Hi!
Forwarding. Musti does really great things and is searching for some
guidance about possible grants he could apply to to continue with
development.
Mitar
-- Forwarded message --
From: Musti mu...@wlan-si.net
Date: Thu, Jul 11, 2013 at 2:27 AM
Subject: KORUZA for organic
Hi!
Why bad approach? I am reading this comments about Heml.is and they
are a bit funny. On the sad side. Mostly all are just ideological
arguments. Like it is not free software. It will have centralized
server.
At the end what matters is what they will deliver. If it will be a
secure and easy
On 11/07/13 at 02:41am, Mitar wrote:
Mostly all are just ideological
arguments. Like it is not free software.
..open source? It is another ideological arguments?
If yes, ask yourself why *crypto design schemes and implementations are
open and widely known, and only keys are secret.
.. I bet
Date: Thu, 11 Jul 2013 02:41:51 -0700
From: mmi...@gmail.com
To: liberationtech@lists.stanford.edu
Subject: Re: [liberationtech] Heml.is - The Beautiful Secure Messenger
Hi!
Why bad approach? I am reading this comments about Heml.is and they
are a bit funny. On the sad side. Mostly
- Forwarded message from coderman coder...@gmail.com -
Date: Wed, 10 Jul 2013 19:00:56 -0700
From: coderman coder...@gmail.com
To: tor-t...@lists.torproject.org
Subject: Re: [tor-talk] Network diversity [was: Should I warn against Tor?]
Reply-To: tor-t...@lists.torproject.org
On Mon, Jul
- Forwarded message from coderman coder...@gmail.com -
Date: Wed, 10 Jul 2013 19:17:50 -0700
From: coderman coder...@gmail.com
To: tor-t...@lists.torproject.org
Subject: Re: [tor-talk] Network diversity [was: Should I warn against Tor?]
Reply-To: tor-t...@lists.torproject.org
regarding
Hi!
On Thu, Jul 11, 2013 at 3:32 AM, danimoth danim...@cryptolab.net wrote:
If yes, ask yourself why *crypto design schemes and implementations are
open and widely known, and only keys are secret.
As I wrote. You can have client code which does crypto open source,
but server side does not need
Dearest LibTechs,
We over at the Missing Persons Community of Interest (
http://wiki.crisiscommons.eu/wiki/Missing_Persons) have been working on a
number of best practices documents this year and our latest document is
specific to privacy. Bob Gellman is the lead author of the document and has
Ok, I understand what you mean. But why rely in a client-server approach when
you can achieve your goal with a peer to peer solution?
Btw, your questions are good and I'd like to know how they solve them.
Date: Thu, 11 Jul 2013 05:11:19 -0700
From: mmi...@gmail.com
To:
I did my PhD thesis on e-voting as did many other graduate students
funding by NSF's ACCURATE center:
http://accurate-voting.org/
A good overview at the time (that doesn't cover e2e much at all) was
this public comment we submitted to the US Department of Labor as they
clearly needed some basic
It's not true that all widely used crypto implementations are open.
Even open source projects themselves depend on closed implementations.
For example, Linux, OpenSSL, GnuTLS, libgcrypt, and dm-crypt may all use
AESNI on x86, usually by default [1]. Linux now also uses a closed RdRand
[2] RNG if
On Mon, Jun 24, 2013 at 4:17 PM, Nadim Kobeissi na...@nadim.cc wrote:
...
If you want to focus your ire on something, go take a look at how DEFCON and
BlackHat are inviting NSA Director Keith Alexander to give the keynote!
regarding same, seems the better half of these cons is giving
On Tue, Jul 9, 2013 at 4:45 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
I think he very clearly stated it:
Interviewer: What happens after the NSA targets a user?
