Cid Carlos [EMAIL PROTECTED] writes:
Citibank e-mail looks phishy
I think Citibank aims at foot and lets loose with both barrels, then reloads
and shoots a second time would be a better title. This is a really scary
example of what Perry once referred to as banks actively training users to
Saqib Ali [EMAIL PROTECTED] writes:
I compile a lot of software on my laptop, and I *certainly notice* the
difference between my office laptop (no encryption) and my travel laptop
(with FDE). The laptops are exactly the same, with the same image loaded. The
only difference is the FDE software
Saqib Ali [EMAIL PROTECTED] writes:
My guess is that slow compilation is a result of access time
misconfiguration: if a filesystem has access time enabled, then each
time a file is read, the file system updates access time on disk. A
solution is to set noatime option on the filesystem used
Alexander Klimov [EMAIL PROTECTED] writes:
If a PC is used by an interactive user, it is irrelevant how much access time
is increased, as far as the user cannot see a difference without a timer.
Several times I have read that disk encryption is not noticeable.
I agree that in most cases the
Simon Josefsson [EMAIL PROTECTED] writes:
Not using e=3 when generating a key seems like an easy sell.
Almost no-one does this anyway, but I don't think that's much help.
A harder sell might be whether widely deployed implementations such as TLS
should start to reject signatures done with an
Leichter, Jerry [EMAIL PROTECTED] writes:
| I don't think it's a problem, you just take the ASN.1 DigestInfo
| value, since the trailing garbage isn't part of the DigestInfo, you
| ignore it. Specifically, the ASN.1 object is entirely self-contained,
| so you can tell exactly where it ends and
Yet another e=3 attack, although this one is a bit special-case. As Burt
Kaliski points out in his paper on hash function firewalls,
http://www.rsasecurity.com/rsalabs/staff/bios/bkaliski/publications/hash-firewalls/kaliski-hash-firewalls-ct-rsa-2002.pdf,
if you can control the
Leichter, Jerry [EMAIL PROTECTED] writes:
A several year old paper by Kaliski discussed using the ASN.1 OID to store
data in.
Damn, beat me to it :-).
It has slightly different properties, but the lesson in this context is that
implementations must properly check the ASN.1 OID field too.
The
Steve Schear [EMAIL PROTECTED] writes:
I have a Mondex card from years ago that used a separate reader with LCD.
Oh, so you were the Mondex user! I've always wondered who that was.
Peter.
-
The Cryptography Mailing List
Kuehn, Ulrich [EMAIL PROTECTED] writes:
But the PKCS#1 spec talks about building up the complete padded signature
input at the verifier, and then comparing it.
Uhh, did you actually read the rest of my post? *One variant of the PKCS #1
spec, that didn't exist at the time the the affected other
Kuehn, Ulrich [EMAIL PROTECTED] writes:
10.2.3 Data decoding
The data D shall be BER-decoded to give an ASN.1 value of
type DigestInfo, which shall be separated into a message
digest MD and a message-digest algorithm identifier. The
message-digest algorithm
David Wagner [EMAIL PROTECTED] writes:
(a) Any implementation that doesn't check whether there is extra junk left
over after the hash digest isn't implementing the PKCS#1.5 standard
correctly. That's a bug in the implementation.
No, it's a bug in the spec:
9.4 Encryption-block parsing
It is an
David Shaw [EMAIL PROTECTED] writes:
RFC-2440 actually gives the exact bytes to use for the ASN.1 stuff, which
nicely cuts down on ambiguity.
Ah, OK, and it uses the NULL-parameters interpretation (section 5.2.2), which
would actually be incorrect according to the current standards but at least
Simon Josefsson [EMAIL PROTECTED] writes:
Deploying a hash widely isn't done easily, though. GnuTLS only support MD2,
MD5, SHA-1 and RIPEMD (of which MD2/MD5 are by default not used to verify
signatures).
