I wonder if much of the work on secure DHT's and such is based on bad
assumptions. A DHT is just a key/value mapping. There are two reasons to want
to distribute such a thing: To deal with high, distributed load; and because
it's too large to store on any one node. I contend that the second
On Aug 27, 2013, at 9:41 PM, Perry E. Metzger wrote:
On Tue, 27 Aug 2013 21:13:59 -0400 Jerry Leichter leich...@lrw.com
wrote:
I wonder if much of the work on secure DHT's and such is based on
bad assumptions. A DHT is just a key/value mapping. There are two
reasons to want to distribute
On Aug 27, 2013, at 9:48 PM, Perry E. Metzger wrote:
On Tue, 27 Aug 2013 22:04:22 +0100 Wendy M. Grossman
wen...@pelicancrossing.net wrote:
On 08/27/2013 18:34, ianG wrote:
Why do we need the 1980s assumption of being able to send freely
to everyone, anyway?
It's clear you're not a
On Aug 26, 2013, at 10:14 AM, Perry E. Metzger pe...@piermont.com wrote:
On Mon, 26 Aug 2013 06:47:49 +0100 Richard Clayton
rich...@highwayman.com wrote:
If you run your own emails system then you'll rapidly find out what
2013's spam / malware problem looks like.
This is slightly off
On Aug 26, 2013, at 1:16 PM, Ray Dillinger b...@sonic.net wrote:
Minor point in an otherwise interesting message:
Even a tiny one-percent-of-a-penny payment
that is negligible between established correspondents or even on most email
lists would break a spammer. Also, you can set your client to
On Aug 25, 2013, at 6:28 PM, Perry E. Metzger wrote:
[Commenting on just one minor piece]
...Similar techniques may be useful for voice traffic, but that has
interesting latency requirements, and they're hard to fulfill with a
mix network that might take arbitrary time. There's been some
On Aug 25, 2013, at 7:04 PM, Christian Huitema wrote:
I think we can agree that the first step is to deploy home servers, and that
the first application there would to host communication applications. Just
doing that without much other change would already provide protection
against the
On Aug 20, 2013, at 1:38 PM, Perry E. Metzger wrote:
What is the current state of patents on elliptic curve cryptosystems?
(It would also be useful to know when the patents on such patents as
exist end.)
As the Wikipedia article http://en.wikipedia.org/wiki/ECC_patents makes clear,
the
On Jul 5, 2013, at 12:07 PM, StealthMonger wrote:
A lawyer or other (paid) confidant was given instructions that would
disclose the key. Do this if something happens to me.
An adversary can verify an open source robot, but not such instructions.
NSA cannot verify a claim that such
Well, one does wonder about an RSA *primitive* that allows an exponent of 1.
If that's the tooling you're working atop, it's hard to imagine you're going to
produce anything decent.
-- Jerry
On Jul 1, 2013, at 8:58 AM, Eugen Leitl wrote:
On Oct 7, 2010, at 1:10 PM, Bernie Cosell wrote:
a 19-year-old just got a 16-month jail sentence for his refusal to
disclose the password that would have allowed investigators to see
what was on his hard drive.
What about http://www.truecrypt.org/docs/?s=plausible-deniability
Could this be
On Oct 7, 2010, at 4:14 AM, Christoph Gruber gr...@guru.at wrote:
a 19-year-old just got a 16-month jail sentence for his refusal to
disclose the password that would have allowed investigators to see
what was on his hard drive.
What about
On Oct 1, 2010, at 11:34 PM, Richard Outerbridge wrote:
Any implementation that returns distinguishable error conditions
for invalid padding is vulnerable...
Oh come on. This is really just a sophisticated variant of the old
never say which was wrong - login ID or password - attack. In
On Sep 22, 2010, at 9:34 AM, Steven Bellovin wrote:
Does anyone know of any ciphers where bits of keys modify the
control path, rather than just data operations? Yes, I know that
that's a slippery concept, since ultimately things like addition and
multiplication can be implemented with
On Sep 6, 2010, at 10:49 PM, John Denker wrote:
If you think about the use of randomness in cryptography, what
matters
isn't really randomness - it's exactly unpredictability.
