http://www.bluegemsecurity.com/ claims that they can encrypt data from the
keyboard to the web browser, bypassing trojans and sniffers, however the web
pages are completely lacking in any detail on what they're actually doing.
From reports published by West Coast Labs, it's a purely software-only
At 9:11 PM +1300 10/28/05, Peter Gutmann wrote:
The West Coast Labs tests report that they successfully evade all known
sniffers, which doesn't actually mean much since all it proves is that
LocalSSL is sufficiently 0-day that none of the sniffers target it yet. The
use of SSL to get the
At 9:27 PM -0700 10/27/05, cyphrpunk wrote:
Every key has passed
through dozens of hands before you get to see it. What are the odds
that nobody's fucked with it in all that time? You're going to put
that thing in your mouth? I don't think so.
So, as Carl Ellison says, get it from the source.
At 8:41 PM -0700 10/27/05, cyphrpunk wrote:
Where else are you going to talk about
this shit?
Talk about it here, of course.
Just don't expect anyone to listen to you when you play list-mommie.
Cheers,
RAH
--
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer
- Forwarded message from Matthew Kaufman [EMAIL PROTECTED] -
From: Matthew Kaufman [EMAIL PROTECTED]
Date: Thu, 27 Oct 2005 19:28:53 -0700
To: 'Peer-to-peer development.' [EMAIL PROTECTED]
Subject: RE: [p2p-hackers] P2P Authentication
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
On Thu, Oct 27, 2005 at 11:28:42PM -0400, R.A. Hettinga wrote:
The cypherpunks list is about anything we want it to be. At this stage in
the lifecycle (post-nuclear-armageddon-weeds-in-the-rubble), it's more
about the crazy bastards who are still here than it is about just about
anything
From: Eugen Leitl [EMAIL PROTECTED]
Sent: Oct 27, 2005 3:22 AM
To: Shawn K. Quinn [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: [PracticalSecurity] Anonymity - great technology but hardly used
...
It's never about merit, and not even money, but about predeployed
base and interoperability. In
--
R.A. Hettinga [EMAIL PROTECTED]
Intel doing their current crypto/DRM stuff, [...] You
know they're going to do evil, but at least the
*other* malware goes away.
I am a reluctant convert to DRM. At least with DRM, we
face a smaller number of threats.
--digsig
James A.
--
From: Eugen Leitl [EMAIL PROTECTED]
While I don't exactly know why the list died, I
suspect it was the fact that most list nodes offered a
feed full of spam, dropped dead quite frequently, and
also overusing that needs killing thing (okay, it
was funny for a
Hello,
I have hacked the account [EMAIL PROTECTED]. If cyphrpunk want to
know the new password of his account, he can check the box
[EMAIL PROTECTED]
V0ld3m0rt
On Fri, Oct 28, 2005 at 02:18:43PM -0700, cyphrpunk wrote:
In particular I have concerns about the finality and irreversibility
of payments, given that the issuer keeps track of each token as it
progresses through the system. Whenever one token is exchanged for a
new one, the issuer records
At 11:10 AM -0700 10/28/05, James A. Donald wrote:
I am a reluctant convert to DRM. At least with DRM, we
face a smaller number of threats.
I have had it explained to me, many times more than I want to remember,
:-), that strong crypto is strong crypto.
It's not that I'm unconvinceable, but I'm
At 7:51 PM -0400 10/28/05, R.A. Hettinga wrote:
OTOH, if markets overtake the DRM issue,
^ moot, was what I meant to say...
Anyway, you get the idea.
Cheers,
RAH
--
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer
Get rid of all you owe not even sending another dollar.
Eliminate the embarrassing collection contacts. Stop the mailing of checks!
Wild as it may seem the majority lendor's not following the banking laws
here in the US. Mind-boggling but accurate!
Go to our web site for in depth facts in
Good catch on the encryption. I feel silly for not thinking of it.
If your plaintext consists primarily of small packets, you should set the MTU
of the transporter to be small. This will cause fragmentation of the
large packets, which is the price you have to pay. Conversely, if your
I assume that the length is
explicitly encoded in the legitimate packet. Then the peer for the
link ignores everything until the next escape sequence introducing a
legitimate packet.
I should point out that encrypting PRNG output may be pointless, and
perhaps one optimization is to stop
I don't agree.
One thing we do know is that, although Crypto is available and, in special
contexts, used, it's use in other contexts is almost counterproduct, sending
up a red flag so that those that Protect Our Freedoms will come sniffing
around and bring to bear their full arsenal of
On Thu, Oct 27, 2005 at 11:28:42PM -0400, R.A. Hettinga wrote:
The cypherpunks list is about anything we want it to be. At this stage in
the lifecycle (post-nuclear-armageddon-weeds-in-the-rubble), it's more
about the crazy bastards who are still here than it is about just about
anything
At 9:27 PM -0700 10/27/05, cyphrpunk wrote:
Every key has passed
through dozens of hands before you get to see it. What are the odds
that nobody's fucked with it in all that time? You're going to put
that thing in your mouth? I don't think so.
