Marsh Ray ma...@extendedsubset.com writes:
Except that as it is stipulated that the captors are not stupid, we must
assume they are perfectly rational actors who will have worked out this
strategy too.
It's not an exercise in game theory, it's standard police work. If they've
watched you
Ondrej Mikle ondrej.mi...@nic.cz writes:
I've just found an article about the OAEP padding oracle (that I couldn't
recall before):
There's another one that was published about a year ago that looks at things
like side-channel attacks via the integer-to-octet-string conversion
primitives and
James A. Donald jam...@echeque.com writes:
Hidden compartment? What hidden compartment? If I have one, you are welcome
to search it. Go knock yourselves out.
James, meet Bertha. Sorry about her cold hands, just give her a minute to get
the gloves on. In the meantime if you'll drop your
Jon Callas j...@callas.org writes:
I've spoken to law enforcement and border control people in a country that is
not the US, who told me that yeah, they know all about TrueCrypt and their
assumption is that *everyone* who has TrueCrypt has a hidden volume and if
they find TrueCrypt they just get
Bill St. Clair billstcl...@gmail.com writes:
Which is why the average random geek needs to be reminded, over and over
again, that you NEVER talk to the police. Not a word. Ever. If you're feeling
kind, write them a note, I don't talk to police. They should leave wondering
whether you're mute.
Adam Back a...@cypherspace.org writes:
Further the fact that the entropy seeding is so bad that some implementations
are generating literally the same p value (but seemingly different q values)
I would think you could view the fact that this can be detected and
efficiently exploited via batch GCD
Michael Nelson nelson_mi...@yahoo.com writes:
Paper by Lenstra, Hughes, Augier, Bos, Kleinjung, and Wachter finds that two
of every one thousand RSA moduli that they collected from the web offer no
security. An astonishing number of generated pairs of primes have a prime in
common.
The title of
Alexander Klimov alser...@inbox.ru writes:
While the RSA may be easier to break if the entropy during the key
*generation* is low, the DSA is easier to break if the entropy during the key
*use* is low. Obviously, if you have access only to the public keys, the first
issue is more spectacular,
Thor Lancelot Simon t...@panix.com writes:
However, while looking at it I have been wondering why something simpler and
better analyzed than the folded SHA should not be used.
Folding the output is belt-and-suspenders security, it denies an attacker
direct access to the raw output of whatever
Randall Webmail rv...@insightbb.com writes:
My neighborhood Wal*Mart has pretty much eliminated cashiers in favor of
self-checkouts.
Anyone so inclined could walk in, load up a cart, walk up to a self-checkout,
check maybe half the items in the cart, pay for them and leave, with no one
the wiser
=?UTF-8?Q?lodewijk_andr=C3=A9_de_la_porte?= lodewijka...@gmail.com writes:
Our cozy dutch supermarkets are trying self-checkout systems themselves. They
sometimes check carts with what's scanned. My dad's theory was that people
are so afraid to have forgotten that they'd most likely scan their
Bernie Cosell ber...@fantasyfarm.com writes:
On 31 Dec 2011 at 15:30, Steven Bellovin wrote:
Yes, ideally people would have a separate, strong password, changed
regularly for every site.
This is the very question I was asking: *WHY* changed regularly? What
threat/vulnerability is addressed by
Arshad Noor arshad.n...@strongauth.com writes:
A TSA is not a CA; it is just another end-entity whose certificate can be
revoked, if necessary. This does not necessarily invalidate the signed
time-stamps it issued before the revocation date (unless the TSA's CP
indicates another
John Levine jo...@iecc.com writes:
I'm looking for a talanted crypto for an early stage funded bitcoin-related
startup,
I have to ask: funded with what?
I'd actually misread the original post as bitcoin-funded, and thought yeah,
that'd be about right :-).
Peter.
Nico Williams n...@cryptonector.com writes:
On Fri, Dec 9, 2011 at 4:41 PM, Jeffrey Walton noloa...@gmail.com wrote:
Android also make the application a security principal for resource
sharing (its a smarter walled garden approach). Its an awesome
approach, especially when compared to Windows
Jon Callas j...@callas.org writes:
If someone actually built such combination of OS and marketplace, it would
work for the users very well, but developers would squawk about it. Properly
done, it could drop malware rates to close to nil.
Oh, developers would do more than squawk about it. Both
Jon Callas j...@callas.org writes:
If it were hard to get signing certs, then we as a community of developers
would demonize the practice as having to get a license to code.
