Re: Wikileaks video crypto.

2010-04-09 Thread David Shaw
On Apr 9, 2010, at 3:06 PM, Perry E. Metzger wrote: Earlier this weeks, Wikileaks released of video of an incident involving an Apache helicopter which killed two Reuters reporters and a number of bystanders in Iraq. A number of the reports surrounding the release claim that the video was

Re: [Macgpg-users] GPGMail Snow Leopard

2009-09-04 Thread David Shaw
On Aug 28, 2009, at 8:25 PM, R.A. Hettinga wrote: ...and now GPG. So, Snow Leopard is crypto-less? To be strictly accurate, the problem is with GPGMail, the plugin that integrates GPG with Apple's Mail application (as Mail internals changed significantly between Leopard and Snow

Re: A note on vendor reaction speed to the e=3 problem

2006-09-17 Thread David Shaw
On Sat, Sep 16, 2006 at 12:35:08PM +1000, James A. Donald wrote: -- Peter Gutmann wrote: How does [GPG] handle the NULL vs.optional parameters ambiguity? David Shaw: GPG generates a new structure for each comparison, so just doesn't include any extra parameters on it. Any

Re: A note on vendor reaction speed to the e=3 problem

2006-09-15 Thread David Shaw
On Fri, Sep 15, 2006 at 08:49:31PM +1200, Peter Gutmann wrote: When I fired up Firefox a few minutes ago it told me that there was a new update available to fix security problems. I thought, Hmm, I wonder what that would be It's interesting to note that we now have fixes for many of the

Re: A note on vendor reaction speed to the e=3 problem

2006-09-15 Thread David Shaw
On Sat, Sep 16, 2006 at 05:35:27AM +1200, Peter Gutmann wrote: David Shaw [EMAIL PROTECTED] writes: Incidentally, GPG does not attempt to parse the PKCS/ASN.1 data at all. Instead, it generates a new structure during signature verification and compares it to the original. How does

Re: PGP master keys

2006-04-27 Thread David Shaw
On Wed, Apr 26, 2006 at 09:53:27PM -0400, Steven M. Bellovin wrote: In an article on disk encryption (http://www.theregister.co.uk/2006/04/26/pgp_infosec/), the following paragraph appears: BitLocker has landed Redmond in some hot water over its insistence that there are no back

Re: pci hardware for secure crypto storage (OpenSSL/OpenBSD)

2004-09-14 Thread David Shaw
On Tue, Sep 14, 2004 at 10:31:11AM +0200, Eugen Leitl wrote: I'm looking for (cheap, PCI/USB) hardware to store secrets (private key) and support crypto primitives (signing, cert generation). It doesn't have to be fast, but to support loading/copying of secrets in physically secure

MD4 collision reproduced

2004-08-17 Thread David Shaw
I have reproduced both MD4 collisions from the recent paper. The example given had endian problems similar to those noted by Eric Rescorla for the sorta-MD5 collision. Also similar to Eric's results, the hash value (while a collision) does not match what the authors give in the paper. Example

Re: The meat with multiple PGP subkeys

2003-06-18 Thread David Shaw
On Wed, Jun 18, 2003 at 03:47:01PM +0200, Stefan Kelm wrote: David, A reasonable question would be Why don't all the PKS operators replace their server with SKS or something else?. I don't have a good answer to that. It's certainly been asked.[3] ...and has been answered a number of