Snowden: They're just owned. An analyst will get a daily (or scheduled
based on exfiltration summary) report on what changed
On 2013-07-11, at 12:38 PM, Maxim Kammerer m...@dee.su wrote:
On Tue, Jul 9, 2013 at 4:57 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
While I think Maxim is viewed as exceedingly harsh in how he writes, I
think that your response is really the wrong way to deal with him. We
should
On 07/11/2013 12:38 PM, Maxim Kammerer wrote:
On Tue, Jul 9, 2013 at 4:57 PM, Jacob Appelbaumja...@appelbaum.net wrote:
While I think Maxim is viewed as exceedingly harsh in how he writes, I
think that your response is really the wrong way to deal with him. We
should consider that his cultural
A brand new scoop by Glenn Greenwald:
http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data
Microsoft has collaborated closely with US intelligence services to allow
users' communications to be intercepted, including helping the National
Security Agency to circumvent
On 2013-07-11, at 2:08 PM, Maxim Kammerer m...@dee.su wrote:
On Thu, Jul 11, 2013 at 9:04 PM, Jonathan Wilkes jancs...@yahoo.com wrote:
I think the upshot of that is to steer whatever funds Cryptocat has
toward the form of peer review that did work, which is the bug
hunt (as well as look
Hi!
On Thu, Jul 11, 2013 at 6:25 AM, Albert López newbieswo...@hotmail.com wrote:
Ok, I understand what you mean. But why rely in a client-server approach
when you can achieve your goal with a peer to peer solution?
Their answer is:
The way to make the system secure is that we can control the
I found that article disappointing. There was little new information,
and more important now new sources. If this is from documents that
Snowden released, we should be able to see the documents.
--
Matt Johnson
On Thu, Jul 11, 2013 at 11:04 AM, Nadim Kobeissi na...@nadim.cc wrote:
A brand new
Hi all,
What would you change if you were the CEO of a major mobile device
manufacturer? One of my colleagues at WITNESS has a unique opportunity to
make a presentation to the CEOs of these companies. He'll be discussing our
work around verified video for human rights abuse documentation, but
..on Thu, Jul 11, 2013 at 12:23:25PM -0700, Mitar wrote:
Hi!
BTW. Even Tor has centralized directory servers. And it does not
really matter if the code there is open source or not, because you
anyway cannot know if they are really running some particular code
there or not.
A good point.
On Thu, Jul 11, 2013 at 12:57 PM, Ben Doernberg ben.doernb...@gmail.com wrote:
...
What would you change if you were the CEO of a major mobile device
manufacturer?
open source baseband firmware - these opaque blobs are a security
nightmare and excellent point of attack for an entity with
On Thu, Jul 11, 2013 at 12:23:25PM -0700, Mitar wrote:
BTW. Even Tor has centralized directory servers.
It's incredibly misleading to imply that the Tor DA design provides a
similar threat to a server-hosted-crypto proprietary privacy app. (I'm
not accusing you of intentionally misleading, but
Hi!
On Thu, Jul 11, 2013 at 1:04 PM, Julian Oliver jul...@julianoliver.com wrote:
A good point. Nonetheless the way forward for security critical software is
toward de-centralisation; encouraging deployment and adaptation to local
contexts - political, social and topological. This is why both
On Thu, Jul 11, 2013 at 08:44:24AM -0700, Steve Weis wrote:
It's not true that all widely used crypto implementations are open.
Even open source projects themselves depend on closed implementations.
For example, Linux, OpenSSL, GnuTLS, libgcrypt, and dm-crypt may all use
AESNI on x86,
Hi!
On Thu, Jul 11, 2013 at 1:32 PM, Andy Isaacson a...@hexapodia.org wrote:
Even if an attacker were to secretly compromise all of the Tor DAs and
publish a malicious consensus, the break is only to anonymity, not to
message privacy. (Granted, anonymity is a major selling point for Tor
and
On 2013-07-11, at 4:32 PM, Andy Isaacson a...@hexapodia.org wrote:
On Thu, Jul 11, 2013 at 12:23:25PM -0700, Mitar wrote:
BTW. Even Tor has centralized directory servers.
It's incredibly misleading to imply that the Tor DA design provides a
similar threat to a server-hosted-crypto
Hi!
On Thu, Jul 11, 2013 at 1:47 PM, Andy Isaacson a...@hexapodia.org wrote:
and Intel's AESNI implementation is
coming from an organization with significant resources to dedicate to
the correctness of their implementation.
