Re: PlayStation 3 predicts next US president

2007-12-13 Thread Ed Gerck
Allen wrote: William Allen Simpson wrote: [snip] The whole point of a notary is to bind a document to a person. That the person submitted two or more different documents at different times is readily observable. After all, the notary has the document(s)! No, the notary does not have the

Re: PlayStation 3 predicts next US president

2007-12-13 Thread Leichter, Jerry
| The whole point of a notary is to bind a document to a person. That | the person submitted two or more different documents at different | times is readily observable. After all, the notary has the | document(s)! | | No, the notary does not have the documents *after* they are notarized, |

Re: Flaws in OpenSSL FIPS Object Module

2007-12-13 Thread Leichter, Jerry
| It is, of course, the height of irony that the bug was introduced in | the very process, and for the very purpose, of attaining FIPS | compliance! | | But also to be expected, because the feature in question is | unnatural: the software needs a testable PRNG to pass the compliance | tests,

RE: More on in-memory zeroisation

2007-12-13 Thread Leichter, Jerry
| Then the compiler can look at the implementation and prove that a | memset() to a dead variable can be elided | | One alternative is to create zero-ing functions that wrap memset() | calls with extra instructions that examine some of the memory, log a | message and exit the application if

Re: More on in-memory zeroisation

2007-12-13 Thread Leichter, Jerry
| However, that doesn't say anything about whether f is actually | invoked at run time. That comes under the acts as if rule: If | the compiler can prove that the state of the C (notional) virtual | machine is the same whether f is actually invoked or not, it can | elide the call. Nothing

Re: Intercepting Microsoft wireless keyboard communications

2007-12-13 Thread Taral
On 12/10/07, Steven M. Bellovin [EMAIL PROTECTED] wrote: Believe it or not, I thought of CFB... What about PCFB to get around the block issue? I remember freenet using it that way... -- Taral [EMAIL PROTECTED] Please let me know if there's any further trouble I can give you. -- Unknown

Re: Intercepting Microsoft wireless keyboard communications

2007-12-13 Thread James A. Donald
Steven M. Bellovin wrote: Believe it or not, I thought of CFB... Sending keep-alives will do nasties to battery lifetime, I suspect; most of the time, you're not typing. As for CFB -- with a 64-bit block cipher (you want them to use DES? they're not going to think of anything different),

Re: More on in-memory zeroisation

2007-12-13 Thread Thierry Moreau
Leichter, Jerry wrote: If the function is defined as I suggested - as a static or inline - you can, indeed, takes its address. (In the case of an inline, this forces the compiler to materialize a copy somewhere that it might not otherwise have produced, but not to actually *use* that copy,

Re: PlayStation 3 predicts next US president

2007-12-13 Thread James A. Donald
William Allen Simpson wrote: The whole point of a notary is to bind a document to a person. That the person submitted two or more different documents at different times is readily observable. After all, the notary has the document(s)! The notary does not want to have the documents, or to

PunchScan voting protocol

2007-12-13 Thread John Denker
Hi Folks -- I was wondering to what extent the folks on this list have taken a look the PunchScan voting scheme: http://punchscan.org/ The site makes the following claims: End-to-end cryptographic independent verification, or E2E, is a mechanism built into an election that allows voters

Re: More on in-memory zeroisation

2007-12-13 Thread Leichter, Jerry
| If the function is defined as I suggested - as a static or inline - | you can, indeed, takes its address. (In the case of an inline, this | forces the compiler to materialize a copy somewhere that it might | not otherwise have produced, but not to actually *use* that copy, | except when

Google Tech Talk : Theory and Practice of Cryptography

2007-12-13 Thread Ryan Phillips
I have yet to watch it. http://video.google.com/videoplay?docid=2899172465808407804 Description: Topics include: Introduction to Modern Cryptography, Using Cryptography in Practice and at Google, Proofs of Security and Security Definitions and A Special Topic in Cryptography This talk is one

gauging interest in forming an USA chapter of IISP

2007-12-13 Thread Alex Alten
Would anyone on this list be interested in forming a USA chapter of the Institute of Information Security Professionals (IISP, www.instisp.org)? I'm finding it rather difficult to attend events, etc., that are only in London. - Alex -- Alex Alten [EMAIL PROTECTED]

Re: PlayStation 3 predicts next US president

2007-12-13 Thread Florian Weimer
* William Allen Simpson: Assuming, Dp := any electronic document submitted by some person, converted to its canonical form Cp := a electronic certificate irrefutably identifying the other person submitting the document Cn := certificate of the notary Tn := timestamp

Re: More on in-memory zeroisation

2007-12-13 Thread Thierry Moreau
/ testf.c / #include stdio.h #include string.h typedef void *(*fpt_t)(void *, int, size_t); void f(fpt_t arg) { if (memset==arg) printf(Hello world!\n); } / test.c / #include stdlib.h #include string.h typedef void

Re: More on in-memory zeroisation

2007-12-13 Thread Leichter, Jerry
On Wed, 12 Dec 2007, Thierry Moreau wrote: | Date: Wed, 12 Dec 2007 16:24:43 -0500 | From: Thierry Moreau [EMAIL PROTECTED] | To: Leichter, Jerry [EMAIL PROTECTED] | Cc: Peter Gutmann [EMAIL PROTECTED], cryptography@metzdowd.com | Subject: Re: More on in-memory zeroisation | | /

Re: More on in-memory zeroisation

2007-12-13 Thread Thierry Moreau
Leichter, Jerry wrote: On Wed, 12 Dec 2007, Thierry Moreau wrote: | Date: Wed, 12 Dec 2007 16:24:43 -0500 | From: Thierry Moreau [EMAIL PROTECTED] | To: Leichter, Jerry [EMAIL PROTECTED] | Cc: Peter Gutmann [EMAIL PROTECTED], cryptography@metzdowd.com | Subject: Re: More on in-memory