At 5:55 AM +0900 2/10/2001, [EMAIL PROTECTED] wrote:
> >WF1
>>
>>In WF1 the 802.11 WEP keys would be changed many times each hour, say
>>every 10 minutes. A parameter, P , determines how many time per hour
>>the key is to be changed, where P must divide 3600 evenly. The WEP
>>keys are derived fro
The draft paper by Borisov, Goldberg, and Wagner
http://www.isaac.cs.berkeley.edu/isaac/wep-draft.pdf presents a
number of practical attacks on 802.11 Wired Equivalent Privacy (WEP).
The right way to fix them, as the paper points out, is to rework the
802.11 protocol to use better encryption
At 8:58 AM -0500 2/5/2001, Steve Bellovin wrote:
>Every now and then, something pops up that reinforces the point that
>crypto can't solve all of our security and privacy problems. Today's
>installment can be found at
>http://www.privacyfoundation.org/advisories/advemailwiretap.html
>
>For almost
At 1:01 PM -0500 2/4/2001, John Kelsey wrote:
>-BEGIN PGP SIGNED MESSAGE-
>
>At 11:02 PM 1/27/01 -0500, William Allen Simpson wrote:
>
>...
>>"Arnold G. Reinhold" wrote:
>>> There are a lot of reasons why open source is desirable,
>>>
At 11:09 AM -0600 2/1/2001, (Mr) Lyn R. Kennedy wrote:
>On Thu, Feb 01, 2001 at 09:52:05AM -0500, Arnold G. Reinhold wrote:
>> At 1:36 PM -0800 1/31/2001, Heyman, Michael wrote:
>> > > -Original Message-
>> >> From: William Allen Simpson [mailto:[EM
At 1:36 PM -0800 1/31/2001, Heyman, Michael wrote:
> > -Original Message-
>> From: William Allen Simpson [mailto:[EMAIL PROTECTED]]
>> Subject: Re: electronic ballots
>> [SNIP much]
>> >
>> > It seems that something like a smartcard would be the best scheme.
>>
>> Not likely. Voting is ve
At 9:58 PM -0500 1/30/2001, Steven M. Bellovin wrote:
>The obituary has, at long last, prompted me to write a brief review of
>Marks' book "Between Silk and Cyanide". The capsule summary: read it,
>and try to understand what he's really teaching about cryptography,
>amidst all the amusing anecdo
At 1:03 PM -0500 1/25/2001, William Allen Simpson wrote:
>-BEGIN PGP SIGNED MESSAGE-
>
>I've been working with Congresswoman Lynn Rivers on language for
>electronic ballots. My intent is to specify the security sensitive
>information, and encourage widespread implementation in a competiti
I remember those. They were made by Summagraphics. We purchased a
large format one (about 4 feet X 5 feet) to digitize apparel
patterns. They had linear microphones along the top and left sides of
the table. You had to be careful not to put your free hand between
the spark pen and the microph
One interesting question is exactly how strong radio frequency
illumination could cause compromise of information being processed by
electronic equipment. I have an idea for a mechanism whereby such
illumination could induce generation of harmonic and beat frequencies
that are modulated by int
At 6:09 PM -0800 1/8/2001, David Honig wrote:
>At 07:51 PM 1/8/01 -0500, Arnold G. Reinhold wrote:
>...
> By shielding the fixtures, they effectively
>>place the lights outside of the enclosure.
>
>Yes. But 1. you'd still want a filter the power mains
>inside your p
>At 01:27 PM 1/7/01 -0500, Arnold G. Reinhold wrote:
>>"Every inch of floor in more than four buildings was covered with
>>two-by-two-foot squares of bleak brown carpet. When the astronomers
>>tried to replace it, they discovered it was welded with tiny metal
>>
I don't think Chaitin/Kolomogorv complexity is relevant here. In real
world systems both parties have a lot of a priori knowledge. Your
probably_perfect_compress program is not likely to compress this
sentence at all, but PKZIP can. The probably_perfect_compress
argument would work (ignoring
>The Baltimore Sun has a long article on an abandoned NSA listening
>spot in the hills of North Carolina. Some radio astronomers wrangled
>control of it so it won't go to waste.
