Re: [cryptography] fyi: diffie-hellman weakness

On Fri, 14 Oct 2016, Givonne wrote: http://thehackernews.com/2016/10/nsa-crack-encryption.html?utm_source=feedburner_medium=feed_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29&_m=3n.009a.1343.bx0ao08q8s.scz The article is not entirely correct: the researchers

Re: [cryptography] What the heck is RFC 5114?

On Tue, 5 Jan 2016, Antonio Sanso wrote: Subject: [cryptography] What the heck is RFC 5114? Comments/answers are welcomed :) http://intothesymmetry.blogspot.it/2016/01/what-heck-is-rfc-5114.html Seeing that you are quoting my information from nohats.ca, let me reply here :) RFC5114 support

Re: [cryptography] JYA and Cryptome Keys Compromised

On Tue, 15 Sep 2015, John Young wrote: -BEGIN PGP SIGNED MESSAGE- by unknown key. I have learned today that all PGP public keys of John Young and Cryptome have been compromised. The keys have been revoked today. Revocation could have

Re: [cryptography] [Cryptography] Caspar Bowden has died

On Thu, 9 Jul 2015, John Young wrote: Privacy activist Caspar Bowden has died https://translate.google.com/translate?sl=autotl=enjs=yprev=_thl=enie=UTF-8u=https%3A%2F%2Fnetzpolitik.org%2F2015%2Fdatenschutz-aktivist-caspar-bowden-ist-gestorben%2Fedit-text= Caspar was instrumental to achieving

Re: [cryptography] GoVPN -- reviewable secure state-off-art crypto free software VPN daemon

On Mon, 4 May 2015, Naveen Nathan wrote: I haven't tried it, but OpenVPN has a --float option. I haven't had a chance to try it myself, but it will handover to a new IP address, essentially giving roaming over unreliable link style connectivity. See:

Re: [cryptography] OpenPGP in Python: Security evaluations?

On Thu, 23 Apr 2015, stef wrote: On Thu, Apr 23, 2015 at 08:25:14AM +0200, Fabio Pietrosanti (naif) - lists wrote: Everyone, including GlobaLeaks, is using python-gnupg wrapper but that's an HORRIBLE software design choice (having a wrapper that fire an executable) and we want to fix that.

Re: [cryptography] The Trouble with Certificate Transparency

On Sun, 28 Sep 2014, Nicolai wrote: You took it out of context. What I wrote was about certificate checking: Of course, one has to be careul not to make the same privacy mistakes as CRL/OCSP did. But we have other decentralised methods that have better privacy (such as

Re: [cryptography] The Trouble with Certificate Transparency

On Fri, 26 Sep 2014, Greg wrote: But what about normal people?  I have to check up to 1000 different logs to see if I've been attacked?  And if I find out that's the case, would people care about little old me enough to burn a CA such as Comodo? It seems CT could

Re: [cryptography] Which encryption chips are compromised?

On Thu, 12 Dec 2013, coderman wrote: of course, this could be because companies like Sun charge $9,999 for an HSM/accelerator that is at best a reasonable cost at $1,499... If you mean the SCA 6000, those were $1600 at Sun. When Oracle bought them they just bumped it to $10k. On ebay you can

Re: [cryptography] the spell is broken

On Thu, 3 Oct 2013, Kelly John Rose wrote: I short, I feel that all trust for NIST has to be broken. It doesn't matter if AES or SHA-2 is broken or not broken. You cannot go into a security environment with a tool that is known to be compromised (NIST) and just hope and pray that the pieces you

Re: [cryptography] very little is missing for working BTNS in Openswan

On Thu, 12 Sep 2013, Nico Williams wrote: Note: you don't just want BTNS, you also want RFC5660 -- IPsec channels. You also want to define a channel binding for such channels (this is trivial). To summarize: IPsec protects discrete *packets*, not discrete packet *flows*. This means that

Re: [cryptography] Integrety checking GnuPG

On Wed, 29 May 2013, shawn wilson wrote: This is sort of a trusting trust question. However, is there a way to have gpg verify it has not been altered? Maybe by compiling it with an internal key file and it asking for a password before decrypting itself and then presenting some type of