On Mon, 2 Mar 2009, Arshad Noor wrote:
Ali, Saqib wrote:
A new protocol aims to protect privacy while allowing organizations to
share valuable information:
http://www.technologyreview.com/communications/22238/?a=f
Any links to the actual protocol itself? The article is a little
vague on deta
On Mar 2, 2009, at 12:56 PM, Santiago Aguiar wrote:
Hi,
Jerry Leichter wrote:
Not specifically, but you can simply take the first 64 bits from a
larger cryptographically secure hash function.
OK, I didn't know if it was right to do just that. We were thinking
to use that hash in an HMAC so
Ali, Saqib wrote:
A new protocol aims to protect privacy while allowing organizations to
share valuable information:
http://www.technologyreview.com/communications/22238/?a=f
Any links to the actual protocol itself? The article is a little
vague on details. Thanks.
I did not see any discussi
John Ioannidis wrote:
Just don't do it. If you are going to spend your energy on anything,
it should be to work against such a plan.
I would agree, but I fear that a "this is never going to work, drop it"
will be less heard than any effort in at least trying to raise the bar
for an attack.
T
As it has been pointed out numerous times on this and other places, this
is a singularly bad idea.
The crypto isn't even the hardest part (and it's hard enough).
Just don't do it. If you are going to spend your energy on anything, it
should be to work against such a plan.
/ji
-
Travis wrote:
> Hello,
>
> Recently I set up certificates for my server's SSL, SMTP, IMAP, XMPP,
> and OpenVPN services. Actually, I created my own CA for some of the
> certificates, and in other cases I used self-signed. It took me
> substantially more time than I had anticipated, and I'm left
A new protocol aims to protect privacy while allowing organizations to
share valuable information:
http://www.technologyreview.com/communications/22238/?a=f
saqib
http://www.capital-punishment.net
-
The Cryptography Mailing List
On Mon, Mar 02, 2009 at 05:35:20PM +0100, Marcus Brinkmann wrote:
> Travis wrote:
> > Further, trying to dig into ASN.1 was extremely difficult. The specs
> > are full of obtuse language, using terms like "object" without
> > defining them first. Are there any tools that will dump certificates
>
Hi,
Jerry Leichter wrote:
Not specifically, but you can simply take the first 64 bits from a
larger cryptographically secure hash function.
OK, I didn't know if it was right to do just that. We were thinking to
use that hash in an HMAC so the TCU and SO can know that they were
originated from
On Feb 27, 2009, at 2:13 PM, Santiago Aguiar wrote:
* Is there any standard cryptographic hash function with an output
of about 64 bits? It's OK for our scenario if finding a preimage for
a particular signature takes 5 days. Not if it takes 5 minutes.
Not specifically, but you can simply take
Travis wrote:
> Recently I set up certificates for my server's SSL, SMTP, IMAP, XMPP,
> and OpenVPN services. Actually, I created my own CA for some of the
> certificates, and in other cases I used self-signed. It took me
> substantially more time than I had anticipated, and I'm left with
> feeli
Hello,
Recently I set up certificates for my server's SSL, SMTP, IMAP, XMPP,
and OpenVPN services. Actually, I created my own CA for some of the
certificates, and in other cases I used self-signed. It took me
substantially more time than I had anticipated, and I'm left with
feelings of unease.
FYI.
Original Message
Subject: New W3C XML Security Specifications
Date: Fri, 27 Feb 2009 14:10:04 -0500
From: Sean Mullan
Reply-To: security-...@xml.apache.org
To: security-...@xml.apache.org
The W3C XML Security Working Group has just released 7 first public working
drafts o
I'm afraid this email will probably will be a) flamed away (because it's
not from a cryptographer, but forced to do crypto-things, and I do know
your opinion about this matter...) b) ignored (same reason!). I'm
sending it anyway because any kind of feedback would be welcomed ;), and
the situati
"James A. Donald" writes:
>The interesting thing is that it and similar phishes do not seem to have been
>all that successful - few people seemed to notice at all, the general
>reaction being to simply hit the spam key reflexively, much as people click
>away popup warnings reflexively, and are un
On Sat, 21 Feb 2009 11:33:32 -0800
Ed Gerck wrote:
> I submit that the most important password problem is not that someone
> may find it written somewhere. The most important password problem is
> that people forget it. So, writing it down and taking the easy
> precaution of not keeping next t
16 matches
Mail list logo
