also sprach Peter Gutmann <[EMAIL PROTECTED]> [2004.06.03.1014 +0200]:
> One-time passwords (TANs) was another thing I covered in the "Why
> isn't the Internet secure yet, dammit!" talk I mentioned here
> a few days ago. From talking to assorted (non-European) banks,
> I haven't been able to find
also sprach Russell Nelson <[EMAIL PROTECTED]> [2004.05.30.0515 +0200]:
> > - The infrastructure is not there. Two standards compete for
> > email cryptography, and both need an infrastructure to back
> > them up.
>
> Two standards? DomainKeys and what else?
I meant PGP and S/MIME
But
also sprach Ed Gerck <[EMAIL PROTECTED]> [2004.05.28.1853 +0200]:
> It's "industry support". We know what it means: multiple,
> conflicting approaches, slow, fragmented adoption --> will not
> work. It would be better if the solution does NOT need industry
> support at all, only user support. It sh
it came up lately in a discussion, and I couldn't put a name to it:
a means to use symmetric crypto without exchanging keys:
- Alice encrypts M with key A and sends it to Bob
- Bob encrypts A(M) with key B and sends it to Alice
- Alice decrypts B(A(M)) with key A, leaving B(M), sends it to B
fyi
- Forwarded message from Lucky Green <[EMAIL PROTECTED]> -
Cpunks,
I spent the last few months working at PGP on a nifty new solution to an
old problem: how to get email encryption deployed more widely without
requiring user education.
Since ideas for solving this problem have been d
also sprach R. A. Hettinga <[EMAIL PROTECTED]> [2003.10.13.0639 +0200]:
> The time to stop this nonsense is now, and there's a non-governmental,
> low-cost, low-effort way it could happen. Here's my plan of action, it's
> not original to me but I want to lay it out publicly as a battle plan:
Of co
also sprach Ian Grigg <[EMAIL PROTECTED]> [2003.09.25.2253 +0200]:
> > "I wouldn't put all of the blame on Microsoft," Schneier said,
> > "the problem is the monoculture."
>
> On the face of it, this is being too kind and not striking at the
> core of Microsoft's insecure OS. For example, viruses
Again, replying to all.
also sprach John S. Denker <[EMAIL PROTECTED]> [2003.09.19.0038 +0200]:
> Other key-exchange methods such as DH are comparably
> incapable of solving the DoS problem. So why bring up
> the issue?
For one, I can un-DoS with QC at any point in time. This may be
relevant for
also sprach [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2003.09.19.1115 +0200]:
> The sender sends RANDOM BITS to the receiver. Those that don't get
> eavesdropped can then be concatenated at both ends to produce an
> identical string of random bits. Since this is known to both
> endpoint parties, and n
It took me a while. I would herewith like to reply to all posts on
this I received so far:
also sprach John S. Denker <[EMAIL PROTECTED]> [2003.09.13.2343 +0200]:
> *) In each block, Mallory has a 50/50 chance of being able to
> copy a bit without being detected.
This is what I don't buy. If
also sprach David Wagner <[EMAIL PROTECTED]> [2003.09.13.2306 +0200]:
> You're absolutely right. Quantum cryptography *assumes* that you
> have an authentic, untamperable channel between sender and
> receiver. The standard quantum key-exchange protocols are only
> applicable when there is some oth
Dear Cryptoexperts,
With
http://www.magiqtech.com/press/navajounveiled.pdf
and the general hype about quantum cryptography, I am bugged by
a question that I can't really solve. I understand the quantum
theory and how it makes it impossible for two parties to read the
same stream. However, what
also sprach C. Wegrzyn <[EMAIL PROTECTED]> [2003.07.08.2324 +0200]:
> This is the same approach used in the Authentica system but it is
> deployed in an enterprise environment.
Sure, but this doesn't make it any more secure. I only know very
little about Authentica, but it also doesn't strike my
also sprach Hack Hawk <[EMAIL PROTECTED]> [2003.07.08.0154 +0200]:
> So what they're saying is that your PRIVATE key is stored on
> a server somewhere on the Internet?!?!
I believe it says it is generated upon initial request, but this is
about as bad. I fully agree with you, this sounds fishy.
-
also sprach Arnold G. Reinhold <[EMAIL PROTECTED]> [2003.06.29.0424 +0200]:
> >I am not sure I understand. How does this relate to my question?
> >
> >Where does the other factor come from?
>
> I got the impression, and maybe I misunderstood, that you were
> viewing a product of two primes aA, wh
also sprach Nomen Nescio <[EMAIL PROTECTED]> [2003.06.27.2230 +0200]:
> Do you have a reference to what exactly Check Point says about this?
> Maybe you are misunderstanding or misinterpreting them. If you could
> quote it here verbatim (or provide a link if it is online) we might be
> able to und
> I'm not certain I understand your questions, but here are some
> answers (I think).
To clear this up:
I am well aware how DH works, and what the mathematical properties
of p and g are and have to be.
My point was that some commercial vendors (Check Point and others)
claim, that if two partners
The Check Point Firewall-1 Docs insist, that the public keys be used
for p and g for the Oakley key exchange. I ask you: is this
possible?
- which of the two pubkeys will be p, which g?
- are they both always primes?
- are they both always suitable generators mod p?
It just seems to me that
As far as I can tell, IPsec's ESP has the functionality of
authentication and integrity built in:
RFC 2406:
2.7 Authentication Data
The Authentication Data is a variable-length field containing an
Integrity Check Value (ICV) computed over the ESP packet minus
the Authentication Data.
also sprach David Shaw <[EMAIL PROTECTED]> [2003.06.18.0240 +0200]:
> The problem is that the PKS keyserver was not written to handle keys
> with multiple subkeys.
[snip]
Thanks for the explanation. I didn't know about subkeys.pgp.net yet.
Moreover, I second the belief that the keyservers must b
My key, 220BC883330C4A75, has multiple encryption subkeys, and it's
about to get another one on Friday, as my current encryption key
expires.
A lot of people are reporting that they cannot encrypt to me, due to
an unusable public key. It only seems to work if they use modern
software and obtain my
also sprach Stefan Kelm <[EMAIL PROTECTED]> [2003.06.16.1652 +0200]:
> Now, suppose I buy a certificate for *.i-am-bad.com (assuming that I'm
> the owner of that domain). I could then set up an SSL server with a
> hostname of something like
>
> www.security-products.microsoft.com.order.regist
I just ran across
http://certs.centurywebdesign.co.uk/premiumssl-wildcard.html
but there are many more sites like that:
Secure multiple websites with a single PremiumSSL Certificate. For
organisations hosting a single domain name but with different
subdomains (e.g. secure.centurywebdesig
also sprach James A. Donald <[EMAIL PROTECTED]> [2003.06.08.2243 +0200]:
> (When you hit the submit button, guess what happens)
How many people actually read dialog boxes before hitting Yes or OK?
I know you do, and most of us, but who's the majority?
--
martin; (greetings from the
24 matches
Mail list logo