Nominum says it has secret advantages over Bind

2009-09-28 Thread Perry E. Metzger
More security and security politics than crypto, but I thought this was rather interesting to this community: Nominum's Jon Shalowitz is interviewed on why you should buy Nominum's stuff over using open source, oh, pardon, freeware[sic] software: Q: What characterises that open-source,

AES in stick figures

2009-09-28 Thread mhey...@gmail.com
A Stick Figure Guide to the Advanced Encryption Standard (AES) (A play in 4 acts) http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html -Michael Heyman - The Cryptography Mailing List Unsubscribe by sending

Re: FileVault on other than home directories on MacOS?

2009-09-28 Thread james hughes
On Sep 22, 2009, at 5:57 AM, Darren J Moffat wrote: Ivan Krsti wrote: TrueCrypt is a fine solution and indeed very helpful if you need cross-platform encrypted volumes; it lets you trivially make an encrypted USB key you can use on Linux, Windows and OS X. If you're *just* talking about

Re: FileVault on other than home directories on MacOS?

2009-09-28 Thread Jacob Appelbaum
Ivan Krstić wrote: On Sep 22, 2009, at 5:57 AM, Darren J Moffat wrote: There is also a sleep mode issue identified by the NSA Unlike FileVault whose keys (have to) persist in memory for the duration of the login session, individual encrypted disk images are mounted on demand and their keys

Re: FileVault on other than home directories on MacOS?

2009-09-28 Thread Darren J Moffat
james hughes wrote: TrueCrypt on the other hand uses AES in XTS mode so you get confidentiality and integrity. Technically, you do not get integrity. With XTS (P1619, narrow block tweaked cipher) you are not notified of data integrity failures, but these data integrity failures have a much

[Barker, Elaine B.] NIST Publication Announcements

2009-09-28 Thread Perry E. Metzger
Forwarded: From: Barker, Elaine B. elaine.bar...@nist.gov To: Barker, Elaine B. elaine.bar...@nist.gov Date: Thu, 24 Sep 2009 15:54:18 -0400 Subject: NIST Publication Announcements NIST announces the completion of two NIST Special Publications (SPs): SP 800-56B, Recommendation for Pair-Wise Key

Interesting way of protecting credit card data on untrusted hosts

2009-09-28 Thread Peter Gutmann
A Canadian company called SmartSwipe has come up with an interesting way to protect credit card numbers from most man-in-the-browser attacks. What they do is install a Windows CSP (cryptographic service provider) that acts as a proxy to an external mag-stripe reader with built-in crypto

Re: SHA-1 and Git (was Re: [tahoe-dev] Tahoe-LAFS key management, part 2: Tahoe-LAFS is like encrypted git)

2009-09-28 Thread Fuzzy Hoodie-Monster
On Mon, Sep 7, 2009 at 6:02 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: That's a rather high cost to pay just for the ability to make a crypto fashion statement.  Even if the ability to negotiate hash algorithms had been built in from the start, this only removes the

OTR splicer for Skype ?

2009-09-28 Thread Alec Muffett
I found the following Adium-based solution for layering OTR atop Skype IM: http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2008-06/msg00224.html ...and was wondering whether anyone has generalised this by creating some open-source, standalone, simple application which talks to the