Re: [Cryptography] Good private email
On Mon, Aug 26, 2013 at 07:12:21AM -0400, Richard Salz wrote: > I don't think you need all that much to get good secure private email. > You need a client that can make PEM pretty seamless; reduce it to a > button that says "encrypt when possible." You need the client to be > able to generate a keypair, upload the public half, and pull down > (seamlessly) recipient public keys. You need a server to store and > return those keys. You need an installed base to kickstart the network > effect. > > Who has that? Apple certainly; Microsoft could; Google perhaps > (although not reading email is against their business model). Maybe > even the FB API. Now, thats an interesting point! Once all email is encrypted, how many mail providers would be interested in offering free service at all, and whats their business model then? Is it still valuable enough to sell the graph of connects? Sebastian -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krah...@suse.de - SuSE Security Team ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
OpenSSH patch against traffic analysis
Hi, I wrote a patch to force openssh to use constant time and packet-size on the SSHv2 connection so observers of traffic cant correlate SSH connections to each other. You can find it here: http://c-skills.blogspot.com/2008/12/sshv2-trickery.html l8er, Sebastian -- ~~ ~~ perl self.pl ~~ $_='print"\$_=\47$_\47;eval"';eval ~~ krah...@suse.de - SuSE Security Team ~~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: More US bank silliness
Hi, This reminds me the most weird SSL related error message I have ever seen and which is there since ages: https://www.fbi.gov Beside that the certificate is wrong :-) regards, Sebastian On Mon, Sep 08, 2008 at 01:29:34AM +1200, Peter Gutmann wrote: > In the ongoing comedy of errors that is US online banking "security" I've just > run into another one that's good for a giggle: Go to www.wachovia.com and, [...] --- ~~ perl self.pl ~~ $_='print"\$_=\47$_\47;eval"';eval ~~ [EMAIL PROTECTED] - SuSE Security Team ~~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Just update the microcode (was: Re: defending against evil in all layers of hardware and software)
The "signature" in the microcode update has not the same meaning as within crypto. For intel chips it has 31bits and basically contains a revision number. The requirements for the BIOS for checking microcode updates are in short: check the crc and ensure that older revisions cant replace new ones by comparing the "signature". I did not try myself, but I think one can probably update anything if you just hexedit the update header. Afaik these chips do not own any crypto-related functionallity or storage capability (except precise timing and rand maybe) and they are not tamper-proof. Thats why TPM was invented :-) l8er, Sebastian On Mon, Apr 28, 2008 at 06:16:12PM -0400, John Ioannidis wrote: > Intel and AMD processors can have new microcode loaded to them, and this > is usually done by the BIOS. Presumably there is some asymmetric crypto > involved with the processor doing the signature validation. > > A major power that makes a good fraction of the world's laptops and > desktops (and hence controls the circuitry and the BIOS, even if they do > not control the chip manufacturing process) would be in a good place to > introduce problems that way, no? > > /ji > > - > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] -- ~~ ~~ perl self.pl ~~ $_='print"\$_=\47$_\47;eval"';eval ~~ [EMAIL PROTECTED] - SuSE Security Team ~~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]