Anonymous wrote:
[Copied to Adam so he doesn't have to wait for some moderator to get
off his fat ass and approve it. And BTW permission is NOT granted to
forward this or any part of it to the DBS list because Hettinga is an
asshole who kicks people off his list for spite. He can piss in
[EMAIL PROTECTED] wrote:
On 21 Apr 2002 at 10:00, Major Variola (ret) wrote:
At 11:22 AM 4/21/02 +0200, Eugen Leitl wrote:
I disagree here somewhat. Cryptography ttbomk doesn't have means of
construction of provably strong PRNGs, especially scalable ones, and
with
lots of
Eugen Leitl wrote:
On Mon, 29 Apr 2002, Steve Furlong wrote:
Blow me.
Troll, and ye shalt be heard.
Seriously, while the relationship between furriners and merkins has been
notoriously strained, might there not be need for a cpunx-europe@? For
regional announcements, and such.
[EMAIL PROTECTED] wrote:
--
On 29 Apr 2002 at 14:58, Sampo Syreeni wrote:
[IPv6] nicely solves the problem with NATs, true. However, most
firewalls I know are there for security reasons. Those will
likely be adapted to work for 6to4 as well. The transition
period will likely see
[EMAIL PROTECTED] wrote:
On 14 May 2002 at 13:47, R. A. Hettinga wrote:
At 8:10 AM -0700 on 5/14/02, [EMAIL PROTECTED] wrote:
How could this possibly be true? :ast I checked, GDP for the US
was about 10 trillion bucks a year, the combined GDP of
every nation on earth per year
Adam Shostack wrote:
I find myself storing a pile of vaugely sensitive information on my
palm. Where do I find the competent analysis of this? Ideally, I'd
like to be able to protect things that I move into a sensitive area
(passwords), and maybe select items in other places that I want to
Jason Holt wrote:
Are the journals going to be snippy about
copyright issues?
Most journals don't like papers to have been published elsewhere first.
Screw 'em, I say.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no limit to what a man can
Greg Newby wrote:
H2K2, 2600's conference, is at Hotel Penn in New York
July 12-14. http://www.h2k2.net
CP contributors who are scheduled include
John Young and yours truly. Maybe others I
didn't recognize or see yet. I heard of a few other
tentatives.
The full conference schedule
dmolnar wrote:
On Thu, 20 Jun 2002, Greg Newby wrote:
the next couple of days. I'm thinking of a CP
meet Saturday night July 12. Anyone else gonna be there?
I should be there, since I'm free and in the area.
In a similar vein, who's going to be at DEF CON?
Me :-)
Cheers,
Ben.
R. A. Hettinga wrote:
At 12:06 AM +0100 on 7/1/02, Ben Laurie wrote:
No, a pseudonym can be linked to stuff (such as reputation,
publications, money). An anonym cannot.
More to the point, there is no such thing as an anonym, by definition.
Hmm. So present the appropriate definition?
Cheers
Barney Wolff wrote:
My use of anonym was a joke. Sorry if it was too deadpan. But
my serious point was that if a pseudonym costs nothing to get or
give up, it makes one effectively anonymous, if one so chooses.
Well, yeah, I'd say that single-use pseudonyms are, in fact, the
definition of
Eric Cordian wrote:
Still, Nature abhors overcomplexification, and plain old quantum mechanics
works just fine for predicting the results of experiments.
Oh yeah? So predict when this radioactive isotope will decay, if you please.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
Nomen Nescio wrote:
On Tue, Jul 09, at 02:02PM, Tim May wrote:
Also, a person having extensive offshore (outside the U.S.)
assets may well find his assets are now taxable in the U.S.
And for those with capital assets not taxed in their home
countries (e.g., Germany, Japan), this may be quite a
Albion Zeglin wrote:
Similar to DeCSS, only one Palladium chip needs to be reverse engineered and
it's key(s) broken to virtualize the machine.
If you break one machine's key:
a) You won't need to virtualise it
b) It won't be getting any new software licensed to it
Simulate a Pentium VI
Nomen Nescio wrote:
Ben Laurie wrote:
Albion Zeglin wrote:
Similar to DeCSS, only one Palladium chip needs to be reverse engineered and
it's key(s) broken to virtualize the machine.
If you break one machine's key:
a) You won't need to virtualise it
b) It won't be getting any new software
Adam Back wrote:
On Tue, Jul 23, 2002 at 06:11:04PM +, Jason Holt wrote:
The default behavior for an SSL proxy is to pass the encrypted bytes
back and forth, allowing you to connect all the way to the other server.
