Re: [EMAIL PROTECTED]: Skype security evaluation]

2005-10-25 Thread cyphrpunk
On 10/23/05, Travis H. [EMAIL PROTECTED] wrote: My understanding of the peer-to-peer key agreement protocol (hereafter p2pka) is based on section 3.3 and 3.4.2 and is something like this: A - B: N_ab B - A: N_ba B - A: Sign{f(N_ab)}_a A - B: Sign{f(N_ba)}_b A - B: Sign{A, K_a}_SKYPE B -

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-25 Thread cyphrpunk
On 10/22/05, Ian G [EMAIL PROTECTED] wrote: R. Hirschfeld wrote: This is not strictly correct. The payer can reveal the blinding factor, making the payment traceable. I believe Chaum deliberately chose for one-way untraceability (untraceable by the payee but not by the payer) in order

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-25 Thread cyphrpunk
On 10/24/05, Steve Schear [EMAIL PROTECTED] wrote: I don't think E-gold ever held out its system as non-reversible with proper court order. All reverses I am aware happened either due to some technical problem with their system or an order from a court of competence in the matter at hand.

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-25 Thread cyphrpunk
On 10/24/05, John Kelsey [EMAIL PROTECTED] wrote: More to the point, an irreversible payment system raises big practical problems in a world full of very hard-to-secure PCs running the relevant software. One exploitable software bug, properly used, can steal an enormous amount of money in an

[PracticalSecurity] Anonymity - great technology but hardly used

2005-10-25 Thread R.A. Hettinga
--- begin forwarded text Date: Mon, 24 Oct 2005 23:31:34 +0200 To: [EMAIL PROTECTED] From: Hagai Bar-El [EMAIL PROTECTED] Subject: [PracticalSecurity] Anonymity - great technology but hardly used Sender: [EMAIL PROTECTED] Hello, I wrote a short essay about anonymity and pseudonymity

Re: [PracticalSecurity] Anonymity - great technology but hardly used

2005-10-25 Thread cyphrpunk
http://www.hbarel.com/Blog/entry0006.html I believe that for anonymity and pseudonymity technologies to survive they have to be applied to applications that require them by design, rather than to mass-market applications that can also do (cheaper) without. If anonymity mechanisms are

semi-preditcable OTPs

2005-10-25 Thread Travis H.
I recall reading somewhere that the NSA got ahold of some KGB numeric OTPs (in the standard five-digit groups). They found that they contained corrections, typos, and showed definite non-random characteristics. Specifically, they had a definite left-hand right-hand alternation, and tended to not

Announcing OpenPGP:SDK

2005-10-25 Thread Ben Laurie
At EuroOSCon, Rachel Willmer and I announced OpenPGP:SDK, a BSD-licensed C library implementing the OpenPGP standard. The SDK is sponsored by Nominet. Although we are still very much in beta, feedback will be appreciated. Permalink: http://www.links.org/?p=20 Cheers, Ben. --

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-25 Thread John Kelsey
From: cyphrpunk [EMAIL PROTECTED] Sent: Oct 24, 2005 5:58 PM To: John Kelsey [EMAIL PROTECTED] Subject: Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems ... Digital wallets will require real security in user PCs. Still I don't see why we don't already have

[Clips] Disney 'Screener' DVDs to Use Dolby Encryption Technology

2005-10-25 Thread R.A. Hettinga
And *where* do we put the CCD? -- Number one answer in a Top Ten quiz at the FC2K rump-session to a description of a certain Mickey Mouse projector protocol... Cheers, RAH - --- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Tue, 25 Oct 2005 10:06:40 -0400 To: Philodox

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-l ike Payment Systems

2005-10-25 Thread leichter_jerrold
| U.S. law generally requires that stolen goods be returned to the | original owner without compensation to the current holder, even if | they had been purchased legitimately (from the thief or his agent) by | an innocent third party. This is incorrect. The law draws a distinction between

Re: semi-preditcable OTPs

2005-10-25 Thread leichter_jerrold
| I recall reading somewhere that the NSA got ahold of some KGB numeric | OTPs (in the standard five-digit groups). They found that they | contained corrections, typos, and showed definite non-random | characteristics. Specifically, they had a definite left-hand | right-hand alternation, and

Re: semi-preditcable OTPs

2005-10-25 Thread Joseph Ashwood
- Original Message - From: Travis H. [EMAIL PROTECTED] Subject: semi-preditcable OTPs Despite [flawed OTPs], the NSA wasn't able to crack any messages. My question is, why? I think I know the reason, and that is that any predictability in a symbol of the OTP correlated to a

Re: semi-preditcable OTPs

2005-10-25 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Trav is H. writes: I recall reading somewhere that the NSA got ahold of some KGB numeric OTPs (in the standard five-digit groups). They found that they contained corrections, typos, and showed definite non-random characteristics. Specifically, they had a definite