motherhood without apple pie. I can easily break a bank vault by
putting an MP5 to the head of the guy with the key, but that's hardly
the vault's fault, now is it?
Speaking-only-for-myself,
--
Ivan Krstić krs...@solarsail.hcs.harvard.edu | http://radian.org
?
--
Ivan Krstić krs...@solarsail.hcs.harvard.edu | http://radian.org
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
an encrypted
USB key you can use on Linux, Windows and OS X. If you're *just*
talking about OS X, I don't believe TrueCrypt offers any advantages
over encrypted disk images unless you're big on conspiracy theories.
Cheers,
--
Ivan Krstić krs...@solarsail.hcs.harvard.edu | http://radian.org
On Sep 15, 2009, at 4:12 PM, James A. Donald wrote:
The ideas used in Tahoe are useful tools that can be used to solve
important problems.
Yes, and I'd be happy to opine on that as soon as someone told me what
those important problems are.
--
Ivan Krstić krs...@solarsail.hcs.harvard.edu
-world systems. And in real-world systems, you
don't get to play Jeopardy with cryptography.
Cheers,
--
Ivan Krstić krs...@solarsail.hcs.harvard.edu | http://radian.org
-
The Cryptography Mailing List
Unsubscribe by sending
on disk, the resulting
application won't get access to Keychain until you explicitly approve
it.
You can inspect and modify your keychain with the Keychain Access
application, which also allows you to add your own items.
--
Ivan Krstić krs...@solarsail.hcs.harvard.edu | http://radian.org
on the _chance_ they're not divulging all the information; what, then,
is the other explanation?
--
Ivan Krstić krs...@solarsail.hcs.harvard.edu | http://radian.org
-
The Cryptography Mailing List
Unsubscribe by sending
on this list in 2004, and some
other software is mentioned in the replies:
http://www.mail-archive.com/cryptography@metzdowd.com/msg02169.html
--
Ivan Krstić krs...@solarsail.hcs.harvard.edu | http://radian.org
obstructing
justice or disobeying the court? It becomes a he-said-she-said with
the CBP agent, your word against his.
--
Ivan Krstić krs...@solarsail.hcs.harvard.edu | http://radian.org
-
The Cryptography Mailing List
until you're satisfied with the definition of what you're trying to
build. Once you can focus on implementation, I suggest looking at
things like bcrypt, PBKDF2, and SRP as background reading.
Cheers,
--
Ivan Krstić krs...@solarsail.hcs.harvard.edu | http://radian.org
On Jan 29, 2009, at 11:17 PM, Ivan Krstić wrote:
I'd find mobile e-mail just as useful if it went through a proxy
that stripped out _everything_ that's not plaintext. I open
attachments on my phone about once in a blue moon, and wouldn't miss
the ability if it were gone.
As a postscript
.
I'd find mobile e-mail just as useful if it went through a proxy that
stripped out _everything_ that's not plaintext. I open attachments on
my phone about once in a blue moon, and wouldn't miss the ability if
it were gone.
Cheers,
--
Ivan Krstić krs...@solarsail.hcs.harvard.edu | http
(logical pp. 61-65).
Maybe, uh, it'll work this time around?
Cheers,
--
Ivan Krstić krs...@solarsail.hcs.harvard.edu | http://radian.org
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography
enhanced Levenshtein distance:
http://hissa.nist.gov/~black/GTLD/
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
On Sat, 09 Aug 2008 17:11:11 -0400, Perry E. Metzger [EMAIL PROTECTED]
wrote:
Las Vegas - Three students at the Massachusetts Institute of
Technology (MIT) were ordered this morning by a federal court
judge to cancel their scheduled presentation about vulnerabilities
in
. But not very random.
I boggled a bit at the abuse of simple descriptive statistics, too.
For those interested in actual statistical tests of randomness,
there's a good literature survey at http://www.ciphersbyritter.com/RES/RANDTEST.HTM
.
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
is simply the
token's serial number, though it's not clear if these are in fact
serial.
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography
didn't hold hands
and all together chant bring us a good cryptographer with such
maniacal monophony as to rival any Gregorian choir makes me highly
suspicious about their supposed expertise with _networks_.
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
.
[0] See first half of http://radian.org/~krstic/talks/2007/auscert/slides.pdf
. Note: I'm no longer affiliated with OLPC.
