I'll point out that in the midst of several current discussions, the
news of the TLS protocol bug has gone almost unnoticed, even though it
is by far the most interesting news of recent months.
Perry
-
The Cryptography Mailing L
* John Levine:
> At a meeting a few weeks ago I was talking to a guy from BITS, the
> e-commerce part of the Financial Services Roundtable, about the way
> that malware infected PCs break all banks' fancy multi-password logins
> since no matter how complex the login process, a botted PC can wait
>
On Wednesday,2009-11-04, at 7:04 , Darren J Moffat wrote:
The SHA-256 is unkeyed so there would be nothing to stop an
attacker that can write to the disks but doesn't know the key from
modifying the on disk ciphertext and all the SHA-256 hashes up to
the top of the Merkle tree to the uberbl
On 08.11.2009, at 01:07, John Levine wrote:
I've made it an entry in my blog at
http://weblog.johnlevine.com/Money/securetrans.html
Actually this type of problem is pretty common in Europe, most banks
have to deal with malware that threatens their customers. One of the
most advanced keylo
On Nov 6, 2009, at 4:19 PM, Erwan Legrand wrote:
On Tue, Nov 3, 2009 at 9:41 PM, David-Sarah Hopwood
wrote:
Jerry is absolutely correct that the practical result will be that
most
users of OpenID will become more vulnerable to compromise of a single
password.
Do you really believe most peo
On Nov 8, 2009, at 2:07 AM, John Levine wrote:
At a meeting a few weeks ago I was talking to a guy from BITS, the
e-commerce part of the Financial Services Roundtable, about the way
that malware infected PCs break all banks' fancy multi-password logins
since no matter how complex the login proce
On Nov 8, 2009, at 6:30 AM, Zooko Wilcox-O'Hearn wrote:
I propose the following combined hash function C, built out of two
hash functions H1 and H2:
C(x) = H1(H1(x) || H2(x))
I'd worry about using this construction if H1's input block and output
size were the same, since one might be able to
On Sat, 7 Nov 2009, Sandy Harris wrote:
> I'm in China and use SSL/TLS for quite a few things. Proxy connections,
> Gmail set to "always use https" and so on. This is the main defense for
> me and many others against the Great Firewall.
>
> Should I be worrying about man-in-the-middle attacks from
On Mon, Nov 9, 2009 at 3:17 AM, Jerry Leichter wrote:
> On Nov 6, 2009, at 4:19 PM, Erwan Legrand wrote:
>> Let's face it: most people use the same password for every single Web
>> site they connect to. Starting from here, I can't see OpenID becoming
>> much of a problem.
>
> While I'm sure this i
On Sun, Nov 8, 2009 at 7:07 AM, John Levine wrote:
> So before I send it off, if people have a moment could you look at it
> and tell me if I'm missing something egregiously obvious? Tnx.
>
> I've made it an entry in my blog at
>
> http://weblog.johnlevine.com/Money/securetrans.html
Haven't read
10 matches
Mail list logo