WHQL is a good analogy for the situations with certificates, it has to be made
inclusive enough that people aren't
Ralph Holz h...@net.in.tum.de writes:
As I said, at this rate we shall have statistically meaningful large
numbers of CA hacks by 2013:
KPN is claiming there's nothing to worry about, please move along:
Arshad Noor arshad.n...@strongauth.com writes:
Every private PKI we have setup since 1999 (more than a dozen, of which a few
were for the largest companies in the world) has had the Root CA on a
non-networked machine with commensurate controls to protect the CA.
What about TSAs, where you need
d...@geer.org writes:
One would assume that the effort to get such a signing certificate would
persuade the bad team to use that cert for targeted attacks, not broadcast
ones, in which case you would be damned lucky to find it in a place where you
could then encapsulate it in a signature-based
Ondrej Mikle ondrej.mi...@nic.cz writes:
It's issued by A-Trust (not A-Data).
Well I had to put something in there to validate the Any inadvertent mangling
of details was my fault :-).
The Hongkong Post certs lack EKU extension, but 'key usage' does not contain
'digital signature'. That makes
d...@geer.org writes:
Another wrinkle, at least as a logic problem, would be whether you can revoke
the signing cert for a CRL and what, exactly, would that mean
That's actually a known problem (at least to PKI people). So what you're
really asking is whether a self-signed root cert can revoke
Marsh Ray ma...@extendedsubset.com writes:
Originally, public key systems were said to possess deliver this property of
'nonrepudiation', meaning a digital signature could effectively authenticate
the intent of the party associated with the private key.
Uhh, they were never said to deliver this
ianG i...@iang.org writes:
However, if one is relying on an external TTP to time-stamp the digital
signature, one can also rely on the TTP to evidence the hash of the document.
In which case, the digital signature is not performing any signing task
(although it may form a local authentication
Steven Bellovin s...@cs.columbia.edu writes:
Assume that there is some benefit to digitally-signed code.
There is at least one very obvious benefit: When malware is signed, it can't
mutate on each generation any more but has to remain static. This makes it
easier for the anti-malware folks to
Marsh Ray ma...@extendedsubset.com writes:
Apple's iPhone app store code signing is far more effective for example.
The effectiveness of that isn't the PKI or the signing though, it's that Apple
vets the apps before allowing them in the store. You don't need certs, all you
need to do is have
Marshall Clow mclow.li...@gmail.com writes:
This is only true if signing the malware is an expensive (in some terms)
proposition. It's certainly not expensive in terms of computing power.
The rate-limiting factor is how many certs you can steal, and how quickly. The
technology side doesn't
Earlier in the discussion there were questions about why a service provider
would want to MITM their customers. This has now been answered by a service
provider: It's to protect the children. From
http://patrick.seurre.com/?p=42
Three's policy with regards to filtering is intended to
d...@geer.org writes:
This is already standard practice for malware-laden sites, to
the extent that it's severely affecting things like Google Safe
Browsing and Facebook's link scanner, because Google and Facebook
always get to see benign content and only the end user gets the
malware.
Ondrej Mikle ondrej.mi...@nic.cz writes:
Matches my observations, especially when looking at CRLs of some small CAs
(company internal). I had a hunch some of those revocations could be due to
CA compromise, but from my point of view it is be only a speculation. I
appreciate sharing your
Ondrej Mikle ondrej.mi...@nic.cz writes:
How do MitM boxes react when they MitM connection to a server with self-
signed cert (or cert issued by an obsure CA not trusted by MitM box)?
For one example, see
Lucky Green shamr...@cypherpunks.to writes:
If the concern is that employees receive security warnings when accessing in-
house websites, the standard solution is to push out a corporate root via AD,
which is transparent and works quite well.
And once they get AD and/or WSUS ported to OS X and
Ondrej Mikle ondrej.mi...@nic.cz writes:
Sorry, my bad. Mismatch in my thinking-editing coordination. Originally I
wanted to ask whether you encountered a breach that was not over all the
news, but a rather localized incident at the places you and Lucky described.
Or heard about one from
Sandy Harris sandyinch...@gmail.com writes:
I am in China. How could I test whether the Great Firewall's packet sniffers
have such a cert.?