>
>http://www.sunspot.net/content/cover/story?section=cover&pagename=sto
>ry&storyid=1150520223288
>
"Every inch of
At 10:38 PM + 1/3/2001, Peter Fairbrother wrote:
>on 3/1/01 9:25 pm, Greg Rose at [EMAIL PROTECTED] wrote:
>
> > At Crypto a
>> couple of years ago the invited lecture gave some very general results
>> about unconditionally secure ciphers... unfortunately I can't remember
>> exactly who gave t
I've written a number calculator applet as a number theory teaching
tool. It exposes most of the functionality in the Java 1.1 (and
later) BigInteger package, including prime checking and modular
arithmetic. One of its goals is to let people try out various
cryptographic calculations by hand.
At 3:35 PM -0600 12/7/2000, Rick Smith at Secure Computing wrote:
>At 02:43 PM 12/7/00, Peter Fairbrother wrote:
>
>>In WW2 SOE and OSS used original poems which were often pornographic. See
>>"Between Silk and Cyanide" by Leo Marks for a harrowing account.
>
>Yes, a terrific book. However, the bo
From http://www.defenselink.mil/news/Dec2000/b12062000_bt729-00.html
The Department of Defense, through its Defense Information Systems
Agency, last night awarded Iridium Satellite LLC of Arnold, Md., a
$72 million contract for 24 months of satellite communications
services. This contract wou
At 3:43 PM -0600 12/6/2000, Rick Smith at Secure Computing wrote:
>Does anyone have a citation as to the source of this 1.33
>bits/letter estimate? In other words, who computed it and how? It's
>in Stinson's crypto book, but he didn't identify its source. I
>remember tripping over a citation fo
At 3:04 PM -0800 12/5/2000, Ray Dillinger wrote:
>On Tue, 5 Dec 2000, Arnold G. Reinhold wrote:
>
...
> >I believe there are applications where a passphrase generated key is
>>preferable.
>
>>I think a standard such as Mr. Simpson suggests is a worthwhile idea.
At 11:19 PM -0800 12/4/2000, Bram Cohen wrote:
>On Mon, 4 Dec 2000, William Allen Simpson wrote:
>
>> We could use the excuse of AES implementation to foster a move to a
>> new common denominator.
>
>AES is silly without an equivalently good secure hash function, which we
>don't have right now.
>
At 7:20 PM + 12/4/2000, lcs Mixmaster Remailer wrote:
>William Allen Simpson <[EMAIL PROTECTED]> writes:
>> My requirements were (off the top of my head, there were more):
>>
>> 4) an agreed algorithm for generating private keys directly from
>> the passphrase, rather than keeping a priva
At 9:55 AM +0100 11/29/2000, PA Axel H Horns wrote:
>On 29 Nov 2000, at 7:07, Stephan Eisvogel wrote:
>
>> Adam Back wrote:
>> > (And also without IDEA support for patent reasons even now
>> > that the RSA patent has expired.)
>>
>> Do you know when the IDEA patent will expire? I will hold a
>> sm
At 1:59 PM -0800 11/20/2000, Bram Cohen wrote:
>On Mon, 20 Nov 2000, Arnold G. Reinhold wrote:
>
>> Perry's last sentence gets to the heart of the matter. If CAs
>> included a financial guarantee of whatever it is they are asserting
>> when they issue a certificate,
At 10:19 PM -0500 11/15/2000, Rich Salz wrote:
>I'm putting together a system that might need to generate thousands of RSA
>keypairs per day, using OpenSSL on a "handful" of Linux machines. What do
>folks think of the following: take one machine and dedicate it as an entropy
>source. After 'n' se
>"Steven M. Bellovin" <[EMAIL PROTECTED]> writes:
>
>> Precisely. What is the *real* threat model?
