Lucky Green [EMAIL PROTECTED] writes:
I trust that we can agree that the volume of traffic and number of
transactions protected by SSL are orders of magnitude higher than those
protected by SSH. As is the number of users of SSL. The overwhelming majority
of which wouldn't know ssh from telnet.
Werner Koch [EMAIL PROTECTED] writes:
Does the proprietary SSH still use GMP? I know no other major crypto apps
using GMP for big number math.
I've seen it used in a couple of lesser-known apps that I played with for
interop testing, nothing that counts as a major app though. Maybe it's
William Allen Simpson [EMAIL PROTECTED] writes:
Would this be the DHCP working group that on at least 2 occasions when I was
there, insisted that secure DHCP wouldn't require a secret, since DHCP isn't
supposed to require configuration?
Given that their goal is zero-configuration networking, I
Anton Stiglic [EMAIL PROTECTED] writes:
It is important to chose both a random seed and random key, and FIPS 140 has
no provision for this.
Yes it does, you just have to interpret it correctly.
The post-processed pool output [from the cryptlib generator] is not sent
directly to the caller
Ian Grigg [EMAIL PROTECTED] writes:
There appear to be a number of metrics that have been suggested:
a. nunber of design wins
b. penetration into equivalent unprotected market
c. number of actual attacks defeated
d. subjective good at the application level
e. worthless
Peter Gutmann wrote:
It's no less secure than what's being done now, and
since you can make it completely invisible to the user at least it'll get
used. If all new MTA releases automatically generated a self-signed cert and
enabled STARTTLS, we'd see opportunistic email encryption adopted
Rich Salz [EMAIL PROTECTED] writes:
Sure, that's why it's *the first.* They have never done this before, and it
is very different to how they (or their Ft Meade experts) have done things
before. I suppose one could argue that they're doing this for Level 1 to
increase the industry demand for
Rich Salz [EMAIL PROTECTED] writes:
Second, if the key's in hardware you *know* it's been stolen. You don't know
that for software.
Only for some definitions of stolen. A key held in a smart card that does
absolutely everything the untrusted PC it's connected to tells it to is only
marginally
John Young [EMAIL PROTECTED] writes:
Who at Baltimore, or was once there, is likely to be able to account for the
security of the certs for customers who still rely upon them? Not somebody to
spin a fairy tale, but to truthfully explain what Baltimore has done to avoid
betraying the trust of its
Anonymous via the Cypherpunks Tonga Remailer [EMAIL PROTECTED] writes:
Why is it that none of those 100-odd companies with keys in the browsers are
doing anything with them? Verisign has such a central role in the
infrastructure, but any one of those other companies could compete. Why isn't
Ed Gerck [EMAIL PROTECTED] writes:
PRICING STRATEGY: CAs should keep their prices high and find ways to add
price to current products (eg, offering insurance, different certificate
classes, benefits for CRL access, etc.) -- because the potentially difficult
mid-term future of such business impose
Ed Reed [EMAIL PROTECTED] writes:
2) PKI vendors looked at that and must have said - gee, if we can get
$100-$150/yr/user for managing identity around PKI certificates, why
shouldn't we?
Actually it's even better than that, the companies using the managed service
are still expected to act as
Bill Frantz [EMAIL PROTECTED] writes:
The real problem is that the viewer software, whether it is an editor, PDF
viewer, or a computer language interpreter, runs with ALL the user's
privileges. If we ran these programs with a minimum of privilege, most of
the problems would just go away.
This
John S. Denker [EMAIL PROTECTED] writes:
According to 'ps', an all-up ssh system is less than 3 megabytes (sshd, ssh-
agent, and the ssh client). At current memory prices, your clients would
save less than $1.50 per system even if their custom software could reduce
this bulk to zero.
Let me
Tim Dierks [EMAIL PROTECTED] writes:
It does not, and most SSL/TLS implementations/installations do not support
anonymous DH in order to avoid this attack.
