Tim Dierks wrote:
At 09:11 AM 6/3/2003, Peter Gutmann wrote:
Lucky Green [EMAIL PROTECTED] writes:
Given that SSL use is orders of magnitude higher than that of SSH, with no
change in sight, primarily due to SSL's ease-of-use, I am a bit puzzled by
your assertion that ssh, not SSL, is
Ben Laurie wrote:
James A. Donald wrote:
I do not see how this flaw can be avoided unless one
consciously takes special measures that the development
environment is not designed or intended to support.
The obvious answer is you always switch to a new session after login.
Nothing
http://sslbar.metropipe.net/
Fantastic news: coders are starting to work
on the failed security model of secure browsing
and improve it where it matters, in the browser.
This plugin for Mozilla shows the SSL certificate's
fingerprint on the web browser's toolbar.
It's a small step for the
[EMAIL PROTECTED] wrote:
How many users can remember MD5 checksums??? If they were rendered into
something pronounceable via S/Key like dictionaries it might be more
useful...
You forgot this bit:
It's a small step for the user, but a giant leap
for userland security. It means that
Steven M. Bellovin wrote:
Please don't take this personally...
None taken here, and I doubt that the author
of the tool (who has just joined this list
it seems) would take any!
From a security point of view, why should anyone download any plug-in
from an unknown party? In this very specific
Marc Branchaud wrote:
Ian Grigg wrote:
Tying the certificate into the core crypto protocol seems to be a
poor design choice; outsourcing any certification to a higher layer
seems to work much better out in the field.
I'll reserve judgement about the significance of SSLBar, but I
Tim Dierks wrote:
...
the fact that the private key, is, in essence, escrowed by the trusted
third party, causes me to believe that this system doesn't fill an
important unmet need.
I'm not sure that's the case!
There are some markets out there where there are some
contradictory rules. By
Eric Rescorla wrote:
You keep harping on certs, but that's fundamentally not relevant to
the point I was trying to make,
OK!
which is whether or not one provides
proper message integrity and anti-replay. As far as I'm concerned,
there are almost no situations in which not providing those
[EMAIL PROTECTED] wrote:
A YURL aware search engine may find multiple independent references to a
YURL, thus giving you parallel reporting channels, and increasing trust.
Of course, this method differs from the YURL method for trust. The
parallel channel method assigns a trust value to a site
Peter Gutmann wrote:
Hadmut Danisch [EMAIL PROTECTED] writes:
There was an interesting speech held on the Usenix conference by Eric
Rescorla (http://www.rtfm.com/TooSecure-usenix.pdf, unfortunately I did not
have the time to visit the conference) about cryptographic (real world)
protocols
Does anyone have any pointers to the SSL threat model?
I have Eric Rescorla's book and slides talking about the
Internet threat model.
The TLS RFC (http://www.faqs.org/rfcs/rfc2246.html) says
nothing about threat models that I found.
iang
Eric Rescorla wrote:
Ian Grigg [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
...
The other thing to be aware of is that ecommerce itself
is being stinted badly by the server and browser limits.
There's little doubt that because servers and browsers
made poorly contrived
Ed,
I've left your entire email here, because it needs to
be re-read several times. Understanding it is key to
developing protocols for security.
Ed Gerck wrote:
Arguments such as we don't want to reduce the fraud level because
it would cost more to reduce the fraud than the fraud costs are
Trei, Peter wrote:
Why the heck would a government agency have to break the GSM encryption
at all?
Once upon a time, it used to be the favourite
sport of spy agencies to listen in on the
activities of other countries. In that case,
access to the radio waves was much more juicy
than access to
Anne Lynn Wheeler wrote:
The result is X9.59 which addresses all the major
exploits at both POS as well as internet (and not just credit, but debit,
stored-value, ACH, etc ... as well).
http://www.garlic.com/~lynn/index.html#x959
Lynn,
Whatever happened to x9.59?
Also, is there a
Eric Murray wrote:
For the record, AFAIK, this approach was invented and
deployed by Dr. Ian Brown as his undergraduate thesis,
back in 1996 or so.
Not to take anything away from Dr Brown, but I wrote something very
similar to what PGP's selling for internal use at SUN in 1995 (to
Has anyone reviewed Simon Singh's CD version
of The Code Book ?
