Re: Beware of /dev/random on Mac OS X

2003-09-02 Thread Michael Shields
In message [EMAIL PROTECTED], Peter Hendrickson [EMAIL PROTECTED] wrote: Apple apparently only accepts bug reports from members of the Apple Developers Connection. If any such members are on this list, it might be a good idea to submit a report:

Hijacking .NET

2003-09-02 Thread Steve Schear
In the .NET Framework, it's possible to access a private member of any class -- your own, another developer's, or even the classes in the .NET Framework itself! Appleman demonstrates this with a great example that uses private members to get the list of groups that the current user is a

Re: invoicing with PKI

2003-09-02 Thread Ian Grigg
(Things seem quiet on the crypto front, here's a late reply.) Hadmut Danisch wrote: Hi, On Thu, Jul 17, 2003 at 04:27:52PM -0400, Ian Grigg wrote: Does anyone know any instances of invoicing and contracting systems that use PKI and digital orders? That is, purchasing departments and

Re: invoicing with PKI

2003-09-02 Thread Hadmut Danisch
On Mon, Sep 01, 2003 at 12:23:28PM -0400, Ian Grigg wrote: The dream of PKI seems to revolve around these major areas: 1. invoicing, contracting - no known instances 2. authentication and authorisation - SSL client side certs deployed within organisations. 3. payments 4.

U.S. seeks OSCE pact on biometric passports

2003-09-02 Thread R. A. Hettinga
http://dynamic.washtimes.com/print_story.cfm?StoryID=20030901-124025-4029r The Washington Times www.washingtontimes.com U.S. seeks OSCE pact on biometric passports By Nicholas Kralev Published September 1, 2003 VIENNA, Austria - The United States, seeking to keep out terrorists and

Re: PRNG design document?

2003-09-02 Thread Thor Lancelot Simon
On Tue, Sep 02, 2003 at 12:10:23PM -0400, Anton Stiglic wrote: Right. So I don't actually have the original ANSI X9.17 document (and it is no longer available in the ANSI X9 catalogue). My references are HAC section 5.3.1 http://www.cacr.math.uwaterloo.ca/hac/about/chap5.pdf and Kelsey,

German Police proceeds against anonymity service

2003-09-02 Thread R. A. Hettinga
http://www.datenschutzzentrum.de/material/themen/presse/anon-bka_e.htm Independent Centre for Privacy Protection 2. September 2003 P R E S SšššR E L E A S E German Police proceeds against anonymity service The German Federal Bureau of Criminal Investigation (FBCI) obtained another judicial

Searching for uncopyable key made of sparkles in plastic

2003-09-02 Thread R. A. Hettinga
--- begin forwarded text Status: U Date: Tue, 2 Sep 2003 14:45:43 -0400 To: [EMAIL PROTECTED] From: Peter Wayner [EMAIL PROTECTED] Subject: Searching for uncopyable key made of sparkles in plastic Sender: [EMAIL PROTECTED] Several months ago, I read about someone who was making a key that

Re: JAP back doored

2003-09-02 Thread Steve Schear
http://www.heise.de/newsticker/data/jk-02.09.03-005/ German police have searched and seized the rooms (dorm?) of one of the JAP developers. They were on the look for data that was logged throughout the period when JAP had to log specific traffic. The JAP-people say that the seizure was not

Re: PRNG design document?

2003-09-02 Thread Anton Stiglic
Allow me to clarify my problem a little. I'm commonly engaged to review source code for a security audit, some such programs include a random number generator, many of which are of ad-hoc design. The nature of such audits is that it's much more appealing to be able to say here are three

Speaking of RFIDs [Was: Re: Call for Participation: RFID Privacy and Security Workshop at MIT, November 15th]

2003-09-02 Thread Adam Fields
On Mon, Sep 01, 2003 at 12:04:55PM -0400, Simson Garfinkel wrote: RFID PRIVACY AND SECURITY -WORKSHOP @ MIT- CALL FOR PARTICIPATION I'd like to develop a consumer application using RFIDs, but I've been having trouble

Re: U.S. seeks OSCE pact on biometric passports

2003-09-02 Thread Duncan Frissell
Anyone have any pointers to non destructive methods of rendering Smart Chips unreadable? Just curious. DCF On Mon, 1 Sep 2003, R. A. Hettinga wrote: http://dynamic.washtimes.com/print_story.cfm?StoryID=20030901-124025-4029r The Washington Times www.washingtontimes.com U.S. seeks OSCE

Re: invoicing with PKI

2003-09-02 Thread Anne Lynn Wheeler
At 12:23 PM 9/1/2003 -0400, Ian Grigg wrote: 1. invoicing, contracting - no known instances 2. authentication and authorisation - SSL client side certs deployed within organisations. 3. payments 4. channel security (SSL) 5. email (OpenPGP, S/MIME) somewhat related thread in