At 11:32 AM 04/03/2003 -0800, Bill Frantz wrote:
Ah yes, I haven't updated my timings for the new machines that are faster
than my 550Mhz. :-)
The only other item is importance is that the exhaustive search time isn't
the time to reverse one IP, but the time to reverse all the IPs that have
been
At 06:06 PM 03/28/2003 -0500, Steven M. Bellovin wrote:
What's unclear to me is who is behind this. Felten thinks it's content
providers trying for state-level DMCA; I think it's broadband ISPs who
are afraid of 802.11 hotspots.
It looked to me like it was the cable TV industry trying to ban
At 11:10 PM 03/23/2003 -0500, Ian Grigg wrote:
Consider this simple fact: There has been no
MITM attack, in the lifetime of the Internet,
that has recorded or documented the acquisition
and fraudulent use of a credit card (CC).
(Over any Internet medium.)
One of the major reasons for this, of
I get the impression that we're talking at cross-purposes here,
with at least two different discussions. Let's look at several cases:
1 - Sites that have SSL and Expensive Certs that need them and need MITM
protection
1a - These sites, but with other security holes making it easy to break in.
At 12:39 PM 03/16/2003 +0100, Eugen Leitl wrote:
On Sat, 15 Mar 2003, Bill Stewart wrote:
They're probably not independent, but they'll be influenced by lighting,
precise viewing angles, etc., so they're probably nowhere near 100%
correlated either.
I notice the systems mentioned in the study
At 09:51 AM 03/22/2003 +0100, Eugen Leitl wrote:
Some clarification by Peter Gutmann [EMAIL PROTECTED] on why
cryptlib doesn't do timing attack resistance default:
Peter Gutmann [EMAIL PROTECTED]:
cryptlib was never intended to be a high-performance SSL server (the docs are
fairly clear on this),
At 09:01 AM 03/15/2003 -0500, Derek Atkins wrote:
Sidney Markowitz [EMAIL PROTECTED] writes:
In addition, only one subject in 100 is falsely linked
to an image in the data base in the top systems.
Wow, 99% accuracy for false positives! That means only a little more than
75 people a
Anish asked for references to Palladium.
Using a search engine to find things with palladium cryptography
wasabisystems
or palladium cypherpunks will find a bunch of pointers to articles,
some of them organized usefully.
On Thursday, Mar 13, 2003, at 21:45 US/Eastern, Jay Sulzberger wrote:
The
At 01:48 PM 03/13/2003 -0800, NOP wrote:
I am looking at attacks on Diffie-Hellman.
The protocol implementation I'm looking at designed their diffie-hellman
using 128 bit primes (generated each time, yet P-1/2 will be a prime, so no
go on pohlig-hellman attack), so what attacks are there that I
From Slashdot:
http://slashdot.org/article.pl?sid=03/03/14/0012214mode=threadtid=172
David Brumley and Dan Boneh write:
Timing attacks are usually used to attack weak computing devices such as
smartcards.
We show that timing attacks apply to general software systems.
Specifically, we devise a
At 09:14 AM 03/10/2003 -0500, Arnold G. Reinhold wrote:
On the other hand, remember that the earliest Tempest systems
were built using vacuum tubes. An attacker today can carry vast amounts
of signal processing power in a briefcase.
And while some of the signal processing jobs need to scale with
At 01:33 PM 03/07/2003 -0800, Ed Gerck wrote:
David Howe wrote:
This may be the case in france - but in england, every vote slip has a
unique number which is recorded against the voter id number on the
original voter card. any given vote *can* be traced back to the voter
that used it.
This is
layout on a computer interface
can let me know
At 12:39 PM 03/08/2003 -0800, Ed Gerck wrote:
Bill Stewart wrote:
No, legal authorization is only required to do so _legally_.
