In message [EMAIL PROTECTED], James M Galvin
writes:
No way. The phrase flatly ban is overstating the words in the actual
bills.
They both require that the use of such technologies be for the purpose
of committing a crime. Law enforcement would still have to show intent,
which is as it should
That's using a questionable measuring stick.
The damages paid out in a civil suit may be very
different (either higher, or lower) than the true
cost of the misconduct. Remember, the courts are
not intended to be a remedy for all harms, nor could
they ever be. The courts shouldn't be a
In message [EMAIL PROTECTED], Ian Grigg writes:
Who's afraid of Mallory Wolf?
Even worse, there's not been any known MITM of
any aggresive form. The only cases known are
a bunch of demos, under laboratory conditions.
They don't count, and MITM remains a theoretical
attack, more the subject of
I'm struck by the similarity of this attack to Matt Blaze's master key
paper. In each case, you're guessing at one position at a time, and
using the response of the security system as an oracle. What's crucial
in both cases is the one-at-a-time aspect -- that's what makes the
attack linear
In message [EMAIL PROTECTED]
m, Trei, Peter writes:
If I recall correctly (dee3: Can you help?) WEP is actually derived
from the encryption system used in the Apple Mobile Messaging
System, a PCMCIA paging card made for the Newton in the mid-90s.
This used 40 bit RC4.
Though only a few years
In message [EMAIL PROTECTED], Pete Chown writes:
Bill Stewart wrote:
These days nobody *has* a better cryptosystem than you do They might
have a cheaper one or a faster one, but for ten years the public's
been able to get free planet-sized-computer-proof crypto ...
I seem to remember that the
In message [EMAIL PROTECTED], bear writ
es:
It's one of those things, like re-using a pad.
Actually, it is re-using a pad, exactly. It's just a pseudorandom
pad (stream cipher) instead of a one-time pad.
And while WEP had problems, it didn't have that particular problem.
New messages with the
In message b295ds$l66$[EMAIL PROTECTED], David Wagner writes:
Trei, Peter wrote:
The weird thing about WEP was its choice of cipher. It used RC4, a
stream cipher, and re-keyed for every block. . RC4 is
not really intended for this application. Today we'd
have used a block cipher with varying IVs
In message v03110708ba6df9a4efb3@[192.168.1.5], Bill Frantz writes:
At 4:29 PM -0800 2/10/03, Steven M. Bellovin wrote:
In message v03110705ba6dec92ddb0@[192.168.1.5], Bill Frantz writes:
* Fast key setup (Forget tossing the 256 bytes of key stream.
The designers weren't crypto engineers
In message [EMAIL PROTECTED], Paul A.S. Ward writes:
Is it really fair to blame WEP for not using AES when AES wasn't around
when WEP was being created?
Of course they couldn't have used AES. But there are other block
ciphers they could have used. They could have used key management.
They
In message [EMAIL PROTECTED], Faust writes:
Apparently some folks skipped class the day Kerchhoffs'
Principle was covered.
While this is obvious to the oldtimers, I had to look Kerkhoffs principle
( and found that it is the old injunction against security by obscurity ).
You can find
In message [EMAIL PROTECTED], Scott G. Kelly writes:
I have a question regarding RSA encryption - forgive me if this seems
amateur-ish -, but 'm still a beginner. I seem to recall reading
somewhere that there is some issue with directly encrypting data with an
RSA public key, perhaps some
In message [EMAIL PROTECTED], Perry E. Metzger writes:
I don't know anyone who trades video files -- they're pretty big and
bulky. A song takes moments to download, but a movie takes many many
hours even on a high speed link. I have yet to meet someone who
pirates films -- but I know lots of
In message [EMAIL PROTECTED], Peter Gutmann writes
:
[Moderator's note: FYI: no pragma is needed. This is what C's volatile
keyword is for.
No it isn't. This was done to death on vuln-dev, see the list archives for
the discussion.
[Moderator's note: I'd be curious to hear a summary -- it
In message [EMAIL PROTECTED], Jonathan S. Shapi
ro writes:
I disagree. The problem is even more fundamental than that. The problem
today is the absence of liability for the consequences of bad software.
Once liability goes into place, CC becomes the industry-accepted
standard of diligent
In message [EMAIL PROTECTED], John Saylor writes:
Hi
( 02.10.02 12:50 -0500 ) Jeremey Barrett:
but it's always better to encrypt than not, even if no additional
trust is gained.
