Re: [cryptography] Intel RNG
Aloha! On 2012-06-20 05:32 , James A. Donald wrote: If intel told me how it worked, and provided low level access to raw unwhitened output, I could find pretty good evidence that the low level randomness generator was working as described, and perfect evidence that the whitener was working as described. Certification does not tell me anything much. Good point. And even more so. What I think we would like to have is: (1) Read access to the raw output of the entropy source. (2) Possibly read access after whitening. (3) Write access to inputs of the PRNG This would allow us to probe that the whole chain works as intended with KATs for the PRNG part. This would still not prove that Intel, when MUXing in data from (1)/(2) into the PRNG actually does something completely different. -- Med vänlig hälsning, Yours Joachim Strömbergson - Alltid i harmonisk svängning. signature.asc Description: OpenPGP digital signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] cryptanalysis of 923-bit ECC?
On 12-06-19 08:51 PM, Jonathan Katz wrote: Anyone know any technical details about this? From the news reports I've seen, it's not even clear to me what, exactly, was broken. http://www.pcworld.com/businesscenter/article/257902/researchers_set_new_cryptanalysis_world_record_for_pairingbased_cryptography.html There is more detail here: http://www.nict.go.jp/en/press/2012/06/18en-1.html See the subsection Target problem and the solution about halfway down. The field was GF(3^97) and the curve was y^2=x^3-x+1. The discrete log problem was created using the eta pairing and the constants \pi and e. -James signature.asc Description: OpenPGP digital signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] cryptanalysis of 923-bit ECC?
On Wed, Jun 20, 2012 at 10:07 AM, James Muir muir.jame...@gmail.com wrote: On 12-06-19 08:51 PM, Jonathan Katz wrote: Anyone know any technical details about this? From the news reports I've seen, it's not even clear to me what, exactly, was broken. http://www.pcworld.com/businesscenter/article/257902/researchers_set_new_cryptanalysis_world_record_for_pairingbased_cryptography.html There is more detail here: http://www.nict.go.jp/en/press/2012/06/18en-1.html See the subsection Target problem and the solution about halfway down. The field was GF(3^97) and the curve was y^2=x^3-x+1. The discrete log problem was created using the eta pairing and the constants \pi and e. NIST guidelines state that ECC keys should be twice the length of equivalent strength symmetric key algorithms. So according to NIST solving a 923b ECC is like brute-forcing a 461b bit symmetric key (I assume in a perfect cipher?). Of course there are weak keys in almost any system e.g. badly implemented RSA picking p=q I wonder if a weak-key scenario has occurred, or if this is a genuine generalized mathematical advance? Comments from ECC experts? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] cryptanalysis of 923-bit ECC?
I'm definitely /not/ an ECC expert, but this is a pairing-friendly curve, which means it's vulnerable to a type of attack where EC group elements can be mapped into a field (using a bilinear map), then attacked using an efficient field-based solver. (Coppersmith's). NIST curves don't have this property. In fact, they're specifically chosen so that there's no efficiently-computable pairing. Moreover, it seems that this particular pairing-friendly curve is particularly tractable. The attack they used has an estimated running time of 2^53 steps. While the 'steps' here aren't directly analogous to the operations you'd use to brute-force a symmetric cryptosystem, it gives a rough estimate of the symmetric-equivalent key size. (Apologies to any real ECC experts whose work I've mangled here… :) Matt On Jun 20, 2012, at 10:59 AM, Charles Morris wrote: NIST guidelines state that ECC keys should be twice the length of equivalent strength symmetric key algorithms. So according to NIST solving a 923b ECC is like brute-forcing a 461b bit symmetric key (I assume in a perfect cipher?). Of course there are weak keys in almost any system e.g. badly implemented RSA picking p=q I wonder if a weak-key scenario has occurred, or if this is a genuine generalized mathematical advance? Comments from ECC experts? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] cryptanalysis of 923-bit ECC?
NIST curves don't have this property. In fact, they're specifically chosen so that there's no efficiently-computable pairing. Ah, of course. I wasn't thinking. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] cryptanalysis of 923-bit ECC?
