@Tony
On Sun, Jul 28, 2013 at 1:32 PM, Francisco Ruiz ruiz at iit.edu
https://mailman.stanford.edu/mailman/listinfo/liberationtech wrote:
* - How do I communicate a password to Bob? Before I get a crucial bit** of
information to Bob, I need to first get a crucial bit of information** to
Hi. I think you're slowly reinventing PGP.
Just to summarize what you have so far:
1. Alice and Bob each generate key pairs locally.
2. Both securely store their private keys.
3. Both generate hash values of their public keys.
4. Both mutually exchange public keys over an untrusted channel.
5.
..on Fri, Jul 26, 2013 at 03:59:34PM -0500, dd...@nulltxt.se wrote:
You should use ContentSecurityPolicy to help avoid XSS attacks:
http://content-security-policy.com/
https://people.mozilla.com/~bsterne/content-security-policy/
The page appears to be entirely static to me, which I thought was
@SteveWeis:
- How do I communicate a password to Bob? Before I get a crucial bit
of information to Bob, I need to first get a crucial bit of information to
Bob?
Alice should send her Lock (public key) to Bob rather than anything secret.
- You assumed a keylogger is installed. If I type the
@JulianOliver:
I've thought about having a more polished interface, including multilevel
menus, etc. They've told me all of this would be possible with jquery. But
then PassLok would have to call a (large) piece of outside code, which
would violate the offline rule.
It can probably be done with
On Sun, Jul 28, 2013 at 1:32 PM, Francisco Ruiz r...@iit.edu wrote:
- How do I communicate a password to Bob? Before I get a crucial bit
of information to Bob, I need to first get a crucial bit of information
to Bob?
Alice should send her Lock (public key) to Bob rather than anything
Or the Man in the middle can pose as Alice to Bob and Bob would think all
subsequent communication with that person would be going to Alice.
On Sun, Jul 28, 2013 at 5:01 PM, Tony Arcieri tony.arci...@gmail.comwrote:
On Sun, Jul 28, 2013 at 1:32 PM, Francisco Ruiz r...@iit.edu wrote:
- How do
Tony Arcieri tony.arci...@gmail.com writes:
How? At the very least Alice/Bob need an authenticated/trusted channel
for this.
If Alice sends Bob her public key over an untrusted channel, it can
be intercepted by an MitM posing as Bob who can then intercept all
traffic between Alice/Bob
In the
..on Fri, Jul 26, 2013 at 03:42:02PM -0500, Francisco Ruiz wrote:
Scenario: you, Alice, realize you're under NSA surveillance. You need to
get a crucial bit of information to your friend Bob, right away.
You've been using PGP, but now you suspect the NSA may have installed a bug
on your
Scenario: you, Alice, realize you're under NSA surveillance. You need to
get a crucial bit of information to your friend Bob, right away.
You've been using PGP, but now you suspect the NSA may have installed a bug
on your machine. Your keystrokes are being recorded.
What can you do? Use PassLok
Francisco Ruiz r...@iit.edu writes:
Scenario: you, Alice, realize you're under NSA surveillance. You need
to get a crucial bit of information to your friend Bob, right away.
You've been using PGP, but now you suspect the NSA may have installed
a bug on your machine. Your keystrokes are being
You should use ContentSecurityPolicy to help avoid XSS attacks:
http://content-security-policy.com/
https://people.mozilla.com/~bsterne/content-security-policy/
Regards,
David
On Fri, 26 Jul 2013 15:42:02 -0500, Francisco Ruiz r...@iit.edu wrote:
Scenario: you, Alice, realize you're under
On Fri, Jul 26, 2013 at 1:42 PM, Francisco Ruiz r...@iit.edu wrote:
Scenario: you, Alice, realize you're under NSA surveillance. You need to
get a crucial bit of information to your friend Bob, right away.
You've been using PGP, but now you suspect the NSA may have installed a bug
on your
If you assume communications are monitored and your machine is
compromised, this has some fundamental flaws:
- How do I communicate a password to Bob? Before I get a crucial bit
of information to Bob, I need to first get a crucial bit of information to Bob?
- You assumed a keylogger is installed.
14 matches
Mail list logo
