On 08/01/2010 01:51 PM, Jeffrey I. Schiller wrote:
I remember them well. Indeed these protocols, presumably you are
talking about Secure Electronic Transactions (SET), were a major
improvement over SSL, but adoption was killed by not only failing the
give the merchants a break on the fraud
Jonathan Katz wrote:
On Sat, 31 Jul 2010, Jakob Schlyter wrote:
On 31 jul 2010, at 08.44, Peter Gutmann wrote:
Apparently the DNS root key is protected by what sounds like a
five-of-seven
threshold scheme, but the description is a bit unclear. Does anyone
know
more?
The DNS root key is
Peter Gutmann wrote:
Thierry Moreau thierry.mor...@connotech.com writes:
With the next key generation for DNS root KSK signature key, ICANN may have
an opportunity to improve their procedure.
What they do will really depend on what their threat model is. I suspect that
in this case their
On 7/28/10 at 8:52 PM, pfarr...@pfarrell.com (Pat Farrell) wrote:
When was the last time you used a paper Yellow Pages?
Err, umm, this last week. I'm in a place where cell coverage
(ATT, Verizon has a better reputation) is spotty and internet
is a dream due to a noisy land line. I needed to
On Aug 1, 2010, at 7:10 AM, Peter Gutmann wrote:
Thanks to all the folks who pointed out uses of m-of-n threshold
schemes,
however all of them have been for the protection of one-off, very
high-value
keys under highly controlled circumstances by trained personnel,
does anyone
know of any
http://arstechnica.com/tech-policy/news/2010/08/after-spyware-failed-uae-gives-up-and-bans-blackberries.ars
By John Timmer
Discussing in general terms RIM's Blackberry email server connections to
their servers in Canada's encryption resistance to United Arab Emirates
monitoring efforts when used
Jerry Leichter leich...@lrw.com writes:
One could certainly screw up the design of a recovery system, but one
would have to try. There really ought not be that much of difference
between recovering from m pieces and recovering from one.
There's a *huge* difference, see my previous posting
On Aug 2, 2010, at 2:30 AM, Peter Gutmann wrote:
Jerry Leichter leich...@lrw.com writes:
One could certainly screw up the design of a recovery system, but one
would have to try. There really ought not be that much of difference
between recovering from m pieces and recovering from one.
On 07/31/2010 09:00 PM, Jerry Leichter wrote:
I wouldn't recommend this for high-value security, but then if you're
dealing with high-value information, there's really no excuse for not
having and using a source of true random bits.
Yes indeed!
On the question of what to do if we can't be
On 1/08/10 9:08 PM, Peter Gutmann wrote:
John Levinejo...@iecc.com writes:
Geotrust, to pick the one I use, has a warranty of $10K on their cheap certs
and $150K on their green bar certs. Scroll down to the bottom of this page
where it says Protection Plan:
On 7/31/2010 2:54 PM, Adam Shostack wrote:
On Sat, Jul 31, 2010 at 06:44:12PM +1200, Peter Gutmann wrote:
| Apparently the DNS root key is protected by what sounds like a five-of-seven
| threshold scheme, but the description is a bit unclear. Does anyone know
| more?
|
| (Oh, and for people who
On Mon, 02 Aug 2010 15:10:51 +1200 David G. Koontz
david_koo...@xtra.co.nz wrote:
http://arstechnica.com/tech-policy/news/2010/08/after-spyware-failed-uae-gives-up-and-bans-blackberries.ars
See also:
https://www.nytimes.com/2010/08/02/business/global/02berry.html
The BBC did a story on this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OK. I'm being a bit lazy but...
I've read through the ceremony script and all that, but I have a
simple question which the script documents didn't really answer:
Does the root KSK exist in a form that doesn't require the HSM to
re-join, or more to
...In his presentation at the Black Hat Conference, German GSM expert Karsten
Nohl presented a tool he calls Kraken, which he claims can crack the A5/1
encryption used for cell phone calls within seconds.
On Mon, 2 Aug 2010 11:02:54 -0400 Bill Squier g...@old-ones.com
wrote:
...In his presentation at the Black Hat Conference, German GSM
expert Karsten Nohl presented a tool he calls Kraken, which he
claims can crack the A5/1 encryption used for cell phone calls
within seconds.
