Re: GnuTLS (libgrypt really) and Postfix
On Tue, Feb 14, 2006 at 04:26:35PM -0500, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Werner Koch writes: I agree. However the case at hand is a bit different. I can't imagine how any application or upper layer will be able to recover from that error (ENOENT when opening /dev/random). Okay, the special file might just be missing and a mknod would fix that ;-). Is it the duty of an application to fix an incomplete installation - how long shall this be taken - this is not the Unix philosophy. It can take context-specific error recovery. Maybe that's greying out the encrypt button on a large GUI. Maybe it's paging the system administrator. It can run 'mknod' inside the appropriate chroot partition, much as /sbin/init on some systems creates /dev/console. It can symlink /dev/geigercounter to /dev/random. It can load the kernel module that implements /dev/random. It can do a lot of things that may be more appropriate than exiting. Or an even simpler example: maybe it will still be a fatal error, but there's some important state outside the library being called that it should clean up before exiting so abruptly. Somehow, applications that are consumers of crypto libraries seem like likely candidates for this sort of thing. -- Dan. pgpJyhp2aeO8S.pgp Description: PGP signature
Re: the return of key escrow?
Steven M. Bellovin [EMAIL PROTECTED] writes: According to the BBC, the British government is talking to Microsoft about putting in a back door for the file encryption mechanisms. That's one way of looking at it. It's not really a backdoor, it's a way of spiking DRM. If the UK government can be scared into requiring that Windows Vista not be fully DRM-enabled (by whatever means necessary), then that's a good thing. Waving the four horsemen at them is a good way of achieving this - the horsemen have been used for years to justify restrictive computer laws, now (for once) they're being used to try and combat restrictions. So we hould be supporting this, not condemning it. Maybe someone with a congresscritters ear in the US could get the same thing adopted over there. The horsemen are bigger than Hollywood. Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: the return of key escrow?
Ok the lurker posts...Can someone explain to me why security specialists think this:The system uses BitLocker Drive Encryption through a chip called TPM (Trusted Platform Module) in the computer's motherboard. is going to stop authorities from retreiving data?I ask this question on the basis of their encrypted hard drive on the old xbox. It supposedly used a secure key so the hard drive couldn't be upgraded, yet this fact didn't slow down the modd scene. Its not as if they are hardware encrypting tightly is it? Just curious I guess.-ChrisOn 15/02/06, Steven M. Bellovin [EMAIL PROTECTED] wrote: According to the BBC, the British government is talking to Microsoftabout putting in a back door for the file encryption mechanisms. http://news.bbc.co.uk/1/hi/uk_politics/4713018.stm--Steven M. Bellovin, http://www.cs.columbia.edu/~smb -The Cryptography Mailing ListUnsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]-- -GThe knack of flying is learning how to throw yourself at the ground and miss.He felt that his whole life was some kind of dream and he sometimes wondered whose it was and whether they were enjoying it. He inched his way up the corridor as if he would rather be yarding his way down it...We demand rigidly defined areas of doubt and uncertainty!I love deadlines. I like the whooshing sound they make as they fly by. Famous Quotes written by Douglas Adams,(British comic writer, 1952-2001)http://hitchhikers.movies.go.com/
Re: the return of key escrow?
Chris Olesch wrote: Ok the lurker posts... Can someone explain to me why security specialists think this: The system uses BitLocker Drive Encryption through a chip called TPM (Trusted Platform Module) in the computer's motherboard. is going to stop authorities from retreiving data? I ask this question on the basis of their encrypted hard drive on the old xbox. It supposedly used a secure key so the hard drive couldn't be upgraded, yet this fact didn't slow down the modd scene. Its not as if they are hardware encrypting tightly is it? The old XBox didn't encrypt the data on the hard drive - instead, it used a password on the drive firmware that almost all modern hard drives support (your home pc's drive almost certainly supports the same thing, even if your bios doesn't) Defeating the password requires one of: a) obtaining the password b) replacing the drive bios or controller c) using an already unlocked drive d) defeating the os on a running system to allow writes to the drive all known xbox hacks used method c) or d) - using a game to bypass the write protection, or disconnecting the ide cable after the drive was unlocked and using a standard usbide adaptor to write to the drive. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
