.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
In message [EMAIL PROTECTED], Perry E. Metzger writes:
I have been unable to find any evidence in the text of said
resolutions that they in any way altered or amended the law on this,
even temporarily. Perhaps it is the argument of the President's
lawyers that something analogous to a state of
-- as I recall, both Firefox and IE have such --
generate a lot of keys, and run them through DIEHARD. Then warn your
users to use only approved mechanisms for generating their certificate
requests -- you just can't do any better.
--Steven M. Bellovin, http://www.cs.columbia.edu
of the browser chrome, rather than a particular
application of generic web forms.
No -- what phishers are after is money. They get that today by going
after shared secrets. If banks change, they'll change.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
In message [EMAIL PROTECTED], Perry E. Metzger writes:
The Chicago Sun Times reports that, for the right price, you can buy
just about anyone's cell phone records:
http://www.suntimes.com/output/news/cst-nws-privacy05.html
Quite disturbing.
Yes, but it's also bad reporting -- the newspaper
Without going into the details of the purported CIA rendition of
prisoners to other countries (it's not torture; we're just outsourcing
interrogration to places with less legal overhead), there may be a
SIGINT connection. The following text appeared in an AP wire story
today about a purported
their quantum states.
...
The new chip, which is made of gallium arsenide, should be easily
scaled and mass-produced, because it's made using microlithography --
the same process that makes microchips.
...
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
http://www.networkworld.com/news/2005/121505-tape-encryption.html
Proposed standards for protecting data on disk or tape are gathering steam
within the IEEE and could be supported in products as soon as next year,
according to proponents.
--Steven M. Bellovin, http
http://www.fas.org/sgp/othergov/dod/nsa-redact.pdf
One wonders how long it will be till someone finds an error...
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
a real printer and scanner instead. Some
people laughed at NSA's technical ineptitude -- didn't they know how to
print to PDF directly? Others realized that NSA understood the problem
at a much deeper level.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
calls to a prepaid phone. Think about who could manage
that.
http://www.guardian.co.uk/mobile/article/0,,1701298,00.html
http://www.globetechnology.com/servlet/story/RTGAM.20060202.wcelltap0202/BNStory/International/
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
just don't cut it.)
Let me suggest a C-compatible possibility: pass an extra parameter to
the library routines, specifying a procedure to call if serious errors
occur. If that pointer is null, the library can abort.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
In message [EMAIL PROTECTED], Werner Koch writes:
On Tue, 14 Feb 2006 13:00:33 -0500, Steven M Bellovin said:
Let me suggest a C-compatible possibility: pass an extra parameter to
the library routines, specifying a procedure to call if serious errors
occur. If that pointer is null
According to the BBC, the British government is talking to Microsoft
about putting in a back door for the file encryption mechanisms.
http://news.bbc.co.uk/1/hi/uk_politics/4713018.stm
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
http://www.net-security.org/article.php?id=901
The really interesting part is the implication that there's still a lot
of 40-bit crypto out there...
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-- with checking of the
far-side certificates -- for transport.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
the cipher will be quite slow -- memory
bandwidth hasn't increased nearly as rapidly as CPU speed; modern
machines utterly rely on their caches.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography
, who comes
back wearing a fur coat.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=6265092168ruhttp%3A%2F%2Fsearch.ebay.com%3A80%2Fsearch%2Fsearch.dll%3Ffrom%3DR40%26satitle%3D6265092168%26fvi%3D1
http://www.theregister.co.uk/2006/03/29/enigma_for_sale/
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
There's a long AP wire story on wiretapping in Europe; see
http://www.washingtonpost.com/wp-dyn/content/article/2006/04/08/AR2006040800529.html
There are a number of intriguing statements in the article. For
example, in Italy 106,000 wiretaps were approved last year. By
contrast, in the US there
it was modesty
on his part, the fact that these things were group efforts, or the fine
IPA they serve there I don't know...
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
source, PGP says it can guarantee no back
doors, but that cyber sleuths can use its master keys if
neccessary.
What is a master key in this context?
