Re: [cryptography] crypto.cat

2012-04-01 Thread natanael . l 
Again - SSL flaws, bad server, etc... Maybe a buggy browser. Can you imagine a 
bug allowing JS injection in any tab? Post a bit.ly link and wait for keys... 
Bugs like that have existed before.


2012-04-01 02:54 skrev James A. Donald:

On 2012-04-01 7:51 AM, natanae...@gmail.com wrote:
 It's running in a browser using JS...


To attack JS, the attacker needs to induce the victim to open the
attackers web page at the same time as the attacked web page, and
successfully apply a cross site scripting attack. The simplicity of the 
crypto.cat web page is apt to make cross site scripting attacks difficult.

___

cryptography mailing list

natanae...@gmail.com
http://lists.randombit.net/mailman/listinfo/cryptography



___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Key escrow 2012

2012-04-01 Thread danimoth 
Il giorno sab, 31/03/2012 alle 13.03 +1000, James A. Donald ha scritto:
 On 2012-03-31 1:51 AM, Nico Williams wrote:
   We don't encrypt e-mail for other reasons, namely because key
   management for e-mail is hard.
 
 Key management is hard because it involves a third party, which third 
 party is also the major security hole.
 


PGP web of trust doesn't address it?

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography