[EMAIL PROTECTED] wrote:
So at the company I work for, most of the internal systems have
expired SSL certs, or self-signed certs. Obviously this is bad.
Sorta. TLS gets along with self signed just fine though, and obviously
you can choose to accept a root or unsigned cert on a per-client basi
On Fri, 7 Mar 2008 15:04:49 +0100
COMINT <[EMAIL PROTECTED]> wrote:
> Hi,
>
> This may be out of the remit of the list, if so a pointer to a more
> appropriate forum would be welcome.
>
> In Applied Crypto, the use of padding for CBC encryption is suggested
> to be met by ending the data block w
>Are there any options that don't involve adding a new root CA?
Assuming your sites all use subdomains of your company domain,
a wildcard cert for *.whatever might do the trick. It's relatively
expensive, but you can use the same cert in all your servers.
>I would think this would be rather comm
| Hi,
|
| This may be out of the remit of the list, if so a pointer to a more
| appropriate forum would be welcome.
|
| In Applied Crypto, the use of padding for CBC encryption is suggested
| to be met by ending the data block with a 1 and then all 0s to the end
| of the block size.
|
| Is this
On Mon, 25 Feb 2008, Ken Buchanan wrote:
> Adam Boileau demonstrated finding passwords, but of course we already
> know that it's easy to locate cryptographic keys in large volumes of
> data (Shamir, van Someren: http://citeseer.ist.psu.edu/265947.html).
This was implemented (in part by some of m
Ken Buchanan wrote:
> A lot of people seem to agree with what Declan McCullagh writes here:
>
>> It's going to make us rethink how we handle laptops in sleep mode and
>> servers that use
>> encrypted filesystems (a mail server, for instance).
>
> What I'd like to know is why people weren't alrea
ANNOUNCING: Allmydata.org "Tahoe" version 0.9
We are pleased to announce the release of version 0.9 of allmydata.org
"Tahoe".
Allmydata.org "Tahoe" is a secure, decentralized, fault-tolerant
filesystem. All of the source code is available under a Free
Software, Open Source licence (or two).
Th
http://computerworld.co.nz/news.nsf/scrt/3FF9713E23292846CC25740A0069243E
The Dutch government has issued a warning about the security of access keys
that are based on the widely used Mifare Classic RFID chip.
The warning comes in a week when two research teams independently
demonstrated hacks o
Two papers of interest in evaluating the paper
http://www.eecs.umich.edu/~imarkov/pubs/conf/date08-epic.pdf
EPIC: Ending Piracy of Integrated Circuits
Jarrod A. Roy?, Farinaz Koushanfar? and Igor L. Markov?
?The University of Michigan, Department of EECS, 2260 Hayward Ave., Ann
Arbor, MI 48109-21
David G. Koontz wrote:
> http://www.physorg.com/news123951684.html
>
Two more articles:
http://arstechnica.com/news.ars/post/20080309-fighting-the-black-market-crypto-locks-for-cpus-other-ics.html
This one has a bit of the technical description
http://itnews.com.au/News/71553,chip-lock-aims-to-
http://www.physorg.com/news123951684.html
The technique is called EPIC, short for Ending Piracy of Integrated
Circuits. It relies on established cryptography methods and introduces
subtle changes into the chip design process. But it does not affect the
chips' performance or power consumption.
Th
http://www.dailyprogress.com/servlet/Satellite?pagename=CDP/MGArticle/CDP_BasicArticle&c=MGArticle&cid=1173354778618&path=
The article is not real clear about the level of physical
dissection actually used, but it does appear that progress is
being made on that front as well.
Allen
[Moderato
Hi,
This may be out of the remit of the list, if so a pointer to a more
appropriate forum would be welcome.
In Applied Crypto, the use of padding for CBC encryption is suggested
to be met by ending the data block with a 1 and then all 0s to the end
of the block size.
Is this not introducing a ri
Dear all,
[Apologies if you get multiple copies of this email.]
Mixmaster 3.0 has been released this week. This is the first major version
release since 2.9, and a continuation of that code, though it incorporates
numerous improvements, feature enhancements, and bug-fixes. It is
recommended that
Hi Folks,
Does anyone have a review on the upcoming book "Modern Cryptanalysis:
Techniques for Advanced Code Breaking" by Christopher Swenson?
Thanks,
Aram Perez
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscri
Various browsers (e.g. Firefox and IE) recently implemented the latest fashion
in "security", EV certs (already discussed on this list in the past) and
blacklists, neither of which have much effect on phishing but both of which
make great security fashion statements.
Unfortunately, it looks like S
Microsoft recently published the specs for a pile of previously undocumented
or semi-documented protocols and data formats. One of them covers the
atrociously-named Health Certificates, which have nothing to do with
healthcare but are used to indicate compliance of systems with security
policies.
So I recently re-read Lawrence Wright's controversial piece in the
New Yorker profiling Director of National Intelligence Mike McConnell.
(http://www.newyorker.com/reporting/2008/01/21/080121fa_fact_wright)
While the piece's glimpse into the administration's attitudes toward
torture
and warrant
On Thu, 21 Feb 2008 13:37:20 -0800
"Ali, Saqib" <[EMAIL PROTECTED]> wrote:
> > Umm, pardon my bluntness, but what do you think the FDE stores the
> > key in, if not DRAM? The encrypting device controller is a computer
> > system with a CPU and memory. I can easily imagine what you'd need
> > to b
So at the company I work for, most of the internal systems have
expired SSL certs, or self-signed certs. Obviously this is bad.
I know that if we had IT put our root cert in the browsers, that we
could then generate our own SSL certs.
Are there any options that don't involve adding a new root CA
A lot of people seem to agree with what Declan McCullagh writes here:
> It's going to make us rethink how we handle laptops in sleep mode and servers
> that use
> encrypted filesystems (a mail server, for instance).
What I'd like to know is why people weren't already rethinking this
when people
Dan Kaminsky <[EMAIL PROTECTED]> writes:
>For example, the following construction:
>
>Start with an RNG. Retrieve 64K of "random data". Assume there might be a
>bias somewhere in there, but that at least 256 bits are good. SHA-256 the
>data. AES-256 encrypt the data with the result from the SHA
Philipp Gühring wrote:
I had the feeling that Microsoft wants to abandon the usage of client
certificates completely, and move the people to CardSpace instead.
But how do you sign your emails with CardSpace? CardSpace only does the
realtime authentication part of the market ...
It's not rocket
"Leichter, Jerry" <[EMAIL PROTECTED]> writes:
>I seem to recall some (IBM?) research in which you wore a ring with an RFID-
>like chip in it. Move away from your machine for more than some preset time
>and it locks. I'm sure we'll see many similar ideas come into use.
There were commercial prod
A combination of factors unexpectedly kept me away from moderation
duties for a few weeks. I'll be forwarding highlights of the backlog
shortly.
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing Li
25 matches
Mail list logo
