Re: SSL/TLS passive sniffing

2005-01-04 Thread John Denker
I wrote: If the problem is a shortage of random bits, get more random bits! Florian Weimer responded: We are talking about a stream of several kilobits per second on a busy server (with suitable mailing lists, of course). This is impossible to obtain without special hardware. Not very special, as

SSL/TLS passive sniffing

2005-01-04 Thread David Wagner
Florian Weimer [EMAIL PROTECTED] writes: I'm slightly troubled by claims such as this one: http://lists.debian.org/debian-devel/2004/12/msg01950.html [which says: If you're going to use /dev/urandom then you might as well just not encrypt the session at all.] That claim is totally bogus,

Re: Cryptography Research wants piracy speed bump on HD DVDs

2005-01-04 Thread Ariel Waissbein
Is there really that much space for marking? Any substantial number of marked bits will become obvious in the output stream, no? Is the watermarking system robust? Is it public? And how long ago has it been published? If they are only modifying some bits (in the standard representation), then

Re: Cryptography Research wants piracy speed bump on HD DVDs

2005-01-04 Thread Ian G
Bill Stewart wrote: At 09:08 AM 12/15/2004, Ian Grigg wrote: Let me get this right. ... ... A blockbuster worth $100m gets cracked ... and the crack gets watermarked with the Id of the $100 machine that played it. ... So the solution is to punish the $100 machine by asking them to call Disney with

A Force Field in Flat Gray to Protect a Wireless Network

2005-01-04 Thread R.A. Hettinga
http://www.nytimes.com/2004/12/23/technology/circuits/23pain.html?pagewanted=printposition= The New York Times December 23, 2004 A Force Field in Flat Gray to Protect a Wireless Network Adam Baer s wireless networks have proliferated, computer security companies have come up with

U.S. passport privacy: Over and out?

2005-01-04 Thread R.A. Hettinga
http://www.iht.com/bin/print_ipub.php?file=/articles/2004/12/22/news/passport.html U.S. passport privacy: Over and out? By Hiawatha Bray The Boston Globe Thursday, December 23, 2004 It's December 2005 and you're all set for Christmas in Vienna. You have your most fashionable

Re: Cryptography Research wants piracy speed bump on HD DVDs

2005-01-04 Thread Ian G
To add a postscript to that, yesterday's LAWgram reported that $10 DVD *players* are now selling in the US. The economics of player-id-watermarking are looking a little wobbly; we can now buy a throwaway player for the same price as a throwaway disk. http://www.theinquirer.net/?article=20371

Banks Test ID Device for Online Security

2005-01-04 Thread R.A. Hettinga
Okay. So AOL and Banks are *selling* RSA keys??? Could someone explain this to me? No. Really. I'm serious... Cheers, RAH http://www.nytimes.com/2004/12/24/technology/24online.html?oref=loginpagewanted=printposition= The New York Times December 24, 2004 Banks Test ID Device for

AOL Help : About AOL® PassCode

2005-01-04 Thread R.A. Hettinga
http://help.channels.aol.com/article.adp?catId=6sCId=415sSCId=4090articleId=217623 Have questions? Search AOL Help articles and tutorials: How To: Billing Channels Communicating Online E-Mail More Subjects Products and Services AOL.COM AOL® Computer Check-Up AOL Deskbar AOL® Calendar AOL®

Scientists close to network that defies hackers

2005-01-04 Thread R.A. Hettinga
http://news.ft.com/cms/s/a0dcf3f0-5874-11d9-9940-0e2511c8.html The Financial Times Scientists close to network that defies hackers By Clive Cookson, Science Editor Published: December 28 2004 02:00 | Last updated: December 28 2004 02:00 Scientists have taken what they say is a big step

