Re: Conspiracy Theory O' The Day

Udhay Shankar N wrote: I just got a batch of spam: perfectly justified blocks of random-looking characters. Makes me wonder if somebody is trying to train Bayesian filters to reject PGP messages. Another hypothesis: Cover traffic, to defeat traffic analysis. The procedure: send N copies. N-M o

Re: AOL Help : About AOL® PassCode

R.A. Hettinga wrote: Have questions? Search AOL Help articles and tutorials: . If you no longer want to use AOL PassCode, you must release your screen name from your AOL PassCode so that you will no longer n

RE: Banks Test ID Device for Online Security

R.A. Hettinga wrote: > Okay. So AOL and Banks are *selling* RSA keys??? > Could someone explain this to me? > No. Really. I'm serious... > > Cheers, > RAH > The slashdot article title is really, really misleading. In both cases, this is SecurID. Peter -

Re: SSL/TLS passive sniffing

At 22:51 2004-12-22 +0100, Florian Weimer wrote: * John Denker: > Florian Weimer wrote: > >> Would you recommend to switch to /dev/urandom (which doesn't block if >> the entropy estimate for the in-kernel pool reaches 0), and stick to >> generating new DH parameters for each connection, > > No, I w

Conspiracy Theory O' The Day

I just got a batch of spam: perfectly justified blocks of random-looking characters. Makes me wonder if somebody is trying to train Bayesian filters to reject PGP messages. Udhay -- ((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com)) --

Korean Online Banks Will Be Liable for 'Hacking' Damages in 2006

--- begin forwarded text Date: Fri, 31 Dec 2004 04:30:34 -0600 (CST) From: InfoSec News <[EMAIL PROTECTED]> To: isn@attrition.org Subject: [ISN] Online Banks Will Be Liable for 'Hacking' Damages in 2006 Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] http://english.chosun.com/w21data/html

Where to get a Jefferson Wheel ?

Hi, does anyone know where I can get a Jefferson Wheel or a replica? regards Hadmut - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: The Pointlessness of the MD5 "attacks"

Something that is interesting about this issue is that it involves transitive vulnerability. If there are only two actors there is no issue. If Alice is the user and Bob is the software maintainer and Bob is bad, then Alice will be exploited regardless of the hash function. If Alice is the us

eBay Dumps Passport, Microsoft Calls It Quits

eBay Dumps Passport, Microsoft Calls It Quits By TechWeb News December 30, 2004 (12:51 PM EST) URL: http://www.techweb.com/wire/ebiz/56800077 Another On

The story of Aldrich Ames and Robert Hanssen--from the KGB's point of view.

OpinionJournal WSJ Online BOOKSHELF The Man Who Stole the Secrets The story of Aldrich Ames and Robert Hanssen--from the KGB's point of view. BY EDWARD JAY EPSTEIN Thursday, December 30, 2004 12:01 a.m. EST Recently a number of former CIA offi

FC05 Preliminary Program Now Online

Original Message Subject:[fc-announce] FC05 Preliminary Program Now Online Date: Wed, 29 Dec 2004 11:37:27 -0500 From: Stuart E. Schechter <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> The program and preliminary schedule can be found at: http://www.ifca.ai/fc05/pr

Jet Is an Open Secret in Terror War

The Washington Post washingtonpost.com Jet Is an Open Secret in Terror War By Dana Priest Washington Post Staff Writer Monday, December 27, 2004; Page A01 The airplane is a Gulfstream V turbojet, the sort favored b

Scientists close to network that defies hackers

The Financial Times Scientists close to network that defies hackers By Clive Cookson, Science Editor Published: December 28 2004 02:00 | Last updated: December 28 2004 02:00 Scientists have taken what they say is a big step to

AOL Help : About AOL® PassCode

Have questions? Search AOL Help articles and tutorials: How To: Billing Channels Communicating Online E-Mail More Subjects Products and Services AOL.COM AOL® Computer Check-Up AOL Deskbar AOL® Calendar

Banks Test ID Device for Online Security

Okay. So AOL and Banks are *selling* RSA keys??? Could someone explain this to me? No. Really. I'm serious... Cheers, RAH The New York Times December 24, 2004 Banks Test ID Device for

Re: Cryptography Research wants piracy speed bump on HD DVDs

To add a postscript to that, yesterday's LAWgram reported that $10 DVD *players* are now selling in the US. The economics of player-id-watermarking are looking a little wobbly; we can now buy a throwaway player for the same price as a throwaway disk. http://www.theinquirer.net/?article=20371 iang

Stolen passports missed at U.S. borders

The Washington Times www.washingtontimes.com Stolen passports missed at U.S. borders By Jerry Seper THE WASHINGTON TIMES Published December 24, 2004 Foreign nationals applying for admission to the United States us

U.S. passport privacy: Over and out?