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
On Wed, 26 Apr 2006 22:24:22 -0400, Derek Atkins [EMAIL PROTECTED] wrote:
Quoting Steven M. Bellovin [EMAIL PROTECTED]:
In an article on disk encryption
(http://www.theregister.co.uk/2006/04/26/pgp_infosec/), the following
paragraph appears:
BitLocker has landed Redmond in some
, NDSS 2005,
http://www.isoc.org/isoc/conferences/ndss/05/proceedings/papers/storageint.pdf
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography
certainly better if databases don't exist; as I
said, I think that these exist because of customer demand, not government
mandates.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
://www.rtfm.com/movabletype/archives/2003_10.html#000546); it's also
been in Slate (http://www.slate.com/id/2113157/fr/rss/).
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
that implemented some sort of Clipper-like functionality.
A silent change like that would be *very* ominous.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending
for a voice
phone -- it's rather hard to brute-force when the other end can't keep
up... In fact, we mentioned that in our original EKE paper.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
between them, where, after serious
consults, they dispatch messengers and packets of letters, this
sometimes twice in a week.
This was in 1602.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
that site seems to have -- and forgive me if I've missed a link --
is a set of simple assertions about various ciphers, plus a fairly vague
background page. Put another way, and I hate to be this blunt, is there
any reason to think your results are correct and/or meaningful?
--Steven M
is tiny. No credible vendor is going to rely on a
cipher evaluated by an unproven technique. (For that matter, the
near-universal consensus in the open community is proprietary ciphers are
generally worthless.)
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
not. The Clipper chip may have been patented -- see
http://catless.ncl.ac.uk/Risks/15.48.html#subj1 for details.
I also don't know what Chinese law is on the subject.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
knowledge of Ericsson switches,
and probably a test lab with the proper Ericsson gear. It strongly
suggests that Ericsson and/or Vodafone insiders were involved -- my guess
is both. But who did it, and why, remains obscure.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
http://www.tmcnet.com/usubmit/-emc-announces-definitive-agreement-acquire-rsa-security-further-/2006/06/29/1700560.htm
says that EMC is buying RSA.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
...
Better yet, they got an opinion from their university lawyer that the DMCA
didn't apply. See http://www.newswise.com/articles/view/521790/?sc=rsla
for details.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
form of key escrow, which to my
knowledge they've adamantly opposed doing. In fact, Microsoft just
withdrew an add-on feature to provide easy-to-use encrypted folders
because corporations didn't like the lack of key recovery.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
doesn't say so, but I would guess they're having cooling problems,
too.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
of the American carriers (he was an ordnanceman for
a torpedo squadron), so it may be first person knowledge. Later in the
second paragraph, there's a footnote to Prange et al's Miracle at
Midway, but I don't have that reference.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
not disclose. If, indeed, the fact
of cryptanalysis was common knowledge, it was lucky indeed that the proper
questions weren't asked -- or if they were asked, they weren't answered,
even though at least one of them did give away more information than he
should have.
--Steven M
we're seeing the same thing here -- the spec didn't say must
reject, so people who coded to the spec fell victim.
As for the not compatible with a well-socialized human -- well, maybe --
I don't think normal people describe themselves as paranoid by
profession
--Steven M
https://www.plaxo.com/add_me?u=30065054807v0=565779k0=68427479 Add me
to your address book... http://www.plaxo.com/signature Want a
signature like this?
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
attachment: ConnectBt.jpg
http://www.newsday.com/news/printedition/stories/ny-wocode184896831sep18,0,7091966,print.story
That isn't supposed to be possible these days... (I regard it as more
likely that they were doing traffic analysis and direction-finding than
actually cracking the ciphers.)
--Steven M
*security_strength)
where nlen is the length of the modulus n in bits.
The security_strength is the work factor for brute force attack on the
corresponding symmetric cipher or hash function, i.e., 128 for SHA-256.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
to be
somewhat difficult.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Given how rare weak keys are in modern ciphers, I assert that code to cope
with them occurring by chance will never be adequately tested, and will be
more likely to have security bugs. In short, why bother?
-
The Cryptography
http://www.theonion.com/content/node/53928
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
entropy statistics to encrypted files; so will many compressed
files.
For a more substantive, less hand-wavey analysis, see
http://www.isoc.org/isoc/conferences/ndss/05/proceedings/papers/storageint.pdf
which has actual file system entropy measurements.
