Re: TLS man in the middle

2009-11-08 Thread Sandy Harris
On 11/6/09, mhey...@gmail.com mhey...@gmail.com wrote: From http://www.ietf.org/mail-archive/web/tls/current/msg03928.html and http://extendedsubset.com/?p=8 From what I gather, when TLS client certificates are used, an attacker can post a command to a victim server and have it

Re: Truncating SHA2 hashes vs shortening a MAC for ZFS Crypto

2009-11-08 Thread David-Sarah Hopwood
Nicolas Williams wrote: On Tue, Nov 03, 2009 at 07:28:15PM +, Darren J Moffat wrote: Nicolas Williams wrote: Interesting. If ZFS could make sure no blocks exist in a pool from more than 2^64-1 transactions ago[*], then the txg + a 32-bit per-transaction block write counter would suffice.

Crypto dongles to secure online transactions

2009-11-08 Thread John Levine
At a meeting a few weeks ago I was talking to a guy from BITS, the e-commerce part of the Financial Services Roundtable, about the way that malware infected PCs break all banks' fancy multi-password logins since no matter how complex the login process, a botted PC can wait until you login, then

Re: Security of Mac Keychain, Filevault

2009-11-08 Thread James A. Donald
Jerry Leichter wrote: NFC? Near Field Communications - the wireless equivalent of whispering in someone's ear. Ideally, a NFC chip should only be able to talk to something that is an inch or so away, and it should be impossible to eavesdrop from more than a foot or so away. Lots of people

hedging our bets -- in case SHA-256 turns out to be insecure

2009-11-08 Thread Zooko Wilcox-O'Hearn
Folks: We're going to be deploying a new crypto scheme in Tahoe-LAFS next year -- the year 2010. Tahoe-LAFS is used for long-term storage, and I won't be surprised if people store files on Tahoe-LAFS in 2010 and then rely on the confidentiality and integrity of those files for many