Let me raise a different issue: a PRNG might be better *in practice*
because of higher assurance that it's actually working as designed at
any given time.
Hardware random number generators are subject to all sorts of
environmental issues, including stuck bits, independent oscillators
that
On Mon, Jan 10, 2005 at 08:33:41PM -0800, David Wagner wrote:
| In article [EMAIL PROTECTED] you write:
| Voice Over Internet Protocol and Skype Security
| Simson L. Garfinkel
|
http://www.soros.org/initiatives/information/articles_publications/articles/security_20050107/OSI_Skype5.pdf
|
| Is
Ben Laurie wrote:
William Allen Simpson wrote:
Why then restrict it to non-communications usages?
Because we are starting from the postulate that observation of the
output could (however remotely) give away information about the
underlying state of the entropy generator(s).
Surely observation of
Ed Gerck wrote:
Let me comment, John, that thermal noise is not random
When did you figure that out? If you'd been paying attention,
you'd know that I figured that out a long time ago.
First of all, the phrase not random is ambiguous. I said
Some people think random should denote 100% entropy
Ben Laurie wrote:
William Allen Simpson wrote:
Why then restrict it to non-communications usages?
Because we are starting from the postulate that observation of the
output could (however remotely) give away information about the
underlying state of the entropy generator(s).
Surely observation of
People may already have seen this, but maybe not. Another Skype
analysis:
http://www.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf
--
Chris Palmer
Technology Manager, Electronic Frontier Foundation
415 436 9333 x124 (desk), 415 305 5842 (cell)
81C0 E11D CE73
Ian G wrote:
The *requirement* is that the generator not leak
information.
This requirement applies equally well to an entropy
collector as to a PRNG.
Now here we disagree. It was long my understanding
that the reason the entropy device (/dev/random)
could be used for both output and input, and
* Stefan Mink:
a) It would be good to hear from this community if there
are any negative aspects of OpenVPN (vs. IPsec VPNs).
It's not standardized, and it only interoperates with itself (but this
is true for many IPsec implementations as well). This is more than
compensated by its
- Original Message -
From: David Wagner [EMAIL PROTECTED]
Subject: Simson Garfinkel analyses Skype - Open Society Institute
In article [EMAIL PROTECTED] you write:
Is Skype secure?
The answer appears to be, no one knows. The report accurately reports
that because the security
Call for Participation Deadline January 17, 2005
***
DIMACS Workshop on Security of Web Services and E-Commerce
May 5 - 6, 2005
DIMACS Center, Rutgers University, Piscataway, NJ
Organizer:
Brian
http://online.wsj.com/article_print/0,,SB110549106703823542,00.html
The Wall Street Journal
January 12, 2005
Effort to Speed
Airport Security
Is Going Private
Move Aims to Expand Program
That Preregisters People
Who Travel Frequently
By AMY SCHATZ
Staff Reporter of THE WALL STREET
William Allen Simpson wrote:
Ben Laurie wrote:
William Allen Simpson wrote:
Why then restrict it to non-communications usages?
Because we are starting from the postulate that observation of the
output could (however remotely) give away information about the
underlying state of the entropy
From: Stuart E. Schechter [EMAIL PROTECTED]
Subject: [fc-announce] FC'05 - Registration Now Open
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
Date: Wed, 12 Jan 2005 21:29:22 -0500
Registration now open at
http://www.ifca.ai/fc05/registration.html
Call for Participation
NIST mulls new WLAN security guidelines
By Ellen Messmer
The National Institute of Standards and Technology, the federal
agency responsible for defining security standards and practices
for the government, plans to issue new guidelines pertaining to
wireless LANs in the near future.
The
William Allen Simpson wrote:
Ian G wrote:
The *requirement* is that the generator not leak
information.
This requirement applies equally well to an entropy
collector as to a PRNG.
Now here we disagree. It was long my understanding
that the reason the entropy device (/dev/random)
could be used for
http://www.cbronline.com/article_news.asp?guid=38DE2210-C6D9-4A59-B84F-98588FA24962
- Computer Business Review
Sun creates world's smallest SSL Web server
Sun Microsystems Inc has created what can truly be called a microsystem.
