Re: combining entropy

On Tue, 28 Oct 2008, John Denker wrote: | Date: Tue, 28 Oct 2008 12:09:04 -0700 | From: John Denker <[EMAIL PROTECTED]> | To: "Leichter, Jerry" <[EMAIL PROTECTED]>, | Cryptography | Cc: IanG <[EMAIL PROTECTED]> | Subject: Re: combining entropy | | On 10/28/20

Re: combining entropy

On Sat, 25 Oct 2008, John Denker wrote: | On 10/25/2008 04:40 AM, IanG gave us some additional information. | | Even so, it appears there is still some uncertainty as to | interpretation, i.e. some uncertainty as to the requirements | and objectives. | | I hereby propose a new scenario. It is d

Re: once more, with feeling.

On Sun, 21 Sep 2008, Eric Rescorla wrote: | > > - Use TLS-PSK, which performs mutual auth of client and server | > > without ever communicating the password | > Once upon a time, this would have been possible, I think. Today, | > though, the problem is the user entering their key in a box that

Re: Cookie Monster

On Fri, 19 Sep 2008, Barney Wolff wrote: | Date: Fri, 19 Sep 2008 01:54:42 -0400 | From: Barney Wolff <[EMAIL PROTECTED]> | To: EMC IMAP <[EMAIL PROTECTED]> | Cc: Cryptography | Subject: Re: Cookie Monster | | On Wed, Sep 17, 2008 at 06:39:54PM -0400, EMC IMAP wrote: | > Yet another web attack:

Re: street prices for digital goods?

On Thu, 11 Sep 2008, Peter Gutmann wrote: | ...I've been (very informally) tracking it for awhile, and for generic | data (non-Platinum credit cards, PPal accounts, and so on) it's | essentially too cheap to meter, you often have to buy the stuff | in blocks (10, 20, 50 at a time) to make it worth

Re: OpenID/Debian PRNG/DNS Cache poisoning advisory

| > You can get by with a lot less than 64 bits. People see problems | > like this and immediately think "birthday paradox", but there is no | > "birthday paradox" here: You aren't look for pairs in an | > ever-growing set, you're looking for matches against a fixed set. | > If you use 30-bit has

Re: OpenID/Debian PRNG/DNS Cache poisoning advisory

| > > Funnily enough I was just working on this -- and found that we'd | > > end up adding a couple megabytes to every browser. #DEFINE | > > NONSTARTER. I am curious about the feasibility of a large bloom | > > filter that fails back to online checking though. This has side | > > effects but pe

RE: OpenID/Debian PRNG/DNS Cache poisoning advisory

On Fri, 8 Aug 2008, Dave Korn wrote: | > Isn't this a good argument for blacklisting the keys on the client | > side? | | Isn't that exactly what "Browsers must check CRLs" means in this | context anyway? What alternative client-side blacklisting mechanism | do you suggest? Since the list of bad

Re: security questions

| > | My theory is that no actual security people have ever been involved, | > | that it's just another one of those stupid design practices that are | > | perpetuated because "nobody has ever complained" or "that's what | > | everybody is doing". | > | > Your theory is incorrect. There is conside

Re: security questions

On Thu, 7 Aug 2008, John Ioannidis wrote: | Does anyone know how this "security questions" disease started, and | why it is spreading the way it is? If your company does this, can you | find the people responsible and ask them what they were thinking? | | My theory is that no actual security peop

Re: security questions

On Wed, 6 Aug 2008, Peter Saint-Andre wrote: | Wells Fargo is requiring their online banking customers to provide | answers to security questions such as these: | | *** | | What is name of the hospital in which your first child was born? | What is your mother's birthday? (MMDD) | What is the firs

Re: how bad is IPETEE?

For an interesting discussion of IPETEE, see: www.educatedguesswork.org/moveabletype/archives/2008/07/ipetee.html Brief summary: This is an initial discussion - the results of a drinking session - that got leaked as an actual proposal. The guys behind it are involved with The Pirate Bay. The g

"Securing the Network against Web-based Proxies"

Ah, where the web is going. 8e6 Technologies sells a hardware box that it claims does signature analysis to detect HTTP proxies and blocks them. It can also block HTTPS proxies "that do not have a valid certificate" (whatever that means), as well as do such things as block IM, force Google and Y

Re: Permanent Privacy - Are Snake Oil Patents a threat?

| ...Obviously patents could be improved by searching further across | disciplines for prior art and by having more USPTO expertise. We're | also seeing a dumbing down of the 'Persons Having Ordinary Skill In | the Art' as the number of practitioners expand rapidly. Patent law and its interpretati

Re: disks with hardware FDE

On Tue, 8 Jul 2008, Perry E. Metzger wrote: | >> Has anyone had any real-world experience with these yet? Are there | >> standards for how they get the keys from the BIOS or OS? (I'm | >> interested in how they deal with zeroization on sleep and such.) | > | > Most manufacturer (will) implement the

Re: Strength in Complexity?