Agreed.
This is a very
tough to pin down: What's unpredictable to me may be predictable to
you,
It's easy to
On Aug 25, 2010, at 4:37 PM, travis+ml-cryptogra...@subspacefield.org
wrote:
I also wanted to double-check these answers before I included them:
1) Is Linux /dev/{u,}random FIPS 140 certified?
No, because FIPS 140-2 does not allow TRNGs (what they call non-
deterministic). I couldn't tell
Yesterday I asked about Haystack, an anti-censorship system that
appears to exist mainly as newspaper articles. So today I ran across
another system, which appears to be real: Collage (http://gigaom.com/2010/07/12/software-uses-twitter-flickr-to-let-dissidents-send-secret-messages/
),
On Aug 17, 2010, at 4:20 AM, Peter Gutmann wrote:
Your code-signing system should create a tamper-resistant audit
trail [0] of
every signature applied and what it's applied to.
Peter.
[0] By this I don't mean the usual cryptographic Rube-Goldbergery,
just log
the details to a separate
Excerpted from
http://arstechnica.com/security/news/2010/08/cars-hacked-through-wireless-tyre-sensors.ars
-- Jerry
The tire pressure monitors built into modern cars have been shown to
be insecure by researchers from Rutgers University
We discussed the question of why IE6 is still out there. Well ... http://arstechnica.com/microsoft/news/2010/08/despite-petition-uk-government-to-keep-ie6.ars
reports that the UK government has officially decided not to replace
IE6, feeling the costs outweigh the benefits. Quoting from the
On Aug 2, 2010, at 4:19 PM, Paul Wouters wrote:
...Of course, TLS hasn't been successful in the sense that we care
about
most. TLS has had no impact on how users authenticate (we still send
usernames and passwords) to servers, and the way TLS authenticates
servers to users turns out to be
On Aug 2, 2010, at 1:25 PM, Nicolas Williams wrote:
On Mon, Aug 02, 2010 at 12:32:23PM -0400, Perry E. Metzger wrote:
Looking forward, the there should be one mode, and it should be
secure philosophy would claim that there should be no insecure
mode for a protocol. Of course, virtually all
On Aug 1, 2010, at 7:10 AM, Peter Gutmann wrote:
Thanks to all the folks who pointed out uses of m-of-n threshold
schemes,
however all of them have been for the protection of one-off, very
high-value
keys under highly controlled circumstances by trained personnel,
does anyone
know of any
On Aug 2, 2010, at 2:30 AM, Peter Gutmann wrote:
Jerry Leichter leich...@lrw.com writes:
One could certainly screw up the design of a recovery system, but one
would have to try. There really ought not be that much of difference
between recovering from m pieces and recovering from one
On Aug 1, 2010, at 10:34 AM, Henrique de Moraes Holschuh wrote:
(Please keep all CCs).
On Sun, 01 Aug 2010, Jerry Leichter wrote:
file might be reused: Stir in the date and time and anything else
that might vary - even if it's readily guessable/detectable - along
Well, yes, we have several
On Jul 28, 2010, at 11:04 AM, Jonathan Thornburg wrote:
http://www.crashie.com/ - if you're feeling malicious, just include
the one line JavaScript that will make IE6 crash, maybe eventually
the
user will figure it out. (Or maybe not).
Please stop and think about the consequences before
On Jul 27, 2010, at 5:34 PM, Ben Laurie wrote:
On 24/07/2010 18:55, Peter Gutmann wrote:
- PKI dogma doesn't even consider availability issues but expects the
straightforward execution of the condition problem - revoke cert. For a
situation like this, particularly if the cert was used to
On Jul 11, 2010, at 1:16 PM, Ben Laurie wrote:
Beyond simple hacking - someone is quoted saying You can consider
GPS a
little like computers before the first virus - if I had stood here
before
then and cried about the risks, you would've asked 'why would anyone
bother?'. - among the
On Jul 9, 2010, at 1:00 PM, Pawel wrote:
Hi,
On Apr 27, 2010, at 5:38 AM, Peter Gutmann (alt) pgut001.reflec...@gmail.com
wrote:
GPS tracking units that you can fit to your car to track where your
kids are taking it [T]he sorts of places that'll sell you card
skimmers and RFID
On Jun 3, 2010, at 10:39 AM, Sandy Harris wrote:
India recently forbade some Chinese companies from bidding on some
cell phone infrastructure projects, citing national security
concerns...
