losing your keys due to password
database corruption, commercialization of the tool or whatever, since
they are all in separate files that you can decrypt with GPG by hand
if needed.
tim
___
cryptography mailing list
cryptography@randombit.net
http://list
. In diabolicly
bad implementations, you could even argue for full decryption of the
password through timing side channels, but that's probably tough to
pull off in practice.
tim
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
escription of the cipher, it seems like the
there's opportunity for padding oracle attacks, provided the server
somehow indicates (through timing or otherwise) whether the 0 padding
is valid.
tim
___
cryptography mailing list
cryptography@randomb
d solution, not an even more centralized one
> than mailing lists.
+1
tim
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
ns on the history of e=3 at
http://crypto.stackexchange.com/q/8454/
Thanks,
Tim.
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
t for a discrete set of common
mistakes. Generic statistical tests usually aren't helpful here.
Instead, tests targeted at well-known weak generators or seed methods
would be quite handy in my line of work.
tim
___
cryptography mailing l
ries which check certs and which are designed
for HTTPS, you probably want to use the DNS name.
I don't know enough about JSSE-specific implementation to be able to give
you a precise answer.
- Tim
On Fri, Aug 9, 2013 at 3:03 PM, Patrick Pelletier
wrote:
> One thing mentioned in the "
BLitauen%26hl%3Den%26tbo%3Dd&sa=X&ei=sWLKUO3pGMSN0QHD14C4Dg&ved=0CFQQ7gEwAw>
Here's a press release from the prosecutor's office:
http://www.presse.sachsen-anhalt.de/index.php?&cmd=get&id=852615&identifier=3bf095c0d8865dccd0ea7ef44e5f0bae;
it has an e-mail addres
y be documented as accepted.
As an aside unless you have explicitly asked for it, it's unlikely that the
pentest is going to be alligned against any particular UK data security
requirements. (I'm don't even think there are any that are relevant in this
context - unless maybe
long it will take to crack--a key
long enough to be safe for 60 days against all attackers may take your
trustee a couple of years to crack once you're dead).
- Tim
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
victims the Nigerian scammer has an
over-riding need to reduce false positives. By sending an email that repels
all but the most gullible the scammer gets the most promising marks
to self-select, and tilts the true to false positive ratio in his favor.
- Tim
a comparable
budget, I'd consider further investigation.
- Tim
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
An interesting item in the historical record, even if it's not actually a
code (this is my understanding of the current best hypothesis):
http://beinecke.library.yale.edu/digitallibrary/voynich.html
- Tim
___
cryptography mailing list
cryptog
e is
no code in git that anticipates needing crypto hash agility.)
Anyway, I hope this helps.
When I was learning git, I found the paper _Git from the bottom up_ by
John Wiegley very helpful for understanding what is going on inside
git:
http://newartisans.com/2008/04/git-from-the
13252491.
I found http://www.cs.ucdavis.edu/~rogaway/papers/thorp.pdf linked-to from
the Wikipedia Feistel cipher article. It has some citations that will get
you further in the literature.
- Tim
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
in number of the bits (suitable to minimize the possibility of salt
collision across the number of tokens to be encrypted with a single key).
Map the salt to token-legal grammar and emit encoded tokens by prepending
the salt to your (token-encoded) encrypted result (you may need something
somewhat
16 matches
Mail list logo