Phil Zimmerman and voice encryption; a Skype problem?

es open the possibility of a protocol change that implemented some sort of Clipper-like functionality. A silent change like that would be *very* ominous. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The

Re: Get a boarding pass, steal someone's identity

YPTOGRAM almost 3 years ago (http://www.schneier.com/crypto-gram-0308.html#6), as did Eric Rescorla (http://www.rtfm.com/movabletype/archives/2003_10.html#000546); it's also been in Slate (http://www.slate.com/id/2113157/fr/rss/). --Steven M. Bellovin, http://www.cs.co

Re: Get a boarding pass, steal someone's identity

some years ago.) The real point here is carelessness with access controls. *That's* what we have to fight. It's certainly better if databases don't exist; as I said, I think that these exist because of customer demand, not government mandates. --Steven M. Bellovin, ht

Re: Linux RNG paper

pted data has not been tampered with. > See "Space-Efficient Block Storage Integrity", Alina Oprea, Mike Reiter, Ke Yang, NDSS 2005, http://www.isoc.org/isoc/conferences/ndss/05/proceedings/papers/storageint.pdf --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

Re: PGP "master keys"

On Wed, 26 Apr 2006 22:24:22 -0400, Derek Atkins <[EMAIL PROTECTED]> wrote: > Quoting "Steven M. Bellovin" <[EMAIL PROTECTED]>: > > > In an article on disk encryption > > (http://www.theregister.co.uk/2006/04/26/pgp_infosec/), the following > > parag

PGP "master keys"

source, PGP says it can guarantee no back doors, but that cyber sleuths can use its master keys if neccessary. What is a "master key" in this context? --Steven M. Bellovin, http://www.cs.columbi

Re: History and definition of the term 'principal'?

asswords), at least in part because they were developed at the Eagle Pub. Whether it was modesty on his part, the fact that these things were group efforts, or the fine IPA they serve there I don't know... --Steven M. Bellovin, http://www.cs.columbia.edu/~smb -

wiretapping in Europe

There's a long AP wire story on wiretapping in Europe; see http://www.washingtonpost.com/wp-dyn/content/article/2006/04/08/AR2006040800529.html There are a number of intriguing statements in the article. For example, in Italy 106,000 wiretaps were approved last year. By contrast, in the US there

Enigma for sale on EBay

http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=6265092168&ruhttp%3A%2F%2Fsearch.ebay.com%3A80%2Fsearch%2Fsearch.dll%3Ffrom%3DR40%26satitle%3D6265092168%26fvi%3D1 http://www.theregister.co.uk/2006/03/29/enigma_for_sale/ --Steven M. Bellovin, http://www.cs.columbia.

Re: Creativity and security

ble via their web archive.) It shows Dilbert saying that he'd never buy anything online because he doesn't want his credit card number floating around the net. He then hands his credit card to a waitress, who comes back wearing a fur coat. --Steven M. Bellovin, http://

Re: bounded storage model - why is R organized as 2-d array?

f they don't fit in cache the cipher will be quite slow -- memory bandwidth hasn't increased nearly as rapidly as CPU speed; modern machines utterly rely on their caches. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb ---

Re: NPR : E-Mail Encryption Rare in Everyday Use

it down to my laptop. This way, I don't have to trust my employer, my ISP, etc. And I use SSL or SSH -- with checking of the far-side certificates -- for transport. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb --

distributed password cracking a a product

http://www.net-security.org/article.php?id=901 The really interesting part is the implication that there's still a lot of 40-bit crypto out there... --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

the return of key escrow?

According to the BBC, the British government is talking to Microsoft about putting in a back door for the file encryption mechanisms. http://news.bbc.co.uk/1/hi/uk_politics/4713018.stm --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

Re: GnuTLS (libgrypt really) and Postfix

In message <[EMAIL PROTECTED]>, Werner Koch writes: >On Tue, 14 Feb 2006 13:00:33 -0500, Steven M Bellovin said: > >> Let me suggest a C-compatible possibility: pass an extra parameter to >> the library routines, specifying a procedure to call if serious errors >> o

Re: GnuTLS (libgrypt really) and Postfix

the higher level to do something different if appropriate, and this loss of flexibility is a bad thing. As noted, the best answer is a modern language that supports exceptions. (Sorry, SIGABRT and setjmp/longjmp just don't cut it.) Let me suggest a C-compatible possibility: pass an extr

serious threat models

calls to a prepaid phone. Think about who could manage that. http://www.guardian.co.uk/mobile/article/0,,1701298,00.html http://www.globetechnology.com/servlet/story/RTGAM.20060202.wcelltap0202/BNStory/International/ --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