The main devices to worry about are big infrastructure pieces --
telephone switches, big routers and
On Jun 29, 2010, at 3:33 AM, Steven Bellovin wrote:
For years, there have been unverifiable statements in the press
about assorted hostile parties using steganography. There may now
be a real incident -- or at least, the FBI has stated in court
documents that it happened.
According to
On Jul 9, 2010, at 1:55 PM, Jonathan Katz wrote:
CTR mode seems a better choice here. Without getting too technical,
security of CTR mode holds as long as the IVs used are fresh
whereas security of CBC mode requires IVs to be random.
In either case, a problem with a short IV (no matter what
On Apr 21, 2010, at 7:29 PM, Samuel Neves wrote:
EC definitely has practical merit. Unfortunately the patent issues
around
protocols using EC public keys are murky.
Neither RSA nor EC come with complexity proofs.
While EC (by that I assume you mean ECDSA) does not have a formal
security
On Mar 25, 2010, at 8:05 AM, Dave Kleiman wrote:
March 24th, 2010 New Research Suggests That Governments May Fake SSL
Certificates
Technical Analysis by Seth Schoen
http://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl
Today two computer security
On Nov 18, 2009, at 6:16 PM, Anne Lynn Wheeler wrote:
... we could moved to a person-centric paradigm ... where a person
could use the same token for potentially all their interactions ...
we claimed we do something like two orders magnitude reduction in
fully-loaded costs by going to no
On Nov 21, 2009, at 6:12 PM, Bill Frantz wrote:
leich...@lrw.com (Jerry Leichter) on Saturday, November 21, 2009
wrote:
It's no big deal to read these cards,
and from many times the inch or so that the standard readers require.
So surely someone has built a portable reader
On Nov 16, 2009, at 12:30 PM, Jeremy Stanley wrote:
If one organization distributes the dongles, they could accept
only updates signed by that organization. We have pretty good
methods for keeping private keys secret at the enterprise level,
so the risks should be manageable.
But even then,
On Nov 11, 2009, at 10:36 AM, Matt Crawford wrote:
On Nov 10, 2009, at 8:44 AM, Jerry Leichter wrote:
Whether or not it can, it demonstrates the hazards of freezing
implementations of crypto protocols into ROM: Imagine a world in
which there are a couple of hundred million ZTIC's
On Nov 8, 2009, at 7:45 PM, Thorsten Holz wrote:
...There are several approaches to stop (or at least make it more
difficult) this attack vector. A prototype of a system that
implements the techniques described in your blog posting was
presented by IBM Zurich about a year ago, see
On Nov 6, 2009, at 4:19 PM, Erwan Legrand wrote:
On Tue, Nov 3, 2009 at 9:41 PM, David-Sarah Hopwood
david-sa...@jacaranda.org wrote:
Jerry is absolutely correct that the practical result will be that
most
users of OpenID will become more vulnerable to compromise of a single
password.
Do
On Nov 8, 2009, at 2:07 AM, John Levine wrote:
At a meeting a few weeks ago I was talking to a guy from BITS, the
e-commerce part of the Financial Services Roundtable, about the way
that malware infected PCs break all banks' fancy multi-password logins
since no matter how complex the login
On Nov 8, 2009, at 6:30 AM, Zooko Wilcox-O'Hearn wrote:
I propose the following combined hash function C, built out of two
hash functions H1 and H2:
C(x) = H1(H1(x) || H2(x))
I'd worry about using this construction if H1's input block and output
size were the same, since one might be able
On Nov 1, 2009, at 10:32 PM, Steven Bellovin wrote:
On Oct 29, 2009, at 11:25 PM, Jerry Leichter wrote:
A couple of days ago, I pointed to an article claiming that these
were easy to break, and asked if anyone knew of security analyses
of these facilities.
