https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
Cryptographic hash functions like SHA-1 are a cryptographer’s swiss
army knife. You’ll find that hashes play a role in browser security,
managing code repositories, or even just detecting duplicate files in
storage. Hash
http://fortune.com/2016/08/16/china-quantum-satellite-launch/
That’s one small step for man, one quantum leap for China.
China blasted the world’s first quantum communications satellite into
orbit from the Gobi Desert early Tuesday.
The project signals the dawn of a potentially game-changing
It feels like there's a loss of separation of concerns between CA unit
and the Interception unit under the Symantec umbrella. Given
Symantec's track record, I'm kind of suspicious.
http://www.symantec.com/about/newsroom/press-releases/2016/symantec_0612_01
MOUNTAIN VIEW, Calif. and SUNNYVALE,
On Fri, Jun 24, 2016 at 2:30 PM, Ron Garret wrote:
> What matters is not the certificate. The certificate is public. You can’t
> “steal" a certificate.
>
> What you *can* steal is the private key associated with a certificate, and
> the more time goes by the more likely it
> While the code doesn't follow the SDG guidelines (I.E. it doesn't check for
> the return status and it doesn't check for the instruction support) it
> should work because RdRand doesn't underflow in any of our chips. Is this
> running in a VM or on bare metal?
I'm not sure. I forwarded it to
On Fri, Jun 10, 2016 at 7:50 PM, Jeffrey Walton <noloa...@gmail.com> wrote:
> Ouch... just came across this...
> https://community.oracle.com/thread/2565486?start=0=0
>
> I did not think it was possible to foul the hardware generated random
> numbers (sans an occasio
Ouch... just came across this...
https://community.oracle.com/thread/2565486?start=0=0
I did not think it was possible to foul the hardware generated random
numbers (sans an occasional underflow).
Jeff
___
cryptography mailing list
On Thu, May 5, 2016 at 2:45 PM, Ron Garret wrote:
>
> On May 5, 2016, at 11:13 AM, Kevin wrote:
>
>> One can never be to secure!
>
> Actually, I learned the hard way last week that this is not true.
>
> Four years ago I bought a 2010 MacBook air from
It sounds like its turning into a circus sideshow:
... in addition to Courtroom 4, there will be additional overflow
rooms in which the hearing will be shown on video screens. All of
these rooms together can accommodate up to a total of 324 spectators.
Admission tickets for these seats will be
http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-90-B
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
On Mon, Dec 21, 2015 at 10:39 AM, Brian Hankey wrote:
>
>> From: Givon Zirkind
>>
>> On 12/20/2015 2:14 AM, Jeffrey Goldberg wrote:
>>> The problem you address is certainly real. And a lot of people have
>>> looked at various approaches over the decades. None,
> The question we are trying to answer here is how could we all have ultra
> strong passwords i.e. “!3AbDEE9eE45DCea” that are you unique for each and
> every website, email, social media, etc. service that we use but without
> having to trust any third parties to store them for us protected by
On Fri, Nov 27, 2015 at 5:47 PM, Greg wrote:
> Thought this list would be interested in reading about the roll that Google
> played in compromising 100k+ users (in addition to Dell):
>
>
On Wed, Nov 25, 2015 at 9:16 AM, Dave Howe
wrote:
> On 25/11/2015 12:59, Florian Schütz wrote:
>> This is true for Chrome and, I think, for Firefox as well. Some
>> enterprises insist on MITMing TLS connections at a proxy, and at least
>> Chrome will not break this.
On Sun, Jul 26, 2015 at 6:38 PM, John Young j...@pipeline.com wrote:
Varoufakis claims had approval to plan parallel banking system for Greece
http://www.ekathimerini.com/199945/article/ekathimerini/news/varoufakis-claims-had-approval-to-plan-parallel-banking-system
Allegedly aided by
Suppose I have a message M for which I generate an RSA-2048 digital
signature as follows:
H = SHA-256(M)
S = H^d mod N
Assume N = p*q is properly generated and d is the RSA private key.
