World-Renowned Cryptographer Arjen Lenstra Joins Bell Labs
http://www.mysan.de/international/article32397.html mysan.de/international - World-Renowned Cryptographer Arjen Lenstra Joins Bell Labs Adds Valuable Talent to Lucent Technologies#039; Network Security Research MURRAY HILL, N.J., Feb. 1 /PRNewswire-FirstCall/ -- Lucent Technologies (NYSE:LU) today announced that Arjen Lenstra, a world-renowned expert in evaluating, designing and developing the cryptographic algorithms and protocols that protect sensitive information as it is communicated electronically, has joined Bell Labs#039; Computing Sciences Research Center. Prior to joining Bell Labs, Lenstra was vice president of Information Security Services at Citigroup. Lenstra specializes in the security of systems that are widely used in e-commerce applications, such as key size selection, an important factor in how electronic transactions are secured, and the evaluation of cryptosystems such as RSA and ElGamal, encryption systems used in e-commerce protocols. quot;Arjen is a significant addition to an already world-class group of researchers at Bell Labs who are developing the algorithms, architectures and systems necessary to ensure the security and reliability of networks,quot; said Jeff Jaffe, president, Bell Labs Research and Advanced Technologies. quot;His expertise will have a profound impact not just on Lucent#039;s business, but on the business of our customers as well. We#039;re thrilled to have him on board.quot; Lenstra focuses on how academic cryptologic research and computational number theory impact practical security applications and practices. This is important because the vast majority of the crypto work happening today in research labs and universities around the world, while important and useful, is often too costly for practical implementation. Lenstra believes that bridging the gap between what#039;s theoretically possible and what#039;s practical is a major research challenge; it is the area he will concentrate on at Bell Labs. quot;I joined Bell Labs because I wanted to go back to designing algorithms and tackling hard problems in computational number theory in a way that will make a difference to people outside of academia,quot; said Lenstra. quot;What I found compelling about the Labs was that everyone I spoke with here knew exactly how the research they were doing helped the company or its customers in some meaningful way.quot; quot;Arjen#039;s network security expertise will further enhance Bell Labs#039; capability in this critical area and will enable Lucent to continue improving the security of the solutions we offer to our customers,quot; said Linda Bramblett, director of Lucent Worldwide Services#039; Security Practice. quot;We are pleased that Arjen recognized the company#039;s commitment to stay at the forefront of developing the next generation of security solutions and services, and that he will be part of the Bell Labs team helping us do just that.quot; One recent example of Lenstra#039;s expertise came after a recent cryptography conference where it was shown that some widely used hash functions -- cryptographic quot;fingerprintsquot; used in network protocols in such industries as banking to create secure digital signatures -- are weaker than expected, leaving online transactions potentially vulnerable to attack. Lenstra assessed these theories and demonstrated that their real-life impact was minimal. This kind of analysis helps Lucent#039;s customers avoid needless spending by evaluating the actual risk of developments advertised as quot;cryptographic disastersquot; to assess whether they have any significant real- life impact. Lenstra#039;s formal training is in computational number theory, a field concerned with finding and implementing efficient computer algorithms for solving various problems rooted in number theory. Lenstra was a key contributor to the team that successfully factored RSA-155, a 512-bit number, which at the time was the default key size used to secure e-commerce transactions on the Internet. This was a significant accomplishment because the RSA public-key cryptosystem relies on the inability to factor such a number, and Lenstra#039;s team was able to