I must say, I'm very
On Nov 2, 2009, at 5:36 PM, Jeffrey I. Schiller wrote:
- Jerry Leichter leich...@lrw.com wrote:
for iPhone's and iPod Touches, which are regularly used to hold
passwords (for mail, at the least).
I would not (do not) trust the iPhone (or iPod Touch) to protect a
high value password
A couple of days ago, I pointed to an article claiming that these were
easy to break, and asked if anyone knew of security analyses of these
facilities.
I must say, I'm very disappointed with the responses. Almost everyone
attacked the person quoted in the article. The attacks they
The article at http://www.net-security.org/article.php?id=1322 claims
that both are easily broken. I haven't been able to find any public
analyses of Keychain, even though the software is open-source so it's
relatively easy to check. I ran across an analysis of File Vault not
long ago
On Oct 17, 2009, at 5:23 AM, John Gilmore wrote:
Even using keys that have a round number of bits is foolish, in my
opinion. If you were going to use about 2**11th bits, why not 2240
bits, or 2320 bits, instead of 2048? Your software already handles
2240 bits if it can handle 2048, and it's
A bit too far for a quick visit (at least for me):
http://news.bbc.co.uk/2/hi/uk_news/england/8241617.stm
-- Jerry
-
The Cryptography Mailing List
Unsubscribe by sending
On Oct 14, 2009, at 7:54 PM, Perry E. Metzger wrote:
...We should also recognize that in cryptography, a small integer
safety
margin isn't good enough. If one estimates that a powerful opponent
could attack a 1024 bit RSA key in, say, two years, that's not even a
factor of 10 over 90 days, and
On Oct 3, 2009, at 2:42 AM, Kevin W. Wall wrote:
Hi list...I have a question about Shamir's secret sharing.
According to the _Handbook of Applied Cryptography_
Shamir’s secret sharing (t,n) threshold scheme works as follows:
SUMMARY: a trusted party distributes shares of a secret S to n
Well, here I'll expect one. :-)
As there is increasing pressure to keep
records of Internet use, there will be a counter-move to use VPN's
which promise to keep no records. Which will lead to legal orders
that records be kept, with no notification to those being tracked.
Enter secure
On Sep 17, 2009, at 1:20 AM, Peter Gutmann wrote:
Kevin W. Wall kevin.w.w...@gmail.com writes:
(Obviously some of these padding schemes such as OAEP are not
suitable with
symmetric ciphers. Or at least I don't think they are.)
You'd be surprised at what JCE developers will implement just
On Sep 4, 2009, at 4:24 PM, Matt Crawford wrote:
. . . federal agents at the conference got a scare on Friday when
they were told they might have been caught in the sights of an RFID
reader.
The reader, connected to a web camera, sniffed data from RFID-
enabled ID cards and other documents
On Sep 3, 2009, at 12:26 AM, Peter Gutmann wrote:
This returns us to the previously-unsolved UI problem: how -- with
today's
users, and with something more or less like today's browsers since
that's
what today's users know -- can a spoof-proof password prompt be
presented?
Good enough to
On Sep 7, 2009, at 8:58 AM, Jerry Leichter wrote:
...standard Mac OS GUI element to prompt for passwords ...
I should expand on that a bit: This GUI element is used for all kinds
of things tied to a window, not just passwords. For example, if you
try to close a window that contains stuff
http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message%20Falsification%20Attack%20on%20WPA.pdf
A Practical Message Falsification Attack on WPA
Toshihiro Ohigashi and Masakatu Morii
Abstract. In 2008, Beck and Tews have proposed a practical attack on
WPA. Their attack (called the
http://conferences.sigcomm.org/sigcomm/2009/workshops/mobiheld/papers/p31.pdf
ABSTRACT
Modern mobile phones possess three types of capabilities:
computing, communication, and sensing. While these capa-
bilities enable a variety of novel applications, they also raise
serious privacy concerns. We
It can “...intercept all audio data coming and going to the Skype
process.”
