On 09/03/2010 03:45 AM, Ben Laurie wrote:
That's the whole point - a hash function used on an arbitrary message
produces one of its possible outputs. Feed that hash back in and it
produces one of a subset of its possible outputs. Each time you do this,
you lose a little entropy (I can't remember
On 09/03/2010 01:22 PM, Ben Laurie wrote:
On 03/09/2010 17:01, Marsh Ray wrote:
I played with some simulations with randomly-generated mappings, the
observed value would at times wander over 1.0 BoE/log2 N.
I think when I did this, I fully enumerated the behaviour of a truncated
hash (e.g
On 09/06/2010 09:49 PM, John Denker wrote:
If anybody can think of a practical attack against the randomness
of a thermal noise source, please let us know. By "practical" I
mean to exclude attacks that use such stupendous resources that
it would be far easier to attack other elements of the sys
On 09/07/2010 12:58 PM, John Denker wrote:
On 09/07/2010 10:21 AM, Marsh Ray wrote:
If anybody can think of a practical attack against the randomness
of a thermal noise source, please let us know. By "practical" I
mean to exclude attacks that use such stupendous resources that
it wo
On 09/07/2010 02:18 PM, Perry E. Metzger wrote:
The question is, can you make it more expensive to do that than to,
say, buy a new parking card or whatever else the smart card is being
used for. If the attack is fairly cheap and repeatable and yields
something reasonably valuable, you have a pro
On 09/08/2010 10:45 AM, f...@mail.dnttm.ro wrote:
Hi.
Just subscribed to this list for posting a specific question. I hope
the question I'll ask is in place here.
Oh good, this makes me not the new guy now :-)
These seem like nice standard, authentication system design questions.
I'll give t
On 09/13/2010 07:24 PM, Ian G wrote:
On 11/09/10 6:45 PM, f...@mail.dnttm.ro wrote:
Essentially, the highest risk we have to tackle is the database.
Somebody having access to the database, and by this to the
authentication hashes against which login requests are verified,
should not be able to
On 09/14/2010 09:13 AM, Ben Laurie wrote:
On 14/09/2010 12:29, Ian G wrote:
On 14/09/10 2:26 PM, Marsh Ray wrote:
On 09/13/2010 07:24 PM, Ian G wrote:
1. In your initial account creation / login, trigger a creation of a
client certificate in the browser.
There may be a way to get a
On 09/27/2010 08:26 PM, Rose, Greg wrote:
On 2010 Sep 24, at 12:47 , Steven Bellovin wrote:
Per
http://news.softpedia.com/news/New-Trojan-Steals-Digital-Certificates-157442.shtml
there's a new Trojan out there that looks for a steals Cert_*.p12
files -- certificates with private keys. Since t
On 09/30/2010 10:41 AM, Thor Lancelot Simon wrote:
On Wed, Sep 29, 2010 at 09:22:38PM -0700, Chris Palmer wrote:
Thor Lancelot Simon writes:
a significant net loss of security, since the huge increase in computation
required will delay or prevent the deployment of "SSL everywhere".
That woul
On 10/06/2010 01:57 PM, Ray Dillinger wrote:
a 19-year-old just got a 16-month jail sentence for his refusal to
disclose the password that would have allowed investigators to see
what was on his hard drive.
I am thankful to not be an English "subject".
I suppose that, if the authorities could
On 10/07/2010 12:10 PM, Bernie Cosell wrote:
There's no way to tell if you used the
first password that you didn't decrypt everything.
Is there a way to prove that you did?
If yes, your jailers may say "We know you have more self-incriminating
evidence there. Your imprisonment will continue
12 matches
Mail list logo