do so in less than seven months, suggesting this approach was not as secure as had been believed. Lenstra invented a number of widely used algorithms, cryptographic systems and software packages including FreeLIP, software used for efficient development and implementation of cryptographic protocols. In addition, Lenstra co-authored the influential paper quot;Selecting Cryptographic Key Sizes,quot; which offered guidelines for determining key sizes for cryptosystems based on a set of explicitly formulated hypotheses and data points about the cryptosystems. Lenstra has a bachelor#039;s degree in mathematics and physics, a master#039;s degree in mathematics, and a doctorate in mathematics and computer science from the University of Amsterdam. He has spent his career working, teaching or consulting
FSTC Announces Availability of FSTC Counter-Phishing Project Whitepaper and Supporting Documents
--- begin forwarded text Date: Tue, 01 Feb 2005 14:38:24 -0500 From: Zachary Tumin [EMAIL PROTECTED] Subject: FSTC Announces Availability of FSTC Counter-Phishing Project Whitepaper and Supporting Documents To: 'Members' members@ls.fstc.org Reply-To: [EMAIL PROTECTED] Thread-Index: AcUIlZgU2CHR/ELITdGfx45tInzmrg== To: All FSTC Members and Friends From: Zach Tumin, Executive Director I am pleased to announce the availability of FSTC's Understanding and Countering the Phishing Threat, the summary whitepaper of findings and recommendations of the FSTC Counter-Phishing Project. The whitepaper contains valuable data, published here for the first time, including FSTC's Phishing Attack Life Cycle and FSTC's Taxonomy of Phishing Attacks. This and all other project deliverables are located at http://fstc.org/projects/counter-phishing-phase-1/ In addition to the whitepaper, the following deliverables are being made available on the site, as follows: TO ALL: Results Summary: FSTC Counter-Phishing Solutions Survey: An overview of the 60+ solutions currently offered on the marketplace, broken down by where they map against the FSTC Phishing Attack Life Cycle TO ALL: Vocabulary of Phishing Terms: A glossary of terms used throughout the project. The project team used these to speak the same language when talking about the problem and potential solutions, whether internally, or with vendors, or with customers TO FSTC MEMBERS ONLY: Results Summarized By Solution: identifies solutions by company and product name as they map against the different phases of the FSTC Phishing Attack Life Cycle TO FSTC MEMBERS ONLY: Directory of Survey Respondents: contact information for each company/solution provider that responded to the survey FOR PURCHASE: Cost/Impact Spreadsheet Tool: a tool that provides a means to estimate the direct and indirect costs/impacts of phishing to a financial institution FSTC extends its gratitude to its member organizations for their efforts and contributions in completing this important industry research, and to the project's talented management team for helping our members realize their goals. To subscribe or unsubscribe from this elist use the subscription manager: http://ls.fstc.org/subscriber --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Dell to Add Security Chip to PCs
http://online.wsj.com/article_print/0,,SB110727370814142368,00.html The Wall Street Journal February 1, 2005 11:04 a.m. EST Dell to Add Security Chip to PCs By GARY MCWILLIAMS Staff Reporter of THE WALL STREET JOURNAL February 1, 2005 11:04 a.m. HOUSTON -- Dell Inc. today is expected to add its support to an industry effort to beef up desktop and notebook PC security by installing a dedicated chip that adds security and privacy-specific features, according to people familiar with its plans. Dell will disclose plans to add the security features known as the Trusted Computing Module on all its personal computers. Its support comes in the wake of similar endorsements by PC industry giants Advanced Micro Devices Inc., Hewlett-Packard Co., Intel Corp. and International Business Machines Corp. The technology has been promoted by an industry organization called the Trusted Computing Group. The company is also expected to unveil new network PCs. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Is 3DES Broken?
