Re: Enterprise Right Management vs. Traditional Encryption Tools

2007-05-14 Thread Jason Holt
On Wed, 9 May 2007, Ali, Saqib wrote: What about DRM/ERM that uses TPM? With TPM the content is pretty much tied to a machine (barring screen captures etc) Will ERM/DRM be ineffective even with the use of TPM? ERM/DRM/TPM are such poorly defined and implemented products that people have

Re: Can you keep a secret? This encrypted drive can...

2006-11-06 Thread Jason Holt
On Sat, 4 Nov 2006, Ralf Senderek wrote: On the unencrypted filesystem: # time dd if=/dev/zero of=cryptogram bs=1MB count=50 50+0 records in 50+0 records out 5000 bytes (50 MB) copied, 0.216106 seconds, 231 MB/s real0m0.257s user0m0.000s sys 0m0.252s Unless you have a disk

Re: Interesting bit of a quote

2006-07-16 Thread Jason Holt
On Fri, 14 Jul 2006, Travis H. wrote: Absent other protections, one could simply write a new WORM media with falsified information. I can see two ways of dealing with this: 1) Some kind of physical authenticity, such as signing one's name on the media as they are produced (this assumes the

Re: Use of TPM chip for RNG?

2006-06-30 Thread Jason Holt
On Thu, 29 Jun 2006, Hal Finney wrote: A few weeks ago I asked for information on using the increasingly prevalent built-in TPM chips in computers (especially laptops) as a random number source. I got some good advice and want to summarize the information for the benefit of others. Thanks

Voice phishing

2006-06-29 Thread Jason Holt Hi-tech fraudsters have begun using recorded telephone messages in a bid to trick users into handing over confidential account information. The tactic has been adopted as a variant of recently detected phishing attacks targeting

Re: Linux RNG paper

2006-05-04 Thread Jason Holt
On Thu, 04 May 2006 18:14:09 +0200, markus reichelt [EMAIL PROTECTED] wrote: Agreed; but regarding unix systems, I know of none crypto implementation that does integrity checking. Not just de/encrypt the data, but verify that the encrypted data has not been tampered with. There's also

Re: Paper summarizing new directions in protecting web users

2006-03-08 Thread Jason Holt
: David Chadwick, University of Kent) - Domain Keys Identified Mail (DKIM) (Moderator: Barry Leiba, IBM) - Browser Security User Interfaces: Why are web security decisions hard and what can we do about it? (Moderator: Jason Holt, Brigham Young University) - Federal PKI Update (Moderator - Peter

Re: EDP (entropy distribution protocol), userland PRNG design

2006-02-04 Thread Jason Holt
On Sat, 4 Feb 2006, Travis H. wrote: Suppose that /dev/random is too slow (SHA-1 was never meant to generate a lot of output) because one of these machines wishes to generate a large file for use as a one-time pad*. That leaves distributing bits. * /dev/random's output is limited by

Re: crypto wiki -- good idea, bad idea?

2005-12-13 Thread Jason Holt
On Mon, 12 Dec 2005, Paul Hoffman wrote: Or should we just stick to wikipedia? Is it doing a satisfactory job? Also check out the Cryptography Reader: Matt Crypto set up an article (to clean up) of the day replete with a bar

Re: another feature RNGs could provide

2005-12-13 Thread Jason Holt
On Mon, 12 Dec 2005, Travis H. wrote: One thing I haven't seen from a PRNG or HWRNG library or device is an unpredictable sequence which does not repeat; in other words, a [cryptographically strong?] permutation. This could be useful in all Rich Schroeppel tells me his Hasty Pudding cipher

Web Browser Developers Work Together on Security

2005-11-30 Thread Jason Holt Core KDE developer George Staikos recently hosted a meeting of the security developers from the leading web browsers. The aim was to come up with future plans to combat the security risks posed by phishing, ageing encryption ciphers and inconsistent SSL

Re: gonzo cryptography; how would you improve existing cryptosystems?

