On Wed, 9 May 2007, Ali, Saqib wrote:
What about DRM/ERM that uses TPM? With TPM the content is pretty much
tied to a machine (barring screen captures etc)
Will ERM/DRM be ineffective even with the use of TPM?
ERM/DRM/TPM are such poorly defined and implemented products that people have
On Sat, 4 Nov 2006, Ralf Senderek wrote:
On the unencrypted filesystem:
# time dd if=/dev/zero of=cryptogram bs=1MB count=50
50+0 records in
50+0 records out
5000 bytes (50 MB) copied, 0.216106 seconds, 231 MB/s
real0m0.257s
user0m0.000s
sys 0m0.252s
Unless you have a disk
On Fri, 14 Jul 2006, Travis H. wrote:
Absent other protections, one could simply write a new WORM media with
falsified information.
I can see two ways of dealing with this:
1) Some kind of physical authenticity, such as signing one's name on
the media as they are produced (this assumes the
On Thu, 29 Jun 2006, Hal Finney wrote:
A few weeks ago I asked for information on using the increasingly
prevalent built-in TPM chips in computers (especially laptops) as a
random number source. I got some good advice and want to summarize the
information for the benefit of others.
Thanks
http://www.theregister.co.uk/2006/06/26/voice_phishing/
Hi-tech fraudsters have begun using recorded telephone messages in a bid to
trick users into handing over confidential account information. The tactic has
been adopted as a variant of recently detected phishing attacks targeting
On Thu, 04 May 2006 18:14:09 +0200, markus reichelt [EMAIL PROTECTED]
wrote:
Agreed; but regarding unix systems, I know of none crypto
implementation that does integrity checking. Not just de/encrypt the
data, but verify that the encrypted data has not been tampered with.
There's also
: David Chadwick, University of Kent)
- Domain Keys Identified Mail (DKIM) (Moderator: Barry Leiba, IBM)
- Browser Security User Interfaces: Why are web security decisions hard and
what can we do about it?
(Moderator: Jason Holt, Brigham Young University)
- Federal PKI Update (Moderator - Peter
On Sat, 4 Feb 2006, Travis H. wrote:
Suppose that /dev/random is too slow (SHA-1 was never meant to
generate a lot of output) because one of these machines wishes to
generate a large file for use as a one-time pad*. That leaves
distributing bits.
* /dev/random's output is limited by
On Mon, 12 Dec 2005, Paul Hoffman wrote:
Or should we just stick to wikipedia? Is it doing a satisfactory job?
Also check out the Cryptography Reader:
http://en.wikipedia.org/wiki/Wikipedia:WikiReader/Cryptography
Matt Crypto set up an article (to clean up) of the day replete with a bar
On Mon, 12 Dec 2005, Travis H. wrote:
One thing I haven't seen from a PRNG or HWRNG library or device is an
unpredictable sequence which does not repeat; in other words, a
[cryptographically strong?] permutation. This could be useful in all
Rich Schroeppel tells me his Hasty Pudding cipher
http://dot.kde.org/1132619164/
Core KDE developer George Staikos recently hosted a meeting of the security
developers from the leading web browsers. The aim was to come up with future
plans to combat the security risks posed by phishing, ageing encryption
ciphers and inconsistent SSL
On Fri, 4 Nov 2005, Travis H. wrote:
PS: There's a paper on cryptanalyzing CFS on my homepage below. I
got to successfully use classical cryptanalysis on a relatively modern
system! That is a rare joy. CFS really needs a re-write, there's no
real good alternatives for cross-platform
Thanks to everyone who has contributed feedback, cyphrpunk in particular. Here
are my thoughts on connecting nym to wikipedia. I'll take feedback here
first, then approach the WikiMedia folks.
* I believe the best solution would be for wikipedia to do the following:
- Run an SSL server
More thoughts regarding the tokens vs. certs decision, and also multi-use:
* Client certs are a pain to turn on and off. If you select ask me every
time before sending a client cert, you have to click half a dozen OKs per
page. (This could be mitigated by having Wikipedia only use the SSL
, Jason Holt wrote:
More thoughts regarding the tokens vs. certs decision, and also multi-use:
[snip]
A related approach that thwarts the network eavesdropper would be to issue
a series of certificates which expire one per interval (hour/day/whatever,
trading privacy against the hassle of managing
On Sat, 1 Oct 2005, cyphrpunk wrote:
All these degrees of indirection look good on paper but are
problematic in practice.
As the great Ulysses said,
Pete, the personal rancor reflected in that remark I don't intend to dignify
with comment. However, I would like to address your attitude
I now have a live server available for those of you who want to play with a
real nym tokenserver/CA/webserver. This process constitutes running three
scripts and installing the client cert. Details in the README:
http://www.lunkwill.org/src/nym/
(Please be nice to erg.no-ip.org).
If
On Sun, 2 Oct 2005, cyphrpunk wrote:
1. Limting token requests by IP doesn't work in today's internet. Most
Hopeless negativism. I limit by IP because that's what Wikipedia is already
doing. Sure, hashcash would be easy to add, and I looked into it just last
night. Of course, as several
-- Forwarded message --
Date: Sat, 1 Oct 2005 02:18:43 + (UTC)
From: Jason Holt [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: nym-0.2 released
nym-0.2 is now available at:
http://www.lunkwill.org/src/nym/
My tor server is currently down, so I can't set up a public
On Thu, 29 Sep 2005, Ian G wrote:
Couple of points of clarification - you mean here
CA as certificate authority? Normally I've seen
Mint as the term of art for the center in a
blinded token issuing system, and I'm wondering
what the relationship here is ... is this something
in the 1990 paper?
-- Forwarded message --
Date: Thu, 29 Sep 2005 01:49:26 + (UTC)
From: Jason Holt [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Pseudonymity for tor: nym-0.1
Per the recent discussion regarding tor and wikipedia, I've hacked together an
implementation of the basic
On Mon, 12 Sep 2005, Sidney Markowitz wrote:
Does anyone know of an open source crypto package written in perl that is
careful to try to clear sensitive data structures before they are released to
the garbage collector?
[...]
Securely deleting secrets is hard enough in C, much less high
On Thu, 4 Aug 2005, Arash Partow wrote:
ie: input1 : abcdefg - h(abcdefg) = 123
input2 : gabcdef - h(gabcdef) = 123
input3 : fgabcde - h(fgabcde) = 123
I don't have a formal reference for you, but this seems intuitively correct to
me: put the strings in a canonical form so that all
On Mon, 11 Jul 2005, Lance James wrote:
[...]
place to fend off these attacks. Soon phishers will just use the site itself
to phish users, pushing away the dependency on tricking the user with a
spoofed or mirrored site.
[...]
You dismiss too much with your just. They already do attack
On Fri, 1 Jul 2005, Charles M. Hannum wrote:
Most implementations of /dev/random (or so-called entropy gathering daemons)
rely on disk I/O timings as a primary source of randomness. This is based on
a CRYPTO '94 paper[1] that analyzed randomness from air turbulence inside the
drive case.
I
On Wed, 8 Jun 2005, David Wagner wrote:
[...]
That said, I don't see how adding an extra login page to click on helps.
If the front page is unencrypted, then a spoofed version of that page
can send you to the wrong place. Sure, if users were to check SSL
certificates extremely carefully, they
On Wed, 8 Jun 2005, Perry E. Metzger wrote:
Dan Kaminsky [EMAIL PROTECTED] writes:
2) The cost in question is so small as to be unmeasurable.
Yes, because key management is easy or free.
In this case it is. As I've said, even having all your tapes for six
months at a time use the same key
On Sun, 6 Mar 2005, David Wagner wrote:
[...]
However, I also believe it is possible -- and, perhaps, all too easy --
to use GBDE in a way that will not provide adequate security. My biggest
fear is that safe usage is just hard enough that many users will end up
being insecure. GBDE uses a
The list of accepted papers for AsiaCrypt:
http://www.iris.re.kr/ac04/
Includes one titled The MD2 Hash Function is Not One-Way. That's the first
I've heard about MD2; the other breaks were for md4 and md5. Anyone know
details?
-J
On Thu, 26 Aug 2004, Trei, Peter wrote:
While any weakness is a concern, and I'm not
going to use any of the compromised algorithms
in new systems, this type of break seems to be
of limited utility.
It allows you (if you're fortunate) to modify a signed
message and have the signature
Hiawatha's Research
Jason Holt [EMAIL PROTECTED]
June, 2004, released into the public domain.
Dedicated to Eric Rescorla, with apologies to Longfellow.
(E. Rescorla may be substituted for Hiawatha throughout.)
Hiawatha, academic,
he could start ten research papers,
start them with such mighty
On Sun, 9 May 2004, Adam Back wrote:
Anyone have to hand the expiry date on Chaum's patent? (Think it is
in patent section of AC for example; perhaps HAC also).
I think it's June 2005. Actually, now that you mention Chaum, I'll have to
look into blind signatures with the BF IBE (issuing is
[Adam and I are taking this discussion off-list to spare your inboxes, but
this message seemed particularly relevant. Perhaps we'll come back later if
we come up with anything we think will be of general interest.]
-J
On Tue, 11 May 2004, Adam Back
On Mon, 10 May 2004, Adam Back wrote:
OK that sounds like it should work. Another approach that occurs is
you could just take the plaintext, and encrypt it for the other
attributes (which you don't have)? It's usually not too challenging
to make stuff deterministic and retain security. Eg.
Here's what I remember from about a year ago about the current state of
private credentials. That recollection comes with no warranties express or
implied.
Last I heard, Brands started a company called Credentica, which seems to only
have a placeholder page (although it does have an info@
35 matches
Mail list logo
