Peter Gutmann wrote:
Ben Laurie <[EMAIL PROTECTED]> writes:
Peter Gutmann wrote:
Given that it's for USG use, I imagine the FIPS 140 entry barrier for the
government gravy train would be fairly effective in keeping any OSS products
out.
? OpenSSL has FIPS 140.
But if you build a FDE produc
Saqib,
ALL the solutions include a KMS. They all must, because encryption keys
must be generated, escrowed, recovered, managed, policies defined, etc.
for any encryption to work.
And *that* is the problem - each of the KMSs is implemented in the
vendors own design, using the vendor's proprietar
On Mon, 8 Oct 2007 09:17:48 -0700
"Alex Pankratov" <[EMAIL PROTECTED]> wrote:
>
> I am actually curious to see what was the DH modulus size in
> T's versions that were blocked by AOL. Given T's installation
> base, strong SecureIM would've dramatically complicated "lawful
> intercepts", which AO
Arshad,
Some of the solutions already include a KMS. One of the key
requirements of this particular RFP was "Transparency". Can you please
elaborate more on how StrongKey KMS would have improved on
transparency?
Thanks
saqib
http://security-basics.blogspot.com/
On 10/8/07, Arshad Noor <[EMAIL
| > But, opportunistic cryptography is even more fun. It is
| > very encouraging to see projects implement cryptography in
| > limited forms. A system that uses a primitive form of
| > encryption is many orders of magnitude more secure than a
| > system that implements none.
|
| Primitive fo
At 02:11 +1300 09.10.2007, Peter Gutmann wrote:
But if you build a FDE product with it you've got to get the entire product
certified, not just the crypto component.
I don't believe this to be the case.
FIPS 140(-2) is about validating cryptographic implementations. It is
not about certifyin
We submitted a letter to the Program Manager, that while they RFP
was asking for an FDE solution, they really needed to focus on Key
Management across the agency, rather than the actual encryption
solution itself, before they deployed any encryption product.
We proposed our open-source Symmetric
> -Original Message-
> From: Marcos el Ruptor [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 08, 2007 6:21 AM
> To: Alex Pankratov
> Cc: cryptography@metzdowd.com
> Subject: Re: Trillian Secure IM
>
> I found those threads:
>
> http://forums.ceruleanstudios.com/showthread.php?t=534
> -Original Message-
> From: Ian G [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 08, 2007 6:05 AM
> To: Peter Gutmann
> Cc: [EMAIL PROTECTED]; cryptography@metzdowd.com
> Subject: Re: Trillian Secure IM
>
> Peter Gutmann wrote:
> > "Alex Pankratov" <[EMAIL PROTECTED]> writes:
> >
Marcos el Ruptor wrote:
If that's DH exchange, then it's 128 bit one. Fertile ground
for some interesting speculation, don't you think ?
There is no speculation. It is 128-bit DH.
I have reported over three years ago to the Trillian forum that they are
using 128-bit DH and that it is not secu
I found those threads:
http://forums.ceruleanstudios.com/showthread.php?t=53433
http://forums.ceruleanstudios.com/showthread.php?t=56207
As you can see from the last post in the second thread, ultimately
they agreed that 128-bit DH is secure and that I am just some crazy
guy trying to scare
Ben Laurie <[EMAIL PROTECTED]> writes:
>Peter Gutmann wrote:
>> "Steven M. Bellovin" <[EMAIL PROTECTED]> writes:
>>> On Mon, 18 Jun 2007 22:57:36 -0700 "Ali, Saqib" <[EMAIL PROTECTED]> wrote:
US Government has select 9 security vendors that will product drive
and file level encryption sof
Peter Gutmann wrote:
> "Steven M. Bellovin" <[EMAIL PROTECTED]> writes:
>> On Mon, 18 Jun 2007 22:57:36 -0700 "Ali, Saqib" <[EMAIL PROTECTED]> wrote:
>>> US Government has select 9 security vendors that will product drive
>>> and file level encryption software.
>> Out of curiousity, are any open so
If that's DH exchange, then it's 128 bit one. Fertile ground
for some interesting speculation, don't you think ?
There is no speculation. It is 128-bit DH.
I have reported over three years ago to the Trillian forum that they
are using 128-bit DH and that it is not secure. You can look up my
"Steven M. Bellovin" <[EMAIL PROTECTED]> writes:
>On Mon, 18 Jun 2007 22:57:36 -0700 "Ali, Saqib" <[EMAIL PROTECTED]> wrote:
>> US Government has select 9 security vendors that will product drive
>> and file level encryption software.
>
>Out of curiousity, are any open source FDE products being eva
"Alex Pankratov" <[EMAIL PROTECTED]> writes:
>SecureIM handshake between two version 3.1 (latest) clients takes about .. 48
>bytes. That's altogether, 32 bytes in one direction, and 16 in another. And
>that's between the clients that have never talked to each other before, so
>there's no "session
On Mon, 18 Jun 2007 22:57:36 -0700
"Ali, Saqib" <[EMAIL PROTECTED]> wrote:
> US Government has select 9 security vendors that will product drive
> and file level encryption software.
>
> See:
> http://security-basics.blogspot.com/2007/06/fde-fde-solutions-selected-for-us.html
> OR
> http://tinyur
Hi,
I've been poking around Oscar (ICQ/AIM) protocol parsing
and had a look at Trillian's SecureIM handshake protocol.
For those who don't know, Trillian is a very popular multi-
protocol instant messanging application for Windows. One of
its notable features, for which is got some rave/positive
18 matches
Mail list logo