Re: cleversafe says: 3 Reasons Why Encryption is Overrated

2009-08-09 Thread james hughes
On Aug 6, 2009, at 1:52 AM, Ben Laurie wrote: Zooko Wilcox-O'Hearn wrote: I don't think there is any basis to the claims that Cleversafe makes that their erasure-coding (Information Dispersal)-based system is fundamentally safer, e.g. these claims from [3]: a malicious party cannot recreate

Re: Client Certificate UI for Chrome?

2009-08-09 Thread James A. Donald
Peter Gutmann wrote: This is predicated on the assumption that it's possible to make certificates usable for general users. All the empirical evidence we have to date seems to point to this not being the case. Wouldn't it be better to say What can we do to replace certificates with

Re: Client Certificate UI for Chrome?

2009-08-09 Thread James A. Donald
Thomas Hardjono wrote: Having worked at a large CA for along time (trying to push for client-side certs with little luck), here are some thoughts on what Chrome could provide: There are use cases where a centralized authority is useful. Client side is not one of them. Typical usage is is

Re: cleversafe says: 3 Reasons Why Encryption is Overrated

2009-08-09 Thread Zooko Wilcox-O'Hearn
[dropping tahoe-dev from Cc:] On Thursday,2009-08-06, at 2:52 , Ben Laurie wrote: Zooko Wilcox-O'Hearn wrote: I don't think there is any basis to the claims that Cleversafe makes that their erasure-coding (Information Dispersal)-based system is fundamentally safer ... Surely this is

All your notebook belong to us

2009-08-09 Thread Jerry Leichter
Just about all notebooks shipped in the last 5 years or more contain a helpful bit of code in the BIOS that allows for remote tracing in case of theft. Unfortunately, it's got serious security holes, allowing it to be used for much more nefarious purposes - like rootkits that survive disk

Re: cleversafe says: 3 Reasons Why Encryption is Overrated

2009-08-09 Thread Zooko Wilcox-O'Hearn
[dropped tahoe-dev from Cc:] On Thursday,2009-08-06, at 17:08 , james hughes wrote: Until you reach the threshold, you do not have the information to attack. It becomes information theoretic secure. This is true for information-theoretically secure secret sharing, but not true for

Re: cleversafe says: 3 Reasons Why Encryption is Overrated

2009-08-09 Thread Jerry Leichter
3. Cleversafe should really tone down the Fear Uncertainty and Doubt about today's encryption being mincemeat for tomorrow's cryptanalysts. It might turn out to be true, but if so it will be due to cryptanalytic innovations more than due to Moore's Law. And it might not turn out like