Will Rodger wrote:
John says:
Wireless is a horse of a different color. IANAL but
the last time I looked, there was no federal law
against intercepting most wireless signals, but you
were (generally) not allowed to disclose the contents
to anyone else.
No longer, if it ever was. It's a
Tim Dierks wrote:
In order to avoid overreaction to a nth-hand story, I've attempted to
locate some primary sources.
Konop v. Hawaiian Airlines:
http://laws.lp.findlaw.com/getcase/9th/case/9955106pexact=1
[US v Councilman:]
As reported by AP:
| Among the most important [debris] they were seeking was
| a device that allows for the encryption of communication
| between the shuttle and NASA controllers. A NASA spokesman
| in Houston, John Ira Petty, said Friday that NASA feared
| the technology could be used to send
Matt Blaze wrote:
Patents were originally intended, and are usually used (for better
or for worse), as a mechanism for protecting inventors and their
licensees from competition.
That's an oversimplification. Patents were originally
intended as a bargain between the inventors and the
society
Regarding the acquittal of Jon Johansen, I quoted CNN
as saying:
The studios argued unauthorised copying was copyright theft
and undermined a market for DVDs and videos worth $20
billion a year in North America alone.
Some elements of the industry did indeed claim that,
but such claims are
1) This topic must be taken seriously. A standard technique
for attacking a system is to request a bunch of memory or
disk space, leave it uninitialized, and see what you've got.
2) As regards the volatile keyword, I agree with Perry.
The two punchlines are:
if, for example, gcc did not honor
R. A. Hettinga wrote:
...
the first computer to crack enigma was optical
the first synthetic-aperture-radar processor was optical
but all these early successes were classified -- 100 to 200 projects,
and I probably know of less than half.
-- Do these claims compute?! is this really a
AARG!Anonymous wrote:
The problem is that you can't forcibly collapse the state vector into your
wished-for eigenstate, the one where the plaintext recognizer returns a 1.
Instead, it will collapse into a random state,
Sorry, that's a severe mis-characterization.
David Honig wrote:
I
bear wrote:
... I have one box with all the protection I want:
it's never connected to the net at all. I have another box
with all the protection that I consider practical for email
and web use. Both run only and exactly the software I have
put on them,
That is trusted computing
David Wagner wrote:
It seems to me that a much more privacy-friendly solution would be
to simply refrain from asking for sensitive personal information like
SSN and date of birth -- name and a random unique identifier printed
on the application form ought to suffice. (If SSN is later needed
David Wagner [EMAIL PROTECTED] writes:
I don't know of any good cryptographic hash function
that comes with a proof that all outputs are possible.
What about the scheme
Pad - Encipher - Contract
described at
http://www.monmouth.com/~jsd/turbid/paper/turbid.htm#sec-uniform-hash
1) There were some very interesting questions such as
-- whether one can construct a hash function that
generates all possible codes.
-- ditto, generating them as uniformly as possible.
-- Whether off-the-shelf hash functions such as SHA-1
have such properties.
The answers are
Barney Wolff asked:
Do we even know that the popular hash functions can actually generate
all 2^N values of their outputs?
David Wagner replied:
It seems very unlikely that they can generate all 2^N outputs
(under current knowledge).
I was temporarily astonished, but he clarified as
I wrote:
a) if the hash function happens to have a property I call no
wasted entropy then the whitening stage is superfluous (and
you may decide to classify the hash as non-simple);
David Honig responded:
Not wasting entropy does not mean that a function's output
is white ie uniformly
Amir Herzberg wrote:
So I ask: is there a definition of this `no wasted entropy` property, which
hash functions can be assumed to have (and tested for), and which ensures
the desired extraction of randomness?
That's the right question.
The answer I give in the paper is
A cryptologic
David Honig helped focus the discussion by advocating the
block diagram:
Source -- Digitizer -- Simple hash -- Whitener (e.g., DES)
Let me slightly generalize this to:
! Source -- Digitizer -- hash -- Whitener (e.g., DES)
i.e. we defer the question of whether the hash is simple or not.
I
At 10:59 PM 7/22/02 -0700, [EMAIL PROTECTED] wrote:
Entropy is not quite a physical quantity -- rather it is on the
slippery edge between being a physical thing and a philosophical
thing. If you are not careful, you will slip into a deep epistemic
bog and find yourself needing to ask how
Eugen Leitl wrote:
... framegrabber with a 640x480 24 bit/pixel camera. It doesn't
compress, is rather noisy, and since self-adjusting I get the maximum
entropy at maximum darkness.
OK. Evidently it's dominated by thermal noise, not to
be confused with the Poisson noise recently featured
[EMAIL PROTECTED] wrote:
Most security bugs reported these days are issues
with application semantics (auth bypass, SQL injection, cross-site
scripting, information disclosure, mobile code execution, ...), not buffer
overflows.
Really? What's the evidence for that?
What definition of
[EMAIL PROTECTED] wrote:
This is more indicative of CERT's focus than the relative frequency of
security issues. The fact that a large fraction of e-commerce merchants
let you set the price for the goods you buy is in practice a larger threat
than the widely publicized buffer overflows.
David Honig wrote:
The thread here has split into QM True Randomness and
what do you need to build a true RNG...
Yup.
Specifically: The executive summary of the
principles of operation of my generator is:
-- use SHA-1, which is believed to be resistant
to collisions, even under
David Honig wrote yet another nice note:
So work in a Faraday cage...
Tee, hee. Have you ever worked in a Faraday cage?
Very expensive. Very inconvenient.
Depending on what whitening means; see below.
You can imagine simple-hashing (irreversible compression)
as distinct from
http://www.eeye.com/html/Research/Advisories/AD20020710.html
This vulnerability can be exploited by the Outlook user simply
selecting a malicious email, the opening of an attachment is
not required.
...
[NAI] have released a patch for the latest versions of the PGP
Outlook plug-in to protect
I wrote:
Perhaps we are using
wildly divergent notions of privacy
Donald Eastlake 3rd wrote:
You are confusing privacy with secrecy
That's not a helpful remark. My first contribution to
this thread called attention to the possibility of
wildly divergent notions of privacy.
Also please
Kossmann, Bill asked:
Anybody familiar with this product?
A Swiss company has announced the commercial availability of what it says
are the first IT products which exploit quantum effects rather than
conventional physics to achieve their goals. (05/31/2002)
WASHINGTON -- Microsoft Chairman Bill
Gates announced to employees Wednesday a
major strategy shift across all its products,
including its flagship Windows software, to
emphasize security and privacy over new
capabilities.
http://www0.mercurycenter.com/breaking/docs/039127.htm
[EMAIL PROTECTED] wrote:
...
People running around in business selling
products and services and then disclaiming any liability with regard
to their performance _for_their_intended_task_ is, IMHO, wrong.
IMHO this presents an unsophisticated notion of
right versus wrong.
By way of analogy:
27 matches
Mail list logo