So, as Carl Ellison says, get it from the source.
On 10/26/05, Shawn K. Quinn [EMAIL PROTECTED] wrote:
On Tue, 2005-10-25 at 23:40 -0500, Travis H. wrote:
Many of the anonymity protocols require multiple participants, and
thus are subject to what economists call network externalities. The
best example I can think of is Microsoft Office
On Thu, 2005-10-27 at 23:28 -0400, R.A. Hettinga wrote:
RAH
Who thinks anything Microsoft makes these days is, by definition, a
security risk.
Indeed, the amount of trust I'm willing to place in a piece of software
is quite related to how much of its source code is available for review.
At 8:18 PM -0700 10/27/05, cyphrpunk wrote:
Keep the focus on anonymity. That's what the cypherpunks list is
about.
Please.
The cypherpunks list is about anything we want it to be. At this stage in
the lifecycle (post-nuclear-armageddon-weeds-in-the-rubble), it's more
about the crazy bastards
From: Kerry Bonin [EMAIL PROTECTED]
Date: Thu, 27 Oct 2005 06:52:57 -0700
To: [EMAIL PROTECTED], Peer-to-peer development. [EMAIL PROTECTED]
Subject: Re: [p2p-hackers] P2P Authentication
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
Reply-To: Peer-to-peer development. [EMAIL
http://www.bluegemsecurity.com/ claims that they can encrypt data from the
keyboard to the web browser, bypassing trojans and sniffers, however the web
pages are completely lacking in any detail on what they're actually doing.
From reports published by West Coast Labs, it's a purely software-only
Here's a very interesting case where (c)holders are trying
to ban fair use (educational) of (c) material. I agree with
their motivations ---Kansan theo-edu-crats need killing for their
continuing child abuse-- but I don't see how they can get around the
fair use provisions.
(Bypassing whether
[Using the *financial* angle, having to show state-photo-ID is
overturned to vote
is overturned. Interesting if this could be used for other cases where
the
state wants ID.]
Today: October 27, 2005 at 12:33:27 PDT
Court Blocks Ga. Photo ID Requirement
ASSOCIATED PRESS
ATLANTA (AP) - A
At 12:23 PM -0700 10/27/05, Major Variola (ret) wrote:
Why don't you send her comma-delimited text, Excel can import it?
But, but...
You can't put Visual *BASIC* in comma delimited text...
;-)
Cheers,
RAH
Yet another virus vector. Bah! :-)
--
-
R. A. Hettinga mailto: [EMAIL
The cypherpunks list is about anything we want it to be. At this stage in
the lifecycle (post-nuclear-armageddon-weeds-in-the-rubble), it's more
about the crazy bastards who are still here than it is about just about
anything else.
Fine, I want it to be about crypto and anonymity. You can
From: Eugen Leitl [EMAIL PROTECTED]
Sent: Oct 27, 2005 3:22 AM
To: Shawn K. Quinn [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: [PracticalSecurity] Anonymity - great technology but hardly used
..
It's never about merit, and not even money, but about predeployed
base and interoperability. In
At 8:41 PM -0700 10/27/05, cyphrpunk wrote:
Where else are you going to talk about
this shit?
Talk about it here, of course.
Just don't expect anyone to listen to you when you play list-mommie.
Cheers,
RAH
--
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer
On 10/25/05, Travis H. [EMAIL PROTECTED] wrote:
More on topic, I recently heard about a scam involving differential
reversibility between two remote payment systems. The fraudster sends
you an email asking you to make a Western Union payment to a third
party, and deposits the requested amount
Wasn't there a rumor last year that Skype didn't do any encryption
padding, it just did a straight exponentiation of the plaintext?
Would that be safe, if as the report suggests, the data being
encrypted is 128 random bits (and assuming the encryption exponent is
considerably bigger than 3)?
On 10/26/05, James A. Donald [EMAIL PROTECTED] wrote:
How does one inflate a key?
Just make it bigger by adding redundancy and padding, before you
encrypt it and store it on your disk. That way the attacker who wants
to steal your keyring sees a 4 GB encrypted file which actually holds
about a
On Thu, 2005-10-27 at 20:18 -0700, cyphrpunk wrote:
This is off-topic. Let's not degenerate into random Microsoft bashing.
Keep the focus on anonymity. That's what the cypherpunks list is
about.
Sorry, but I have to disagree. I highly doubt that Microsoft is
interested in helping users of
--
From: Eugen Leitl [EMAIL PROTECTED]
While I don't exactly know why the list died, I
suspect it was the fact that most list nodes offered a
feed full of spam, dropped dead quite frequently, and
also overusing that needs killing thing (okay, it
was funny for a
--
R.A. Hettinga [EMAIL PROTECTED]
Intel doing their current crypto/DRM stuff, [...] You
know they're going to do evil, but at least the
*other* malware goes away.
I am a reluctant convert to DRM. At least with DRM, we
face a smaller number of threats.
--digsig
James A.
36 matches
Mail list logo