I've been told (by somebody much more diligent than I, who actually did the math) that the number of compute-cycles works out to around 2^64. The theoretical number of steps required is 2^53. Of course, each step is /not/ 1 cycle, so if we assume that they're around 2048 cycles each it's right on the money. (Once again, full credit to Paulo and others, I'm just a fly on the wall.) On Jun 20, 2012, at 11:39 AM, William Whyte wrote: Does anyone know if this attack took the expected amount of time (confirming the strength of this particular curve), or significantly less (in which case it’s something to be concerned about)? William ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] non-decryptable encryption
yes. just with a specific choice of key. --- jam...@echeque.com wrote: From: James A. Donald jam...@echeque.com To: givo...@37.com CC: cryptography@randombit.net Subject: Re: [cryptography] non-decryptable encryption Date: Wed, 20 Jun 2012 10:48:01 +1000 On 2012-06-19 8:03 PM, Givonne Cirkin wrote: i don't understand why is it clear to some they get it right away. why do others not see it? i thought i was clear to use the sequence up until the first repeat. This is just one time pad. _ You @ 37.com - The world's easiest free Email address ! ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] non-decryptable encryption
yes. and i covered this. esp. when the issue applies to the stenagraphic component. using phi as a model of the method. but, phi is well known predictable. however, other sequences not. --- jth...@astro.indiana.edu wrote: From: Jonathan Thornburg jth...@astro.indiana.edu To: jam...@echeque.com, cryptography@randombit.net Subject: Re: [cryptography] non-decryptable encryption Date: Tue, 19 Jun 2012 08:30:59 -0400 (EDT) The digit sequence 0.1234567891011121314151617181920212223... (or its equivalent in binary, hex, or your other favorite base) never repeats, but provides no security whatsoever. One-time pads need nonrepeating sequences *which the adversary can't predict*. -- -- Jonathan Thornburg [remove -animal to reply] jth...@astro.indiana-zebra.edu Dept of Astronomy IUCSS, Indiana University, Bloomington, Indiana, USA Washing one's hands of the conflict between the powerful and the powerless means to side with the powerful, not to be neutral. -- quote by Freire / poster by Oxfam ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography _ You @ 37.com - The world's easiest free Email address ! ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] non-decryptable encryption
curious, why don't some ppl trust link shortners? is that a generation gap thing. 2nd. ur guesses are wrong. i was born in the USA. my parents were born in the USA. my native language is English. my parent's native language is English. i grew up speaking English @ home. i went to public school where they taught us in--English. non one translated my paper. and, i have been offered jobs writing papers. in fact, i was the editor of a collegiate technical newsletter for academic computing for several years. so, some of your guesses are bit off. different ppl use different lingo for different reasons. for me, in this instance is, because my interaction is more on a literary level than personal. putting that aside. i think submission to AMS the American Mathematical Society was appropriate. submission to ACM American Computing Machinery which has published me several times before, was also appropriate. after stating that, i do get comments from others that don't understand it either. as to the math not being new, in regards to frequency normalization, this is simply not correct. in regards to the second method, which is a combination of methods, the math of combined methods is new. the strength is in the combination of the methods. having said all that, i agree the paper could be clearer. but, just by judging by the reaction on this board, it is clear enough to get the major points across. even you concede the math is potentially ok. this isn't the 1st paper i've written. or, have rejected. or been asked to resubmit. had i been given suggestions to make it clearer, i would accept that. several of the ppl on this board have raised real intellectual issues. more as to the implementation. which i also c as a problem. (whoops don't trust abbreviaters!) --- bill.stew...@pobox.com wrote: From: Bill Stewart bill.stew...@pobox.com To: givo...