US plans for "Information Operations"

http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB177/info_ops_roadmap.pdf Note that there's a plentiful supply of black pixels included... --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptog

Re: CD shredders, was Re: thoughts on one time pads

nkgeek.com/gadgets/security/6d7f/ Again -- what is the assurance level that they do a good enough job, and against what enemy? --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Uns

Re: thoughts on one time pads

nventional encryption algorithms. Given that AES is rated for top secret traffic by NSA, I will assert that any enemy who has a chance of attacking it can devote considerable resources to data recovery from smashed CDs.) --Steven M. Bellovin, http://www.cs.columbi

Re: NSA explains how to redact documents electronically

That's more or less what they did when they declassified Skipjack, though they may have used a real printer and scanner instead. Some people laughed at NSA's technical ineptitude -- didn't they know how to print to PDF directly? Others realized that NSA understood the problem

NSA explains how to redact documents electronically

http://www.fas.org/sgp/othergov/dod/nsa-redact.pdf One wonders how long it will be till someone finds an error... --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List

standards being adopted for encrypting stored data

http://www.networkworld.com/news/2005/121505-tape-encryption.html "Proposed standards for protecting data on disk or tape are gathering steam within the IEEE and could be supported in products as soon as next year, according to proponents." --Steven M. Bell

Re: long-term GPG signing key

y -- it's less than an hour's worth of transmission. The conclusion is that if you're encrypting a LAN, you need AES or you need to rekey fairly often. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

quantum chip built

quantum states. ... The new chip, which is made of gallium arsenide, should be easily scaled and mass-produced, because it's made using microlithography -- the same process that makes microchips. ... --Steven M. Bellovin, http://www.cs.columbia.edu

SIGINT and the prisoner "rendition" scandal

Without going into the details of the purported CIA "rendition" of prisoners to other countries ("it's not torture; we're just outsourcing interrogration to places with less legal overhead"), there may be a SIGINT connection. The following text appeared in an AP wire story today about a purpor

Re: phone records for sale.

In message <[EMAIL PROTECTED]>, "Perry E. Metzger" writes: > >The Chicago Sun Times reports that, for the right price, you can buy >just about anyone's cell phone records: > >http://www.suntimes.com/output/news/cst-nws-privacy05.html > >Quite disturbing. Yes, but it's also bad reporting -- the new

Re: browser vendors and CAs agreeing on high-assurance certificat es

nning simultaneously. Both of those are much smaller changes than a capability-based OS. (Hmm -- who was it who noted that capability- based systems were the wave of the future, and always would be?) A final note -- multiple IP addresses is not the same as multiple machines. Lots of hosting compa

French cryptography and TEMPEST protection

recommendations; the second discusses security against parasitic emanation attacks (i.e., TEMPEST). --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubs

What phishers want

rifying a shared secret, should be >part of the browser chrome, rather than a particular >application of generic web forms. > No -- what phishers are after is money. They get that today by going after shared secrets. If banks change, they'll change. --Ste

Re: RNG quality verification

, both Firefox and IE have such -- generate a lot of keys, and run them through DIEHARD. Then warn your users to use only approved mechanisms for generating their certificate requests -- you just can't do any better. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: A small editorial about recent events.

In message <[EMAIL PROTECTED]>, "Perry E. Metzger" writes: >I have been unable to find any evidence in the text of said >resolutions that they in any way altered or amended the law on this, >even temporarily. Perhaps it is the argument of the President's >lawyers that something analogous to a stat

Re: browser vendors and CAs agreeing on high-assurance certificates

ever heard of was for paypa1.com. As I recall, they did have a certificate. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

browser vendors and CAs agreeing on high-assurance certificates

ddress bar. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

secure links using classical (i.e., non-quantum) physics

she decodes. Instead of thermal noise, proper external noise generators should be used when the communication is not aimed to be stealth. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Ma

Re: [Clips] Banks Seek Better Online-Security Tools

In message <[EMAIL PROTECTED]>, "Janusz A. Urbanowicz " writes: > >Bank >statements come on paper or in S/MIME signed emails. This is interesting -- the bank is using S/MIME? What mail readers are common among its clientele? How is the bank's certificate checke

