 7:11 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: Andy Steingruebl a...@steingruebl.com writes: The way it for for everyone I knew that went through it was: 1. Sniffing was sort of a

Re: [cryptography] this house believes that user's control over the root list is a placebo

On Mon, Jun 27, 2011 at 8:59 PM, Arshad Noor arshad.n...@strongauth.com wrote: In 2008, I sent the following e-mail to my representatives and both Presidential candidates: http://seclists.org/dataloss/2008/q3/133 Its intent was to initiate a change in policy wrt breach disclosures. There

Re: [cryptography] crypto security/privacy balance (Re: Digital cash in the news...)

On Thu, Jun 16, 2011 at 5:27 PM, James A. Donald jam...@echeque.com wrote: On 2011-06-17 4:02 AM, Nico Williams wrote: Crypto is no more than an equivalent of doors, locks, keys, safes, and hiding. The state can break locks, but it cannot break crypto. Hiding *is* effectual against the

Re: [cryptography] Digital cash in the news...

;-) On Sat, Jun 11, 2011 at 6:29 PM, Jeffrey Walton noloa...@gmail.com wrote: On Sat, Jun 11, 2011 at 4:13 PM, John Levine jo...@iecc.com wrote: Unlike fiat currencies, algorithms assert limit of total volume. And the mint and transaction infrastructure is decentral, so there's no single

Re: [cryptography] Mobile Devices and Location Information as Entropy?

On 04/02/2011 11:36 PM, Randall Webmail wrote: First, join the Navy ... Too old...afraid they wouldn't take me. I'd just hang out with an ex-Navy submariner instead. Or I guess in some cases, an ex-Marine might qualify. :) -- Kevin W. Wall The most likely way for the world to be destroyed

Re: [cryptography] OTR algos for multi-user chat

On 12/30/2010 12:14 PM, travis+ml-rbcryptogra...@subspacefield.org wrote: On Tue, Dec 21, 2010 at 07:33:23PM -0500, Kevin W. Wall wrote: On 12/21/2010 04:28 PM, travis+ml-rbcryptogra...@subspacefield.org wrote: PS: If you know any coders who are bored, http://www.subspacefield.org/~travis

Re: [cryptography] OTR algos for multi-user chat

On 12/21/2010 04:28 PM, travis+ml-rbcryptogra...@subspacefield.org wrote: snip PS: If you know any coders who are bored, http://www.subspacefield.org/~travis/good_ideas.txt Are you aware that more than a few things on this list have already been done? -kevin -- Kevin W. Wall The most likely

Re: [cryptography] OTR algos for multi-user chat

On 12/21/2010 04:28 PM, travis+ml-rbcryptogra...@subspacefield.org wrote: PS: If you know any coders who are bored, http://www.subspacefield.org/~travis/good_ideas.txt Or maybe I should have said, if I respond to those that *HAVE* been done, would you update your list? -kevin -- Kevin W

Re: [cryptography] Fwd: [gsc] Fwd: OpenBSD IPSEC backdoor(s)

anyway. Thoughts? -kevin -- Kevin W. Wall The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents.-- Nathaniel Borenstein, co-creator of MIME

Re: [cryptography] Fwd: [gsc] Fwd: OpenBSD IPSEC backdoor(s)

. It is difficult to assign intent to bugs, though, as that ends up being a discussion of the person. Oh put another way, when it comes to maliciousness versus human stupidity, I'll pick human stupidity almost every time. -kevin -- Kevin W. Wall The most likely way for the world to be destroyed, most