Right, but it's been pure luck that that particular implementation (and most
likely a
Victor Duchovni [EMAIL PROTECTED] writes:
This, in my view, has little to do with ASN.1, XML, or other encoding
frameworks. Thorough input validation is not yet routinely and consistently
practiced by most software developers. Software is almost invariably written
to parse formats observed in
When I fired up Firefox a few minutes ago it told me that there was a new
update available to fix security problems. I thought, Hmm, I wonder what
that would be It's interesting to note that we now have fixes for many
of the OSS crypto apps (OpenSSL, gpg, Firefox (via NSS, so probably
Simon Josefsson [EMAIL PROTECTED] writes:
Test vectors for this second problem are as below, created by Yutaka OIWA.
To make this easier to work with, I've combined them into a PKCS #7 cert chain
(attached). Just load/click on the chain and see what your app says.
(As an aside, this chain is
Steven M. Bellovin [EMAIL PROTECTED] writes:
As for the not compatible with a well-socialized human -- well, maybe -- I
don't think normal people describe themselves as paranoid by profession
Might I refer the reader to http://www.cs.auckland.ac.nz/~pgut001/. I've even
received mail from
David Shaw [EMAIL PROTECTED] writes:
Incidentally, GPG does not attempt to parse the PKCS/ASN.1 data at all.
Instead, it generates a new structure during signature verification and
compares it to the original.
How does it handle the NULL vs.optional parameters ambiguity?
Peter.
Simon Josefsson [EMAIL PROTECTED] writes:
The second problem is that the parameters field can ALSO be used to store
data that may be used to manipulate the signature value into being a cube.
To my knowledge, this was discovered by Yutaka Oiwa, Kazukuni Kobara, Hajime
Watanabe. I didn't attend
Simon Josefsson [EMAIL PROTECTED] writes:
[EMAIL PROTECTED] (Peter Gutmann) writes:
Simon Josefsson [EMAIL PROTECTED] writes:
The second problem is that the parameters field can ALSO be used to store
data that may be used to manipulate the signature value into being a cube.
To my knowledge
Ben Laurie [EMAIL PROTECTED] quotes:
Since I've been told often that most of the world won't upgrade resolvers,
presumably most of the world will be vulnerable to this problem for a long
time.
What you really meant to say was most of the vanishingly small proportion of
the world that bothers
Perry E. Metzger [EMAIL PROTECTED] writes:
I'd be interested in other people's thoughts on this. Can you use DRM to
protect something worth not eight dollars but eight million?
From the EETimes article it looks like a really complicated way of
implementing software-controlled antifuses.
I think
Thor Lancelot Simon [EMAIL PROTECTED] writes:
On Mon, Jul 03, 2006 at 10:41:05AM -0600, Anne Lynn Wheeler wrote:
however, at least some of the TPM chips have RNGs that have some level
of certification (although you might have to do some investigation to
find out what specific chip is being
Ben Laurie [EMAIL PROTECTED] writes:
So ... where are these rebadged smartcards deployed? Who rebadges them?
System integrators usually. The way it works is that the company that fabs
the devices (typically Atmel, STMicroelectronics, or Infineon) create the
silicon. Then a second-level vendor
[EMAIL PROTECTED] (Hal Finney) writes:
A few weeks ago I asked for information on using the increasingly prevalent
built-in TPM chips in computers (especially laptops) as a random number
source.
You have to be pretty careful here. Most of the TPM chips are just rebadged
smart cards, and the
kent crispin [EMAIL PROTECTED] writes:
On Thu, Jun 01, 2006 at 01:47:06PM +1200, Peter Gutmann wrote:
Grab OpenVPN (which is what OpenSWAN should be), install, point it at the
target system, and you have opportunistic encryption.
Forgive my doltishness, but could you expand on that just a bit
[EMAIL PROTECTED] writes:
I am also interested in Opportunistic Encryption. Even if it is not as
secure as a manually configured VPN, I am willing to trade that for what it
does provide. I have looked at setting up OpenSWAN in OE mode, but frankly
it is daunting even for the reasonably geeky
[EMAIL PROTECTED] writes:
OK, I'll say it. This site:
http://www.truecrypt.org/
makes me visualize tinfoil hats.