Proof of concept, but polished versions will surely follow.
http://www.scmagazineus.com/Skype-snooping-trojan-detected/article/147537/
-- Jerry
On Aug 11, 2009, at 2:47 PM, Hal Finney wrote:
[Note subject line change]
Jerry Leichter writes:
Since people do keep bringing up Moore's Law in an attempt to justify
larger keys our systems stronger than cryptography, it's worth
keeping in mind that we are approaching fairly deep physical
Just about all notebooks shipped in the last 5 years or more contain a
helpful bit of code in the BIOS that allows for remote tracing in case
of theft. Unfortunately, it's got serious security holes, allowing it
to be used for much more nefarious purposes - like rootkits that
survive disk
3. Cleversafe should really tone down the Fear Uncertainty and
Doubt about today's encryption being mincemeat for tomorrow's
cryptanalysts. It might turn out to be true, but if so it will be
due to cryptanalytic innovations more than due to Moore's Law. And
it might not turn out like
A couple of weeks ago, Apple distributed a firmware update for their
keyboards - the standalone ones, not the ones built into laptops. I
remarked at the time (perhaps on this list?) that given a way for
Apple to update the firmware ... was there a way for others with
malicious intent?
Why Cloud Computing Needs More Chaos:
http://www.forbes.com/2009/07/30/cloud-computing-security-technology-cio-network-cloud-computing.html
[Moderator's note: ... the article is about a growing problem -- the
lack of good quality random numbers in VMs provided by services like
EC2
and the
Found on the Telecom list (which I've subscribed to for years but
almost never read any more). The paper is quite interesting.
-- Jerry
Date: Fri, 31 Jul 2009 22:07:03 -0400
From: Monty Solomon mo...@roscom.com
To:
On Jul 26, 2009, at 11:20 PM, Perry E. Metzger wrote:
Jerry Leichter leich...@lrw.com writes:
While I agree with the sentiment and the theory, I'm not sure that it
really works that way. How many actual implementations of typical
protocols are there?
I'm aware of at least four TCP/IP
On Jul 26, 2009, at 12:11 AM, james hughes wrote:
On Jul 24, 2009, at 9:33 PM, Zooko Wilcox-O'Hearn wrote:
[cross-posted to tahoe-...@allmydata.org and cryptography@metzdowd.com
]
Disclosure: Cleversafe is to some degree a competitor of my Tahoe-
LAFS project.
...
I am tempted to ignore
On Jul 26, 2009, at 2:27 PM, Perry E. Metzger wrote:
...[T]here is an exploitable hole in
Adobe's Flash right now, and there is no fix available yet
This highlights an unfortunate instance of monoculture -- nearly
everyone on the internet uses Flash for nearly all the video they
watch,
so
On Jul 21, 2009, at 10:48 PM, Perry E. Metzger wrote:
d...@geer.org writes:
The pieces of the key, small numbers, tend to =93erode=94 over
time as
they gradually fall out of use. To make keys erode, or timeout,
Vanish
takes advantage of the structure of a peer-to-peer file system. Such
On Jul 21, 2009, at 3:11 PM, Hal Finney wrote:
The first is equivalent to: knowing g^(xy) is it impossible to
deduce g^x,
where y = H(g^x). Define Y = g^x, then y = H(Y) and g^(xy) = Y^H(Y).
The
question is then:
Given Y^H(Y) can we deduce Y?
To make a simple observation: H matters. If
On Jul 8, 2009, at 8:46 PM, d...@geer.org wrote:
I don't honestly think that this is new, but even
if it is, a 9-digit random number has a 44% chance
of being a valid SSN (442 million issued to date).
