I think this is a good summary of how it should work, except, that I
don't think messages should be signed by default, only authenticated
(MAC). Users should be clearly aware of making a non-repudable statement.
Plus, it may be preferable to use something like matasignatures.org to
ensure
On Tue, 29 Mar 2005 16:06:05 +0100, Ian G [EMAIL PROTECTED] wrote:
I'd be interested to hear why he wants to
improve on AES. The issue with doing that
is that any marginal improvements he makes
will have trouble overcoming the costs
involved with others analysing his work.
Several things
--
On 30 Mar 2005 at 13:00, Amir Herzberg wrote:
A missing element is motivation for getting something
like this deployed... I think spam could offer such
motivation;
Phishing is costing billions, and is a major obstacle to
electronic commerce. In my judgment, fixing phishing
and
So much for the US government's big rush to get them done this year, to the
extent that they haven't thought out the implications of the RFID chip
(although they realize they should call it anything but RFID, because the
acronym RFID is a magnet for animosity).
Peter Fairbrother wrote:
I don't think there is much danger of severe torture, but I don't think
innocent-until-proven-guilty applies either, and suspicion should be
minimised or avoided.
Depends on what you want to avoid.
Best solution for software is dual-use - 7-zip for file encryption,
http://www.idcorner.org/index.php?p=88
The Identity Corner
Stephan Brands
A corner on IDs
Postings on anything related to digital identity management.
3/30/2005
Microsoft info-cards to use blind signatures?
Posted by Stefan at 10:37 am
Microsoft yesterday confirmed that it will provide
Lexar Media has come up with a Compact Flash card that won't actually
work until you do a nonstandard, proprietary handshake with it. They
worked with a couple of camera makers (and built their own CF reader
and Windows software) to implement it. Amazingly, it doesn't actually
store the photos
*Pre-registration deadline: April 28, 2005*
***
DIMACS Workshop on Security of Web Services and E-Commerce
May 5 - 6, 2005
DIMACS Center, Rutgers University, Piscataway, NJ
Organizer:
Brian
Please critique, if you will, this line of reasoning:
===
All other things being equal, integrating cryptographic
communication protocols into client-server or peer-to-peer
products with existing end-point vulnerabilities tends
to increase total enterprise vulnerability.
===
By
http://online.wsj.com/article_print/0,,SB111282706284700137,00.html
The Wall Street Journal
April 7, 2005
Identity Thieves Organize
Investigators See New Pattern:
Criminals Team Up to Sell
Stolen Data Over the Internet
By CASSELL BRYAN-LOW
Staff Reporter of THE WALL STREET JOURNAL
April 7,
--
Every ATA disk contains encryption firmware, though not
all bioses allow you to use it.
There is a master and a user password, 32 bytes each. If
you set them both to the same value, and that value is a
strong 32 byte password, then the disk can only be
booted or accessed by entering
http://www.washingtonpost.com/ac2/wp-dyn/A11307-2005Mar29?language=printer
The Washington Post
washingtonpost.com
Much as I Hate It, We Need a National ID
By Lamar Alexander
Wednesday, March 30, 2005; Page A15
The House recently passed legislation requiring states to turn 190 million
Suppose every PDA had a sensor on it, suggests ACG researcher Laura
McNamara. We would achieve decentralized surveillance.
The goal here is to abolish anonymity, the terrorist's friend, says
Sandia researcher Peter Chew.
We need to help win over the as-yet-undecided populace to the view it is
http://www.reuters.com/printerFriendlyPopup.jhtml?type=internetNewsstoryID=8026568
Reuters
Microsoft Working on New ID System for Windows
Tue Mar 29, 2005 01:23 PM ET
By Reed Stevenson
SEATTLE (Reuters) - Microsoft Corp. (MSFT.O: Quote, Profile, Research)
will build software for managing
http://www.washingtonpost.com/ac2/wp-dyn/A35333-2005Apr7?language=printer
The Washington Post
washingtonpost.com
TSA Slated for Dismantling
By Sara Kehaulani Goo
Washington Post Staff Writer
Friday, April 8, 2005; Page A01
The Transportation Security Administration, once the flagship
--- begin forwarded text
To: [EMAIL PROTECTED]
Date: Fri, 08 Apr 2005 11:20:04 -0400
From: Michael Richardson [EMAIL PROTECTED]
Subject: [Openswan dev]
The IESG: WG Action: Better-Than-Nothing Security (btns)
Sender: [EMAIL PROTECTED]
From [EMAIL PROTECTED] Fri Apr 8 11:11:34 2005
--- begin forwarded text
Date: Sat, 9 Apr 2005 21:47:55 +0200 (MET DST)
From: Paul Wouters [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Openswan dev] [Announce] ANNOUNCE: Openswan 2.3.1 Released
Sender: [EMAIL PROTECTED]
2005-04-09
Xelerance has released Openswan 2.3.1
Changes:
v2.3.1
Has anyone got a copy of the Skype analysis done by Simson
Garfinkel? It seems to have disappeared.