TrueCrypt is definitely deep tinfoil-hat crypto (I have an upcoming article on
disk-encryption software that goes into this in more detail). That's rather
unfortunate, because
It's a bit like the idea of putting RFID tags in cash to let muggers know who
to target:
http://www.cambridge-news.co.uk/news/region_wide/2005/08/17/06967453-8002-45f8-b520-66b9bed6f29f.lpf
MOBILE phone technology is being used by thieves to seek out and steal
laptops locked in cars in
Hi,
Basically our customer required us to encrypt any team communications. So we
used PGP with email. I know the body of the email was encrypted, and I
believe attachments were too. The certs were used to automate the
decryption. Basically the PGP plugin would check the incoming mail's sender
Alex Alten [EMAIL PROTECTED] writes:
At 03:13 AM 3/6/2006 +1300, Peter Gutmann wrote:
Basically our customer required us to encrypt any team communications. So we
used PGP with email. I know the body of the email was encrypted, and I
believe attachments were too. The certs were used
Alex Alten [EMAIL PROTECTED] writes:
What I really hated about it was that when [EMAIL PROTECTED] sent me an email
often I couldn't decrypt it. Why? Because his firm's email server decided
to put in the FROM field [EMAIL PROTECTED]. Since it didn't match
the email name in his X.509
Answer: Use google.
http://johnny.ihackstuff.com/index.php?module=prodreviewsfunc=showcontentid=246
yields just under *four thousand* OpenSSL private key files. Admittedly some
of these are test keys, but it looks like many of them aren't.
(I doubt this is restricted to OpenSSL. If there was
Steven M. Bellovin [EMAIL PROTECTED] writes:
According to the BBC, the British government is talking to Microsoft about
putting in a back door for the file encryption mechanisms.
That's one way of looking at it. It's not really a backdoor, it's a way of
spiking DRM. If the UK government can be
John Gilmore [EMAIL PROTECTED] writes:
Despite a bunch of PC graphics chips and boards having announced HDCP
support, according to the above article, it turns out that none of them will
actually work. It looks like something slipped somewhere, and an extra
crypto-key chip needed to be added to
Jack Lloyd [EMAIL PROTECTED] writes:
On Fri, Feb 10, 2006 at 07:21:05PM +1300, Peter Gutmann wrote:
Well, that's the exact problem that I pointed out in my previous message - in
order to get this right, people have to read the mind of the paper author to
divine their intent. Since
Jack Lloyd [EMAIL PROTECTED] writes:
On Thu, Feb 09, 2006 at 05:01:05PM +1300, Peter Gutmann wrote:
So you can use encrypt-then-MAC, but you'd better be *very*
careful how you apply it, and MAC at least some of the additional
non-message-
data components as well.
Looking at the definitions
Ben Laurie [EMAIL PROTECTED] writes:
Dave Howe wrote:
Oh - before I forget, I was thinking about covert channels and cds a few days
ago and realised there is already one - CDs support a special mode called
CD+G
- this is used making karaoke cds to support the video data stream; the vast
majority
James A. Donald [EMAIL PROTECTED] writes:
2. Html encourages legitimate businesses to use complicated and obfuscated
actual targets for their urls, indistinguishable from those used by phishers.
I think a more general extension of this is HTML allows the use of
arbitrarily sophisticated
Steven M. Bellovin [EMAIL PROTECTED] writes:
What makes this interesting is how it was done: software was installed on the
switch that diverted calls to a prepaid phone. Think about who could manage
that.
Just in case people think the answer is The MIB, it's actually Any kid with
a bit of
Jonathan Thornburg [EMAIL PROTECTED] writes:
Melting the CD should work... but in practice that takes a specialized oven
(I seriously doubt my home oven gets hot enough), and is likely to produce
toxic fumes, and leave behind a sticky mess (stuck to the surface of the
specialized oven).
