RE: Trusted timestamping

2009-10-07 Thread Alex Pankratov
-Original Message- From: pgut001 [mailto:pgut...@wintermute01.cs.auckland.ac.nz] On Behalf Of Peter Gutmann Sent: October 5, 2009 10:07 PM To: a...@poneyhot.org; cryptography@metzdowd.com Subject: Re: Trusted timestamping Alex Pankratov a...@poneyhot.org writes: I have

Entropy USB key

2009-08-11 Thread Alex Pankratov
of servers. Alex - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

RE: [p2p-hackers] IETF rejects Obfuscated TCP

2008-08-20 Thread Alex Pankratov
, this is just a quick thought, so in all likelihood I might be reinventing a (broken) bike here. Alex - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

RE: [p2p-hackers] IETF rejects Obfuscated TCP

2008-08-20 Thread Alex Pankratov
-Original Message- From: [EMAIL PROTECTED] [mailto:owner- [EMAIL PROTECTED] On Behalf Of Eric Rescorla Sent: August 20, 2008 10:31 AM To: Alex Pankratov Cc: 'theory and practice of decentralized computer networks'; cryptography@metzdowd.com Subject: Re: [p2p-hackers] IETF rejects

Re: survey of instant messaging privacy

2008-06-11 Thread alex
ediface will collapse. - Alex - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Just update the microcode (was: Re: defending against evil in all layers of hardware and software)

2008-04-29 Thread alex
designing a good security system a real challenge. You need a reference monitor somewhere in it that you can truly trust. - Alex - Original Message - From: John Ioannidis [EMAIL PROTECTED] To: Cryptography cryptography@metzdowd.com Subject: Just update the microcode (was: Re

Re: Protection for quasi-offline memory nabbing

2008-03-26 Thread Alex Alten
? - Alex -- Alex Alten [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Toshiba shows 2Mbps hardware RNG

2008-02-14 Thread alex
), or even the compromise of a key or two. Randomness is the most fundamental underpinning of a crypto system and having lots of it on demand is really fabulous to have in our system security design tool box. - Alex

Re: TLS-SRP TLS-PSK support in browsers (Re: Dutch Transport Card Broken)

2008-02-03 Thread Alex Alten
products. - Alex -- Alex Alten [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

malware in digital photo frames infects users computers

2008-01-27 Thread Alex Alten
Great. What next? I guess air-gap transfer of flash memory might be the best solution. Malware's new infection route: photo frames http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2008/01/26/MNE7UHOOQ.DTL - Alex -- Alex Alten [EMAIL PROTECTED

Re: Death of antivirus software imminent

2008-01-18 Thread Alex Alten
At 07:35 PM 1/18/2008 +1000, James A. Donald wrote: Alex Alten wrote: Generally any standard encrypted protocols will probably eventually have to support some sort of CALEA capability. For example, using a Verisign ICA certificate to do MITM of SSL, or possibly requiring Ebay to provide

Re: Death of antivirus software imminent

2008-01-04 Thread Alex Alten
encrypted traffic allow inspection of their contents under proper authority (CALEA essentially). If we can do this then we can put real policing pressure on these virus writers, essentially removing them from being able to attack us over the Internet. - Alex -- Alex Alten [EMAIL PROTECTED

Re: crypto class design

2007-12-26 Thread Alex Alten
it's performance, doing the tradeoff between cryptography and speed and reliability. And you need to design it to be robust in the face of operational failure. Just my two cents worth (based on over a decade's worth of cryptographic based security system design). - Alex -- Alex Alten [EMAIL

Re: gauging interest in forming an USA chapter of IISP

2007-12-14 Thread Alex Alten
all. - Alex At 11:05 AM 12/13/2007 -0800, Ali, Saqib wrote: How will this be any different from being a member of ISC2 or ISACA? Why do we need to be a member of yet another organization? saqib http://www.quantumcrypto.de/dante/ On Dec 12, 2007 12:21 PM, Alex Alten [EMAIL PROTECTED] wrote

gauging interest in forming an USA chapter of IISP

2007-12-13 Thread Alex Alten
Would anyone on this list be interested in forming a USA chapter of the Institute of Information Security Professionals (IISP, www.instisp.org)? I'm finding it rather difficult to attend events, etc., that are only in London. - Alex -- Alex Alten [EMAIL PROTECTED

