Yahoo!: Please Verify Your Email Address
Title: Yahoo! Email Verification Help Do not reply to this message. If this account doesn't belong to you, please follow the instructions at the end of this email. Verify Your Email Address Please confirm that this is your email address. Click on the link below and then enter your Yahoo! password into the form. Important! Please click here to verify this email address for your account. Your Yahoo! ID: panidelnik Your Email Address: cypherpunks@minder.net Email verification helps make Yahoo! safer and more enjoyable for everyone. If you can't click on the sentence labeled "Important!" above, you can also verify your email address by cutting and pasting (or typing) the following address into your browser:http://edit.yahoo.com/v/recv?da1d3cFor your records, your verification code is: da1d3c Policies: Please remember that your use of Yahoo! products and services is subject to the Yahoo! Terms of Service and Privacy Policy. Maintaining Your Account: Please update your email address whenever it changes so we can help with any account access issues. (You will be asked to sign in first.) Or, sign in to Yahoo!, go to Account Information, click the Edit button next to Member Information, and you will be able to change your alternate email address(es)." Not Your Account?: If this email is in reference to a Yahoo! account not created or used by you, please click here.
Please confirm your request to join hersey-serbest
Hello cypherpunks@minder.net, We have received your request to join the hersey-serbest group hosted by Yahoo! Groups, a free, easy-to-use community service. This request will expire in 7 days. TO BECOME A MEMBER OF THE GROUP: 1) Go to the Yahoo! Groups site by clicking on this link: http://groups.yahoo.com/i?i=dmjcf8BvLOkiFmjEaxMBnb5PbEMe=cypherpunks%40minder%2Enet (If clicking doesn't work, Cut and Paste the line above into your Web browser's address bar.) -OR- 2) REPLY to this email by clicking Reply and then Send in your email program If you did not request, or do not want, a membership in the hersey-serbest group, please accept our apologies and ignore this message. Regards, Yahoo! Groups Customer Care Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Re: [PracticalSecurity] Anonymity - great technology but hardly used
On Wed, Oct 26, 2005 at 08:41:48PM -0500, Shawn K. Quinn wrote: 1) You have told your HR person what a bad idea it is to introduce a dependency on a proprietary file format, right? Telling is useless. Are you in a sufficient position of power to make them stop using it? I doubt it, because that person will be backed both by your and her boss. Almost always. It's never about merit, and not even money, but about predeployed base and interoperability. In today's world, you minimize the surprise on the opposite party's end if you stick with Redmondware. (Businessfolk hate surprises, especially complicated, technical, boring surprises). 2) OpenOffice can read Excel spreadsheets, and I would assume it can save the changes back to them as well. OpenOffice Co usually supports a subset of Word and Excel formats. If you want to randomly annoy your coworkers, use OpenOffice to process the documents in MS Office formats before passing them on, without telling what you're doing. Much hilarity will ensue. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
[EMAIL PROTECTED]: EFF is looking for Tor DMCA test case volunteers]
- Forwarded message from Roger Dingledine [EMAIL PROTECTED] - From: Roger Dingledine [EMAIL PROTECTED] Date: Wed, 26 Oct 2005 16:55:36 -0400 To: [EMAIL PROTECTED] Subject: EFF is looking for Tor DMCA test case volunteers User-Agent: Mutt/1.5.9i Reply-To: [EMAIL PROTECTED] Fred asked me to forward this to the list. If you have legal questions (and probably most questions about this count as legal questions), you should contact Fred and Kevin directly (fred at eff.org and bankston at eff.org). Fred also reminds us that any correspondence you have with me or others here would be discoverable, so that's an added incentive to go to them directly. Please look through this checklist, and decide if you match the profile they're looking for. I'd like to encourage you to contact them even if there are a few points you don't match so well -- I'd rather have a big pile of pretty-good volunteers than have everybody hold off because they are not perfectly suited -- then Fred and Kevin can make their own decisions from there. Thanks, --Roger If record label and movie studio representatives continue sending infringement notices to Tor node operators and their upstream ISPs, it will become increasingly important to set a clear legal precedent establishing that merely running a node does not create copyright liability for either node operators or their bandwidth providers. In order to establish such a precedent, it will be necessary to bring or defend a test case. EFF is actively seeking clients willing to be the test case. Picking the right client is half the battle in any test case. Accordingly, we cannot promise that