On Sat, Jul 31, 2010 at 12:32:39PM -0400, Perry E. Metzger wrote:
[...]
3 Any security system that demands that users be educated,
i.e. which requires that users make complicated security decisions
during the course of routine work, is doomed to fail.
[...]
I would amend this to say which
On Mon, 2010-08-02 at 11:02 -0400, Bill Squier wrote:
...In his presentation at the Black Hat Conference, German GSM expert
Karsten Nohl presented a tool he calls Kraken, which he claims can crack the
A5/1 encryption used for cell phone calls within seconds.
On Mon, 02 Aug 2010, Christoph Anton Mitterer wrote:
On Sat, 2010-07-31 at 13:36 -0700, John Denker wrote:
And we should move the seed file to somewhere inside /etc or /lib. It is
as
simple as that. /var cannot be used for any data you need at early
userspace.
There are strong
In a related story, hacker Chris Paget created his own cell-phone base station
that turned off encryption on all devices connecting to it. The station then
routes the calls through VoIP.
http://www.wired.com/threatlevel/2010/07/intercepting-cell-phone-calls/
-Adrian
On 2 Aug 2010, at 16:02,
On Mon, Aug 02, 2010 at 04:55:04PM +0100, Adrian Hayter wrote:
In a related story, hacker Chris Paget created his own cell-phone base
station that turned off encryption on all devices connecting to it. The
station then routes the calls through VoIP.
Jerry Leichter leich...@lrw.com writes:
Here's how I would do it: Key segments are stored on USB sticks. There's a
spot on the device with m USB slots, two buttons, and red and green LED's.
You put your USB keys into the slots and push the first button. If the red
LED lights - you don't have
On Mon, 2 Aug 2010 12:12:25 -0400 Adam Fields
cryptography23094...@aquick.org wrote:
Apropos the theses thread, this article contains mention of an
interesting security feature:
'Although the GSM specifications say that a phone should pop up a
warning when it connects to a station that
On Aug 2, 2010, at 11:08 AM, Perry E. Metzger wrote:
On Mon, 2 Aug 2010 11:02:54 -0400 Bill Squier g...@old-ones.com
wrote:
...In his presentation at the Black Hat Conference, German GSM
expert Karsten Nohl presented a tool he calls Kraken, which he
claims can crack the A5/1 encryption used
On Mon, 2 Aug 2010, Perry E. Metzger wrote:
For example, in the internet space, we have http, smtp, imap and other
protocols in both plain and ssl flavors. (IPSec was originally
intended to mitigate this by providing a common security layer for
everything, but it failed, for many reasons. Nico
On Mon, 2 Aug 2010 12:45:46 -0400 John Kemp j...@jkemp.net wrote:
On Aug 2, 2010, at 11:08 AM, Perry E. Metzger wrote:
On Mon, 2 Aug 2010 11:02:54 -0400 Bill Squier g...@old-ones.com
wrote:
...In his presentation at the Black Hat Conference, German GSM
expert Karsten Nohl presented a
On Mon, Aug 02, 2010 at 12:32:23PM -0400, Perry E. Metzger wrote:
Looking forward, the there should be one mode, and it should be
secure philosophy would claim that there should be no insecure
mode for a protocol. Of course, virtually all protocols we use right
now had their origins in the
On Mon, Aug 02, 2010 at 01:05:53PM -0400, Paul Wouters wrote:
On Mon, 2 Aug 2010, Perry E. Metzger wrote:
For example, in the internet space, we have http, smtp, imap and other
protocols in both plain and ssl flavors. (IPSec was originally
intended to mitigate this by providing a common
minor addenda about speeds feeds concerning the example of mid-90s payment
protocol specification that had enormous PKI/certificate bloat ... and SSL.
The original SSL security was predicated on the user understanding the
relationship between the webserver they thought they were talking to,
Hi,
the interesting thread on seeding and reseeding /dev/random did not
mention that many of the most problematic systems in this respect are
virtual machines. Such machines (when used for cloud computing) are
not only servers, so have few sources of true and hard-to-observe
entropy. Often
29 matches
Mail list logo