And I verify the signature as follows:
S^e mod N == H'
where H' is the SHA-256 of the
On Thu, Jul 9, 2015 at 10:12 AM, John Young j...@pipeline.com wrote:
Privacy activist Caspar Bowden has died
https://translate.google.com/translate?sl=autotl=enjs=yprev=_thl=enie=UTF-8u=https%3A%2F%2Fnetzpolitik.org%2F2015%2Fdatenschutz-aktivist-caspar-bowden-ist-gestorben%2Fedit-text=
Oh wow.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786909
After upgrading chromium to 43, I noticed that when it is running and
immediately after the machine is on-line it silently starts
downloading Chrome Hotword Shared Module extension, which contains a
binary without source code. There
On Tue, Jun 16, 2015 at 9:24 AM, Givon Zirkind givo...@gmx.com wrote:
keeping something safe in the cloud inherently requires trusting a third
party.
yeah, that says it all.
Right. And third parties cannot protect against the threat posed by
officers of the court/legal jurisdiction.
(Are
The main problem we were interested in solving here was to be able to keep
key management tasks within a single memory address space, to avoid the
problems relating to securely sending passphrases to other processes, and to
be able to use the keys without the additional disk IO involved in
On Mon, May 4, 2015 at 2:10 AM, Fabio Pietrosanti (naif) - lists
li...@infosecurity.ch wrote:
Hi all,
testing the lovely slowness of a pure scrypt implementation in
javascript running into the browser, i was wondering anyone ever tried
to think/design an cryptosystem for key stretching
On Tue, May 12, 2015 at 5:47 AM, Givon Zirkind givo...@gmx.com wrote:
Hi,
Can anyone recommend an open source AES library in some flavor of C?
It depends on your goals and threat models. If any old library will
do, then check out https://wiki.openssl.org/index.php/Related_Links
and
Chinese CA banned in Chrome:
http://arstechnica.com/security/2015/04/google-chrome-will-banish-chinese-certificate-authority-for-breach-of-trust/
Apple is not following suit with this:
https://threatpost.com/apple-leaves-cnnic-root-in-ios-osx-certificate-trust-lists/112086
On Sun, Apr 5, 2015 at 6:25 PM, ITechGeek i...@itechgeek.com wrote:
So does this mean Iran the like can stop hacking CAs and buy their own
Geotrust cert to MITM their population?
Yeah, its been around for a while. What's surprising is (or maybe not)
is the CA is still not constraining the
http://www.prnewswire.com/news-releases/geotrust-launches-georoot-allows-organizations-with-their-own-certificate-authority-ca-to-chain-to-geotrusts-ubiquitous-public-root-54048807.html
It appears Google's Internet Authority G2 (https://pki.google.com)
could be part of this program since the
On Fri, Mar 13, 2015 at 5:06 PM, Fabio Pietrosanti (naif) - lists
li...@infosecurity.ch wrote:
On 3/13/15 3:11 PM, Solar Designer wrote:
Because SRP protocol is cool, but i'm really wondering if the default
methods are strong enough against bruteforcing.
They are not.
That was my concern.
https://firstlook.org/theintercept/2015/02/19/great-sim-heist/
AMERICAN AND BRITISH spies hacked into the internal computer network
of the largest manufacturer of SIM cards in the world, stealing
encryption keys used to protect the privacy of cellphone
communications across the globe, according
The source code is mostly written to the OpenSSL coding standards, which
are seriously different from any other coding standard I've seen (it's
not Linux/KR, nor GNU, nor Microsoft, nor Sun/Oracle). Nonconformance
with the coding standards in later patches is very common, so it's a
mishmash
On Thu, Jan 1, 2015 at 1:48 PM, Sadiq Saif li...@sadiqs.com wrote:
On 1/1/2015 13:40, Adam Back wrote:
nah what am I thinking probably! 1988 if not earlier, 27 years :)
The point is block lists suck, they're always blocking false things,
and vigilante abusive takes 3x longer to take you off
Has anyone come across any reports of abuse due to Sony's compromised
root? I believe its named Sony Corp. CA 2 Root?
I did not find it in the Windows 8.1 certificate store. Are any of the
browsers carrying it around?