2005-11-07 Thread Jason Holt
On Fri, 4 Nov 2005, Travis H. wrote: PS: There's a paper on cryptanalyzing CFS on my homepage below. I got to successfully use classical cryptanalysis on a relatively modern system! That is a rare joy. CFS really needs a re-write, there's no real good alternatives for cross-platform

Hooking nym to wikipedia

2005-10-03 Thread Jason Holt
Thanks to everyone who has contributed feedback, cyphrpunk in particular. Here are my thoughts on connecting nym to wikipedia. I'll take feedback here first, then approach the WikiMedia folks. * I believe the best solution would be for wikipedia to do the following: - Run an SSL server

Re: Hooking nym to wikipedia

2005-10-03 Thread Jason Holt
More thoughts regarding the tokens vs. certs decision, and also multi-use: * Client certs are a pain to turn on and off. If you select ask me every time before sending a client cert, you have to click half a dozen OKs per page. (This could be mitigated by having Wikipedia only use the SSL

Re: Hooking nym to wikipedia (fwd)

2005-10-03 Thread Jason Holt
, Jason Holt wrote: More thoughts regarding the tokens vs. certs decision, and also multi-use: [snip] A related approach that thwarts the network eavesdropper would be to issue a series of certificates which expire one per interval (hour/day/whatever, trading privacy against the hassle of managing

Re: nym-0.2 released (fwd)

2005-10-02 Thread Jason Holt
On Sat, 1 Oct 2005, cyphrpunk wrote: All these degrees of indirection look good on paper but are problematic in practice. As the great Ulysses said, Pete, the personal rancor reflected in that remark I don't intend to dignify with comment. However, I would like to address your attitude

nym-0.2.1 released (live demo available)

2005-10-02 Thread Jason Holt
I now have a live server available for those of you who want to play with a real nym tokenserver/CA/webserver. This process constitutes running three scripts and installing the client cert. Details in the README: (Please be nice to If

Re: nym-0.2 released (fwd)

2005-10-02 Thread Jason Holt
On Sun, 2 Oct 2005, cyphrpunk wrote: 1. Limting token requests by IP doesn't work in today's internet. Most Hopeless negativism. I limit by IP because that's what Wikipedia is already doing. Sure, hashcash would be easy to add, and I looked into it just last night. Of course, as several

nym-0.2 released (fwd)

2005-09-30 Thread Jason Holt
-- Forwarded message -- Date: Sat, 1 Oct 2005 02:18:43 + (UTC) From: Jason Holt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: nym-0.2 released nym-0.2 is now available at: My tor server is currently down, so I can't set up a public

Re: Pseudonymity for tor: nym-0.1 (fwd)

2005-09-29 Thread Jason Holt
On Thu, 29 Sep 2005, Ian G wrote: Couple of points of clarification - you mean here CA as certificate authority? Normally I've seen Mint as the term of art for the center in a blinded token issuing system, and I'm wondering what the relationship here is ... is this something in the 1990 paper?

Pseudonymity for tor: nym-0.1 (fwd)

2005-09-28 Thread Jason Holt
-- Forwarded message -- Date: Thu, 29 Sep 2005 01:49:26 + (UTC) From: Jason Holt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Pseudonymity for tor: nym-0.1 Per the recent discussion regarding tor and wikipedia, I've hacked together an implementation of the basic

Re: Clearing sensitive in-memory data in perl

2005-09-12 Thread Jason Holt
On Mon, 12 Sep 2005, Sidney Markowitz wrote: Does anyone know of an open source crypto package written in perl that is careful to try to clear sensitive data structures before they are released to the garbage collector? [...] Securely deleting secrets is hard enough in C, much less high

Re: Query about hash function capability

2005-08-05 Thread Jason Holt
On Thu, 4 Aug 2005, Arash Partow wrote: ie: input1 : abcdefg - h(abcdefg) = 123 input2 : gabcdef - h(gabcdef) = 123 input3 : fgabcde - h(fgabcde) = 123 I don't have a formal reference for you, but this seems intuitively correct to me: put the strings in a canonical form so that all

Re: New Credit Card Scam (fwd)