For no
In 1996, New Zealander Nicky Hager wrote a book Secret Power containing a
great deal of information on Echelon, with a particular NZ perspective. A few
days ago, papers held by the Prime Minister of the time were accidentally
released and appeared in the Sunday Star Times. Some quotes from the
Perry E. Metzger [EMAIL PROTECTED] writes:
The latest round of SSL and X.509 certs in browsers are broken has gone on
too long.
It's been a good start though. The first step towards recovery is admitting
that you have a problem...
Hi. My name is Peter and I have an X.509 problem. Initially
Jack Lloyd [EMAIL PROTECTED] writes:
Does anyone know of any 'standard' [*] ways of encrypting private keys in the
usual PKCS #8 format without using password-based encryption? It is obviously
not hard to do, as you can stick whatever you like into the
encryptionAlgorithm field, so it would be
James A. Donald [EMAIL PROTECTED] writes:
But is what they are doing wrong?
The users? No, not really, in that given the extensive conditioning that
they've been subject to, they're doing the logical thing, which is not paying
any attention to certificates. That's why I've been taking the
Ian Grigg's blog has a neat tongue-in-cheek review of the year in security.
Here's a sample:
Browser manufacturers have moved slightly faster than your average glacier.
Microsoft moved forward by announcing that phishing was a browser problem
(Mozilla and KDE followed 8 months later), and
Philipp =?utf-8?q?G=C3=BChring?= [EMAIL PROTECTED] writes:
What is wrong with the following black-box test?
* Open browser
* Go to a dummy CA's website
* Let the browser generate a keypair through the keygen or cenroll.dll
* Import the generated certificate
* Backup the certificate together with
Victor Duchovni [EMAIL PROTECTED] writes:
On Thu, Dec 22, 2005 at 10:28:47AM +0100, Philipp G?hring wrote:
I think the better way would be if I had a possibility to verify the quality
of the random numbers used in a certificate request myself, without the
dependence on the vendor.
This is
James A. Donald [EMAIL PROTECTED] writes:
If no attacks, this is just an excuse for higher priced holy water, an
attempt to alter the Browser interface to increase revenue, not increase
security - to solve the CA's problem, not solve the user's problem.
That's a somewhat cynical view :-) of
Travis H. [EMAIL PROTECTED] writes:
In Peter Gutmann's godzilla cryptography tutorial, he has some really good
(though terse) advice on subtle gotchas in using DH/RSA/Elgamal. I learned a
few no-nos, such as not sending the same message to 3 seperate users in RSA
(if using 3 as an encryption
JXrn Schmidt [EMAIL PROTECTED] writes:
However, there are only two countries, to the best of my knowledge, that
outright ban cryptography: Russia and China. And even that's only a de-facto
ban since both only require individuals to obtain a license to use
cryptography in any way, shape or form.
Lee Parkes [EMAIL PROTECTED] writes:
A colleague of mine is locked in a battle with a client about the use of NULL
ciphers for OpenSSL. The client claims that he has/wants to allow NULL
ciphers so that people in countries that ban the use of crypto can still use
the website. My colleague wants to
bear [EMAIL PROTECTED] writes:
On Sat, 19 Nov 2005, Peter Gutmann wrote:
- The remaining user base replaced it with on-demand access to network
engineers who come in and set up their hardware and/or software for them and
hand-carry the keys from one endpoint to the other.
I guess that's one
Tero Kivinen [EMAIL PROTECTED] writes:
If I understood correctly the tools they used now did generate specific hand-
crafted packets having all kind of wierd error cases. When testing with the
crypto protocols the problem is that you also need to do the actual crypto,
key exchangement etc to be
Steven M. Bellovin [EMAIL PROTECTED] writes:
In message [EMAIL PROTECTED], Paul Hoffman writes:
Which proper programming tools would check for a logic path failure
when a crafted packet includes Subpacket A that is only supposed to
be there when Subpacket B is there, but the packet doesn't include
William Allen Simpson [EMAIL PROTECTED] writes:
So, where is the community to replace ISAKMP with something more robust?