>>
>> History does indeed show that believed-secure ciphers may not be, and
>> that we do indeed need a safety margin. But history shows even more
>> strongly that there are many better ways to the
At 2:24 PM -0700 10/10/2000, Ed Gerck wrote:
>"Arnold G. Reinhold" wrote:
>
>> You may well be right about the accepted definition of
>> non-repudiation, but if you are then I would amend my remarks to say
>> that known cryptographic technology cannot provide no
At 12:12 PM -0700 10/7/2000, Ed Gerck wrote:
>"Arnold G. Reinhold" wrote:
>
>> In public-key cryptography "Non-Repudiation" means that that the
>> probability that a particular result could have been produced without
>> access to the secret key is van
Like most people interested in cryptography, I have always been
curious about the ciphers NSA uses to protect classified information
-- the so-called Type 1 ciphers. I have never found any reliable
information on these, outside of a few code names. Therefore I was
surprised to find the followi
At 9:23 AM -0700 10/5/2000, David Honig wrote:
>At 09:07 PM 10/3/00 -0400, Nina H. Fefferman wrote:
>>
>>
>> Hi all,
>>
>> Does anyone know where (if at all) I can find statistics for the
>>predictable strings humans tend to produce when asked to create a
>>"random" sequence of zeros and
The following information from the Rijndael Page
http://www.esat.kuleuven.ac.be/~rijmen/rijndael/index.html may come
in handy later today when NIST announces the new Advanced Encryption
Standard (AES):
'Rijndael FAQ
1.How is that pronounced ?
If you're Dutch, Flemish, Indonesian,
At 10:08 PM -0700 9/13/2000, Bram Cohen wrote:
>On Thu, 14 Sep 2000, Enzo Michelangeli wrote:
>
>> http://www.the-times.co.uk/news/pages/sti/2000/09/10/stinwenws01007.html
>>
>> SOLDIERS are having to use insecure mobile phones to communicate in
>> battlefield exercises because, they say, the army
I was searching to see if anyone had done a Zeroize interface for
Java and found a very interesting page
http://www.maritime.org/ecm2.htm on the US military's primary cipher
machine from World War II, the ECM Mark II, aka CSP-989 aka SIGABA.
(It turns out the term "zeroize" goes back to the e
At 6:29 PM +0100 9/13/2000, Ben Laurie wrote:
>"Arnold G. Reinhold" wrote:
>>
>
>
> > >There's really nothing stopping an implementation of SSL that uses PGP
>> >for key verification. All that's really required at the end of the day
>>
At 10:15 PM +0100 9/12/2000, Ben Laurie wrote:
>"Arnold G. Reinhold" wrote:
>>
>> I had some more thoughts on the question of Man in the Middle attacks
>> on PGP. A lot has changed on the Internet since 1991 when PGP was
>> first released. (That was
I had some more thoughts on the question of Man in the Middle attacks
on PGP. A lot has changed on the Internet since 1991 when PGP was
first released. (That was the year when the World Wide Web was
introduced as well.) Many of these changes significantly reduce the
practicality of an MITM at
At 1:08 PM +0100 9/7/2000, Ben Laurie wrote:
>John R Levine wrote:
>> CSS is entirely about subverting first sale, since the only useful
>>thing that
>> the CSS crypto does is to assign each DVD a "region code" so that
>>the DVD can
>> only be played on players with the same region code. (As ha
At 4:38 PM -0700 9/5/2000, David Honig wrote:
>At 05:33 PM 9/3/00 -0400, Dan Geer wrote:
>>
>>> How do they exchange public keys? Via email I'll bet.
>>
>
> >Note that it is trivial(*) to construct a self-decrypting
> >archive and mail it in the form of an attachment. The
>>recipient will mere
At 3:48 PM -0700 9/1/2000, David Honig wrote:
>At 09:34 AM 8/30/00 -0700, Ed Gerck wrote:
>>
>>BTW, many lawyers like to use PGP and it is a good usage niche. Here, in the
>>North Bay Area of SF, PGP is not uncommon in such small-group business users.
>
>How do they exchange public keys? Via ema
At 11:21 AM -0400 8/26/2000, Jeff Kandt wrote:
>On or about 11:52 AM -0400 8/24/00, Arnold G. Reinhold wrote:
>>>The design goals: http://tipster.weblogs.com/designgoals
>>>The crypto protocol: http://tipster.weblogs.com/tipsterblock/
>>>
>>>Both of these
How hard would it be to filter the public key servers for unsigned
ADKs and either notify the keyowner or just remove the unsigned ADKs?
The cert containing the unsigned ADK could be moved to a separate key
server, equipped with suitable warnings, so the forensic record would
be preserved.
Ar
At 11:50 PM -0400 8/23/2000, Jeff Kandt wrote:
>On or about 12:49 PM -0400 8/23/00, Arnold G. Reinhold wrote:
>>Certificate revocation is one of the thorniest issues in public key
>>cryptography. Maybe you can solve it in this narrow context, but I
>>would avoid it if there
At 10:59 PM -0400 8/20/2000, Jeff Kandt wrote:
>...