On Mon, Jan 31, 2005 at 10:38:53PM -0500, Steven M. Bellovin wrote: When using CBC mode, one should not encrypt more than 2^32 64-bit blocks under a given key. That comes to ~275G bits, which means that on a GigE link running flat out you need to rekey at least every 5 minutes, which is often impractical. Notably for those encrypting data at rest, it's also rather smaller than current hard disk sizes, which are much harder to re-key. (Even for those only encrypting data in flight, it has practical implications regarding the feasibility of capturing that data for later analysis) -- Dan. pgpeucg0rdznT.pgp Description: PGP signature
Call For Papers : HITB Security Conference Bahrain 2005
Hack In The Box Security Conference 2005 : Bahrain -- Greetings, We are inviting individuals or groups who are interested in computer and network security, challenges and practices to send in their papers for inclusion in HITBSecConf2005 Bahrain. This deep knowledge network security event will take place from April 10th - 13th in the city of Manama, Bahrain. Topics of interest include, but are not limited to the following: Analysis of network and security vulnerabilities Firewall technologies Intrusion detection / prevention Data Recovery and Incident Response GPRS and CDMA Security Identification and Entity Authentication Network Protocol and Analysis Smart Card Security Virus and Worms WLAN and Bluetooth Security. Analysis of malicious code Applications of cryptographic techniques Analysis of attacks against networks and machines Denial-of-service attacks and countermeasures File system security Security in heterogeneous and large-scale environments Espionage and Counter Intelligence Techniques for developing secure systems Military Security / Technology Summaries not exceeding 250 words should be submitted (in plain text format) to cfp -at- hackinthebox.org for review and possible inclusion in the program. All flights and hotel accomodation will be provided should your paper be accepted. ## Note: We do not accept product or vendor related pitches. If your talk involves an advertisement for a new product or service your company is offering, please do not submit. For event sponsorship details please contact Jorge Sebastiao (jorge[at]esgulf.com) For further details regarding what we have planned, please take a look at our official conference website: http://conference.hackinthebox.org/hitbsecconf2005/index.php?cat=1 Thank you, alphademon[at]hackinthebox.org - HackInTheBox Security Conference 2005 Bahrain Apr 10 - 13 2005 - - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Is 3DES Broken?
On Jan 31, 2005, at 10:38 PM, Steven M. Bellovin wrote: When using CBC mode, one should not encrypt more than 2^32 64-bit blocks under a given key. That comes to ~275G bits, which means that on a GigE link running flat out you need to rekey at least every 5 minutes, which is often impractical. Since I've seen Gigabit Ethernet cards for US$25, this bears thinking about -- and while 10GigE is still too expensive for most people, its prices are dropping rapidly. With 10GigE, you'd have to rekey every 27.5 seconds... For reference purposes, with AES you'd be safe for 2^64*128 bits. That's a Big Number of seconds. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb I would also like to reinforce Prof. Bellovin's comment that the 3DES block size is too small. In bulk storage system encryption, 3DES will require rekey every ~~65GBytes. Most PC's have more than this. With AES the number is ~250 Exabytes (which is 250 billion gigabytes). Thanks! jim - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: how to tell if decryption was successfull?
In message [EMAIL PROTECTED], Andreas writes: [newbie here] I was wondering how can one tell if some data was successfully decrypted. Isn't there an assumption going on about what the cleartext data should be? Text? Image? ZIP file? Ziped jpeg? Another cyphertext? rot-13? There are a lot of ways to tell, but you generally have to have some idea what you're looking for. For two examples of how to do it, see http://www1.cs.columbia.edu/~smb/papers/probtxt.ps (or .pdf) and http://www1.cs.columbia.edu/~smb/papers/recog.ps (or .pdf) --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Dell to Add Security Chip to PCs
Seeing as it comes out of the TCG, this is almost certainly the enabling hardware for Palladium/NGSCB. Its a part of your computer which you may not have full control over. Peter Trei Tyler Durden ANyone familiar with computer architectures and chips able to answer this question: That chip...is it likely to be an ASIC or is there already such a thing as a security network processor? (ie, a cheaper network processor that only handles security apps, etc...) -TD From: R.A. Hettinga [EMAIL PROTECTED] HOUSTON -- Dell Inc. today is expected to add its support to an industry effort to beef up desktop and notebook PC security by installing a dedicated chip that adds security and privacy-specific features, according to people familiar with its plans. Dell will disclose plans to add the security features known as the Trusted Computing Module on all its personal computers. Its support comes in the wake of similar endorsements by PC industry giants Advanced Micro Devices Inc., Hewlett-Packard Co., Intel Corp. and International Business Machines Corp. The technology has been promoted by an industry organization called the Trusted Computing Group. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: how to tell if decryption was successfull?