And how they managed to get this significant resources? They were
On Wed, Jul 10, 2013 at 08:00:03PM -0400, Tom Ritter wrote:
On 10 July 2013 09:43, Jacob Appelbaum ja...@appelbaum.net wrote:
Andreas Bader:
Tens of thousands zero-days; that sounds like totally shit. That
guy seems to be a script kiddie poser, nothing more.
Are there any real hackers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Ben,
I'd love to see hardware support for full-disk encryption and secure
deletion. Apple is streets ahead of Android in this respect: iOS's
disk encryption key depends on a unique key built into each device, so
brute-force attempts to decrypt the
To get back to the original topic: Isn't this just what Peter has been stating
when asked? That Hemlis first of all hasn't even claimed anything regarding the
stoics when the criticism came, but more importantly that the potential open
source development doesn't really solve all problems and
On Thu, 2013-07-11 at 13:47 -0700, Andy Isaacson wrote:
Linux now also uses a closed RdRand [2] RNG if available.
There was a bunch of churn when this code went in, so I could be wrong,
but I believe that RdRand is only used to stir the same entropy pool as
all of the other inputs which are
(1) A unique key built into each device, which can't be read directly
by software, but which can be used to derive other keys (e.g. for disk
encryption) at a limited rate, slowing down brute-force attacks
against such keys.
(2) An effaceable area of flash storage where the operating system can
From: Comision Informacion informacion.acampada...@gmail.com
I would like with this e-mail to introduce you the 15Mpedia, which aims to
include all about 15M and nearby.
http://wiki.15m.cc
Most of this project is in Spanish, but I hope that the english-speaking people
will understand easily
Are there any practical one time pad management systems out there,
GPLed for GNU/Linux?
Is anyone working on one?
If not, does anyone want to start?
Thank You for considering this question.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing
moderator at
I'm currently contributing to Bitmessage https://bitmessage.org .
It's a p2p messaging network (think email, not IM) with built-in ECC, and
it aims to hide sender receiver.
The network layer is fairly solid; right now we're mostly doing UI work.
What we could really use is someone to spot the
Hi!
On Thu, Jul 11, 2013 at 3:34 PM, Matt Mackall m...@selenic.com wrote:
(And in the meantime, my distrust of Intel's crypto has moved from
standard professional paranoia to actual legitimate concern.)
Any concrete reasons for that change in distrust?
Mitar
--
http://mitar.tnode.com/
What is a One Time Pad management system? A text file?
Also, why do you want to use a OTP? There are pretty good reasons not to
use one which a book on cryptography will be able to explain to you.
Also, I don't think this list is perhaps the best place to ask these
questions. Perhaps try the
On Thu, Jul 11, 2013 at 08:12:32PM -0500, Paul Elliott wrote:
Are there any practical one time pad management systems out there,
GPLed for GNU/Linux?
I don't know of any but would be interested to learn of one.
Is anyone working on one?
I started sketching some design ideas a few months ago,
Hi Andy,
Wow, so there is actually a use for this? What sort of things are OTP's
used for? The only application I've heard of is on satellites when they
need to do key rotation.
I sort of hastily assumed whoever was asking the question didn't
understand the practicality of OTPs and now I think
For those who think it's unlikely that a staff of 5000 would be involved in
something called crypto staff for the NSA?
http://en.wikipedia.org/wiki/National_Security_Agency#Headquarters
NSA is the largest employer in the U.S. state of Maryland, and two-thirds
of its personnel work at Ft.
Oddly, a former NSA operative I know was, while still with NSA, the Mayor of
the nearby
town in which he lived. Perhaps his colleagues stuffed the ballot box for him.
'-)
--
James S. Tyre
Law Offices of James S. Tyre
10736 Jefferson Blvd., #512
Culver City, CA 90230-4969
Paul Elliott pelli...@blackpatchpanel.com writes:
Are there any practical one time pad management systems out there,
GPLed for GNU/Linux?
Is anyone working on one?
If not, does anyone want to start?
Thank You for considering this question.
http://red-bean.com/onetime
I'm actively working on
43 matches
Mail list logo
