On Sun, 14 Jul 2002 15:24:48 +0200 Amir Herzberg [EMAIL PROTECTED] writes:
1. Quantum key encryption seems to require huge amounts of truly random
bits at both sender and receiver. This seems impractical as (almost) truly
random bits are hard to produce (especially at high speeds). Is there a
Hi,
I just read the latest news in german news
magazine DER SPIEGEL
(http://www.spiegel.de/politik/ausland/0,1518,206079,00.html
for those who understand german)
about Bush's Freedom Corps and the TIPS starting
in August (Terrorism Information and Prevention System).
They also mentioned that
On Mon, 22 Jul 2002, Hadmut Danisch wrote:
Can american software be trusted anymore, when the
US government wants to turn 4% of the US citizens
into spys?
Wrong question. The right (albeit rhetorical) question: can closed source
software, regardless of its point of origin, be trusted, at
[EMAIL PROTECTED] wrote:
Most security bugs reported these days are issues
with application semantics (auth bypass, SQL injection, cross-site
scripting, information disclosure, mobile code execution, ...), not buffer
overflows.
Really? What's the evidence for that?
What definition of
This is more indicative of CERT's focus than the relative frequency of
security issues. The fact that a large fraction of e-commerce merchants
let you set the price for the goods you buy is in practice a larger threat
than the widely publicized buffer overflows.
Semantic security bugs in
[EMAIL PROTECTED] wrote:
This is more indicative of CERT's focus than the relative frequency of
security issues. The fact that a large fraction of e-commerce merchants
let you set the price for the goods you buy is in practice a larger threat
than the widely publicized buffer overflows.
CERT is far from a comprehensive source of security bug reports. Does
anyone have statistics of bug types for Bugtraq or Mitre's CVE?
I get daily bug reports via FS/ISAC. Most of these are not
sufficiently severe or broadly applicable to be CERT advisories. These are
mostly application logic
At 12:50 PM 7/22/2002 -0400, [EMAIL PROTECTED] wrote:
CERT is far from a comprehensive source of security bug reports. Does
anyone have statistics of bug types for Bugtraq or Mitre's CVE?
The CVE data is available at http://www.cve.mitre.org/cve/downloads/;
a mechanical (e.g., string-based)
At 02:40 PM 7/19/02 -0400, John S. Denker wrote:
Amir Herzberg wrote:
I don't even need quantum mechanics to generate
industrial-strength random symbols.
No one is saying you do.
Specifically: The executive summary of the
principles of operation of my generator is:
-- use SHA-1, which is
David Honig wrote:
The thread here has split into QM True Randomness and
what do you need to build a true RNG...
Yup.
Specifically: The executive summary of the
principles of operation of my generator is:
-- use SHA-1, which is believed to be resistant
to collisions, even under
At 04:24 PM 7/22/02 -0400, John S. Denker wrote:
For the humor-impaired, let me point out that the lava
lamp is a joke. What it conspicuously lacks is a proof
of correctness -- that is, a nonzero lower bound on the
entropy rate of the raw data.
Yes, it is a joke. However, it is also a
David Honig wrote yet another nice note:
So work in a Faraday cage...
Tee, hee. Have you ever worked in a Faraday cage?
Very expensive. Very inconvenient.
Depending on what whitening means; see below.
You can imagine simple-hashing (irreversible compression)
as distinct from
12 matches
Mail list logo
