On Sat, 21 Feb 2009 11:33:32 -0800
Ed Gerck edge...@nma.com wrote:
I submit that the most important password problem is not that someone
may find it written somewhere. The most important password problem is
that people forget it. So, writing it down and taking the easy
precaution of not
James A. Donald jam...@echeque.com writes:
The interesting thing is that it and similar phishes do not seem to have been
all that successful - few people seemed to notice at all, the general
reaction being to simply hit the spam key reflexively, much as people click
away popup warnings
I'm afraid this email will probably will be a) flamed away (because it's
not from a cryptographer, but forced to do crypto-things, and I do know
your opinion about this matter...) b) ignored (same reason!). I'm
sending it anyway because any kind of feedback would be welcomed ;), and
the
FYI.
Original Message
Subject: New W3C XML Security Specifications
Date: Fri, 27 Feb 2009 14:10:04 -0500
From: Sean Mullan sean.mul...@sun.com
Reply-To: security-...@xml.apache.org
To: security-...@xml.apache.org
The W3C XML Security Working Group has just released 7 first
Hello,
Recently I set up certificates for my server's SSL, SMTP, IMAP, XMPP,
and OpenVPN services. Actually, I created my own CA for some of the
certificates, and in other cases I used self-signed. It took me
substantially more time than I had anticipated, and I'm left with
feelings of unease.
Travis wrote:
Recently I set up certificates for my server's SSL, SMTP, IMAP, XMPP,
and OpenVPN services. Actually, I created my own CA for some of the
certificates, and in other cases I used self-signed. It took me
substantially more time than I had anticipated, and I'm left with
feelings
On Feb 27, 2009, at 2:13 PM, Santiago Aguiar wrote:
* Is there any standard cryptographic hash function with an output
of about 64 bits? It's OK for our scenario if finding a preimage for
a particular signature takes 5 days. Not if it takes 5 minutes.
Not specifically, but you can simply take
Hi,
Jerry Leichter wrote:
Not specifically, but you can simply take the first 64 bits from a
larger cryptographically secure hash function.
OK, I didn't know if it was right to do just that. We were thinking to
use that hash in an HMAC so the TCU and SO can know that they were
originated from
On Mon, Mar 02, 2009 at 05:35:20PM +0100, Marcus Brinkmann wrote:
Travis wrote:
Further, trying to dig into ASN.1 was extremely difficult. The specs
are full of obtuse language, using terms like object without
defining them first. Are there any tools that will dump certificates
in
A new protocol aims to protect privacy while allowing organizations to
share valuable information:
http://www.technologyreview.com/communications/22238/?a=f
saqib
http://www.capital-punishment.net
-
The Cryptography Mailing
Travis wrote:
Hello,
Recently I set up certificates for my server's SSL, SMTP, IMAP, XMPP,
and OpenVPN services. Actually, I created my own CA for some of the
certificates, and in other cases I used self-signed. It took me
substantially more time than I had anticipated, and I'm left with
As it has been pointed out numerous times on this and other places, this
is a singularly bad idea.
The crypto isn't even the hardest part (and it's hard enough).
Just don't do it. If you are going to spend your energy on anything, it
should be to work against such a plan.
/ji
John Ioannidis wrote:
Just don't do it. If you are going to spend your energy on anything,
it should be to work against such a plan.
I would agree, but I fear that a this is never going to work, drop it
will be less heard than any effort in at least trying to raise the bar
for an attack.
Ali, Saqib wrote:
A new protocol aims to protect privacy while allowing organizations to
share valuable information:
http://www.technologyreview.com/communications/22238/?a=f
Any links to the actual protocol itself? The article is a little
vague on details. Thanks.
I did not see any
On Mar 2, 2009, at 12:56 PM, Santiago Aguiar wrote:
Hi,
Jerry Leichter wrote:
Not specifically, but you can simply take the first 64 bits from a
larger cryptographically secure hash function.
OK, I didn't know if it was right to do just that. We were thinking
to use that hash in an HMAC so
On Mon, 2 Mar 2009, Arshad Noor wrote:
Ali, Saqib wrote:
A new protocol aims to protect privacy while allowing organizations to
share valuable information:
http://www.technologyreview.com/communications/22238/?a=f
Any links to the actual protocol itself? The article is a little
vague on
16 matches
Mail list logo