=
http://www.simonsingh.net/The_CDROM.html
After 12 months of intense development, the interactive
CD-ROM version of The Code Book is now available. I might
be biased, but I think that it
someone wrote:
Hiya.
Dumb question. Why is the bad guy called Mallory in
this thread? I always thought that traditionally the
two correspondents were called Alice and Bob and that
the bad guy was called Eve. (As in, short for eavesdropper?).
Intercepting the bits and sending them is
Adam Back wrote:
You'd have thought there would be plenty of scope for certs to be sold
for a couple of $ / year.
Excuse me? Why are they being sold per year in the
first place?
It's not as if there are any root servers to run!
Outrageous!
:-)
iang
R. A. Hettinga wrote:
http://channels.netscape.com/ns/news/story.jsp?id=200309241951000228064dt=20030924195100w=RTRcoview=
Reliance on Microsoft called risk to U.S. security
But the security experts said the issue of computer security
had more to do with the ubiquity of Microsoft's
M Taylor wrote:
Oh, and they fixed their flaws. SSHv1 is not recommended for use at all,
and most systems use SSHv2 now which is based upon a draft IETF standard.
SSL went through SSLv1, SSLv2, SSLv3, TLSv1.0, and TLSv1.1 is a draft IETF
standard.
It is curious, is it not, that there has
Matt Blaze wrote:
I imagine the Plumbers Electricians Union must have used similar
arguments to enclose the business to themselves, and keep out unlicensed
newcomers. No longer acceptable indeed. Too much competition boys?
Rich,
Oh come on. Are you willfully misinterpreting what I
Don Davis wrote:
EKR writes:
I'm trying to figure out why you want to invent a new authentication
protocol rather than just going back to the literature ...
note that customers aren't usually dissatisfied with
the crypto protocols per se; they just want the
protocol's implementation to
Perry E. Metzger wrote:
...
Dumb cryptography kills people.
What's your threat model? Or, that's your threat
model?
Applying the above threat model as written up in
The Codebreakers to, for example, SSL and its
original credit card nreeds would seem to be a
mismatch.
On the face of it,
M Taylor wrote:
Stupid question I'm sure, but does TLS's anonymous DH protect against
man-in-the-middle attacks? If so, how? I cannot figure out how it would,
Ah, there's the rub. ADH does not protect against
MITM, as far as I am aware.
and it would seem TLS would be wide open to abuse
Roy M. Silvernail wrote:
On Wednesday 01 October 2003 17:33, R. A. Hettinga forwarded:
VeriSign tapped to secure Internet voting
The solution we are building will enable absentee voters to exercise
their right to vote, said George Schu, a vice president at VeriSign. The
sanctity of
Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], Ian Grigg writes:
M Taylor wrote:
MITM is a real and valid threat, and should be
considered. By this motive, ADH is not a recommended
mode in TLS, and is also deprecated.
Ergo, your threat model must include MITM, and you
Guus Sliepen wrote:
Some advice on licensing wouldn't go amiss either. (GPL? ... LGPL? ...
something else?)
I'd say LGPL or BSD, without any funny clauses.
With crypto code, we have taken the view that it
should BSD 2 clause. The reason for this is that
crypto code has enough other
Merchants who *really* rely on their web site being
secure are those that take instructions for the
delivery of value over them. It's a given that they
have to work very hard to secure their websites, and
it is instructive to watch their efforts.
The cutting edge in making web sites secure is
Arnold G. Reinhold wrote:
At 11:50 PM -0400 10/1/03, Ian Grigg wrote:
...
A threat must occur sufficiently in real use, and incur
sufficient costs in excess of protecting against it, in
order to be included in the threat model on its merits.
I think that is an excellent summation
Zooko O'Whielacronx wrote:
I imagine it might be nice to have Goal B achievable in a certain setting
where Goal A remains unachievable.
In a strictly theoretical sense, isn't this essentially
the job of the (perfect) TTP? At least that's the way
many protocols seem to brush away the
Jill Ramonsky wrote:
First, the primary design goal is simple to use.
This is the highest goal of all. If it is not simple
to use, it misses out on a lot of opportunities. And
missing out results in less crypto being deployed.
If you have to choose between simple-but-incomplete,
versus
Anton Stiglic wrote:
We need a practical system for anonymous/pseudonymous
credentials. Can somebody tell us, what's the state of
the art? What's currently deployed? What's on the
drawing boards?
