On 6 January 2015 at 15:40, Jeffrey Altman jalt...@secure-endpoints.com
wrote:
On 1/5/2015 8:47 PM, John Levine wrote:
http://venturebeat.com/2015/01/05/gogo-in-flight-internet-says-it-issues-fake-ssl-certificates-to-throttle-video-streaming/
They claim they're doing it to throttle
On 4 May 2014 23:54, Tony Arcieri basc...@gmail.com wrote:
The project is presently complete vaporware, but the goal is to produce a
Rust implementation of a next generation transport encryption library. The
protocol itself is still up for debate, but will likely be based off
CurveCP or
On 26 December 2013 19:56, Aaron Toponce aaron.topo...@gmail.com wrote:
On Thu, Dec 26, 2013 at 02:53:06PM -0500, Jeffrey Walton wrote:
On Thu, Dec 26, 2013 at 2:44 PM, Aaron Toponce aaron.topo...@gmail.com
wrote:
BBS is not practical in practice due to the size of the moduli
required.
(sorry, I'll try sending to the list this time... gmail seems to default
reply to the individual)
On 20 October 2013 16:25, Paul Hoffman paul.hoff...@vpnc.org wrote:
Greetings again. The recent discussion seems to have veered towards having
enough good random bits to create long-lived
Hi Fabio,
While I don't mean to be dismissive, I suspect your threat model is flawed
for the following reasons:
i. Most mid to large companies would not permit the use of Tor within their
infrastructure and even if the hypothetical company did, it doesn't take a
whole lot of effort to track down
On 17 August 2013 19:23, Jon Callas j...@callas.org wrote:
On Aug 17, 2013, at 10:41 AM, ianG i...@iang.org wrote:
Apologies, ack -- I noticed that in your post.
(And I think for crypto/security products, the BSD-licence variant is
more important for getting it out there than any OSI
On 21 July 2013 22:40, Ben Lincoln f70c9...@beneaththewaves.net wrote:
Maybe I am misunderstanding (and I apologize if so), but I don't think
authenticated encryption will address the main problem I'm trying to solve.
Preventing tampering is important (and I think some of what I suggested has
On 17 July 2013 08:50, William Allen Simpson
william.allen.simp...@gmail.com wrote:
In summary, don't use RC4. Don't use it carelessly with IVs. And don't
use RC4.
RC4 is available in many libraries and platforms. For the
immediate future, it is most easily and likely implemented.
We
On 1 July 2013 01:55, Jacob Appelbaum ja...@appelbaum.net wrote:
I would like to see a tor configuration flag that sacrifices speed for
anonymity.
You're the first person, perhaps ever, to make that feature request
without it being in a mocking tone. At least, I think you're not mocking!
I think Bernstein's Salsa20 is faster and significantly more secure than
RC4, whether you'll be able to design hardware to run at line-speed is
somewhat more questionable though (would be interested to know if it's
possible right enough).
On 22 June 2013 18:35, William Allen Simpson
On 22 June 2013 23:31, James A. Donald jam...@echeque.com wrote:
On 2013-06-23 6:47 AM, Peter Maxwell wrote:
I think Bernstein's Salsa20 is faster and significantly more secure than
RC4, whether you'll be able to design hardware to run at line-speed is
somewhat more questionable though
On 30 May 2012 05:01, ianG i...@iang.org wrote:
On 29/05/12 11:03 AM, Peter Maxwell wrote:
On 29 May 2012 01:35, Peter Gutmann pgut...@cs.auckland.ac.nz
mailto:pgut...@cs.auckland.ac.nz wrote:
Peter Maxwell pe...@allicient.co.uk mailto:pe...@allicient.co.uk
writes:
Why
On 29 May 2012 01:35, Peter Gutmann pgut...@cs.auckland.ac.nz wrote:
Peter Maxwell pe...@allicient.co.uk writes:
Why on earth would you need to spread your private-key across any number
of
less secure machines?
The technical details are long and tedious (a pile of machines that need
On 26 May 2012 06:57, Peter Gutmann pgut...@cs.auckland.ac.nz wrote:
Werner Koch w...@gnupg.org writes:
Which is not a surprise given that many SSH users believe that ssh
automagically make their root account save and continue to use their lame
passwords instead of using PK based
On 23 April 2012 22:41, Marsh Ray ma...@extendedsubset.com wrote:
Thought the list might be interested in this little development in the PKI
saga.
Do you all agree with my assertion that No one with a clue about PKI
security would believe that a revoked cert provides equivalent security
On Sun, Apr 22, 2012 at 4:54 AM, Marsh Ray ma...@extendedsubset.com wrote:
On 04/22/2012 02:55 PM, Jeffrey Walton wrote:
This might sound crazy, but I would rather have a NIST approved hash
that runs orders of magnitude slower to resist offline, brute forcing
attacks.
Well,
On 5 April 2012 18:06, Marsh Ray ma...@extendedsubset.com wrote:
On 04/05/2012 04:12 AM, Ralf-Philipp Weinmann wrote:
Do you have statistics on that? I remember newer Microsoft and Apple
operating systems supporting L2Sec quite well. And then there are the
Cisco abominanations of IPSec that
On 22 March 2012 14:15, Dean, James jd...@lsuhsc.edu wrote:
From
http://blogs.computerworld.com/19917/shocker_nsa_chief_denies_total_info
rmation_awareness_spying_on_americans?source=CTWNLE_nlt_security_2012-03
-22:
Despite the fact that domestic spying on Americans is already an
18 matches
Mail list logo