On 10/01/2013 10:28 AM, Greg wrote:
This falls somewhere in the land of beyond-the-absurd.
I noticed the password would be mailed in the clear when I signed up,
but even if I had not, I would not have been bothered to later discover
it. What is the harm? The sensitivity of this password is
On 09/18/2013 01:31 PM, Walter van Holst wrote:
What makes me a tad bitter is that we apparantly live in a world with
two classes: US citizens and the subhuman rest of it. NSA-style
blanket surveillance violates the fundamental right to privacy and
ultimately also the fundamental right to
Broken RNG-time again: In looking 2.2 million certificates, researchers
found reused primes in 103 of them.
On 09/15/2013 10:19 AM, John Kelsey wrote:
But those are pretty critical things, especially (a). You need to know
whether it is yet safe to generate your high-value keypair. For that,
you don't need super precise entropy estimates, but you do need at
least a good first cut entropy
John Kelsey wrote:
I think the big problem with (b) is in quantifying the entropy you get.
When Bruce Schneier last put his hand to designing an RNG he concluded that
estimating entropy is doomed. I don't think he would object to some coarse
order-of-magnitude confirmation that
On 09/14/2013 03:29 PM, John Denker wrote:
Things like clock skew are usually nothing but squish ... not reliably
predictable, but also not reliably unpredictable. I'm not interested
in squish, and I'm not interested in speculation about things that
might be random.
I see theoretical the
On 09/11/2013 07:18 PM, Perry E. Metzger wrote:
the world's routers, servers, etc. do not have good sources,
especially at first boot time, and for customer NAT boxes and the like
the price points are vicious.
I agree that things like consumer NAT boxes have a tricky problem, and
On 09/12/2013 10:41 AM, Kent Borg wrote:
routers and servers are not as bad off as people say.
Not that more sources is bad. A new trustworthy HW entropy source would
be good. Even a suspect rdrand is worth XORing in (as Linux does on the
machine I am using right now).
But if you thirst
On 09/13/2013 11:59 AM, Marcus Leech wrote:
Any physical-world sensor driver, where the sensor inherently has a
bit of noise, I think has a moral obligation to contribute bits to
the kernel entopy pool.
Within limits. Mixing the entropy pool on Linux takes work and battery
On 09/08/2013 11:56 PM, Jerry Leichter wrote:
Which brings into the light the question: Just *why* have so many random
number generators proved to be so weak.
Your three cases left off an important one: Not bothering to seed the
PRNG at all. I think the Java/Android cryptographic (!)
On 09/08/2013 06:16 PM, John Kelsey wrote:
I don't think you can do anything useful in crypto without some good
source of random bits.
I don't see the big worry about how hard it is to generate random
a) You need them super fast (because you are Google, trying to secure
On 09/08/2013 09:15 PM, Perry E. Metzger wrote:
Perhaps you don't see the big worry, but real world experience says it
is something everyone else should worry about anyway.
I overstated it.
Good random numbers are crucial, and like any cryptography, exact
details matter. Programmers are
I'd love to know how they plan to validate my Linux boxes.
OpenPTS  + TrouSerS  + Grub-IMA  + IMA  ;-)
time I tested this it worked fine... Circa 2006...
functionality and implementation quality of TPMs is more or less a required
second step). I've implemented PGP email using a Fortezza card (which is
surely the very last thing it was ever intended for), but not using a TPM...
On Thu, Mar 5, 2009 at 12:13 PM, Kent Yoder shpedoi...@gmail.com wrote:
Apart from the obvious fact that if the TPM is good for DRM then it is also
good for protecting servers and the data on them,
In which way, and for what sorts of protection? And I mean that as a
On Thu, Apr 05, 2007 at 04:49:33PM -0700, Paul Hoffman wrote:
At 7:26 PM -0400 4/5/07, Thor Lancelot Simon wrote:
On Thu, Apr 05, 2007 at 07:32:09AM -0700, Paul Hoffman wrote:
Control: The root signing key only controls the contents of the root,
not any level below the root.
That is, of
in the docs)? I've used openvpn to set up dedicated
tunnels, but it isn't immediately obvious to me how it would be configured to
do opportunistic encryption.
[EMAIL PROTECTED]p: +1 310 823 9358 f: +1 310 823 8649
[EMAIL PROTECTED] SIP: [EMAIL PROTECTED
it with a verified disassembler.
(eg, what shows as bss 0 in the assembler listing is really code; what shows
as one set of instructions in the listing is in reality different.)
Kent Crispin Be good, and you will be
[EMAIL PROTECTED],[EMAIL PROTECTED
any significant protection if the goal is to provide
Kent Crispin Be good, and you will be
[EMAIL PROTECTED],[EMAIL PROTECTED] lonesome.
p: +1 310 823 9358 f: +1 310 823 8649 -- Mark Twain
Mail list logo