Your last comment is still valid though: Palladium etc. will
be more compelling if it demonstrably preserved the control
by the owner of a device (e.g., by allowing the owner to initialize the
root keys used by it, as pointed out by
William Arbaugh).
There is nothing in Pd which assumes
Hi Pete - I'm confused. Are you suggesting that I should enjoy these
freedoms on SW which I don't have legal rights to?
If not, then I don't see how any of these freedoms are affected by Pd. If
you are suggesting that *all* SW should be made free, well that has nothing
to do with Pd, does it?
P
, of course. But for a fully automated list... maybe a charge per
posting which is proportional to the number of subscribers (well, like an
ad, I guess).
Does the recipient get paid? The recipients of spam/ads? I've got unlimited
email addresses ...
--Peter
John Denker at [EMAIL PROTECTED] wrote:
I was talking with some colleagues who had read the WSJ article
http://interactive.wsj.com/articles/SB990563785151302644.htm
http://www.zdnet.com/zdnn/stories/news/0,4586,2764372,00.html for
and who were wondering as follows: Given that
then what happens if eg the kids unplug the box and you
don't notice?
A handset should, of course, be compatible with a computer/headset and
encrypted-voice-over-internet software. Perhaps a pda/mobile combo too.
-- Peter
of exportable crypto, and
in my opinion were important in causing the relaxation of US export
regulations in early 2000
brag-mode:off.
Peter Trei
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography
or
trusted third party. Any ideas/insuperable objections?
(Could datarates be optimised to implement untraceable internet telephony as
well as email on a DSL/cable-type connection?)
Comments?
-- Peter
* http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/sfs3.ps.gz
].
but read the whole Sklyarov presentation - this is
not the most fraudulent form of 'protection' being
foisted on naive e-publishers.
Peter Trei
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography
I discuss this in both editiions of _Digital Cash_. I wonder if this
is prior art that reads against the patent.
-Peter
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
, available to be called upon in time of war, etc.etc.
How about moving Crypto to Moscow, or perhaps St Petersberg?
-- Peter
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
in the ad
shows a sysadmin sitting in a network room in front of the server.
The server is a Sun machine.
(Nice to see even MS admit that if you want a secure server, you shouldn't be
running Windows on it :-).
Peter
think of anything that
would actually work against terrorists.
-- Peter Fairbrother
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
correctly) to provide a clear, unambiguous definition of a data
exchange format.
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
use other sources of entropy as well).
-- Peter Fairbrother
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
-rng, which is to
deliberately repeat random output for debugging, replaying games, etc. Not
very relevant to crypto, except perhaps as part of an attack strategy.
-- Peter
On Wed, 19 Sep 2001, Peter Fairbrother wrote:
Bram Cohen wrote:
You only have to do it once at startup to get enough
available use an undocumented, proprietary format for their data. Your job is
to provide a time-and-materials estimate on what it'd take to fix this. You're
allowed a maximum of 90 days and $50K (+ 3 programmers) to get the problem
solved).
Peter
*anywhere* able to explain it?).
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
looking at formal security verification in fairly exhaustive detail (if I
missed anything I'm sure I'll hear about it soon :-). You can get it as
http://www.cryptoapps.com/~peter/04_verif_techniques.pdf. The conclusion is
that there are more effective ways to spend your time and money
it, or the situation is unclear enough to scare off companies who
are afraid of lawsuits. As a result, no-one can do anything.
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
shop owner, who identified himself only as Nop,
told Reuters.
[...]
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
licensing of, irrational numbers. God knows there's enough
irrationality around already after the attack.
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
when 40bit RC4 was [relatively]
easy to export, while stronger block ciphers such as
56 bit DES were not.
The moral re crypto restrictions is left to the reader.
Peter Trei
[Disclaimer: I work for RSA, but this note contains
my own opinions
the defence/Court, or
perhaps it's just legalese, I don't know.
-- Peter Fairbrother
David Wagner wrote:
It seems the FBI hopes the law will make a distinction between software
that talks directly to the modem and software that doesn't. They note
that PGP falls into the latter category
Capturing keystrokes of email in composition would appear to me to be part
of a transfer of ..intelligence of any nature transmitted ... in part by a
wire..., and nothing to do with stored email or 2703, but I am not a
lawyer.
-- Peter Fairbrother
Steven M. Bellovin wrote:
[snip
is generally fairly small),
uuencodes it,
and sends it in an email or an encrypted usenet posting.
Any application which allows in interior machine to send data to the outside
creates a potential covert channel. There's a reason why classified
machines
are airgapped.
Peter Trei
As I never tire of saying, PKI is the ATM of security.
Naah, it's the monorail/videophone/SST of security. Looks great at the World
Fair, but a bit difficult to turn into a reality outside the fairgrounds.