Different attack. What they are saying is that given date and place
of birth - not normally
Randomness from quantum effects at Megabits per second (and they claim
they can get to Gb/s). I can't say I follow all the details of what
they're doing.
http://spie.org/x35516.xml
-- Jerry
On Jun 28, 2009, at 4:05 PM, Ivan Krstić wrote:
Does anyone have a recommended encrypted password storage program for
the mac?
System applications and non-broken 3rd party applications on OS X
store credentials in Keychain, which is a system facility for
keeping secrets. Your user keychain
On May 29, 2009, at 8:48 AM, Peter Gutmann wrote:
Jerry Leichter leich...@lrw.com writes:
For the most part, software like this aims to keep reasonably honest
people honest. Yes, they can probably hire someone to hack around
the
licensing software. (There's generally not much motivation
Using retransmissions for steganography.
http://arxiv.org/pdf/0905.0363v3
-- Jerry
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to
The introduction of the acronym DRM has drawn all the hysteria it
always does.
The description you've posted much more closely matches license (or
sometimse entitlement) management software than DRM. There are many
companies active in this field. Many are small, but Microsoft sells
On May 11, 2009, at 7:06 PM, silky wrote:
How about this.
When you modify a file, the backup system attempts to see if it can
summarise your modifications into a file that is, say, less then 50%
of the file size.
So if you modify a 10kb text file and change only the first word, it
will
On May 11, 2009, at 7:08 PM, Matt Ball wrote:
Practically, to make this work, you'd want to look at the solutions
that support 'data deduplication' (see
http://en.wikipedia.org/wiki/Data_deduplication). These techniques
typically break the data into variable length 'chunks', and
de-duplicate by
On May 11, 2009, at 8:27 PM, silky wrote:
The local version needs access to the last committed file (to compare
the changes) and the server version only keeps the 'base' file and the
'changes' subsets.
a) What's a committed file.
b) As in my response to Victor's message, note that you can't
I recently stumbled across two attempts to solve a cryptographic
problem - which has lead to what look like rather unfortunate solutions.
The problem has to do with using rsync to maintain backups of
directories. rsync tries to transfer a minimum of data by sending
only the differences
On May 8, 2009, at 3:39 PM, Ian G wrote:
The difficulty with client certs is that I need them to also work
on my
laptop. And my other laptop. And my phone.
So, how do I get hold of them when I'm on the road?
Good point. The difficulty with my passwords is that I have so many
that are so
On May 5, 2009, at 1:17 PM, Paul Hoffman wrote:
...This leads to the question: if a CA in a trust anchor pile does
something wrong (terribly wrong, in this case) and fixes it, should
they be punished? If you say yes, you should be ready to answer
who will benefit from the punishment and in
On Feb 27, 2009, at 2:13 PM, Santiago Aguiar wrote:
* Is there any standard cryptographic hash function with an output
of about 64 bits? It's OK for our scenario if finding a preimage for
a particular signature takes 5 days. Not if it takes 5 minutes.
Not specifically, but you can simply take
On Mar 2, 2009, at 12:56 PM, Santiago Aguiar wrote:
Hi,
Jerry Leichter wrote:
Not specifically, but you can simply take the first 64 bits from a
larger cryptographically secure hash function.
OK, I didn't know if it was right to do just that. We were thinking
to use that hash in an HMAC so
On Feb 17, 2009, at 6:03 PM, R.A. Hettinga wrote:
Begin forwarded message:
From: Sarad AV jtrjtrjtr2...@yahoo.com
Date: February 17, 2009 9:51:09 AM EST
To: cypherpu...@al-qaeda.net
Subject: Shamir secret sharing and information theoretic security
hi,
I was going through the wikipedia
Summary: Sweden developed its own secure encryption system for
communicating with fighter jets. A new jet, which is scheduled to
replace all existing fighters by 2011, uses a NATO-standard encryption
system - only. There is no plan in place to upgrade the ground
systems to the NATO
On Feb 19, 2009, at 8:36 AM, Peter Gutmann wrote:
There are a variety of password cost-estimation surveys floating
around that
put the cost of password resets at $100-200 per user per year,
depending on
which survey you use (Gartner says so, it must be true).