___
cryptography mailing list
On Sun, Aug 17, 2014 at 12:09 AM, Jeffrey Goldberg jeff...@goldmark.org wrote:
On 2014-08-16, at 4:51 PM, David I. Emery d...@dieconsulting.com wrote:
On Sat, Aug 16, 2014 at 04:21:53PM -0500, Christopher Nielsen wrote:
The comment about Apple is simply false. Apple does not have a key to
On Sat, Aug 16, 2014 at 5:21 PM, Christopher Nielsen
m4dh4t...@gmail.com wrote:
On Aug 15, 2014 11:06 PM, Mark Thomas mark00tho...@gmail.com wrote:
I have a question for the group, if I may ask it here and in this manner
(?).
What are you guys using to encrypt individual files and folders or
On Mon, Aug 11, 2014 at 4:52 PM, John Young j...@pipeline.com wrote:
We are moving toward a post-spy world, according to the guy that runs the
CIA’s venture capital arm.
http://www.defenseone.com/technology/2014/08/10-ways-make-internet-safe-cyber-attacks/90866/?oref=d-channelriver
The video
On Wed, Jun 18, 2014 at 5:18 PM, D. J. Bernstein d...@cr.yp.to wrote:
...
would be unable to shortcut the loop if the
arguments were merely declared as pointers to volatile storage
The compiler would be required to access the storage but would still be
allowed to skip the intermediate
On Thu, Jun 5, 2014 at 8:17 AM, ianG i...@iang.org wrote:
Another in the rash of weaknesses. This might mean that the fabled many
eyeballs have opened up?
https://www.openssl.org/news/secadv_20140605.txt
An attacker using a carefully crafted handshake can force the use of
weak keying
Does anyone know if Greenwald or Poitras are holding relevant documents?
Dr. Schneier does not have much to add: I have no idea what's going
on with TrueCrypt.
On Wed, May 28, 2014 at 4:35 PM, Sadiq Saif li...@sadiqs.com wrote:
http://truecrypt.sourceforge.net/
The interview is airing tonight.
http://www.nbcnews.com/storyline/nsa-snooping/exclusive-edward-snowden-gives-wide-ranging-interview-brian-williams-n110351
___
cryptography mailing list
cryptography@randombit.net
On Tue, May 6, 2014 at 11:56 PM, Tony Arcieri basc...@gmail.com wrote:
Can anyone point me at some best practices for implementing buffer types for
storing secrets?
There are the general coding rules at cryptocoding.net for example, that say
you should use unsigned bytes and zero memory when
For me the sentence, “I had little choice but to trust X” is perfectly
coherent.
Is it possible that you are letting your righteous anger at what
browser vendors have done interfere with how you are defining “trust”?
That's the question with the elusive answer: how do you define trust.
One
On Wed, Apr 30, 2014 at 10:07 AM, Marcus Brinkmann
marcus.brinkm...@ruhr-uni-bochum.de wrote:
On 04/30/2014 02:59 PM, d...@geer.org wrote:
As is so often found, there are multiple nuanced definitions of a
word, trust being the word in the current case.
Simply as a personal definition, trust
On Mon, Apr 28, 2014 at 8:20 PM, Ryan Carboni rya...@gmail.com wrote:
One can always start with the difficult first step of uninstalling
certificate authorities you do not trust.
Opera will autorepair damage to the certificate repository, a missing
Certificate Authority is considered damage.
Somewhat off-topic, but Google took ChaCha20/Poly1305 live.
http://googleonlinesecurity.blogspot.com/2014/04/speeding-up-and-strengthening-https.html
Earlier this year, we deployed a new TLS cipher suite in Chrome that
operates three times faster than AES-GCM on devices that don’t have
AES
http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html
The U.S. National Security Agency knew for at least two years about a
flaw in the way that many websites send sensitive information, now
dubbed the Heartbleed bug, and regularly used it to gather
https://www.eff.org/deeplinks/2014/04/wild-heart-were-intelligence-agencies-using-heartbleed-november-2013
Yesterday afternoon, Ars Technica published a story reporting two
possible logs of Heartbleed attacks occurring in the wild, months
before Monday's public disclosure of the vulnerability. It
On Tue, Apr 8, 2014 at 6:46 AM, ianG i...@iang.org wrote:
On 7/04/2014 22:53 pm, Edwin Chu wrote:
...