@37.com Cc: cryptography@randombit.net Subject: Re: [cryptography] non-decryptable encryption Date: Mon, 18 Jun 2012 19:44:21 -0700 At 03:56 AM 6/18/2012, Givonne Cirkin wrote: Hi, My name is Givon Zirkind. I am a computer scientist. I developed a method of encryption that is not decryptable by method. You can read my paper at: http://bit.ly/Kov1DEhttp://bit.ly/Kov1DE I don't trust link shorteners. My colleagues agree with me. But, I have not been able to get pass peer review and publish this paper. In my opinion, the refutations are ridiculous and just attacks -- clear misunderstandings of the methods. They do not explain my methods and say why they do not work. If you can't get the paper to pass peer review, and you think it's because the reviewers clearly don't understand your methods, this means one of several things - You haven't found the right peer reviewers - Are you submitting your paper to an appropriate journal? - Your math really is broken or not new, and you're not understanding their refutations. - Your math is potentially ok, but your paper isn't written clearly enough for the reviewers to understand how your methods really work, so you need to get some help with the writing. Technical writing is difficult work, and the more complex a topic you're writing about, the clearer and simpler your writing needs to be. Part of that is the logical development of your paper - are you showing all the important steps, and showing how the parts connect together, but part of that is really just language. For instance, your email message that I'm replying to uses terminology that's not at all the way anybody writes about cryptography in English. I'm guessing your native language is one of the Romance languages, and that whoever translated your paper doesn't do cryptography in English? I'm guessing that when you say not decryptable, you either mean It's a hash function, where the output contains less entropy than the input, and is therefore not reversable, or you mean It's not decryptable by somebody who knows your algorithm and doesn't know the password, with N bits of password entropy (where you aren't bothering to mention N for some reason.) The other interpretation I could think of is The encryption method isn't implementable by mathematical algorithms, because it's using quantum physics for non-determinism (in which case you'd probably have said it was quantum), or because you're doing something tricky with chaos theory (and the community's experience has been 'Sorry, that trick never works.') Since you said Bruce Schneier told you to look at hash functions, I'm leaning toward that guess. I have a 2nd paper: http://bit.ly/LjrM61http://bit.ly/LjrM61 This paper also couldn't get published. This too I was told doesn't follow the norm and is not non-decryptable. Which I find odd, because it is merely the tweaking of an already known method of using prime numbers. I am asking the hacking community for help. Help me test my methods. The following message
Re: [cryptography] non-decryptable encryption
On 06/20/2012 06:54 PM, Givonne Cirkin wrote: curious, why don't some ppl trust link shortners? is that a generation gap thing. Because there are serious privacy issues with most of them. http://w2spconf.com/2011/papers/urlShortening.pdf ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] non-decryptable encryption
On 2012-06-20 09:54:33 -0700 (-0700), Givonne Cirkin wrote: curious, why don't some ppl trust link shortners? is that a generation gap thing. 2nd. ur guesses are wrong. i was born in the USA. my parents were born in the USA. my native language is English. [...] Perhaps this is also a generation gap thing. Professionals of my generation converse with colleagues and peers by using complete sentences and well-structured grammar. That same generation also prefers canonical URIs and other accurate bibliographical references/citations. I've been out of academia for a while, so perhaps the major journals have begun to accept submissions via SMS? To echo other responses on the paper, the biggest objection (aside from the minimal novelty of the subject matter itself) is likely to revolve around your non-decryptable terminology. Your method is clearly not non-decryptable to the owner or intended recipient who possesses the key/pad with which the data was encrypted, or else it would be useless. Further, no encryption technique is particularly useful when decryptable by unintended agents. As a result the term adds nothing meaningful in context, being either a logical contradiction or tautology (depending on your intended connotation). -- { IRL(Jeremy_Stanley); WWW(http://fungi.yuggoth.org/); PGP(43495829); WHOIS(STANL3-ARIN); SMTP(fu...@yuggoth.org); FINGER(fu...@yuggoth.org); MUD(kin...@katarsis.mudpy.org:6669); IRC(fu...@irc.yuggoth.org#ccl); } ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] Why do scammers say they're from Nigeria?
