Re: I'll show you mine if you show me, er, mine
| >Briefly, it works like this: point A transmits an encrypted message to point | >B. Point B can decrypt this, if it knows the password. The decrypted text is | >then sent back to point A, which can verify the decryption, and confirm that | >point B really does know point A's password. Point A then sends the password | >to point B to confirm that it really is point A, and knows its own password. | | Isn't this a Crypto 101 mutual authentication mechanism (or at least a | somewhat broken reinvention of such)?... The description has virtually nothing to do with the actual algorithm proposed. Follow the link in the article - http://www.stealth-attacks.info/ - for an actual - if informal - description. -- Jerry
Re: I'll show you mine if you show me, er, mine
>The description has virtually nothing to do with the actual algorithm >proposed. Follow the link in the article - http://www.stealth-attacks.info/ - >for an actual - if informal - description. > > There is no actual description publically available (there are three completely different protocols described in the press). I talked to the author about this; he sent me a fourth, somewhat reasonable document. At *best*, this is something akin to SRP with the server constantly proving its true nature with every character (yes, shoulder surfers get to attack keys one at a time). It could get pretty bad though, so rather than support it or bash it, I'd just reserve judgement until it's publically documented at Financial Crypto. --Dan
Re: I'll show you mine if you show me, er, mine
On Thu, 24 Feb 2005, Peter Gutmann wrote: > (Either this is a really bad idea or the details have been mangled by the > Register). No, it's just a really bad idea. A small group of us looked at this a few weeks ago when it was announced, and while none of us are professional cryptographers, we all thought this was just, well, silly. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF "Quadriplegics think before they write stupid pointless shit...because they have to type everything with their noses." http://www.tshirthell.com/
Re: How to Stop Junk E-Mail: Charge for the Stamp
On 2005-03-03T11:52:59+, ken wrote: > > >Chat is already higher volume (I read somewhere) in > >raw quantity of messages sent than email. > > I suspect you don't get much traffic. The beauty of a > non-real-time store-and-forward system like smtp (or SMS, or > oldstyle conferencing systems with off-line readers) is precisely > that it can be automated. I don't have to see mail I don't want. You don't have to see IMs you don't want, either. You can refuse them from people not on your buddy list. > >A fate for email is that as spam grows to take over more > >of the share of the shrinking pie, but consumes more of > >the bandwidth > > A higher proportion of the snail-mail I get is junk than the email. > > A higher proportion of the landline phone calls I get are junk. At > least 4 out of 5 calls, maybe 9 out of 10. Email is doing quite well. With 3 or 4 RBL blacklists, greylisting, and making sure senders don't ehlo with my ip address, I don't even have to use dspam or Spamassassin I get so little spam. > A serious proportion of the rootkits and so on that have been plaguing > us for the last few years involves chat & instant messaging & so on. > I'd block it at the boundary firewall. People who use it should just > learn how to use mail. They'd get through more. Chat is for > functional illiterates. Learn to read at adult speed and you'll prefer > mail. Why should they put up with being limited to someone else's > typing speed? I don't think email will disappear either, but IM is good for 2-way conversations. Helping someone debug a problem via email gets tedious very quickly. Strangely enough, a good number of people I've talked to over the phone have had their IQ drop by about 100 points when I start using a phonetic alphabet to spell things. I usually end up having to repeat the phonetic spelling several times; it's really strange. IM eliminates that whole problem. Unless communicating in a standard, often-spoken language, phones lose their utility. There's a place for both IM and email. I agree, though, that IM may suffer from a poor S/N ratio. -- Certainly there is no hunting like the hunting of man, and those who have hunted armed men long enough and liked it, never really care for anything else thereafter. --Hemingway, Esquire, April 1936
Re: How to Stop Junk E-Mail: Charge for the Stamp
My view - as controversial as ever - is that the problem is unfixable, and mail will eventually fade away. That which will take its place is p2p / IM / chat / SMS based. Which are easier to spam and less secure than smtp. SMTP is p2p by definition, though you can use servers if you want. SMS *IS* email , just a different kind of email - and a less secure, more expensive kind, in which the infrastructure is more in the hands of the large companies that run it and less accessible to users installing their own protections. In that world, it is still reasonable to build ones own IM system for the needs of ones own community, and not to have to worry about standards. Which means one can build in the defences that are needed, when they are needed. as we can for smtp Chat is already higher volume (I read somewhere) in raw quantity of messages sent than email. I suspect you don't get much traffic. The beauty of a non-real-time store-and-forward system like smtp (or SMS, or oldstyle conferencing systems with off-line readers) is precisely that it can be automated. I don't have to see mail I don't want. A fate for email is that as spam grows to take over more of the share of the shrinking pie, but consumes more of the bandwidth A higher proportion of the snail-mail I get is junk than the email. In fact almost all of it is (& most of what isn't is bills :-( - usually already paid by the bank) I throw more than half of my incoming paper mail in the bin unopened, and about half of what is left is just put in a cupboard in case I get into some dispute tithe the bank or the electric company or whoever. A higher proportion of the landline phone calls I get are junk. At least 4 out of 5 calls, maybe 9 out of 10. Email is doing quite well. > the ISPs will start to charge people for email, and not for IM. Why should they charge more for qa service which is not only cheaper for them to run, but has more competition and is harder to subvert? A serious proportion of the rootkits and so on that have been plaguing us for the last few years involves chat & instant messaging & so on. I'd block it at the boundary firewall. People who use it should just learn how to use mail. They'd get through more. Chat is for functional illiterates. Learn to read at adult speed and you'll prefer mail. Why should they put up with being limited to someone else's typing speed?