This isn't just the default behavior; it's the only defined
Lucky Green wrote:
Ray wrote:
From: James A. Donald [EMAIL PROTECTED]
Date: Tue, 30 Jul 2002 20:51:24 -0700
On 29 Jul 2002 at 15:35, AARG! Anonymous wrote:
both Palladium and TCPA deny that they are designed to restrict
what applications you run. The TPM FAQ at
Mike Rosing wrote:
Why exactly is this so much more of a threat than, say, flash BIOS
upgrades? The BIOS has a lot more power over your machine than the
TPM does.
The difference is fundamental: I can change every bit of flash in my BIOS.
I can not change *anything* in the TPM. *I* control
AARG!Anonymous wrote:
Adam Back writes:
- Palladium is a proposed OS feature-set based on the TCPA hardware
(Microsoft)
Actually there seem to be some hardware differences between TCPA and
Palladium. TCPA relies on a TPM, while Palladium uses some kind of
new CPU mode. Palladium
AARG!Anonymous wrote:
Adam Back writes:
I have one gap in the picture:
In a previous message in this Peter Biddle said:
In Palladium, SW can actually know that it is running on a given
platform and not being lied to by software. [...] (Pd can always be
lied to by HW - we move the problem
David Wagner wrote:
Ben Laurie wrote:
Mike Rosing wrote:
The purpose of TCPA as spec'ed is to remove my control and
make the platform trusted to one entity. That entity has the master
key to the TPM.
Now, if the spec says I can install my own key into the TPM, then yes,
it is a very useful
Joseph Ashwood wrote:
Lately on both of these lists there has been quite some discussion about
TCPA and Palladium, the good, the bad, the ugly, and the anonymous. :)
However there is something that is very much worth noting, at least about
TCPA.
There is nothing stopping a virtualized
Adam Back wrote:
The remote attesation is the feature which is in the interests of
third parties.
I think if this feature were removed the worst of the issues the
complaints are around would go away because the remaining features
would be under the control of the user, and there would be
Joseph Ashwood wrote:
- Original Message -
From: Ben Laurie [EMAIL PROTECTED]
Joseph Ashwood wrote:
There is nothing stopping a virtualized version being created.
What prevents this from being useful is the lack of an appropriate
certificate for the private key in the TPM
Anonymous User wrote:
This program can be used by anonymous contributors to release partial
information about their identity - they can show that they are someone
from a list of PGP key holders, without revealing which member of the
list they are. Maybe it can help in the recent controvery
Anonymous wrote:
Steps to verify the ring signature file (note: you must have the openssl
library installed):
1. Save http://www.inet-one.com/cypherpunks/dir.2002.08.05-2002.08.11/msg00221.html,
as text, to the file ringsig.c. Delete the paragraph of explanation, and/or any
HTML junk,
Anonymous wrote:
*** COULD SOMEONE PLEASE FOLLOW THE STEPS ABOVE AND PUT THE ringsig.c,
ringsign, ringver, AND sigring.pgp FILES ON A WEB PAGE SO THAT PEOPLE
CAN DOWNLOAD THEM WITHOUT HAVING TO GO THROUGH ALL THESE STEPS? ***
Once it works, I'll happily do that, but...
6. Finally, the
Anonymous wrote:
Len Sassaman has put the ringsig program up at
http://www.abditum.com/~rabbi/ringsig/
First, the ring signature portion has successfully been repaired from
the truncation imposed by the anon remailer in the original post.
Second, unfortunately all of the tabs have
Steve Schear wrote:
At 03:52 PM 8/29/2002 -0500, Gary Jeffers wrote:
The money is backed by silver and gold and can be redeemed widely
in America.
True but only fractionally (i.e., the precious metal content is only a
fraction of the face value).
And this is different from the US
Lisa wrote:
They are also actively used to modify DirecTV Dish Network access cards
to steal service.
Damn. We'd better ban them then. I've heard this Interweb thingy is used
to steal content - should we ban that, too?
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
Lucky Green wrote:
I also agree that current MTAs' implementations of STARTTLS are only a
first step. At least in postfix, the only MTA with which I am
sufficiently familiar to form an opinion, it appears impossible to
require that certs presented by trusted parties match a particular hash
Adam Shostack wrote:
On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote:
| Lucky Green wrote:
| I also agree that current MTAs' implementations of STARTTLS are only a
| first step. At least in postfix, the only MTA with which I am
| sufficiently familiar to form an opinion
Peter Gutmann wrote:
I recently came across a real-world use of steganography which hides extra
data in the LSB of CD audio tracks to allow (according to the vendor) the
equivalent of 20-bit samples instead of 16-bit and assorted other features.
According to the vendors, HDCD has been used in
Adam Shostack wrote:
Whats wrong with PGP sigs is that going on 9 full years after I
generated my first pgp key, my mom still can't use the stuff.