>Tipster allows the artist to revoke any given key with a revokation
>certificate. By allowing the artist to encode multiple
>URL/signature pairs onto the file, they can set up multiple,
>redundant revenue streams, and you encourage competiti
At 8:28 PM -0400 8/17/2000, Jeff Kandt wrote:
>On or about 12:57 PM -0400 8/17/00, Arnold G. Reinhold wrote:
>>I think a voluntary payment system is a fine idea, but I am not
>>sure that your proposal address the right issues. If I understand
>>what you are proposing c
Jeff,
I think a voluntary payment system is a fine idea, but I am not sure
that your proposal address the right issues. If I understand what you
are proposing correctly, your scheme allows a CD buyer to verify that
a particular payment server is authorized by the recording artist to
collect p
Another reason for PGP 2.x compatibility is that there are a lot of
old computers out there that will not run more modern versions. Many
of these machines find their way into 3rd-world countries and NGOs
where there is a life-and-death need for security.
Also there is a argument that these old
From http://www.yahoo.com 8/2/2000 1pm
WASHINGTON (Reuters) - A federal judge ordered an emergency hearing
on Wednesday on a privacy rights group's request for the immediate
release of details on Carnivore, the Federal Bureau of
Investigation's e-mail surveillance tool.
The Electronic P
At 11:51 PM -0400 7/30/2000, dmolnar wrote:
>On Sun, 30 Jul 2000, Arnold G. Reinhold wrote:
>
>> By the way, I could not find the April 2000 RSA Data Security
>> Bulletin on three primes at
>> http://www.rsasecurity.com/rsalabs/bulletins/index.html Is there a
>> bet
April 2000 RSA Data Security
Bulletin on three primes at
http://www.rsasecurity.com/rsalabs/bulletins/index.html Is there a
better link?
Arnold Reinhold
At 1:06 PM -0700 7/28/2000, Steve Reid wrote:
>On Thu, Jul 27, 2000 at 03:00:16PM -0400, Arnold G. Reinhold wrote:
>> I like &qu
At 7:05 AM -0700 7/27/2000, Rodney Thayer wrote:
>What shall we call
>that-public-key-algorithm-that-will-not-be-patent-protected in late
>September? we should not use a trademarked or copyrighted term, in my
>opinion.
>There was discussion of this a while ago, I think. I don't recall what
>was
At 12:31 AM +0100 7/18/2000, Paul Crowley wrote:
>A variant on this question that we might see for lots of questions
>soon: what's the best way to do this given only AES as a primitive?
>
>Here's a simple way that uses all of the passphrase to control a
>cryptographic PRNG that can be used to gene
At 12:08 PM -0400 7/3/2000, William Allen Simpson wrote:
>-BEGIN PGP SIGNED MESSAGE-
>
>"Arnold G. Reinhold" wrote:
>> Nothing new here. I often buy stuff on line and only get e-mail
>> receipts. My credit card statements are a backup, I suppose. If
>>
At 5:42 AM -0700 7/1/2000, Dennis Glatting wrote:
>Did anyone talk to the IRS? If I do not get a hard copy receipt, how
>do I prove purchase in case of audit? Moreover, if the transaction is
>electronic and the vendor's system crashed and the vendor lost his
>data, which I am confident he is not l
At 12:12 PM -0400 6/8/2000, Don Davis wrote:
>steve b., perry m., and arnold r. all point out,
>quite correctly, that hashing was used for noise-
>whitening, long before sgi's lavarand and before
>my disk-randomness paper. the difference that
>sgi's work and mine offered was a more rigorous
>noti
At 8:52 PM -0400 6/7/2000, Don Davis wrote:
...
>but, when SGI announced their lavarand patent
>application in the press a few years ago, i
>decided that it wasn't worth worrying about.
>theirs is clearly a defensive patent, intended
>only to make sure that noone can keep SGI from
>using anything
At 3:27 PM -0400 6/6/2000, Steven M. Bellovin wrote:
>In message <[EMAIL PROTECTED]>, "Steven
>M. Bellovi
>n" writes:
>>In message <[EMAIL PROTECTED]>, Dennis
>>Glatting writes:
>>
>
> >>>
> >>
>>>There is an article (somewhere) on the net of digital cameras focused
>>>on lava lamps. Photos are
At 3:15 AM -0500 6/6/2000, John Kelsey wrote:
>-BEGIN PGP SIGNED MESSAGE-
>
>At 07:08 PM 6/5/00 -0700, [EMAIL PROTECTED] wrote:
>>So I'm curious about what all methods do folks currently use (on NT
>>and unix) to generate a random seed in the case where user
>>interaction (e.g. the ol' m
At 12:39 PM -0400 5/30/2000, Mark A. Herschberg wrote:
>...
