Marsh Ray wrote:
On 09/27/2010 08:26 PM, Rose, Greg wrote:
On 2010 Sep 24, at 12:47 , Steven Bellovin wrote:
Per
http://news.softpedia.com/news/New-Trojan-Steals-Digital-Certificates-157442.shtml
there's a new Trojan out there that looks for a steals Cert_*.p12
files -- certificates with p
On 9/28/2010 1:47 AM, Florian Weimer wrote:
Essentially, officials want Congress to require all services that
enable communications — including encrypted e-mail transmitters like
BlackBerry, social networking Web sites like Facebook and software
that allows direct “peer to peer” mess
On Sep 22, 2010, at 9:34 AM, Steven Bellovin wrote:
Does anyone know of any ciphers where bits of keys modify the
control path, rather than just data operations? Yes, I know that
that's a slippery concept, since ultimately things like addition and
multiplication can be implemented with loo
* Steven Bellovin:
> Does anyone know of any ciphers where bits of keys modify the
> control path, rather than just data operations?
AES. See François Koeune, Jean-Jacques Quisqater, "A timing attack
aganst Rijndael". Université catholique de Louvain, Technicl Report
CG-1999.
--
cryptography@metzdowd.com
On Thu, Sep 16, 2010 at 04:49:19PM +, M.R. wrote:
| I said (something like) this when Haystack first appeared on this
| list...
|
| Words "dissidents" and "oppressive regimes" have no place in
| serious discussions among cryptographers. Once we start assigning
| ethi
Potentially interesting lecture if you're in the Bay Area
From: alli...@stanford.edu
Reply-To: alli...@stanford.edu
Subject: Liberation Technology 10/7/2010 -- Lessons from the Haystack Affair
Date: Mon, 27 Sep 2010 13:40:55 -0700 (PDT)
STANFORD FREEMAN SPOGLI INSTITUTE FOR INTERNATIONAL S
On 2010-09-28 1:58 PM, Thai Duong wrote:
On Sat, Sep 18, 2010 at 8:43 PM, Peter Gutmann
wrote:
I'm one of the authors of the attack. Actually if you look closer, you'll see
that they do it wrong in many ways.
The FormsAuth as well, not just the view state? �Interesting, I thought they
had th
Thai Duong wrote:
> On Tue, Sep 28, 2010 at 12:49 PM, Peter Gutmann
> wrote:
>
>> Ye gods, how can you screw something that simple up that much? They use the
>> appropriate, and secure, HMAC-SHA1 and AES, but manage to apply it backwards!
>
> I guess they just follow SSL.
>
> BTW, they screw u
as usual, there's an XKCD for that
http://xkcd.com/504/
--dan
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
On Tue, Sep 28, 2010 at 1:47 AM, Florian Weimer wrote:
> Isn't this just a clarification of existing CALEA practice?
>
> In most jurisdictions, if a communications services provider is served
> an order to make available communications, it is required by law to
> provide it in the clear. Anything
See below, which includes a handy pointer to the Microsoft and Mozilla
policy statements "requiring" CAs to cease signing anything shorter than
2048 bits.
As I think I said last week -- was it last week? -- it's my belief that
cutting everything on the Web over to 2048 bits rather than, say, 1280
11 matches
Mail list logo