On Wed, 9 May 2007, Ali, Saqib wrote:
What about DRM/ERM that uses TPM? With TPM the content is pretty much
tied to a machine (barring screen captures etc)
Will ERM/DRM be ineffective even with the use of TPM?
ERM/DRM/TPM are such poorly defined and implemented products that people have
star
On Sat, 4 Nov 2006, Ralf Senderek wrote:
On the unencrypted filesystem:
# > time dd if=/dev/zero of=cryptogram bs=1MB count=50
50+0 records in
50+0 records out
5000 bytes (50 MB) copied, 0.216106 seconds, 231 MB/s
real0m0.257s
user0m0.000s
sys 0m0.252s
Unless you have a disk
On Fri, 14 Jul 2006, Travis H. wrote:
Absent other protections, one could simply write a new WORM media with
falsified information.
I can see two ways of dealing with this:
1) Some kind of physical authenticity, such as signing one's name on
the media as they are produced (this assumes the sig
On Thu, 29 Jun 2006, "Hal Finney" wrote:
A few weeks ago I asked for information on using the increasingly
prevalent built-in TPM chips in computers (especially laptops) as a
random number source. I got some good advice and want to summarize the
information for the benefit of others.
Thanks
http://www.theregister.co.uk/2006/06/26/voice_phishing/
Hi-tech fraudsters have begun using recorded telephone messages in a bid to
trick users into handing over confidential account information. The tactic has
been adopted as a variant of recently detected phishing attacks targeting
customer
On Thu, 04 May 2006 18:14:09 +0200, markus reichelt <[EMAIL PROTECTED]>
wrote:
Agreed; but regarding unix systems, I know of none crypto
implementation that does integrity checking. Not just de/encrypt the
data, but verify that the encrypted data has not been tampered with.
There's also ecryp
icrosoft
PANELS:
- Digital Signatures (Moderator: David Chadwick, University of Kent)
- Domain Keys Identified Mail (DKIM) (Moderator: Barry Leiba, IBM)
- Browser Security User Interfaces: Why are web security decisions hard and
what can we do about it?
(Moderator: Jason Holt, Brigham Young Un
On Sat, 4 Feb 2006, Travis H. wrote:
Suppose that /dev/random is too slow (SHA-1 was never meant to
generate a lot of output) because one of these machines wishes to
generate a large file for use as a one-time pad*. That leaves
distributing bits.
* /dev/random's output is limited by available
On Mon, 12 Dec 2005, Travis H. wrote:
One thing I haven't seen from a PRNG or HWRNG library or device is an
unpredictable sequence which does not repeat; in other words, a
[cryptographically strong?] permutation. This could be useful in all
Rich Schroeppel tells me his "Hasty Pudding" cipher
On Mon, 12 Dec 2005, Paul Hoffman wrote:
Or should we just stick to wikipedia? Is it doing a satisfactory job?
Also check out the Cryptography Reader:
http://en.wikipedia.org/wiki/Wikipedia:WikiReader/Cryptography
"Matt Crypto" set up an "article (to clean up) of the day" replete with a bar
http://dot.kde.org/1132619164/
Core KDE developer George Staikos recently hosted a meeting of the security
developers from the leading web browsers. The aim was to come up with future
plans to combat the security risks posed by phishing, ageing encryption
ciphers and inconsistent SSL Certifi
On Fri, 4 Nov 2005, Travis H. wrote:
PS: There's a paper on cryptanalyzing CFS on my homepage below. I
got to successfully use classical cryptanalysis on a relatively modern
system! That is a rare joy. CFS really needs a re-write, there's no
real good alternatives for cross-platform filesyst
-- Forwarded message --
Date: Fri, 21 Oct 2005 09:22:34 + (UTC)
From: Jason Holt <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: nym-0.4 released (now includes Javascript)
The most notable feature in this release of nym is that you c
+, Jason Holt wrote:
More thoughts regarding the tokens vs. certs decision, and also multi-use:
[snip]
A related approach that thwarts the network eavesdropper would be to issue
a series of certificates which expire one per interval (hour/day/whatever,
trading privacy against the has
More thoughts regarding the tokens vs. certs decision, and also multi-use:
* Client certs are a pain to turn on and off. If you select "ask me every
time" before sending a client cert, you have to click half a dozen "OK"s per
page. (This could be mitigated by having Wikipedia only use the SS
Thanks to everyone who has contributed feedback, cyphrpunk in particular. Here
are my thoughts on connecting nym to wikipedia. I'll take feedback here
first, then approach the WikiMedia folks.