On Wed, 2 Jul 2008, Peter Gutmann wrote: | Date: Wed, 02 Jul 2008 12:08:18 +1200 | From: Peter Gutmann <[EMAIL PROTECTED]> | To: [EMAIL PROTECTED], [EMAIL PROTECTED] | Cc: cryptography@metzdowd.com, [EMAIL PROTECTED] | Subject: Re: Strength in Complexity? | | "Perry E. Metzger" <[EMAIL PROTECTED]

Re: The wisdom of the ill informed

| Hi gang, | | All quiet on the cryptography front lately, I see. However, that does not | prevent practices that *appear* like protection but are not even as strong as | wet toilet paper. | | I had to order a medical device today and they need a signed authorization for | payment by my insurance

RE: Ransomware

| Why are we wasting time even considering trying to break the public key? | | If this thing generates only a single "session" key (rather, a host key) | per machine, then why is it not trivial to break? The actual encryption | algorithm used is RC4, so if they're using a constant key without

Re: Ransomware

| > The key size would imply PKI; that being true, then the ransom may | > be for a session key (specific per machine) rather than the master | > key it is unwrapped with. | | Per the computerworld.com article: | |"Kaspersky has the public key in hand ? it is included in the |Trojan's cod

Re: A slight defect in the truncated HMAC code...

| SNMPv3 Authentication Bypass Vulnerability | |Original release date: June 10, 2008 |Last revised: -- |Source: US-CERT | | Systems Affected | | * Multiple Implementations of SNMPv3 | | Overview | | A vulnerability in the way implementations of SNMPv3 handle specially | c

Re: Ransomware

On Mon, 9 Jun 2008, John Ioannidis wrote: | Date: Mon, 09 Jun 2008 15:08:03 -0400 | From: John Ioannidis <[EMAIL PROTECTED]> | To: "Leichter, Jerry" <[EMAIL PROTECTED]> | Cc: cryptography@metzdowd.com | Subject: Re: Ransomware | | Leichter, Jerry wrote: | &

Ransomware

Computerworld reports: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9094818 on a call from Kaspersky Labs for help breaking encryption used by some ransomeware: Code that infects a system, uses a public key embedded in the code to encrypt your files, then te

Re: the joy of "enhanced" certs

On Wed, 4 Jun 2008, Perry E. Metzger wrote: | As some of you know, one can now buy "Enhanced Security" certificates, | and Firefox and other browsers will show the URL box at the top with a | special distinctive color when such a cert is in use. | | Many of us have long contended that such things

Re: Protection mail at rest

| There's an option 2b that might be even more practical: an S/MIME or | PGP/MIME forwarder. That is, have a trusted party receive your mail, | but rather than forwarding it intact encrypt it and then forward it to | your favorite IMAP provider. Excellent idea! I like it. Of course, it's another

Protection mail at rest

At one time, mail delivery was done to the end-user's system, and all mail was stored there. These days, most people find it convenient to leave their mail on a IMAP server: It can be accessed from anywhere, it can be on a system kept under controlled conditions (unlike a laptop), and so on. In

FBI Worried as DoD Sol Counterfeit Networking Gear

Note the reference to recent results on "spiking" hardware. (From some IDG journal - I forget which.) -- Jerry -- Forwarded message -- FBI Worried as DoD Sold Counterfeit Networking Gear Stephen Lawson and Robert McMillan,

Re: It seems being in an explosion isn't enough...

On Fri, 9 May 2008, Ali, Saqib wrote: | >Edwards said the Seagate hard drive -- which was | >about eight years old in 2003 -- featured much | >greater fault tolerance and durability than current | >hard drives of similar capacity. | | I am not so sure about this sta

Re: It seems being in an explosion isn't enough...

On Thu, 8 May 2008, Perry E. Metzger wrote: | Quoting: | |It was one of the most iconic and heart-stopping movie images of |2003: the Columbia Space Shuttle ignited, burning and crashing to |earth in fragments. | |Now, amazingly, data from a hard drive recovered from the fragments

Re: How far is the NSA ahead of the public crypto community?

An interesting datapoint I've always had on this question: Back in 1975 or so, a mathematician I knew (actually, he was a friend's PhD advisor) left academia to go work for the NSA. Obviously, he couldn't say anything at all about what he would be doing. The guy's specialty was algebraic geometr

Re: SSL and Malicious Hardware/Software

On Mon, 28 Apr 2008, Ryan Phillips wrote: | Matt's blog post [1] gets to the heart of the matter of what we can | trust. | | I may have missed the discussion, but I ran across Netronome's 'SSL | Inspector' appliance [2] today and with the recent discussion on this | list regarding malicious hardwa

Re: "Designing and implementing malicious hardware"

On Mon, 28 Apr 2008, Ed Gerck wrote: | Leichter, Jerry wrote: | > I suspect the only heavy-weight defense is the same one we use against | > the "Trusting Trust" hook-in-the-compiler attack: Cross-compile on | > as many compilers from as many sources as you can, on the assumpti

Re: "Designing and implementing malicious hardware"

On Sat, 26 Apr 2008, Karsten Nohl wrote: | Assuming that hardware backdoors can be build, the interesting | question becomes how to defeat against them. Even after a particular | triggering string is identified, it is not clear whether software can | be used to detect malicious programs. It almost

Re: "Designing and implementing malicious hardware"

On Thu, 24 Apr 2008, Jacob Appelbaum wrote: | Perry E. Metzger wrote: | > A pretty scary paper from the Usenix LEET conference: | > | > http://www.usenix.org/event/leet08/tech/full_papers/king/king_html/ | > | > The paper describes how, by adding a very small number of gates to a | > microprocess

Re: Declassified NSA publications

| Date: Thu, 24 Apr 2008 16:22:34 + | From: Steven M. Bellovin <[EMAIL PROTECTED]> | To: cryptography@metzdowd.com | Subject: Declassified NSA publications | | http://www.nsa.gov/public/crypt_spectrum.cfm Interesting stuff. There's actually more there in some parallel directories - there's an

Re: no possible brute force Was: Cruising the stacks and finding stuff

On Wed, 23 Apr 2008, Alexander Klimov wrote: | Date: Wed, 23 Apr 2008 12:53:56 +0300 (IDT) | From: Alexander Klimov <[EMAIL PROTECTED]> | To: Cryptography | Subject: no possible brute force Was: Cruising the stacks and finding stuff | | On Tue, 22 Apr 2008, Leichter, Jerry

Re: Cruising the stacks and finding stuff

| ...How bad is brute force here for AES? Say you have a chip that can do | ten billion test keys a second -- far beyond what we can do now. Say | you have a machine with 10,000 of them in it. That's 10^17 years worth | of machine time, or about 7 million times the lifetime of the universe | so far

2factor

Anyone know anything about a company called 2factor (2factor.com)? They're pushing a system based on symmetric cryptography with, it appears, some kind of trusted authority. "Factor of 100 faster than SSL". "More secure, because it authenticates every message." No real technical data I can find

Re: [p2p-hackers] convergent encryption reconsidered

| >They extended the confirmation-of-a-file attack into the | >learn-partial-information attack. In this new attack, the | >attacker learns some information from the file. This is done by | >trying possible values for unknown parts of a file and then | >checking whether the resu

Re: convergent encryption reconsidered

|...Convergent encryption renders user files vulnerable to a |confirmation-of-a-file attack. We already knew that. It also |renders user files vulnerable to a learn-partial-information |attack in subtle ways. We didn't think of this until now. My |search of the literature sugges

Re: Firewire threat to FDE

| As if the latest research (which showed that RAM contents can be | recovered after power-down) was not enough, it seems as Firewire ports | can form yet an easier attack vector into FDE-locked laptops. | | Windows hacked in seconds via Firewire | http://www.techworld.com/security/news/index.cfm?