Uhh, I think that implementations don't support DH because the de facto
standard is RSA, not because of any concern about MITM (see below).
Bill Frantz [EMAIL PROTECTED] writes:
This is the second significant problem I have seen in applications that use
ASN.1 data formats. (The first was in a widely deployed implementation of
SNMP.) Given that good, security conscience programmers have difficultly
getting ASN.1 parsing right, we
Jerrold Leichter [EMAIL PROTECTED] writes:
Both of these are helped by a well-specified low-level syntax. TLV encoding
lets you cross-check all sorts of stuff automatically, once, in low-level
calls. Ad hoc protocols scatter the validation all over the place - and some
of it will inevitably be
Nathan P. Bardsley [EMAIL PROTECTED] writes:
Anecdotally, I've heard that there are many, but almost all of them were done
by vendors for embedding in their proprietary products.
Ditto. The problem is that when vendors have spent $100K+ on the
certification, they're very reluctant to give
Anton Stiglic [EMAIL PROTECTED] writes:
This is why you get requirements of the type that it should run on Windows in
single-user mode, which I take to mean have only an admin account. This
prevents privilege escalation attacks (regular user to root) that are easily
done.
I think this is
Markus Friedl [EMAIL PROTECTED] writes:
On Sat, Oct 04, 2003 at 05:58:49PM +1200, Peter Gutmann wrote:
We've already seen half the
SSH implementations in existence taken out by the SSH malformed-packet
vulnerabilities,
I don't think so.
According to the CERT advisory, roughly half of all
I wrote:
Peter (I define myself to be A BIT CYNICAL about all this).
Since it could appear that I'm gratuitously bashing FIPS 140 (or certification
processes in general) here, I should clarify: As with all attempts at one-
size-fits-all solutions, one size doesn't quite fit all. You can break
Peter Clay [EMAIL PROTECTED] writes:
If you want a VPN that road warriors can use, you have to do it with IP-over-
TCP. Nothing else survives NAT and agressive firewalling, not even Microsoft
PPTP.
IP-over-TCP has some potential performance problems, see
Anton Stiglic [EMAIL PROTECTED] writes:
But the problem is how can people who know nothing about security evaluate
which vendor is most committed to security? For the moment, FIPS 140 and CC
type certifications seem to be the only means for these people...
Yeah, it's largely a case of looking
Jerrold Leichter [EMAIL PROTECTED] writes:
There was also an effort in England that produced a verified chip. Quite
impressive, actually - but I don't know if anyone actually wanted the chip
they (designed and) verified.
The Viper. Because it needed to be formally verifiable, they had to leave
Damien Miller [EMAIL PROTECTED] writes:
The SSH protocol supports certificates (X.509 and OpenPGP), though most
implementations don't.
One of the reason why many implementations may not support it is that the spec
is completely ambiguous as to the data formats being used. For example it
Thor Lancelot Simon [EMAIL PROTECTED] writes:
I believe the VanDyke implementation also supports X.509, and interoperates
with the ssh.com code. It was also my perception that, at the time, the
VanDyke guy was basically shouted down when trying to discuss the utility of
X.509 for this purpose
Carl Ellison [EMAIL PROTECTED] writes:
The third annual PKI Research workshop CFP has been posted.
I note that it's still not possible to use PKI to authenticate submissions to
the PKI workshop :-).
