On Wed, Sep 11, 2013 at 1:13 PM, Jerry Leichter leich...@lrw.com wrote:
On Sep 11, 2013, at 9:16 AM, Andrew W. Donoho a...@ddg.com wrote:
Yesterday, Apple made the bold, unaudited claim that it will never save
the fingerprint data outside of the A7 chip.
By announcing it publicly, they put
On Fri, Sep 6, 2013 at 3:03 AM, Kristian Gjøsteen
kristian.gjost...@math.ntnu.no wrote:
Has anyone, anywhere ever seen someone use Dual-EC-DRBG?
I mean, who on earth would be daft enough to use the slowest possible
DRBG? If this is the best NSA can do, they are over-hyped.
It's
On Thu, Sep 5, 2013 at 4:57 PM, Perry E. Metzger pe...@piermont.com wrote:
On Thu, 5 Sep 2013 16:53:15 -0400 Perry E. Metzger
pe...@piermont.com wrote:
Anyone recognize the standard?
Please say it aloud. (I personally don't recognize the standard
offhand, but my memory is poor that
On Wed, Aug 10, 2011 at 10:12 AM, Perry E. Metzger pe...@piermont.comwrote:
Today's XKCD is on password strength. The advice it gives is pretty
good in principle...
http://xkcd.com/936/
FWIW,
http://tim.dierks.org/2007/03/secure-in-browser-javascript-password.html
- Tim
[Sorry for duplicates, but I got multiple requests for a non-HTML
version, and I didn't want to fork the thread. Also sorry for
initially sending HTML; I didn't realize it was so abhorrent these
days. ]
On Fri, Aug 8, 2008 at 1:43 PM, Dan Kaminsky [EMAIL PROTECTED] wrote:
It's easy to compute
A random thought that's been kicking around in my head: if someone were
looking for a project, an open-source permissive action link (
http://www.cs.columbia.edu/~smb/nsam-160/pal.html is a good link, thank you
Mr. Bellovin) seems like it might be a great public resource: I suspect it's
something
On 9/14/06, James A. Donald [EMAIL PROTECTED] wrote:
It seems to me that the evil here is ASN.1, or perhaps standards that
use ASN.1 carelessly and badly.
It is difficult to write code that conforms to ASN.1, easy to get it
wrong, and difficult to say what in fact constitutes conforming to
[resending due to e-mail address / cryptography list membership issue]
On 8/24/05, Ian G [EMAIL PROTECTED] wrote:
Once you've configured iChat to connect to the Google Talk service, you may
receive a warning message that states your username and password will be
transferred insecurely. This
I'm attempting to design a block cipher with an odd block size (34
bits). I'm planning to use a balanced Feistel structure with AES as the
function f(), padding the 17-bit input blocks to 128 bits with a pad
dependent on the round number, encrypting with a key, and extracting the
low 17 bits as
Barney Wolff wrote:
On Fri, Aug 12, 2005 at 11:47:26AM -0400, Tim Dierks wrote:
I'm attempting to design a block cipher with an odd block size (34
bits). I'm planning to use a balanced Feistel structure with AES as the
function f(), padding the 17-bit input blocks to 128 bits with a pad
On Thu, 19 Aug 2004 00:49:17 +1000, Greg Rose [EMAIL PROTECTED] wrote:
It seems to be a straightforward differential cryptanalysis attack, so
one wonders why no-one else came up with it.
With further hindsight, and Phil Hawkes' help, I understand now. The
technique needs to alternate
At 05:52 AM 11/14/2003, Eugen Leitl wrote:
Does anyone have robust code to generate globally unique IDs which won't
break XML parsing,
and work on several platforms?
I was thinking of using an entropy pool to seed a cryptographic PRNG, used to
generate a sequence of SHA-1 hashes, dumped to an
From the New York Times. Any guesses on how long it'll take before your
local hacker will have a key which will open any piece of your luggage?
- Tim
A Baggage Lock for You and the Federal Screeners
By JOE SHARKEY
Published: November 11, 2003
AIRLINE passengers will be able to lock checked
At 12:28 AM 10/13/2003, Ian Grigg wrote:
Problem is, it's also wrong. The end systems
are not secure, and the comms in the middle is
actually remarkably safe.
I think this is an interesting, insightful analysis, but I also think it's
drawing a stronger contrast between the real world and the
I'm lost in a twisty page of MITM passages, all alike.
My point was that in an anonymous protocol, for Alice to communicate with
Mallet is equivalent to communicating with Bob, since the protocol is
anonymous: there is no distinction. All the concept of MITM is intended to
convey is that in an
At 07:06 PM 10/1/2003, M Taylor wrote:
Stupid question I'm sure, but does TLS's anonymous DH protect against
man-in-the-middle attacks? If so, how? I cannot figure out how it would,
and it would seem TLS would be wide open to abuse without MITM protection so
I cannot imagine it would be acceptable
At 10:37 PM 10/1/2003, Peter Gutmann wrote:
Tim Dierks [EMAIL PROTECTED] writes:
It does not, and most SSL/TLS implementations/installations do not support
anonymous DH in order to avoid this attack.
Uhh, I think that implementations don't support DH because the de facto
standard is RSA
At 05:01 PM 8/28/2003, Peter Hendrickson wrote:
First, the entropy pool in Yarrow is only 160 bits. From Section 6
Open Questions and Plans for the Future of the Yarrow paper
referenced above:
Yarrow-160, our current construction, is limited to at most 160 bits
of security by the size of its
At 05:30 PM 7/8/2003, Nomen Nescio wrote:
One difference is that with the identity-based crypto, once a sender
has acquired the software and the CA's public key, he doesn't have to
contact the CA to get anyone's certificate. He can encrypt to anyone
without having to contact the CA, just based on
A Simpler, More Personal Key to Protect Online Messages
By JOHN MARKOFF
The New York Times
I wrote this for another list I'm on:
This system is based on an identity-based cryptography scheme developed by
Dan Boneh with Matt Franklin. You can find a link to his paper Identity
based encryption
At 02:55 PM 6/8/2003, James A. Donald wrote:
Attached is a spam mail that constitutes an attack on paypal similar
in effect and method to man in the middle.
The bottom line is that https just is not working. Its broken.
The fact that people keep using shared secrets is a symptom of https
not
21 matches
Mail list logo