| > | > > Frankly, for SSH this isn't a very plausible attack, since
| > | > > it's not clear how you could force chosen plaintext into an
| > | > > SSH session between messages. A later paper suggested that
| > | > > SSL is more vulnerable: A browser plugin can insert data into
| > | > > an SSL p
On Wed, May 09, 2007 at 06:11:03PM -0400, Leichter, Jerry wrote:
> Just being able to generate traffic over the link isn't enough to
> carry out this attack.
Well, it depends on if you key per-flow or just once for the link. If
the latter, and you have the ability to create traffic over the link,
On Wed, May 02, 2007 at 06:12:31PM +0100, Dave Korn wrote:
> If you wanted to be /really/ certain, I guess you'd have to take the tops
> off all the ICs inside and look at them under an EM, to make sure they really
> were the parts they claimed to be and don't have any extra circuitry or hidden
>
On Thu, May 03, 2007 at 10:25:34AM -0700, Steve Schear wrote:
> Well, there's an idea: use different physical media formats for entertainment
> and non-
> entertainment content (meaning, content created by MPAA members vs. not) and
> don't sell
> writable media nor devices capable of writing it f
Following the Waldo proof, there is recent work showing how to convince
someone that you have solved a Sudoku puzzle without revealing the solution
(this is a recent paper by Gradwohl, Naor, Rothblum and myself). The paper
describes cryptographic and *physical* protocols for this task, accompanied
He's out of surgery, doing well, and the doctors say he'll be better
than he's been for ten years.
Jon
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Does anyone know what Sun failed to opensource in the crypto
part of Java?
http://news.com.com/Open-source+Java-except+for+the+exceptions/2100-7344_3-6182416.html
They also involve some elements of sound and cryptography,
said Tom Marble, Sun's OpenJDK ambassador. "We have already
contacted t
Those who remember the Crypto Wars of the 1990s will recall all of the
claims about "we won't be able to wiretap because of encryption". In
that regard, this portion of the latest DoJ wiretap report is
interesting:
Public Law 106-197 amended 18 U.S.C. 2519(2)(b) to require that
re
On Wed, May 09, 2007 at 06:04:20PM -0400, Leichter, Jerry wrote:
> | > > Frankly, for SSH this isn't a very plausible attack, since it's not
> | > > clear how you could force chosen plaintext into an SSH session between
> | > > messages. A later paper suggested that SSL is more vulnerable:
> | > >
On Wed, May 09, 2007 at 06:04:20PM -0400, Leichter, Jerry wrote:
> However, cryptographically secure RNG's are typically just as expensive
> as doing a block encryption. So why not just encrypt the IV once with
> the session key before using it? (This is the equivalent of pre-pending
> a block of
[Read the paper here:
http://www.cl.cam.ac.uk/%7Erja14/Papers/nonbanks.pdf Very interesting
stuff, but not likely new to most here.]
The Federal Reserve commissioned me to research and write a
paper on fraud, risk and nonbank payment systems. I found that
phishing is facilitated by payment sy
Hi Jon,
Rights management systems work against polite attackers. They are
useless against impolite attackers. Look at the way that
entertainment rights management systems have been attacked.
The rights management system will be secure so long as no one wants
to break them. There is tension betwe
On May 9, 2007, at 5:01 PM, Ali, Saqib wrote:
Hi Jon,
Rights management systems work against polite attackers. They are
useless against impolite attackers. Look at the way that
entertainment rights management systems have been attacked.
The rights management system will be secure so long as n
Hello,
On 08/05/07 20:16, Ali, Saqib wrote:
> I was recently asked why not just deploy a Enterprise Right Management
> solution instead of using various encryption tools to prevent data
> leaks.
>
> Any thoughts?
The "encryption tools" function according to simple, well understood,
and more-or-l
Steve Schear wrote:
[snip]
In real life, following the money is just as important as following
the man. It's time for the system to be rebalanced.
In fact, I believe, it is even more important because it is the
snail trail that connects the people involved. Significant sized
anti-social a
* Ian G.:
> Does anyone know what Sun failed to opensource in the crypto part of
> Java?
The Sun JCE provider appears to be missing, which means that few
cryptographic algorithms are actually implemented in the source drop.
All the symmetric encryption algorithms are missing, for instance.
-
> Subject: Re: no surprise - Sun fails to open source the crypto part of Java
Were you not surprised because you knew that said source is encumbered,
or because you think Sun has some nefarious motive to not open source
that code?
If the latter then keep in mind that you can find plenty of crypto
On Fri, May 11, 2007 at 04:42:47PM +0200, Ian G wrote:
> They also involve some elements of sound and cryptography,
> said Tom Marble, Sun's OpenJDK ambassador. "We have already
> contacted the copyright holders. We were unable to negotiate
> release under an open-source license," Marble said.
18 matches
Mail list logo