(To those people who missed the original comment a year or two back, the first
PKI workshop
Perry E. Metzger [EMAIL PROTECTED] writes:
TLS is just a pretty straightforward well analyzed protocol for protecting a
channel -- full stop. It can be used in a wide variety of ways, for a wide
variety of apps. It happens to allow you to use X.509 certs, but if you
really hate X.509, define an
Intel has just announced a desktop motherboard with Wave's Embassy chip built
in at http://www.intel.com/design/motherbd/rh/index.htm. Embassy is a DRM
chip that was more recently re-targeted slightly for, uhh, non-DRM
TCPA/TPM/whatever when they realised that DRM hardware was a bit of a hard
Bill Frantz [EMAIL PROTECTED] writes:
I usually travel with zipper closed duffel bags. I fasten the zipper closed
with a screw link. Anyone can unscrew the link and get into the bag, but it
does effectively keep the zipper closed in transit. I suppose it also
provides some level of security
Dave Howe [EMAIL PROTECTED] writes:
Peter Gutmann wrote:
E4M needs some minor updates for XP by someone who
knows about NT device drivers, otherwise you'll occasionally get
problems unmounting volumes.
Does anyone know of a version where this work has been done?
Since this was last discussed
J Harper [EMAIL PROTECTED] writes:
2) Make it functional on systems without memory allocation. Did I
mention that I work on (very) small embedded systems? Having fixed
spaces for variables is useful when you want something to run
deterministically for a long time with no resets, and I have yet
Dave Howe [EMAIL PROTECTED] writes:
Key management and auditing is pretty much external to the actual software
regardless of which solution you use I would have thought.
Not necessarily. I looked at this in an ACSAC'2000 paper (available from
http://www.acsac.org/2000/abstracts/18.html). This
Stefan Lucks [EMAIL PROTECTED] writes:
Currently, I have three smart cards in my wallet, which I did not want to own
and which I did never pay for. I never used any of them.
Conversation from a few years ago, about multifunction smart cards:
- Multifunction smart cards are great, because
John Gilmore [EMAIL PROTECTED] writes:
They eventually censored out all the sample application scenarios like DRM'd
online music, and ramped up the level of jargon significantly, so that nobody
reading it can tell what it's for any more. Now all the documents available
at that site go on for
John Denker [EMAIL PROTECTED] writes:
] Thursday 25 December 2003, 17:13 Makka Time, 14:13 GMT
]
] Saudis swoop on DIY bomb guide
[...]
I suspect there is a lot more to this story..
The story could apply to any one of hundreds (thousands?) of hacker/warez CDs
available off-the-shelf in the
Carl Ellison [EMAIL PROTECTED] writes:
Ah. That's why they're trying to rename the corresponding keyUsage bit
to contentCommitment then:
Maybe, but that page defines it as:
contentCommitment: for verifying digital signatures which are intended to
signal that the signer is committing to the
/. is reporting this, anyone know the real story?
The CryptoAPI list has been lit up end to end with mail about this. The
summary from one poster (Tim Anderson [EMAIL PROTECTED]) is:
IE5.x's digital signature expired yesterday. Every computer that uses
WinVerifyTrust now has to have the
Rich Salz [EMAIL PROTECTED] writes:
Can someone explain to me why the expiring of a certificate causes new
massive CRL queries?
Here's the reply straight from Verisign:
-- Snip --
We wanted to pass on a notification that we have determined what we feel is
the root cause of the CRL outage
R. A. Hettinga [EMAIL PROTECTED] quotes:
One of our missions here at Cryptonomicon.Net is to advocate the use of
appropriate cryptographic technology. One technology that's sorely missed in
a number of commercial products is key splitting. Never heard of key
splitting? That's not surprising.
Peter Parker [EMAIL PROTECTED] writes:
In one of the issue of ijde found at
http://www.ijde.org/docs/04_winter_v2i3_art1.pdf the authors have analysed
various encryption applications and discussed results for few sample
applications. Does any one have the complete results. Tried mailing the
Anton Stiglic [EMAIL PROTECTED] writes:
I think cryptography techniques can provide a partial solution to spam.
No they won't. All the ones I've seen are some variant on the build a big
wall around the Internet and only let the good guys in, which will never work
because the Internet doesn't
Russell Nelson [EMAIL PROTECTED] writes:
It would be better if the solution does NOT need industry
support at all, only user support. It should use what is already
available.