Re: delegating SSL certificates

| >> So at the company I work for, most of the internal systems have | >> expired SSL certs, or self-signed certs. Obviously this is bad. | > | >You only think this is bad because you believe CAs add some value. | | Presumably the value they add is that they keep browsers from popping | up scary

Re: RNG for Padding

| Hi, | | This may be out of the remit of the list, if so a pointer to a more | appropriate forum would be welcome. | | In Applied Crypto, the use of padding for CBC encryption is suggested | to be met by ending the data block with a 1 and then all 0s to the end | of the block size. | | Is this

Re: cold boot attacks on disk encryption

| Their key recovery technique gets a lot of mileage from using the | computed key schedule for each round of AES or DES to provide | redundant copies of the bits of the key. If the computer cleared | the key schedule storage, while keeping the key itself when the | system is in sleep mode, or whe

Re: cold boot attacks on disk encryption

| ...I imagine this will eventually have a big impact on the way organizations | respond to stolen mobile device incidents. With the current technology, if a | laptop or mobile device is on when it's stolen, companies will need to assume | that the data is gone, regardless of whether or not encrypt

RE: Toshiba shows 2Mbps hardware RNG

| > SAN FRANCISCO -- Toshiba Corp. has claimed a major breakthrough in | > the field of security technology: It has devised the world's | > highest-performance physical random-number generator (RNG) | > circuit. | > | > The device generates random numbers at a data rate of 2.0 megabits |

Dilbert on security

Today's Dilbert - http://www.unitedmedia.com/comics/dilbert/archive/images/dilbert23667240080211.gif is right on point -- Jerry - The Cryptography Mailing List Unsubsc

Re: Fixing SSL (was Re: Dutch Transport Card Broken)

| By the way, it seems like one thing that might help with client certs | is if they were treated a bit like cookies. Today, a website can set | a cookie in your browser, and that cookie will be returned every time | you later visit that website. This all happens automatically. Imagine | if a we

Re: Gutmann Soundwave Therapy

| >All of this ignores a significant issue: Are keying and encryption | >(and authentication) mechanisms really independent of each other? I'm | >not aware of much work in this direction. | | Is there much work to be done here? If you view the keyex mechanism | as a producer of an authenticated

Re: Gutmann Soundwave Therapy

| So, this issue has been addressed in the broadcast signature context | where you do a two-stage hash-and-sign reduction (cf. [PG01]), but | when this only really works because hashes are a lot more efficient | than signatures. I don't see why it helps with MACs. Thanks for the reference. | > Obv

Re: Gutmann Soundwave Therapy

| >I don't propose to get into an extended debate about whether it is | >better to use SRTP or to use generic DTLS. That debate has already | >happened in IETF and SRTP is what the VoIP vendors are | >doing. However, the good news here is that you can use DTLS to key | >SRTP (draft-ietf-avt-dtls-sr

Re: Gutmann Soundwave Therapy

| > - Truncate the MAC to, say, 4 bytes. Yes, a simple brute | > force attack lets one forge so short a MAC - but | > is such an attack practically mountable in real | > time by attackers who concern you? | | In fact, 32-bit authentication tags are a featur

Re: Gutmann Soundwave Therapy

Commenting on just one portion: | 2. VoIP over DTLS | As Perry indicated in another message, you can certainly run VoIP | over DTLS, which removes the buffering and retransmit issues | James is alluding to. Similarly, you could run VoIP over IPsec | (AH/ESP). However, for performance reasons, this

VaultID

Anyone know anything about these guys? (www.vaultid.com). They are trying to implement one-time credit card numbers on devices you take with you - initially cell phones and PDA's, eventually in a credit card form factor. The general idea seems good, but their heavy reliance on fingerprint recog

Re: patent of the day

| >http://www.google.com/patents?vid=USPAT6993661 | | Gee, the inventor is Simson Garfinkel, who's written a bunch of books | including Database Nation, published in 2000 by O'Reilly, about all | the way the public and private actors are spying on us. | | I wonder whether this was research to see

Foibles of user "security" questions

Reported on Computerworld recently: To "improve security", a system was modified to ask one of a set of fixed-form questions after the password was entered. Users had to provide the answers up front to enroll. One question: Mother's maiden name. User provides the 4-character answer. System r

Re: Death of antivirus software imminent

| Jerry, | | It is always possible that I misunderstand the McCabe | score which may come from the fact that so many build | environments compute it along with producing the binary, | i.e., independent of human eyeballs. If complexity | scoring requires human eyeballs or the presence of the | des

Re: Death of antivirus software imminent

| ...Taking as our metric the venerable McCabe score: | |v(G) = e - n + 2 | | where e and n are the number of edges and nodes in the | control flow graph, and where you are in trouble when | v(G)>10 in a single module, the simplest patch adds two | edges and one node, i.e., v'(G)=v(G)+1, and

Re: Death of antivirus software imminent

| > | ...Also, I hate to say this, we may need to also require that all | > | encrypted traffic allow inspection of their contents under proper | > | authority (CALEA essentially) | > Why not just require that the senders of malign packets set the Evil Bit | > in their IP headers? | > | > How

Re: Death of antivirus software imminent

| ...Also, I hate to say this, we may need to also require that all | encrypted traffic allow inspection of their contents under proper | authority (CALEA essentially) Why not just require that the senders of malign packets set the Evil Bit in their IP headers? How can you possibly require tha

Re: DRM for batteries

| Date: Fri, 04 Jan 2008 16:38:07 +1300 | From: Peter Gutmann <[EMAIL PROTECTED]> | To: cryptography@metzdowd.com | Subject: DRM for batteries | | http://www.intersil.com/cda/deviceinfo/0,1477,ISL6296,0.html | | At $1.40 each (at least in sub-1K quantities) you wonder whether it's | costing them

Re: Death of antivirus software imminent

| >The claim that VMM's provide high level security is trading on the | >reputation of work done (and published) years ago which has little if | >anything to do with the software actually being run. | | Actually VMMs do provide some security, but not in the way you think. | Since malware researche

RE: Death of antivirus software imminent

| One virtualization approach that I have not see mentioned on this | thread is to run the virtual machine on a more secure OS than is used | by the applications of interest. | | For example, one could run VMware on SELinux and use VMware to host | Windows/Vista. Thus, even if a virus subverts Wi

Re: Death of antivirus software imminent

Virtualization has become the magic pixie dust of the decade. When IBM originally developed VMM technology, security was not a primary goal. People expected the OS to provide security, and at the time it was believed that OS's would be able to solve the security problems. As far as I know, the f

Re: crypto class design

| So... supposing I was going to design a crypto library for use within | a financial organization, which mostly deals with credit card numbers | and bank accounts, and wanted to create an API for use by developers, | does anyone have any advice on it? | | It doesn't have to be terribly complete,

RE: More on in-memory zeroisation

| I've been through the code. As far as I can see, there's nothing in | expand_builtin_memset_args that treats any value differently, so there | can't be anything special about memset(x, 0, y). Also as far as I can | tell, gcc doesn't optimise out calls to memset, not even thoroughly | dead ones.

Re: More on in-memory zeroisation

On Wed, 12 Dec 2007, Thierry Moreau wrote: | Date: Wed, 12 Dec 2007 16:24:43 -0500 | From: Thierry Moreau <[EMAIL PROTECTED]> | To: "Leichter, Jerry" <[EMAIL PROTECTED]> | Cc: Peter Gutmann <[EMAIL PROTECTED]>, cryptography@metzdowd.com | Subject: Re: M

Re: More on in-memory zeroisation

| > If the function is defined as I suggested - as a static or inline - | > you can, indeed, takes its address. (In the case of an inline, this | > forces the compiler to materialize a copy somewhere that it might | > not otherwise have produced, but not to actually *use* that copy, | > except whe

Re: More on in-memory zeroisation

| > However, that doesn't say anything about whether f is actually | > invoked at run time. That comes under the "acts as if" rule: If | > the compiler can prove that the state of the C (notional) virtual | > machine is the same whether f is actually invoked or not, it can | > elide the call. No

RE: More on in-memory zeroisation

| > Then the compiler can look at the implementation and "prove" that a | > memset() to a dead variable can be elided | | One alternative is to create zero-ing functions that wrap memset() | calls with extra instructions that examine some of the memory, log a | message and exit the application

Re: Flaws in OpenSSL FIPS Object Module

| > It is, of course, the height of irony that the bug was introduced in | > the very process, and for the very purpose, of attaining FIPS | > compliance! | | But also to be expected, because the feature in question is | "unnatural": the software needs a testable PRNG to pass the compliance | test

Re: PlayStation 3 predicts next US president

| > The whole point of a notary is to bind a document to a person. That | > the person submitted two or more different documents at different | > times is readily observable. After all, the notary has the | > document(s)! | | No, the notary does not have the documents *after* they are notarized,

