Re: Security of Mac Keychain, File Vault

Jerry Leichter wrote: > The article at http://www.net-security.org/article.php?id=1322 claims > that both are easily broken. I haven't been able to find any public > analyses of Keychain, even though the software is open-source so it's > relatively easy to check. I ran across an analysis of File

Re: Unexpected side-effects

Jerry Leichter wrote: > Well, here I'll expect one. :-) Not a new idea, although I don't know where I heard it the first time. > As there is increasing pressure to keep > records of Internet use, there will be a counter-move to use VPN's which > promise to keep no records. Which will lead to leg

Re: consulting question....

Ray Dillinger wrote: > And it turns out that she is an executive in a small company which is > now considering the development of a DRM product. > Does anyone feel that I have said anything untrue? You should be able to confirm all these details with sources, and it sounded like a plausible stor

Re: Judge orders defendant to decrypt PGP-protected laptop

Adam Fields wrote: > On Tue, Mar 03, 2009 at 12:26:32PM -0500, Perry E. Metzger wrote: >> Quoting: >> >>A federal judge has ordered a criminal defendant to decrypt his >>hard drive by typing in his PGP passphrase so prosecutors can view >>the unencrypted files, a ruling that raises seri

Re: X.509 certificate overview + status

Travis wrote: > Recently I set up certificates for my server's SSL, SMTP, IMAP, XMPP, > and OpenVPN services. Actually, I created my own CA for some of the > certificates, and in other cases I used self-signed. It took me > substantially more time than I had anticipated, and I'm left with > feeli

Re: MD5 considered harmful today, SHA-1 considered harmful tomorrow

Weger, B.M.M. de wrote: > In my view, the main lesson that the information security community, > and in particular its intersection with the application building > community, has to learn from the recent MD5 and SHA-1 history, > is that strategies for dealing with broken crypto need rethinking.

Re: A History of U.S. Communications Security

Pehr Söderman wrote: > Freshly declassified and a rather interesting read: > > A History of U.S. Communications Security (Volumes I and II, 1973) > David G. Boak Lectures, National Security Agency (NSA) > > http://www.governmentattic.org/2docs/Hist_US_COMSEC_Boak_NSA_1973.pdf > > (From Bruce Sch