Peter (who would like to say that observation was original, but it was actually
.
PKI is like an erection: The more you think about it, the harder it gets.
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
for cover.
Why would anyone bother hide tiny messages in ebay images or
alt.binaries.erotica.bestiality.hamster when they can just post to
aam?
Peter Trei
--
From: Niels Provos[SMTP:[EMAIL PROTECTED]]
Sent: Friday, December 28, 2001 4:33 AM
To: Arnold G. Reinhold
From the Gift Card Hacking thread,
http://slashdot.org/comments.pl?sid=25442cid=0pid=0startat=threshold=1mode=flatcommentsort=0op=Change
Re:Nondisclosure (Score:1)
by FauxPasIII ([EMAIL PROTECTED]) on Saturday December 29, @12:27PM
(#2762484)
Businesses are not going to expend money fixing
Arnold G. Reinhold [EMAIL PROTECTED] writes:
The EWR monorail had been shut down for the better part of a year to correct a
pesky track corrosion problem (it's hard to get all the bugs out of a system
that is not widely used).
Thus making it a perfect analogy for PKI [0].
Peter.
[0] Before
the regular fee)
Full information on the conference can be found
at http://www.rsaconference.com (which, as others
have pointed out, is Flash-heavy :-( I'm talking to
people to try to get that changed next year.)
See you there!
Peter Trei
[EMAIL
R. A. Hettinga [EMAIL PROTECTED] quotes:
January 17, 2002
Tech Center
Microsoft Announces Corporate Shift To Focus on Tech Security, Privacy
Or:
Microsoft Issues Press Release to Say it Will No Longer Treat Security as
Just a PR Problem
Peter
for handling this type of messaging, encrypted
mailing lists, and assorted other useful stuff.
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
?
I'm reminded of a humorous button I've seen at some SF
conventions: Anything not nailed down is legally mine. Anything
I can pry up wasn't nailed down in the first place.
Peter Trei
-
The Cryptography Mailing List
Unsubscribe
of
persistant keys for encryption in both PGP and GPG make them unsuitable for
GAK resistance, and if you haven't got GAK yet, you might get it someday,
making all your present traffic insecure.
-- Peter Fairbrother
Pete Chown wrote:
John Gilmore wrote:
Brad Templeton has been kicking around some ideas
indexes about 3 billion
documents + 700 million usenet postings. At a
an estimated 100kb per item, that's roughly
the same as morpheus.
I don't lose sleep over MITM attacks on 3DES.
Peter Trei
--
From: Ben Laurie[SMTP:[EMAIL PROTECTED]]
Sent: Saturday, February 02, 2002 8
to
export it).
If you trust the above, then the only copy of the private key
is on the SC, despite it having been generated without the
end users participation.
Peter
--
From: Jaap-Henk Hoepman[SMTP:[EMAIL PROTECTED]]
Sent: Monday, February 04, 2002 8:45 AM
of satellites is also very expensive -
where's the revenue to do all this coming from?
...and the big one:
Could you *trust* the 'randomness' of a bitstream handed you
from a source you cannot check?
Sorry, folks, this one is a non-starter.
Peter Trei
--
From: Nicholas Brawn
admin run the
SW to create the keys and sign the public key,
and still have reasonable assurance that he has
not snagged a copy of the private key.
Peter Trei
--
From: Bill Frantz[SMTP:[EMAIL PROTECTED]]
Sent: Monday, February 04, 2002 3:41 PM
To: Bill Stewart
a list of silliness as long as a very
long thing when it comes to working with certs...
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
(alongside a few others in between).
There will always be data patterns which appear obvious to a human but aren't
easily picked up by automated tests, so I don't know how far it's worth chasing
this thing.
Peter.
-
The Cryptography
confirmation is exactly where
it isn't. We have credit cards for that. Cash needs to be authenticatable by
humans alone.
-- Peter Fairbrother
Sampo Syreeni wrote:
On Mon, 11 Feb 2002, Trei, Peter wrote:
That's the scenario which is (semi) worrying. As the tagged bills wear,
some fraction
, essentially 'Shut down
now and let something else happen'. The app can take it's sweet time about
this, and delay things long enough to zeroize or encrypt any sensitive data.
Peter Trei
The right answer, IMO, is EROS on an MMUed handheld device (not sure
about the biometric aspect - as I've stated
position on the matter (so don't pretend
otherwise).
Feel free to copy this document in its entirety, with
proper attribution.
Peter Trei
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography
, but some of it is
on Zip disks which may or may not still
be readable. I also have a lot of info
on the background of the challenges.
I gave a keynote speech at the 1997 RSA
Conference on the subject.
Peter Trei
Principal Engineer
RSA Security
[EMAIL PROTECTED]
--
From: Matt
.
Makes Tempest look like a toy. Nice (?) one, Markus.