E.g., if we cannot show any damages from this breach, it isn't worth
spending a penny on it to fix! Yes, that's outrageous and will be
widely ignored ... but it is economically and
On Thu, Apr 3, 2014 at 4:41 AM, Guido Witmond gu...@witmond.nl wrote:
On 04/03/14 01:31, Ryan Carboni wrote:
hackers will always take the path of least resistance as rational human
beings
you will see more trojans in the wild as a result of this
Agreed, when passive spying is impossible,
On Thu, Mar 13, 2014 at 1:57 AM, coderman coder...@gmail.com wrote:
https://s3.amazonaws.com/s3.documentcloud.org/documents/1076891/there-is-more-than-one-way-to-quantum.pdf
TAO implants were deployed via QUANTUMINSERT to targets that were
un-exploitable by _any_ other means.
And Schneier's
and Windows combined.
Jeff
On Thu, Mar 13, 2014 at 2:40 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Thu, Mar 13, 2014 at 1:57 AM, coderman coder...@gmail.com wrote:
https://s3.amazonaws.com/s3.documentcloud.org/documents/1076891/there-is-more-than-one-way-to-quantum.pdf
TAO implants
Freedom of comsec, say, as a new entry in the US Bill of Rights
could lead the way for it to be a fundamental element of Human
Rights.
The Right to Privacy by Warren and Brandeis (1890) FTW!
NSA's ubiquitous spying on everybody at home and elsewhere
with technology beyond accountability does
Related to the earlier threads Design Strategies for Defending
against Backdoors and Backdoors in software.
https://www.imperialviolet.org/2014/02/22/applebug.html
___
cryptography mailing list
cryptography@randombit.net
On Sat, Feb 8, 2014 at 6:28 PM, John Young j...@pipeline.com wrote:
http://cryptome.org/2014/02/snowden-drop.pdf (7.6MB)
That should be titled, How Greenwald nearly missed the scoop of the
millennium. It appears the man did nearly everything in his power to
undermine the contacts and the
(Sorry to top post - I want to cherry pick one point).
What is a game changer is the relationship between the NSA and the other
USA civilian agencies. The breach of the civil/military line is the one
thing that has sent the fear level rocketing sky high,
Information sharing among agencies
On Sat, Jan 4, 2014 at 4:26 AM, ianG i...@iang.org wrote:
On 3/01/14 22:42 PM, coderman wrote:
use case is long term (decade+) identity rather than privacy or
session authorization.
...
Which in today's world is pointing to the phone. If we're talking the
identity on the phone, we're now
On Wed, Jan 1, 2014 at 7:22 AM, coderman coder...@gmail.com wrote:
On Wed, Jan 1, 2014 at 3:56 AM, Ralph Holz h...@net.in.tum.de wrote:
Hi Jake,
Ian Grigg just made a point on metzdowd that I think is true: if you
want to change the NSA, you need to address the [...]
[... money] Because the
On Thu, Dec 26, 2013 at 2:44 PM, Aaron Toponce aaron.topo...@gmail.com wrote:
... I've thought of incorporating
Blum Blum Shub into the algorithm, but then the cipher is getting decidedly
difficult to execute by hand.
BBS is not practical in practice due to the size of the moduli
required. You
On Thu, Dec 26, 2013 at 12:59 AM, Eric Mill e...@konklone.com wrote:
...
I've been distantly watching http://www.discourse.org and I like their
vision. I believe they allow, or want to allow, email-only interaction. I
don't know if it does, and I don't know if Discourse is easy to set up, or
[Originally sent to Full Disclosure]
http://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions/
I. Abstract
The most popular full disk encryption solution for Linux is LUKS
(Linux Unified Key Setup), which provides an easy to use encryption
(Thanks to PF on another list)
http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220
(Reuters) - As a key part of a campaign to embed encryption software
that it could crack into widely used computer products, the U.S.
National Security Agency arranged a secret $10
Hi All,
Is there a best practice for Diffie-Hellman parameters (p, g, and q)
used on a web server?
The server is using ephemeral keys, but should the parameters be
rotated on a regular basis ? Is it OK for the server to keep them
fixed for years (in the source code)? Or should they be generated
On Wed, Nov 27, 2013 at 3:34 PM, Nico Williams n...@cryptonector.com wrote:
On Wed, Nov 27, 2013 at 08:01:19PM +, Stephen Farrell wrote:
On 11/27/2013 06:58 PM, Nico Williams wrote:
[...]