This is an interesting paper that presumably has implications for other social engineering schemes beside financial scammers: http://research.microsoft.com/pubs/167719/WhyFromNigeria.pdf ABSTRACT False positives cause many promising detection technologies to be unworkable in practice. Attackers, we show, face this problem too. In deciding who to attack true positives are targets successfully attacked, while false positives are those that are attacked but yield nothing. This allows us to view the attacker’s problem as a binary classification. The most profitable strategy requires accurately distinguishing viable from non-viable users, and balancing the relative costs of true and false positives. We show that as victim density decreases the fraction of viable users than can be profitably attacked drops dramatically. For example, a 10× reduction in density can produce a 1000× reduction in the number of victims found. At very low victim densities the attacker faces a seemingly intractable Catch-22: unless he can distinguish viable from non-viable users with great accuracy the attacker cannot find enough victims to be profitable. However, only by finding large numbers of victims can he learn how to accurately distinguish the two. Finally, this approach suggests an answer to the question in the title. Far-fetched tales of West African riches strike most as comical. Our analysis suggests that is an advantage to the attacker, not a disadvantage. Since his attack has a low density of victims the Nigerian scammer has an over-riding need to reduce false positives. By sending an email that repels all but the most gullible the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favor. - Tim ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Why do scammers say they're from Nigeria?
Emphasis on _most profitable_ here. Clearly not the only one employed. Also, this mode applies mostly to spam; there are a number of other ways of filtering the victims who will take interest, be more gullible, or get hooked that do not require being obviously dubious. On Wed, Jun 20, 2012 at 1:56 PM, Tim Dierks t...@dierks.org wrote: This is an interesting paper that presumably has implications for other social engineering schemes beside financial scammers: http://research.microsoft.com/pubs/167719/WhyFromNigeria.pdf ABSTRACT False positives cause many promising detection technologies to be unworkable in practice. Attackers, we show, face this problem too. In deciding who to attack true positives are targets successfully attacked, while false positives are those that are attacked but yield nothing. This allows us to view the attacker’s problem as a binary classification. The most profitable strategy requires accurately distinguishing viable from non-viable users, and balancing the relative costs of true and false positives. We show that as victim density decreases the fraction of viable users than can be profitably attacked drops dramatically. For example, a 10× reduction in density can produce a 1000× reduction in the number of victims found. At very low victim densities the attacker faces a seemingly intractable Catch-22: unless he can distinguish viable from non-viable users with great accuracy the attacker cannot find enough victims to be profitable. However, only by finding large numbers of victims can he learn how to accurately distinguish the two. Finally, this approach suggests an answer to the question in the title. Far-fetched tales of West African riches strike most as comical. Our analysis suggests that is an advantage to the attacker, not a disadvantage. Since his attack has a low density of victims the Nigerian scammer has an over-riding need to reduce false positives. By sending an email that repels all but the most gullible the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favor. - Tim ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography -- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] non-decryptable encryption
Not 10^500. That's assuming all numbers are primes. With larger numbers, the ratio of prime numbers to ordinary drops. A lot. I don't think it's more than 1^50 primes there, could be far less. Also, you are SERIOUSLY underestimating cryptoanalysis. You assume to much about how well these tricks will be able to prevent cracking the crypto. Also, cryptoanalysis often provide attacks that is faster-than-bruteforce to get the key or plaintext. Now we are talking millions of times faster. Or more... You have not convinced me that an FPGA can't crack this in an hour. - Sent from my tablet Den 20 jun 2012 19:50 skrev Givonne Cirkin givo...@37.com: ok. lets say 500 characters with a random sequence -a prime key- can be brute forced decrypted. that's 10^500 combinations. now, if implementing my method, in the simplest of forms, it would be 10^500 * 8!^500 (factorial). is that still decryptable by brute force? However, I did add the dimension of not using base 2 or ASCII as I discuss in my article. so you have to go back and do it all again at least a second time for the several bases I mentioned. So, 3*(10^500 * 8!