-- Peter Fairbrother
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[Note: I'm just passing on posts from sci.crypt. I've
not confirmed this independently
It appears that not every product which uses smart
cards is secure
- pt]
From: [EMAIL PROTECTED] (Philippe Mestral)
Newsgroups: sci.crypt
Subject: I've
Distributed.net, which has won several of the RSA Secret Key
challenges, and is currently 73% of the way through the
RC5-64 contest, has lost it's ISP.
Peter Trei
From their front page:
- start quote
We need your help!
URGENT: We have recently learned that our long
about The Bat,
http://www.ritlabs.com/the_bat/features.html, which has built-in PGP support.
Apparently at some point Pegasus Mail, http://www.pmail.com, will have built-
in PGP and S/MIME support as well).
Peter
If there's a call for it, I'll post the whole text so you can read
it without visiting our site (it's not too long).
Peter Trei
RSA Security
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
paranoia as
Extreme, irrational distrust of others. I'm not using the correct
word here (nor are other people), because there are rational reasons
to distrust nosyparkers. So what *is* the right word for having a
non-empty threat model for moderate and rational reasons?
Prudence.
Peter
R. A. Hettinga[SMTP:[EMAIL PROTECTED]]
At 3:54 PM -0400 on 4/16/02, Trei, Peter wrote:
Well, Lucky's not a business, and he's certainly not a military
institution (despite his fondness for ordnance). What does that
leave? Most of us who know him got a little chuckle out
Now, I'm sure no one on this list would trust MSVC6 rand() for anything
important, but this post from sci crypt (which I have not cofirmed)
may be of interest:
Peter Trei
- start quote -
Newsgroups: sci.crypt, sci.crypt.random-numbers
Subject: Warning: MSVC6 rand function
--
From: Nomen Nescio[SMTP:[EMAIL PROTECTED]]
Sent: Thursday, May 30, 2002 12:20 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: FC: Hollywood wants to plug analog hole, regulate A-D
converters
Peter Trei writes:
My mind has been boggled, my
can change as well. Messages can be hidden on pages inside Microsoft
sites with no links to them, or placed openly in .HLP files in the Windows
system directory. The messages and patterns of symbols are given to sysadmins
and programmers to decipher.
Peter
,
Vol.2, No.2, June 1978, p.157.
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
concern -- ISPs and telecom companies oppose the costly idea --
and does not reflect any plan by the department or the White
House to push for a U.S. law.
[...]
- end quote -
Peter Trei
--
From: David G. Koontz[SMTP:[EMAIL PROTECTED]]
Sent: Thursday, June 20, 2002 10:57
. Is it even worth wasting cycles on speculating where
TCPA will end up?
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
to read, mostly
because it shows that the dot-com sharemarket situation would be better
investigated by the DEA than the FTC.
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Pete Chown [EMAIL PROTECTED] writes:
Peter Gutmann wrote:
Actually I'm amazed no printer vendor has ever gone after companies who
produce third-party Smartchips for remanufactured printer cartridges. This
sounds like the perfect thing to hit with the DMCA universal hammer.
There is no copyright
John S. Denker[SMTP:[EMAIL PROTECTED]] wrote:
Peter Gutmann wrote:
Actually I'm amazed no printer vendor has ever gone after companies who
produce
third-party Smartchips for remanufactured printer cartridges. This
sounds like
the perfect thing to hit with the DMCA universal hammer
certificates?
How many more do you need?
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
be a
great universal skeleton key for government agencies charged with protecting
the world from equestrians).
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
are generators used with SSL and ssh,
which both alternate from public nonces to private session keys and back.
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Jon Callas[SMTP:[EMAIL PROTECTED]]
On 8/1/02 1:14 PM, Trei, Peter [EMAIL PROTECTED] wrote:
So my question is: What is your reason for shielding your identity?
You do so at the cost of people assuming the worst about your
motives.
Is this a tacit way to suggest that the only
.
---
Peter Trei
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
won't, either because it's too hard, they don't know what
they've lost, or because of a misplaced respect for the whims of
The Men with Guns. This is not a Good Thing.
A freedom to skulk in the shadows, hoping not to be noticed, is not
the legacy I wish to leave behind.
Peter Trei
/proceedings/sec2000/robin.html
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
of battle, and leave his position
trimphant by default.
He doesn't care about the truth, or whether you have shown him to
be false. He just wants to win.
Peter Trei
-
The Cryptography Mailing List
Unsubscribe by sending
[EMAIL PROTECTED] writes:
Some of the OpenSSL developers are on this list. In case they are too busy to
reply, below are some of the comments from the package:
Could someone with legal know-how translate whatever it is this is saying into
English?
Peter
?
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
Peter
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
confirmed the decryption).