[1] E.g. http://en.wikipedia.org/wiki/CapDesk, http://en.wikipedia.org/wiki/Polaris_(computer_security)
, http://en.wikipedia.org/wiki/Bitfrost
--
Ivan Krstić [EMAIL
. The emergence of reasonably priced VM hosting providers
(e.g. slicehost.com) makes it fairly uncomplicated, modulo initial
setup.
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
-
The Cryptography Mailing List
Unsubscribe
://lcamtuf.coredump.cx/newtcp/
It's several years out of date, however.
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
, polynomials, CNF/DNF formulae, or
threshold predicates (among others). Besides serving as what we feel
is a significant step forward in the theory of predicate encryption,
our results lead to a number of applications that are interesting in
their own right.
--
Ivan Krstić [EMAIL PROTECTED
of security.
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
it. I don't know of any machine that actually does this
The OLPC XO-1 laptop has an open-source bootloader (Open Firmware)
which checks the operating system signature before passing control to
it.
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
[1] http://graphics.stanford.edu/~danielrh/vote/mzalewski.c
[2] http://en.wikipedia.org/wiki/Micha%C5%82_Zalewski
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
-
The Cryptography Mailing List
Unsubscribe by sending
design can't be bitsliced and generally
doesn't lend itself well to large speedups in hardware, by design.
Cheers,
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
-
The Cryptography Mailing List
Unsubscribe by sending
server that the present
system nicely avoids.
Cheers,
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
!) crypto take on Harry Belafonte's Banana
Boat Song:
http://www.catonmat.net/blog/musical-geek-friday-crypto/
Cheers,
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
-
The Cryptography Mailing List
Unsubscribe
and then
checking whether the result matches the observed ciphertext.
How is this conceptually different from classic dictionary attacks,
and why does e.g. running the file through PBKDF2 and using the result
for convergence not address your concern(s)?
--
Ivan Krstić [EMAIL PROTECTED] | http
prohibitive in
most cases while not interfering with normal filesystem operation.
What am I missing?
Cheers,
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
to the motherboard -- into an
advantage, and making the Air the laptop of choice for discriminating,
fashion-aware, security-conscious professionals the world over?
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
is Window
Snyder who I'd easily describe as a pretty top-notch security person.
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
security systems.
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
by point, why his
needs cannot be met by existing, vetted systems. That explanation
should ideally be made public for dissection by the community.
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
-
The Cryptography Mailing
heard back.
[0] Last paragraph, http://diswww.mit.edu/bloom-picayune/crypto/14238
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
the information back and try to figure out what the
difficulties were, posting here if anything interesting becomes
illuminated.
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
-
The Cryptography Mailing List
Unsubscribe
://www.matasano.com/log/930/side-channel-detection-attacks-against-unauthorized-hypervisors/
Cheers,
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography
the drill cold, such as Fedora and Mozilla, were
actually not very familiar with the processes involved.)
Cheers,
Ivan.
[0] http://www.access.gpo.gov/bis/ear/pdf/740spir.pdf
[1] http://www.access.gpo.gov/bis/ear/pdf/746.pdf
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
for all my e-banking and related needs. It provides a
drastically more secure platform for doing so than any mainstream
computer I know exists.
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
-
The Cryptography Mailing
not publicly documented -- even if
the system is buzzword-compliant -- and implemented by a company
(hard disk vendor) where crypto is about as far from their core
competency as you can get.
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
passive listener. But hey, if the peer is
malicious or compromised to begin with, it could just as well do DH
normally and explicitly send the secret to the listener when it's
done. Not much to see here.
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
. This
means the usual wisdom applies: if you really need the extra entropy,
mix some of these SRAM state bits into your pool, but make sure
you're also feeding the pool from at least one source about whose
randomness you can reason strongly.
--
Ivan Krstić [EMAIL PROTECTED] | http
On Sep 14, 2007, at 8:36 PM, Perry E. Metzger wrote:
Secrets From The Future, MC Frontalot's song about crypto
Lyrics: http://frontalot.com/index.php/?page=lyricslyricid=41
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
on a centrally-
managed spare for enabling data migration.
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
it comes
to how you approach the recovery keyfile problem. You can build tools
for it, or any company that perceives a market need can do so.
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
-
The Cryptography Mailing List
glass window
borders?
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
productive discussion of these concerns. Cheers,
--
Ivan Krstić [EMAIL PROTECTED] | http://radian.org
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
terminology paint
themselves in a corner and trigger our snakeoil detectors. I deeply
support Jon's proposal of renaming the whole thing quantum secrecy,
in which case I'd get off my snark horse and show more respect for
the whole thing.