RE: Password vs data entropy

2007-10-27 Thread Alex Pankratov
-Original Message- From: Ben Laurie [mailto:[EMAIL PROTECTED] Sent: Friday, October 26, 2007 3:56 PM To: Alex Pankratov Cc: cryptography@metzdowd.com Subject: Re: Password vs data entropy [snip] In other words, your password needs to be x/y times the size of the secret

Password vs data entropy

2007-10-26 Thread Alex Pankratov
? Thanks, Alex - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

RE: Trillian Secure IM

2007-10-10 Thread Alex Pankratov
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Leichter, Jerry Sent: Monday, October 08, 2007 11:48 AM To: Alex Pankratov Cc: cryptography@metzdowd.com Subject: RE: Trillian Secure IM | But, opportunistic cryptography is even more fun

RE: Trillian Secure IM

2007-10-08 Thread Alex Pankratov
-Original Message- From: Ian G [mailto:[EMAIL PROTECTED] Sent: Monday, October 08, 2007 6:05 AM To: Peter Gutmann Cc: [EMAIL PROTECTED]; cryptography@metzdowd.com Subject: Re: Trillian Secure IM Peter Gutmann wrote: Alex Pankratov [EMAIL PROTECTED] writes: SecureIM

another Skype worm attack via IM

2007-09-11 Thread alex
eWeek Insider Channel published an interesting article today about, “Skype working with domain owners to shut down malicious sites infecting Skype for Windows users via instant messages.” http://www.channelinsider.com/article/Skype%20Worm%20Attacks%20Security% - Alex

Re: New DoD encryption mandate

2007-08-17 Thread Alex Alten
). - Alex -- Alex Alten [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: A secure Internet requires a secure network protocol

2007-06-23 Thread Alex Alten
future. - Alex -- Alex Alten [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: question re practical use of secret sharing

2007-06-22 Thread alex
of people start using them before the serious problems start to crop up (like thievery or illegal wiretapping) and then it's too late to retrofit them properly (for example Skype seems to have made these types of mistakes). - Alex

Re: Blackberries insecure?

2007-06-21 Thread alex
Steve, It could be that the linkage between user ids and auth keys is too weak, allowing a MITM attack to be undetected that sniffs the data encryption key. This seems to be common problem with many of the secure protocols I've examined. - Alex - Original Message - From: Steven M

Russian cyberwar against Estonia?

2007-05-18 Thread Alex Alten
This may be a bit off the crypto topic, but it is interesting nonetheless. Russia accused of unleashing cyberwar to disable Estonia http://www.guardian.co.uk/print/0,,329864981-103610,00.html Estonia accuses Russia of 'cyberattack' http://www.csmonitor.com/2007/0517/p99s01-duts.html - Alex

SSL MITM attack vs wiretap laws question

2007-05-05 Thread Alex Alten
lawyers out there who would know how to interpret US federal law regarding this area? (European/Japan, or other rule-of-law type countries are of interest too.) Thanks, - Alex -- Alex Alten [EMAIL PROTECTED] - The Cryptography

2nd Benelux Workshop on Information and System Security (WISSEC)

2007-05-02 Thread Alex Biryukov
for the evaluation and feel free to advertise WISSec 2007! Thank you for your help, The WISSec 2007 program co-chairs Alex Biryukov and Sjouke Mauw. P.S: sorry if you get this mail twice.

