On Thu, Oct 11, 2001 at 01:31:36AM -0700, [EMAIL PROTECTED] wrote:
| On 8 Oct 2001, at 11:37, Ray Dillinger wrote:
| In which case, what you've got isn't RC4 anymore
|
| You do not understand encryption.
|
| RC4 is an encryption method, that needs to be part of a
| protocol. The protocol can
On Sun, Oct 21, 2001 at 04:11:19PM -0700, Jeff Simmons wrote:
| On Sunday 21 October 2001 02:52 pm, you wrote:
|
| Designing protocols is a hard field, and
| there seem to be lots of mistakes made when people use RC4. Is that
| because its a bad cipher? No, its because people aren't used to
|
On Mon, Jun 24, 2002 at 08:15:29AM -0400, R. A. Hettinga wrote:
Status: U
Date: Sun, 23 Jun 2002 12:53:42 -0700
From: Paul Harrison [EMAIL PROTECTED]
Subject: Re: Ross's TCPA paper
To: R. A. Hettinga [EMAIL PROTECTED]
The
important question is not whether trusted platforms are a good
On Fri, Jul 12, 2002 at 11:18:12AM -0400, Trei, Peter wrote:
| I'd rather not state the exact figures. A search of SEC filings may or
| may not turn up further details.
|
| And who actually owns these numerous trusted roots?
|
| I am not sure I understand the question.
|
| --Lucky
|
, USA
Brian Levine, University of Massachusetts at Amherst, USA
David Martin, University of Massachusetts at Lowell, USA
Andreas Pfitzmann, Dresden University of Technology, Germany
Matthias Schunter, IBM Zurich Research Lab, Switzerland
Andrei Serjantov, University of Cambridge, England
Adam
Hey, this is off-topic for DRM-punks! ;)
more seriously: I think the fundamental issue is that crypto doesn't
really solve many business problems, and it may solve fewer security
problems. See Bellovin's work on how many vulnerabilities would be
blocked by strong crypto. The buying public can't
On Sun, Aug 18, 2002 at 01:46:09AM -0400, dmolnar wrote:
|
|
| On Sat, 17 Aug 2002, John Kelsey wrote:
|
| Also, designing new crypto protocols, or analyzing old ones used in odd
| ways, is mostly useful for companies that are offering some new service on
| the net, or doing some wildly new
On Wed, Oct 02, 2002 at 02:56:39PM -0400, Steven M. Bellovin wrote:
| While I generally am on board with this, I can see a situation where the
| encryption overhead [and complexity] may be excessive [underpowered mail
| servers administered by beginners] compared to the gains.
|
| The primary
On Thu, Oct 17, 2002 at 02:39:55PM -0400, Rich Salz wrote:
| Marc Branchaud wrote:
| Any thoughts on this device? At first glance, it doesn't seem
| particularly impressive...
|
| http://www.quizid.com/
|
| Looks like hardware S/Key, doesn't it?
|
| If I could fool the user into entering a
On Sat, Nov 02, 2002 at 11:54:36AM -0500, Jonathan S. Shapiro wrote:
| The word moderate here is very unfortunate. In reading such
| statements, one needs to understand a bit of subtext. The Common
| Criteria community is very concerned about the possibility that people
| will perceive assurance
On Sat, Nov 02, 2002 at 03:12:51PM -0500, Jonathan S. Shapiro wrote:
| On Sat, 2002-11-02 at 13:31, Adam Shostack wrote:
| On Sat, Nov 02, 2002 at 11:54:36AM -0500, Jonathan S. Shapiro wrote:
| | The effectiveness of
| | the levels is modestly exaggerated, and the importance of going
On Sat, Nov 02, 2002 at 08:14:38PM -0600, Jim Hughes wrote:
| One Comment
|
| On Sat, 2002-11-02 at 16:48, Adam Shostack wrote:
|
| Actually, I think it is. I don't think that Linux would pass EAL4; as
| you've pointed out, that requires a documented and followed QA
| process. Would any
On Tue, Nov 05, 2002 at 05:15:25PM -0800, bear wrote:
| I remember having exactly your reaction (plus issues about patenting
| math and the USPTO being subject to coercion/collusion from the NSA
| and influence-peddling and so on...) when the RSA patent issued - but
| RSA is free now, and RSA
I think that the intersection of usability and security is of
tremendous import, and wanted to share an under-advertised sort of
workshop announcement:
http://www.acm.org/sigchi/
The conference home page is
http://www.chi2003.org/
The workshop page is
On Sun, Nov 17, 2002 at 11:29:59PM -0800, John Gilmore wrote:
| Now's a great time to deploy good working encryption, everywhere you
| can. Next month or next year may be too late. And even honest ISPs,
| banks, airlines (hah), etc, may be forced by law or by secret pressure
| to act as
Groove does this; they have a 30ish page white paper on security of
document management. I have a few quibbles with their design (way too
many crypto algorithms, and its not clear why, or if they might
interact badly, and perhaps cert verification in a corporate
environment could be better, but
:
|
| Adam Shostack[SMTP:[EMAIL PROTECTED]] writes:
|
| I believe that DRM systems will require not just an authorized boot
| sequence, but a secure remote attestation that that boot sequence was
| followed, and a secure attestation as to the versions of the software
| on your system. So
Human rights watchdog Privacy International has launched a quest to
find the World's Most Stupid Security Measure.
http://www.theregister.co.uk/content/55/29279.html
--
It is seldom that liberty of any kind is lost all at once.
-Hume
On Thu, Mar 06, 2003 at 10:35:22PM -0500, Barney Wolff wrote:
| On Thu, Mar 06, 2003 at 08:38:42PM -0500, Dan Riley wrote:
|
| But this whole discussion is terribly last century--still pictures are
| passe. What's the defense of any of these systems against cell phones
| that transmit live
On Tue, Mar 25, 2003 at 12:36:20AM -0500, Ian Grigg wrote:
| So, do we have two completely disjoint communities
| here? One group that avoids photo id and another
| that requires it? Or is one group or the other so
| small that nobody really noticed?
Yes.
One group thinks that a bad trust
On Sun, Mar 30, 2003 at 07:38:29PM -0500, reusch wrote:
| Via the Cryptome, http://www.cryptome.org/, RU sure, look
| at http://www.aeronautics.ru/news/news002/news082.htm.
|
| I'm amazed at their claims of radio interception. One would
| expect that all US military communications, even trivial
On Mon, Mar 31, 2003 at 01:17:43PM -0500, Peter Wayner wrote:
| He went on to talk about crypto as if it was something like fuel or
| food. He said, They probably loaded up 4 or 5 days of crypto at the
| beginning, but then they had to turn it off after the supply lines
| got muddled.
|
| So
22 matches
Mail list logo