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
--
instead of turning off or muting your phone at night, you can, for
instance, specify that only certain people can call you.)
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
-
The Cryptography Mailing List
Unsubscribe
Peter Gutmann wrote:
I've seen all sorts of *claims* of TPM support, but try going out and buying a
PC with one
Of the 25 business laptop models that HP offers on its site right now,
only 5 don't have a TPM installed.
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
of the phone functionality to it through a set of APIs, and
is happy to grab my mail via IMAP+SSL. With an unlimited data plan, who
cares if it's pull instead of push e-mail?
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
.
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
://www.matasano.com/log/772/a-case-against-dnssec-count-2-too-complicated-to-deploy/).
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
European country, and it was a
larger one than Estonia.
Out of curiosity, does anyone have information on how fat Estonia's
external pipes are?
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
-
The Cryptography Mailing List
laptop and commiserate about desktop security over beer.)
[0] Summary at http://wiki.laptop.org/go/Bitfrost with full spec at
http://wiki.laptop.org/go/OLPC_Bitfrost
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
with very little security experience feel
comfortable doing this kind of work just boggles my mind. Please
congratulate everyone involved, and remind them to always use their PPTP
VPN over their WEP-protected wireless.
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
with phishing and the like -- even if it required
new assumptions or approaches -- we could probably do it. So maybe it's
time (for us, perhaps) to organize a workshop on this? Is there a better
way to do it?
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
Steven M. Bellovin wrote:
What about unprotected, frequently-running web browsers?
I don't follow. How do you hop from one browser to another, if you want
to use one as your spread vector? Browsers don't accept inbound connections.
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
of a mine
field, with the exit guarded by a killer rabbit. It's also certainly
possible I'm not smart enough, and other people find this to be an
easier problem.
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
-
The Cryptography
from process permissions and integrating
explicit assent into dealing with the user's documents get you a long,
long way towards a usable and reasonably secure system, I think. If I'm
wrong, I'll have 10 million reasons to not sleep next year.
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
CSO later today to talk about what we can do to make the
browsing experience more secure.)
Cheers,
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography
on a port and act as a server. There aren't going to be
unprotected, constantly-running servers to exploit.
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
are. It sees a process, or some number of processes,
which are the browser.
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
scheduled for release sometime in late March (there's a pile of crypto
powering various choice bits of the system). Comments are very much invited.
Cheers,
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
-
The Cryptography
use it on the
web. It passes the technical requirements, but utterly fails at being a
usable security technology.
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
-
The Cryptography Mailing List
Unsubscribe by sending
egress. MOYM (man on your machine) attacks are a bit
of a lost cause with most modern OS environments, though I've been
working pretty hard to try and change that on the One Laptop per Child
machines.
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
this long? My curiosity demands to know.
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
extremely braindead -- a welcome
downgrade, given all of Peter's other points.
[0]
http://windowsvistablog.com/blogs/windowsvista/archive/2007/01/20/windows-vista-content-protection-twenty-questions-and-answers.aspx
[1] http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.html
--
Ivan Krstić
all of Peter's other points.
[0]
http://windowsvistablog.com/blogs/windowsvista/archive/2007/01/20/windows-vista-content-protection-twenty-questions-and-answers.aspx
[1] http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.html
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
to the 3 out of
x problem.
Read Shamir's original paper:
http://www.cs.tau.ac.il/~bchor/Shamir.html
and the Wikipedia page:
http://en.wikipedia.org/wiki/Secret_sharing
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
versions,
but I could well have written it down incorrectly. Thanks for the
correction.
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
with the social problem
it's trying to solve. I think Microsoft's is, surprisingly enough.
As a sidenote, I wonder if Seagate will release full details and code
for their FDE (and AES) implementation, or if we're supposed to take the
no backdoors clause on faith, as we do with TPMs.
--
Ivan
.
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
''?
The Microsoft guy presenting BitLocker at HITB last month mentioned
this, but glossed over it without explaining. He did seem to indicate
that they had some solution, but didn't provide details, IIRC.
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
a hash of the system state for
visual inspection before boot do it?
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
-consultancy.demon.co.uk/key3.html
Cheers,
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
have to write something from scratch to satisfy our
needs at OLPC (http://laptop.org).
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
77 matches
Mail list logo