Re: gang uses crypto to hide identity theft databases

2006-12-22 Thread Alex Alten
? Even if it got erased, it's image could be recovered from a disk or RAM. My understanding is that even tamperproof cards one can get keys from them with the right equipment from the right folks. - Alex At 02:51 AM 12/23/2006 +1300, Peter Gutmann wrote: Jim Gellman [EMAIL PROTECTED] writes: Well

Re: cellphones as room bugs

2006-12-04 Thread Alex Alten
. You could hear them driving around, with the usual car noises, and sometimes the radio on too. Occasionally I heard them in conversation with someone else. This went on for months. - Alex -- Alex Alten [EMAIL PROTECTED

Re: OpenSSL PKCS #7 supports AES SHA-2 ?

2006-10-12 Thread Alex Alten
.). Did I miss something or do you need help in updating these, since I, and probably others too, need them? - Alex At 01:19 PM 10/9/2006 -0400, Russ Housley wrote: PKCS#7 has been turned over to the IETF for maintenance. The most recent version is RFC 3852. Since the protocol is more stable than

Re: OpenSSL PKCS #7 supports AES SHA-2 ?

2006-10-08 Thread Alex Alten
for implementations repeatedly as the standards catch up to reality. Updating these various heavily used standards quickly is quite important. Sincerely (and thanks in advance for all of your replies), - Alex At 09:05 AM 10/6/2006 -0700, Alex Alten wrote: Does anyone know if the OpenSSL PKCS #7 functions

Re: switching from SHA-1 to Tiger ?

2006-07-12 Thread alex
of these semiconductor trends will make existing hashes become bottlenecks and will make it harder to design a fast new hash. - Alex - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: mailer certificate retrieval via LDAP?

2006-06-09 Thread Alex Iliev
, This works for me in a vanilla (well, debian) Thunderbird, using our university LDAP directory (at Dartmouth). The certificates are present under key userCertificate;binary in the LDAP, in base64. Alex - The Cryptography Mailing List

Re: Secure phones from VectroTel?

2006-05-23 Thread Alex Pankratov
is full of obvious mistakes, so they might've gotten this part wrong too. Alex - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Get a boarding pass, steal someone's identity

2006-05-10 Thread alex
security without a body search. - Alex - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: wiretapping in Europe

2006-04-09 Thread Alex de Joode
On Sat, Apr 08, 2006 at 02:31:58PM -0400, Steven M. Bellovin wrote: A study at the Max Planck Institute said that Italy, followed by the Netherlands, does the most wiretapping. One of the authors said: And the sad thing is most of the Dutch tapping rooms are build by Comverse (Mossad Inside)

Re: Tunnels in Hash Functions: MD5 Collisions in 40 seconds

2006-03-21 Thread alex
Any time estimates for SHA-1 or SHA-2 attacks? - Alex - Original Message - From: [EMAIL PROTECTED] To: cryptography@metzdowd.com Subject: Tunnels in Hash Functions: MD5 Collisions in 40 seconds Date: Sat, 18 Mar 2006 18:05:40 +0100 (CET) Congratulations to Marc Stevens, who

Re: Zfone and ZRTP :: encryption for voip protocols

2006-03-18 Thread Alex Pankratov
and both A and B will be under the impression that they are protected by 'key continuity' from their previous (A-B) session. Their SAS won't match of course, but since they see shared secret being used for KE, they are not likely to bother with SAS check. Alex

Re: Zfone and ZRTP :: encryption for voip protocols

2006-03-18 Thread Alex Pankratov
A or B can actually discover that they've been MitM'd by M *unless* they do SAS check. They do however see that KE used cached shared secret, and they (being humans) are likely to skip SAS check because of that. Alex Philip Zimmermann wrote: An attacker can easily present the wrong ZID, but he

Re: bounded storage model - why is R organized as 2-d array?