The problem with DANE is the lack of DNSSEC. If we had both [...]
When I refer to DANE, I also
http://www.computerworld.com/s/article/9244057/Lavabit_DOJ_dispute_zeroes_in_on_encryption_key_ownership
The government's insistence, in its dispute with Lavabit, that cloud
service providers hand over their encryption keys when asked, has
refocused attention of key ownership and management in
Hi All,
Is anyone aware of a blacklist that includes those 150 million records
from Adobe's latest breach?
I tried finding a list and was not successful. Bonus points if
implemented as a bloom filter (I'm interested in seeing how small that
list can be in practice, and I'd like to use it for its
On Tue, Jun 25, 2013 at 5:17 PM, Bill Scannell b...@scannell.org wrote:
This Daily Beast story on Causa Snowden
(http://www.thedailybeast.com/articles/2013/06/25/greenwald-snowden-s-files-are-out-there-if-anything-happens-to-him.html)
contains the following sentence:
Last week NSA Director
On Sat, Oct 5, 2013 at 3:13 PM, Erwann Abalea eaba...@gmail.com wrote:
2013/10/4 Paul Wouters p...@cypherpunks.ca
[...]
People forget the NSA has two faces. One side is good. NIST and FIPS
and NSA are all related. One lesson here might be, only use FIPS when
the USG requires it. That said,
On Sat, Oct 5, 2013 at 7:35 PM, Patrick Pelletier
c...@funwithsoftware.org wrote:
On 10/5/13 2:47 PM, Jeffrey Walton wrote:
Do you know if there's a standard name and OID assigned to Dr.
Bernstein's gear? IETF only makes one mention of 25519 in the RFC
search, and its related to TLS
On Thu, Oct 3, 2013 at 10:32 PM, James A. Donald jam...@echeque.com wrote:
On 2013-10-04 11:41, Jeffrey Walton wrote:
We could not get rid of Trustwave in the public sector (so much for
economics).
What is wrong with trustwave?
The company operates in an industry where trust is a commodity
On Thu, Oct 3, 2013 at 9:26 PM, Jeffrey Goldberg jeff...@goldmark.org wrote:
...
I would put it more strongly than that. I think that NIST needs to be
punished. Even if Dual_EC_DRBG were their only lapse, any entity that has
allowed themselves to be used that way should be forced to exit the
On Sun, Sep 22, 2013 at 7:56 PM, d.nix d@comcast.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 9/22/2013 2:23 PM, Jerry Leichter wrote:
On Sep 21, 2013, at 10:05 PM, d.nix wrote:
Hah hah hah. Uh, reading between the lines, color me *skeptical*
that this is really what it
On Fri, Sep 20, 2013 at 2:35 PM, Dominik Schürmann
domi...@dominikschuermann.de wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
...
After reading related literature, I came to the conclusion to use
ECDSA and ECIES (Both with Koblitz curves, as I am sceptical about the
random curves ;),
On Mon, Sep 16, 2013 at 5:17 PM, Fabio Pietrosanti (naif)
li...@infosecurity.ch wrote:
http://threatpost.com/uk-cryptographers-call-for-outing-of-deliberately-weakened-protocols-products/102301
Right now, whistle blowers are vilified in the US. Just ask Jesselyn
Radack, Thomas Drake, William
On Sat, Sep 14, 2013 at 7:08 PM, Jeffrey Goldberg jeff...@goldmark.org wrote:
On 2013-09-13, at 9:28 AM, David D da...@7tele.com wrote:
...
Obviously, we should insist on due process for the NSA stooges. If they
confess their activities and name their co-conspirators, we may allow them
some
I was reading on a HSM, and the marketing literature stated, ...
because it utilizes the Security World architecture, XXX provides an
ideal combination of high assurance and operational ease.
What is Security World architecture? What are the criteria used for
high assurance and operational ease?
On Wed, Sep 11, 2013 at 12:41 AM, Ben Laurie b...@links.org wrote:
On 11 September 2013 01:17, Jeffrey Walton noloa...@gmail.com wrote:
I was reading on a HSM, and the marketing literature stated, ...
because it utilizes the Security World architecture, XXX provides an
ideal combination
On Sat, Sep 7, 2013 at 1:48 PM, David Johnston d...@deadhat.com wrote:
On 9/6/2013 2:03 PM, grarpamp wrote:
...