^500 (factorial). as i mention in my article, a ciphertext of 500 characters could be an encrypt of a plaintext of 500 or 375 or 250 characters. so, each possible merge has to first be removed. Then, brute forced decrypted. The equation for mask calculation was mentioned, but not inserted into the article. That would exceeded submission lengths. however, implementing my method with masking/merging would potentially variably alter the message length. taking simpler methods that i described in my paper, of a mask of 8 or 4 bits in a 16 bit data stream (see the illustration in the article), the number of masks would be 84,480 7,280 respectively. These too would have to be removed. The following includes only 2 of 15 possibilities. So, [84,480*(3*10^250*(8!)^250)]+[7,280*(3*10^375*(8!)^375)]+[3*10^500 * (8!)^500]. Are we still in the realm of brute force? you are definitely not rude. and, yeah, making a discovery or invention in encryption, has got to be very rare. that is why i ran this by every math professor colleague i knew, before submission. easy to err on this things. --- jd.cypherpu...@gmail.com wrote: From: jd.cypherpunks jd.cypherpu...@gmail.com To: givo...@37.com givo...@37.com Cc: Natanael natanae...@gmail.com, cryptography@randombit.net cryptography@randombit.net Subject: Re: [cryptography] non-decryptable encryption Date: Mon, 18 Jun 2012 18:20:13 +0200 Natanael natanae...@gmail.com wrote: One: On the second paper, you assume a prime number as long as the message is secure, and give an example of a message of 500 characters. Assuming ASCII coding and compression, that will be just a few hundred bits. RSA (using primes too) of 1024 bits is now being considered insecure by more and more people. I'm afraid that simple bruteforce could break your scheme quite fast. Also, why not use simple XOR in that case? Yep - bruteforce will work here. btw - when it comes to 'non-decryptable encryption' I still like OTP. :) Read or re-read Steven Bellovins wonderfull piece about Frank Miller, the Inventor of the One-Time Pad https://mice.cs.columbia.edu/getTechreport.php?techreportID=1460 I'm not a rude guy and try not to diminish your archievments but there's some truth in the following sentence: Even if clever beyond description the odds that someone without too much experience in the field can revolutionize cryptography are small. Can't remember who said this - or something similar to this - but it's true anyhow. Think about this every time when I try to 'invent' something within my fields. :) --Michael Den 18 jun 2012 12:56 skrev Givonne Cirkin givo...@37.com: Hi, My name is Givon Zirkind. I am a computer scientist. I developed a method of encryption that is not decryptable by method. You can read my paper at: http://bit.ly/Kov1DE My colleagues agree with me. But, I have not been able to get pass peer review and publish this paper. In my opinion, the refutations are ridiculous and just attacks -- clear misunderstandings of the methods. They do not explain my methods and say why they do not work. I have a 2nd paper: http://bit.ly/LjrM61 This paper also couldn't get published. This too I was told doesn't follow the norm and is not non-decryptable. Which I find odd, because it is merely the tweaking of an already known method of using prime numbers. I am asking the hacking community for help. Help me test my methods. The following message is encrypted using one of my new methods. Logically, it should not be decryptable by method. If you can decrypt it, please let me know you did how. CipherText: 113-5-95-5-65-46-108-108-92-96-54-23-51-163-30-7-34-117-117-30-110-36-12-102-99-30-77-102 Thanks. I have a website about this: www.givonzirkind.weebly.com For information about the
Re: [cryptography] cryptanalysis of 923-bit ECC?
On 20-06-2012 22:12, Jon Callas wrote: Is this merely a case where 973 bits is equivalent to ~60 bits symmetric? If so, what's equivalent to AES-128 and 256? Is there something inherently weak in pairing-friendly curves, like there are in p^n curves? Disclaimer: I'm not an authority either, but here's what I know: Yeah, pretty much. This is a supersingular curve in the field GF(3^97), or roughly 154 bits. Being a pairing-friendly curve with an embedding degree of 6, there is a map from the group of points of an elliptic curve E(GF(3^97)) to the finite field GF((3^97)^6), which is 923 bit long. So we can solve the logarithm wherever it is the most convenient. Now, low characteristic (3 in this case) fields are vulnerable to a specialized index-calculus attack called the function field sieve (FFS). This method has the same asymptotic complexity of the special number field sieve, i.e., L[1/3, (32/9)^(1/3)]. Therefore, 923 bits is not really that much for the FFS, asymptotically speaking; to put it in perspective, a 911-bit integer was factored back in 2006 by the SNFS, and a 1039-bit one in 2007. For pairing-friendly curves to achieve the 128-bit security level, it is a good idea to increase the characteristic to prevent FFS-style attacks, and to increase the embedding degree to something higher than 6. Barreto-Naehrig curves are defined over (large) prime fields, have embedding degree 12, and are generally a good choice for the 128-bit level. 256-bit security requires even larger embedding degrees, on the order of 24 or so. If you really must stick with the crazy GF(3^n) curves, then take a look at the estimates of the folks that broke this curve: http://eprint.iacr.org/2012/042 (this is where the 2^53 figure came from). ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] cryptanalysis of 923-bit ECC?
