On Thu, Mar 20, 2014 at 4:04 AM, Ximin Luo infini...@pwned.gg wrote:
Welcome to 2014. Telegram has more of these, more severe, more obvious, and
from further in the past. OTR also did not claim they were secure because it
was written by a team of PhDs, and a bunch of other disingenuous
On 20/03/14 07:55, Maxim Kammerer wrote:
On Thu, Mar 20, 2014 at 4:04 AM, Ximin Luo infini...@pwned.gg wrote:
Welcome to 2014. Telegram has more of these, more severe, more obvious, and
from further in the past. OTR also did not claim they were secure because it
was written by a team of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 20/03/14 01:42, Cypher wrote:
More features are under discussion. We would like your input on
what features you would like to see. Please keep in mind that we
are looking at functionality first. Secondly we are looking at
introducing a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Michael,
What you're trying to do is very similar to ECIES. You should probably
use ECIES, which has received more review than your design. It's
implemented in BouncyCastle, and there was recently a thread on the
BouncyCastle mailing list about
On 03/20/14 14:17, Michael Rogers wrote:
You should use a constant-time comparison here to avoid timing
attacks. Something like:
boolean matches = true;
for (i = 0; i 32; i++) {
matches = (digest[i] == decoded[i + 32]);
}
if (!matches) {
// incorrectly decoded: we're not the
Hi Michael.
Great points, and thanks for them.
If you look back a few revisions, you can see we had been using ECIES until
recently. The main motivation for switching was that it's not available in a
lot of other toolkits, there is incompatibility among toolkits that do
implement it, and
With all the chat about Telegram, I am wondering about Tox.im. I realize it’s
still in beta, and they admit themselves that you shouldn’t trust them with
private conversation yet… but from what I understand their whole system is open
and they don’t use server side software, everything is done
On Thu, Mar 20, 2014 at 12:55 AM, Maxim Kammerer m...@dee.su wrote:
Where else would a bunch of butthurt self-proclaimed experts attack a
developer and a product
for voluntarily offering a contest for breaking a protocol? With an
obvious conflict of interest, no less. Moreover, the brilliant
We have submitted Koios.org , a social problems identification /solving
platform that based on crowdsourcing concept . Iam the analyst of the
platform .
On Thursday, March 20, 2014, liberationtech-requ...@lists.stanford.edu
wrote:
Send liberationtech mailing list submissions to
Thanks again to everyone who helped me think through how government's
approach to disclosing identifiers could be improved through checksums,
tokenization and related techniques -- it was extremely helpful. The
resulting post is here:
The Whonix project has currently two job offers:
- https://www.whonix.org/blog/project-coordinator/
- https://www.whonix.org/blog/job-offer-developer/
We don't have founding for these yet, but hopefully soon.
Cheers,
Patrick
--
Liberationtech is public archives are searchable on Google.
I've heard this statement before and I'm a bit unclear. If I want to
hide my traffic from my ISP or get it securely out of my country, I
either have to rent a VPS or place a server with a friend somewhere
remote. Both of those options remove the server from your control. How
is this any safer
[image: Annenberg Innovation Lab
Arggh. Wrong link. Apologies to all and thanks to James McKinney. That's
what I get for having that many tabs open.
https://sunlightfoundation.com/blog/2014/03/20/a-little-math-could-make-identifiers-a-whole-lot-better/
On Thu, Mar 20, 2014 at 5:44 PM, James McKinney ja...@opennorth.ca wrote:
14 matches
Mail list logo