Re: [Cryptography] Aside on random numbers (was Re: Opening Discussion: Speculation on "BULLRUN")

On Sep 6, 2013, at 10:03 AM, Perry E. Metzger wrote: > Naively, one could take a picture of the dice and OCR it. However, > one doesn't actually need to OCR the dice -- simply hashing the > pixels from the image will have at least as much entropy if the > position of the dice is recognizable from

GSM eavesdropping

"...In his presentation at the Black Hat Conference, German GSM expert Karsten Nohl presented a tool he calls Kraken, which he claims can crack the A5/1 encryption used for cell phone calls within seconds." http://www.h-online.com/security/news/item/Quickly-decrypting-cell-phone-calls-1048850.ht

Re: What if you had a very good patent lawyer...

On Jul 22, 2010, at 8:59 PM, John Gilmore wrote: > It's pretty outrageous that anyone would try to patent rolling barcoded > dice to generate random numbers. > > I've been generating random strings from dice for years. I find that > gamers' 20-sided dice are great; each roll gives you a hex dig

Re: Secret Lock Detecting Lock

On Nov 9, 2009, at 9:25 AM, "mhey...@gmail.com" wrote: From Unlock your door with a secret knock. Prior to watching the video I said to myself, "Great, now I can break into most of the homes on my block with 'Shave and a haircut, 2 bits'".

Re: consulting question.... (DRM)

This is getting a bit far afield from cryptography, but proper threat analysis is still relevant. On May 27, 2009, at 4:07 AM, Ray Dillinger wrote: On Tue, 2009-05-26 at 18:49 -0700, John Gilmore wrote: It's a little hard to help without knowing more about the situation. I.e. is this a softw

Re: Permanent Privacy - Snake Oil or unbreakable encryption?

On Jul 7, 2008, at 10:54 AM, Ali, Saqib wrote: Quoting the Foxbusiness article: "PermanentPrivacy announces the world's first practical data encryption system that is absolutely unbreakable. And is offering a $1,000,000 challenge to anyone who can crack it. Permanent Privacy (patent pending)

Re: delegating SSL certificates

On Mar 17, 2008, at 10:06 AM, Leichter, Jerry wrote: | >> So at the company I work for, most of the internal systems have | >> expired SSL certs, or self-signed certs. Obviously this is bad. | > | >You only think this is bad because you believe CAs add some value. | | Presumably the value they

Re: Fixing SSL (was Re: Dutch Transport Card Broken)

On Feb 11, 2008, at 8:28 AM, Philipp Gühring wrote: I had the feeling that Microsoft wants to abandon the usage of client certificates completely, and move the people to CardSpace instead. But how do you sign your emails with CardSpace? CardSpace only does the realtime authentication part of

Re: Cryptome cut off by NTT/Verio

On Apr 29, 2007, at 11:47 AM, Perry E. Metzger wrote: Slightly off topic, but not deeply. Many of you are familiar with John Young's "Cryptome" web site. Apparently NTT/Verio has suddenly (after many years) decided that Cryptome violates the ISP's AUP, though they haven't made it particularly

Surprise! Another serious hole in Diebold voting machines...

...okay, not so much surprise. [...] Scientists said Diebold appeared to have opened the hole by making it as easy as possible to upgrade the software inside its machines. The result, said Iowa's Jones, is a violation of federal voting system rules. "All of us who have heard the

Re: Cisco VPN password recovery program

On Oct 19, 2005, at 10:29 AM, Perry E. Metzger wrote: Via cryptome: http://evilscientists.de/blog/?page_id=343 The Cisco VPN Client uses weak encryption to store user and group passwords in your local profile file. I coded a little tool to reveal the saved passwords from a given pr