Already happened, unfortunately it's diverged into three different branches:
- VPN hardware vendors replaced it with management tunnels, typically things
like
Florian Weimer [EMAIL PROTECTED] writes:
* Perry E. Metzger:
I haven't been following the IPSec mailing lists of late -- can anyone
who knows details explain what the issue is?
These bugs have been uncovered by a PROTOS-style test suite. Such test
suites can only reveal missing checks for
Marcel Popescu [EMAIL PROTECTED] writes:
From: [EMAIL PROTECTED] [mailto:owner-
[EMAIL PROTECTED] On Behalf Of Peter Gutmann
I can't understand why they didn't just use TLS for the handshake (maybe
YASSL) and IPsec sliding-window + ESP for the transport (there's a free
minimal
Jack Lloyd [EMAIL PROTECTED] writes:
I just reread those sections and I still don't see anything about RSA
encryption padding either. 3.2.2 just has some useless factoids about the RSA
implementation (but neglects to mention important implementation points, like
if blinding is used, or if
A number of CAs have started offering high-assurance certificates in an
attempt to... well, probably to make more money from them, given that the
bottom has pretty much fallen out of the market when you can get a standard
certificate for as little as $9.95. The problem with these certificates is
Sidney Markowitz [EMAIL PROTECTED] writes:
It looks like they are all getting their web sites from the same Hack-In-A-
Box.
My original comment on that was Looks like they got their security
certification from the same cornflakes packet :-). An anonymous contributor
sent in the following
Banks like Bank of America have taken some flak in the past for their awful
online banking security practices. I was poking around their home page today
because I wanted some screenshots to use as examples of how not to do it and I
noticed the following incredible message, which appears when you
In order to use encryption with SIP, you're stuck with using certificates
(there's no way to do authenticated DH like a number of other secure-phone
devices allow you to do). However, one vendor has found a nice way around
this: You go to their web page, enter your device IP address and SIP user
Found on the Daily WTF, http://www.thedailywtf.com/forums/43223/ShowPost.aspx:
try {
int idx = 0;
while (true) {
displayProductInfo(prodnums[idx]);
idx++;
}
}
catch (IndexOutOfBoundException ex) {
// nil
}
The editor also comments that when
Eugen Leitl [EMAIL PROTECTED] writes:
On Wed, Sep 07, 2005 at 06:08:25PM -0400, Pat Farrell wrote:
Something tells me that soon is not gonna happen in what I would
call soon. Smartcards (the smart part) were moderately interesting
when there was no networking. We've been at ubiquitous
Stephan Neuhaus [EMAIL PROTECTED] writes:
I think you're talking about me here,
Oh no, I wasn't focusing on any one person, it was a characterisation of the
general response from security people when this sort of thing is mentioned.
Long before the discussion on this list, there were already
Alaric Dailey [EMAIL PROTECTED] writes:
While I admit that PKI is flawed, I don't see anyway that PSK could used
effectively.
How are PSKs going to be shared in a secure way?
are we talking about generating a new key for every connection?
if so how do you validate the key?
if not, how do
James A. Donald [EMAIL PROTECTED] writes:
From: [EMAIL PROTECTED] (Peter Gutmann)
TLS-PSK fixes this problem by providing mutual
authentication of client and server as part of the key
exchange. Both sides demonstrate proof-of- possession
of the password (without actually communicating
Dave Howe [EMAIL PROTECTED] writes:
Nicolas Williams wrote:
Yes, a challenge-response password authentication protocol, normally
subject to off-line dictionary attacks by passive and active attackers
can be strengthened by throwing in channel binding to, say, a TLS
channel, such that: a)
John Kelsey [EMAIL PROTECTED] writes:
Recently, Earthlink's webmail server certificate started showing up as
expired. (It obviously expired a long time ago; I suspect someone must have
screwed up in changing keys over or something, because the problem wasn't
happening up until recently.)