This is the point in the script at which I laugh at you, Ed. S/MIME and PGP
have been available for many many
Russell Nelson [EMAIL PROTECTED] writes:
Peter Gutmann writes:
STARTTLS
If Alice and Cathy both implement STARTTLS, and Beatty does not, and Beatty
handles email which is ultimately sent to Cathy, then STARTTLS accomplishes
nothing. If Uma and Wendy implement DomainKeys, and Violet does
An article on passwords and password safety, including this neat bit:
For additional security, she then pulls out a card that has 50
scratch-off codes. Jubran uses the codes, one by one, each time she
logs on or performs a transaction. Her bank, Nordea PLC, automatically
sends a new
On a semi-related note, there's ex-Iraqi crypto gear for sale on e-bay at
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemcategory=296item=2249455706rd=1.
Only used once by a slightly gullible/careless owner...
It'd be interesting for someone with too much spare time on their hands to buy
one of
R. A. Hettinga [EMAIL PROTECTED] forwarded:
So now the NSA's secret is out. The Iranians have undoubtedly changed
their encryption machines, and the NSA has lost its source of Iranian
secrets. But little else is known. Who told Chalabi? Only a few
people would know this important U.S. secret,
Anton Stiglic [EMAIL PROTECTED] writes:
A list can be found here
http://www.homeport.org/~adam/crypto/
Hmm, that list is somewhat out of date (several years in some cases).
Peter.
-
The Cryptography Mailing List
Unsubscribe
Steve Furlong [EMAIL PROTECTED] writes:
On Wed, 2004-06-30 at 06:49, Ian Grigg wrote:
Here's my question - is anyone in the security
field of any sort of repute being asked about
phishing, consulted about solutions, contracted
to build? Anything?
Nothing here. Spam is the main concern on
Enzo Michelangeli [EMAIL PROTECTED] writes:
Can someone explain me how the phishermen escape identification and
prosecution? Gaining online access to someone's account allows, at most, to
execute wire transfers to other bank accounts:
Some (a lot of?) large-scale phishing is done by or with the
Sean W. Smith [EMAIL PROTECTED] writes:
I would have thought that de facto standard approach is: the client
constructs the certificate request message, which contains things like the
public key and identifying info, and signs it. The CA then checks the
signature against the public key in the
Anne Lynn Wheeler [EMAIL PROTECTED] write:
the assertion here is possible threat model confusion when the same exact
technology is used for two significantly different business purposes.
I don't think there's any confusion about the threat model, which is Users
find it too difficult to generate
Richard Levitte - VMS Whacker [EMAIL PROTECTED] writes:
Peter, are you talking about generic CAs or in-corporation ones?
Both. Typically what happens is that the CA generates the key and cert and
mails it to the user as a PKCS #12 file, either in plaintext, with the
password in the same email,
[EMAIL PROTECTED] writes:
2 centsIn the business cases pointed out where it is good that the multiple
parties hold the private key, I feel the certificate should indicate that
there are multiple parties so that Bob can realize he is having authenticated
and private communications with Alice _and_
For those who haven't seen the announcement:
-- Snip --
July 27, 2004 -- NIST has determined that the strength of the (single) Data
Encryption Standard (DES) algorithm is no longer sufficient to adequately
protect Federal government information. As a result, NIST proposes
withdrawing FIPS 46-3,
[EMAIL PROTECTED] writes:
Your certificate definition says additionalRecipients, mine says
additionalSubjects, Fred-over-there's says coKeyOwners. The OIDs for
these extensions end up all different. A human may be able to parse the
intent from the ASN.1 it but email programs will have difficulty.
Aram Perez [EMAIL PROTECTED] writes:
I agree with Michael H. If you trust the CA to issue a cert, it's not that
much more to trust them with generating the key pair.
Trusting them to safely communicate the key pair to you once they've generated
it is left as an exercise for the reader :-).
Forwarded here as the original forum is having no success.
[...]
I'm looking for the same information. I want to know which method does MS
Crypto API use in order to obtain strong random seeds.
This is cross-posted back to the original list (with snippets from various
postings) to try and tie
Yeterday I watched Gillo Pontecorvo's 1966 film The Battle of Algiers, a
dramatisation of real events that looks at France's own war on terror in
Algeria in the 1950s. The police attempt to control things by only allowing
people who can show valid ID into the european quarter of Algiers via a few
Hadmut Danisch [EMAIL PROTECTED] writes:
I need a literature reference for a simple problem of encoding/compression
theory:
comp.compression FAQ, probably question #1 given the number of times this
comes up in the newsgroup.
(I've just checked, it's question #9 in part 1. Question #73 in part
Steven M. Bellovin [EMAIL PROTECTED] writes:
Maybe it's worth doing some sort of generic RFC for this security model to
avoid scattering the same thing over a pile of IETF WGs,
Sounds good. Who wants to write it...?
Since there seems to be at least some interest in this, I'll make a start on
Eric Rescorla [EMAIL PROTECTED] writes:
In particular, Verisign's is very long and I seem to remember someone telling
me it was a hach but I don't recall the details...
It's just a SHA-1 hash. Many CAs use this to make traffic analysis of how
many (or few) certificates they're issuing
[EMAIL PROTECTED] writes:
No need to buy a company just to use its product in your development shop.
They're not using it in their development shop, that's their standard
development environment that they ship to all Windows CE, Pocket PC,
SmartPhone, and XP Embedded developers (and include free
R.A. Hettinga [EMAIL PROTECTED] forwarded:
Promoting implanted RFID devices as a security measure is downright 'loco,'
says Katherine Albrecht. Advertising you've got a chip in your arm that
opens important doors is an invitation to kidnapping and mutilation.
Since kidnapping is sort of an
Steven M. Bellovin [EMAIL PROTECTED] writes:
Is a private root key (or the equivalent signing device) an asset that can be
acquired under bankruptcy proceedings? Almost certainly.
Absolutely certainly. Even before Baltimore, CA's private keys had been
bought and sold from/to third parties,
Barry Shein [EMAIL PROTECTED] writes:
Eventually email will just collapse (as it's doing) and the RBOCs et al will
inherit it and we'll all be paying 15c per message like their SMS services.
And the spammers will be using everyone else's PC's to send out their spam, so
the spam problem will
Rich Salz [EMAIL PROTECTED] writes:
Why would mozilla embed this? If they came here, to the putative experts,
for an evaluation, they'd leave thinking Amir and company just invented
Rot-13. It's not that. It's also not perfect. BFD -- you got anything
better?
This ties in to one of my
Steven M. Bellovin [EMAIL PROTECTED] writes:
We all understand the need to move to better hash algorithms than SHA1. At a
minimum, people should be switching to SHA256/384/512; arguably, Whirlpool is
the right way to go. The problem is how to get there from here.
So -- what should we as a
Erwann ABALEA [EMAIL PROTECTED] writes:
On Fri, 25 Mar 2005, Florian Weimer wrote:
* Adam Back:
Does anyone have info on the cost of sub-ordinate CA cert with a name
space constraint (limited to issue certs on domains which are
sub-domains of a your choice... ie only valid to issue certs on
Invalid banking cert spooks only one user in 300
Stephen Bell, Computerworld
16/05/2005 09:19:10
Up to 300 New Zealand BankDirect customers were presented with a security
alert when they visited the bank's website earlier this month - and all but
one dismissed the warning and carried
James A. Donald [EMAIL PROTECTED] writes:
With bank web sites, experience has shown that only 0.3% of users are
deterred by an invalid certificate, probably because very few users have any
idea what a certificate authority is, what it does, or why they should care.
James (and others): I really
Heyman, Michael [EMAIL PROTECTED] writes:
In this situation, I believe that the users, through hard won experience with
computers, _correctly_ assumed this was a false positive.
