i am not sure what you mean by crypto component services. Can you
please elaborate?
saqib
http://www.full-disk-encryption.net
On 4/16/07, Travis H. [EMAIL PROTECTED] wrote:
So back when I was reading about secure logging I thought it'd be
a fun service to offer, but it doesn't seem like a
A notable mention is http://www.cryptophone.com/ . They are the only
secure phone provider that allows for independent review of the source
code.
On 4/30/07, Steven M. Bellovin [EMAIL PROTECTED] wrote:
According to an NY Times article
I was recently asked why not just deploy a Enterprise Right Management
solution instead of using various encryption tools to prevent data
leaks.
Any thoughts?
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
Allen,
I am not sure what you are trying to achieve. The CA never has your
private key. They are just signing a X.509 certificate that holds your
public key. This way they are vouching that that you own the public.
Even if you subpoena a CA they won't be able to decrypt any
information encrypted
US Government has select 9 security vendors that will product drive
and file level encryption software.
See:
http://security-basics.blogspot.com/2007/06/fde-fde-solutions-selected-for-us.html
OR
http://tinyurl.com/2xffax
-
The
There is a opensource implementation available:
http://point-at-infinity.org//
On 6/13/07, Charles Jackson [EMAIL PROTECTED] wrote:
A quick question.
Is anyone aware of a commercial product that implements secret sharing? If
so, can I get a pointer to some product literature?
--
Saqib
- Quantum Cryptography is fiction (strictly claims that it solves
an applied problem are fiction, indisputably interesting Physics).
Well that is a broad (and maybe unfair) statement.
Quantum Key Distribution (QKD) solves an applied problem of secure key
distribution. It may not be
...whereas the key distribution systems we have aren't affected by
eavesdropping unless the attacker has the ability to perform 2^128 or
more operations, which he doesn't.
Paul: Here you are assuming that key exchange has already taken place.
But key exchange is the toughest part. That is where
On 8/17/07, Ivan Krstic [EMAIL PROTECTED] wrote:
How so? If your computer goes bad, you need a *backup*. That's
entirely orthogonal to the drive encryption problem.
One of the functions provided by the TPM is to wrap/bind and store the
bulk encryption keys. Now let's us say the mother board or
I still don't follow. BitLocker explicitly includes a (optionally
file-based) recovery password. If you want central management, why
not centrally manage _that_?
On if MS provided some way to manage them centrally. Using a encrypted
DB to manually store the keys in it, is simply not feasible.
On 9/11/07, Aram Perez [EMAIL PROTECTED] wrote:
The world's most secure USB Flash Drive: https://www.ironkey.com/demo.
you didn't explain why it is a Snake Oil Candidate..
-
The Cryptography Mailing List
Unsubscribe by
On 13 Sep 2007 13:45:42 -, John Levine [EMAIL PROTECTED] wrote:
I always understood snake oil crypto to refer to products that were of
no value to anyone, e.g., products that claim to have secret
unbreakable encryption, million bit keys, or one time pads produced
by PRNGs.
hear hear!
I
I think the really interesting question is what happens when you lose
a FDE-ed hard drive. Do you still need to publish the incident and
contact potentially affected individuals? If the answer is no, I'm
sure this technology will be quickly adopted, independently of its
actual
security solution and they don't realize that the state of the art
has already shifted under their feet.
Arshad Noor
StrongAuth, Inc.
- Original Message -
From: Steven M. Bellovin [EMAIL PROTECTED]
On Mon, 18 Jun 2007 22:57:36 -0700
Ali, Saqib [EMAIL PROTECTED] wrote:
US Government
On 10/22/07, Ian G [EMAIL PROTECTED] wrote:
Peter Gutmann wrote:
http://www.lafdc.com/captcha/ is a site that sells commercial
CAPTCHA-breaking
software.
The complexity of some the captchas shown on this web-site made me
think. We have gone to such extents to prevent against spammers.