This is
Raymond Chen's blog has an interesting look at companies trying to bypass
Windows XP's checks that a driver has been WHQL-certified:
My favorite stunt was related to my by a colleague who was installing a
video card driver whose setup program displayed a dialog that read, roughly,
After
In the 1950s we had cheque blacklists, which were used in an attempt to manage
bad cheques.
They didn't work well, and were abandoned as soon as better mechanisms
became available.
In the 1960s and 70s we had credit card blacklists, which were used in an
attempt to manage bad credit cards.
Stephan Neuhaus [EMAIL PROTECTED] writes:
So, the optimism of the article's author aside, where *do* we stand on PKI
deployment?
The same place we were standing on OSI deployment 15 years ago.
Peter.
-
The Cryptography Mailing
Peter Fairbrother [EMAIL PROTECTED] writes:
Peter Gutmann wrote:
Peter Fairbrother [EMAIL PROTECTED] writes:
Didn't the people who did US/USSR nuclear arms verification do something
very similar, except the characterised surface was sparkles in plastic
painted on the missile rather than paper
Adam Shostack [EMAIL PROTECTED] writes:
Let me propose another answer to Perry's question:
Wearing a millstone around your neck to ward off vampires.
This expresses both ends of a lose/lose proposition:
-- a burdensome solution
-- to a fantastically unimportant problem.
That sounds a
John Kelsey [EMAIL PROTECTED] writes:
One nontrivial reason is that many organizations have spent a lot of time and
money building up elaborate rules for using PKI, after long negotiations
between legal and technical people, many hours of writing and revising,
gazillions of dollars in
James A. Donald [EMAIL PROTECTED] writes:
The PKI that was designed to serve no very useful function other than make
everyone in the world pay $100 a year to Verisign is dead.
Yet the technology is potent, and the problems of identity and authenticity
are severe. We shall, bye and bye, see
Ian Brown [EMAIL PROTECTED] writes:
Steven M. Bellovin wrote:
Cambridge Trust puts your picture on the back of your VISA card, for
instance. They have for more than a decade, maybe even two.
One New York bank -- long since absorbed into some megabank -- did the
same thing about 30 years ago.
Perry E. Metzger [EMAIL PROTECTED] writes:
Why is it, then, that banks are not taking digital photographs of customers
when they open their accounts so that the manager's computer can pop up a
picture for him, which the bank has had in possession the entire time and
which I could not have forged?
[EMAIL PROTECTED] writes:
Take a look at Boojum Mobile -- it is precisely the idea of using the cell
phone as an out-of-band chanel for an in-band transaction.
http://www.boojummobile.com
Banks here have been using it to authenticate higher-value electronic
transactions as well. The way it
Ian G [EMAIL PROTECTED] writes:
Definitely. Maybe time for a BCP, not just for AES but for general block
ciphers?
What is a BCP? Best Coding Practices? Block Cipher Protocol?
Best Current Practice, a special-case type of RFC. Based on recent experience
with this style of collaborative
Peter Fairbrother [EMAIL PROTECTED] writes:
Steven M. Bellovin wrote:
Designing a system that deflects this sort of attack is challenging.
The right answer is smart cards that can digitally sign transactions
No, it isn't! A handwritten signature is far better, it gives post-facto
evidence about
Ian G [EMAIL PROTECTED] writes:
On Tuesday 21 June 2005 13:45, Peter Gutmann wrote:
Best Current Practice, a special-case type of RFC. Based on recent experience
with this style of collaborative document editing, I've set up a wiki at
http://blockcipher.pbwiki.com/, blank username, password 'sbox
Ian Grigg [EMAIL PROTECTED] writes:
Alternatively, if one is in the unfortunate position of being an oracle for a
single block encryption then the packet could be augmented with a cleartext
random block to be xor'd with the key each request.
Moves you from being an encryption oracle to a
Stephan Neuhaus [EMAIL PROTECTED] writes:
Concerning the practical use of AES, you may be right (even though it would
be nice to have some advice on what one *should* do instead).
