At 10:44 AM -0700 6/22/07, Ali, Saqib wrote:
...whereas the key distribution systems we have aren't affected by
eavesdropping unless the attacker has the ability to perform 2^128 or
more operations, which he doesn't.
Paul: Here you are assuming that key exchange has already taken p
"not good
enough" by the purists. Then the IETF created the BTNS Working Group
which is spending huge amounts of time getting close to purity again.
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography
eavesdropping unless the attacker has the ability to perform 2^128 or
more operations, which he doesn't.
Which part of the word "useless" is not apparent here?
--Paul Hoffman, Director
--VPN Consortium
-
The
a few years ago.
As far
as I know, there isn't even a way to store mail routing information in
X.509 certificates.
Why would you need to? SMTP-over-TLS only identifies the system to
whom you are speaking. No routing inforation is needed or wanted.
--Paul Hoffman, Director
--VPN
For the math weenies on the list, see the full announcement here:
<http://listserv.nodak.edu/cgi-bin/wa.exe?A2=ind0705&L=nmbrthry&T=0&P=1019>.
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptog
tly impede migration.
That's good of you not to expect it, given that zero of the major CAs
seem to support ECC certs today, and even if they did, those certs
would not work in IE on XP.
--Paul Hoffman, Director
--VPN Consortium
--
sumption is that it was for the possible data on those machines.
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
At 8:59 PM -0400 5/1/07, Perry E. Metzger wrote:
[Moderator's note: Manually forwarded because of a software glitch. --Perry]
From: Gary Ellison <[EMAIL PROTECTED]>
Subject: Re: 128 bit number T-shirt?
To: "Perry E. Metzger" <[EMAIL PROTECTED]>
CC: cryptography@metzdowd.com
Date: Tue, 01 May 200
uot;security hobbiest" or "security poser".
So why do people with no training in security think
that they can freely ignore the advice of security professionals without
any negative consequences?
Because doing so can get things finished earlier and/or make a more
efficient proto
first few
days / months will be spent finger-pointing instead of fixing.
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
At 7:54 PM -0400 4/5/07, Thor Lancelot Simon wrote:
On Thu, Apr 05, 2007 at 04:49:33PM -0700, Paul Hoffman wrote:
>because, with it, one can sign the appropriate
>chain of keys to forge records for any zone one likes.
If the owner of any key signs below their level, it is immed
At 7:26 PM -0400 4/5/07, Thor Lancelot Simon wrote:
On Thu, Apr 05, 2007 at 07:32:09AM -0700, Paul Hoffman wrote:
Control: The root signing key only controls the contents of the root,
not any level below the root.
That is, of course, false,
This is, of course false. In order to control
discussed in the ISP community even before this event: many
are not sure they trust ICANN itself, much less its current "sponsor".
Note that I'm not supporting the US signing the root in the least.
I'm just saying that predicting doom is grossly premature.
-
't
be selected until after SHA-1 needs to stop being used.
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
ugh now. Some of the Big Names In
Crypto are in the second group. It looks like NIST sided with the
first group, but it will be interesting if the folks in the second
group are vocal during the coming few years.
--Paul Hoffman, Director
--VPN Consortium
sec stack and repurpose it down one layer in the
stack. At least that way you'll know the security properties of what
you create.
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubscribe by se
ard
encryption algorithm like AES, there are probably a dozen people on
this mailing list who could sanity check your product's
implementation of AES (and probably even of key storage) in less than
50 hours of consulting time,
--Paul Hoffman, Direc
ensive one will have a good one.
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
reful with
blanket criticisms.
Regards,
Paul Zufeldt
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
es to signing all
outgoing mail, not looking to see "oh, if it is James, don't sign it
because he won't like it".
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubscribe by sending
;s not. The receiving MTA *and/or* MUA can verify signatures.
That is clearly covered in the protocol document.
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
r the
company). Neither would be a first for VeriSign.
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
dest part there will be (c), but there
are many environments where signing one-way mail is quite
appropriate, particularly in replacing paper messages.
The demand for encryption of personal email is perpetually low.
Without a legal requirement, it will probably always be a small niche
mark
.
Fully agree, and I would certainly extend that to S/MIME as well.
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
ou please send me an
encrypted email -- I even let you choose any secure method that you want.