I'd be kinda surprised if they did that because it's meant to be surreptitious
and the Great Firewall isn't exactly a state secret. I'd just use the
ianG i...@iang.org writes:
PS; we need a better name than DPI MITM. For some reason I'm thinking of WITM.
Given that the whole reason for doing this silly-walk in the first place was to
protect us against MITMs, I wouldn't use WITM, I'd call it a WTFITM.
Peter.
Adam Back a...@cypherspace.org writes:
Start of the thread was that Greg and maybe others claim they've seen a cert
in the wild doing MitM on domains the definitionally do NOT own.
It's not just a claim, I've seen them too. For example I have a cert issued
for google.com from such a MITM proxy.
Adam Back a...@cypherspace.org writes:
a public MitM proxy? Or a corporate LAN.
Private organisation.
That intermediate CA needs publishing, and the CA that issued it.
I was asked not to reveal details and I won't, but in any case I don't know
whether it would achieve much. For the case of
Adam Back a...@cypherspace.org writes:
[WAP wildcard certs]
That is bad. Are you saying there is anyone doing SSL mitm for stream
compression reasons? Who?
The use of wildard certs in WAP gateways came up from the SSL Observatory
work... hmm, there's at least a mention of it in An Observatory
Adam Back a...@cypherspace.org writes:
I wonder what that even means. *.com issued by a sub-CA? that private key
is a massive risk if so! I wonder if a *.com is even valid according to
browsers. Or * that would be funny.
No idea, but remember that it's not general-purpose browsers, it's
Randall Webmail rv...@insightbb.com writes:
What is the proper thing to do when one of those things pops up? (It is NOT a
rare event).
Go to the security settings dialog in your browser, go to Export certificate
(or whatever your browser uses), select Certificate chain / PKCS #7, and
then post
Marsh Ray ma...@extendedsubset.com writes:
Certificate Authority (CA) to Chain to GeoTrust's Ubiquitous Public
Root
[...]
SAN FRANCISCO, RSA CONFERENCE, Feb. 14
February of which year? If it's from this year then they're really late to
the party, commercial CAs have been doing this for
Ben Laurie b...@links.org writes:
They appear to actually be selling sub-RA functionality, but very hard to
tell from the press release.
OK, so it does appear that people seem genuinely unaware of both the fact that
this goes on, and the scale at which it happens. Here's how it works:
1. Your
Nathan Loofbourrow njl...@gmail.com writes:
On Wed, Nov 30, 2011 at 4:47 PM, Rose, Greg g...@qualcomm.com wrote:
On 2011 Nov 30, at 16:44 , Adam Back wrote:
Are there really any CAs which issue sub-CA for deep packet inspection
aka
doing MitM and issue certs on the fly for everything
ianG i...@iang.org writes:
Is this in anyway a cause for action in contract? Is this a caused for
revocation?
And given that you have to ask the MITM for the revocation information, how
would you revoke such a cert?
And that was Why blacklists suck for validity checks, reason #872 in a series
ianG i...@iang.org writes:
On 1/12/11 15:10 PM, Peter Gutmann wrote:
ianGi...@iang.org writes:
Is this in anyway a cause for action in contract? Is this a caused for
revocation?
And given that you have to ask the MITM for the revocation information, how
would you revoke such a cert?
Wait
Jon Callas j...@callas.org writes:
And I presume you didn't save the cert.
Of course, we just need to have people look for these and then save them.
Cert *chain*, not cert. Save as PKCS #7/Certificate Chain from the browser
dialog.
Peter.
___
Marsh Ray ma...@extendedsubset.com writes:
On 11/27/2011 09:57 PM, Peter Gutmann wrote:
Unfortunately this doesn't explain how they go the 1024-bit and
longer keys that were also used in the attack.
Is that true? I haven't seen this reported. Link?
Off-list :-). Oh, wait a minute, there's
Steven Bellovin s...@cs.columbia.edu writes:
I'm writing something where part of the advice is don't buy snake oil
crypto, get the good stuff.
I wrote about this back in 2002 in Lessons Learned in Implementing and
Deploying Crypto Software, we've gone from straight snake oil to second-
order
John Levine jo...@iecc.com writes:
It's a theological issue. Some people like it, some people hate it, no
amount of arguing has ever made anyone change his mind about it.
In superior list software such as majordomo2, it's a configurable per-user
option.
In superior mail client software like
Particularly interesting is Some Principles of Cryptographic Security -
Summer 1974 - Vol. XIX, No. 3, sort of an updated/revisited version of the
oft-quoted Kerckhoffs's principles.
