Recently someone proposed a system which combined ecash and hashcash
for email postage. Here is some analysis.
There are already proposals and even some working code for hashcash email
postage. See http://www.camram.org/. This is intended as an anti-spam
measure. The idea is that to send email
Often people ask about blind DSA signatures. There are many known
variants on DSA signatures which allow for blinding, but blinding "plain"
DSA signatures is not discussed much.
Clearly, blinding DSA signatures is possible, through general purpose
two party multi-party computations, such as circ
For some updated news about NGSCB, aka Palladium, go to the Microsoft
NGSCB newsgroup page at
http://communities.microsoft.com/newsgroups/default.asp?icp=ngscb&slcid=us.
This might be a good forum for cypherpunks to ask questions about
Palladium.
There was a particularly informative posting by Ell
Ian Grigg wrote:
> Jill Ramonsky wrote:
> > (3) MULTIPLY SIGNED CERTIFICATES
..snip..
> I don't believe it is possible to multiply-sign
> x.509 certs. This is one of the reasons that
> PKIs based on x.509 have a miserable record, as
> the absence of any web of trust support and the
> promoting of
hash2, hisbuf, hislen, !prio, 0);
if (memcmp (hishash, hishash2, sizeof(hishash)) != 0)
{
fprintf (stderr, "Incorrect hash, protocol failure or attack
detected\n");
exit (2);
}
printf ("
Peter Gutmann writes:
> Is it really that big a deal though? You're only ever as secure as the
> *least secure* of the 100+ CAs automatically trusted by MSIE/CryptoAPI
> and Mozilla, and I suspect that a number of those (ones with 512-bit keys
> or moribund web sites indicating that the owner has
t,
> timing, meaning, and other characteristics of the
> payload.
>
> And this does not require wide-area synchronization.
> If incoming packets are delayed or lost, outgoing
> packets may have to include nulls (i.e. cover traffic).
Suppose you are engaged in a video conference wi
beyond the _a priori_ obvious fact that some pair
> of subscribers *may* have communicated.
This is not true, and in fact this result is one of the most important
to have been obtained in the anonymity community in the past decade. The
impossibility of practical, strong, real-time anonymous c
A number of SSL-enabled applications use precomputed public DH parameters (p and g)
generated for use in the SKIP protocol. The original page appears to be off the air;
here's an archived version:
http://web.archive.org/web/20011212141438/http://www.skip-vpn.org/spec/numbers.html#params
Quest
The problem to be solved is this. Spoofed sites can acquire user
credentials, especially passwords, and then use those to impersonate the
user on the real sites. With paypal and e-gold, this allows stealing
real money.
Using client certificates to authenticate would solve this, because
even if t
James A. Donald writes:
> Suppose the e-gold, to prevent this sea of spam trying to get
> people to login to fake e-gold sites, wanted people to use
> public keys instead of shared secrets, making your secret key
> the instrument that controls the account instead of your shared
> password.
>
>
I tried to notify the BIS that I was posting some code and I got this
error back:
> <[EMAIL PROTECTED]>:
> 170.110.31.61 failed after I sent the message.
> Remote host said: Can't create transcript file ./xfh4VJhUa02511: No space left on
> device
>
> <[EMAIL PROTECTED]>:
> 170.110.31.61 failed aft
12 matches
Mail list logo