I once got email from my bank (which has since merged and then been
merged into Chase) offering me some new service, and correctly
identifying me as an account holder. However, I had never given them
any email address! I called them about this and they said it was "a
computer error."
The
At 08:08 AM 1/16/2007, Steven M. Bellovin wrote:
On Tue, 16 Jan 2007 07:56:22 -0800
Steve Schear <[EMAIL PROTECTED]> wrote:
> At 06:32 AM 1/16/2007, Steven M. Bellovin wrote:
Legal access is a special case -- what is the law (and practice) in any
given country on forced access to keys? If memor
On Tue, 16 Jan 2007 08:58:27 -0800
"Saqib Ali" <[EMAIL PROTECTED]> wrote:
> > Yes, encrypted disks aren't much good unless the OS also encrypts
> > (at least) swap space. I note that OpenBSD ships with swap-space
>
> I think you are confusing "Disk Encryption" with "Full Disk Encryption
> (FDE)"
On Sun, Jan 14, 2007 at 03:31:22PM -0500, Steven M. Bellovin wrote:
| Anyway -- we're so focused in this group on the Internet that we
| sometimes forget about physical world attacks. Theft of financial data
| (and financial objects, such as checks and credit cards) from physical
| mailboxes (or g
Jonathan Thornburg <[EMAIL PROTECTED]> writes:
> A further point: Do you really want the granularity of your encryption
> to be "one key per disk"? I much prefer a cryptographic file system
> which lets me have separate keys for separate categories of information
> (eg one key for my tax forms,
Steven M. Bellovin wrote:
...
Legal access is a special case -- what is the law (and practice) in any
given country on forced access to keys? If memory serves, Mike Godwin
-- a lawyer who strongly supports crypto, etc. -- has opined that under
US law, a subpoena for keys would probably be upheld
Steven M. Bellovin wrote:
> On Tue, 16 Jan 2007 07:56:22 -0800
> Steve Schear <[EMAIL PROTECTED]> wrote:
>
>> At 06:32 AM 1/16/2007, Steven M. Bellovin wrote:
>>> Disk encryption, in general, is useful when the enemy has physical
>>> access to the disk. Laptops -- the case you describe on your pa
Yes, encrypted disks aren't much good unless the OS also encrypts
(at least) swap space. I note that OpenBSD ships with swap-space
I think you are confusing "Disk Encryption" with "Full Disk Encryption
(FDE)". They are two different beast.
FDE encrypts the "entire" boot drive, including the OS
On Tue, 16 Jan 2007 08:19:41 -0800
"Saqib Ali" <[EMAIL PROTECTED]> wrote:
> Dr. Bellovin,
>
> > In most situations, disk encryption is useless and probably harmful.
> > It's useless because you're still relying on the OS to prevent
> > access to the cleartext through the file system, and if the O
Legal access is a special case -- what is the law (and practice) in any
given country on forced access to keys? If memory serves, Mike Godwin
Yup. Disk Crypto has a ugly side as well, as highlighted by the recent
incident where FBI was unable to crack the encryption used by a
pedophile and murd
Dr. Bellovin,
In most situations, disk encryption is useless and probably harmful.
It's useless because you're still relying on the OS to prevent access
to the cleartext through the file system, and if the OS can do that it
can do that with an unencrypted disk.
I am not sure I understand this.
On Tue, 16 Jan 2007 07:56:22 -0800
Steve Schear <[EMAIL PROTECTED]> wrote:
> At 06:32 AM 1/16/2007, Steven M. Bellovin wrote:
> >Disk encryption, in general, is useful when the enemy has physical
> >access to the disk. Laptops -- the case you describe on your page --
> >do fit that category; I ha
At 06:32 AM 1/16/2007, Steven M. Bellovin wrote:
Disk encryption, in general, is useful when the enemy has physical
access to the disk. Laptops -- the case you describe on your page --
do fit that category; I have no quarrel with disk encryption for them.
It's more dubious for desktops and *much
On Tue, 16 Jan 2007, Steven M. Bellovin wrote:
[[about full-disk encryption]]
> In most situations, disk encryption is useless and probably harmful.
> It's useless because you're still relying on the OS to prevent access
> to the cleartext through the file system, and if the OS can do that it
> can
On Mon, 15 Jan 2007 08:39:18 -0800
"Saqib Ali" <[EMAIL PROTECTED]> wrote:
> An article on how to use freely available Full Disk Encryption (FDE)
> products to protect the secrecy of the data on your laptops. FDE
> solutions helps to prevent data leaks in case the laptop is stolen or
> goes missing.
On Mon, 15 Jan 2007 08:39:18 -0800
"Saqib Ali" <[EMAIL PROTECTED]> wrote:
> An article on how to use freely available Full Disk Encryption (FDE)
> products to protect the secrecy of the data on your laptops. FDE
> solutions helps to prevent data leaks in case the laptop is stolen or
> goes missing
In the last couple of days I have been considering implementing an
LRW mode for CGD (http://www.imrryr.org/~elric/cgd) (CryptoGraphic
Disk), but I haven't really seen a lot of cryptanalysis of it or
found the canonical implementation.
Has anyone here done the research? And if it is generally acce
More information, and questions about the validity of the project:
http://it.slashdot.org/article.pl?sid=07/01/11/1859218
http://cryptome.org/wikileaks/wikileaks-leak.htm
http://cryptome.org/wikileaks/wikileaks-leak2.htm
Jeremy
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:
An article on how to use freely available Full Disk Encryption (FDE)
products to protect the secrecy of the data on your laptops. FDE
solutions helps to prevent data leaks in case the laptop is stolen or
goes missing. The article includes a brief intro, benefits, drawbacks,
some tips, and a comple
On 1/11/07, Joseph Ashwood <[EMAIL PROTECTED]> wrote:
112 bits of entropy is 112 bits of entropy...anything else and you're
into the world of trying to prove equivalence between entropy and
work which work in physics but doesn't work in computation
because next year the work level will be differ
Joseph Ashwood wrote:
> - Original Message - From: "Matthias Bruestle"
> <[EMAIL PROTECTED]>
>
>> What do you think about this?
>
> I think you need some serious help in learning the difference between
> 2^112 and 112, and that you really don't seem to have much grasp of the
> entire conc
On Sun, Jan 14, 2007 at 03:31:22PM -0500, Steven M. Bellovin wrote:
> On Sat, 13 Jan 2007 18:26:52 -0500
> John Ioannidis <[EMAIL PROTECTED]> wrote:
>
> > Citibank send me periodic reminders to switch to an electronic-only
> > statement so that I am "better protected against identity theft".
> >
Thanks for the responses. I found the solution thanks to one of the
suggestions off this list.
Basically, just setup stunnel to accept the encrypted stream and forward
it to a clear server and then sniffed the stream.
Thanks again
Richard
On Sat, 2007-01-13 at 19:03 -0800, Richard Powell wrote:
On Sat, 2007-01-13 at 19:03 -0800, Richard Powell wrote:
> I was hoping someone on this list could provide me with a link to a tool
> that would enable me to dump the raw HTTP data from a web request that
> uses SSL/HTTPS. I have full access to the server, but not to the
> client, and I want to kn
On Sun, 2007-01-14 at 21:07 +0100, Erik Tews wrote:
> Am Samstag, den 13.01.2007, 19:03 -0800 schrieb Richard Powell:
> > I was hoping someone on this list could provide me with a link to a
> > tool
> > that would enable me to dump the raw HTTP data from a web request that
> > uses SSL/HTTPS. I ha
25 matches
Mail list logo