Peter.
___
cryptography mailing list
cryptography@randombit.net
Landon Hurley ljrhur...@gmail.com writes:
So would the recent $200 hardware break of hdmi encryption.
HDCP was a social, political, and economic fail, not necessarily a crypto
fail. I certainly don't want to denigrate the work that the guys the the Ruhr
Uni did, but you've been able to buy
Marsh Ray ma...@extendedsubset.com writes:
* Here's an example of RSA-512 certificates being factored and used to sign
malware:
http://blog.fox-it.com/2011/11/21/rsa-512-certificates-abused-in-the-wild/
That's an example of *claims* of 512-bit keys being factored, with the
thinking being
Steven Bellovin s...@cs.columbia.edu writes:
Does anyone know of any (verifiable) examples of non-government enemies
exploiting flaws in cryptography?
Could you be a bit more precise about what flaws in cryptography covers? If
you mean exploiting bad or incorrect implementations of crypto then
Solar Designer so...@openwall.com writes:
Here are some examples of 512-bit RSA keys factored:
Right, but that doesn't say anything about what happened here. In every other
case we know of in which malware has been signed by CA-issued certs, the keys
were either stolen or, more rarely, bought
JeffH jeff.hod...@kingsmountain.com writes:
Of possible interest:
The weakest link in the chain: Vulnerabilities in the SSL certificate
authority system and what should be done about them
It's not just NGOs that are seeing that browser PKI is the weakest link in
the chain. I was recently told
Jack Lloyd ll...@randombit.net writes:
For some reason RH legal seems especially frightened of crypto patents; it's
not like dozens of features of gcc, the kernel, etc aren't covered by patents.
They may just be choosing where to fight their battles. If adaptive source
routing (affecting all
Martin Paljak mar...@martinpaljak.net writes:
Taking into account the original request of getting something off-the-shelf
for PGP uses, this demand basically just rules out GnuPG for some users and
use cases.
At the risk of slight self-promotion, cryptlib,
Alfonso De Gregorio a...@crypto.lo.gy writes:
For a past project, I've been engineering a cryptographic appliance running
with Bull TrustWay CC2000
http://support.bull.com/ols/product/security/trustway/c2000/cc2000.html
It is a full-length PCI with on-board key storage.
Can you provide a bit
travis+ml-rbcryptogra...@subspacefield.org writes:
If we assume that the lifetime of the cert is there to limit its window of
vulnerability to factoring, brute force, and other attacks against
computational security properties,
Which only occurs in textbooks. It's probably not necessary to
Ben Laurie b...@links.org writes:
Wasn't that what SET did?
No. Or at least buried way, way down in a hidden corner there was something
that was a bit like that, sort of like painting one of the toenails on an
elephant, but the vast mass of the rest overwhelmed that one bit.
Peter.
ianG i...@iang.org writes:
C.f., revocation is broken. The disablement of OCSP checking has been ...
e widely suggested.
Which leads to a curious puzzler; if it doesn't work for users, who does it
work for? Ah, the cynicism :P
There are a number of revocation vendors who have (or had, a
Ben Laurie b...@links.org writes:
Well, don't tease. How?
The link I've posted before (but didn't want to keep spamming to the list):
http://www.cs.auckland.ac.nz/~pgut001/pubs/pki_risk.pdf
Peter.
___
cryptography mailing list
Ralph Holz h...@net.in.tum.de writes:
I am wondering if we can't get our hands on such a router and do a proof-of-
concept. Anyone in?
In terms of warkitting routers, they're pretty much all vulnerable [0], so all
you'd need to do after that is exploit the CA certs. OTOH if you can warkit
a
James A. Donald jam...@echeque.com writes:
The peers who do the peer reviewing for IDtrust, are not peers at all, but
high priests who review for doctrinal conformity to the consensus of the the
most holy synod,
I know you meant that tongue-in-cheek, but in some cases it's frighteningly
close
Randall Webmail rv...@insightbb.com writes:
Does this warkitting require physical access to the router?
No, it's all remotely done.
(This is why I have two different routers from different vendors between me
and the public internet, and have had this setup for about a decade now).
Peter.
Ralph Holz h...@net.in.tum.de writes:
In the EFF dataset of the full IPv4 space, I find 773,512 such certificates.
Could these be from the bizarro Korean DIY PKI (the NPKI) that they've
implemented? Could you post (or email) some of the certs?