For a proper answer, You should follow pbarreto on Twitter and ask him. He's a nice guy and *very* willing to talk about this. Mostly because he found the press release so misleading. But in any case, the answer to your question is: this is not a standard choice for a pairing friendly curve. It's a field of small characteristic, which makes it unusually vulnerable to these attacks. They could not use this attack against a similar MNT or BN curve. My understanding is that a 256-bit BN curve gives 128-bit security. Matt On Jun 20, 2012, at 5:12 PM, Jon Callas j...@callas.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Jun 20, 2012, at 8:35 AM, Matthew Green wrote: I'm definitely /not/ an ECC expert, but this is a pairing-friendly curve, which means it's vulnerable to a type of attack where EC group elements can be mapped into a field (using a bilinear map), then attacked using an efficient field-based solver. (Coppersmith's). NIST curves don't have this property. In fact, they're specifically chosen so that there's no efficiently-computable pairing. Moreover, it seems that this particular pairing-friendly curve is particularly tractable. The attack they used has an estimated running time of 2^53 steps. While the 'steps' here aren't directly analogous to the operations you'd use to brute-force a symmetric cryptosystem, it gives a rough estimate of the symmetric-equivalent key size. (Apologies to any real ECC experts whose work I've mangled here… :) Thanks, anyway, as things seem to be detail-lite where I'm getting them. Do we have anyone who can speak authoritatively on this? I am also not at all an expert on pairing-friendly curves. Is this merely a case where 973 bits is equivalent to ~60 bits symmetric? If so, what's equivalent to AES-128 and 256? Is there something inherently weak in pairing-friendly curves, like there are in p^n curves? I have no idea what this result *means* and would love to know. Jon -BEGIN PGP SIGNATURE- Version: PGP Universal 3.2.0 (Build 1672) Charset: windows-1252 wj8DBQFP4jy5sTedWZOD3gYRAoL9AJ9iVVSj1RY3SCLQCo8WJutsRq4IEwCfYUdZ xzcsltQaPQZELJ0joMs7UjU= =l3BW -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] Sure ...
Flame's too big to take on alone, says Microsoft by Alastair Stevenson More from this author 21 Jun 2012 Seattle: Cyber threats like Flame are too big and too advanced for even the most security savvy of companies to take on alone, according to Microsoft Trustworthy Computing senior director Mike Reavey. Reavy claimed that claimed that the sheer complexity of many of the advanced cyber threats currently being discovered proves that companies need to begin working together. Threats are getting more sophisticated and complicated and we need to change and adapt, said Reavey. We can't stop these things by ourselves.We need a community of defenders. Microsoft's senior director went on to clarify that the company could not disclose further details regarding how Flame had managed to mimic the companies update certificates. [SNIP] http://www.v3.co.uk/v3-uk/news/2185968/flames-microsoft?utm_campaign=V3utm_source=Facebookutm_medium=Twitterfeed# ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] non-decryptable encryption
On Wed, Jun 20, 2012 at 12:54 PM, Givonne Cirkin givo...@37.com wrote: curious, why don't some ppl trust link shortners? is that a generation gap thing. Someone recently played a trick on Full Disclosure. Something about advanced notice of an Apple Update. It was a bitty link to a eVote system (if I recall). He fooled a lot of folks 2nd. ur guesses are wrong. There is a generation gap when phone-speak is normal. [SNIP... ] Jeff ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography