Re: [cryptography] prime number pairs
On Fri, May 24, 2013 at 3:53 AM, ianG i...@iang.org wrote: “twin” primes of Somewhat confused by the statement (the largest pair discovered so far is 3,756,801,695,685 x 2666,669 – 1 and 3,756,801,695,685 x 2666,669 + 1). I looked on Wikipedia and found the statement that the pair was really 3,756,801,695,685 x 2^666,669 – 1 and +1. Much bigger and odd rather than even. -- Chuck ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
Does anyone on this list honestly doubt that intelligence agencies are intercepting and reading skype given both public statements by skype, the various news reports about governments state they are doing it, and the 200 year history of agencies and communication companies working together? Is the debate that (1). we don't know the exact method, or (2). can't prove it 100% or (3). that someone actual believes they aren't doing this? On Fri, May 24, 2013 at 3:49 AM, yersinia yersinia.spi...@gmail.com wrote: On Wed, May 22, 2013 at 9:41 AM, James A. Donald jam...@echeque.com wrote: On 2013-05-22 5:00 PM, yersinia wrote: Sorry for the top posting. Many company are using private social network these days. As usual someone internal to the organization has the right to record and sniff also the private traffic. Don't like ? Well, you can always use services as scrumbls. Perhaps not so secure from a nsa wiretap but sufficient in most case. Scrumbls? I am sorry. Typo. https://scrambls.com/ ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] prime number pairs
On 24 May 2013 14:01, Charles Jackson c...@jacksons.net wrote: Somewhat confused by the statement (the largest pair discovered so far is 3,756,801,695,685 x 2666,669 – 1 and 3,756,801,695,685 x 2666,669 + 1). I looked on Wikipedia and found the statement that the pair was really 3,756,801,695,685 x 2^666,669 – 1 and +1. Superscripts in the original source. :) ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
At a minimum, it's is there any evidence--at all--other than guessing / suspicions / assumptions / presumptions / paranoia? It need not be a religious or ideological discussion; it need not be based on I believe it's happening or I don't believe it's happening--just, is there any evidence The evidence as I understand is this: 1. Skype has said in the german press that they can listen to communications 2. Russian intelligence has said in the Russian press that Skype allows them to listen to communications 3. The Skype privacy policy explicitly states that they will allow LE access to all communication when feasable 4. Skype appears to be able to read URLs sent which sparked this email thread I know of no communication company that refused to cooperate with an intelligence agency and Skype explicitly says they provide access to governments in their privacy policy, they have the capability to add a wiretap into skype since they control the software so it is certainly feasible. Why would skype lie in their privacy policy and say they would provide access and then not provide access? Skype, Skype's local partner, or the operator or company facilitating your communication may provide personal data, communications content and/or traffic data to an appropriate judicial, law enforcement or government authority lawfully requesting such information. Skype will provide reasonable assistance and information to fulfill this request and you hereby consent to such disclosure. http://www.skype.com/en/legal/privacy/ Other than skype publicly stating the method that they use, I'm not sure what would constitute better proof. On Fri, May 24, 2013 at 10:23 AM, Eric S Johnson cra...@oneotaslopes.org wrote: Does anyone on this list honestly doubt that intelligence agencies are intercepting and reading skype Is the debate that (1). we don't know the exact method, or (2). can't prove it 100% or (3). that someone actual believes they aren't doing this? At a minimum, it's is there any evidence--at all--other than guessing / suspicions / assumptions / presumptions / paranoia? It need not be a religious or ideological discussion; it need not be based on I believe it's happening or I don't believe it's happening--just, is there any evidence? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
It seems like there is this new narrative in some peoples minds about all companies backdoor everything and cooperate with law enforcement with no questions asked, what do you expect. I have to disagree strongly with this narrative to combat this narrative displacing reality! I've seen several people saying similar things in this thread. No I say. I think the point is not that a company could backdoor something. We know that companies that have information for whatever pre-existing reason that may help investigations will typically be expected to hand it over with appropropriate legal checks and balances, a court order, subpoena etc. Sometimes their lawyers will fight it if the subpoena is ridiculously broad, and thats not that unusual. Sometimes there are gag orders to prevent the fact that a subpoena was received from being disclosed to the target, or disclosed ever. The latter is considered fairly obnoxious. Now and then there are rumours or claims of forced changes that eg hushmail maybe changed some code in response to law enforcement request of some kind. However it is not the case that anything that could be backdoored is backdoored. Do you think all SMIME email clients, all SSL clients (embedded and browser), all SSL web servers, all VPNs are backdoored? I seriously doubt any of them are backdoored in fact. Would those taking the what do you expect narrative like to try your narrative against web servers and VPNs? Now web2.0 types of things that involve social media and messages being stored online obviously are targets for subpoenas and dont typically involve more than transport encryption. IM most of the clients are not end2end by design - ie like web20 there is transport encryption from client to server, but a central server that sees all traffic. As someone mentioned many companies run their own server for this reason (to avoid traffic being readable to the internet scale IM server operator). Skype was claimed to be end2end secure. The skype security review white paper saying so is still on their web page. The privacy policy just says they will hand over information they have, in response to valid legal requests, which is a non-statement, companies operatate in jurisdictions which issue legal requests. For all we know skype may still be end2end secure when used with a strong password, except for uploading URLs for some ill thought out malware checking. Or not, maybe thats happening server side, no one took the trouble to determine (its easy enough I think as I said just upload lots of URLs and same character count with no URLs and count the byte count of the traffic flow). The password reset doesnt sound so good, possibly not being technically end2end, but presumably you dont have to use that. So anyway, no, products riddled with backdoors is not acceptable, its not business as usual, and we do expect better. And if companies are advertising end2end security, and yet routinely decrypting all traffic, in many countries that could open them up to fines and possible prosecution for false advertising. Adam ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
