Peter Gutmann has responded
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
(see the "Further Epilogue" section well down the page)
--dan
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptogr
On Mon, 19 Jan 2009, Stefan Kelm wrote:
... and who knows where else? Really, to ensure that nothing more can be
recovered from a hard disk, it has to be overwritten completely, sector
by sector. Although this takes time, it costs nothing: the dd command in
any Linux distribution will do the job
On Mon, Jan 19, 2009 at 01:38:02PM +, Darren J Moffat wrote:
> I don't think it depends at all on who you trust but on what algorithms
> are available in the protocols you need to use to run your business or
> use the apps important to you for some other reason. It also very much
> depends
I have a general outline of a timeline for adoption of new crypto
mechanisms (e.g. OAEP, PSS, that sort of thing, and not specifically
algorithms) in my Crypto Gardening Guide and Planting Tips, http://www.cs.auckland.ac.nz/~pgut001/pubs/crypto_guide.txt
, see "Question J" about 2/3 of the way
"Steven M. Bellovin" writes:
>So -- who supports TLS 1.2?
Not a lot, I think. The problem with 1.2 is that it introduces a pile of
totally gratuitous incompatible changes to the protocol that require quite a
bit of effort to implement (TLS 1.1 -> 1.2 is at least as big a step, if not a
bigger s
On Mon, 19 Jan 2009 10:45:55 +0100
Bodo Moeller wrote:
> On Sat, Jan 17, 2009 at 5:24 PM, Steven M. Bellovin
> wrote:
>
> > I've mentioned it before, but I'll point to the paper Eric Rescorla
> > wrote a few years ago:
> > http://www.cs.columbia.edu/~smb/papers/new-hash.ps or
> > http://www.cs.
On Mon, Jan 19, 2009 at 10:45:55AM +0100, Bodo Moeller wrote:
> The RFC does exit (TLS 1.2 in RFC 5246 from August 2008 makes SHA-256
> mandatory), so you can send a SHA-256 certificate to clients that
> indicate they support TLS 1.2 or later. You'd still need some other
> certificate for interop
At 1:38 PM + 1/19/09, Darren J Moffat wrote:
>Can you state the assumptions for why you think that moving to SHA384 would be
>safe if SHA256 was considered vulnerable in some way please.
Sure. I need 128 bits of pre-image protection for, say, a digital signature.
SHA2/256 is giving me that.
Paul Hoffman wrote:
At 12:24 PM +0100 1/12/09, Weger, B.M.M. de wrote:
When in 2012 the winner of the
NIST SHA-3 competition will be known, and everybody will start
using it (so that according to Peter's estimates, by 2018 half
of the implementations actually uses it), do we then have enough
red
The myth that to delete data really securely from a hard disk you have
to overwrite it many times, using different patterns, has persisted for
decades, despite the fact that even firms specialising in data recovery,
openly admit that if a hard disk is overwritten with zeros just once,
all of its da
On Sat, Jan 17, 2009 at 5:24 PM, Steven M. Bellovin
wrote:
> I've mentioned it before, but I'll point to the paper Eric Rescorla
> wrote a few years ago:
> http://www.cs.columbia.edu/~smb/papers/new-hash.ps or
> http://www.cs.columbia.edu/~smb/papers/new-hash.pdf . The bottom line:
> if you're
11 matches
Mail list logo