The state of the art, AFAIK, is Chaum's credential system.
The state of the art is
Anne Lynn Wheeler wrote:
what i said was that it was specifying a simplified SSL/TLS based on the
business requirements for the primary use of SSL/TLS as opposed to a
simplified SSL/TLS based on the existing technical specifications and
existing implementations.
I totally agree that
Anton Stiglic wrote:
- Original Message -
From: Ian Grigg [EMAIL PROTECTED]
[...]
In terms of actual practical systems, ones
that implement to Brands' level don't exist,
as far as I know?
There were however several projects that implemented
and tested the credentials
Steve Schear wrote:
[I wonder what if any effect this might have on crypto patents, e.g.,
Chaumian blinding?]
My guess is, nix, nada. Patents are a red herring
in the blinding skirmishes, they became a convenient
excuse and a point to place the flag when rallying
the troops. The battle was
Anton Stiglic wrote:
- Original Message -
From: Peter Gutmann [EMAIL PROTECTED]
[...]
The problem is
that what we really need to be able to evaluate is how committed a vendor
is
to creating a truly secure product.
[...]
I agree 100% with what you said. Your 3 group
As many have decried in recent threads, it all
comes down the WYTM - What's Your Threat Model.
It's hard to come up with anything more important
in crypto. It's the starting point for ... every-
thing. This seems increasingly evident because we
haven't successfully reverse-engineered the threat
Minor errata:
Eric Rescorla wrote:
I totally agree that the systems are
insecure (obligatory pitch for my Internet is Too
Secure Already) http://www.rtfm.com/TooSecure.pdf,
I found this link had moved to here;
http://www.rtfm.com/TooSecure-usenix.pdf
which makes some of the same
Eric,
thanks for your reply!
My point is strictly limited to something
approximating there was no threat model
for SSL / secure browsing. And, as you
say, you don't really disagree with that
100% :-)
With that in mind, I think we agree on this:
[9] I'd love to hear the inside scoop, but
Eric Rescorla wrote:
Ian Grigg [EMAIL PROTECTED] writes:
I'm sorry, but, yes, I do find great difficulty
in not dismissing it. Indeed being other than
dismissive about it!
Cryptography is a special product, it may
appear to be working, but that isn't really
good enough
Jon Snader wrote:
On Mon, Oct 13, 2003 at 06:49:30PM -0400, Ian Grigg wrote:
Yet others say to be sure we are talking
to the merchant. Sorry, that's not a good
answer either because in my email box today
there are about 10 different attacks on the
secure sites that I care about
Tom Otvos wrote:
As far as I can glean, the general consensus in WYTM is that MITM attacks are very
low (read:
inconsequential) probability. Is this *really* true?
The frequency of MITM attacks is very low, in the sense
that there are few or no reported occurrences. This
makes it a
Tom Weinstein wrote:
Ian Grigg wrote:
Nobody doubts that it can occur, and that it *can* occur in practice.
It is whether it *does* occur that is where the problem lies.
This sort of statement bothers me.
In threat analysis, you have to base your assessment on capabilities
Perry E. Metzger wrote:
Ian Grigg [EMAIL PROTECTED] writes:
In threat analysis, you base your assessment on
economics of what is reasonable to protect. It
is perfectly valid to decline to protect against
a possible threat, if the cost thereof is too high,
as compared against
Tom Weinstein wrote:
The economic view might be a reasonable view for an end-user to take,
but it's not a good one for a protocol designer. The protocol designer
doesn't have an economic model for how end-users will end up using the
protocol, and it's dangerous to assume one. This is
(link is very slow:)
http://theregister.co.uk/content/68/34096.html
Cryptophone locks out snoopers
By electricnews.net
Posted: 20/11/2003 at 10:16 GMT
A German firm has launched a GSM mobile phone that
promises strong end-to-end encryption on calls,
preventing the possibility of anybody
J Harper wrote:
1) Not GPL or LPGL, please. I'm a fan of the GPL for most things, but
for embedded software, especially in the security domain, it's a
killer. I'm supposed to allow users to modify the software that runs
on their secure token? And on a small platform where there
Ross Anderson's Trusted Computing FAQ has a lot
to say about recent threads:
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
iang
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
What is the source of the acronym PAIN?
Lynn said:
... A security taxonomy, PAIN:
* privacy (aka thinks like encryption)
* authentication (origin)
* integrity (contents)
* non-repudiation
I.e., its provenance?
Google shows only a few hits, indicating
it is not widespread.
iang
Anne Lynn Wheeler wrote:
At issue in business continuity are business requirements for things like
no single point of failure, offsite storage of backups, etc. The threat
model is 1) data in business files can be one of its most valuable assets,
2) it can't afford to have unauthorized access
Bill Frantz wrote:
[I always considered the biggest contribution from Mondex was the idea of
deposit-only purses, which might reduce the incentive to rob late-night
business.]
This was more than just a side effect, it was also
the genesis of the earliest successes with smart
card money.
The
Bill Stewart wrote:
At 09:38 AM 12/16/2003 -0500, Ian Grigg wrote:
In the late nineties, the smart card world
worked out that each smart card was so expensive,
it would only work if the issuer could do multiple
apps on each card. That is, if they could share
the cost with different uses
Ed Reed wrote:
Ian Grigg [EMAIL PROTECTED] 12/20/2003 12:15:51 PM
One of the (many) reasons that PKI failed is
that businesses simply don't outsource trust.
Of course they do. Examples:
DB and other credit reporting agencies.
SEC for fair reporting of financial results
Rich Salz wrote:
The IP2Location(TM) database contains more than 2.5 million records for all
IP addresses. It has over 95 percent matching accuracy at the country
level. Available at only US$499 per year, the database is available via
download with free twelve monthly updates.
And
Amir Herzberg wrote:
Ben, Carl and others,
At 18:23 21/12/2003, Carl Ellison wrote:
and it included non-repudiation which is an unachievable,
nonsense concept.
Any alternative definition or concept to cover what protocol designers
usually refer to as non-repudiation
Carl Ellison wrote:
From where I sit, it is better to term these
as legal non-repudiability or cryptographic
non-repudiability so as to reduce confusion.
To me, repudiation is the action only of a human being (not of a key) and
therefore there is no such thing as cryptographic
Ben Laurie wrote:
Ian Grigg wrote:
Carl and Ben have rubbished non-repudiation
without defining what they mean, making it
rather difficult to respond.
I define it quite carefully in my paper, which I pointed to.
Ah. I did read your paper, but deferred any comment
on it, in part
Richard Johnson wrote:
On Sun, Dec 21, 2003 at 09:45:54AM -0700, Anne Lynn Wheeler wrote:
note, however, when I did reference PAIN as (one possible) security
taxonomy i tended to skip over the term non-repudiation and primarily
made references to privacy, authentication, and
In response to Ed and Amir,
I have to agree with Carl here and stress that the
issue is not that the definition is bad or whatever,
but the word is simply out of place. Repudiation is
an act of a human being. So is the denial of that
or any other act, to take a word from Ed's 1st definition.
John Gilmore wrote:
Sarbanes-Oxley Act in the US. Section 1102 of that act:
Whoever corruptly--
(1) alters, destroys, mutilates, or conceals a
record, document, or other object, or attempts to
do so, with the intent to impair the object's
integrity or
Ed Gerck wrote:
Likewise, in a communication process, when repudiation of an act by a party is
anticipated, some system security designers find it useful to define
non-repudiation
as a service that prevents the effective denial of an act. Thus, lawyers should
not squirm when we feel the
http://www.theregister.co.uk/content/6/35078.html
http://www.eetimes.com/at/news/OEG20040123S0036
=
All Internet voting is insecure: report
By electricnews.net
Posted: 23/01/2004 at 11:37 GMT
Get The Reg wherever you are, with The Mobile Register
Trei, Peter wrote:
Frankly, the whole online-verification step seems like an
unneccesary complication.
It seems to me that the requirement for after-the-vote
verification (to prove your vote was counted) clashes
rather directly with the requirement to protect voters
from coercion (I can't prove
Brian McGroarty wrote:
On Wed, Apr 07, 2004 at 03:42:47PM -0400, Ian Grigg wrote:
It seems to me that the requirement for after-the-vote
verification (to prove your vote was counted) clashes
rather directly with the requirement to protect voters
from coercion (I can't prove I voted
( Financial Cryptography Update: El Qaeda substitution ciphers )
April 19, 2004
http://www.financialcryptography.com/mt/archives/000119.html
Graeme Burnett wrote:
Hello folks,
I am doing a presentation on the future of security,
which of course includes a component on cryptography.