--Steven M. Bellovin, http
Some folks might be interested in
http://villagevoice.com/news/0642,torturetaxi,74732,2.html -- it's not
precisely traffic analysis, but there are enough similar techniques that I
think it's relevant to this list.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
So how close are we getting to first or second preimage attacks?
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
On Sun, 05 Nov 2006 02:10:28 -0800, Bill Stewart [EMAIL PROTECTED]
wrote:
James Gleick's NYT article on the OED mentions cypherpunk
among the words recently added to the dictionary.
http://www.nytimes.com/2006/11/05/magazine/05cyber.html?pagewanted=all
The page requires registration to
On Tue, 14 Nov 2006 18:21:38 -0500 (EST), Leichter, Jerry
[EMAIL PROTECTED] wrote:
One of Henry Petroski's early books is To Engineer Is Human: The Role
of Failure in Successful Design. Petroski argues that we only learn
from failure. Success tells us how to build exactly the same thing
the
On Sun, 3 Dec 2006 20:26:07 -0500
Thor Lancelot Simon [EMAIL PROTECTED] wrote:
On Sat, Dec 02, 2006 at 05:15:02PM -0500, John Ioannidis wrote:
On Sat, Dec 02, 2006 at 10:21:57AM -0500, Perry E. Metzger wrote:
Quoting:
The FBI appears to have begun using a novel form of
http://www.zdnet.co.uk/misc/print/0%2C100169%2C39285188-39001093c%2C00.htm
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to
On Sat, 06 Jan 2007 13:13:32 -0800
Allen [EMAIL PROTECTED] wrote:
Hi everyone,
I'm Allen Schaaf and I'm primarily an information security analyst -
I try to look at things like a total stranger and ask all the dumb
questions hoping to stumble on one or two that hadn't been asked
before
On Thu, 11 Jan 2007 06:30:08 -0500
Richard Brisson [EMAIL PROTECTED] wrote:
Good morning all,
Available to those in the U.S., STU-III 2500 with manual and AC
adapter (and perhaps even a key in the plastic bag but it's not
stated nor obvious) on eBay: 330073910569
It appears to be a
On Mon, 15 Jan 2007 08:39:18 -0800
Saqib Ali [EMAIL PROTECTED] wrote:
An article on how to use freely available Full Disk Encryption (FDE)
products to protect the secrecy of the data on your laptops. FDE
solutions helps to prevent data leaks in case the laptop is stolen or
goes missing. The
On Tue, 16 Jan 2007 07:56:22 -0800
Steve Schear [EMAIL PROTECTED] wrote:
At 06:32 AM 1/16/2007, Steven M. Bellovin wrote:
Disk encryption, in general, is useful when the enemy has physical
access to the disk. Laptops -- the case you describe on your page --
do fit that category; I have
On Tue, 16 Jan 2007 08:19:41 -0800
Saqib Ali [EMAIL PROTECTED] wrote:
Dr. Bellovin,
In most situations, disk encryption is useless and probably harmful.
It's useless because you're still relying on the OS to prevent
access to the cleartext through the file system, and if the OS can
do
On Sat, 20 Jan 2007 18:41:34 -0600
Travis H. [EMAIL PROTECTED] wrote:
BTW, dictionary attacks can probably be effectively resisted by
making the hashes of passwords twice as big, and using a random value
concatenated with the password before hashing, and storing it
alongside the hash (it's
Begin forwarded message:
Date: Tue, 23 Jan 2007 12:03:45 -0500
From: Shu-jen Chang [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: NIST announces Draft Requirements and Evaluation Criteria for
New Hash Algorithms
NIST Wants Comments on Proposed Hash Algorithm Requirements and
Evaluation
From: Elaine Barker [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Request for Comments on primality testing
Date: Tue, 23 Jan 2007 16:18:59 -0500
X-Mailer: QUALCOMM Windows Eudora Version 6.2.3.4
NIST received many comments when Draft FIPS 186-3 was posted for public
comment during the spring
On Mon, 22 Jan 2007 16:57:34 -0800
Abe Singer [EMAIL PROTECTED] wrote:
On Sun, Jan 21, 2007 at 12:13:09AM -0500, Steven M. Bellovin wrote:
One sometimes sees claims that increasing the salt size is
important. That's very far from clear to me. A collision in the
salt between two entries
On Tue, 30 Jan 2007 16:10:47 -0500 (EST)
Leichter, Jerry [EMAIL PROTECTED] wrote:
|
| ...There's an obvious cryptographic solution, of course: publish the
| hash of any such documents. Practically speaking, it's useless.
| Apart from having to explain hash functions to lawyers, judges,
|
On Sun, 04 Feb 2007 15:46:41 -0800
Allen [EMAIL PROTECTED] wrote:
Hi gang,
An idle question. English has a relatively low entropy as a language.
