Re: Protection for quasi-offline memory nabbing

2008-03-26 Thread Alex Alten
? - Alex -- Alex Alten [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: TLS-SRP TLS-PSK support in browsers (Re: Dutch Transport Card Broken)

2008-02-03 Thread Alex Alten
products. - Alex -- Alex Alten [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

malware in digital photo frames infects users computers

2008-01-27 Thread Alex Alten
Great. What next? I guess air-gap transfer of flash memory might be the best solution. Malware's new infection route: photo frames http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2008/01/26/MNE7UHOOQ.DTL - Alex -- Alex Alten [EMAIL PROTECTED

Re: Death of antivirus software imminent

2008-01-18 Thread Alex Alten
At 07:35 PM 1/18/2008 +1000, James A. Donald wrote: Alex Alten wrote: Generally any standard encrypted protocols will probably eventually have to support some sort of CALEA capability. For example, using a Verisign ICA certificate to do MITM of SSL, or possibly requiring Ebay to provide

Re: Death of antivirus software imminent

2008-01-04 Thread Alex Alten
encrypted traffic allow inspection of their contents under proper authority (CALEA essentially). If we can do this then we can put real policing pressure on these virus writers, essentially removing them from being able to attack us over the Internet. - Alex -- Alex Alten [EMAIL PROTECTED

Re: crypto class design

2007-12-26 Thread Alex Alten
it's performance, doing the tradeoff between cryptography and speed and reliability. And you need to design it to be robust in the face of operational failure. Just my two cents worth (based on over a decade's worth of cryptographic based security system design). - Alex -- Alex Alten [EMAIL

Re: gauging interest in forming an USA chapter of IISP

2007-12-14 Thread Alex Alten
all. - Alex At 11:05 AM 12/13/2007 -0800, Ali, Saqib wrote: How will this be any different from being a member of ISC2 or ISACA? Why do we need to be a member of yet another organization? saqib http://www.quantumcrypto.de/dante/ On Dec 12, 2007 12:21 PM, Alex Alten [EMAIL PROTECTED] wrote

gauging interest in forming an USA chapter of IISP

2007-12-13 Thread Alex Alten
Would anyone on this list be interested in forming a USA chapter of the Institute of Information Security Professionals (IISP, www.instisp.org)? I'm finding it rather difficult to attend events, etc., that are only in London. - Alex -- Alex Alten [EMAIL PROTECTED

Re: New DoD encryption mandate

2007-08-17 Thread Alex Alten
). - Alex -- Alex Alten [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: A secure Internet requires a secure network protocol

2007-06-23 Thread Alex Alten
future. - Alex -- Alex Alten [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Russian cyberwar against Estonia?

2007-05-18 Thread Alex Alten
-- Alex Alten [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

SSL MITM attack vs wiretap laws question

2007-05-05 Thread Alex Alten
lawyers out there who would know how to interpret US federal law regarding this area? (European/Japan, or other rule-of-law type countries are of interest too.) Thanks, - Alex -- Alex Alten [EMAIL PROTECTED] - The Cryptography

Re: gang uses crypto to hide identity theft databases

2006-12-22 Thread Alex Alten
, misreporting) than any real estimate of the effort involved. Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] -- Alex Alten [EMAIL PROTECTED

Re: cellphones as room bugs

2006-12-04 Thread Alex Alten
. You could hear them driving around, with the usual car noises, and sometimes the radio on too. Occasionally I heard them in conversation with someone else. This went on for months. - Alex -- Alex Alten [EMAIL PROTECTED

Re: OpenSSL PKCS #7 supports AES SHA-2 ?

2006-10-12 Thread Alex Alten
. Russ At 01:28 AM 10/7/2006, Alex Alten wrote: After reading PKCS #1 v2 more closely and SHA-2 is not even in the specs, therefore OpenSSL PKCS #7 functions won't support SHA-2. This spec was last updated in 1998. PKCS Editor, is there a new update in progress by RSA Labs to incorporate SHA-2

Re: OpenSSL PKCS #7 supports AES SHA-2 ?

2006-10-08 Thread Alex Alten
for implementations repeatedly as the standards catch up to reality. Updating these various heavily used standards quickly is quite important. Sincerely (and thanks in advance for all of your replies), - Alex At 09:05 AM 10/6/2006 -0700, Alex Alten wrote: Does anyone know if the OpenSSL PKCS #7 functions

Re: NPR : E-Mail Encryption Rare in Everyday Use

2006-03-08 Thread Alex Alten
At 05:58 AM 3/3/2006 +, Ben Laurie wrote: [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: Alex Alten wrote: At 05:12 PM 2/26/2006 +, Ben Laurie wrote: Alex Alten wrote: At 02:59 PM 2/24/2006 +, Ben Laurie wrote: Ed Gerck wrote: We have keyservers for this (my chosen

Re: NPR : E-Mail Encryption Rare in Everyday Use

2006-03-08 Thread Alex Alten
mistakes would be common. I won't mention the questions regarding certificate revocaton vs user email name. :-) - Alex -- - Alex Alten - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL

Re: NPR : E-Mail Encryption Rare in Everyday Use

2006-02-28 Thread Alex Alten
At 05:12 PM 2/26/2006 +, Ben Laurie wrote: Alex Alten wrote: At 02:59 PM 2/24/2006 +, Ben Laurie wrote: Ed Gerck wrote: We have keyservers for this (my chosen technology was PGP). If you liken their use to looking up an address in an address book, this isn't hard for users to grasp

Re: NPR : E-Mail Encryption Rare in Everyday Use

2006-02-26 Thread Alex Alten
automatically. Last I heard (early 2005) one system was operational over in the nuclear engineering department at Ohio State (for DOE work?). Of course one old system rack in the dusty corner of a school building does not a market make. - Alex -- - Alex Alten

Re: How ATM fraud nearly brought down British banking

2005-10-24 Thread Alex Alten
Clips List [EMAIL PROTECTED] From: R.A. Hettinga [EMAIL PROTECTED] Subject: How ATM fraud nearly brought down British banking http://www.theregister.co.uk/2005/10/21/phantoms_and_rogues/print.html -- - Alex Alten

status of SSL vs SHA-1/MD-5, etc.?

2005-10-16 Thread Alex Alten
Everyone, So where do we stand with secure networking protocols vs SHA-1/MD-5? Is SSL at risk? Is TLS OK (because of HMAC)? SSH, IPSec, etc? - Alex -- - Alex Alten - The Cryptography Mailing List Unsubscribe by sending

Re: When people ask for security holes as features

2005-08-19 Thread Alex Alten
to reduce support costs, which is not unreasonable these days. - Alex -- - Alex Alten - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: draft paper: Deploying a New Hash Algorithm

2005-08-04 Thread Alex Alten
Steve, At 05:34 PM 7/29/2005 -0400, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Alex Alten write s: At 08:12 AM 7/25/2005 -0400, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Alex Alten write s: Steve, This also seems to be in conjunction with the potential switch

Re: ATM machine security

2005-02-22 Thread Alex Alten
You may want to look at US Patents 4,268,715 and 4,268,715. I believe these are among the core group of ATM patents. - Alex At 09:58 AM 2/17/2005 +0100, Lee Parkes wrote: Hi, I'm working on a project that requires a benchmark against which to judge various suppliers. The closest that has similar