On Feb 1, 2005, at 13:29, Andreas wrote: I was wondering how can one tell if some data was successfully decrypted. Isn't there an assumption going on about what the cleartext data should be? Text? Image? ZIP file? Ziped jpeg? Another cyphertext? rot-13? Embedded checksums or hash codes added before encryption. The types of those checks must not interact badly with the encryption. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Call For Papers : HITB Security Conference Bahrain 2005
Posting to Dave Aitel's DailyDave list, HD Moore complained that he had not been reimbursed for 2003. The organizers responded that payment is forthcoming. Richard Thieme suggested that the correct response is to ensure you put forth no money to speak at this event. On Tue, Feb 01, 2005 at 06:58:18PM -0800, alpha wrote: | Hack In The Box Security Conference 2005 : Bahrain | -- | | Greetings, | | We are inviting individuals or groups who are | interested in computer and network security, challenges and | practices to send in their papers for inclusion in HITBSecConf2005 Bahrain. | This deep knowledge network security event will take place from April 10th - 13th in the city of Manama, Bahrain. | | Topics of interest include, but are not limited to the following: | | · Analysis of network and security vulnerabilities | · Firewall technologies | · Intrusion detection / prevention | · Data Recovery and Incident Response | · GPRS and CDMA Security | · Identification and Entity Authentication | · Network Protocol and Analysis | · Smart Card Security | · Virus and Worms | · WLAN and Bluetooth Security. | · Analysis of malicious code | · Applications of cryptographic techniques | · Analysis of attacks against networks and machines | · Denial-of-service attacks and countermeasures | · File system security | · Security in heterogeneous and large-scale environments | · Espionage and Counter Intelligence | · Techniques for developing secure systems | · Military Security / Technology | | | Summaries not exceeding 250 words should be submitted (in plain text format) to cfp -at- hackinthebox.org for review and possible inclusion in the program. All flights and hotel accomodation will be provided should your paper be accepted. | | ## Note: We do not accept product or vendor related pitches. If your talk involves an advertisement for a new product or service your company is offering, please do not submit. | | | For event sponsorship details please contact Jorge Sebastiao (jorge[at]esgulf.com) | | | For further details regarding what we have planned, please take a look at our official conference website: | http://conference.hackinthebox.org/hitbsecconf2005/index.php?cat=1 | | | Thank you, | | alphademon[at]hackinthebox.org | - | HackInTheBox Security Conference 2005 | Bahrain | Apr 10 - 13 2005 | - | | - | The Cryptography Mailing List | Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Dell to Add Security Chip to PCs
On Wed, 2 Feb 2005, Trei, Peter wrote: Seeing as it comes out of the TCG, this is almost certainly the enabling hardware for Palladium/NGSCB. Its a part of your computer which you may not have full control over. Please stop relaying FUD. You have full control over your PC, even if this one is equiped with a TCPA chip. See the TCPA chip as a hardware security module integrated into your PC. An API exists to use it, and one if the functions of this API is 'take ownership', which has the effect of erasing it and regenerating new internal keys. -- Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
MSN Belgium to use eID cards for online checking
http://www.theregister.co.uk/2005/02/01/msn_belgium_id_cards/print.html The Register Biting the hand that feeds IT The Register » Internet and Law » Digital Rights/Digital Wrongs » Original URL: http://www.theregister.co.uk/2005/02/01/msn_belgium_id_cards/ MSN Belgium to use eID cards for online checking By Jan Libbenga (libbenga at yahoo.com) Published Tuesday 1st February 2005 14:34 GMT Microsoft will integrate the Belgian eID Card with MSN Messenger. Microsoft's Bill Gates and Belgian State Secretary for e-government Peter Vanvelthoven announced the alliance today in Brussels. We're working to ensure that our technologies support e-ID, to help make online transactions and communications more secure, Gates said. eID stands for Electronic Identity Card. The card contains an electronic chip and gradually will replace the existing ID card system in Belgium. By end-2005, over 3 million eID cards will be distributed in the country. Microsoft believes that combined with the eID Card MSN Messenger chatrooms will be much safer. Users would have a trustworthy way of identifying themselves online. The Belgian Federal Computer Crime Unit (FCCU) could even refuse young children access to certain chatrooms based on their electronic identity. We're not sure yet when we will be able to deliver this integration, Bill Gates said. But developers here in Belgium and the US have proven the concept and are working already on the actual solution. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Peppercoin Small Payments Processing Suite Available to First Data Channels
