On 8/8/06, Ed Gerck [EMAIL PROTECTED] wrote:
The worst-case setting for the user is likely to be when the coercer can
do all that you said and has the time/resources to do them. However, if
the distress password is strong (ie, not breakable within the time/resources
available to the coercer),
On Mon, 7 Aug 2006, John Gilmore wrote:
Here is the latest quick update on SSL Certs. It's interesting that
generally prices have risen. Though ev1servers are still the best commercial
deal out there.
The good news is that CAcert seems to be posistioned for prime time debut,
and you
John Gilmore wrote:
Date: Sun, 6 Aug 2006 23:37:30 -0700 (PDT)
From: [EMAIL PROTECTED]
Subject: SSL Cert Notes
Howdy Hackers,
Here is the latest quick update on SSL Certs. It's interesting that
generally prices have risen. Though ev1servers are still the best commercial
deal out
On 8/9/06, Ed Gerck [EMAIL PROTECTED] wrote:
A debugger cannot decrypt without the key, which is produced only
with the access password.
Ah okay.
By the way, an interesting link from Schneier's blog, mentions
copyright and randomly-generated numbers:
On 8/8/06, Travis H. [EMAIL PROTECTED] wrote:
Or, nobody has the data:
http://monolith.sourceforge.net/
http://www.schneier.com/blog/archives/2006/03/monolith.html
Grr... remind me not to read the comments on old blogs, it's
irritating to see so much misrepresentation...
The monolith model
On Mon, Aug 07, 2006 at 05:12:45PM -0700, John Gilmore wrote:
The good news is that CAcert seems to be posistioned for prime time debut,
and you can't beat *Free*. :-)
You certainly can, if slipshod practices end up _costing_
you money.
Has CAcert stopped writing certificates with no DN
Hey,
I was mulling over some old emails about randomly-generated numbers
and realized that if I had an imperfectly random source (something
less than 100% unpredictable), that compressing the output would
compress it to the point where it was nearly so. Would there be any
reason to choose one