That will be given at this conference on payments
systems and security: http://www.enhyper.com/paysec/
Would anyone there have any good predictions on how
Ivan Krstic wrote:
I have to agree with Perry on this one: I simply can't see a compelling
reason for the push currently being given to ridiculously overpriced
implementations of what started off as a lab toy, and what offers - in
all seriousness - almost no practical benefits over the proper
Original Message
http://www.financialcryptography.com/mt/archives/000141.html
In a rare arisal of a useful use of cryptography in real life, the
mutual funds industry is looking to digital timestamping to
Original Message
Subject: Financial Cryptography Update: US intelligence exposed as student decodes
Iraq memo
http://www.financialcryptography.com/mt/archives/000137.html
13 May 2004 DECLAN BUTLER
Original Message
Subject: Financial Cryptography Update: SSL secure browsing - attack tree Mindmap
http://www.financialcryptography.com/mt/archives/000136.html
Here is a /work in progress/ Mindmap on the
Ben Laurie wrote:
Steven M. Bellovin wrote:
The spammers are playing with other people's money, cycles, etc. They
don't care.
We took that into account in the paper. Perhaps you should read it?
http://www.dtc.umn.edu/weis2004/clayton.pdf
(Most of the people on this list are far too
Dave Howe wrote:
Peter Gutmann wrote:
It *is* happening, only it's now called STARTTLS (and if certain vendors
(Micromumblemumble) didn't make it such a pain to set up certs for
their MTAs
but simply generated self-signed certs on install and turned it on by
default,
it'd be happening even
Dave Howe wrote:
Ian Grigg wrote:
Dave Howe wrote:
TLS for SMTP is a nice, efficient way to encrypt the channel.
However, it offers little or no assurance that your mail will
*stay* encrypted all the way to the recipients.
That's correct. But, the goal is not to secure email to the extent
Has anyone tried out the threat modelling tool
mentioned in the link below, or reviewed the
book out this month:
http://aeble.dyndns.org/blogs/Security/archives/000419.php
The Threat Modeling Tool allows users to create threat
model documents for applications. It organizes relevant
data points,
The phishing thing has now reached the mainstream,
epidemic proportions that were feared and predicted
in this list over the last year or two. Many of
the solution providers are bailing in with ill-
thought out tools, presumably in the hope of cashing
in on a buying splurge, and hoping to turn
Hi John,
thanks for your reply!
John Denker wrote:
The object of phishing is to perpetrate so-called identity
theft, so I must begin by objecting to that concept on two
different grounds.
1) For starters, identity theft is a misnomer. My identity
is my identity, and cannot be stolen.
I think I'd
[EMAIL PROTECTED] wrote:
I shared the gist of the question with a leader
of the Anti-Phishing Working Group, Peter Cassidy.
Thanks Dan, and thanks Peter,
...
I think we have that situation. For the first
time we are facing a real, difficult security
problem. And the security experts have shot
John Denker wrote:
[identity theft v. phishing?]
That's true but unhelpful. In a typical dictionary you will
find that words such as
Identity theft is a fairly well established
definition / crime. Last I heard it was the
number one complaint at the US FTC.
Leaving that aside, the reason that
Original Message
Subject: Financial Cryptography Update: The Ricardian Contract
Date: Wed, 7 Jul 2004 11:17:46 +0100
From: [EMAIL PROTECTED]
( Financial Cryptography Update: The Ricardian Contract )
July 07, 2004
Date: Fri, 2 Jul 2004 21:34:20 -0400
From: Dave Emery [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: EZ Pass and the fast lane
No mention is made of encryption or challenge response
authentication but I guess that may or may not be part of the design
(one would think it had better
Security Theatre: From the man who made hundreds of
millions selling signatures on your keys:
--
It is your data, why do you have to pay a licence
fee for the application needed to access the data?
-- Mark Shuttleworth
http://www.tectonic.co.za/default.php?action=viewid=309topic=Open%20Source
John Gilmore wrote:
It would be relatively easy to catch someone
doing this - just cross-correlate with other
information (address of home and work) and
then photograph the car at the on-ramp.
Am I missing something?
It seems to me that EZ Pass spoofing should become as popular as
cellphone
John Gilmore wrote:
[By the way, [EMAIL PROTECTED] is being left out of this conversation,
by his own configuration, because his site censors all emails from me. --gnu]
Sourceforge was doing that to me today!
