I'll point out that in the midst of several current discussions, the
news of the TLS protocol bug has gone almost unnoticed, even though it
is by far the most interesting news of recent months.
Perry
-
The Cryptography Mailing
* John Levine:
At a meeting a few weeks ago I was talking to a guy from BITS, the
e-commerce part of the Financial Services Roundtable, about the way
that malware infected PCs break all banks' fancy multi-password logins
since no matter how complex the login process, a botted PC can wait
On Wednesday,2009-11-04, at 7:04 , Darren J Moffat wrote:
The SHA-256 is unkeyed so there would be nothing to stop an
attacker that can write to the disks but doesn't know the key from
modifying the on disk ciphertext and all the SHA-256 hashes up to
the top of the Merkle tree to the
On 08.11.2009, at 01:07, John Levine wrote:
I've made it an entry in my blog at
http://weblog.johnlevine.com/Money/securetrans.html
Actually this type of problem is pretty common in Europe, most banks
have to deal with malware that threatens their customers. One of the
most advanced
On Nov 6, 2009, at 4:19 PM, Erwan Legrand wrote:
On Tue, Nov 3, 2009 at 9:41 PM, David-Sarah Hopwood
david-sa...@jacaranda.org wrote:
Jerry is absolutely correct that the practical result will be that
most
users of OpenID will become more vulnerable to compromise of a single
password.
Do
On Nov 8, 2009, at 2:07 AM, John Levine wrote:
At a meeting a few weeks ago I was talking to a guy from BITS, the
e-commerce part of the Financial Services Roundtable, about the way
that malware infected PCs break all banks' fancy multi-password logins
since no matter how complex the login
On Nov 8, 2009, at 6:30 AM, Zooko Wilcox-O'Hearn wrote:
I propose the following combined hash function C, built out of two
hash functions H1 and H2:
C(x) = H1(H1(x) || H2(x))
I'd worry about using this construction if H1's input block and output
size were the same, since one might be able
On Sat, 7 Nov 2009, Sandy Harris wrote:
I'm in China and use SSL/TLS for quite a few things. Proxy connections,
Gmail set to always use https and so on. This is the main defense for
me and many others against the Great Firewall.
Should I be worrying about man-in-the-middle attacks from the
On Mon, Nov 9, 2009 at 3:17 AM, Jerry Leichter leich...@lrw.com wrote:
On Nov 6, 2009, at 4:19 PM, Erwan Legrand wrote:
Let's face it: most people use the same password for every single Web
site they connect to. Starting from here, I can't see OpenID becoming
much of a problem.
While I'm
On Sun, Nov 8, 2009 at 7:07 AM, John Levine jo...@iecc.com wrote:
So before I send it off, if people have a moment could you look at it
and tell me if I'm missing something egregiously obvious? Tnx.
I've made it an entry in my blog at
http://weblog.johnlevine.com/Money/securetrans.html
10 matches
Mail list logo