Simson Garfinkel analyses Skype - Open Society Institute

2005-01-09 Thread Ian G
Voice Over Internet Protocol and Skype Security Simson L. Garfinkel January 7, 2005 With the increased deployment of high-speed (broadband) Internet connectivity, a growing number of businesses and individuals are using the Internet for voice telephony, a technique known as Voice over Internet

Re: entropy depletion (was: SSL/TLS passive sniffing)

2005-01-09 Thread Ian G
William Allen Simpson wrote: There are already other worthy comments in the thread(s). This is a great post. One can't stress enough that programmers need programming guidance, not arcane information theoretic concepts. We are using computational devices, and therefore computational

Re: entropy depletion (was: SSL/TLS passive sniffing)

2005-01-09 Thread Taral
On Sat, Jan 08, 2005 at 10:46:17AM +0800, Enzo Michelangeli wrote: But that was precisely my initial position: that the insight on the internal state (which I saw, by definition, as the loss of entropy by the generator) that we gain from one bit of output is much smaller than one full bit. I

Re: entropy depletion

2005-01-09 Thread William Allen Simpson
Ian G wrote: (4A) Programs must be audited to ensure that they do not use /dev/random improperly. (4B) Accesses to /dev/random should be logged. I'm confused by this aggresive containment of the entropy/random device. I'm assuming here that /dev/random is the entropy device (better renamed as

Entropy and PRNGs

2005-01-09 Thread David Wagner
John Denker writes: Ben Laurie wrote: http://www.apache-ssl.org/randomness.pdf I just took a look at the first couple of pages. IMHO it has much room for improvement. I guess I have to take exception. I disagree. I think Ben Laurie's paper is quite good. I thought your criticisms missed some

Safecracking for the computer scientist

2005-01-09 Thread Matt Blaze
I've been thinking for a while about the relationship between the human-scale security systems used to protect the physical world the cryptologic and software systems that protect the electronic world. I'm increasingly convinced that these areas have far more in common that we might initially

Schneier to Speak to Boston CPCU (Chartered Property Casualty Underwriter) Society

2005-01-09 Thread R.A. Hettinga
http://www.licatakelleher.com/NewsPage.html LicataandKelleherHome 137 South Street, Suite 3 Boston, MA 02111-2838 617-451-2140 x312 [EMAIL PROTECTED] Security Consultant Bruce Schneier to Speak in Boston on January 20, 2005 Bruce Schneier, Founder and Chief Technical Officer of Counterpane

Re: The Reader of Gentlemen's Mail, by David Kahn

2005-01-09 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Bill Stewart writ es: My wife was channel-surfing and ran across David Kahn talking about his recent book The Reader of Gentlemen's Mail: Herbert O. Yardley and the Birth of American Codebreaking. ISBN 0300098464 , Yale University Press, March 2004 Amazon's page