Well, I am presuming that ... the EZ Pass does have an account
number, right? And
Florian Weimer wrote:
There are simply too many of them, and not all of them implement
checks for conflicts. I'm pretty sure I could legally register
Metzdowd in Germany for say, restaurant service.
This indeed is the crux of the weakness of the
SSL/secure browsing/CA system. The concept
called
(( Financial Cryptography Update: Jabber does Simple Crypto - Yoo Hoo! ))
July 12, 2004
http://www.financialcryptography.com/mt/archives/000176.html
Financial Cryptography Update: New Attack on Secure Browsing )
July 15, 2004
http://www.financialcryptography.com/mt/archives/000179.html
J Harper wrote:
This barely deserves mention, but is worth it for the humor:
Information Security Expert says SSL (Secure Socket Layer) is Nothing More
Than a Condom that Just Protects the Pipe
http://www.prweb.com/releases/2004/7/prweb141248.htm
I guess the intention was to provide more
Aram,
It's now pretty clear that PGP had no clue what this was
all about. Apologies to all, that was my mistake. Also,
to clarify, there was no SSL involved.
What we are looking at is a case of being able to put a
padlock on the browser in a place that *could* be confused
by a user. This is an
Anton Stiglic wrote:
You stated that http://www.pgp.com is an SSL-protected page, but did you
mean https://www.pgp.com? On my Powerbook, with all the browsers I get an
error that the certificate is wrong and they end up at http://www.pgp.com.
What I get is a bad certificate, and this is due to
At 10:46 AM 7/10/2004, Florian Weimer wrote:
But is it so harmful? How much money is lost in a typical phishing
attack against a large US bank, or PayPal? (I mean direct losses due
to partially rolled back transactions, not indirect losses because of
bad press or customer feeling insecure.)
I
Eric Rescorla wrote:
Ian Grigg [EMAIL PROTECTED] writes:
Notwithstanding that, I would suggest that the money
already lost is in excess of the amount paid out to
Certificate Authorities for secure ecommerce certificates
(somewhere around $100 million I guess) to date. As
predicted, the CA-signed
Amir Herzberg wrote:
(Amir, I replied to your other comments over on the
Mozilla security forum, which is presumably where they
will be more useful. That just leaves this:)
So while `SSL is harmful` sounds sexy, I think it is misleading. Maybe
`Stop SSL-Abuse!`
Ha! I wondered when someone would
Enzo Michelangeli wrote:
Can someone explain me how the phishermen escape identification and
prosecution? Gaining online access to someone's account allows, at most,
to execute wire transfers to other bank accounts: but in these days
anonymous accounts are not exactly easy to get in any country,
Steve,
thanks for addressing the issues with some actual
anecdotal evidence. The conclusions still don't
hold, IMHO.
Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], Ian Grigg writes:
Right... It's easy to claim that it went away
because we protected against it. Unfortunately,
that's
Peter Gutmann wrote:
A depressing number of CAs generate the private key themselves and mail out to
the client. This is another type of PoP, the CA knows the client has the
private key because they've generated it for them.
It's also cost-effective. The CA model as presented
is too expensive.
Adam Shostack wrote:
Given our failure to deploy PKC in any meaningful way*, I think that
systems like Voltage, and the new PGP Universal are great.
I think the consensus from debate back last year on
this group when Voltage first surfaced was that it
didn't do anything that couldn't be done with
lrk wrote:
Perhaps it is time to define an e-mail definition of crypto to keep the
postman from reading the postcards. That should be easy enough to
implement for the average user and provide some degree of privacy for
their mail. Call it envelopes rather than crypto. Real security
requires more
Hadmut Danisch wrote:
On Thu, Sep 16, 2004 at 12:41:41AM +0100, Ian Grigg wrote:
It occurs to me that a number of these ideas could
be written up over time ... a wiki, anyone? I think
it is high past time to start documenting crypto
patterns.
Wikis are not that good for discussions, and I do
Zooko provided a bunch of useful comments in private mail,
which I've edited and forward for list consumption.
Zooko Wilcox-O'Hearn wrote:
EAX is in the same class as CCM. I think its slightly better. Also
there is GCM mode, which is perhaps a tiny bit faster, although maybe
not if you have to
1 - 100 of 125 matches
Mail list logo