Yes, I could. But I won't bother. :-)
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubscribe b
does actually work but no one uses it. They briefly say why:
key management. Not being easy enough to use is quite different than
"NOT actually working".
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptograp
d the SAAG discussion at the
Paris IETF meeting was that the IETF should *not* propose solutions
to the problem. That is why the BOF did not turn into a Working Group
and why there has been little discussion of the proposed solutions in
the relevant IETF working groups.
--Paul Hoffman, Director
--VPN
blems, but doesn't
have the personpower to do so in a predictable fashion.
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
s, you can do your own calculations and change the paramters to
your heart's content (assuming you have root privs).
(...Other Linux-specific complaints elided...)
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptogr
rules for passwords
are these days.
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
that most users of this would be Windows folks, one could
possibly write a really creative batch program to do this, thus
eliminating the worry about the difference in executable. It would be
mostrously ugly, but a nice hack.
--Paul Hoff
first four
packets just fine.
Once that's
done, he calls A and has a password/key read out over the phone to set up for
B.
How does he fit his sneakers over the phone? :-)
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
ery complicated protocol with many within-packet and
within-stream dependencies. These cannot be resolved by "proper
programming tools" unless those tools are specifically crafted for
IKE. SSL/TLS probably suffers the same fate.
--Paul Hoffman,
.
Humorously, security folks seem to have ignored this when designing
our protocols.
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
differently-malformed packets. It is also likely that it
applies to some SSL/TLS implementations, of course using very
different malformed packets.
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubsc
they trust their security to anyone
other than Microsoft?
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
secure.
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
. From that
point on, the all-important lock is showing so they feel safe.
Although the company reporting this, SurfControl, is known for
alarmism, this is a completely predictable situation. If users can
hold one bit and the bit is "look for the lock", then phishers will
do anything to
phers?
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
At 9:32 AM -0700 9/12/05, James A. Donald wrote:
It has been a long time, and no one has paid out
money on an ECC patent yet.
That's pretty bold statement that folks at Certicom might disagree
with, even before
<http://www1.ietf.org/proceedings_new/04nov/slides/saag-2/sld1.htm>
of upgrading everyone's SSL,
and the banks' SSL processes, is wasted. That's a interesting risk.
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
read acceptance.
Bingo.
--Paul Hoffman, Director
--VPN Consortium
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
appreciated
>as well as a few of its implications, though it is early to discern
many. Such work,
>Ono said, can have important applications in number-related fields such
as cryptology.
Can someone on this list help describe the po
do business with others.
(Don't believe that? Gee, how many websites require javascript, java,
activeX?)
Paul
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Maybe the receipt should only allow the voter to check that his vote has
been counted. To get the detail you could require him to appear in person
with his receipt AND a photo ID or some such, then only allow him to view
his detail -- not print it.
Paul Zuefeldt
- Original Message -
From
arization? I had to go to city hall and
get someone
who had never met me before to look at my photo ID (which was my drivers
licence)
and sign the form saying it was me! Great system!
--
----
Paul A.S. Ward, Assistant Prof
I'm not sure why no one has considered the PC banking problem to be a
justification for secure computing. Specifically, how does a user know
their computer has not been tampered with when they wish to use it for
banking access.
Paul
John S. Denker wrote:
Previous discussions of secure comp
erits or otherwise, $1.50 is a big
deal if the
target product is some embedded device intended to sell for $10 to $20
and/or if
the target product is part of a system in which millions of such devices
are intended
to be used.
--
---
what cryptography I already knew. I still don't think it's a
particularly *practical* attack, but I could easily be wrong there, and it
only needs one. ;-)
Many thanks for your time!
Cheers,
--
Paul
"I'm not sure if this is a good or a bad thing.
;s infeasible to create a binary which produces a given hash it still
doesn't help.
Could someone help shed some light on this? Either pointing me at a paper
documenting the hole, or confirming that it's gibberish (at which point I'll
go back to work and ask him for more details :).
ve; I'm
not familiar with the others), I suspect one reason that they don't have
many problems is because very few people use them. If they started to become
more widely used, I wonder how long before compromises would creep in.
--
Paul
I discovered I scream the same way whether I'm
Comodo is a sub-CA of GTE, so it's pretty decent. On my machines here, I did
have to install their subordinate CA cert, but it was a simple matter to add
it to the AD CTL.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Howe
Sent: Thursday, September
101 - 152 of 152 matches
Mail list logo