* I believe the best solution would be for wikipedia to do the following:
- Run an SSL server (o
On Sun, 2 Oct 2005, cyphrpunk wrote:
1. Limting token requests by IP doesn't work in today's internet. Most
Hopeless negativism. I limit by IP because that's what Wikipedia is already
doing. Sure, hashcash would be easy to add, and I looked into it just last
night. Of course, as several h
I now have a live server available for those of you who want to play with a
"real" nym tokenserver/CA/webserver. This process constitutes running three
scripts and installing the client cert. Details in the README:
http://www.lunkwill.org/src/nym/
(Please be nice to erg.no-ip.org).
If eno
On Sat, 1 Oct 2005, cyphrpunk wrote:
All these degrees of indirection look good on paper but are
problematic in practice.
As the great Ulysses said,
Pete, the personal rancor reflected in that remark I don't intend to dignify
with comment. However, I would like to address your attitude of
-- Forwarded message --
Date: Sat, 1 Oct 2005 02:18:43 + (UTC)
From: Jason Holt <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: nym-0.2 released
nym-0.2 is now available at:
http://www.lunkwill.org/src/nym/
My tor server is currently down, so I can't set
On Thu, 29 Sep 2005, Ian G wrote:
Couple of points of clarification - you mean here
CA as certificate authority? Normally I've seen
"Mint" as the term of art for the "center" in a
blinded token issuing system, and I'm wondering
what the relationship here is ... is this something
in the 1990 pap
-- Forwarded message --
Date: Thu, 29 Sep 2005 01:49:26 + (UTC)
From: Jason Holt <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Pseudonymity for tor: nym-0.1
Per the recent discussion regarding tor and wikipedia, I've hacked together an
implementation o
On Mon, 26 Sep 2005, Steven M. Bellovin wrote:
This is an important point. When *many* people are doing the "wrong"
thing, the problem isn't the people, it's the mechanism they're being
asked to use.
Once we have a better solution to the problem, I'll agree. But in the
meantime, I'd say the
On Mon, 12 Sep 2005, Sidney Markowitz wrote:
Does anyone know of an open source crypto package written in perl that is
careful to try to clear sensitive data structures before they are released to
the garbage collector?
[...]
Securely deleting secrets is hard enough in C, much less high leve
On Thu, 4 Aug 2005, Arash Partow wrote:
ie: input1 : abcdefg -> h(abcdefg) = 123
input2 : gabcdef -> h(gabcdef) = 123
input3 : fgabcde -> h(fgabcde) = 123
I don't have a formal reference for you, but this seems intuitively correct to
me: put the strings in a canonical form so that all e
On Mon, 11 Jul 2005, Lance James wrote:
[...]
place to fend off these attacks. Soon phishers will just use the site itself
to phish users, pushing away the dependency on tricking the user with a
"spoofed" or "mirrored" site.
[...]
You dismiss too much with your "just". They already do attack
I remember the first time a site asked for the number on the back of my credit
card. It was a Walmart or Amazon purchase, and with no warning they
redirected me to some site with a questionable domain. I thought for sure my
session was being hijacked, and my bank had given me no idea what the
On Fri, 1 Jul 2005, Charles M. Hannum wrote:
Most implementations of /dev/random (or so-called "entropy gathering daemons")
rely on disk I/O timings as a primary source of randomness. This is based on
a CRYPTO '94 paper[1] that analyzed randomness from air turbulence inside the
drive case.