U.S. passport privacy: Over and out? By Hiawatha Bray The Boston Globe Thursday, December 23, 2004 It's December 2005 and you're all set for Christmas in Vienna. You have your most fashionable cold-weath

A Force Field in Flat Gray to Protect a Wireless Network

The New York Times December 23, 2004 A Force Field in Flat Gray to Protect a Wireless Network Adam Baer s wireless networks have proliferated, computer security companies have come up with increasin

Re: SSL/TLS passive sniffing

On Wed, Dec 22, 2004 at 07:43:13PM +0100, Florian Weimer wrote: > * Victor Duchovni: > >> The Debian folks have recently stumbled upon a problem in this area: > >> Generating the ephemeral DH parameters is expensive, in terms of CPU > >> cycles, but especailly in PRNG entropy. The PRNG part means

Re: Cryptography Research wants piracy speed bump on HD DVDs

Bill Stewart wrote: At 09:08 AM 12/15/2004, Ian Grigg wrote: Let me get this right. ... ... A blockbuster worth $100m gets cracked ... and the crack gets watermarked with the Id of the $100 machine that played it. ... So the solution is to punish the $100 machine by asking them to call Disney with

Re: Cryptography Research wants piracy speed bump on HD DVDs

Is there really that much space for marking? Any substantial number of marked bits will become obvious in the output stream, no? Is the watermarking system robust? Is it public? And how long ago has it been published? If they are only modifying some bits (in the standard representation), then on

RE: The Pointlessness of the MD5 "attacks"

>David Wagner wrote: >> Ben Laurie writes: > > >> Or, even more contrived, imagine that img1.jpg looks >> like a completely normal JPG file, but img2.jpg exploits some buffer >> overrun in the startup screen's JPG decoder to overwrite the program's >> image with some other malicious code. >> >> Su

Re: SSL/TLS passive sniffing

On Wed, Dec 22, 2004 at 07:43:13PM +0100, Florian Weimer wrote: > > Actually reasoning along these lines is why Lutz Jaenicke implemented > > PRNGD, it is strongly recommended (at least by me) that mail servers > > use PRNGD or similar. PRNGD delivers psuedo-random numbers mixing in > > real entr

Re: Cryptography Research wants piracy speed bump on HD DVDs

At 09:08 AM 12/15/2004, Ian Grigg wrote: Let me get this right. ... ... A blockbuster worth $100m gets cracked ... and the crack gets watermarked with the Id of the $100 machine that played it. ... So the solution is to punish the $100 machine by asking them to call Disney with a CC in hand? If you

SSL/TLS passive sniffing

Florian Weimer <[EMAIL PROTECTED]> writes: >I'm slightly troubled by claims such as this one: > [which says: "If you're going to use /dev/urandom then you might as well just not encrypt the session at all."] That claim is totally

Re: SSL/TLS passive sniffing

I wrote: >>If the problem is a shortage of random bits, get more random bits! Florian Weimer responded: We are talking about a stream of several kilobits per second on a busy server (with suitable mailing lists, of course). This is impossible to obtain without special hardware. Not very special, a

Re: SSL/TLS passive sniffing

* John Denker: > Florian Weimer wrote: > >> Would you recommend to switch to /dev/urandom (which doesn't block if >> the entropy estimate for the in-kernel pool reaches 0), and stick to >> generating new DH parameters for each connection, > > No, I wouldn't. Not even for the public parameters? >

Re: Cryptography Research wants piracy speed bump on HD DVDs

>From what I recall from reading the CR paper a while back they can tolerate up to some threshold of colluding players. However if you go over that threshold (and it's not too large) you can remove the mark. I would think the simplest canonical counter-attack would be to make a p2p app that compa