Peter.
Ian G i...@iang.org writes:
When it came to actual failures ... they are silent. Still. But they love
their merry-go-round :)
There are ways to get off the merry-go-round. I've now put the slides for the
talk I'd mentioned last week, that I did at EuroPKI, up at
Arshad Noor arshad.n...@strongauth.com writes:
Just because you come across one compromised CA out of 100 in the browser,
does not imply that the remaining 99 are compromised (which is what you are
implying with your statement).
Since browser PKI uses universal implicit cross-certification, it
Arshad Noor arshad.n...@strongauth.com writes:
Rather than shoot from the hip, the logical way to propose a solution would
be to write a paper on it and submit it to IDTrust 2012 for discussion. If
it is selected, it will have the merit of having been reviewed and deemed
worthy of discussion.
M.R. makro...@gmail.com writes:
No one actively working against a government that is known to engage in
extra-legal killings will trust SSL secured e-mail to protect him or her from
the government surveillance.
That's a non-sequitur. What you're saying is that no-one working in an
environment
Marsh Ray ma...@extendedsubset.com writes:
The CAs can each fail on you independently. Each one is a potential weakest
link in the chain that the Relying Party's security hangs from. So their
reliability statistics multiply:
one CA: 0.99 = 99% reliability
two CAs: 0.99*0.99 = 98%
Paul Hoffman paul.hoff...@vpnc.org writes:
We don't all observe that. Some of us observe a third, more likely
approach: nothing significant happens due to this event. The collapse of
faith is only among the security folks whose faith was never there in the
first place. A week after the event, who
Lucky Green shamr...@cypherpunks.to writes:
Moreover, I noticed that some posts list one or more desirable properties and
requirements together with a proposed solution.
That's the nice thing about PKI, there's more than enough fail to go around.
Everyone gets to fix their own particular bit
Lucky Green shamr...@cypherpunks.to writes:
We are also seeing a near universal call for fixes of the broken PKI
paradigm. I couldn't agree more that fixes - and indeed redesigns - are badly
needed and have been for some 15+ years. Pretty much since the day the word
PKI was coined. What I hear
Andy Steingruebl a...@steingruebl.com writes:
Got a prioritized list? I'll tell you what I'm doing about them. Quite
seriously actually...
See my off-list reply (it's my earlier ref to the EuroPKI talk again :-), I'll
post the slides next week when I've done the talk.
Actually, figuring out
Ian G i...@iang.org writes:
Hence, the well-known race-to-the-bottom, which is a big factor in DigiNotar.
Actually I'm not sure that DigiNotar was the bottom, since they seem to have
been somewhat careful about the certs they issued. The bottom is the cert
vending machines that will issue a
Marsh Ray ma...@extendedsubset.com writes:
Do we need then a whole spectrum of Super Validation, Hyper Validation,
and Ludicrous Validation to address the ridiculous deficiencies found in
these current pwned EV CAs?
It has been suggested that we need a kind of meta-CA or CA for CAs (CACA).
Then
Marsh Ray ma...@extendedsubset.com writes:
He wants credit for saving the world from PKI!
He should get it. A number of security practitioners have been trying to tell
the world for more than a decade that this stuff, you know, doesn't actually,
well, work. Whoever's behind this has now made
Ian G i...@iang.org writes:
It is not a new observation that the original threat modelling had flaws you
could drive a truck through :)
You forgot to mention what the SSL/browser PKI threat model actually is, as
first pointed out by some guy called Grigg:
SSL/browser PKI is defined to be
[Responding to the same three lists as before, please trim followups if you
feel it's off-topic]
In response to my earlier OCSP is unfixably broken, by design comments, a
couple of people have responded off-list with variants of OK smartypants, how
would you do it better?. In order to provide a
Ralph Holz h...@net.in.tum.de writes:
I have some values from our own scans - scans conducted against hosts on the
Alexa Top 1M list.
Given that that particular Diginotar CA had only issued around 700 certs in
total, that means a significant fraction (at least a quarter, depending on how
many
[NB: CC'd to the randombit cryptography list, since this is an interesting
point for discussion].
Ian G i...@iang.org writes:
What we'll likely see now is a series of breaches at multiple levels to
acquire and misuse certs. We've seen compromises in the past, but what makes
this new is
http://www.diginotar.com/Portals/0/Skins/DigiNotar_V7_COM/image/home/headerimage/image01.png
The guy in the background must have removed his turban/taqiyah for the photo.