Definitely. Maybe time for a BCP, not just for AES but for general block
ciphers?
But as far as I know, resistance
[EMAIL PROTECTED] (Hal Finney) writes:
Steven M. Bellovin writes:
Dan Bernstein has a new cache timing attack on AES:
http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
This is a pretty alarming attack.
It is? Recovering a key from a server custom-written to act as an oracle for
the
Rich Salz [EMAIL PROTECTED] writes:
Peter's shared earlier drafts with me, and we've exchanged email about this.
The only complaint that has a factual basis is this:
I don't want to have to implement XML processing to do
XML Digital Signatures
I don't want to have to
Jerrold Leichter [EMAIL PROTECTED] writes:
They also sold a full solution for encrypted Ethernet - KDC, encrypting
Ethernet adapters, associated software. None of this stuff went anywhere.
People just weren't interested.
That wasn't quite the case for the Ethernet encryption. What happened
Perry E. Metzger [EMAIL PROTECTED] writes:
Steven M. Bellovin [EMAIL PROTECTED] writes:
They're still doing the wrong thing. Unless the page was transmitted
to you securely, you have no way to trust that your username and
password are going to them and not to someone who cleverly sent you an
Ben Laurie [EMAIL PROTECTED] writes:
Anne Lynn Wheeler wrote:
Peter Gutmann wrote:
That cuts both ways though. Since so many systems *do* screw with
data (in
insignificant ways, e.g. stripping trailing blanks), anyone who does
massage
data in such a way that any trivial change
Rich Salz [EMAIL PROTECTED] writes:
I think signatures are increasingly being used for technical reasons, not
legal. That is, sign and verify just to prove that all the layers of
middleware and Internet and general bugaboos didn't screw with it.
That cuts both ways though. Since so many
Anne Lynn Wheeler [EMAIL PROTECTED] writes:
the problem was that xml didn't have a deterministic definition for encoding
fields.
Yup, see Why XML Security is Broken,
http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt, for more on this. Mind
you ASN.1 is little better, there are rules for
Heyman, Michael [EMAIL PROTECTED] writes:
The false positive I was referring to is the something is telling me
something unimportant positive. I didn't mean to infer that the users
likely went through a thought process centered around the possible causes of
the certificate failure, specifically
James A. Donald [EMAIL PROTECTED] writes:
With bank web sites, experience has shown that only 0.3% of users are
deterred by an invalid certificate, probably because very few users have any
idea what a certificate authority is, what it does, or why they should care.
James (and others): I really
Heyman, Michael [EMAIL PROTECTED] writes:
In this situation, I believe that the users, through hard won experience with
computers, _correctly_ assumed this was a false positive.
Probably not. This issue was discussed at some length on the hcisec list,
(security usability,
Invalid banking cert spooks only one user in 300
Stephen Bell, Computerworld
16/05/2005 09:19:10
Up to 300 New Zealand BankDirect customers were presented with a security
alert when they visited the bank's website earlier this month - and all but
one dismissed the warning and carried
Erwann ABALEA [EMAIL PROTECTED] writes:
On Fri, 25 Mar 2005, Florian Weimer wrote:
* Adam Back:
Does anyone have info on the cost of sub-ordinate CA cert with a name
space constraint (limited to issue certs on domains which are
sub-domains of a your choice... ie only valid to issue certs on
Steven M. Bellovin [EMAIL PROTECTED] writes:
We all understand the need to move to better hash algorithms than SHA1. At a
minimum, people should be switching to SHA256/384/512; arguably, Whirlpool is
the right way to go. The problem is how to get there from here.
So -- what should we as a
Rich Salz [EMAIL PROTECTED] writes:
Why would mozilla embed this? If they came here, to the putative experts,
for an evaluation, they'd leave thinking Amir and company just invented
Rot-13. It's not that. It's also not perfect. BFD -- you got anything
better?
This ties in to one of my
301 - 400 of 466 matches
Mail list logo