Matt Crawford wrote:
On Mar 5, 2005, at 11:32, Ed Gerck wrote:
The worse part, however, is that the server side can always fake your
authentication using a third-party because the server side can
always calculate ahead and generate your next number for that
third-party to enter -- the same number
Gabriel Haythornthwaite wrote:
You're quite correct Matt,
Which is why IMHO you can only really get true non-repudiation through use
of PKI. And more specifically:
- where the key pair was generated by the end-user, and
- where the server has stored a copy of the transaction - digitally signed
by
I would like to announce my work
Vlastimil Klima: Finding MD5 Collisions - a Toy For a Notebook,
March 5, 2005,
http://cryptography.hyperlink.cz/md5/MD5_collisions.pdf
Vlastimil
--
Levnj internet v pracovn dny ji od 18:00 hod.
Surfujte s VOLN!
http://mimospicku.volny.cz
http://cnews.canoe.ca/CNEWS/TechNews/TechInvestor/2005/03/03/pf-948608.html
CANOE -- CNEWS - Tech News:
March 3, 2005
Encryption specialist courts U.S. defence sector
By DAVID PADDON
TORONTO (CP) - Canadian-based cryptography specialist Certicom Corp. is
seeing increased interest from
On Sun, 6 Mar 2005, David Wagner wrote:
[...]
However, I also believe it is possible -- and, perhaps, all too easy --
to use GBDE in a way that will not provide adequate security. My biggest
fear is that safe usage is just hard enough that many users will end up
being insecure. GBDE uses a
Charlie asked me to forward this.
From: Charlie Kaufman [EMAIL PROTECTED]
Sent: Tuesday, March 08, 2005 12:46 PM
To: cryptography@metzdowd.com
Subject: Re: comments wanted on gbde
Steve Bellovin writes:
A discussion -- I'll be polite and call it that -- has erupted on
some mailing lists about
Forwarded at PHK's request.
To: Perry E. Metzger [EMAIL PROTECTED]
Subject: Please forward to cryptography@ list.
From: Poul-Henning Kamp [EMAIL PROTECTED]
Date: Tue, 08 Mar 2005 14:29:20 +0100
I have read the comments on gbde in the archive of the cryptography@
list and I would like to attach
http://online.wsj.com/article_print/0,,SB111032151515173916,00.html
The Wall Street Journal
March 9, 2005
BUSINESS
By ALAN MURRAY
Indiscreet E-Mail
Claims a Fresh Casualty
March 9, 2005; Page A2
Let's be clear. Harry Stonecipher wasn't fired simply because he had an
extramarital affair
anybody hear of a DC metro (smartrip) smartcard failure/exploit?
you have a smartcard that supposedly has $10-something left ... and the
next time you go to the station ... the turnstyle says not acceptable,
see stationmaster. the stationmaster puts the card in a reader and the
display comes up
Olle Mulmo wrote:
Seems to me that a CA can nullify this attack by choosing a serial
number or RDN component (after all, a CA should vet the DN and not
simply sign what's in the PKCS#10 request), such that the public key
does not end up at an appropriate DER-encoded offset in the
certificate.
Hi Joerg,
It's true that our 'attack' assumes that the attacker has sufficient
control over the CA, in particular over setting DN's, serial numbers
and the validity period. Yet I have a few remarks on this.
A relying party cannot find out from the certificate alone whether
it has a twin sister
http://www.infosec.sdu.edu.cn/paper.htm
Xiaoyun Wang, Hongbo Yu: How to Break MD5 and Other Hash Functions,
Eurocrypt'2005
Xiaoyun Wang, Hongbo Yu: Cryptanalysis of the Hash Functions MD4 and RIPEMD,
Eurocrypt'2005
-
The
In the below, John posted a handy dandy table of cert prices, and
Nelson postulated that we need to separate high assurance from low
assurance. Leaving aside the technical question of how the user
gets to see that for now, note how godaddy charges $90 for their
high assurance and Verisign charges
http://www.nytimes.com/aponline/national/AP-Spy-Agency-Documents.html
WASHINGTON (AP) -- The National Security Agency warned President
Bush in 2001 that monitoring U.S. adversaries would require a
``permanent presence'' on networks that also carry Americans'
messages that are protected from
* Joseph Ashwood:
Page 5 finally begins the actual information.
Page 5 plaintext sector data should be encrypted with one-time-use
(pseudo-)random keys serves no purpose if a strong mode is used. The only
purpose this serves is to slow the system down as additional searches have
to be
15 matches
Mail list logo