I a good artikle about Storm worm in Guardian:
http://observer.guardian.co.uk/business/story/0,,2195730,00.html
saqib
http://security-basics.blogspot.com/2007/10/execute-spammers.html
-
The Cryptography Mailing List
Unsubscribe
How will this be any different from being a member of ISC2 or ISACA?
Why do we need to be a member of yet another organization?
saqib
http://www.quantumcrypto.de/dante/
On Dec 12, 2007 12:21 PM, Alex Alten [EMAIL PROTECTED] wrote:
Would anyone on this list be interested in forming a USA
University of Illinois will hold a talk on Electronic Voting: Danger
and Opportunity. Professor Edward W. Felten of Princeton University
will be speaking.See:
http://webtools.uiuc.edu/calendar/Calendar?calId=504eventId=78090ACTION=VIEW_EVENT
saqib
http://www.quantumcrypto.de/dante/
See:
http://msl1.mit.edu/furdlog/?p=6538
And Foxtrot on DMCA:
http://www.gocomics.com/foxtrot/2007/12/30/
And Opus on e-books:
http://www.salon.com/comics/opus/2007/12/30/opus/
saqib
http://www.quantumcrypto.de/dante/
-
The
can anyone please shed more light on this patent. It seems like a
patent on the simple process of cryptographic erase..
saqib
http://www.full-disk-encryption.net/wiki
On Jan 22, 2008 7:29 PM, Perry E. Metzger [EMAIL PROTECTED] wrote:
http://www.google.com/patents?vid=USPAT6993661
I installed TrueCrypt on my laptop and ran some benchmark tests/
Benchmark Results:
http://www.full-disk-encryption.net/wiki/index.php/TrueCrypt#Benchmarks
Pros:
1) Easy to use product. Simple clean interface. Very user-friendly!
2) Free and Open Source
3) Multiple Encryption and Hashing
interesting paper. but i fail to see how this could be deadly (as
the author puts it) to the disk encryption products.
This methods requires the computer to be recently turned-on and unlocked.
So the only way it would work is that the victim unlocks the disks
i.e. enter their preboot password
(Seagate FDE)
would easily deter this type of attacks, because in a Seagate FDE
drive the decryption key never gets to the DRAM. The keys always
remain in the Trusted ASIC on the drive.
On Thu, Feb 21, 2008 at 11:51 AM, Perry E. Metzger [EMAIL PROTECTED] wrote:
Ali, Saqib [EMAIL PROTECTED] writes
PROTECTED] wrote:
Ali, Saqib [EMAIL PROTECTED] writes:
How about TPM? Would this type of attack work on a tamper-resistant ver1.2
TPM?
The phrase is tamper resistant, not tamper proof. Depending on how
determined your attackers are, pretty much anything depending on
tamper resistant
Umm, pardon my bluntness, but what do you think the FDE stores the key
in, if not DRAM? The encrypting device controller is a computer system
with a CPU and memory. I can easily imagine what you'd need to build
to do this to a disk drive. This attack works on anything that has RAM.
How
I believe ISC2 (https://www.isc2.org/ ) did some testing and published
their findings. Maybe someone from ISC2 on this list can give you the
exact reference to that material.
saqib
http://doctrina.wordpress.com/
On Mon, Mar 31, 2008 at 11:10 AM, Danilo Gligoroski
[EMAIL PROTECTED] wrote:
Hi,
Dr. Helen Nissenbaum of NYU gave an extremely interesting, engaging
and stimulating lecture entitled Privacy in Context at UC Berkeley:
http://security-basics.blogspot.com/2008/04/fde-privacy-as-contextual-integrity.html
(audio recording and lecture notes)
See:
http://babelsecure.com/challenge.aspx
Snake-oil sales pitch:
The creators of BabelSecure are so confident in the ability and
security of Samurai, they have created the Turing Challenge. The first
individual or team to break the following code will earn $5000
saqib
Not exactly related to Malicious Hardware/Software discussion, but
interesting nonetheless:
http://blog.wired.com/defense/2008/04/the-case-of-the.html
http://spectrum.ieee.org/may08/6171
saqib
http://doctrina.wordpress.com/
-
Edwards said the Seagate hard drive -- which was
about eight years old in 2003 -- featured much
greater fault tolerance and durability than current
hard drives of similar capacity.
