On Sep 7, 2009, at 8:58 AM, Jerry Leichter wrote:
...standard Mac OS GUI element to prompt for passwords ...
I should expand on that a bit: This GUI element is used for all kinds
of things tied to a window, not just passwords. For example, if you
try to close a window that contains stuff yo
[added Cc: tahoe-...@allmydata.org, and I added ke...@guarana.org on
the whitelist so his posts will go through to tahoe-dev even if he
isn't subscribed]
On Tuesday,2009-09-08, at 5:54 , Kevin Easton wrote:
Possession of the read-cap to the mutable file gives you two
things: it gives you
Stephan Neuhaus wrote:
>
> On Aug 31, 2009, at 13:20, Jerry Leichter wrote:
>
>> It can “...intercept all audio data coming and going to the Skype
>> process.”
>
> Interesting, but is this a novel idea? As far as I can see, the process
> intercepts the audio before it reaches Skype and after it
Thor Lancelot Simon writes:
>I think we're largely talking past one another. As regards "new horrible
>problems" I meant simply that if there _are_ "new horrible problems_ such
>that we need to switch away from SHA1 in the TLS PRF, the design mistakes
>made in TLS 1.1 will make it much harder.
On Sep 3, 2009, at 12:26 AM, Peter Gutmann wrote:
This returns us to the previously-unsolved UI problem: how -- with
today's
users, and with something more or less like today's browsers since
that's
what today's users know -- can a spoof-proof password prompt be
presented?
Good enough to s
Steven Bellovin writes:
>Peter, I'm not sure what you mean by "good enough to satisfy security geeks"
>vs. "good enough for most purposes". I'm not looking for theoretically good
>enough, for any value of "theory"; my metric -- as a card-carrying security
>geek -- is precisely "good enough for m
James A. Donald wrote:
> Nicolas Williams wrote:
> > > One possible problem: streaming [real-time] content.
>
> Brian Warner wrote:
> > Yeah, that's a very different problem space. You need
> > the low-alacrity stuff from Tahoe, but also you don't
> > generally know the full contents in advanc
On Sep 3, 2009, at 12:26 AM, Peter Gutmann wrote:
Steven Bellovin writes:
This returns us to the previously-unsolved UI problem: how -- with
today's
users, and with something more or less like today's browsers since
that's
what today's users know -- can a spoof-proof password prompt be
Ian G writes:
>If one is trying to solve the whole thing, then using the much-commented
>secure-bookmarks model would do this. Within the secure bookmark, record the
>user's certificate and cache enough info on the server's cert to deal with
>replacements (like, cert, name, CA).
There's a varia
Nicolas Williams wrote:
> > One possible problem: streaming [real-time] content.
Brian Warner wrote:
> Yeah, that's a very different problem space. You need
> the low-alacrity stuff from Tahoe, but also you don't
> generally know the full contents in advance. So you're
> talking about a mutable s
NIST doesn't provide specific KAT vectors for AES-CTR because the
results depend on your specific counter construction.
When you interact with a FIPS test lab, you will provide them with your
counter construction, they will provide you with the KATs and you will
then test to those KATs.
This i
Darren J Moffat wrote:
> Ignoring performance for now what is the consensus on the suitabilty
> of using AES-GMAC not as MAC but as a hash ?
>
> Would it be safe ?
>
> The "key" input to AES-GMAC would be something well known to the data
> and/or software.
>
> The only reason I'm asking is assuming
On Thu, Sep 03, 2009 at 04:26:30PM +1200, Peter Gutmann wrote:
> Steven Bellovin writes:
> >This returns us to the previously-unsolved UI problem: how -- with today's
> >users, and with something more or less like today's browsers since that's
> >what today's users know -- can a spoof-proof passwo
On Sep 1, 2009, at 9:55 PM, Jerry Leichter wrote:
". . . federal agents at the conference got a scare on Friday when
they were told they might have been caught in the sights of an RFID
reader.
The reader, connected to a web camera, sniffed data from RFID-
enabled ID cards and other docume
On Wed, Sep 02, 2009 at 10:58:03AM +0530, priya yelgar wrote:
> Hi all,
>
> I have implemented RNG using AES algorithm in CTR mode.
>
> To test my implementation I needed some test vectors.
>
> How ever I searched on the CSRC site, but found the test vectors for AES_CBC
> not for AES CTR.
>
>
On Wed, Sep 02, 2009 at 10:58:03AM +0530, priya yelgar wrote:
> How ever I searched on the CSRC site, but found the test vectors for
> AES_CBC not for AES CTR.
>
> Please can any one tell me where to look for the test vectors to test
> RNG using AES CTR.
They are trivially constructed from the
16 matches
Mail list logo