I expect that this will be the last one attacked for
a while - the next keylength is 72 bits, and at d.net's
current rate, that would take them several centuries.
Peter Trei
-
The Cryptography Mailing
for
what
to do next. The most interesting thing may not involve cryptanalysis.
Peter Trei
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
technology will probably be banned :(
Pete
--
Peter Clay | Campaign for _ _| .__
| Digital / / | |
| Rights
that their hardware is manufactured by ActivCard, I have to
say that this looks an *awful lot* like the ActivCard Keychain
Token, repackaged into a bigger form factor.
Peter Trei
Disclaimer: The above represents only my personal opinion
enough detail yet to be able to flesh this out, but it does
highlight some areas of concern:
- how do users back up vaults?
- there really needs to be a master override to deal with misbehaving
trusted apps.
Pete
--
Peter Clay | Campaign
http://biz.yahoo.com/prnews/021029/sftu114_1.html
Microsoft Windows 2000 Awarded Common Criteria Certification
Tuesday October 29, 2:00 pm ET
Achieves Highest Level of Security Evaluation for the Broadest Set of Real-
World Scenarios
Microsoft Corp. (Nasdaq: MSFT - News) today announced that
[Moderator's note: FYI: no pragma is needed. This is what C's
volatile keyword is for. Unfortunately, not everyone writing in C
knows the language. --Perry]
From RISKS:
http://catless.ncl.ac.uk/Risks/22.35.html#subj6
Those of us who write code need to be reminded of this
now and then.
Peter
actions of secret
services are to be added. According to the parliamentary control
body the Office for the Protection of the Constitution listens in on
up to 247 people within July 2000 and June 2001.
--- snap ---
Peter
. --Perry]
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
is compromised.
Peter Trei
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
.
This discusses lots of fool-the-compiler tricks, along with rebuttals
on why they could fail.
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Simon Josefsson [EMAIL PROTECTED] writes:
[EMAIL PROTECTED] (Peter Gutmann) writes:
Which operating systems leak memory between processes in this way?
Win32 via ReadProcessMemory.
The documentation for the function says it will check read access
permissions. Isn't this permission check done
as it
sounds :-). It's available as part 2a of the Godzilla tutorial at
http://www.cs.auckland.ac.nz/~pgut001/tutorial/index.html. Comments welcome
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
contributes to
the
sense of trustworthiness Microsoft is trying to impart after numerous
high-profile security lapses.
Peter Trei
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
the money issued. And not
be reliant on one computer to keep the records.
Or the propounders wanting to: make a profit/control the bank?
--
Peter Fairbrother
(who's drunk now, but will be sober tomorrow, and may regret posting
.
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
into the TCPA BIOS as far as is necessary, halt the
CPU via a small processor sitting on the SMB, swap in the non-TCPA BIOS, and
continue.
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
, and then send in
Men With Guns to enforce them.
Peter Trei
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
). More challenging though are ways of embedding a fixed pattern that
isn't (easily) detectable, a la various ways of leaking information in the
public key such as SETUP attacks.
Peter.
-
The Cryptography Mailing List
Unsubscribe
for a
government if a party external to the government may have the potential
power to turn off our access to its own information and that of its
citizens.
-- Snip --
Unlike China, not everyone can address this problem by building their own
systems from the silicon on up.
Peter
a secure system is needed for AT/DRM, its
not enough.
Let me get this straight - in order to make the RIAA and MPAA richer,
we're going to ban off-net computer use? If you're not near a WiFi
hotspot you won't be able to boot your laptop?
Peter Trei
that their designs will run into
when attempts are made to deploy them. Also included is a motivational list
of extremely uncool problems that implementors have been building ad-hoc
solutions for since no formal ones exist.
Peter
, or something like that. It runs fast,
but rekeying every block loses most of that advantage.
Just my personal musings
Peter Trei
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
by the NSA, faced a bureaucratic
nightmare and huge delays if it was approved at all.
Peter Trei
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Steven M. Bellovin[SMTP:[EMAIL PROTECTED]] wrote:
In message
[EMAIL PROTECTED]
m, Trei, Peter writes:
If I recall correctly (dee3: Can you help?) WEP is actually derived
from the encryption system used in the Apple Mobile Messaging
System, a PCMCIA paging card made for the Newton
-set key schedules can
be OR'd together to produce any key's schedule. Combining this with
the use of Grey Codes to choose the order in which keys were tested
(Perry's idea) led to key scheduling taking about 5% of the time budget.
Peter
posted a followup to say he'd tried
it on two servers and they had no trouble with the whitespace.
Peter.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
record, already certified by the voter as accurate.
This loses some of the economic benefits of all-electronic systems, since
security still needs to be provided for the receipts for some period, but
is far less prone to invisible abuse.
Peter Trei
1 - 100 of 111 matches
Mail list logo