I am not so sure about this statement. The newer drives are far more
ruggedized and
Check out http://www.numenta.com/ . They have an SDK that you d/l and
play with it.
saqib
http://doctrina.wordpress.com/
On Fri, May 16, 2008 at 8:36 AM, Allen [EMAIL PROTECTED] wrote:
Hi gang,
In looking at captchas that have been broken via software it dawned on me
that the amount of
Actually the correct URL is:
http://www.sscnet.ucla.edu/geog/gessler/collections/cryptology.htm
On Wed, Jun 4, 2008 at 1:59 PM, Ali, Saqib [EMAIL PROTECTED] wrote:
Here is another site that has a lot more details and photographs:
http://www.sscnet.ucla.edu/geog/gessler/collections/crypto
Here is another site that has a lot more details and photographs:
http://www.sscnet.ucla.edu/geog/gessler/collections/crypto-hebern.htm
saqib
http://doctrina.wordpress.com/
-
The Cryptography Mailing List
Unsubscribe by sending
Quoting the Foxbusiness article:
PermanentPrivacy announces the world's first practical data
encryption system that is absolutely unbreakable. And is offering a
$1,000,000 challenge to anyone who can crack it.
Permanent Privacy (patent pending) has been verified by Peter
Schweitzer, one of
This reads like snake oil.
http://www.foxbusiness.com/story/hackers-hell-privacy-compromised/
This reads like a pump'n'dump stock scam.
zdnet tries to expose the snake-oil crypto and the pump'n'dump stock scam:
http://blogs.zdnet.com/security/?p=1448
good start. but i think they could have
Dutch chipmaker NXP Semiconductors has sued a university in The
Netherlands to block publication of research that details security
flaws in NXP's Mifare Classic wireless smart cards, which are used in
transit and building entry systems around the world.
More at:
Latest updates (17.07.08):
Dutch courts OKs publishing how to hack NXP chip
http://uk.reuters.com/article/governmentFilingsNews/idUKL186838820080718
saqib
http://doctrina.wordpress.com/
-
The Cryptography Mailing List
JOLT's coverage of the topic and some new updates:
http://jolt.law.harvard.edu/digest/district-courts/mbta-v-anderson
saqib
http://doctrina.wordpress.com/
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
A informative blog post on the topic of cryptanalysis by Mark
Chu-Carroll of Google:
http://scienceblogs.com/goodmath/2008/08/introducing_cryptanalysis.php
saqib
http://doctrina.wordpress.com/
-
The Cryptography Mailing List
An employee has no reasonable expectation of privacy in personal files
stored on a company-owned computer and an employer's consent makes a
police search lawful, an appeals court says in a ruling of first
impression in New Jersey.
We conclude ... that neither the law nor society recognize as
to make it easy to login to participating web sites. However, I don't
see any details of the protocols or algorithms.
The service looks very user friendly and secure (i.e. if implemented properly)
It is unfortunate that being a security aware company they don't
provide information about the
Does anyone have more info on the following:
http://snurl.com/75m3f
I couldn't find any other article that talked about it. The pay per
news is the only item I found.