The tiny server, nicknamed Sizzle (from Slim SSL), is the size and
http://www.forbes.com/forbes/2005/0131/096_print.html
Forbes
Security
Hanging the Pirates
01.31.05
Paul Kocher has a way to save Hollywood from illegal copying.
Over the past few months top brass from Hollywood and Japan's consumer
electronics giants have been hashing out their futures in
Dear Virtual Goods Community,
here is the link to the cfp:
http://virtualgoods.tu-ilmenau.de/2005/cfp_short.txt
Please feel free to distrubute it.
Best regards
Juergen
Here is the text:
C A L L F O R P A P E R S
The 3rd International Workshop for
From: [EMAIL PROTECTED]
Subject: [i2p] Tunnel cryptography for I2P 0.5 (corrected typo)
To: [EMAIL PROTECTED]
Date: Mon, 17 Jan 2005 22:15:33 -0800
Citizens of I2P,
The following is a discussion of tunnel cryptography plans for
I2P 0.5. There are two options; one will be chosen.
[1] and [2]
Thanks Connelly for the writeup and the discussion,
The following is a discussion of tunnel cryptography plans for
I2P 0.5. There are two options; one will be chosen.
A few key changes were missed in this draft, and I've incorporated
all of the suggestions from yesterday into [1]. The
http://www.theregister.co.uk/2005/01/17/webpay_voucher_fraud/print.html
The Register
Biting the hand that feeds IT
The Register » Security » Network Security »
Original URL: http://www.theregister.co.uk/2005/01/17/webpay_voucher_fraud/
Webpay system open to voucher fraud
By Jan Libbenga
CALL FOR PARTICIPATION**
*
DIMACS Workshop on Theft in E-Commerce: Content, Identity, and Service
April 14 - 15, 2005
DIMACS Center, Rutgers University, Piscataway, NJ
Organizers:
http://www.theinquirer.net/print.aspx?article=20790print=1
Word and Excel have RC4 flaw, claim
Cryptic cross words
By: Nick Farrell Wednesday 19 January 2005, 07:50
SECURITY EXPERT Bruce Schneier claims that Microsoft's Word and Excel
security protection systems have amateurish flaws which
http://www.schneier.com/blog/archives/2005/01/microsoft_rc4_f.html
Bruce Schneier
Schneier on Security
A weblog covering security and security technology.
January 18, 2005
Microsoft RC4 Flaw
One of the most important rules of stream ciphers is to never use the same
keystream to
http://online.wsj.com/article_print/0,,SB110609171910929502,00.html
The Wall Street Journal
January 19, 2005
Consumer-Electronics Firms Join
To Develop Antipiracy Software
By DON CLARK
Staff Reporter of THE WALL STREET JOURNAL
January 19, 2005; Page D5
Some of the biggest
Registration Deadline: January 24, 2005**
*
DIMACS Workshop on Bounded Rationality
January 31 - February 1, 2005
DIMACS Center, Rutgers University, Piscataway, NJ
Organizers:
Lance Fortnow,
--- begin forwarded text
Date: Sat, 22 Jan 2005 10:01:46 +0100
From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Tor 0.0.9.3 is out (fwd from [EMAIL PROTECTED])
User-Agent: Mutt/1.4i
Sender: [EMAIL PROTECTED]
From: Roger Dingledine [EMAIL PROTECTED]
Subject: Tor 0.0.9.3 is out
[From: http://www.newscientist.com/article.ns?id=dn6894]
Setting up a wireless computer network at home has never been easier or
cheaper. But the freedom to access the internet from anywhere in or around
the house comes at a cost: Wi-Fi networks leave home computer users open to
unprecedented
--- begin forwarded text
To: sec-lists: ;, anonymity researchers: ;,
David Martin [EMAIL PROTECTED]
Date: Tue, 25 Jan 2005 15:05:55 +
From: George Danezis [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: PET 2005 Submission deadline approaching (7 Feb) and PET Award (21
Feb)
http://www.forbes.com/2005/01/19/cx_pp_0120spyedelman_print.html
Forbes
Software
Sleuthing Spyware--And Its Corporate Sponsors
Penelope Patsuris, 01.19.05, 5:34 PM ET
Benjamin Edelman became a spyware expert before most of us had any idea
what was even clogging our computers.
He's
30 matches
Mail list logo