Peter Fairbrother writes:
>If you just want a down-and-dirty 2048-bit FS solution which will work today,
>why not just have the websites sign a new RSA-2048 sub-certificate every day?
>Or every few hours? And delete the secret key, of course.
... and I guess that puts you firmly in the theoretic
On 22/09/13 03:07 AM, Patrick Pelletier wrote:
On 9/14/13 11:38 AM, Adam Back wrote:
Tin foil or not: maybe its time for 3072 RSA/DH and 384/512 ECC?
I'm inclined to agree with you, but you might be interested/horrified in
the "1024 bits is enough for anyone" debate currently unfolding on the
> "Patrick" == Patrick Pelletier writes:
> On 9/14/13 11:38 AM, Adam Back wrote:
>> Tin foil or not: maybe its time for 3072 RSA/DH and 384/512 ECC?
> I'm inclined to agree with you, but you might be interested/horrified
> in the "1024 bits is enough for anyone" debate currently unfolding o
I think, if we are about redesigning and avoiding the failures of the
past, we have to unravel the false assumptions of the past...
On 20/09/13 01:21 AM, Phillip Hallam-Baker wrote:
...
Bear in mind that securing financial transactions is exactly what we
designed the WebPKI to do and it work
On 23/09/13 09:47, Peter Gutmann wrote:
Patrick Pelletier writes:
I'm inclined to agree with you, but you might be interested/horrified in the
"1024 bits is enough for anyone" debate currently unfolding on the TLS list:
That's rather misrepresenting the situation. It's a debate between two
Patrick Pelletier writes:
>I'm inclined to agree with you, but you might be interested/horrified in the
>"1024 bits is enough for anyone" debate currently unfolding on the TLS list:
That's rather misrepresenting the situation. It's a debate between two
groups, the security practitioners, "we'd
On 22/09/13 16:43 PM, Jerry Leichter wrote:
On Sep 20, 2013, at 2:08 PM, Ray Dillinger wrote:
More fuel for the fire...
http://rt.com/usa/nsa-weak-cryptography-rsa-110/
RSA today declared its own BSAFE toolkit and all versions of its
Data Protection Manager insecure, recommending that all cust
On Sep 22, 2013, at 7:56 PM, d.nix wrote:
> ...If for example, the paper regarding manipulating the RNG circuit by
> alternate chip doping is valid, then an adversary with deep pockets
> and vast resources might well be able remotely target specific systems
> on demand. Possibly even air gapped one
Op 20 sep. 2013, om 14:55 heeft Phillip Hallam-Baker het
volgende geschreven:
> On Fri, Sep 20, 2013 at 4:36 AM, Dirk-Willem van Gulik
> wrote:
>
> Op 19 sep. 2013, om 19:15 heeft Phillip Hallam-Baker het
> volgende geschreven:
>
> > Let us say I want to send an email to al...@example.com
So we think there is 'some kind' of backdoor in a random number generator.
One question is how the EC math might make that possible. Another is how
might the door be opened.
I was thinking about this and it occurred to me that it is fairly easy to
get a public SSL server to provide a client with
On Sep 21, 2013, at 10:05 PM, d.nix wrote:
> Hah hah hah. Uh, reading between the lines, color me *skeptical* that
> this is really what it claims to be, given the current understanding
> of things...
>
> http://www.intel.com/content/www/us/en/enterprise-security/what-is-vpro-technology-video.html
Tim,
> With all due respect, most of the points you make are ridiculous.
Could you please explain why you think they are ridiculous.
> For example, you point out that the certified C compiler will not
> make any guarantees about code that relies on undefined behavior.
> Well, of course! Being ce
On 9/21/13 at 5:07 PM, c...@funwithsoftware.org (Patrick
Pelletier) wrote:
I'm inclined to agree with you, but you might be
interested/horrified in the "1024 bits is enough for anyone"
debate currently unfolding on the TLS list:
http://www.ietf.org/mail-archive/web/tls/current/msg10009.html
On 09/22/2013 01:07 AM, Patrick Pelletier wrote:
> "1024 bits is enough for anyone"
That's a mischaracterisation I think. Some folks (incl. me)
have said that 1024 DHE is arguably better that no PFS and
if current deployments mean we can't ubiquitously do better,
then we should recommend that as
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- Original Message
Subject: Re: What is Intel® Core™ vPro™ Technology Animation
Date: Mon, 23 Sep 2013 05:56:48 +0200
From:
To: cypherpu...@cpunks.org
Security Evaluation of Intel's Active Management Technology
VASSILIOS VERVERIS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 9/22/2013 2:23 PM, Jerry Leichter wrote:
> On Sep 21, 2013, at 10:05 PM, d.nix wrote:
>> Hah hah hah. Uh, reading between the lines, color me *skeptical*
>> that this is really what it claims to be, given the current
>> understanding of things...
On Sat, Sep 21, 2013 at 05:07:02PM -0700, Patrick Pelletier wrote:
> and there was a similar discussion on the OpenSSL list recently,
> with GnuTLS getting "blamed" for using the ECRYPT recommendations
> rather than 1024:
>
> http://www.mail-archive.com/openssl-users@openssl.org/msg71899.html
Gn
On Sep 18, 2013, at 3:27 PM, Kent Borg wrote:
> You foreigners actually have a really big vote here. All those US internet
> companies want your business, and as you get no protections, in the current
> scheme, not even lip-service, you should look for alternatives. As you do,
> this puts pr
18 matches
Mail list logo