On Jul 24, 2009, at 9:33 PM, Zooko Wilcox-O'Hearn wrote:
[cross-posted to tahoe-...@allmydata.org and
cryptogra...@metzdowd.com]
Disclosure: Cleversafe is to some degree a competitor of my Tahoe-
LAFS project.
...
I am tempted to ignore this idea that they are pushing about
encryption
On Jul 26, 2009, at 12:11 AM, james hughes wrote:
On Jul 24, 2009, at 9:33 PM, Zooko Wilcox-O'Hearn wrote:
[cross-posted to tahoe-...@allmydata.org and cryptography@metzdowd.com
]
Disclosure: Cleversafe is to some degree a competitor of my Tahoe-
LAFS project.
...
I am tempted to ignore
Jon Callas j...@callas.org writes:
On Jul 17, 2009, at 8:39 PM, Peter Gutmann wrote:
PGP Desktop 9 uses as its default an iteration count of four
million (!!) for its password hashing, which looks like a DoS to
anything that does sanity-checking of input.
That's precisely what it is -- a
This is purely about security, not on crypto.
For those of you not in the know, there is an exploitable hole in
Adobe's Flash right now, and there is no fix available yet:
http://www.adobe.com/support/security/advisories/apsa09-03.html
(See also:
From: Nicolas Williams nicolas.willi...@sun.com
For example, many people use arcfour in SSHv2 over AES because arcfour
is faster than AES.
Joseph Ashwood wrote:
I would argue that they use it because they are stupid. ARCFOUR should
have been retired well over a decade ago, it is weak, it
If you submitted a post to the list for about an hour this afternoon
(as measured by the US/Eastern timezone), it probably bounced. There was
a brief period where email on the list server was misconfigured. My
apologies, and the problem has been fixed.
Perry
On Jul 27, 2009, at 4:50 AM, James A. Donald wrote:
From: Nicolas Williams nicolas.willi...@sun.com
For example, many people use arcfour in SSHv2 over AES because
arcfour
is faster than AES.
Joseph Ashwood wrote:
I would argue that they use it because they are stupid. ARCFOUR
should
Where this falls apart completely is when there are asymmetric
capabilities
across sender and receiver.
You are of course correct, Peter, but are you saying that we shouldn't
do anything?
I don't believe that we should roll over and die. We should fight
back, even if the advantage is to
On Jul 26, 2009, at 2:27 PM, Perry E. Metzger wrote:
...[T]here is an exploitable hole in
Adobe's Flash right now, and there is no fix available yet
This highlights an unfortunate instance of monoculture -- nearly
everyone on the internet uses Flash for nearly all the video they
watch,
so
Jerry Leichter leich...@lrw.com writes:
While I agree with the sentiment and the theory, I'm not sure that it
really works that way. How many actual implementations of typical
protocols are there?
I'm aware of at least four TCP/IP implementations in common use, several
common HTTP servers
10 matches
Mail list logo