On Tue, 15 Mar 2005, The Wall Street Journal Wrote:
SHA-1 is a federal standard promulgated by the National
Institute of Standards and Technology and used by the government and
private sector for handling sensitive information. It is thought to be the
most widely used hash function, and it
Ian G wrote:
NSA names ECC as the exclusive technology for key agreement and digital
signature standards for the U.S. government
Certicom's ECC-based solutions enable government contractors to add
security
that meets NSA guidelines
I should note that OpenSSL also supports ECC.
--
On Tue, Mar 15, 2005 at 12:54:19PM -0600, Peter Saint-Andre wrote:
Why not help us make Jabber/XMPP more secure, rather than overloading
AIM? With AIM/MSN/Yahoo your account will always exist at the will of
Unfortunately, I already have a large network of people who use AIM,
and they all each
On Tue, Mar 15, 2005 at 02:47:35PM -0500, Ian Goldberg wrote:
this is actually a very good solution for
me. The only thing I don't like about it is that it stores the private
key on your machine. I understand why that is, but it also means that
if you switch machines with the same login
R.A. Hettinga wrote:
http://www.pcworld.com/resource/printable/article/0,aid,120008,00.asp
i've been asked to flush out my merged security taxonomy and glossary
http://www.garlic.com/~lynn/index.html#glosnote
to highlight the distinction between identity theft and account theft.
typically
On Tue, Mar 15, 2005 at 02:14:48PM -0500, Ian Goldberg wrote:
OTR works over Jabber today. Granted, it's not very Jabberish (as far
as I understand the term; I don't know the Jabber protocol very well):
it just replaces the text of the message with ciphertext. [gaim, at
least, doesn't seem
Matt Crawford wrote:
My educated-layman's opinion is that the following is not feasible, but
I'd be happy to be shown wrong ...
Given a closed public-key device such as a typical smart card with its
limited set of operations (chiefly sign), is it possible to implement
a challenge/response
Ian G wrote:
Adam Fields wrote:
Given what may or may not be recent ToS changes to the AIM service,
I've recently been looking into encryption plugins for gaim.
Specifically, I note gaim-otr, authored by Ian G, who's on this list.
Just a quick note of clarification, there is a collision
in the
http://www.reuters.com/newsArticle.jhtml?type=topNewsstoryID=7892255
http://www.reuters.com/printerFriendlyPopup.jhtml?type=topNewsstoryID=7892255
British Firm Breaks Ground in Surveillance Science
Mon Mar 14, 2005 08:08 AM ET
By Mark Trevelyan, Security Correspondent
MALVERN, England (Reuters) -
On Tue, Mar 15, 2005 at 11:04:59AM -0500, Victor Duchovni wrote:
On Wed, Mar 16, 2005 at 02:23:49AM +1300, Peter Gutmann wrote:
Certainly with UIXC it's not worth anything.
What is UIXC?
lemme guess: universal indiscriminate cross certification
oh wait, peter did define it: implicit not
John, thanks for this fascinating report!
Conclusion? `Not all CAs/certs are created equal`... therefore we should
NOT automatically trust the contents of every certificate whose CA
appears in the `root CA` list of the browser. Instead, browsers should
allow users to select which CAs they trust
At 10:19 PM 3/13/2005, Adam Fields wrote:
Given what may or may not be recent ToS changes to the AIM service,
I've recently been looking into encryption plugins for gaim.
AOL says that the ToS bits are only for things like chatrooms;
user-to-user AIM traffic doesn't even go through their servers.
My educated-layman's opinion is that the following is not feasible,
but I'd be happy to be shown wrong ...
Given a closed public-key device such as a typical smart card with
its limited set of operations (chiefly sign), is it possible to
implement a challenge/response function such that
* Both
Steven M. Bellovin writes:
That's not new, either. I believe it was Tony Hoare who likened this
to sailors doing shore drills with life preservers, but leaving them
home when they went to sea. I think he said that in the 1970s; he said
this in his Turing Award lecture:
The
We all understand the need to move to better hash algorithms than SHA1.
At a minimum, people should be switching to SHA256/384/512; arguably,
Whirlpool is the right way to go. The problem is how to get there from
here.
OpenSSL 0.9.7 doesn't even include anything stronger than SHA1. As a
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11162869.htm?template=contentModules/printstory.jsp
The San Jose Mercury News
Posted on Thu, Mar. 17, 2005
Westlaw agrees to restrict access to Social Security numbers
WASHINGTON (AP) - A legal research company said Thursday it
http://www.theregister.co.uk/2005/03/17/sumitomo_cyber-heist_foiled/print.html
The Register
Biting the hand that feeds IT
The Register » Security » Network Security »
Original URL:
http://www.theregister.co.uk/2005/03/17/sumitomo_cyber-heist_foiled/
Cyber cops foil £220m Sumitomo bank raid
A few days ago, I posted this:
WASHINGTON (AP) -- The National Security Agency warned President
Bush in 2001 that monitoring U.S. adversaries would require a
``permanent presence'' on networks that also carry Americans'
messages that are protected from government eavesdropping.
...
``Make no
http://www.cypherpunks.ca/otr/
Off-the-Record Messaging
News - Downloads - Mailing Lists - Documentation - Frequently Asked
Questions - Press
Off-the-Record (OTR) Messaging allows you to have private conversations
over instant messaging by providing:
Encryption
No one else can read your
On Tue, Mar 15, 2005 at 09:33:51PM +0100, Jim Cheesman wrote:
| Ian G wrote:
|
| Adam Fields wrote:
|
| Given what may or may not be recent ToS changes to the AIM service,
| I've recently been looking into encryption plugins for gaim.
| Specifically, I note gaim-otr, authored by Ian G, who's on
--
On 18 Mar 2005 at 22:52, Steven M. Bellovin wrote:
That paragraph, believe it or not, was classified Secret.
For what it's worth, the official definition of Secret,
from Executive Order 12958
(http://www.dss.mil/seclib/eo12958.htm), is:
Secret shall be applied to information, the
Steven M. Bellovin wrote:
So -- what should we as a community be doing now? There's no emergency
on SHA1, but we do need to start, and soon.
The wider question is how to get moving on new hash
algorithms. That's a bit tricky.
Normally we'd look to see NIST or the NESSIE guys
lead a competition.
In message [EMAIL PROTECTED], Peter Saint-Andre writes:
On Tue, Mar 15, 2005 at 02:02:31PM -0500, Adam Fields wrote:
On Tue, Mar 15, 2005 at 12:54:19PM -0600, Peter Saint-Andre wrote:
Why not help us make Jabber/XMPP more secure, rather than overloading
AIM? With AIM/MSN/Yahoo your account
In message [EMAIL PROTECTED], Ralf Senderek w
rites:
And that is why I ask to give the Shamir Discrete Logarithm Hash Funktion a se
cond
thought. At leeast we have a proof of collision resistance under the assumptio
n
that factoring is infeasible for the modulus used.
And that it more than we
24 matches
Mail list logo