Probably not. This issue was discussed at some length on the hcisec list,
(security usability,
Heyman, Michael [EMAIL PROTECTED] writes:
The false positive I was referring to is the something is telling me
something unimportant positive. I didn't mean to infer that the users
likely went through a thought process centered around the possible causes of
the certificate failure, specifically
Rich Salz [EMAIL PROTECTED] writes:
I think signatures are increasingly being used for technical reasons, not
legal. That is, sign and verify just to prove that all the layers of
middleware and Internet and general bugaboos didn't screw with it.
That cuts both ways though. Since so many
Anne Lynn Wheeler [EMAIL PROTECTED] writes:
the problem was that xml didn't have a deterministic definition for encoding
fields.
Yup, see Why XML Security is Broken,
http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt, for more on this. Mind
you ASN.1 is little better, there are rules for
Ben Laurie [EMAIL PROTECTED] writes:
Anne Lynn Wheeler wrote:
Peter Gutmann wrote:
That cuts both ways though. Since so many systems *do* screw with
data (in
insignificant ways, e.g. stripping trailing blanks), anyone who does
massage
data in such a way that any trivial change
Perry E. Metzger [EMAIL PROTECTED] writes:
Steven M. Bellovin [EMAIL PROTECTED] writes:
They're still doing the wrong thing. Unless the page was transmitted
to you securely, you have no way to trust that your username and
password are going to them and not to someone who cleverly sent you an
Rich Salz [EMAIL PROTECTED] writes:
Peter's shared earlier drafts with me, and we've exchanged email about this.
The only complaint that has a factual basis is this:
I don't want to have to implement XML processing to do
XML Digital Signatures
I don't want to have to
Jerrold Leichter [EMAIL PROTECTED] writes:
They also sold a full solution for encrypted Ethernet - KDC, encrypting
Ethernet adapters, associated software. None of this stuff went anywhere.
People just weren't interested.
That wasn't quite the case for the Ethernet encryption. What happened
[EMAIL PROTECTED] (Hal Finney) writes:
Steven M. Bellovin writes:
Dan Bernstein has a new cache timing attack on AES:
http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
This is a pretty alarming attack.
It is? Recovering a key from a server custom-written to act as an oracle for
the
Stephan Neuhaus [EMAIL PROTECTED] writes:
Concerning the practical use of AES, you may be right (even though it would
be nice to have some advice on what one *should* do instead).
Definitely. Maybe time for a BCP, not just for AES but for general block
ciphers?
But as far as I know, resistance
Ian G [EMAIL PROTECTED] writes:
Definitely. Maybe time for a BCP, not just for AES but for general block
ciphers?
What is a BCP? Best Coding Practices? Block Cipher Protocol?
Best Current Practice, a special-case type of RFC. Based on recent experience
with this style of collaborative
Peter Fairbrother [EMAIL PROTECTED] writes:
Steven M. Bellovin wrote:
Designing a system that deflects this sort of attack is challenging.
The right answer is smart cards that can digitally sign transactions
No, it isn't! A handwritten signature is far better, it gives post-facto
evidence about
Ian G [EMAIL PROTECTED] writes:
On Tuesday 21 June 2005 13:45, Peter Gutmann wrote:
Best Current Practice, a special-case type of RFC. Based on recent experience
with this style of collaborative document editing, I've set up a wiki at
http://blockcipher.pbwiki.com/, blank username, password 'sbox
Ian Grigg [EMAIL PROTECTED] writes:
Alternatively, if one is in the unfortunate position of being an oracle for a
single block encryption then the packet could be augmented with a cleartext
random block to be xor'd with the key each request.
