In message [EMAIL PROTECTED],
Ian Grigg [EMAIL PROTECTED] wrote:
For example, he states that 28% of wireless
networks use WEP, and 1% of web servers use SSL,
but doesn't explain why SSL is a success and
WEP is a failure :-)
Actually, he does; slide 11 is titled Why has SSL succeeded?,
and
Anton Stiglic [EMAIL PROTECTED] writes:
It is important to chose both a random seed and random key, and FIPS 140 has
no provision for this.
Yes it does, you just have to interpret it correctly.
The post-processed pool output [from the cryptlib generator] is not sent
directly to the caller
At 04:50 PM 9/2/03 -0400, Duncan Frissell wrote:
Anyone have any pointers to non destructive methods of rendering Smart
Chips unreadable? Just curious.
DCF
Perhaps I'm being dense but how could this be non-destructive?
Do you mean non-obvious? Or reversible?
If the usual microwave games
--
On 1 Sep 2003 at 12:23, Ian Grigg wrote:
I suspect the widest use of public key crypto in a non-PKI
context would be SSH, which opportunistically generates keys
rather than invite the user to fund a PKI. According to this
page [1], there may or may not be 2,400k SSH servers
This of
--
On 1 Sep 2003 at 19:17, Hadmut Danisch wrote:
Is cryptography where security took the wrong branch?
True names is where security took the wrong branch. The entire
PKI structure has been rejected.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
Peter Gutmann wrote:
Hadmut Danisch [EMAIL PROTECTED] writes:
There was an interesting speech held on the Usenix conference by Eric
Rescorla (http://www.rtfm.com/TooSecure-usenix.pdf, unfortunately I did not
have the time to visit the conference) about cryptographic (real world)
protocols
Ian Grigg [EMAIL PROTECTED] writes:
There appear to be a number of metrics that have been suggested:
a. nunber of design wins
b. penetration into equivalent unprotected market
c. number of actual attacks defeated
d. subjective good at the application level
e. worthless
Ian Grigg [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
Ian Grigg [EMAIL PROTECTED] writes:
I think it's pretty
inarguable that SSL is a big success.
One thing that has been on my mind lately is how
to define success of a crypto protocol. I.e.,
how to take your thoughts, and my
Peter Gutmann wrote:
It's no less secure than what's being done now, and
since you can make it completely invisible to the user at least it'll get
used. If all new MTA releases automatically generated a self-signed cert and
enabled STARTTLS, we'd see opportunistic email encryption adopted at a
At 11:41 PM 9/2/2003 -0700, James A. Donald wrote:
True names is where security took the wrong branch. The entire
PKI structure has been rejected.
x.509 identity certificates are business processes ... not a cryptography
process. as I've mentioned elsewhere many of the institutions that looked
In message [EMAIL PROTECTED],
Ian Grigg [EMAIL PROTECTED] wrote:
One thing that has been on my mind lately is how
to define success of a crypto protocol.
There are two needs a security protocol can address. One is the need
to prevent or mitigate real attacks; the other is to make people feel
11 matches
Mail list logo