While I generally am on board with this, I can see a situation where the
encryption overhead [and complexity] may
In message [EMAIL PROTECTED], Greg Rose writes
:
At 01:30 AM 10/2/2002 -0400, John S. Denker wrote:
R. A. Hettinga wrote:
...
the first computer to crack enigma was optical
1) Bletchley Park used optical sensors, which were (and
still are) the best way to read paper tape at high speed.
You can
In message [EMAIL PROTECTED], [EMAIL PROTECTED]
.cmu.edu writes:
Perry E. Metzger wrote:
An idea from some folks at MIT apparently where a physical token
consisting of a bunch of spheres embedded in epoxy is used as an
access device by shining a laser through it.
I can't dig up the memory,
In message [EMAIL PROTECTED], David G. Koontz writes:
Trei, Peter wrote:
- start quote -
Cyber Security Plan Contemplates U.S. Data Retention Law
http://online.securityfocus.com/news/486
Internet service providers may be forced into wholesale spying
on their customers as part of the
Folks on this list might be interested in a National Research Council
report on nationwide identity systems: http://books.nap.edu/html/id_questions/
--Steve Bellovin, http://www.research.att.com/~smb
Full text of Firewalls book now at http://www.wilyhacker.com
Another point -- the law protects encryption research, not
cryptographic research. Watermarking or DRM systems do not appear to
be covered by the statute's definition of encryption.
--Steve Bellovin, http://www.research.att.com/~smb
Full text of Firewalls book
In message v0421010cb86ca9bc4254@[192.168.0.2], Arnold G. Reinhold writes:
At 9:15 AM -0500 1/16/02, Steve Bellovin wrote:
A couple of months ago, a Wall Street Journal reporter bought two
abandoned al Qaeda computers from a looter in Kabul. Some of the
files on those machines were encrypted.
In message [EMAIL PROTECTED], Damien
Miller writes:
The common wisdom when using (A)RC4 as a PRNG seems to be to discard
the first few bytes of keystream it generates as it may be correlated
to the keying material.
Does anyone have a reference that describes this in more detail? Or
am I
In message Pine.GSO.3.96.1011217132546.27456B-10@crypto, Jay D. Dyson w
rites:
On Mon, 17 Dec 2001, Will Rodger wrote:
But the interplay with MagicLantern and PatriotAct issues is
thought-provoking...
Actually, this is nothing new. The boys at the Bureau have a long
history of
Also see the National Research Council report Trust in Cyberspace (I
served on that committee). The section on formal methods can be found
at http://www.nap.edu/readingroom/books/trust/trust-3.htm#Page 95
(yes, there's a blank in the URL...)
--Steve Bellovin,
In message 9qftr6$23i$[EMAIL PROTECTED], David Wagner writes:
It seems the FBI hopes the law will make a distinction between software
that talks directly to the modem and software that doesn't. They note
that PGP falls into the latter category, and thus -- they argue -- they
should be permitted
In message [EMAIL PROTECTED], Ben Laurie writes:
Trei, Peter wrote:
Windows XP at least checks for drivers not signed by MS, but
whose security this promotes is an open question.
Errr ... surely this promotes MS's bottom line and no-one's security? It
is also a major pain if you happen to want
In message [EMAIL PROTECTED]
m, Trei, Peter writes:
Axel H Horns[SMTP:[EMAIL PROTECTED]]
http://news.bbc.co.uk/hi/english/uk/england/newsid_1564000/1564878.stm
-- CUT -
Wednesday, 26 September, 2001, 15:25 GMT 16:25 UK
In message v03110706b7d555f61a45@[165.247.220.34], Bill Frantz writes:
At 10:11 AM -0700 9/24/01, [EMAIL PROTECTED] wrote:
as mentioned in the various previous references ... what is at risk ...
effectively proportional to the aggregate of the account credit limits ...
for all accounts that
In message [EMAIL PROTECTED], Declan McCullagh writes:
http://www.wartimeliberty.com/article.pl?sid=01/09/21/0450203
Crypto Op-Ed: Privacy No Longer an Argument
posted by admin on Thursday September 20, @11:39PM
M. W. Guzy has a provocative and not entirely coherent essay
in
In message [EMAIL PROTECTED], Declan McCullagh
writes:
May be relevant, given the new focus in DC on restricting privacy and crypto..
.
Text of the Hatch-Feinstein Combating Terrorism Act of 2001:
http://www.politechbot.com/docs/cta.091401.html
Discussion of the CTA:
In message [EMAIL PROTECTED], Declan McCullagh writes:
One of those -- and you can thank groups like ACM for this, if my
legislative memory is correct -- explicitly permits encryption
research. You can argue fairly persuasively that it's not broad
enough, and certainly 2600 found in the DeCSS
32 matches
Mail list logo