Don't recall the exact figure, but if you look at words that start
with q it is very low indeed.
What about other languages? Does anyone know
On Wed, 7 Feb 2007 15:04:40 -0800
Saqib Ali [EMAIL PROTECTED] wrote:
And here is the wired coverage of the BitFrost platform:
http://www.wired.com/news/technology/0,72669-0.html?tw=wn_culture_1
From the article:
But it should come as no surprise -- given how thoroughly the project
has
On Thu, 08 Feb 2007 13:03:27 -0800
Ivan Krsti? [EMAIL PROTECTED] wrote:
Hi Paul,
Paul J. Morris wrote:
If a worm can propagate to every OLPC laptop it must
have network access in some form, this means it could use the
entire set of OLPC laptops to perform a distributed denial of
On Mon, 12 Feb 2007 17:03:32 -0500
Matt Blaze [EMAIL PROTECTED] wrote:
I'm all for email encryption and signatures, but I don't see
how this would help against today's phishing attacks very much,
at least not without a much better trust management interface on
email clients (of a kind much
Begin forwarded message:
From: Elaine Barker [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Revisions to NIST Special Publications
Date: Mon, 12 Mar 2007 14:50:10 -0400
X-Mailer: QUALCOMM Windows Eudora Version 6.2.3.4
Revisions have been made to the following NIST Special Publications,
which
On Thu, 19 Apr 2007 22:32:58 -0700
Aram Perez [EMAIL PROTECTED] wrote:
Hi Folks,
First, thanks for all your answers.
The proposal for using AES128-CBC with a fixed IV of all zeros is for
a protocol between two entities that will be exchanging messages.
This is being done in a standards
According to an NY Times article
(http://news.com.com/Phone+taps+in+Italy+spur+rush+toward+encryption/2100-1029_3-6180118.html?tag=nefd.top),
phone encryption technology is becoming popular in Italy because of
many recent incidents of conversations being published. Sometimes, a
wiretap is being
From: Shu-jen Chang [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Public comments on the hash algorithm requirements and
evaluation criteria posted online Date: Tue, 08 May 2007 12:13:58 -0400
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
FYI
Public comments on the hash algorithm
On Wed, 9 May 2007 15:35:44 -0400
Thor Lancelot Simon [EMAIL PROTECTED] wrote:
On Wed, May 09, 2007 at 01:13:36AM -0500, Travis H. wrote:
On Fri, Apr 27, 2007 at 05:13:44PM -0400, Leichter, Jerry wrote:
Frankly, for SSH this isn't a very plausible attack, since it's
not clear how you
Those who remember the Crypto Wars of the 1990s will recall all of the
claims about we won't be able to wiretap because of encryption. In
that regard, this portion of the latest DoJ wiretap report is
interesting:
Public Law 106-197 amended 18 U.S.C. 2519(2)(b) to require that
According to the AP (which is quoting Le Monde), French government
defense experts have advised officials in France's corridors of power
to stop using BlackBerry, reportedly to avoid snooping by U.S.
intelligence agencies.
That's a bit puzzling. My understanding is that email is encrypted
from
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemviewitem=item=180133437659#6376261103687981571
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
On Fri, 01 Jun 2007 20:59:55 +1000
James A. Donald [EMAIL PROTECTED] wrote:
Many protocols use some form of self describing data format, for
example ASN.1, XML, S expressions, and bencoding.
Why?
Presumably both ends of the conversation have negotiated what
protocol version they are
http://www.sciam.com/article.cfm?articleid=6670BF9B-E7F2-99DF-3EAC1C6DC382972F
A company is selling a window film that blocks most RF signals. The
obvious application is TEMPEST-shielding. I'm skeptical that it will
be very popular -- most sites won't want to give up Blackberry and cell
I'm unhappy with the tone of the discussion thus far. It's gone far
beyond critiquing current products and is instead attacking the very
concept.