Re: Intercepting Microsoft wireless keyboard communications

On Tue, 11 Dec 2007, Steven M. Bellovin wrote: | On Tue, 11 Dec 2007 13:49:19 +1000 | "James A. Donald" <[EMAIL PROTECTED]> wrote: | > Use CFB mode. That takes care of all the above problems... | Believe it or not, I thought of CFB... | | Sending keep-alives will do nasties to battery lifetime, I

Re: Flaws in OpenSSL FIPS Object Module

| What does it say about the integrity of the FIPS program, and its CMTL | evaluation process, when it is left to competitors to point out | non-compliance of evaluated products -- proprietary or open source -- | to basic architectural requirements of the standard? I was going to ask the same quest

Re: More on in-memory zeroisation

| > There was a discussion on this list a year or two back about | > problems in using memset() to zeroise in-memory data, specifically | > the fact that optimising compilers would remove a memset() on | > (apparently) dead data in the belief that it wasn't serving any | > purpose. | | Then, s/mem

Re: Intercepting Microsoft wireless keyboard communications

| > Exactly what makes this problem so difficult eludes me, although one | > suspects that the savage profit margins on consumables like | > keyboards and mice might have something to do with it. | > | It's moderately complex if you're trying to conserve bandwidth (which | translates to power) and

Intercepting Microsoft wireless keyboard communications

http://www.dreamlab.net/download/articles/Press%20Release%20Dreamlab%20Technologies%20Wireless%20Keyboard.pdf Computerworld coverage at http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9051480 The main protection against interception is the proprietary protocol,

State of the art in hardware reverse-engineering

Flylogic Engineering does some very interesting tampering with "tamper- resistant" parts. Most of those "secure USB sticks" you see around won't last more than a couple of minutes with these guys. See http://www.flylogic.net/blog -- Jerry

Government Smart Card Initiative

Little progress on government-wide smart card initiative, and little surprise November 14, 2007 (Computerworld) More than three years after a presidential directive requiring federal government agencies to issue new smart-card identity credentials to all employees and contractors, progress on the

People side-effects of increased security for on-line banking

Sometimes the side-effects are as significant as the direct effects -- Jerry Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/7091206.stm Fears over online banking checks By Mark Ward Technology Correspondent,

Re: Hushmail in U.S. v. Tyler Stumbo

In previous cases of the government somehow magically gaining access to "securely encrypted" data, it eventually turned out that the government had compromised the target's machine and installed a key logger, or some other piece of software to record the relevant secret information. So far, I've s

Re: Intelligent Redaction

| Xerox Unveils Technology That Blocks Access to Sensitive Data in | Documents to Prevent Security Leaks | http://www.parc.com/about/pressroom/news/2007-10-15-redaction.html | | The Innovation: The technology includes a detection software tool that | uses content analysis and an intelligent user i

Re: Quantum Crytography to be used for Swiss elections

| Date: Sat, 13 Oct 2007 03:20:48 -0400 | From: Victor Duchovni <[EMAIL PROTECTED]> | To: cryptography@metzdowd.com | Subject: Re: Quantum Crytography to be used for Swiss elections | | On Fri, Oct 12, 2007 at 11:04:15AM -0400, Leichter, Jerry wrote: | | > No comment from

Re: Password hashing

| > ... What's wrong with starting | > with input SALT || PASSWORD and iterating N times, | | Shouldn't it be USERID || SALT || PASSWORD to guarantee that if | two users choose the same password they get different hashes? | It looks to me like this wold make dictionary attacks harder too. As

Re: 307 digit number factored

| > AFAIK, the only advantage of ECC is that the keys are | > shorter. The disadvantage is that it isn't as well | > studied. | | On past performance, elliptic curves are safer than | integers. From time to time, integer based asymmetric | encryption is abruptly and surprisingly weakened by | adv

Quantum Crytography to be used for Swiss elections

No comment from me on the appropriateness. From Computerworld. -- Jerry Quantum cryptography to secure ballots in Swiss election Ellen Messmer October 11, 2007 (Network World) Swiss officials are using quantum cryptography technology to

Re: Full Disk Encryption solutions selected for US Government use

| A slightly off-topic question: if we accept that current processes | (FIPS-140, CC, etc) are inadequate indicators of quality for OSS | products, is there something that can be done about it? Is there a | reasonable criteria / process that can be built that is more suitable? Well, if you believ