http://biz.yahoo.com/prnews/050202/new005_1.html Yahoo! Finance Press Release Source: Peppercoin Peppercoin Small Payments Processing Suite Available to First Data Channels Wednesday February 2, 9:03 am ET Small Transaction Suite Certified for Sale Through Processor's Merchant Acquiring Partners WALTHAM, Mass., Feb. 2 /PRNewswire/ -- Peppercoin, a payments company that enables profitable, new business models for low-priced digital content and physical goods, today announced its Small Transaction Suite is authorized for sale by First Data's merchant acquiring partners, to satisfy the small payment needs of the 3.5 million merchant clients they serve. Peppercoin offers merchants a hosted small-payment service, based on credit and debit card usage, which enables merchants to optimize revenue and profitability. Peppercoin is the only small-payment vendor that addresses the digital, mobile and physical point-of-sale (POS) markets. Our agreement with First Data Merchant Services validates Peppercoin's ability to deliver a desired and profitable small payment solution to the financial services market, as well as the growing need for small payment credit and debit card payments solutions, said Mark Friedman, president of Peppercoin. FDMS will enable a small payment business model that enhances merchant and acquirer revenue with one complete payment application. Significant Market Opportunity: Consumers are demonstrating a clear and growing preference to use their credit and debit cards for all sizes and types of purchases. In a 2004 study, Ipsos-Insight estimated that roughly 37.5 million US consumers would choose to use their credit and debit cards for transactions below $5. Each year, more than 354 billion cash transactions occur in the U.S. for less than $5 at the physical point-of-sale, representing $1.32 trillion in aggregate revenue. Leading markets include vending ($18 billion), parking ($10 billion), coin-op ($6 billion) and quick-serve-restaurants ($110 billion). The online and mobile small payment opportunities are substantial as well; fueled by music, games, video, publishing and services. TowerGroup estimates the digital micropayments opportunity reached more than $3 billion in 2004. And a September 2004 Ipsos-Insight study revealed that, in just one year, the number of US consumers who have made small online purchases grew 250%, from 4 million to 14 million. About Peppercoin, Inc. Peppercoin enables profitable new business models for low-priced digital content and physical goods. Peppercoin's small payment products help merchants, banks, and other payments companies build market adoption quickly through a flexible, consumer-friendly approach. Peppercoin integrates easily with existing business models and systems to accelerate revenues and increase profits while dramatically lowering transaction and customer service costs. For more information visit http://www.peppercoin.com. All trademarks are the property of their respective owners. Contact: Mark McClennan or Scott Love Schwartz Communications 781-684-0770 [EMAIL PROTECTED] Source: Peppercoin -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Is 3DES Broken?
On Mon, 31 Jan 2005, Steven M. Bellovin wrote: snip re: 3des broken? [Moderator's note: The quick answer is no. The person who claims otherwise is seriously misinformed. I'm sure others will chime in. --Perry] I'll be happy to second Perry's comment -- I've seen no evidence whatsoever to suggest that it's been broken. But there are some applications where it's a bad choice for cryptographic reasons. When using CBC mode, one should not encrypt more than 2^32 64-bit blocks under a given key. I think you meant ECB mode? whichever it is, as you point out there are other and more secure modes available for using 3DES if you have a fat pipe to encrypt. Bear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Can you help develop crypto anti-spoofing/phishing tool ?