>Applied Cryptography by Bruce Schneier lists 6 requirements of voting
>(1996, p. 125):
>
>1) Only authorized voters can vote.
>2) No one can vote more than once.
>3) No one can determine for whom anyone else voted.
>4) No one can dispute
I'm not sure I care for the elitist tone in Dan's posting either, but
he raises some points that deserve serious consideration. Sure we
have mail-in absentee ballots now, but the number of people who
choose to vote that way is small and an absentee ballot split that
varied markedly from the re
I'm afraid I don't find Mr. Fernandes' argument convincing. Given the
nature of the Microsoft CAPI concept -- that only approved
cryptographic modules can be allowed to run -- NSA would surely want
to know how use of the CAPI signing key was ultimately controlled. A
crypto box that allowed exp
At 8:39 AM -0400 5/27/2000, Steven M. Bellovin wrote:
>In message <v04210109b5531fa89365@[24.218.56.92]>, "Arnold G.
>Reinhold" writes:
>
>>o There is the proposed legislation I cited earlier to protect these
>>methods from being revealed in court. These
At 11:17 AM -0500 5/25/2000, Rick Smith wrote:
>
>As usual with such discussions, lots of traffic hides substantial amounts
>of agreement with touches of disagreement.
Agreed. Let me summarize what I am trying to say. Then maybe it is
time to move on.
1. I think citizen access to strong crypt
At 4:09 PM -0500 5/24/2000, Rick Smith wrote:
>Before continuing, let me state my three opinions that this is based on:
>
>1) There is a non-zero risk of backdoors in commercial software, but the
>perpetrators are as likely (IMHO more likely) to be outside parties and not
>US agencies like NSA.
G
At 10:43 AM -0500 5/24/2000, Rick Smith wrote:
>At 03:48 PM 05/23/2000 -0700, John Gilmore wrote:
>>Rick Smith wrote:
>>> If the NSA approaches Microsoft to acquire their support of NSA's
>>> surveillance mission, then the information will have to be shared
>>> with a bunch of people inside Micros
Someone made the comment in this thread (I can't seem to find it
again) that a bug in MS security that counts as a hole, not a
backdoor. But a cooperative relationship between Microsoft and NSA
(or any vendor and their local signals security agency) can be more
subtle. What if Microsoft agreed
At 2:54 PM -0400 5/15/2000, Marc Horowitz wrote:
>"Arnold G. Reinhold" <[EMAIL PROTECTED]> writes:
>
>>> I'm not picking on Hushmail. Hushmail is a fairly good privacy
>>> product. It should protect against the average office snoop or an
>>&
At 2:56 PM -0400 5/12/2000, Peter Wayner wrote:
>I think all crypto products rely on passphrases. Every wallet is
>locked with a passphrase. Every private key is locked away. Even the
>smart cards are usually sewn up with PINs. It's just a fact of life
>and it seems unfair to me to pick upon Hu
Don't get me wrong, I like what HushMail is doing too and your
suggestion would make it even better. But the passphrase dependency
issue is a serious one, given what users will typically do. There are
some things HushMail could easily do to reduce the danger:
First Hush could be more explicit
Here are my comments on Hushmail and ZipLip:
HUSHMAIL
Hushmail publishes their design and it seems to be generally well
constructed. However it is extremely important for your readers to
understand that the security of their HushMail account depends
*entirely* on the strength of the passphras
At 12:43 PM +0300 5/11/2000, [EMAIL PROTECTED] wrote:
>Thanks to all for the very interesting info. For people interested, here's
>a summary of answers and ideas:
You left out my direction finding approach :( I think it has merit.