RE: Trillian Secure IM

| > But, opportunistic cryptography is even more fun. It is | > very encouraging to see projects implement cryptography in | > limited forms. A system that uses a primitive form of | > encryption is many orders of magnitude more secure than a | > system that implements none. | | Primitive fo

Retailers try to push data responsibilities back to banks

Retail group takes a swipe at PCI, puts card companies 'on notice' Jaikumar Vijayan October 04, 2007 (Computerworld) Simmering discontent within the retail industry over the payment card industry (PCI) data security standards erupted into the open this week with the National Retail Federation (NR

Re: Linus: Security is "people wanking around with their opinions"

| I often say, "Rub a pair of cryptographers together, and you'll | get three opinions. Ask three, you'll get six opinions." :-) | | However, he's talking about security, which often isn't quantifiable! >From what I see in the arguments, it's more complicated than that. On one side, we have SeL

Re: using SRAM state as a source of randomness

| Aloha! | | Peter Gutmann skrev: | > So RAM state is entropy chicken soup, you may as well use it because | > it can't make things any worse, but I wouldn't trust it as the sole | > source of entropy. | | Ok, apart from the problems with reliable entropy generation. I'm I | right when I get a ba

Goodby analogue hole, hello digital hole

The movie studios live in fear of people stealing their product as it all goes digital. There's, of course, always the "analogue hole", the point where the data goes to the display. The industry defined an all-digital, all-licensed-hardware path through HDMI which blocks this path. As we know,

Re: OK, shall we savage another security solution?

| > If you think about this in general terms, we're at the point where we | > can avoid having to trust the CPU, memory, disks, programs, OS, etc., | > in the borrowed box, except to the degree that they give us access to | > the screen and keyboard. (The problem of securing connections that | > g

Re: OK, shall we savage another security solution?

| >Anyone know anything about the Yoggie Pico (www.yoggie.com)? It | >claims to do much more than the Ironkey, though the language is a bit | >less "marketing-speak". On the other hand, once I got through the | >marketing stuff to the technical discussions at Ironkey, I ended up | >with much more

OK, shall we savage another security solution?

Anyone know anything about the Yoggie Pico (www.yoggie.com)? It claims to do much more than the Ironkey, though the language is a bit less "marketing-speak". On the other hand, once I got through the marketing stuff to the technical discussions at Ironkey, I ended up with much more in the way of

Re: Another Snake Oil Candidate

| The world's most secure USB Flash Drive: . What makes you call it snake oil? At least the URL you point to says very reasonable things: It uses AES, not some home-brew encryption; the keys are stored internally; the case is physically protected, and has some kind o

Re: What is a proof?

| If a proof is a record of a mental journey in which one person has | discovered an important truth, and then made a record of that journey | adequate so that a second person can walk the same path and see the | same truth, then cryptography could do with more and better proofs. Few results are di

Re: Seagate announces hardware FDE for laptop and desktop machines

| Date: Thu, 6 Sep 2007 16:00:03 -0600 | From: Chris Kuethe <[EMAIL PROTECTED]> | To: Jacob Appelbaum <[EMAIL PROTECTED]> | Cc: Cryptography | Subject: Re: Seagate announces hardware FDE for laptop and desktop machines | | On 9/6/07, Jacob Appelbaum <[EMAIL PROTECTED]> wrote: | > Seagate recently

Re: In all the talk of super computers there is not...

| > | Hi Martin, | > | | > | I did forget to say that it would be salted so that throws it off by | > | 2^12 | > | | > | A couple of questions. How did you come up with the ~2.5 bits per | > | word? Would a longer word have more bits? | > He misapplied an incorrect estimate! :-) The usual estima

Re: In all the talk of super computers there is not...

| Hi Martin, | | I did forget to say that it would be salted so that throws it off by | 2^12 | | A couple of questions. How did you come up with the ~2.5 bits per | word? Would a longer word have more bits? He misapplied an incorrect estimate! :-) The usual estimate - going back to Shannon's ori

Re: interesting paper on the economics of security

| Jerry/Hal, | | This lemon-car analogy is interesting. | | One sidebar that might be worked into the argument is the | apparently widespread side-line business where a car is | auctioned on eBay but before the sale is consumated the | buyer engages a mechanic to check the car out pre-sale. | The

  1   2   >