We develop TrustBar, a simple extension to FireFox ( Mozilla), that displays the name and logo of SSL protected sites, as well as of the CA (so users can notice the use of untrusted CA). I think it is fair to say that this extension fixes some glitches in the deployment of SSL/TLS, i.e. in the most important practical cryptographic solution. TrustBar works pretty well for several alpha users. The solution benefited a lot from discussions on this list, including substantial input by Ian. You can download it from http://trustbar.mozdev.org (and it is completely script so what you download is also the source code). I am hoping some of you may be able to help improve, evaluate and deploy this solution. In particular, we need implementations for other browsers (e.g. IE...); we can also use help in continuing our development as several pretty cool ideas are not done yet, due to other commitments of us (Ahamd Gbara and me). For example, we designed a simple mechanism to allow sites to protect (cryptographically) also pages where SSL is too expensive, but it is waiting for implementation for a while... And of course we need evaluations, code reviews, testing... In fact, I wouldn't object if some serious open-code developer assumed responsibility... If people are interested, and want to discuss face to face, I'll be in RSA on 15-18/February... Best, Amir Herzberg - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Dell to Add Security Chip to PCs
Erwann ABALEA wrote: On Wed, 2 Feb 2005, Trei, Peter wrote: Seeing as it comes out of the TCG, this is almost certainly the enabling hardware for Palladium/NGSCB. Its a part of your computer which you may not have full control over. Please stop relaying FUD. You have full control over your PC, even if this one is equiped with a TCPA chip. See the TCPA chip as a hardware security module integrated into your PC. An API exists to use it, and one if the functions of this API is 'take ownership', which has the effect of erasing it and regenerating new internal keys. So .. the way this works is that Dell Microsoft ship you a computer with lots of nice multimedia stuff on it. You take control of your chip by erasing it and regenerating keys, and then the multimedia software that you paid for no longer works? I'm just curious on this point. I haven't seen much to indicate that Microsoft and others are ready for a nymous, tradeable software assets world. iang -- News and views on what matters in finance+crypto: http://financialcryptography.com/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Dell to Add Security Chip to PCs
Uh, you *really* have no idea how much the black hat community is looking forward to TCPA. For example, Office is going to have core components running inside a protected environment totally immune to antivirus. Since these components are going to be managing cryptographic operations, the well defined API exposed from within the sandbox will have arbitrary content going in, and opaque content coming out. Malware goes in (there's not a executable environment created that can't be exploited), sets up shop, has no need to be stealthy due to the complete blockage of AV monitors and cleaners, and does what it wants to the plaintext and ciphertext (alters content, changes keys) before emitting it back out the opaque outbound interface. So, no FUD, you lose :) --Dan Erwann ABALEA wrote: On Wed, 2 Feb 2005, Trei, Peter wrote: Seeing as it comes out of the TCG, this is almost certainly the enabling hardware for Palladium/NGSCB. Its a part of your computer which you may not have full control over. Please stop relaying FUD. You have full control over your PC, even if this one is equiped with a TCPA chip. See the TCPA chip as a hardware security module integrated into your PC. An API exists to use it, and one if the functions of this API is 'take ownership', which has the effect of erasing it and regenerating new internal keys. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Researchers Combat Terrorists by Rooting Out Hidden Messages
On Wed, 2 Feb 2005, Alan wrote: If you really want to send secret messages, just send it in the chaff in spam. Everyone is programmed to ignore it or filter it out. Yeah, but it doesn't make for great story copy or funding proposals ;-) -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Civilization is in a tailspin - everything is backwards, everything is upside down- doctors destroy health, psychiatrists destroy minds, lawyers destroy justice, the major media destroy information, governments destroy freedom and religions destroy spirituality - yet it is claimed to be healthy, just, informed, free and spiritual. We live in a social system whose community, wealth, love and life is derived from alienation, poverty, self-hate and medical murder - yet we tell ourselves that it is biologically and ecologically sustainable. The Bush plan to screen whole US population for mental illness clearly indicates that mental illness starts at the top. Rev Dr Michael Ellner - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Researchers Combat Terrorists by Rooting Out Hidden Messages
Just herd of this http://www.spammimic.com/ AW Alan wrote: On Tue, 2005-02-01 at 23:21 -0800, Steve Schear wrote: If you really want to send secret messages, just send it in the chaff in spam. Everyone is programmed to ignore it or filter it out. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