we will be able to defend any and all Tor node operators. There are several factors that are relevant in finding the right test case client. Here are some of them: 1. You must have received a complaint from a copyright owner about operating a Tor node. Complaints from your ISP about running a proxy do not count, even if they mention copyright infringement as the reason for their objection -- that's a contractual fight between you and your bandwidth provider. We are looking for node operators who have either received copyright complaints directly, or forwarded to them from their ISPs. 2. You should not be an infringer yourself, or be engaged in any other kind of unlawful activity. In litigation, the copyright owners will want to examine every hard drive and email message in your possession or control, looking for evidence that you are running Tor because you want to encourage people to infringe copyright. So if you are a big file-sharer, warez trader, or are involved in any other unlawful activities (even if unrelated to Tor), you are probably not the right person. 3. You should have a legitimate reason to run Tor. If you are the client for the test case, you will be deposed under oath and asked why you run Tor. You should be able to truthfully respond in a way that does not suggest that you are doing it to encourage any illegal activity, including copyright infringement. For example, running it because you value free speech is a legitimate reason. Same if you are running it for research purposes. Any documentary evidence from your past (e.g., emails, papers presented, etc) should not contradict your story. Most Tor node operators will qualify under this criteria, but if you wrote a bunch of emails and bulletin board posts describing how great Tor will be for the coming copyright revolution, you are probably not the ideal client. 4. You should be willing to see the case through. Litigation takes time -- often several years. The process will occasionally involve some inconvenience, including depositions and allowing the other side to go through most documents in your possession or control (including email, hard drives, etc). EFF will provide the legal services for free. But there is some risk of personal liability for damages, perhaps amounting to several thousand dollars, if we lose. We will do everything to minimize the risk, but cannot eliminate it altogether. 5. You should be located in the United States. Your Tor server should also be located in the United States. 6. You should have an upstream bandwidth provider who will stand by you. It would be less than ideal if your upstream ISP terminates your account before we ever get to court. Fred - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
[EMAIL PROTECTED]: Re: [p2p-hackers] P2P Authentication]
- Forwarded message from Kerry Bonin [EMAIL PROTECTED] - From: Kerry Bonin [EMAIL PROTECTED] Date: Thu, 27 Oct 2005 06:52:57 -0700 To: [EMAIL PROTECTED], Peer-to-peer development. [EMAIL PROTECTED] Subject: Re: [p2p-hackers] P2P Authentication User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) Reply-To: Peer-to-peer development. [EMAIL PROTECTED] There are only two good ways to provide man-in-the-middle resistant authentication with key repudiation in a distributed system - using a completely trusted out of band channel to manage everything, or use a PKI. I've used PKI for 100k node systems, it works great if you keep it simple and integrate your CRL mechanism - in a distributed system the pieces are all already there! I think some people are put off by the size and complexity of the libraries involved, which doesn't have to be the case - I've got a complete RSA/DSA X.509 compliant cert based PKI (leveraging LibTomCrypt for crypto primitives) in about 2k lines of C++, 30k object code, works great (I'll open that source as LGPL when I deploy next year...) The only hard part about integrating into a p2p network is securing the CA's, and that's more of a network security problem than a p2p problem... Kerry [EMAIL PROTECTED] wrote: And if they do, then why reinvent the wheel? Traditional public key signing works well for these cases. ... Traditional public key signing doesn't work well if you want to eliminate the central authority / trusted third party. If you like keeping those around, then yes, absolutely, traditional PKI works swimmingly. Where is the evidence of this bit about traditional PKI working? As far as I've observed, traditional PKI works barely for small, highly centralized, hierarchical organizations and not at all for anything else. Am I missing some case studies of PKI actually working as intended? Regards, Zooko ___ p2p-hackers mailing list [EMAIL PROTECTED] http://zgp.org/mailman/listinfo/p2p-hackers ___ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ___ p2p-hackers mailing list [EMAIL PROTECTED] http://zgp.org/mailman/listinfo/p2p-hackers ___ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
[EMAIL PROTECTED]: [IP] EFF: Court Issues Surveillance Smack-Down to Justice Department]
- Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Wed, 26 Oct 2005 19:28:46 -0400 To: Ip Ip ip@v2.listbox.com Subject: [IP] EFF: Court Issues Surveillance Smack-Down to Justice Department X-Mailer: Apple Mail (2.734) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: EFF Press [EMAIL PROTECTED] Date: October 26, 2005 7:00:22 PM EDT To: [EMAIL PROTECTED] Subject: [E-B] EFF: Court Issues Surveillance Smack-Down to Justice Department Reply-To: [EMAIL PROTECTED] Electronic Frontier Foundation Media Release For Immediate Release: Wednesday, October 26, 2005 Contact: Kevin Bankston Staff Attorney Electronic Frontier Foundation [EMAIL PROTECTED] +1 415 436-9333 x126 Kurt Opsahl Staff Attorney Electronic Frontier Foundation [EMAIL PROTECTED] +1 415 436 9333 x106 Court Issues Surveillance Smack-Down to Justice Department No Cell Phone Location Tracking Without Probable Cause New York - Agreeing with a brief submitted by EFF, a federal judge forcefully rejected the government's request to track the location of a mobile phone user without a warrant. Strongly reaffirming an earlier decision, Federal Magistrate James Orenstein in New York comprehensively smacked down every argument made by the government in an extensive, fifty-seven page opinion issued this week. Judge Orenstein decided, as EFF has urged, that tracking cell phone users in real time required a showing of probable cause that a crime was being committed.Judge Orenstein's opinion was decisive, and referred to government arguments variously as unsupported, misleading, contrived, and a Hail Mary. This is a true victory for privacy in the digital age, where nearly any mobile communications device you use might be converted into a tracking device, said EFF Staff Attorney Kevin Bankston. Combined with a similar decision this month from a federal court in Texas, I think we're seeing a trend--judges are starting to realize that when it comes to surveillance issues, the DOJ has been pulling the wool over their eyes for far too long. Earlier this month, a magistrate judge in Texas, following the lead of Orenstein's original decision, published his own decision denying a government application for a cell phone tracking order. That ruling, along with Judge Orenstein's two decisions, revealed that the DOJ has routinely been securing court orders for real-time cell phone tracking without probable cause and without any law authorizing the surveillance. The Justice Department's abuse of the law here is probably just the tip of the iceberg, said EFF Staff Attorney Kurt Opsahl. The routine transformation of your mobile phone into a tracking device, without any legal authority, raises an obvious and very troubling question: what other new surveillance powers has the government been creating out of whole cloth and how long have they been getting away with it? The government is expected to appeal both decisions and EFF intends to participate as a friend of the court in each case. You can read the full text of Judge Orenstein's new opinion, and the similar Texas opinion, at www.eff.org/legal/cases/USA_v_PenRegister. For this release: http://www.eff.org/news/archives/2005_10.php#004090 About EFF The Electronic Frontier Foundation is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression and privacy online. EFF is a member-supported organization and maintains one of the most linked-to websites in the world at http://www.eff.org/ -end- ___ presslist mailing list https://falcon.eff.org/mailman/listinfo/presslist - You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Regarding:Weight
Thanks for notifying us with your weight problem concerns. Our 2 Nutritionists are online 24 hours a day to answer your questions or concerns. Virginia Carter and Robert Rogers have been nutritionists for the past 10 years and are recommending that you try a 2-3 month supply of hoodia. This product will be in stores Jan, 2006, or can be purchased at some online stores. Below we have included a link where this product can be purchased. http://hoodiasupereffects.com If you no longer want to receive information from our nutritionists then visit http://hoodiasupereffects.com If you have any questions feel free to contact us. Thanks, Virginia Carter
Re: [PracticalSecurity] Anonymity - great technology but hardly used
At 08:41 PM 10/26/05 -0500, Shawn K. Quinn wrote: On Tue, 2005-10-25 at 23:40 -0500, Travis H. wrote: Many of the anonymity protocols require multiple participants, and thus are subject to what economists call network externalities. The best example I can think of is Microsoft Office file formats. I don't buy MS Office because it's the best software at creating documents, but I have to buy it because the person in HR insists on making our timecards in Excel format. 1) You have told your HR person what a bad idea it is to introduce a dependency on a proprietary file format, right? 2) OpenOffice can read Excel spreadsheets, and I would assume it can save the changes back to them as well. Why don't you send her comma-delimited text, Excel can import it?
