Marsh Ray wrote:
On 09/27/2010 08:26 PM, Rose, Greg wrote:
On 2010 Sep 24, at 12:47 , Steven Bellovin wrote:
Per
http://news.softpedia.com/news/New-Trojan-Steals-Digital-Certificates-157442.shtml
there's a new Trojan out there that looks for a steals Cert_*.p12
files -- certificates with
On 9/28/2010 1:47 AM, Florian Weimer wrote:
Essentially, officials want Congress to require all services that
enable communications — including encrypted e-mail transmitters like
BlackBerry, social networking Web sites like Facebook and software
that allows direct “peer to peer”
On Sep 22, 2010, at 9:34 AM, Steven Bellovin wrote:
Does anyone know of any ciphers where bits of keys modify the
control path, rather than just data operations? Yes, I know that
that's a slippery concept, since ultimately things like addition and
multiplication can be implemented with
* Steven Bellovin:
Does anyone know of any ciphers where bits of keys modify the
control path, rather than just data operations?
AES. See François Koeune, Jean-Jacques Quisqater, A timing attack
aganst Rijndael. Université catholique de Louvain, Technicl Report
CG-1999.
cryptography@metzdowd.com
On Thu, Sep 16, 2010 at 04:49:19PM +, M.R. wrote:
| I said (something like) this when Haystack first appeared on this
| list...
|
| Words dissidents and oppressive regimes have no place in
| serious discussions among cryptographers. Once we start assigning
| ethical
Potentially interesting lecture if you're in the Bay Area
From: alli...@stanford.edu
Reply-To: alli...@stanford.edu
Subject: Liberation Technology 10/7/2010 -- Lessons from the Haystack Affair
Date: Mon, 27 Sep 2010 13:40:55 -0700 (PDT)
STANFORD FREEMAN SPOGLI INSTITUTE FOR INTERNATIONAL
On 2010-09-28 1:58 PM, Thai Duong wrote:
On Sat, Sep 18, 2010 at 8:43 PM, Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
I'm one of the authors of the attack. Actually if you look closer, you'll see
that they do it wrong in many ways.
The FormsAuth as well, not just the view state?
Thai Duong wrote:
On Tue, Sep 28, 2010 at 12:49 PM, Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
Ye gods, how can you screw something that simple up that much? They use the
appropriate, and secure, HMAC-SHA1 and AES, but manage to apply it backwards!
I guess they just follow SSL.
as usual, there's an XKCD for that
http://xkcd.com/504/
--dan
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
On Tue, Sep 28, 2010 at 1:47 AM, Florian Weimer f...@deneb.enyo.de wrote:
Isn't this just a clarification of existing CALEA practice?
In most jurisdictions, if a communications services provider is served
an order to make available communications, it is required by law to
provide it in the
See below, which includes a handy pointer to the Microsoft and Mozilla
policy statements requiring CAs to cease signing anything shorter than
2048 bits.
As I think I said last week -- was it last week? -- it's my belief that
cutting everything on the Web over to 2048 bits rather than, say, 1280
11 matches
Mail list logo