Re: ECC patents?

On Tue, 13 Sep 2005, Paul Hoffman wrote: At 9:32 AM -0700 9/12/05, James A. Donald wrote: It has been a long time, and no one has paid out money on an ECC patent yet. That's pretty bold statement that folks at Certicom might disagree with, even before

Re: Clearing sensitive in-memory data in perl

Perry E. Metzger wrote: What the world really needs is something between C++ and C -- a language with very clean obvious semantics (like C) which does run time bounds checking and strong typing, though it also needs explicit escapes in the type system so you can write things like device drivers

Re: [Anti-fraud] simple (secure??) PW-based web login (was Re: Another entry in theinternet security hall of shame....)

Amir Herzberg wrote: For a stationary user, the extension compares _Iterations_ and confirm it is at most one less than previous value of _Iterations_ used with this site. (Minor point - if relying on incrementing Iterations, this may impact password sharing scenarios. Whether that's a good

simple (secure??) PW-based web login (was Re: Another entry in theinternet security hall of shame....)

Below is a proposal, based on the problem statement by Paul Hoffman: In many deployments of SSL first, then authenticate the user with a password, the site consists of two or more machines. Many or most high-traffic secure sites use SSL front-end systems to terminate the SSL connection, then

Re: [Anti-fraud] simple (secure??) PW-based web login (was Re:Anotherentry in theinternet security hall of shame....)

Ian G wrote: Amir Herzberg wrote: For a stationary user, the extension compares _Iterations_ and confirm it is at most one less than previous value of _Iterations_ used with this site. (Minor point - if relying on incrementing Iterations, this may impact password sharing scenarios. Whether

Re: ECC patents?

At 12:18 PM +0300 9/14/05, Alexander Klimov wrote: This hints that indeed only some particular curves are patented. It's not just curves. Certicom has patents for some optimizations and methods for validating the strength of some uses of ECC. Grepping -list_curves of the new openssl

Amazon's

Amazon have this lovely service: if you tell if you forgot your pw, they send you to: https://www.amazon.com/exec/obidos/self-service-forgot-password-get-email-done/104-2901457-0883904 where they ask you to confirm your identity... using 5 last digits of a credit card you used with them.

MIT talk: Special-Purpose Hardware for Integer Factoring

--- Forwarded Message Open to the Public DATE:TODAY * TODAY * TODAY * WEDNESDAY, Sept. 14 2005 TIME:4:00 p.m. - 5:30 p.m. PLACE: 32-G575, Stata Center, 32 Vassar Street TITLE: Special-Purpose