Re: [Clips] Banks Seek Better Online-Security Tools

use is probably better, but it's *definitely* a much less attractive target for malware writers. Problems? I did have my credit card number stolen, but almost certainly not that way. The bank believes it was a random card number generator. --Steven M. Bellovin, htt

NSA declassifies some Vietnam-era SIGINT

http://www.nsa.gov/vietnam/ These are the documents related to the claim that NSA suppressed many of the intercepts relating to the so-called Gulf of Tonkin incident. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

the early history of NSA

The Quest For Cryptologic Centralization and the Establishment of NSA: 1940-1952 http://www.fas.org/irp/nsa/quest.pdf --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List

from the bad idea department

Steve Gibon is now offering a "GRC's Ultra High Security Password Generator" -- a web page that provides you with "totally random" data in 3 formats: 64 hex digits, 63 printable characters, or 63 alphanumerics. The page suggests using them for passwords, WEP and WPA, VPN shared secrets, and more.

Re: "ISAKMP" flaws?

program space) to >code against such issues. Decent test case generators. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

the effects of a spy

Bruce Schneier's newsletter Cryptogram has the following fascinating link: http://www.fas.org/irp/eprint/heath.pdf It's the story of effects of a single spy who betrayed keys and encryptor designs. --Steven M. Bellovin, http://www.cs.columbi

Re: "ISAKMP" flaws?

very >different malformed packets. > I mostly agree with you, with one caveat: the complexity of a spec can lead to buggier implementations. Sure, even relatively simple protocols can be implemented poorly, but complex ones have more places to go wrong. (It's ins

Re: "ISAKMP" flaws?

try should have been doing: they're writing test case generators that stress parsers. So far, they've been extremely successful against IKEv1, ASN.1, SNMP, and more. This should surprise no one and depress everyone. http://www.ee.oulu.fi/research/ouspg/protos/index.html is the home page

cryptography and security-related papers from North Korea

I stumbled on the following link:http://cryptome.org/dprk/dprk-papers.htm --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptog

Re: How broad is the SPEKE patent.

EKE patent. Since it wasn't patented, there was no one willing to spend the money on legal fees to fight that claim, per a story I heard. Have a look at http://web.archive.org/web/20041018153649/integritysciences.com/history.html for some history.

RSA-640 factored

http://mathworld.wolfram.com/news/2005-11-08/rsa-640/ --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: On Digital Cash-like Payment Systems

27;re >working with key material and not plaintext/ciphertext. > Don't ever encrypt the same message twice that way, or you're likely to fall to a common modulus attack, I believe. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb --

Re: Symmetric ciphers as hash functions

h 15K entries, a high figure even today, you're not going to increase the attacker's work factor by more than a few bits. As for the dictionary size -- they felt (probably correctly) that the size expansion was already large enough that tha

The Pentagon is block NSA patent applications...

http://www.newscientist.com/article.ns?id=dn8223&feedId=online-news_rss091 --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cry

Re: semi-preditcable OTPs

n that case was used to superencipher a codebook, by adding the 5-digit OTP number to the 5-digit code value. Non-random digits in such a setting are more or less irrelevant, unless there is enough of a pattern that it helps you strip off the supere

Skype security evaluation

/files/2005-031%20security%20evaluation.pdf.sig) The author of the report, Tom Berson, has been in this business for many years; I have a great deal of respect for him. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

Re: [saag] status of SSL vs SHA-1/MD-5, etc.?

In message <[EMAIL PROTECTED]>, Ben Laurie writes: >Steven M. Bellovin wrote: >> As Eric Rescorla and I showed, though, none of the network protocols >> are ready for deployment of a new hash function. That is, newer >> versions of OpenSSL support may SHA

Re: [saag] status of SSL vs SHA-1/MD-5, etc.?

note that most machines are *never* upgrade, only replaced. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: NSA Suite B Cryptography

for software licensed under GPL. > I think that that's a fair summary. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: NSA Suite B Cryptography

guessed. Note that the web page we're discussing is from Feb 2005, *after* Wang et al had successfully attacked MD5, though before the publication of their SHA-1 results. NSA still has enough confidence in SHA-384 to rate it for Top Secret traffic. I wonder what they're going to sa

Re: Venona not all decrypted?

