Re: [Cryptography] Why is emailing me my password?

2013-10-02 Thread Russ Nelson
Greg writes: This falls somewhere in the land of beyond-the-absurd. So, my password, iPoopInYourHat, is being sent to me in the clear by your servers. Repeat after me: crypto without a threat model is like cookies without milk. If you are proposing that something needs stronger encryption

Re: [Cryptography] Snowden fabricated digital keys to get access to NSA servers?

2013-07-04 Thread Russ Nelson
John Denker writes: It is against NSA policy to attach a thumb drive. I betcha some folks really want to know how he did that without getting caught. Take a mouse. Remove its own electronics. Substitute a Teensy 2 which emulates a mouse AND a thumb drive, but only after a certain combination

Re: Proof of Work - atmospheric carbon

2009-01-31 Thread Russ Nelson
John Levine writes: I would also point out that nothing is preventing anyone from implementing their own epostage. Just send your email via a paypal Send Money, accompanied with whatever postage you feel is appropriate. No magic, no standards track epostage,

Re: Another Snake Oil Candidate

2007-09-14 Thread Russ Nelson
Damien Miller writes: It protects against the common threat model of lost/stolen USB keys. Remember, crypto without a threat model is like cookies without milk. -- --my blog is at | People have strong opinions Crynwr sells support for free software | PGPok |

RE: Another Snake Oil Candidate

2007-09-14 Thread Russ Nelson
Dave Korn writes: So by your exacting standards, PGP, gpg, openssh, in fact basically _everything_ is snake oil. No. In fact Aram is saying nothing of interest. Cryptography without a threat model is like motherhood without apple pie. Can't say that enough times. More generally,

Re: Training your customers to be phishing victims, part umpteen.

2007-04-27 Thread Russ Nelson
Perry E. Metzger writes: The following is a real email, with minor details removed, in which J.P. Morgan Chase works hard to train its customers to become phishing victims. And no DomainKeys cryptographic signature?? You're right - for shame! -- --my blog is at

Re: NSA knows who you've called.

2006-05-17 Thread Russ Nelson
[EMAIL PROTECTED] writes: You and I are in agreement, but how do we get the seemingly (to us) plain truth across to others? I've been trying for a good while now, reaching a point where I'd almost wish for a crisis of some sort as persuasiveness is not working. We are probably