Re: SSL/TLS passive sniffing

I wrote: If the problem is a shortage of random bits, get more random bits! Florian Weimer responded: We are talking about a stream of several kilobits per second on a busy server (with suitable mailing lists, of course). This is impossible to obtain without special hardware. Not very special, as

SSL/TLS passive sniffing

Florian Weimer [EMAIL PROTECTED] writes: I'm slightly troubled by claims such as this one: http://lists.debian.org/debian-devel/2004/12/msg01950.html [which says: If you're going to use /dev/urandom then you might as well just not encrypt the session at all.] That claim is totally bogus,

Re: Cryptography Research wants piracy speed bump on HD DVDs

Is there really that much space for marking? Any substantial number of marked bits will become obvious in the output stream, no? Is the watermarking system robust? Is it public? And how long ago has it been published? If they are only modifying some bits (in the standard representation), then

Re: Cryptography Research wants piracy speed bump on HD DVDs

Bill Stewart wrote: At 09:08 AM 12/15/2004, Ian Grigg wrote: Let me get this right. ... ... A blockbuster worth $100m gets cracked ... and the crack gets watermarked with the Id of the $100 machine that played it. ... So the solution is to punish the $100 machine by asking them to call Disney with

A Force Field in Flat Gray to Protect a Wireless Network

http://www.nytimes.com/2004/12/23/technology/circuits/23pain.html?pagewanted=printposition= The New York Times December 23, 2004 A Force Field in Flat Gray to Protect a Wireless Network Adam Baer s wireless networks have proliferated, computer security companies have come up with

U.S. passport privacy: Over and out?

http://www.iht.com/bin/print_ipub.php?file=/articles/2004/12/22/news/passport.html U.S. passport privacy: Over and out? By Hiawatha Bray The Boston Globe Thursday, December 23, 2004 It's December 2005 and you're all set for Christmas in Vienna. You have your most fashionable

Re: Cryptography Research wants piracy speed bump on HD DVDs

To add a postscript to that, yesterday's LAWgram reported that $10 DVD *players* are now selling in the US. The economics of player-id-watermarking are looking a little wobbly; we can now buy a throwaway player for the same price as a throwaway disk. http://www.theinquirer.net/?article=20371

Banks Test ID Device for Online Security

Okay. So AOL and Banks are *selling* RSA keys??? Could someone explain this to me? No. Really. I'm serious... Cheers, RAH http://www.nytimes.com/2004/12/24/technology/24online.html?oref=loginpagewanted=printposition= The New York Times December 24, 2004 Banks Test ID Device for

AOL Help : About AOL® PassCode

http://help.channels.aol.com/article.adp?catId=6sCId=415sSCId=4090articleId=217623 Have questions? Search AOL Help articles and tutorials: How To: Billing Channels Communicating Online E-Mail More Subjects Products and Services AOL.COM AOL® Computer Check-Up AOL Deskbar AOL® Calendar AOL®

Scientists close to network that defies hackers

http://news.ft.com/cms/s/a0dcf3f0-5874-11d9-9940-0e2511c8.html The Financial Times Scientists close to network that defies hackers By Clive Cookson, Science Editor Published: December 28 2004 02:00 | Last updated: December 28 2004 02:00 Scientists have taken what they say is a big step

The story of Aldrich Ames and Robert Hanssen--from the KGB's point of view.

http://www.opinionjournal.com/la/?id=110006088 OpinionJournal WSJ Online BOOKSHELF The Man Who Stole the Secrets The story of Aldrich Ames and Robert Hanssen--from the KGB's point of view. BY EDWARD JAY EPSTEIN Thursday, December 30, 2004 12:01 a.m. EST Recently a number of former CIA

eBay Dumps Passport, Microsoft Calls It Quits

http://www.techweb.com/article/printableArticle.jhtml;jsessionid=IUVVYXUECEG4MQSNDBGCKHSCJUMEKJVN?articleID=56800077site_section=700029 eBay Dumps Passport, Microsoft Calls It Quits By TechWeb News December 30, 2004 (12:51 PM EST) URL: http://www.techweb.com/wire/ebiz/56800077 Another

Re: The Pointlessness of the MD5 attacks

Something that is interesting about this issue is that it involves transitive vulnerability. If there are only two actors there is no issue. If Alice is the user and Bob is the software maintainer and Bob is bad, then Alice will be exploited regardless of the hash function. If Alice is the

Where to get a Jefferson Wheel ?

Hi, does anyone know where I can get a Jefferson Wheel or a replica? regards Hadmut - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Korean Online Banks Will Be Liable for 'Hacking' Damages in 2006

--- begin forwarded text Date: Fri, 31 Dec 2004 04:30:34 -0600 (CST) From: InfoSec News [EMAIL PROTECTED] To: isn@attrition.org Subject: [ISN] Online Banks Will Be Liable for 'Hacking' Damages in 2006 Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED]

Re: SSL/TLS passive sniffing

At 22:51 2004-12-22 +0100, Florian Weimer wrote: * John Denker: Florian Weimer wrote: Would you recommend to switch to /dev/urandom (which doesn't block if the entropy estimate for the in-kernel pool reaches 0), and stick to generating new DH parameters for each connection, No, I wouldn't.

RE: Banks Test ID Device for Online Security

R.A. Hettinga wrote: Okay. So AOL and Banks are *selling* RSA keys??? Could someone explain this to me? No. Really. I'm serious... Cheers, RAH The slashdot article title is really, really misleading. In both cases, this is SecurID. Peter

Re: AOL Help : About AOL® PassCode

R.A. Hettinga wrote: http://help.channels.aol.com/article.adp?catId=6sCId=415sSCId=4090articleId=217623 Have questions? Search AOL Help articles and tutorials: . If you no longer want to use AOL PassCode, you must release your screen name from your AOL PassCode so that you will no longer need