We're talking about different threat models here,
since we're talking about stuffing ballot-boxes and bribing people
At 11:08 AM 02/13/2003 -0500, Trei, Peter wrote:
Pete Chown[SMTP:[EMAIL PROTECTED]]
As a footnote to those times, 2 ** 40 is 1,099,511,627,776. My PC can
do 3,400,000 DES encryptions per second (according to openssl). I
believe DES key setup is around the same cost as one encryption, so we
On Sat, Feb 08, 2003 at 01:36:46PM -0500, Adam Fields wrote:
On Sat, Feb 08, 2003 at 01:24:14PM -0500, Tim Dierks wrote:
There may be more valid reasons for treating the device as secret; some
categories that come to mind include protecting non-cryptographic
information, such as the
At 09:12 PM 01/26/2003 -0500, Donald Eastlake 3rd wrote:
It's just silly to spend, say, $50 more, on a more secure lock unless
you are really willing, in the forseeable future, to spend hundreds or
thousands of dollars or even more on other weaknesses to make most of
them approximately as strong.
At 07:56 AM 01/24/2003 -0500, Bob Hettinga wrote:
http://elj.warwick.ac.uk/jilt/01-2/grijpink.html
There's some interesting discussion about the ability of the
Dutch legal culture to provide useful tools for regulating transactions
in anonymous or semi-anonymous environments - if you can't find
At 08:45 AM 01/08/2003 -0800, Eric Rescorla wrote:
Maybe. Not necessarily if that meant that no new movies ever got
made. Now, the UK isn't a big enough market for this, but consider
what would happen if the US said listen, free drugs would be great
for consumers so let's get rid of all drug
At 02:17 AM 12/05/2002 +, Peter Fairbrother wrote:
OK, suppose we've got a bank that issues bearer money.
Who owns the bank? It should be owned by bearer shares, of course.
Why?
Or the propounders wanting to: make a profit/control the bank?
There are two main reasons honest people start
Abstract: Maybe he's saying that phone calls could be implemented
like remailers or onion routers, or at least like ipsec tunnels,
where the contents of the call are kept separate from the
signalling information, so the ISPs only see what they need to.
At 01:05 PM 11/13/2002 +0100, Hadmut Danisch
At 09:05 AM 10/01/2002 -0700, Major Variola (ret) wrote:
So yes Alice at ABC.COM sends mail to Bob at XYZ.COM and
the SMTP link is encrypted, so the bored upstream-ISP netops
can't learn anything besides traffic analysis.
But once inside XYZ.COM, many unauthorized folks could
intercept Bob's
At 09:38 PM 09/30/2002 -0700, Bram Cohen wrote:
Peter Gutmann wrote:
I recently came across a real-world use of steganography which hides extra
data in the LSB of CD audio tracks to allow (according to the vendor) the
equivalent of 20-bit samples instead of 16-bit and assorted other features.
At 03:35 PM 06/28/2002 -0400, R. A. Hettinga wrote:
http://worldtechtribune.com/worldtechtribune/asparticles/buzz/bz06282002.asp
WorldTechTribune/Buzz___
Microsoft's Palladium transforms Internet from Wild West to suburban
neighborhood
Stepford CT?
Special to
At 06:38 PM 06/22/2002 -0400, Steve Fulton wrote:
At 17:37 22/06/2002 -0400, [EMAIL PROTECTED] wrote:
Not arguing, but the hardware cost curve for storage has a shorter
halving time than the cost curve for CPU (Moore's Law) and the
corresponding halving time for bandwidth is shorter still.
At 08:52 AM 04/24/2002 +0800, Enzo Michelangeli wrote:
In particular, none of the naysayers explained me clearly why it should be
reasonable to use 256-bit ciphers like AES with 1024-bit PK keypairs. Even
before Bernstein's papers it was widely accepted that bruteforcing a 256-bit
cipher requires
Unfortunately, the article that Bob Hettinga excerpted from the
South China Morning Post is a pay-only article.
http://www.es.jamstec.go.jp/ - Japanese government site.
http://www.es.jamstec.go.jp/esc/eng/ - Good page
http://www.es.jamstec.go.jp/esrdc/eng/menu.html - The ES center
At 05:38 PM 03/23/2002 -0800, Lucky Green wrote:
While the latter doesn't warrant comment, one question to ask
spokespersons pitching the former is what key size is the majority of
your customers using with your security product? Having worked in this
industry for over a decade, I can state
This announcement will be at
http://cryptorights.org/cypherpunks/meetingpunks.html
and is being sent to several cypherpunks-related mailing lists.