Electronically steerable antennas are quite practical at L band
>Dorothy Denning wrote an interesting paper on authenticating location using
>GPS signals... I think it's reachable from her home page as well as the
>following citation:
>
>D. E. Denning and P. F. MacDoran, "Location-Based Authentication: Grounding
>Cyberspace for Better Security," Computer Fraud
At 1:05 AM -0700 5/8/2000, Lucky Green wrote:
>Arnold wrote:
>> It will be interesting to see what the reports say. But it is worth
>> noting that according to
> > http://www.uscourts.gov/wiretap99/contents.html there were 1350
>> wiretaps approved by state and federal judges in the US in 1999. 72
>On Fri, 5 May 2000 08:58:45 -0400 "Arnold G. Reinhold"
><[EMAIL PROTECTED]> writes:
>> It's worse than that. The new reports are to cover "law enforcement
>> encounters with encrypted communications in the execution of wiretap
>> orders."
At 9:42 AM -0400 5/4/2000, Barney Wolff wrote:
>Er, and how will these numbers be audited? Given that distorting them
>will do no direct and immediate harm to any individual, the temptation
>to "adjust" the numbers will be great. Of course nobody in law
>enforcement would ever do such a thing ..
Can anyone point me to a good definition of "Perfect Forward Security"?
Arnold Reinhold
At 10:14 AM -0500 5/2/2000, Rick Smith wrote:
>At 05:05 PM 04/30/2000 -0700, Steve Reid wrote:
>
>>Below is some sample output. The amount of entropy per passphrase should
>>be more than 89 bits, or almost the same as seven Diceware words.
>>However, if you generate N passphrases and pick the one
I am not a conspiracy nut. I think Oswald killed Kennedy all by
himself; Roosevelt had no idea Pearl Harbor was about to be attacked;
and Ben & Jerry only wanted to make great ice cream. But I think
people are underestimating NSA if they think they would be afraid to
introduce crypto vulnerabi
Ben Laurie <[EMAIL PROTECTED]> wrote:
>"Arnold G. Reinhold" wrote:
>>
>> I wonder if you are confusing the length in bits of a PKC key, e.g. a
>> prime factor of an RSA public key, with the entropy of that private
>> key. The prime factor may be 512
I wonder if you are confusing the length in bits of a PKC key, e.g. a
prime factor of an RSA public key, with the entropy of that private
key. The prime factor may be 512 bits long, but it usually does not
have anyway near 512 bits of randomness. Usually a secret prime is
generated by adding a
http://dailynews.yahoo.com/h/nm/2317/tc/eu_spying_1.html
EU to Set Up Major Probe Into U.S. 'Spy' Charges
BRUSSELS (Reuters) - The European Parliament is set to announce next
Wednesday that it will set up a special inquiry committee into
allegations that the United States uses an electroni
>Arnold G. Reinhold writes:
>
> > If you know the DNA sequences of alphabet letters, you can PCR probe
> > for common words or word fragments like "the" or "ing" and avoid
> > total sequencing.
>
>That's true. Luckily, there is no such
At 7:39 PM -0800 3/14/2000, Eugene Leitl wrote:
>Of course it ain't actual encryption, only (high-payload)
>steganography at best. Now, if you sneak a message into a living
>critter (a pet ("the message is the medium"), or creating the ultimate
>self-propagating chainletter, a pathogen), that woul
By Matt Pottinger
BEIJING (Reuters) - China has eased tough new restrictions on
encryption technology,
announcing that a vast category of consumer software and equipment
-- including mobile
phones and Microsoft Windows -- would be exempt from the rules.
The government agency in charge
At 12:55 AM -0600 3/10/2000, John Kelsey wrote:
>[much deleted]
>
>Actually, the subpoena threat means that we need to put the
>entities holding shares of the secret in places where even
>we can't find them. In the extreme case, there's some
>machine somewhere with e-mail access, which may carry
At 10:56 AM -0500 3/8/2000, Steven M. Bellovin wrote:
>In message <[EMAIL PROTECTED]>, "Matt Crawford" writes:
>>
>> If you're going to trust that CryptoSat, inc. hasn't stashed a local
>> copy of the private key, why not eliminate all that radio gear and trust
> > CryptoTime, inc. not to publish
>around. Can somebody give me pointers?
>
Here is something I posted to sci.crypt on the subject in 1996. (You
can find it at http://deja.com/usenet by searching on the thread: '
Cryptographically secured "Time Vaults" '):
PGP and the Packwood problem.
Arnold G. Rei
VERISIGN ACQUIRES NETWORK SOLUTIONS TO FORM
WORLD'S LARGEST PROVIDER OF INTERNET TRUST SERVICES
Mountain View, CA & Herndon, VA, March 7, 2000 - - VeriSign, Inc.