Original Message
Subject: Simson Garfinkel analyses Skype - Open Society Institute
Date: Sun, 10 Apr 2005 10:32:44 +0200
From: Vito Catozzo
Hi
I am Italian, so forgive any
http://www.nytimes.com/2005/04/10/national/10terror.html?th=emc=thpagewanted=printposition=
The New York Times
April 10, 2005
U.S. Seeks Access to Bank Records to Deter Terror
By ERIC LICHTBLAU
ASHINGTON, April 9 - The Bush administration is developing a plan to give
the government access to
http://www.nytimes.com/2005/04/10/opinion/10sun1.html?th=emc=thpagewanted=printposition=
The New York Times
April 10, 2005
EDITORIAL
Revising the Patriot Act
When Attorney General Alberto Gonzales, who is not exactly a renowned civil
libertarian, says the Patriot Act may need some adjustments,
At 07:00 PM 3/28/2005, James A. Donald wrote:
In my blog http://blog.jim.com/ I post how email encryption should work
I see a couple of problems with your proposal.
I'm not sure I like your external trusted mail-server assumptions,
but they're probably good enough for many people,
and other people
From: Anonymous [EMAIL PROTECTED]
Subject: DTV Content Protection
To: [EMAIL PROTECTED]
Date: Mon, 11 Apr 2005 01:25:17 +0200 (CEST)
DTV Content Protection
Two content protection systems are in use to protect digital television
(DTV) signals on the wires of American home video systems: HDCP and
http://www.vnunet.com/news/1162433
Something like this cannot continue forever, he said.
The dimensions are small enough now that we're approaching
the size of atoms and that's a fundamental block. I think
the law has another 10-20 years before fundamental limits
On 4/8/05, Lucky Green [EMAIL PROTECTED] wrote:
U.S. Patent 4,759,063 Blind Signature Systems will expire on July 19,
2005. A Tuesday. Since no patent litigator will consider litigating on a
Monday morning over patent infringement for a patent that expires the next
day, it appears safe to say
--- begin forwarded text
Date: Wed, 20 Apr 2005 16:26:11 -0700
From: Tyler Close [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [p2p-hackers] Zooko's Triangle in action
Reply-To: Tyler Close [EMAIL PROTECTED],
Peer-to-peer development. [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
Hi
--- Forwarded Message
Date: Thu, 21 Apr 2005 13:29:28 -0400
To: [EMAIL PROTECTED]
From: Elaine Barker [EMAIL PROTECTED]
Subject: Three NIST Special Pubs for Review
There are three NIST Special Publications available for public review and
comment:
SP 800-38B:
As part of NIST's ongoing
http://www.msnbc.msn.com/id/7614681/site/newsweek/print/1/displaymode/1098/
MSNBC.com
Spying: Giving Out U.S. Names
Newsweek
May 2 issue - The National Security Agency is not supposed to target
Americans; when a U.S. citizen's name comes up in an NSA intercept, the
agency routinely minimizes
Interesting encrypted VoIP application for
Symbian GSM phones.
Peter Trei
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf
Of David Farber
Sent: Monday, April 25, 2005 9:58 AM
To: Ip
Subject: [IP] i secure cell phone via software
http://www.spacedaily.com/news/spacetravel-05y.html
First crypto, now space travel. The lunatics in Washington are
working hard to drive another industry that's critical to US interests
overseas.
Did they think that after collecting $20M in prepayments from
passengers, Sir Richard Branson would
It's been a year or so since this was raised, perhaps there are
some French reading cryptologers around now?
-- Forwarded Message --
Financial Cryptography Update: HCI/security - start with Kerckhoff's 6
principles
May 01, 2005
The following message is being forwarded to you at the
request of Rebecca Wright.
***
C A L L F O RP A R T I C I P A T I O N
--
Conference: APPLIED CRYPTOGRAPHY and
NETWORK WORLD NEWSLETTER: OPTICAL NETWORKING
05/04/05
Today's focus: Hooked on photonics
By Amy Schurr
CAMBRIDGE, MASS. - Chip Elliott is every hacker's worst
nightmare.