Have a look at http://www.nsa.gov/publications/publi00039.cfm . The one-time pad was used to superencrypt a codebook; two different codebooks were used. Most of the successful decryptions were done by 1952; there was some additional help from a partial codebook recovered in 1953. Here's the

Re: PKI too confusing to prevent phishing, part 28

an important point. When *many* people are doing the "wrong" thing, the problem isn't the people, it's the mechanism they're being asked to use. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb ---

Re: Java: Helping the world build bigger idiots

of the game is information security, and that's far more than crypto. Sometimes, in fact, the two conflict. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsu

Guideline for Implementing Cryptography In the Federal Government

http://csrc.nist.gov/publications/drafts/800-21-Rev1_September2005.pdf --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptograph

Re: Java: Helping the world build bigger idiots

h of engineering, failure to observe such elementary precautions would have long been against the law. >From Tony Hoare's 1980 Turing Award lecture. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb -

Re: ECC patents?

lled $25-million represented by a licensing contract for our Elliptic Curve Cryptography (ECC) technology by the NSA, --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[Colloquium] ARMSTRONG LECTURE on Quantum Crypto and Optical Networks (Forwarded)

be served. We look forward to seeing you there! ___ Colloquium mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/colloquium -- --Steven M. Bellovin, http://www.

Re: Amazon's

d; knowledge of that (say, by intercepting the email) lets you at your account, which will display the last 5 digits of your credit cards. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography M

MIT talk: Special-Purpose Hardware for Integer Factoring

, James Hughes and Paul Leyland. --- End of Forwarded Message --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography"

Re: Clearing sensitive in-memory data in perl

Under some circumstances, you could do a call-out to a C module just for the crypto, but it's by no means obvious that that's a major improvement. Again -- what is your threat model? --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: ECC patents?

if *all necessary patent rights* are owned (or licensed) by Sun. For obvious reasons, it's remarkably hard to get someone to say that they don't have a claim on some product. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb ---

Re: MD5 Collision, Visualised

In message <[EMAIL PROTECTED]>, Ben Laurie writes: >I wrote some code to show the internal state of MD5 during a collision... > >http://www.shmoo.com/md5-collision.html > Very nice, though you need to give a scale of rounds -- how many horizontal lines per round?

Re: e2e all the way (Re: Another entry in the internet security hall of shame....)

In message <[EMAIL PROTECTED]>, Adam Back writes: >On Fri, Aug 26, 2005 at 11:41:42AM -0400, Steven M. Bellovin wrote: >> In message <[EMAIL PROTECTED]>, Adam Back writes: >> >Thats broken, just like the "WAP GAP" ... for security you want >> >

Re: Another entry in the internet security hall of shame....

In message <[EMAIL PROTECTED]>, Chris Kuethe writes: >On 8/26/05, Steven M. Bellovin <[EMAIL PROTECTED]> wrote: >> ... >> If you don't trust your (or your correspondents') IM servers, it may be >> a different situation. I haven't read Google

Re: Another entry in the internet security hall of shame....

easy to read, given their length and the complexity of the protocol.) Do I support e2e crypto? Of course I do! But the cost -- not the computational cost; the management cost -- is quite high; you need to get authentic public keys for all of your corresponden

Re: online MD5 crack database

ves to 64 characters, mirroring the password styles of the day, unsalted. That's 64^8. It still comes to 1.5 million reels of tape, however, so I still don't believe it. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: How many wrongs do you need to make a right?

In message <[EMAIL PROTECTED]>, Florian Weimer writes: >* Steven M. Bellovin: > >> In message <[EMAIL PROTECTED]>, Florian Weimer writes: >> >>> >>>Can't you strip the certificates which have expired from the CRL? (I >>>know that with

Re: How many wrongs do you need to make a right?

> One can easily conceive of schemes that don't have such problems, such as simply publishing the hash of revoked certificates, or using a Bloom filter based on the hashes. Of course, that doesn't mean that was how it was done...

Re: faster SHA-1 attacks?

use of the new path, there is reason to think the attack will get even better. Shamir noted that 2^63 is within reach of a distributed Internet effort to actually find one. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb ---

Re: solving the wrong problem

nbelievably cumbersome". I don't disagree with Perry's basic statement -- that a lot of people try to solve the wrong problem. Here, though, we have a tool. It remainds to be determined if it's a hammer, screwdriver, or wrench, and hence what problems to a

cracking passwords and challenge/response

as a cryptographic key with known plaintext (i.e., in challenge/ response protocols). --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "u

Re: draft paper: "Deploying a New Hash Algorithm"

l enough. (Besides, how do you know if you'll actually notice it?) \endns --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: draft paper: "Deploying a New Hash Algorithm"

the next version of the paper. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

draft paper: "Deploying a New Hash Algorithm"