2005-07-12 Thread Jason Holt
On Mon, 11 Jul 2005, Lance James wrote: [...] place to fend off these attacks. Soon phishers will just use the site itself to phish users, pushing away the dependency on tricking the user with a spoofed or mirrored site. [...] You dismiss too much with your just. They already do attack

Re: /dev/random is probably not

2005-07-01 Thread Jason Holt
On Fri, 1 Jul 2005, Charles M. Hannum wrote: Most implementations of /dev/random (or so-called entropy gathering daemons) rely on disk I/O timings as a primary source of randomness. This is based on a CRYPTO '94 paper[1] that analyzed randomness from air turbulence inside the drive case. I

Re: encrypted tapes (was Re: Papers about Algorithm hiding ?)

2005-06-09 Thread Jason Holt
On Wed, 8 Jun 2005, David Wagner wrote: [...] That said, I don't see how adding an extra login page to click on helps. If the front page is unencrypted, then a spoofed version of that page can send you to the wrong place. Sure, if users were to check SSL certificates extremely carefully, they

Re: encrypted tapes

2005-06-09 Thread Jason Holt
On Wed, 8 Jun 2005, Perry E. Metzger wrote: Dan Kaminsky [EMAIL PROTECTED] writes: 2) The cost in question is so small as to be unmeasurable. Yes, because key management is easy or free. In this case it is. As I've said, even having all your tapes for six months at a time use the same key

Re: comments wanted on gbde

2005-03-13 Thread Jason Holt
On Sun, 6 Mar 2005, David Wagner wrote: [...] However, I also believe it is possible -- and, perhaps, all too easy -- to use GBDE in a way that will not provide adequate security. My biggest fear is that safe usage is just hard enough that many users will end up being insecure. GBDE uses a

MD2 is not one way (!?)

2004-09-08 Thread Jason Holt
The list of accepted papers for AsiaCrypt: Includes one titled The MD2 Hash Function is Not One-Way. That's the first I've heard about MD2; the other breaks were for md4 and md5. Anyone know details? -J

Re: How thorough are the hash breaks, anyway?

2004-08-26 Thread Jason Holt
On Thu, 26 Aug 2004, Trei, Peter wrote: While any weakness is a concern, and I'm not going to use any of the compromised algorithms in new systems, this type of break seems to be of limited utility. It allows you (if you're fortunate) to modify a signed message and have the signature

Hiawatha's research

2004-06-16 Thread Jason Holt
Hiawatha's Research Jason Holt [EMAIL PROTECTED] June, 2004, released into the public domain. Dedicated to Eric Rescorla, with apologies to Longfellow. (E. Rescorla may be substituted for Hiawatha throughout.) Hiawatha, academic, he could start ten research papers, start them with such mighty

Re: chaum's patent expiry? (Re: Brands' private credentials)

2004-05-25 Thread Jason Holt
On Sun, 9 May 2004, Adam Back wrote: Anyone have to hand the expiry date on Chaum's patent? (Think it is in patent section of AC for example; perhaps HAC also). I think it's June 2005. Actually, now that you mention Chaum, I'll have to look into blind signatures with the BF IBE (issuing is

Re: who goes 1st problem

2004-05-25 Thread Jason Holt
[Adam and I are taking this discussion off-list to spare your inboxes, but this message seemed particularly relevant. Perhaps we'll come back later if we come up with anything we think will be of general interest.] -J On Tue, 11 May 2004, Adam Back

Re: more hiddencredentials comments (Re: Brands' private credentials)

2004-05-25 Thread Jason Holt
On Mon, 10 May 2004, Adam Back wrote: OK that sounds like it should work. Another approach that occurs is you could just take the plaintext, and encrypt it for the other attributes (which you don't have)? It's usually not too challenging to make stuff deterministic and retain security. Eg.

Brands' private credentials

2004-05-08 Thread Jason Holt
Here's what I remember from about a year ago about the current state of private credentials. That recollection comes with no warranties express or implied. Last I heard, Brands started a company called Credentica, which seems to only have a placeholder page (although it does have an info@