Jet Is an Open Secret in Terror War

2005-01-04 Thread R.A. Hettinga
http://www.washingtonpost.com/ac2/wp-dyn/A27826-2004Dec26?language=printer The Washington Post washingtonpost.com Jet Is an Open Secret in Terror War By Dana Priest Washington Post Staff Writer Monday, December 27, 2004; Page A01 The airplane is a Gulfstream V turbojet, the sort favored by

FC05 Preliminary Program Now Online

2005-01-04 Thread Ian G
Original Message Subject:[fc-announce] FC05 Preliminary Program Now Online Date: Wed, 29 Dec 2004 11:37:27 -0500 From: Stuart E. Schechter [EMAIL PROTECTED] To: [EMAIL PROTECTED] The program and preliminary schedule can be found at:

The story of Aldrich Ames and Robert Hanssen--from the KGB's point of view.

2005-01-04 Thread R.A. Hettinga
http://www.opinionjournal.com/la/?id=110006088 OpinionJournal WSJ Online BOOKSHELF The Man Who Stole the Secrets The story of Aldrich Ames and Robert Hanssen--from the KGB's point of view. BY EDWARD JAY EPSTEIN Thursday, December 30, 2004 12:01 a.m. EST Recently a number of former CIA

eBay Dumps Passport, Microsoft Calls It Quits

2005-01-04 Thread R.A. Hettinga
http://www.techweb.com/article/printableArticle.jhtml;jsessionid=IUVVYXUECEG4MQSNDBGCKHSCJUMEKJVN?articleID=56800077site_section=700029 eBay Dumps Passport, Microsoft Calls It Quits By TechWeb News December 30, 2004 (12:51 PM EST) URL: http://www.techweb.com/wire/ebiz/56800077 Another

Re: The Pointlessness of the MD5 attacks

2005-01-04 Thread Zooko O'Whielacronx
Something that is interesting about this issue is that it involves transitive vulnerability. If there are only two actors there is no issue. If Alice is the user and Bob is the software maintainer and Bob is bad, then Alice will be exploited regardless of the hash function. If Alice is the

Where to get a Jefferson Wheel ?

2005-01-04 Thread Hadmut Danisch
Hi, does anyone know where I can get a Jefferson Wheel or a replica? regards Hadmut - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Korean Online Banks Will Be Liable for 'Hacking' Damages in 2006

2005-01-04 Thread R.A. Hettinga
--- begin forwarded text Date: Fri, 31 Dec 2004 04:30:34 -0600 (CST) From: InfoSec News [EMAIL PROTECTED] To: isn@attrition.org Subject: [ISN] Online Banks Will Be Liable for 'Hacking' Damages in 2006 Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED]

Conspiracy Theory O' The Day

2005-01-04 Thread Udhay Shankar N
I just got a batch of spam: perfectly justified blocks of random-looking characters. Makes me wonder if somebody is trying to train Bayesian filters to reject PGP messages. Udhay -- ((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))

Re: SSL/TLS passive sniffing

2005-01-04 Thread Greg Rose
At 22:51 2004-12-22 +0100, Florian Weimer wrote: * John Denker: Florian Weimer wrote: Would you recommend to switch to /dev/urandom (which doesn't block if the entropy estimate for the in-kernel pool reaches 0), and stick to generating new DH parameters for each connection, No, I wouldn't.

RE: Banks Test ID Device for Online Security

2005-01-04 Thread Trei, Peter
R.A. Hettinga wrote: Okay. So AOL and Banks are *selling* RSA keys??? Could someone explain this to me? No. Really. I'm serious... Cheers, RAH The slashdot article title is really, really misleading. In both cases, this is SecurID. Peter

Re: AOL Help : About AOL® PassCode

2005-01-04 Thread Ian G
R.A. Hettinga wrote: http://help.channels.aol.com/article.adp?catId=6sCId=415sSCId=4090articleId=217623 Have questions? Search AOL Help articles and tutorials: . If you no longer want to use AOL PassCode, you must release your screen name from your AOL PassCode so that you will no longer need