Eric Rescorla and I have written a paper "Deploying a New Hash Algorithm". A draft is available at http://www.cs.columbia.edu/~smb/papers/new-hash.ps and http://www.cs.columbia.edu/~smb/papers/new-hash.pdf . Here's the abstract: As a result of recent discoveries, the strength of hash

Re: mother's maiden names...

sibly, it simply didn't fit their real purpose of attracting more customers.) --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: the limits of crypto and authentication

on is really being authenticated? (I alluded to this in a 1997 panel session talk; see http://www.cs.columbia.edu/~smb/talks/ncsc-97/index.htm ) --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptog

Re: Why Blockbuster looks at your ID.

ental fees if I don't present the card separately. Hmm -- the account is old enough that the expiration date on my credit card has long since expired. They've never asked me for an update. Maybe they're using a reputation system?) --Steven M. Bellovin, ht

the limits of crypto and authentication

for you to log int o E-Gold, checks your balance, and drains your account except for .004 grams of gold. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe

new NSA chief named

http://www.baltimoresun.com/news/nationworld/bal-te.nsa07jul07,1,6042171.story?coll=bal-home-headlines&cset=true&ctrack=1&cset=true --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The

Re: [Forwarded] RealID: How to become an unperson.

umber of questions that need to be answered about any such system before it's even possible to discuss it intelligently. > And >whenever I enter the US, I have to give the fingerprints of my index >fingers and they take a picture of me. That's worse than an ID card. Agreed.

massive data theft at MasterCard processor

rise there --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: de-identification

l sorts of other channels -- application data, timing data (the remote fingerprinting paper mentioned this one), etc. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsub

AES cache timing attack

h now says he's warning people even against doing their own implementations. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: analysis of the Witty worm

in Google's >cache is the intro page, with an abstract. The paper (pdf and ps) and a slide > >show are inaccessible, and are not in Google's cache. > >Anyone saved a copy? It's on Vern's web page: http://www.icir.org/vern/papers/witty-draft.pdf or

Re: AmEx unprotected login site

In message <[EMAIL PROTECTED]>, "Perry E. Metzger" writes: > >"Steven M. Bellovin" <[EMAIL PROTECTED]> writes: >>>They're still doing the wrong thing. Unless the page was transmitted >>>to you securely, you have no way to trust th

Re: AmEx unprotected login site

w few pages people would visit on the site, though, he estimated that it would increase his costs by a factor of about 15. (I didn't verify the numbers; I know from experience that he's competent and has his hear in the right place re security). --Steven M. Bellovin, h

Re: encrypted tapes (was Re: Papers about "Algorithm hiding" ?)

ipment of tapes to a credit bureau.) 2 involved hacking, one was an inside job, one was a stolen laptop, and 2 were fraudulent use of logins and passwords. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb -

analysis of the Witty worm

of information that the authors could gather about network configurations at different sites: as we all know, traffic analysis is a powerful technique. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - Th

Re: Citibank discloses private information to improve security

ress.20050526.03.htm --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: "SSL stops credit card sniffing" is a correlation/causality myth

In message <[EMAIL PROTECTED]>, Ian G writes: >On Tuesday 31 May 2005 02:17, Steven M. Bellovin wrote: >> In message <[EMAIL PROTECTED]>, "James A. Donald" writes: >> >-- >> >PKI was designed to defeat man in the middle attacks >> >bas

Re: What happened with the session fixation bug?

ing -- that's what's behind "pharming" attacks. In other words, it's a real threat, too. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Three NIST Special Pubs for Review (Forwarded)

]>[EMAIL PROTECTED], with "Comments on SP 800-57, Part 2" in the subject line. Elaine Barker 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Phone: 301-975-2911 --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb --

Moore says his law won't last

http://www.vnunet.com/news/1162433 "Something like this cannot continue forever," he said. "The dimensions are small enough now that we're approaching the size of atoms and that's a fundamental block. I think the law has another 10-20 years before fundamental limits

Lauren Kohnfelder's undergraduate thesis on certificates

I found this on Simson Garfinkel's blog (http://www.simson.net/blog/): March 13, 2005 kohnfelder78 I have put Lauren Kohnfelder's 1978 undergraduate thesis into a single PDF file, OCR'ed it, and put it online (with his permission). If you are interested in

<    1   2   3   4   >