On Oct 30, 2007 6:24 AM, <[EMAIL PROTECTED]> wrote:
> So back in the bad old days when hashing was DES encryption of the
> zero vector with a fixed key, someone came up with salt as a password
> strengthening mechanism.
>
> I'm not quite sure why it was called salt.
>
> It perturbed the S-boxes in
-- Forwarded message --
From: Paul Vixie <[EMAIL PROTECTED]>
Date: Nov 13, 2007 10:06 AM
Subject: [funsec] "Loophole in Windows Random Number Generator" (slashdot)
To: [EMAIL PROTECTED]
"A security loophole in the pseudo-random number generator used by Windows was
recently detaile
On Dec 11, 2007 5:06 AM, Allen <[EMAIL PROTECTED]> wrote:
> What puzzles me in all this long and rather arcane discussion is
> why isn't the solution of using a double hash - MD5 *and* SHA
> whatever. The odds of find a double collision go way up.
>
> Some open source software people are already do
attacks to a
> connection reliability problem that is easily solved today.
>
> This approach of solving password problems one at a time, shows that the
> "big problem" of passwords is now reduced to rather trivial data management
> functions -- no longer u
Obviously it must have information to 'attack' a given account,
because you used it to generate something. The function you used did
something, so you can repeat it if you have all the inputs.
> Sorry if it wasn't clear. Please have a second reading.
Indeed.
> Cheers,
>
doesn't matter. The user enters the
usercode! So they enter it into the phishing site which passes the
call along.
--
noon silky
http://www.boxofgoodfeelings.com/
-
The Cryptography Mailing List
Unsubscribe by sending "
On Tue, May 12, 2009 at 10:39 AM, Jerry Leichter wrote:
> On May 11, 2009, at 8:27 PM, silky wrote:
> >
> > The local version needs access to the last committed file (to compare
> > the changes) and the server version only keeps the 'base' file and the
> >
l point in file changes, it can just
upload the entire file new again, and replace it's "base" copy and all
the "parts".
Slightly more difficult with binary files where the changes are spread
out over the file, but if these changes can still be "summarised&quo
On Tue, May 12, 2009 at 10:22 AM, Jerry Leichter wrote:
> On May 11, 2009, at 7:06 PM, silky wrote:
> > How about this.
> >
> > When you modify a file, the backup system attempts to see if it can
> > summarise your modifications into a file that is, say, less th
nths and make it public. As long
as you are constantly changing your key, no-one will decrypt it in
time, but assuming you do die, they can potentially decrypt it while
arranging your funeral :)
>
> Udhay
> --
> ((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.diger
On Fri, Jul 3, 2009 at 4:37 AM, Jack Lloyd wrote:
> On Thu, Jul 02, 2009 at 09:29:30AM +1000, silky wrote:
> > A potentially amusing/silly solution would be to have one strong key
> > that you change monthly, and then, encrypt *that* key, with a method
> > that will be brute-
y not have seen (I didn't see you mention it:
http://www.itconsult.co.uk/stamper/stampinf.htm), form what I've
noticed (just in passing) this seems to be the most popular stamping
service.
> Thanks,
> Alex
--
noon silky
http://www.mirios.com.au/
http://skillsforvilla.tumbl
ity community, quantum key distribution continues to be a subject
> of active technological development.
>
> Perry
--
silky
http://www.programmingbranch.com/
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Importantly, however, is that if a
classical system is used to do authentication, then the resulting QKD
stream is *stronger* than the classically-encrypted scheme.
> So, what did QKD
> provide you with again?
>
> There is no p
st round of QKD, even if
it is only computationally
secure, then subsequent rounds of QKD will be information-theoretically secure."
> Perry
> --
> Perry E. Metzger pe...@piermont.com
--
silky
http://www.programmingbranch.com/
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
QKD system *after* authentication
is *stronger* than classical, due to the OTP.
If what you meant to say was "it is broken if authentication is
broken" then the answer is obviously "yes". But the strength, in
cryptographic terms, is clearly better.
> Perry
> --
> Perry E. Metzger pe...@piermont.com
--
silky
http://www.programmingbranch.com/
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
agnetic-media hard disk?
>
> http://www.bbc.co.uk/news/uk-england-11479831
>
> Bear
--
silky
http://dnoondt.wordpress.com/
"Every morning when I wake up, I experience an exquisite joy — the joy
of being this signature."
---
17 matches
Mail list logo