===
The San Francisco Bay Area Cypherpunks Meeting will be
Saturday, February 16, 2002, at Don Ramon's
At 05:12 PM 02/08/2002 +0100, Jaap-Henk Hoepman wrote:
I think there _are_ good business reasons for them not wanting the users to
generate the keys all by themselves. Weak keys, and subsequent
compromises, may
give the CA really bad press and resulting loss of reputation (and this
business is
At 10:17 PM 01/26/2002 -0800, Bill Frantz wrote:
At 7:42 PM -0800 1/25/02, R. A. Hettinga quoted Schneier and Shostack:
Here's one example: Originally, e-mail was text only, and e-mail viruses
were impossible. ...
Well, the line between code and data is fuzzier than that. That 7 bit
ASCII
Looks like an interesting talk!
-- Forwarded message --
Date: Thu, 24 Jan 2002 16:52:35 -0800 (PST)
From: Glenn Durfee [EMAIL PROTECTED]
Subject: Ph.D. Oral Exam: Monday, January 28, 4PM
Algebraic Cryptanalysis
Glenn Durfee
SST is the SuperSonic Transport; I think the term was specific
to US attempts to build something like the Concorde, but it may have
been more generic. Among other problems (making it work, sonic booms,
economics in general), use of fast airplanes in non-military airspace
was limited by the
At 01:59 PM 12/28/2001 -0800, David Honig wrote:
A.A.M + PGP = covert radio transmitter which sends coded messages. Obviously
interesting, so you direction-find to defeat the anonymity.
And Perry replied:
[Moderator's note: And how would you possibly do that? --Perry]
Back in the old days, it
(Forwarded for [EMAIL PROTECTED] )
=
This is Brad Templeton from the EFF. This Wednesday I'm moderating a
panel at Jeff Pulver's semi-annual conference on Presence and Instant
Messaging. It's a smallish (couple of hundred) conference where you'll
see most of the commercial players in
Dilbert's been visiting the Trolls In Accounting,
who have been spitting all over his data.
Now he's on a tour, and the troll is showing him their random number generator.
http://www.dilbert.com/comics/dilbert/archive/images/dilbert2001182781025.gif
But XDR is so BORING compared to a REAL standard like ASN.1!
It doesn't have infinite possibilies for object definitions
requiring help from standards committees, multiple incompatible
data representations with different kinds of ambiguity,
or ugly API packages that are too large to believe that
At 07:59 AM 09/13/2001 -0400, Angelos D. Keromytis wrote:
An interesting bit of information: on Tuesday afternoon, to the extend that
cellphones operated, GSM encryption was turned off throughout Manhattan. My
GSM phone would repeatedly warn me of this on every call I made (or tried
to make). As
http://fyi.cnn.com/2001/TECH/internet/08/29/stealth.computing/index.html
http://slashdot.org/article.pl?sid=01/08/29/199205mode=thread
A group of researchers at Notre Dame figured out how to use the
TCP Checksum calculations to get other computers to do number-crunching for
them.
If you get lost on the way, you can try calling:
+1.415.307.7119 (Bill)
If you have questions, comments or last-minute agenda requests, please
contact the
meeting organizers:
BR
Bill Stewart [EMAIL PROTECTED]
BR
Dave Del Torto [EMAIL PROTECTED
At 12:55 PM 06/04/2001 -0400, Lenny Foner wrote:
So we now have at least two people who've confirmed my expectation,
namely that one can feasibly encrypt the entire cable. (After all,
I know what's involved in making fast, special-purpose chips to do
varous sorts of digital operations, and this
40 matches
Mail list logo