Moves you from being an encryption oracle to a
[EMAIL PROTECTED] writes:
Take a look at Boojum Mobile -- it is precisely the idea of using the cell
phone as an out-of-band chanel for an in-band transaction.
http://www.boojummobile.com
Banks here have been using it to authenticate higher-value electronic
transactions as well. The way it
Perry E. Metzger [EMAIL PROTECTED] writes:
Why is it, then, that banks are not taking digital photographs of customers
when they open their accounts so that the manager's computer can pop up a
picture for him, which the bank has had in possession the entire time and
which I could not have forged?
Ian Brown [EMAIL PROTECTED] writes:
Steven M. Bellovin wrote:
Cambridge Trust puts your picture on the back of your VISA card, for
instance. They have for more than a decade, maybe even two.
One New York bank -- long since absorbed into some megabank -- did the
same thing about 30 years ago.
John Kelsey [EMAIL PROTECTED] writes:
One nontrivial reason is that many organizations have spent a lot of time and
money building up elaborate rules for using PKI, after long negotiations
between legal and technical people, many hours of writing and revising,
gazillions of dollars in
James A. Donald [EMAIL PROTECTED] writes:
The PKI that was designed to serve no very useful function other than make
everyone in the world pay $100 a year to Verisign is dead.
Yet the technology is potent, and the problems of identity and authenticity
are severe. We shall, bye and bye, see
Adam Shostack [EMAIL PROTECTED] writes:
Let me propose another answer to Perry's question:
Wearing a millstone around your neck to ward off vampires.
This expresses both ends of a lose/lose proposition:
-- a burdensome solution
-- to a fantastically unimportant problem.
That sounds a
Peter Fairbrother [EMAIL PROTECTED] writes:
Peter Gutmann wrote:
Peter Fairbrother [EMAIL PROTECTED] writes:
Didn't the people who did US/USSR nuclear arms verification do something
very similar, except the characterised surface was sparkles in plastic
painted on the missile rather than paper
Stephan Neuhaus [EMAIL PROTECTED] writes:
So, the optimism of the article's author aside, where *do* we stand on PKI
deployment?
The same place we were standing on OSI deployment 15 years ago.
Peter.
-
The Cryptography Mailing
In the 1950s we had cheque blacklists, which were used in an attempt to manage
bad cheques.
They didn't work well, and were abandoned as soon as better mechanisms
became available.
In the 1960s and 70s we had credit card blacklists, which were used in an
attempt to manage bad credit cards.
Raymond Chen's blog has an interesting look at companies trying to bypass
Windows XP's checks that a driver has been WHQL-certified:
My favorite stunt was related to my by a colleague who was installing a
video card driver whose setup program displayed a dialog that read, roughly,
After
John Kelsey [EMAIL PROTECTED] writes:
Recently, Earthlink's webmail server certificate started showing up as
expired. (It obviously expired a long time ago; I suspect someone must have
screwed up in changing keys over or something, because the problem wasn't
happening up until recently.)
This is
Dave Howe [EMAIL PROTECTED] writes:
Nicolas Williams wrote:
Yes, a challenge-response password authentication protocol, normally
subject to off-line dictionary attacks by passive and active attackers
can be strengthened by throwing in channel binding to, say, a TLS
channel, such that: a)
James A. Donald [EMAIL PROTECTED] writes:
From: [EMAIL PROTECTED] (Peter Gutmann)
TLS-PSK fixes this problem by providing mutual
authentication of client and server as part of the key
exchange. Both sides demonstrate proof-of- possession
of the password (without actually communicating
Alaric Dailey [EMAIL PROTECTED] writes:
While I admit that PKI is flawed, I don't see anyway that PSK could used
effectively.
How are PSKs going to be shared in a secure way?
are we talking about generating a new key for every connection?
if so how do you validate the key?
if not, how do
Stephan Neuhaus [EMAIL PROTECTED] writes:
I think you're talking about me here,
Oh no, I wasn't focusing on any one person, it was a characterisation of the
general response from security people when this sort of thing is mentioned.
Long before the discussion on this list, there were already
1 - 100 of 466 matches
Mail list logo