I
On Fri, 10 Jun 2005, Rich Salz wrote:
I don't want to have to re-implement Apache in order to do
an SSL implementation. ...
Those analogies aren't apt. XML is a data format, so it's more like
I don't want to have to implement ASN1/DER to do S/MIME
Which is a nonsens
On Wed, 8 Jun 2005, Perry E. Metzger wrote:
Dan Kaminsky <[EMAIL PROTECTED]> writes:
2) The cost in question is so small as to be unmeasurable.
Yes, because key management is easy or free.
In this case it is. As I've said, even having all your tapes for six
months at a time use the same ke
On Wed, 8 Jun 2005, David Wagner wrote:
[...]
That said, I don't see how adding an extra login page to click on helps.
If the front page is unencrypted, then a spoofed version of that page
can send you to the wrong place. Sure, if users were to check SSL
certificates extremely carefully, they m
On Sun, 6 Mar 2005, David Wagner wrote:
[...]
> However, I also believe it is possible -- and, perhaps, all too easy --
> to use GBDE in a way that will not provide adequate security. My biggest
> fear is that safe usage is just hard enough that many users will end up
> being insecure. GBDE use
The list of accepted papers for AsiaCrypt:
http://www.iris.re.kr/ac04/
Includes one titled "The MD2 Hash Function is Not One-Way". That's the first
I've heard about MD2; the other breaks were for md4 and md5. Anyone know
details?
-J
--
On Thu, 26 Aug 2004, Trei, Peter wrote:
> While any weakness is a concern, and I'm not
> going to use any of the compromised algorithms
> in new systems, this type of break seems to be
> of limited utility.
>
> It allows you (if you're fortunate) to modify a signed
> message and have the signatu
On Sun, 4 Jul 2004, Ed Reed wrote:
> I recently had the same trouble with the Centers for Disease Control
> (CDC) - who were calling around to followup on infant influenza
> innoculations given last fall.
>
> Ultimately, they wanted me to provide authorization to them to receive
> HIPPA protecte
"Hiawatha's Research"
Jason Holt <[EMAIL PROTECTED]>
June, 2004, released into the public domain.
Dedicated to Eric Rescorla, with apologies to Longfellow.
("E. Rescorla" may be substituted for "Hiawatha" throughout.)
Hiawatha, academic,
he could start
On Mon, 10 May 2004, Adam Back wrote:
> OK that sounds like it should work. Another approach that occurs is
> you could just take the plaintext, and encrypt it for the other
> attributes (which you don't have)? It's usually not too challenging
> to make stuff deterministic and retain security.
[Adam and I are taking this discussion off-list to spare your inboxes, but
this message seemed particularly relevant. Perhaps we'll come back later if
we come up with anything we think will be of general interest.]
-J
On Tue, 11 May 2004, Adam Back wrote:
On Mon, 10 May 2004, Adam Back wrote:
> After that I was presuming you use a signature to convince the server
> that you are authorised. Your comment however was that this would
> necessarily leak to the server whether you were a doctor or an AIDs
> patient.
>
> However from what I understood fr
On Mon, 10 May 2004, Adam Back wrote:
> On Mon, May 10, 2004 at 03:03:56AM +0000, Jason Holt wrote:
> > [...] Actually, now that you mention Chaum, I'll have to look into
> > blind signatures with the B&F IBE (issuing is just a scalar*point
> > multiply on a curv
On Sun, 9 May 2004, Adam Back wrote:
> Anyone have to hand the expiry date on Chaum's patent? (Think it is
> in patent section of AC for example; perhaps HAC also).
I think it's June 2005. Actually, now that you mention Chaum, I'll have to
look into blind signatures with the B&F IBE (issuing i
Here's what I remember from about a year ago about the current state of
private credentials. That recollection comes with no warranties express or
implied.
Last I heard, Brands started a company called Credentica, which seems to only
have a placeholder page (although it does have an info@ addres
42 matches
Mail list logo