Probably moving out of the domain of the crypto list.
volatile char *foo;
volatile, like const, is a storage-class modifier. As written, it
means a pointer to memory that is volatile; this means, in particular,
that you can't optimize away dereferences. If you wrote
char *
Well, you see some of the people working on improving 802.11 security,
in particular some members of 802.11 Task Group i noted that IEEE
procedures have no interoperability demonstration requirements. So they
formed a little group that took a subset of the then current 802.11i
draft and tried to
David Wagner said:
It's not clear to me if WPA products come with encryption turned on by
default. This is probably the #1 biggest source of vulnerabilities in
practice, far bigger than the weaknesses of WEP.
Maybe this is the case in the USA but from my own informal surveys in
Helsinki and
Reading the Wifi report, it seems their customers stampeded them and
demanded that the security hole be fixed, fixed a damned lot sooner
than they intended to fix it.
Which is sort of a shame, in a way. 802.11b has no pretense of media
layer security. I've been thinking of that as an opportunity
The new Wi-Fi Protected Access scheme (WPA), designed to replace the
discredited WEP encryption for 802.11b wireless networks, is a major
and welcome improvement. However it seems to have a significant
vulnerability to denial of service attacks. This vulnerability
results from the proposed
At 6:38 AM -0500 11/4/02, Jonathan S. Shapiro wrote:
Requirements, on the other hand, is a tough problem. David Chizmadia and
I started pulling together a draft higher-assurance OS protection
profile for a class we taught at Hopkins. It was drafted in tremendous
haste, and we focused selectively
--
Reading the Wifi report,
http://www.weca.net/OpenSection/pdf/Wi-
Fi_Protected_Access_Overview.pdf
it seems their customers stampeded them and demanded that the
security hole be fixed, fixed a damned lot sooner than they
intended to fix it.
I am struck the contrast between the seemingly
In message [EMAIL PROTECTED], Peter Gutmann writes
:
[Moderator's note: FYI: no pragma is needed. This is what C's volatile
keyword is for.
No it isn't. This was done to death on vuln-dev, see the list archives for
the discussion.
[Moderator's note: I'd be curious to hear a summary -- it
James A. Donald[SMTP:[EMAIL PROTECTED]] wrote:
Reading the Wifi report,
http://www.weca.net/OpenSection/pdf/Wi-
Fi_Protected_Access_Overview.pdf
it seems their customers stampeded them and demanded that the
security hole be fixed, fixed a damned lot sooner than they
intended to fix it.
At 03:55 PM 11/7/02 +0100, Steven M. Bellovin wrote:
Regardless of whether one uses volatile or a pragma, the basic point
remains: cryptographic application writers have to be aware of what a
clever compiler can do, so that they know to take countermeasures.
Wouldn't a crypto coder be using
Title: Dünya
Dünya'nn lk Astroloji
ve Gizli limler Portal
www.astromerkez.com
Astromerkez'den
görülmemi hizmet. Kiiye özel günlük astroloji yorumu, hemde hiçbiryerde
göremeyeceininiz detaylaryla... Astromerkez'in ziyaretçilerine ücretsiz
On Thu, 7 Nov 2002, Arnold G. Reinhold wrote:
Date: Thu, 7 Nov 2002 16:17:48 -0500
From: Arnold G. Reinhold [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: DOS attack on WPA 802.11?
The new Wi-Fi Protected Access scheme (WPA), designed to replace the
discredited WEP encryption for
At 3:07 PM +1300 11/7/02, Peter Gutmann wrote:
[Moderator's note: FYI: no pragma is needed.
This is what C's volatile keyword is for.
No it isn't. This was done to death on vuln-dev,
see the list archives for the discussion.
[Moderator's note: I'd be curious to hear a summary --
it
Don Davis writes:
* the c99 standard and its predecessors don't
at all intend volatile to mean what we naively
think it means. specifically, in the hands of a
high-end compiler developer, the spec's statement:
any expression referring to [a volatile]
object
From: Trei, Peter [EMAIL PROTECTED]
[Moderator's note: FYI: no pragma is needed. This is what C's
volatile keyword is for. Unfortunately, not everyone writing in C
knows the language. --Perry]
Thanks for the reminder about volatile. It is an ancient and valuable
feature of C and I suppose
From: Trei, Peter [EMAIL PROTECTED]
[Moderator's note: FYI: no pragma is needed. This is what C's
volatile keyword is for. Unfortunately, not everyone writing in C
knows the language. --Perry]
Thanks for the reminder about volatile. It is an ancient and valuable
feature of C and I suppose
David Honig [EMAIL PROTECTED] writes:
Wouldn't a crypto coder be using paranoid-programming skills, like
*checking* that the memory is actually zeroed? (Ie, read it back..)
I suppose that caching could still deceive you though?
You can't, in general, assume the compiler won't optimise this away
Hello Jason:
Page 193 and 210 do talk about having an identifying
value encoded in the credentials which the holder can
prove is or isn't the same as in other credentials. However,
the discussion on page 193 is with respect to building
digital pseudonyms
No, not at all. The paragraph on page
18 matches
Mail list logo