On 02/10/13 18:42, Arnold Reinhold wrote:
On 1 Oct 2013 23:48 Jerry Leichter wrote:
The larger the construction project, the tighter the limits on this stuff. I used to work with a former structural
engineer, and he repeated some of the "bad example" stories they are taught. A famous case a
On 24 September 2013 17:01, Jerry Leichter wrote:
> On Sep 23, 2013, at 4:20 AM, ianG wrote:
>>> ... But they made Dual EC DRBG the default ...
>>
>> At the time this default was chosen (2005 or thereabouts), it was *not* a
>> "mistake".
https://www.schneier.com/blog/archives/2007/11/the_stra
On 23 September 2013 01:09, Phillip Hallam-Baker wrote:
> So we think there is 'some kind' of backdoor in a random number generator.
> One question is how the EC math might make that possible. Another is how
> might the door be opened.
Are you talking about http://en.wikipedia.org/wiki/Dual_EC_DR
On 10/09/13 15:58, james hughes wrote:
On Sep 9, 2013, at 9:10 PM, Tony Arcieri mailto:basc...@gmail.com>> wrote:
On Mon, Sep 9, 2013 at 9:29 AM, Ben Laurie mailto:b...@links.org>> wrote:
And the brief summary is: there's only one ciphersuite left that's
good, and unfortunately its only
On Tue, 2008-09-23 at 00:09 -0700, Jon Callas wrote:
> >> A cheap USB camera would make a good source.
> >> The cheaper the better, too. Pull a frame off,
> >> hash it, and it's got entropy, even against a
> >> white background. No lava lamp needed.
> >
> > I sort of agree, but I feel cautious abou
eople with access to the servers at usable.com from having the ability
to impersonate users of the service.
--apb (Alan Barrett)
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
On Sun, 2007-12-30 at 08:30 -0500, Richard Salz wrote:
> In my personal experience, if you are developing a mass-market item with
> conventional crypto (e.g., SSL, S/MIME, etc ) then it is fairly routine to
> get a commodity export license which lets you sell globally.
>
> Disclaimers abound, i
What are the rules these days on crypto exports. Is a review still
required? If so, what gets rejected?
Just wondering... I have people at work ask me what the rules are and I
have not kept up with them. If GnuPG can ship, what gets rejected? Is
there some magic cryptotech I am not aware of?
f, 0, sizeof(buf));
--apb (Alan Barrett)
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
On Tue, 18 Sep 2007, James A. Donald wrote:
Using SRAM as a source of either randomness or unique
device ID is fragile. It might well work, but one
cannot know with any great confidence that it is going
to work. It might work fine for every device for a
year, and then next batch arrives, and i
ing fields of a struct is undefined.
ANSI C also says that struct assignment is a memcpy. Therefore struct
assignment in ANSI C is a violation of ANSI C..."
- Alan Cox
-
The Cryptography Maili
problem to the bank via email. I
asked them to: use the bank's domain name, not bankserv.co.za; use a
unique PIN instead of re-using the ATM PIN; use one time passwords
instead of PINs. I haven't had a response to my suggestions.
--apb (Alan Barrett)
---
On Tue, 15 Aug 2006, Bill Stewart wrote:
Crypto is usually about economics and scalability.
If you're doing this for DOS/DDOS prevention,
you don't need the NP-completeness perfection you get from
Hamiltonian paths or similar problems - SHA is fine,
or any other hash that's quick to verify and
On Tue, 25 Jul 2006, Perry E. Metzger wrote:
EE Times is carrying the following story:
http://www.eetimes.com/news/latest/showArticle.jhtml?articleID=190900759
It is about attempts to use cryptography to protect chip designs from
untrustworthy fabrication facilities, including a technology fr
On Fri, 12 May 2006, [EMAIL PROTECTED] wrote:
"Perry E. Metzger" writes:
-+
|
| And a personal note to you all:
|
| Let me again remind people that if you do not inform your elected
| representatives of your displeasure with this sort of thing,
| eventually you will not
On Fri, 12 May 2006, [EMAIL PROTECTED] wrote:
alan writes:
-+--
|
| Probably because most Americans believe they are being spied on
| anyways. (And have for a very long time.)
|
Au contraire', it is precisely what, for example,
my spouse would say: "I live a decent lif
arge, but the bank was
still unable or unwilling to show me the promised copies of relevant
documents. The merchant eventually contacted me about the repudiated
charge.
--apb (Alan Barrett)
-
The Cryptography Mailing List
Unsu
On Tue, 2005-02-01 at 23:21 -0800, Steve Schear wrote:
> At 02:07 PM 2/1/2005, Tyler Durden wrote:
>
> >Counter-stego detection.
> >
> >Seems to me a main tool will be a 2-D Fourier analysis...Stego will
> >certainly have a certain "thumbprint", depending on the algorithm. Are
> >there certain i
card in an external reader with a keypad? Aside from
> the weight of the 'computer' in your pocket...
The risks of using *somebody else's keypad* to type passwords or
instructions to your smartcard, or using *somebody else's display* to
view output that is intended to b
On Tue, 30 Dec 2003, Bill Stewart wrote:
> The reason it's partly a cryptographic problem is forgeries.
> Once everybody starts whitelisting, spammers are going to
> start forging headers to pretend to come from big mailing lists
> and popular machines and authors, so now you'll not only
> need to
On Tue, 30 Dec 2003, Eric S. Johansson wrote:
> But using your spam size, , the slowdown factor becomes roughly
> 73 times. So they would need 73 machines running full tilt all the time
> to regain their old throughput.
Believe me, the professionals have enough 0wned machines that this is
trivi
21 matches
Mail list logo