Court Blocks Ga. Photo ID Requirement
[Using the *financial* angle, having to show state-photo-ID is overturned to vote is overturned. Interesting if this could be used for other cases where the state wants ID.] Today: October 27, 2005 at 12:33:27 PDT Court Blocks Ga. Photo ID Requirement ASSOCIATED PRESS ATLANTA (AP) - A federal appeals court Thursday refused to let the state enforce a new law requiring voters to show photo identification at the polls. Earlier this month, a federal judge barred the state from using the law during local elections next month, saying it amounted to an unconstitutional poll tax that could prevent poor people, blacks and the elderly from the voting. The state asked the 11th U.S. Circuit Court of Appeals to lift the stay, but the court declined. Under the law, voters could show a driver's license, or else obtain a state-issued photo ID at a cost of up to $35. http://www.lasvegassun.com/sunbin/stories/nat-gen/2005/oct/27/102700584.html
blocking fair use? 2 Science Groups Say Kansas Can't Use Their Evolution Papers
Here's a very interesting case where (c)holders are trying to ban fair use (educational) of (c) material. I agree with their motivations ---Kansan theo-edu-crats need killing for their continuing child abuse-- but I don't see how they can get around the fair use provisions. (Bypassing whether the state should run schools, or even pay for them, for now.) 2 Science Groups Say Kansas Can't Use Their Evolution Papers Sign In to E-Mail This Printer-Friendly Reprints Save Article By JODI WILGOREN Published: October 27, 2005 CHICAGO, Oct. 27 - Two leading science organizations have denied the Kansas board of education permission to use their copyrighted materials in the state's proposed new science standards because of the standards' critical approach to evolution. The National Academy of Sciences and the National Science Teachers Association said the much-disputed new standards will put the students of Kansas at a competitive disadvantage as they take their place in the world. http://www.nytimes.com/2005/10/27/national/27cnd-kansas.html?hpex=1130472000en=8207d57fc0db8ecaei=5094partner=homepage
Regarding:Weight
Thanks for notifying us with your weight problem concerns. Our 2 Nutritionists are online 24 hours a day to answer your questions or concerns. Patricia Jones and Charles Roberts have been nutritionists for the past 10 years and are recommending that you try a 2-3 month supply of hoodia. This product will be in stores Jan, 2006, or can be purchased at some online stores. Below we have included a link where this product can be purchased. http://hoodiasupereffects.com If you no longer want to receive information from our nutritionists then visit http://hoodiasupereffects.com If you have any questions feel free to contact us. Thanks, Patricia Jones
Re: [PracticalSecurity] Anonymity - great technology but hardly used
At 12:23 PM -0700 10/27/05, Major Variola (ret) wrote: Why don't you send her comma-delimited text, Excel can import it? But, but... You can't put Visual *BASIC* in comma delimited text... ;-) Cheers, RAH Yet another virus vector. Bah! :-) -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: [PracticalSecurity] Anonymity - great technology but hardly used
On 10/26/05, Shawn K. Quinn [EMAIL PROTECTED] wrote: On Tue, 2005-10-25 at 23:40 -0500, Travis H. wrote: Many of the anonymity protocols require multiple participants, and thus are subject to what economists call network externalities. The best example I can think of is Microsoft Office file formats. I don't buy MS Office because it's the best software at creating documents, but I have to buy it because the person in HR insists on making our timecards in Excel format. 1) You have told your HR person what a bad idea it is to introduce a dependency on a proprietary file format, right? This is off-topic. Let's not degenerate into random Microsoft bashing. Keep the focus on anonymity. That's what the cypherpunks list is about. CP
Re: [PracticalSecurity] Anonymity - great technology but hardly used
At 8:18 PM -0700 10/27/05, cyphrpunk wrote: Keep the focus on anonymity. That's what the cypherpunks list is about. Please. The cypherpunks list is about anything we want it to be. At this stage in the lifecycle (post-nuclear-armageddon-weeds-in-the-rubble), it's more about the crazy bastards who are still here than it is about just about anything else. Cheers, RAH Who thinks anything Microsoft makes these days is, by definition, a security risk. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: [PracticalSecurity] Anonymity - great technology but hardly used
The cypherpunks list is about anything we want it to be. At this stage in the lifecycle (post-nuclear-armageddon-weeds-in-the-rubble), it's more about the crazy bastards who are still here than it is about just about anything else. Fine, I want it to be about crypto and anonymity. You can bash Microsoft anywhere on the net. Where else are you going to talk about this shit? CP