-
The Cryptography Mailing List
Unsubscribe by sending
Source:
http://bits.blogs.nytimes.com/2008/12/22/d-wave-arms-smoking-gun-proof-of-quantum-computer/
Once D-Wave collects the results of the simulations and processes the
information, it will compare the simulation against an actual run of
its latest quantum computer, which should be completed in
Britain's House of Lords Constitution Committee released a report
Friday saying that the country's use of widespread video surveillance
and personal data collection pose a threat to citizens' privacy and
freedom. The committee said that while such surveillance and data
collection could serve
A new protocol aims to protect privacy while allowing organizations to
share valuable information:
http://www.technologyreview.com/communications/22238/?a=f
saqib
http://www.capital-punishment.net
-
The Cryptography Mailing
Here is a response to Jon Callas' The Strange Rise and Fall of
Hardware Disk Encryption[1]:
http://security-basics.blogspot.com/2009/04/re-fde-mgiebelpgpcom-has-shared-strange_6682.html
1.
http://blog.pgp.com/index.php/2009/04/the-strange-rise-and-fall-of-hardware-disk-encryption/
On the Internet, nobody knows you’re a dog, as the New Yorker cartoon
famously said. But what if, while you are surfing, you want to prove
your pedigree?
Equifax, the big credit agency that already knows more about your flea
count than you do, wants to help. :
NIST has published a working draft of the Cloud Computing Security presentation:
http://csrc.nist.gov/groups/SNS/cloud-computing/index.html
Both of the documents on this page are excellent read for anyone
interested in Cloud Computing.
Some of the Security Advantages mentioned in the
Read more:
http://www.nytimes.com/2009/07/07/us/07numbers.html?_r=2ref=instapundit
saqib
http://www.capital-punishment.us
[Moderator's note: this isn't really a weakness in SSNs, unless you're
stupid enough to use them as a password -- which we already knew was
bad. None the less, interesting
Since we are on this topic:
You don’t need to be a crowned Ranger class master hacker to sneak
into someone’s email or facebook account these days. Which means that
you’re not simply being a nervous nellie if you’re worried about
security.
In fact, users of public WiFi should be worried. If you
The researchers said they had struck upon a unique approach that
relies on “shattering” an encryption key that is held by neither party
in an e-mail exchange but is widely scattered across a peer-to-peer
file sharing system.
The pieces of the key, small numbers, tend to “erode” over time as
they
Online demo of Vanish:
http://regina.cs.washington.edu/cgi-bin/vanishservice.py
saqib
http://kawphi.blogspot.com
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Why Cloud Computing Needs More Chaos:
http://www.forbes.com/2009/07/30/cloud-computing-security-technology-cio-network-cloud-computing.html
[Moderator's note: It is not supposed to be the moderator's job to read
a link and then summarize for the readers it is interesting to click
on. In the
If you (or anyone on this forum) know of technology that allows the
application to gain access to the crypto-hardware after an unattended
reboot - but can prevent an attacker from gaining access to those keys
after compromising a legitimate ID on the machine
This is the conundrum of the of
[Moderator's note: I don't want an extended discussion on this topic,
but I'll allow this one message through. --Perry]
Another fine example of throwing cryptography at a behavioral problem.
And why should I trust a 3rd party server to protect the encryption
keys
I know that Facebook
Good read:
http://www.businessweek.com/technology/content/sep2009/tc20090930_463595.htm
For more info:
http://www-03.ibm.com/press/us/en/pressrelease/27840.wss
http://portal.acm.org/citation.cfm?id=1536414.1536440
This is just a proof of possibility, not (yet) feasibility.
saqib
http://www.technologyreview.com/web/23836/
saqib
http://replaycall.com
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Followup from the workshop:
http://www.technologyreview.com/computing/23951/
saqib
http://enterprise20.squarespace.com
On Thu, Nov 12, 2009 at 1:23 PM, Ali, Saqib docbook@gmail.com wrote:
ACM Workshop on November 13th (yes it is Friday the 13th) will cover the the
topic of Searching
Two years after Dr. Craig Gentry of IBM published the proof for fully
homomorphic encryption, Microsoft has come up with a prototype that
utilizes the technique:
http://www.technologyreview.com/computing/38239/page1/
saqib
http://redscarfvestpink.appspot.com/
59 matches
Mail list logo