Don't laugh. This is exactly the problem I had with my
german identity card.
In Germany, you are required to possess either an identity card
or a passport once you reach the age of 16. If you're younger you
can just have a children's passport in case you need for travelling.
Usually applying fo
I was unaware that (a) this had hit Farber, or that (b) it had been cross
posted to cryptography, prior to my second posting - which is attached
below (for the sake of completeness).
//Alif
--
Yours,
J.A. Terranson
[EMAIL PROTECTED]
0xBD4A95BF
-- Forwarded message --
Date: Tue
OpenSSL version 0.9.8 released
==
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 0.9.8 of our open source toolkit for SSL/TLS. This new
OpenSSL ver
The following has appeared in the IACR preprint archive. I would
appreciate comments. The author certainly has reasonable credentials,
but the document is low on detail:
http://eprint.iacr.org/2005/207
Some Thoughts on Time-Memory-Data Tradeoffs
Author: Alex Biryukov
Abstract: In this pa
Florian Weimer wrote:
* Lance James:
And as stated above, reverse the effect and it would be the banks in
scenarios such as XSS.
In case of XSS or CSRF, you have lost anyway. The web was not
designed as a presentation service for transaction processing,
especially if the transaction
* Lance James:
> And as stated above, reverse the effect and it would be the banks in
> scenarios such as XSS.
In case of XSS or CSRF, you have lost anyway. The web was not
designed as a presentation service for transaction processing,
especially if the transactions involve significant value.
> This site is set so that there is a frame of https://www.bankone.com
> inside my https://slam.securescience.com/threats/mixed.html site. The
> imaginative part is that you may have to reverse the rolls to
understand
> the impact of this (https://www.bankone.com with
> https://slam.securescienc
I'm forwarding this article, originally from the Cypherpunks mailing
list (I saw it on Dave Farber's "Interesting People") because I find
the security implications important.
HOWEVER, I'm warning in advance that I'm not going to forward a lot of
followups, especially if they are unoriginal and/or
Amir Herzberg wrote:
Lance James wrote:
...
> https://slam.securescience.com/threats/mixed.html
This site is set so that there is a frame of https://www.bankone.com
inside my https://slam.securescience.com/threats/mixed.html site. The
imaginative part is that you may have to reverse the ro
Florian Weimer wrote:
* Lance James:
Couldn't you just copy (or proxy all content) and get the same effect
without using frames at all?
How would you go about doing that and still get the SSL Lock to remain
as the banks? Can you give an example?
In both cases, you have t
* Lance James:
>>Couldn't you just copy (or proxy all content) and get the same effect
>>without using frames at all?
> How would you go about doing that and still get the SSL Lock to remain
> as the banks? Can you give an example?
In both cases, you have the SSL lock on your own certificate.
Florian Weimer wrote:
* Lance James:
Feature, or flaw?
Couldn't you just copy (or proxy all content) and get the same effect
without using frames at all?
How would you go about doing that and still get the SSL Lock to remain
as the banks? Can you give an example?
Maybe I'm j
Amir Herzberg wrote:
Lance James wrote:
...
> https://slam.securescience.com/threats/mixed.html
This site is set so that there is a frame of https://www.bankone.com
inside my https://slam.securescience.com/threats/mixed.html site. The
imaginative part is that you may have to reverse the ro
>From: "Charles M. Hannum" <[EMAIL PROTECTED]>
>Sent: Jul 3, 2005 7:42 AM
>To: Don Davis <[EMAIL PROTECTED]>
>Cc: cryptography@metzdowd.com
>Subject: Re: /dev/random is probably not
...
>Also, I don't buy for a picosecond that you have to gather
>"all" timings in order to predict the output. As w
* Lance James:
> Feature, or flaw?
Couldn't you just copy (or proxy all content) and get the same effect
without using frames at all?
Maybe I'm just missing something.
-
The Cryptography Mailing List
Unsubscribe by sending "uns
Lance James wrote:
...
> https://slam.securescience.com/threats/mixed.html
This site is set so that there is a frame of https://www.bankone.com
inside my https://slam.securescience.com/threats/mixed.html site. The
imaginative part is that you may have to reverse the rolls to understand
the i
On 07/03/05 15:19, Dan Kaminsky wrote:
> So the funny thing about, say, SHA-1, is if you give it less than 160
> bits of data, you end up expanding into 160 bits of data, but if you
> give it more than 160 bits of data, you end up contracting into 160 bits
> of data. This works of course for any
** CALL FOR PARTICIPATION **
ECRYPT Workshop on RFID and Light-Weight Crypto
July 14-15, 2005
IAIK, Graz University of Technology , Austria
Organizers:
Vincent Rijmen, Graz University of Techn
Hi all,
I wanted to introduce something that has probably been known for some
time now, but has never been really addressed due to possible
conflicting views of how SSL certificates should work, and where the
CA's should (or should not) fit in. As we all know, the recent attention
to the phis
So the funny thing about, say, SHA-1, is if you give it less than 160
bits of data, you end up expanding into 160 bits of data, but if you
give it more than 160 bits of data, you end up contracting into 160 bits
of data. This works of course for any input data, entropic or not.
Hash saturation?
On Sunday 03 July 2005 05:21, Don Davis wrote:
> > From: "Charles M. Hannum" <[EMAIL PROTECTED]>
> > Date: Fri, 1 Jul 2005 17:08:50 +
> >
> > While I have found no fault with the original analysis,
> > ...I have found three major problems with the way it
> > is implemented in current systems.
>
Eric Rescorla wrote:
There's an interesting paper up on eprint now:
http://eprint.iacr.org/2005/205
Another look at HMQV
Alfred Menezes
...
In this paper we demonstrate that HMQV is insecure by presenting
realistic attacks in the Canetti-Krawczyk model that reco
* Jason Holt:
> You may be correct, but readers should also know that, at least in Linux:
>
> /usr/src/linux/drivers/char/random.c:
> * All of these routines try to estimate how many bits of randomness a
> * particular randomness source. They do this by keeping track of the
> * first and se
* Michael Heyman:
>
>
> ATTEMPTS to build quantum computers could run up
> against a fundamental limit on how long useful
> information can persist inside them.
My local source of quantum computing knowledge says that the
conclusions of the paper are somewhat questionable. The aut
24 matches
Mail list logo