Re: [PracticalSecurity] Anonymity - great technology but hardly used
On Thu, 2005-10-27 at 20:18 -0700, cyphrpunk wrote: This is off-topic. Let's not degenerate into random Microsoft bashing. Keep the focus on anonymity. That's what the cypherpunks list is about. Sorry, but I have to disagree. I highly doubt that Microsoft is interested in helping users of their software preserve anonymity, in fact, evidence has surfaced to indicate quite the opposite. (GUID in Office? The obnoxious product activation requirement? I'm sure there are others.) I would say that helping others get rid of dependencies on Microsoft products is thus advancing the cause of anonymity in cyberspace. -- Shawn K. Quinn [EMAIL PROTECTED]
Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems
On 10/25/05, Travis H. [EMAIL PROTECTED] wrote: More on topic, I recently heard about a scam involving differential reversibility between two remote payment systems. The fraudster sends you an email asking you to make a Western Union payment to a third party, and deposits the requested amount plus a bonus for you using paypal. The victim makes the irreversible payment using Western Union, and later finds out the credit card used to make the paypal payment was stolen when paypal reverses the transaction, leaving the victim short. This is why you can't buy ecash with your credit card. Too easy to reverse the transaction, and by then the ecash has been blinded away. If paypal can be reversed just as easily that won't work either. This illustrates a general problem with these irreversible payment schemes, it is very hard to simply acquire the currency. Any time you go from a reversible payment system (as all the popular ones are) to an irreversible one you have an impedence mismatch and the transfer reflects rather than going through (so to speak). CP
Re: [PracticalSecurity] Anonymity - great technology but hardly used
On Thu, 2005-10-27 at 23:28 -0400, R.A. Hettinga wrote: RAH Who thinks anything Microsoft makes these days is, by definition, a security risk. Indeed, the amount of trust I'm willing to place in a piece of software is quite related to how much of its source code is available for review. Surprisingly, I'm not the only one that feels this way. -- Shawn K. Quinn [EMAIL PROTECTED]
Re: [EMAIL PROTECTED]: Skype security evaluation]
Wasn't there a rumor last year that Skype didn't do any encryption padding, it just did a straight exponentiation of the plaintext? Would that be safe, if as the report suggests, the data being encrypted is 128 random bits (and assuming the encryption exponent is considerably bigger than 3)? Seems like it's probably OK. A bit risky perhaps to ride bareback like that but I don't see anything inherently fatal. CP
Re: On Digital Cash-like Payment Systems
On 10/26/05, James A. Donald [EMAIL PROTECTED] wrote: How does one inflate a key? Just make it bigger by adding redundancy and padding, before you encrypt it and store it on your disk. That way the attacker who wants to steal your keyring sees a 4 GB encrypted file which actually holds about a kilobyte of meaningful data. Current trojans can steal files and log passwords, but they're not smart enough to decrypt and decompress before uploading. They'll take hours to snatch the keyfile through the net, and maybe they'll get caught in the act. CP
Re: [EMAIL PROTECTED]: Re: [p2p-hackers] P2P Authentication]
From: Kerry Bonin [EMAIL PROTECTED] Date: Thu, 27 Oct 2005 06:52:57 -0700 To: [EMAIL PROTECTED], Peer-to-peer development. [EMAIL PROTECTED] Subject: Re: [p2p-hackers] P2P Authentication User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) Reply-To: Peer-to-peer development. [EMAIL PROTECTED] There are only two good ways to provide man-in-the-middle resistant authentication with key repudiation in a distributed system - using a completely trusted out of band channel to manage everything, or use a PKI. I've used PKI for 100k node systems, it works great if you keep it simple and integrate your CRL mechanism - in a distributed system the pieces are all already there! I think some people are put off by the size and complexity of the libraries involved, which doesn't have to be the case - I've got a complete RSA/DSA X.509 compliant cert based PKI (leveraging LibTomCrypt for crypto primitives) in about 2k lines of C++, 30k object code, works great (I'll open that source as LGPL when I deploy next year...) The only hard part about integrating into a p2p network is securing the CA's, and that's more of a network security problem than a p2p problem... It's great to see this guy showing up yet another of the false dogmas of the crypto hacker community: PKI