Elliott, principal scientist at BBN Technologies, leads a team
building the world's first continuously operating quantum
From: Patrick [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Lucrative-L] double spends, identity agnosticism, and
Lucrative Date: Tue, 29 Apr 2003 14:46:48 -0600 Importance: Normal
Sender: [EMAIL PROTECTED]
A quick experiment has confirmed the obvious: when a client
reissues a coin
--- begin forwarded text
Date: Thu, 5 May 2005 15:09:15 -0500 (CDT)
From: Alan Mislove [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [p2p-hackers] ePOST: Secure, Severless Email
Reply-To: Peer-to-peer development. [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
As some of you may know, the
The export control snakes are trying to crawl out of their snakepit
again. By tiny wording changes, they're trying to overturn the
exemptions that protect First Amendment activity from being restricted
by the export controls. We have until May 27 to file written
comments.
Remember that the
This message is being forwarded to you on behalf of
Joan Feigenbaum, Yale University, DIMACS Member
***
THE SIXTH ACM CONFERENCE ON ELECTRONIC COMMERCE (EC-05)
Registration now Open!
See Accepted Papers, Workshops, Tutorials, below.
June
Advances in Financial Cryptography - First Issue
May 11, 2005
https://www.financialcryptography.com/mt/archives/000458.html
http://www.cnn.com/2005/TECH/05/11/money.sniffers.ap/index.html
CNN
Inventions developed for Immigration and Customs Enforcement
Wednesday, May 11, 2005 Posted: 12:43 PM EDT (1643 GMT) Engineer Dennis
Kunerth uses a device to detect metal components that distinguish U.S.
currency from
Trustworthy Interfaces for Passwords and Personal Information
The following message is being forwarded at the request
of Burt Kaliski, RSA Security and Dan Boneh, Stanford University.
*
1st TIPPI Workshop
Trustworthy Interfaces
Invalid banking cert spooks only one user in 300
Stephen Bell, Computerworld
16/05/2005 09:19:10
Up to 300 New Zealand BankDirect customers were presented with a security
alert when they visited the bank's website earlier this month - and all but
one dismissed the warning and carried
--
PKI was designed to defeat man in the middle attacks
based on network sniffing, or DNS hijacking, which
turned out to be less of a threat than expected.
However, the session fixation bugs
http://www.acros.si/papers/session_fixation.pdf make
https and PKI worthless against such man in the
I took a look at the new cipher used in iTunes 4.7, and spent some time
reducing it. The algorithm appears to have a similar structure to a 10-round
Twofish variant with fixed S-boxes, optimized via precomputed tables. I have
not fully analyzed what the permutation matrix and polynomial are,
R.A. Hettinga wrote:
Police in Malaysia are hunting for members of a violent gang who chopped
off a car owner's finger to get round the vehicle's hi-tech security system.
Good to know that my amputationware meme was not just paranoia.
--
http://www.apache-ssl.org/ben.html
Your humble moderator asks...
Does anyone know of a mailing list system that handles having
multiple, rotating moderators cleanly? I'd like to avoid many-week
delays like the one I've just caused.
Perry
-
The Cryptography
Hi,
I found Garfinkel's paper here:
http://www.tacticaltech.org/files/Skype_Security.pdf
Cheers,
Gary Smith
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ian G
Sent: Sunday, April 10, 2005 9:02 AM
To: cryptography@metzdowd.com
Subject:
James A. Donald wrote:
From: Patrick [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Lucrative-L] double spends, identity agnosticism, and
Lucrative Date: Tue, 29 Apr 2003 14:46:48 -0600 Importance: Normal
Sender: [EMAIL PROTECTED]
A quick experiment has confirmed the obvious: when a client
James A. Donald wrote:
--
PKI was designed to defeat man in the middle attacks
based on network sniffing, or DNS hijacking, which
turned out to be less of a threat than expected.
However, the session fixation bugs
http://www.acros.si/papers/session_fixation.pdf make
https and PKI worthless
On Friday 20 May 2005 19:22, Ben Laurie wrote:
R.A. Hettinga wrote:
Police in Malaysia are hunting for members of a violent gang who chopped
off a car owner's finger to get round the vehicle's hi-tech security
system.
Good to know that my amputationware meme was not just paranoia.
At long last, the DES FIPSes are withdrawn:
http://cryptome.org/nist051905.txt
Perry
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
49 matches
Mail list logo
