FREE vacation getaway!

2000-10-12 Thread tgardner23 
Title: Looking for the Perfect







  

  
  

  Looking for the Perfect
  
  

Getaway?
  Over
  15 destinations

  

  Orlando FL

  Ft. 
Lauderdale FL

  Daytona Beach FL

  Myrtle Beach SC

  Ashville NC

  Branson MO

  Wisconsin Dells WI

  New 
Orleans LA

  Las 
Vegas NV

  and 
more!
  

  


  

  Visit
  our website and fill out our marketing survey.
  You
  will receive a FREE
  weekend getaway for 2 
  at
  any one of these locations.
  CLICK
  HERE

Re: Multi-part security solutions (Was: Re: Rijndael Hitachi)

2000-10-12 Thread John Kelsey 

-BEGIN PGP SIGNED MESSAGE-

At 04:57 PM 10/11/00 -0700, Meyer Wolfsheim wrote:

The only reasons I see for having a security system (be it
an encryption product, or a physical access device) with a
large discrepancy in the level of security that the
individual components provide is either:

...

I'd add one more reason to yours, which is especially
relevant in the crypto world:

d)  Use of standard components.

If it costs nothing more to use Rijndael to encrypt all your
data than to use FEAL-8, then why not go ahead and use
Rijndael, which is widely available in crypto libraries and
such?  Okay, so your system doesn't even provide FEAL-8
level security, but there's no reason to go out of your way
to use a bad cipher, along with all the other problems,
right?  (I've often suspected that if all fielded encryption
in use today were replaced by FEAL-8X (FEAL-8 with 128-bit
keys), there would be virtually no impact on practical
security.  I think the best know attack requires 2^{25}
known plaintexts, which are almost never available in
practice.)

This is the situation that we would have if all-but-
unpickable locks cost exactly the same amount as the crappy
toy locks they usually sell with luggage.

 I am disgusted by the use of security devices purely for
marketing reasons. The mentality that "It doesn't matter
that we can't provide quality entropy in our encryption
product as long as we can say we use 256 bit Twofish" is
demonstrative of negligence. I want to be told the security
of the *weakest* part of the system, as that is the measure
of the entire system's security. Then I will decide if it is
sufficient for me.

I agree in principle, but in practice, some of these
measures are a lot easier to figure out than others.  Like,
it's easy to see determine that you're using a cipher with a
sufficiently long key and a good pedigree.  It's harder to
determine whether your PRNG always gets as much entropy as
it needs to generate unguessable keys.  It's still harder to
determine whether anyone your CA ever hires will be willing
to generate a few new keys that are supposed to be in your
hierarchy, and use them to run some kind of fraud on your
system.  Or that there are no software flaws that make it
easy to defeat the system, despite the use of first-rate
components.  Or

...
Security is a ritual, not a product.

:)

- -MW-

 --John Kelsey, Counterpane Internet Security, [EMAIL PROTECTED]
PGP Fingerprint: 5D91 6F57 2646 83F9  6D7F 9C87 886D 88AF


-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.1 Int. for non-commercial use
http://www.pgpinternational.com
Comment: foo

iQCVAwUBOeVlwyZv+/Ry/LrBAQF05QP/dM8gCxDCzM2WGV6rd54fvTvDkzfL8HqL
03k4/EDAOJPJhuOv79WW7Q9UZUK+FQ4tsZlBgsJ83KAGQ+6y5YEZXQawl7bLGR/w
TDPgwQfHcctTKxUOBdiNPet/AoWDXp6o3eW/x1141u8X6zc4zzcDVZSowUJ9ykKO
1GiOlUnEhQk=
=c44O
-END PGP SIGNATURE-

Fire Your Boss!! 14596

2000-10-12 Thread choirboy24 




 
 FOLLOW ME TO FINANCIAL FREEDOM!!

I Am looking for people with good work ethic and extrordinary desire
 to earn at least $10,000 per month working from home!

NO SPECIAL SKILLS OR EXPERIENCE REQUIRED We will give you all the 
training and personal support you will need to ensure your success!

This LEGITIMATE HOME-BASED INCOME OPPORTUNITY can put you back in
   control of your time,your finances,and your life!

If you've tried other opportunities in the past that have failed to 
   live up their promises,

 THIS IS DIFFERENT THEN ANYTHING ELSE YOU'VE SEEN!

   THIS IS NOT A GET RICH QUICK SCHEME!

YOUR FINANCIAL PAST DOES NOT HAVE TO BE YOUR FINANCIAL FUTURE!

   CALL ONLY IF YOU ARE SERIOUS!

 1-800-345-9708 

DONT GO TO SLEEP WITHOUT LISTENING TO THIS!

"ALL our dreams can come true- if we have the courage to persue them"
   -Walt Disney

Please Leave Your Name And Number And Best Time To Call

   DO NOT RESPOND BY EMAIL


This message is sent in compliance of the new email bill section
 301.PerSection
  301, Paragraph (a)(2)(C) of S. 1618. We will comply with all removal
requests.Just Put Removemailto:[EMAIL PROTECTED]

Re: Multi-part security solutions (Was: Re: Rijndael Hitachi)

2000-10-12 Thread Bill Stewart 

At 06:11 PM 10/11/00 -0700, Tim May wrote:
A Medeco lock on a glass door may seem crazy, but a pickable lock on 
a glass door means those who know how to pick locks--like cops who 
have access to lock guns--can enter at will without any persistent 
evidence of their intrusion.

Intrusion detection is important.  
Also, if it doesn't cost significantly more, you might as well
use the Medeco lock on the glass door, or use 128-bit RC4 instead of 40-bit.
Besides, the Medeco lock is probably more durable than the El Cheapo,
and less likely to jam in an unlocked position.




Thanks! 
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639