You can get OTP tokens as
On Feb 2, 2009, at 2:29 AM, Peter Gutmann wrote:
Mark Ryan presented a plausible use case that is not DRM:
http://www.cs.bham.ac.uk/~mdr/research/projects/08-tpmFunc/.
This use is like the joke about the dancing bear, the amazing thing
isn't the
quality of the dancing but the fact that the
Interesting article from the BBC on the state of play in cyber
attack and defense. Not much depth - I'm sure you weren't expecting
it, given the source - but worth looking at.
http://news.bbc.co.uk/2/hi/europe/7851292.stm
-- Jerry
On Jan 29, 2009, at 10:07 AM, Donald Eastlake wrote:
Recent research has shown that a new and disturbing form of computer
infection is readily spread: the epidemic copying of malicious code
among wireless routers without the participation of intervening
computers. Such an epidemic could easily
On Jan 30, 2009, at 4:47 PM, Ray Dillinger wrote:
I have a disgustingly simple proposal. [Basically, always include a
cryptographic token when you send mail; always require it when you
receive mail.]
There is little effective difference between this an whitelists. If I
only accept mail
On Jan 27, 2009, at 2:35 PM, Hal Finney wrote:
John Gilmore writes:
The last thing we need is to deploy a system designed to burn all
available cycles, consuming electricity and generating carbon
dioxide,
all over the Internet, in order to produce small amounts of bitbux to
get emails or
On Jan 28, 2009, at 2:03 PM, Perry E. Metzger wrote:
There's a Classified USB Cable for file transfer with Classified
PC
I wonder what a classified USB cable is. Perhaps it's an
unclassified USB
cable with the little three-prong USB logo blacked out by the
censors.
I would imagine it
I know next to nothing about the state of the art of secure cell
devices; do list members have any (public) knowledge or informed
speculation about the mechanism behind the unclassified/classified
switches? Are we talking two entire separate CPUs with a mutex-
shared screen/keyboard? Or
On Jan 26, 2009, at 2:49 AM, Ivan Krstić wrote:
[A]ny idea why the Sectéra is certified up to Top Secret for voice
but only up to Secret for e-mail? (That is, what are the differing
requirements?)
I have no information, but a guess: Phone conversation encryption, at
all levels, has been
I just received a phishing email, allegedly from HSBC:
Dear HSBC Member,
Due to the high number of fraud attempts and phishing scams, it
has been decided to
implement EV SSL Certification on this Internet Banking website.
The use of EV SSL certification works with high
Not cryptography, but the members of this list think in these terms,
so...
Just recently, my 8th-grade daughter took a school placement test.
This test (the ISEE) is administered internationally.
When we arrived, we learned that she would not be allowed into the
test room without *one*
On Jan 9, 2009, at 6:49 AM, Peter Gutmann wrote:
https://visa.com/
I get no response. None at https://www.visa.com either.
On the other hand, the US-specific site, https://usa.visa.com,
responds just fine - but it redirects you to http://usa.visa.com/index.html
. Try that same address
On Dec 30, 2008, at 4:21 PM, Sidney Markowitz wrote:
Sidney Markowitz wrote, On 31/12/08 10:08 AM:
or that CA root certs that use MD5 for their hash are
still in use and have now been cracked?
I should remember -- morning coffee first, then post.
The CA root certs themselves have not been
On Dec 28, 2008, at 8:12 PM, Perry E. Metzger wrote:
Semiconductor laser based RNG with rates in the gigabits per second.
http://www.physorg.com/news148660964.html
My take: neat, but not as important as simply including a decent
hardware RNG (even a slow one) in all PC chipsets would be.
On Dec 27, 2008, at 10:02 AM, Ben Laurie wrote:
On Fri, Dec 26, 2008 at 7:39 AM, Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
Adding support for a
service like Perspectives (discussed here a month or two back)
would be a good
start since it provides some of the assurance that a commercial
101 - 200 of 210 matches
Mail list logo