However, I claim that the fear is well founded and should be taken into
account by all threat models.
It interesting to consider the possibilities of corruption and deception
that
, gyroscopes, magnetometers), and
practices hedging.
I'm more worried about key exchange or agreement.
Jeff
On Sat, Sep 7, 2013 at 2:27 AM, Jeffrey Walton noloa...@gmail.com wrote:
Hi All,
With all the talk of the NSA poisoning NIST, would it be wise to
composite ciphers? (NY Times, Guardian
On Sun, Aug 25, 2013 at 4:45 PM, Marco Pozzato mpodr...@gmail.com wrote:
...
Recently, android SecureRandom PRNG proved to be seriously flawed
(http://android-developers.blogspot.it/2013/08/some-securerandom-thoughts.html)
because, by default, it is not properly initialized with good entropy.
Hi All,
When a symmetric key based challenge response is used, an attacker can
perform a reflection attack by starting a second instance of a
protocol and having the server answer its own questions.
To guard against the attack, is it sufficient to ensure all challenges
sent from server to client
On Mon, Aug 19, 2013 at 9:20 AM, Aaron Toponce aaron.topo...@gmail.com wrote:
...
It's a shame http://entropykey.co.uk is no longer in business. I was able to
procure 5 entropy keys just before they folded, and they're awesome.
Yeah, I really liked EntropyKey. I tried to place an order last
Toponce aaron.topo...@gmail.com wrote:
On Mon, Aug 19, 2013 at 09:41:20AM -0400, Jeffrey Walton wrote:
Yeah, I really liked EntropyKey. I tried to place an order last year
(or early this year). It was never fulfilled and no one responded.
I knew the were having some troubles, but I could
On Sat, Aug 17, 2013 at 7:46 AM, Ben Laurie b...@links.org wrote:
...
Also, if there are other sources, why are they not being fed in to the
system PRNG?
Linux 3.x kernels decided to stop using IRQ interrupts (removal of the
IRQF_SAMPLE_RANDOM flag, without an alternative to gather entropy).
On Sat, Aug 17, 2013 at 3:49 AM, Bryan Bishop kanz...@gmail.com wrote:
On Sat, Aug 17, 2013 at 1:04 AM, Jon Callas j...@callas.org wrote:
It's very hard, even with controlled releases, to get an exact
byte-for-byte recompile of an app. Some compilers make this impossible
because they
On Fri, Aug 16, 2013 at 11:03 AM, Dominik Schürmann
domi...@dominikschuermann.de wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
For a research project on OCSP, we are searching for expired and
revoked X.509 certificates with their corresponding private keys. Any
help or pointers to
On Tue, Aug 13, 2013 at 5:10 AM, Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
I recently got a another of the standard phishing emails for Paypal, directing
me to https://email-edg.paypal.com, which redirects to
https://view.paypal-communication.com, which has a PayPal EV certificate from
On Fri, Aug 9, 2013 at 4:14 PM, John Young j...@pipeline.com wrote:
NSA statement today on Missions, Authorties, Oversight, Partnerships:
http://cryptome.org/2013/08/nsa-13-0809.pdf
This was probably one of the more amusing statements. Perhaps William
Binney would have a different opinion:
In
On Thu, Aug 1, 2013 at 5:04 PM, Nico Williams n...@cryptonector.com wrote:
On Thu, Aug 1, 2013 at 12:57 PM, wasa bee wasabe...@gmail.com wrote:
... If everyone does their part CT causes the risk
of dishonest CA behavior discovery to become to great for CAs to
engage in such behavior.
Sorry to
On Tue, Jul 23, 2013 at 4:54 AM, ianG i...@iang.org wrote:
...
Banks will say that international wires are irreversible, but it isn't true.
If the banks cooperate they can do a return of funds. It all depends...
This was kind of interesting: According to Li, the larger problem [of
Chinese
On Tue, Jun 25, 2013 at 5:17 PM, Bill Scannell b...@scannell.org wrote:
This Daily Beast story on Causa Snowden
(http://www.thedailybeast.com/articles/2013/06/25/greenwald-snowden-s-files-are-out-there-if-anything-happens-to-him.html)
contains the following sentence:
Last week NSA Director
On Sat, Jul 20, 2013 at 2:57 AM, Peter Bowen pzbo...@gmail.com wrote:
On Fri, Jul 19, 2013 at 10:35 PM, Yaron Sheffer yar...@porticor.com wrote:
A few months ago I posted a query to the Amazon Web Services (the
largest public cloud, running on Xen) forum on whether they're using libvirt
for
On Tue, Jul 16, 2013 at 5:04 AM, coderman coder...@gmail.com wrote:
...
in short:
rather than considering just one or another type of attack, these
agencies should be assumed to be using all of them with the exploit
method tailored to the particular access needs and target difficulty
of
On Thu, May 16, 2013 at 3:52 PM, Adam Back a...@cypherspace.org wrote:
So when I saw this article
http://www.h-online.com/security/news/item/Skype-with-care-Microsoft-is-reading-everything-you-write-1862870.html
I was disappointed the rumoured skype backdoor is claimed to be real, and
that
On Mon, Jul 15, 2013 at 7:27 AM, Eugen Leitl eu...@leitl.org wrote:
On Fri, Jul 12, 2013 at 10:29:49PM +0300, ianG wrote:
Not to mention, Intel have been in bed with the NSA for the longest
time. Secret areas on the chip, pop instructions, microcode and all
that ... A more interesting
On Mon, Jul 1, 2013 at 6:47 PM, Nico Williams n...@cryptonector.com wrote:
On Mon, Jul 1, 2013 at 4:57 PM, grarpamp grarp...@gmail.com wrote:
And when LEA
get caught doing this nothing terribly bad happens to LEA (no officers
go to prison, for example).
It is often in the interest/whim of
for potential
crimes they've committed.
(At least, that's what they tell us - if you don't do anything wrong,
then you don't have anything to worry about).
On Jul 2, 2013 12:55 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Mon, Jul 1, 2013 at 6:47 PM, Nico Williams n...@cryptonector.com
On Tue, Jun 25, 2013 at 5:47 PM, Mark Seiden m...@seiden.com wrote:
maybe he just used other people's ssh keys that were protected by a weak (or
no) passphrase?
fabricate is a pretty strong word, but under the least untruthful
standard that James Clapper says he's applied to
congressional
On Wed, May 22, 2013 at 10:07 AM, Mark Seiden m...@seiden.com wrote:
On May 22, 2013, at 5:59 AM, Jacob Appelbaum ja...@appelbaum.net wrote:
James A. Donald:
http://www.scmagazine.com/finfisher-command-and-control-hubs-turn-up-in-11-new-countries/article/291252/
That governments attempt to
On Sat, May 18, 2013 at 3:15 PM, Adam Back a...@cypherspace.org wrote:
Actually I think that was the point, as far as anyone knew and from the last
published semi-independent review (some years ago on the crypto list as I
recall) it indeed was end2end secure. Many IM systems are not end2end so
On Mon, May 20, 2013 at 1:30 PM, Nico Williams n...@cryptonector.com wrote:
On Mon, May 20, 2013 at 12:22 PM, Jeffrey Walton noloa...@gmail.com wrote:
The original Skype homepage (circa 2003/2004) claims the service is
secure: Skype calls have excellent sound quality and are highly
secure
On Mon, May 20, 2013 at 8:55 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
James A. Donald:
...
Zombie computers are seldom of high value.
Some malware is designed to keep people communicating, under heavy
watch; it is not always designed to abuse a system the traditional
manner befitting
Hi All,
I'm having trouble finding a reference to the way additional data is
authenticated. In the past, I simply used the following (under an
independent key):
tag = HMAC(AAD, Ciphertext)
Recently, I came across a post by Dr. Bernstein [1] that states I
find it quite strange to see a call
On Sat, May 18, 2013 at 9:49 AM, Adam Back a...@cypherspace.org wrote:
On Fri, May 17, 2013 at 04:52:07AM -0400, bpmcontrol wrote:
On 05/17/2013 04:19 AM, Eugen Leitl wrote:
It is unreasonable for an closed source product by a commercial
vendor to go any other way [putting backdoors in
1 - 100 of 274 matches
Mail list logo