Re: [Cryptography] Good private email

2013-08-27 Thread Sebastian Krahmer
On Mon, Aug 26, 2013 at 07:12:21AM -0400, Richard Salz wrote:

 I don't think you need all that much to get good secure private email.
  You need a client that can make PEM pretty seamless; reduce it to a
 button that says encrypt when possible.  You need the client to be
 able to generate a keypair, upload the public half, and pull down
 (seamlessly) recipient public keys.  You need a server to store and
 return those keys. You need an installed base to kickstart the network
 effect.
 
 Who has that?  Apple certainly; Microsoft could; Google perhaps
 (although not reading email is against their business model). Maybe
 even the FB API.

Now, thats an interesting point! Once all email is encrypted, how many
mail providers would be interested in offering free service at all,
and whats their business model then?
Is it still valuable enough to sell the graph of connects?

Sebastian

-- 

~ perl self.pl
~ $_='print\$_=\47$_\47;eval';eval
~ krah...@suse.de - SuSE Security Team

___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography


OpenSSH patch against traffic analysis

2008-12-23 Thread Sebastian Krahmer
Hi,

I wrote a patch to force openssh to use constant time
and packet-size on the SSHv2 connection so observers
of traffic cant correlate SSH connections to each other.
You can find it here:

http://c-skills.blogspot.com/2008/12/sshv2-trickery.html

l8er,
Sebastian

-- 
~~
~~ perl self.pl
~~ $_='print\$_=\47$_\47;eval';eval
~~ krah...@suse.de - SuSE Security Team
~~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: More US bank silliness

2008-09-08 Thread Sebastian Krahmer

Hi,

This reminds me the most weird SSL related error message I have ever
seen and which is there since ages:

https://www.fbi.gov

Beside that the certificate is wrong :-)

regards,
Sebastian

On Mon, Sep 08, 2008 at 01:29:34AM +1200, Peter Gutmann wrote:

 In the ongoing comedy of errors that is US online banking security I've just
 run into another one that's good for a giggle: Go to www.wachovia.com and,
[...]

---
~~ perl self.pl
~~ $_='print\$_=\47$_\47;eval';eval
~~ [EMAIL PROTECTED] - SuSE Security Team
~~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Just update the microcode (was: Re: defending against evil in all layers of hardware and software)

2008-04-29 Thread Sebastian Krahmer

The signature in the microcode update has not the same
meaning as within crypto. For intel chips it has 31bits and basically
contains a revision number. The requirements for the BIOS for
checking microcode updates are in short: check the crc and ensure
that older revisions cant replace new ones by comparing the signature.
I did not try myself, but I think one can probably update anything
if you just hexedit the update header.
Afaik these chips do not own any crypto-related functionallity
or storage capability (except precise timing and rand maybe) and
they are not tamper-proof. Thats why TPM was invented :-)

l8er,
Sebastian

On Mon, Apr 28, 2008 at 06:16:12PM -0400, John Ioannidis wrote:

 Intel and AMD processors can have new microcode loaded to them, and this 
 is usually done by the BIOS.  Presumably there is some asymmetric crypto 
 involved with the processor doing the signature validation.
 
 A major power that makes a good fraction of the world's laptops and 
 desktops (and hence controls the circuitry and the BIOS, even if they do 
 not control the chip manufacturing process) would be in a good place to 
 introduce problems that way, no?
 
 /ji
 
 -
 The Cryptography Mailing List
 Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

-- 
~~
~~ perl self.pl
~~ $_='print\$_=\47$_\47;eval';eval
~~ [EMAIL PROTECTED] - SuSE Security Team
~~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]