Today's cryptography is largely based on certain assumptions. You
can't even call them axioms; they're far too weak. Let's consider
RSA. We *know*
On Mon, 9 Jul 2007 17:52:38 +1000
Ian Farquhar \(ifarquha\) [EMAIL PROTECTED] wrote:
And don't forget, some of the biggest markets are still
crypto-phobic. Every time I enter China I have to tick a box on the
entry form indicating that I am not carrying any communications
security
On Tue, 17 Jul 2007 13:11:41 -0400 (EDT)
Leichter, Jerry [EMAIL PROTECTED] wrote:
I'd guess that the next step will be in the business community. All
it will take is one case where a deal is visibly lost because of
proven eavesdropping (proven in quotes because it's unlikely that
there
On Sat, 21 Jul 2007 04:46:51 -0700 (PDT)
bear [EMAIL PROTECTED] wrote:
On Thu, 19 Jul 2007, Charles Jackson wrote:
An earlier post, talking about vulnerabilities and the lack of an
appropriate market response, said:
We're talking about phone calls -- did all of the
On Fri, 20 Jul 2007 14:10:40 -0700
[EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] said:
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=270146164488
ebay now says (as of when this messge is sent):
This Listing Is Unavailable
This listing (270146164488) has been removed
From: Elaine Barker [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: NIST documents for public review
Date: Mon, 30 Jul 2007 09:52:46 -0400
X-Mailer: QUALCOMM Windows Eudora Version 6.2.3.4
NIST announces the release of draft Special Publication 800-106,
Randomized Hashing Digital Signatures.
I recently saw a news story about a new kind of fiber optic cable from
Corning -- it has a much smaller bending radius. (See
http://money.cnn.com/magazines/fortune/fortune_archive/2007/08/06/100141306/index.htm?postversion=2007072303
and
http://www.radaronline.com/from-the-magazine/2007/08/cryptome_john_young_radar_anthony_haden_guest_1.php
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending
http://www.tgdaily.com/content/view/33425/118/
Ann Arbor (MI) - University of Michigan scientists have discovered a
breakthrough way to utilize light in cryptography. The new technique
can crack even complex codes in a matter of seconds. Scientists believe
this technique offers much advancement
http://www.esecurityplanet.com/prevention/article.php/3694711
I'd sure like technical details...
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending
http://www.cl.cam.ac.uk/~rja14/Papers/econ_crypto.pdf
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
http://www.fcw.com/article103563-08-27-07-Print
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Are there any open source digital cash packages available? I need one
as part of another research project.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by
On Mon, 17 Sep 2007 11:20:32 -0700
Netsecurity [EMAIL PROTECTED] wrote:
Back in the late 60's I was playing with audio and a magazine I
subscribed to had a circut for creating warble tones for standing
wave and room resonance testing.
The relevance of this is that they were using a random
On Wed, 19 Sep 2007 09:29:53 +0100
Dave Korn [EMAIL PROTECTED] wrote:
On 18 September 2007 23:22, Leichter, Jerry wrote:
Anyone know anything about the Yoggie Pico (www.yoggie.com)? It
claims to do much more than the Ironkey, though the language is a
bit less marketing-speak. On the
On Tue, 02 Oct 2007 15:50:27 +0200
Simon Josefsson [EMAIL PROTECTED] wrote:
It sounds to me as if they are storing the AES key used for bulk
encryption somewhere on the disk, and that it can be unlocked via the
password.
I'd say decrypted by the password, rather than unlocked, but that's
On Thu, 11 Oct 2007 22:19:18 -0700
james hughes [EMAIL PROTECTED] wrote:
A proposal for a new password hashing based on SHA-256 or SHA-512 has
been proposed by RedHat but to my knowledge has not had any rigorous
analysis. The motivation for this is to replace MD-5 based password
hashing at
There was a paper by Li Gong at an early CCS -- '93, I think, though it
might have been '94 -- on the number of messages different types of
authentication protocol took. It would be a good starting point.
-
The Cryptography
101 - 200 of 290 matches
Mail list logo