2006-03-09 Thread alex
decaying strength and to avoid several types of attacks on the pad generation. It is of great personal interest to me to watch Dr. M slowly prove that the underlying mathematics of Dr. A's Tristrata cipher may not have been snake oil after all. - Alex

Re: NPR : E-Mail Encryption Rare in Everyday Use

2006-03-08 Thread Alex Alten
At 05:58 AM 3/3/2006 +, Ben Laurie wrote: [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: Alex Alten wrote: At 05:12 PM 2/26/2006 +, Ben Laurie wrote: Alex Alten wrote: At 02:59 PM 2/24/2006 +, Ben Laurie wrote: Ed Gerck wrote: We have keyservers for this (my chosen

Re: NPR : E-Mail Encryption Rare in Everyday Use

2006-03-08 Thread Alex Alten
mistakes would be common. I won't mention the questions regarding certificate revocaton vs user email name. :-) - Alex -- - Alex Alten - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL

Re: NPR : E-Mail Encryption Rare in Everyday Use

2006-02-28 Thread Alex Alten
At 05:12 PM 2/26/2006 +, Ben Laurie wrote: Alex Alten wrote: At 02:59 PM 2/24/2006 +, Ben Laurie wrote: Ed Gerck wrote: We have keyservers for this (my chosen technology was PGP). If you liken their use to looking up an address in an address book, this isn't hard for users to grasp

Re: hamachi p2p vpn nat-friendly protocol details

2006-02-26 Thread Alex Pankratov
I replied to Tero privately, then realized that I was not the only recipient of his email. So here's a copy for everyone's reference. Alex Tero Kivinen wrote: Travis H. writes: http://www.hamachi.cc/security Based on a cursory look over this, I'm impressed by both the level of detail

Re: NPR : E-Mail Encryption Rare in Everyday Use

2006-02-26 Thread Alex Alten
automatically. Last I heard (early 2005) one system was operational over in the nuclear engineering department at Ohio State (for DOE work?). Of course one old system rack in the dusty corner of a school building does not a market make. - Alex -- - Alex Alten

Re: hamachi p2p vpn nat-friendly protocol details

2006-02-26 Thread Alex Pankratov
Travis H. wrote: On 2/24/06, Alex Pankratov [EMAIL PROTECTED] wrote: Tero Kivinen wrote: [snip] The protocol description is missing some details, so cannot say anything about them (things like what is the format of Ni, Nr, Gi, Gr when sent over wire and when put to the signatures etc

Re: Unforgeable dialog.

2006-02-03 Thread Alex Iliev
. Alex -- Alex Iliev [EMAIL PROTECTED] Dartmouth College Computer Science http://www.cs.dartmouth.edu/~sasho/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: quantum chip built

2006-01-13 Thread alex
From what I understand simple quantum computers can easily brute-force attack RSA keys or other types of PK keys. Is ECC at risk too? And are we at risk in 10, 20 or 30 years from now? - Alex - Original Message - From: Steven M. Bellovin [EMAIL PROTECTED] To: cryptography

Re: How ATM fraud nearly brought down British banking

2005-10-24 Thread Alex Alten
Is there any comparable fraud with the USA ATM system in recent decades? I've only heard of this type of wholesale fraud in Europe or in pre-1980 USA. - Alex At 01:58 AM 10/22/2005 -0400, R.A. Hettinga wrote: --- begin forwarded text Date: Sat, 22 Oct 2005 01:58:34 -0400 To: Philodox

Re: When people ask for security holes as features

2005-08-19 Thread Alex Alten
to reduce support costs, which is not unreasonable these days. - Alex -- - Alex Alten - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: draft paper: Deploying a New Hash Algorithm

2005-08-04 Thread Alex Alten
Steve, At 05:34 PM 7/29/2005 -0400, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Alex Alten write s: At 08:12 AM 7/25/2005 -0400, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Alex Alten write s: Steve, This also seems to be in conjunction with the potential switch

Re: ATM machine security

2005-02-22 Thread Alex Alten
You may want to look at US Patents 4,268,715 and 4,268,715. I believe these are among the core group of ATM patents. - Alex At 09:58 AM 2/17/2005 +0100, Lee Parkes wrote: Hi, I'm working on a project that requires a benchmark against which to judge various suppliers. The closest that has similar