On Digital Cash-like Payment Systems

2005-10-26 Thread James A. Donald
Date sent: Tue, 25 Oct 2005 00:38:36 +0200 To: cyphrpunk <[EMAIL PROTECTED]> Copies to: John Kelsey <[EMAIL PROTECTED]>, Ian G <[EMAIL PROTECTED]>, [EMAIL PROTECTED], cryptography@metzdowd.com, [EMAIL PROTECTED] From: [EMAIL

High-risk flaws in Skype

2005-10-26 Thread Aram Perez
- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [EMAIL PROTECTED]: Skype security evaluation]

2005-10-26 Thread Jack Lloyd
On Wed, Oct 26, 2005 at 07:47:22AM -0700, Dirk-Willem van Gulik wrote: > On Mon, 24 Oct 2005, cyphrpunk wrote: > > > Is it possible that Skype doesn't use RSA encryption? Or if they do, > > do they do it without using any padding, and is that safe? > > You may want to read the report itself: >

Re: [EMAIL PROTECTED]: Skype security evaluation]

2005-10-26 Thread Dirk-Willem van Gulik
On Mon, 24 Oct 2005, cyphrpunk wrote: > Is it possible that Skype doesn't use RSA encryption? Or if they do, > do they do it without using any padding, and is that safe? You may want to read the report itself: http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf an

Re: [PracticalSecurity] Anonymity - great technology but hardly used

2005-10-26 Thread J
--- "Travis H." <[EMAIL PROTECTED]> wrote: [snip] > Another issue involves the ease of use when switching between a > [slower] anonymous service and a fast non-anonymous service. I have > a > tool called metaprox on my website (see URL in sig) that allows you > to > choose what proxies you use on

Godzilla crypto and security tutorial updated

2005-10-26 Thread Peter Gutmann
I've finally got around to finishing a major update of my Godzilla crypto and security tutorial to cover newer material like WEP, WPA, and WPA2. It's available from http://www.cs.auckland.ac.nz/~pgut001/tutorial/index.html and comprises 784 slides in 10 parts. The tutorial covers security threats

Re: On the orthogonality of anonymity to current market demand

2005-10-26 Thread John Kelsey
>From: "R.A. Hettinga" <[EMAIL PROTECTED]> >Sent: Oct 25, 2005 8:34 AM >To: cryptography@metzdowd.com, [EMAIL PROTECTED] >Subject: On the orthogonality of anonymity to current market demand ... >That is to say, your analysis conflicts with the whole trend towards >T-0 trading, execution, clearing

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-26 Thread Travis H.
> If you have > to be that confident in your computer security to use the payment > system, it's not going to have many clients. Maybe the trusted computing platform (palladium) may have something to offer after all, namely enabling naive users to use services that require confidence in their own

Re: [PracticalSecurity] Anonymity - great technology but hardly used

2005-10-26 Thread Travis H.
Part of the problem is using a packet-switched network; if we had circuit-based, then thwarting traffic analysis is easy; you just fill the link with random garbage when not transmitting packets. I considered doing this with SLIP back before broadband (back when my friend was my ISP). There are t