Re: More info in my AES128-CBC question

| Just being able to generate traffic over the link isn't enough to | carry out this attack. | | Well, it depends on if you key per-flow or just once for the link. If | the latter, and you have the ability to create traffic over the link, | and there's a 1-for-1 correspondence between

Re: no surprise - Sun fails to open source the crypto part of Java

Nicolas Williams wrote: Subject: Re: no surprise - Sun fails to open source the crypto part of Java Were you not surprised because you knew that said source is encumbered, or because you think Sun has some nefarious motive to not open source that code? Third option: the architecture of

Re: Enterprise Right Management vs. Traditional Encryption Tools

On Wed, 9 May 2007, Ali, Saqib wrote: What about DRM/ERM that uses TPM? With TPM the content is pretty much tied to a machine (barring screen captures etc) Will ERM/DRM be ineffective even with the use of TPM? ERM/DRM/TPM are such poorly defined and implemented products that people have

Re: no surprise - Sun fails to open source the crypto part of Java

Ian G wrote: Third option: the architecture of Sun's Java crypto framework is based on motives that should have been avoided, and have come back to bite (again). The crypto framework in Java as designed by Sun was built on motives (nefarious, warped or just plain stupid, I don't

Re: no surprise - Sun fails to open source the crypto part of Java

* Ian G.: My worry was that they hadn't open sourced the architecture component, the part that wasn't meant to be replaceable. However even if open sourced, Sun may still wield a stick over the providers by insisting that they manage the signing process for the providers. The signing

Re: no surprise - Sun fails to open source the crypto part of Java

[EMAIL PROTECTED] (Ian G) on Monday, May 14, 2007 wrote: Third option: the architecture of Sun's Java crypto framework is based on motives that should have been avoided, and have come back to bite (again). I think it is likely that Sun architected the Java crypto framework to be able to obey

Re: Enterprise Right Management vs. Traditional Encryption Tools

Jason Holt wrote: ERM/DRM/TPM are such poorly defined and implemented products that people have started referring to a DRM fairy who people assume will wave her wand and solve whatever problem is at hand. I used to try to draw out the mentioner's claims into a concrete proposal that everyone

Re: Enterprise Right Management vs. Traditional Encryption Tools

Jason Holt wrote: So I guess the answer to your question is We'd better assume that DRM+TPM will be ineffective until we've subjected a specific implementation of it to the same level of scrutiny we apply to other cryptosystems, and since DRM+TPM proposals tend to be much more complicated