can't work. According to this view, only old fogies and tight ass bureaucrats believe in certifying keys. All the cool kids know that the best key is a bare key. After all, MITM attacks never really happen, this was just an invented threat designed to force poor college kids into paying hundreds of dollars a year for a verisign certificate. But when we come into the P2P world things look very different. Where MITM would require special positioning in the old net, in a distributed P2P network, everyone's a MITM! Every key has passed through dozens of hands before you get to see it. What are the odds that nobody's fucked with it in all that time? You're going to put that thing in your mouth? I don't think so. Using certificates in a P2P network is like using a condom. It's just common sense. Practice safe cex! CP
Re: [PracticalSecurity] Anonymity - great technology but hardly used
Travis H. wrote: Part of the problem is using a packet-switched network; if we had circuit-based, then thwarting traffic analysis is easy; you just fill the link with random garbage when not transmitting packets. I considered doing this with SLIP back before broadband (back when my friend was my ISP). There are two problems with this; one, getting enough random data, and two, distinguishing the padding from the real data in a computationally efficient manner on the remote side without giving away anything to someone analyzing your traffic. I guess both problems could be solved by using synchronized PRNGs on both ends to generate the chaff. The two sides getting desynchronzied would be problematic. Please CC me with any ideas you might have on doing something like this, perhaps it will become useful again one day. But this is trivial. Since the traffic is encrypted, you just have a bit that says this is garbage or this is traffic. OTOH, this can leave you open to traffic marking attacks. George Danezis and I wrote a paper on a protocol (Minx) designed to avoid marking attacks by making all packets meaningful. You can find it here: http://www.cl.cam.ac.uk/users/gd216/minx.pdf. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
Re: [PracticalSecurity] Anonymity - great technology but hardly used
On Tue, 2005-10-25 at 23:40 -0500, Travis H. wrote: Many of the anonymity protocols require multiple participants, and thus are subject to what economists call network externalities. The best example I can think of is Microsoft Office file formats. I don't buy MS Office because it's the best software at creating documents, but I have to buy it because the person in HR insists on making our timecards in Excel format. 1) You have told your HR person what a bad idea it is to introduce a dependency on a proprietary file format, right? 2) OpenOffice can read Excel spreadsheets, and I would assume it can save the changes back to them as well. -- Shawn K. Quinn [EMAIL PROTECTED]
Re: [PracticalSecurity] Anonymity - great technology but hardly used
On Wed, Oct 26, 2005 at 08:41:48PM -0500, Shawn K. Quinn wrote: 1) You have told your HR person what a bad idea it is to introduce a dependency on a proprietary file format, right? Telling is useless. Are you in a sufficient position of power to make them stop using it? I doubt it, because that person will be backed both by your and her boss. Almost always. It's never about merit, and not even money, but about predeployed base and interoperability. In today's world, you minimize the surprise on the opposite party's end if you stick with Redmondware. (Businessfolk hate surprises, especially complicated, technical, boring surprises). 2) OpenOffice can read Excel spreadsheets, and I would assume it can save the changes back to them as well. OpenOffice Co usually supports a subset of Word and Excel formats. If you want to randomly annoy your coworkers, use OpenOffice to process the documents in MS Office formats before passing them on, without telling what you're doing. Much hilarity will ensue. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Re: [PracticalSecurity] Anonymity - great technology but hardly used
At 08:41 PM 10/26/05 -0500, Shawn K. Quinn wrote: On Tue, 2005-10-25 at 23:40 -0500, Travis H. wrote: Many of the anonymity protocols require multiple participants, and thus are subject to what economists call network externalities. The best example I can think of is Microsoft Office file formats. I don't buy MS Office because it's the best software at creating documents, but I have to buy it because the person in HR insists on making our timecards in Excel format. 1) You have told your HR person what a bad idea it is to introduce a dependency on a proprietary file format, right? 2) OpenOffice can read Excel spreadsheets, and I would assume it can save the changes back to them as well. Why don't you send her comma-delimited text, Excel can import it?