Re: RIM to give in to GAK in India

2008-05-30 Thread Arshad Noor
Even if RIM does not have the device keys, in order to share encrypted data with applications on the RIM server, the device must share a session key with the server; must it not?. Isn't RIM (their software, actually) now in a position to decrypt content sent between Blackberry users? Or, does

Re: The perils of security tools

2008-05-30 Thread Werner Koch
On Wed, 28 May 2008 10:34, [EMAIL PROTECTED] said: Yes. Still, some people are using fopen/fread to access /dev/random, which does pre-fetching on most implementations I saw, so using open/read is preferred for using /dev/random. It is not an implementaion issue but a requirement of the C

Fwd: [P1619-3] Last reminder: Call for Speakers and Sponsors for the 2008 Key Management Summit Ends This Friday

2008-05-30 Thread Arshad Noor
FYI. - Forwarded Message - From: Matt Ball [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, May 28, 2008 1:37:18 PM (GMT-0800) America/Los_Angeles Subject: [P1619-3] Last reminder: Call for Speakers and Sponsors for the 2008 Key Management Summit Ends This Friday (Please forward

Re: RIM to give in to GAK in India

2008-05-30 Thread Derek Atkins
Arshad Noor [EMAIL PROTECTED] writes: Even if RIM does not have the device keys, in order to share encrypted data with applications on the RIM server, the device must share a session key with the server; must it not?. Isn't RIM (their software, actually) now in a position to decrypt

Unpatented PAKE!

2008-05-30 Thread Ben Laurie
http://grouper.ieee.org/groups/1363/passwdPK/submissions/hao-ryan-2008.pdf At last. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.links.org/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff

Re: RIM to give in to GAK in India

2008-05-30 Thread Victor Duchovni
On Thu, May 29, 2008 at 10:05:17AM -0400, Derek Atkins wrote: Arshad Noor [EMAIL PROTECTED] writes: Even if RIM does not have the device keys, in order to share encrypted data with applications on the RIM server, the device must share a session key with the server; must it not?. Isn't

Comcast DNS entries temporarily hijacked

2008-05-30 Thread Perry E. Metzger
Apparently some pranksters hijacked Comcast's DNS entries for a few hours: http://www.heise-online.co.uk/security/Comcast-domain-diverted-by-crackers--/news/110831 [Hat tip to Bill Squier for pointing the article out.] This is hardly the first time such a thing has happened. No great harm was

Re: Unpatented PAKE!

2008-05-30 Thread Perry E. Metzger
Ben Laurie [EMAIL PROTECTED] writes: http://grouper.ieee.org/groups/1363/passwdPK/submissions/hao-ryan-2008.pdf At last. See also: http://www.lightbluetouchpaper.org/2008/05/29/j-pake/ Looks quite interesting indeed. Perry