(Nasdaq:VRSN), the leading
provider of Internet trust services, and Network Solutions, Inc.
(Nasdaq: NSOL), the world's leading
pr
February 15, 2000
LIBRARY OF CONGRESS
Copyright Office
Washington D.C.
Via E-mail to [EMAIL PROTECTED]
Re: Docket No. RM 99-7A
Comments to the U.S. Copyright Office on the Adverse Impact on
Noninfringing Uses from the 1201 Prohibition Against Circumvention of
Access Control Technologies
A friend of mine called my attention to two interesting articles on
cryptography in the March 2000 Notices of the American Mathematical
Society:
A review by Jim Reeds of Simon Singh's "The Code Book" which takes
the author to task for a large number inaccuracies.
http://www.ams.org/notices/20
At 5:09 PM -0500 2/11/2000, Dan Geer wrote:
>I agree with Peter and Arnold; in fact, I am convinced that
>as of this date, there are only two areas where national
>agencies have a lead over the private/international sector,
>namely one-time-pad deployment and traffic analysis. Of those,
>I would
At 12:38 PM -0800 2/11/2000, David Wagner wrote:
>In article <v04210102b4ca1b7a641f@[24.218.56.92]>,
>Arnold G. Reinhold <[EMAIL PROTECTED]> wrote:
>> Clipper/Capstone was always advertised to the public as providing a
>> higher level (80-bits) of security tha
At 8:02 AM -0500 2/12/2000, Peter Gutmann wrote:
>Late last year the Capstone spec ("CAPSTONE (MYK-80) Specifications",
>R21-TECH-30-95) was partially declassified as the result of a FOIA lawsuit[0].
>The document is stamped "TOP SECRET UMBRA" on every page. UMBRA is a SIGINT
>codeword, not an IN
I'd like to tone this discussion down a bit and get back to basics.
First of all, I am happy to thank Intel for finally releasing the
hardware interface. I hadn't known about its release until this
thread. I'm always grateful when someone does the right thing, even
if it's late. Second, I hav
At 9:00 PM + 2/2/2000, lcs Mixmaster Remailer wrote:
>It may not have been mentioned here, but Intel has
>released the programmer interface specs to their RNG, at
>http://developer.intel.com/design/chipsets/manuals/298029.pdf.
>Nothing prevents the device from being used in Linux /dev/random n
At 9:15 AM -0800 2/2/2000, Eric Murray wrote:
>On Tue, Feb 01, 2000 at 09:00:33PM -0800, Dave Del Torto wrote:
> > At 6:19 pm -0500 2000-01-26, Tom McCune wrote:
>...
> >
>> (A) I'm not sanguine about it being a "default" in any version of
>> PGP, knowing what I do and having been told more
Does anyone know a good advocacy page for crypto freedom in the UK?
I'd like to comply with the following request.
Arnold Reinhold
>Subject: Cipher-Saber
>
>Hi there,
>
>I'm a comp-science student in the UK, and a friend of mine just e-mailed
>your page URL to me. I like it, and I'm just about
At 1:34 AM -0500 1/26/2000, Marc Horowitz wrote:
>Rick Smith <[EMAIL PROTECTED]> writes:
>
>>> The basic notion of stego is that one replaces 'noise' in a document with
>>> the stego'ed information. Thus, a 'good' stego system must use a crypto
>>> strategy whose statistical properties mimic the n
John Young <[EMAIL PROTECTED]> responded:
>Your points are valid for the AIA document. However, in the
>Navy document, Number 9, image 3, there is the phrase,
>"Maintain and operate an ECHELON site."
I had missed that reference. A agree that the capitalization here is
consistent with a code nam
I appreciate all the hard work that went into into prying this
material loose from NSA, but there is a case to be made that
"Echelon" as use in these documents is being employed according to
its dictionary meaning "A subdivision of a military force" rather
than as a code word.
The text in the
Regarding the question of how far back TEMPEST goes, I took a look at
David Kahn's "The Codebreakers" which was copyrighted in 1967.
TEMPEST is not listed in the index. However I did find the following
paragraph in a portion of the chapter on N.S.A. that discusses
efforts to improve the US Sta
1 - 100 of 162 matches
Mail list logo