Mozilla+enigmail+gpg. It just works.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no limit to
James A. Donald wrote:
--
Adam Shostack wrote:
Whats wrong with PGP sigs is that going on 9 full years
after I generated my first pgp key, my mom still can't use
the stuff.
On 3 Oct 2002 at 17:33, Ben Laurie wrote:
Mozilla+enigmail+gpg. It just works.
If we had client side
Ben Laurie wrote:
On Fri, Oct 04, 2002 at 01:07:50PM -0700, Major Variola (ret) wrote:
At 04:45 PM 10/3/02 -0700, James A. Donald wrote:
--
James A. Donald wrote:
If we had client side encryption that just works we would
be seeing a few more signed messages on this list,
Ben Laurie wrote
Jim Choate wrote:
What I'd like to know is does Godel's apply to all forms of
para-consistent logic as well
It applies to any sufficiently complex axiomatic system. Allegedly.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no limit to what a
Tim May wrote:
On Friday, November 15, 2002, at 07:55 AM, IanG wrote:
--
I see pretty much a standard list of crypto papers
here, albeit crypto with a waving of finance salt.
What ever happened to Financial Cryptography? The
organisers did say they were going to
Tyler Durden wrote:
I got a hold of a little gadget recently that is very nearly perfect for
certain forms of data storage. It's called a Thumbdrive and I bought
it online somewhere (64Meg for about $179 or so).
The cool thing about this drive (small enough that it has holes for use
as a
John Young wrote:
Ben,
Would you care to comment for publication on web logging
described in these two files:
http://cryptome.org/no-logs.htm
http://cryptome.org/usage-logs.htm
Cryptome invites comments from others who know the capabilities
of servers to log or not, and other means for
Bill Frantz wrote:
At 6:16 PM -0800 4/2/03, Seth David Schoen wrote:
Bill Frantz writes:
The http://cryptome.org/usage-logs.htm URL says:
Low resolution data in most cases is intended to be sufficient for
marketing analyses. It may take the form of IP addresses that have been
subjected to a
Eric Murray wrote:
Food for thought and grounds for further research:
- Forwarded message from Bernie, CTA [EMAIL PROTECTED] -
Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
Precedence: bulk
List-Id: bugtraq.list-id.securityfocus.com
List-Post: mailto:[EMAIL PROTECTED]
Sunder wrote:
To add to this:
There is no law stating that I cannot take my books and read them
backwards, skip every other word, read the odd chapters in reverse and the
even chapters forward, or try to decode the book by translating it to
another language, ask someone with better eyes
Peter Gutmann wrote:
Eugen Leitl [EMAIL PROTECTED] writes:
A way that works would involve passphrase-locked keyrings, and forgetful
MUAs (this mutt only caches the passphrase for a preset time).
A way that works *in theory* would involve The chances of any vendor
of mass-market software
Adam Back wrote:
On Mon, May 10, 2004 at 02:42:04AM +, Jason Holt wrote:
Another approach to hiding membership is one of the techniques
proposed for non-transferable signatures, where you use construct:
RSA-sig_A(x),RSA-sig_B(y) and verification is x xor y = hash(message).
Where the sender is
Adam Back wrote:
Here's a forward of parts of an email I sent to Richard with comments on
his and Ben's paper (sent me a pre-print off-list a couple of weeks ago):
One obvious comment is that the calculations do not take account of
the CAMRAM approach of charging for introductions only. You
Tyler Durden wrote:
The hascash idea is OK, and obviously will work (as of now...the
dividing line between human and machine is clearly not static, and
smarter spam operations will start doing some segmentation analysis and
then find it worthwhile to pay up). But the kind of person that may
Tyler Durden wrote:
Hum.
So my newbie-style question is, is there an eGold that can be verified,
but not accessed, until a 'release' code is sent?
proof-of-delivery protocols might help (but they're patented, as I
discovered when I reinvented them a few years back).
In other words, say I'm
Tyler Durden wrote:
What if I block the outbound release the money message after I
unbundle the images. Sure, I've already committed my money, but you
can't get to it. In effect I've just ripped you off, because I have
usable product and you don't have usable money.
Well, yes, but this would be
Hal Finney wrote:
Ben Laurie writes:
How do you make the payment already gone without using a third party?
Of course there has to be a third party in the form of the currency
issuer. If it is someone like e-gold, they could do as I suggested and
add a feature where the buyer could transfer funds
Travis H. wrote:
Part of the problem is using a packet-switched network; if we had
circuit-based, then thwarting traffic analysis is easy; you just fill
the link with random garbage when not transmitting packets. I
considered doing this with SLIP back before broadband (back when my
friend
51 matches
Mail list logo