Peter.
___
cryptography mailing list
cryptography@randombit.net
Bob Lloyd boblloyd8...@yahoo.com writes:
Has anyone performed an analysis of the security of any of the available
smart card reader/external pin pad solutions? Are they effective at keeping
the pin from being accessible at the host to which the reader is connected?Â
Does anyone have any
Jeffrey Walton noloa...@gmail.com writes:
http://www.theregister.co.uk/2011/07/27/chip_crypto_cracked/
That's a really, really misleading tagline. They've successfully attacked the
bitstream encryption for Xilinx FPGAs, and while some of those are used by the
military, they're also used in
Ralph Holz h...@net.in.tum.de writes:
The question, after all, is how often do you really read the SSH warnings?
How often do you just type on or retry or press accept? What if you're the
admin who encounters this maybe 2-3 times day?
The August (I think) issue of ;login, the Usenix magazine (
Adam Back a...@cypherspace.org writes:
EKE for web login is decades overdue and if implemented and deployed properly
in the browser and server could pretty much wipe out phishing attacks on
passwords.
We have source code for apache, mozilla, maybe could persuade google; and
perhaps microsoft and
Andy Steingruebl a...@steingruebl.com writes:
The way it for for everyone I knew that went through it was:
1. Sniffing was sort of a problem, but most people didn't care
2. Telnet was quite a bit of a pain, especially when using NAT, and wanting
to do X11 forwarding
3. Typing in your password
Andy Steingruebl a...@steingruebl.com writes:
Hmm, do you know that many sysadmins outside high-security conscious areas
that really cared about typing the root password over telnet, especially back
in 1997? I don't. Academia and banks cared, and often deployed things like
securid or OPIE/SKEY
Ian G i...@iang.org writes:
Microsoft have a big interest in bypassing the status quo, and they've tried
several times. But each time it isn't for the benefit of the users, more for
their own benefit, in that they've tried to rebuild the security
infrastructure with themselves in control.
Zooko O'Whielacronx zo...@zooko.com writes:
Hm, digging around in my keepsakes cabinet, I unfortunately do not find the
original state transition diagram that I mentioned above, but I do find an
artifact that I wrote a few months later=E2=80=94a sketch of a protocol that
I called ZRTP lite which
Matthijs R. Koot k...@uva.nl writes:
A low-complexity alternative to SSH seems useful and might perhaps allow
validation by formal methods...
Funny you should mention that, I suggested this to someone recently because
it's something that's never been formally analysed and is likely an easy
Sampo Syreeni de...@iki.fi writes:
To my mind the difference seemed to be about shallow versus deep parsing. You
can't really deep parse anything in BER with implicit tagging,
You can deep-parse, you just need to apply some basic heuristics (e.g. if
it's an octet string and the first byte is
Nico Williams n...@cryptonector.com writes:
On Wed, Jul 6, 2011 at 12:06 AM, Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
(The ASN.1 filter I mentioned earlier is a stripped-down version of dumpasn1.
Remember that dataset of 400K broken certs that NISCC generated a few years
ago
I wrote:
BER and DER are actually the safest encodings of the major security protocols
I work with.
Based on the following, which just appeared on another list:
In contrast to RFC 5280, X.509 does not require DER encoding. It only
requires that the signature is generated across a DER
coderman coder...@gmail.com writes:
H3 should be Gospel: There is Only One Mode and it is Secure
Also known as Grigg's Law. The corollary, for protocols where there *are*
options, is There is one one cipher suite and that is Suite #1.
Peter.
___
Nico Williams n...@cryptonector.com writes:
Why even have a tag?? The ASN.1 Packed Encoding Rules (think ONC XDR with 1-
byte alignment instead of 4-byte alignment) doesn't use tags at all.
Which makes them impossible to statically check, and leads to hellishly
complex decoders.
In
Nico Williams n...@cryptonector.com writes:
In other words, in ASN.1 as it's used you have to know the schema and message
type in order to do a good job of parsing the message,
No you don't. I give as a counterexample dumpasn1, which knows nothing about
message types or schemas, but parses
James A. Donald jam...@echeque.com writes:
I rather think it is the right forum, for this forum is applied cryptography,
and application usually requires password handling.
If we are going to go beyond seven bit ascii, unicode is the only thing that
is going to avoid compatibility hell.
I
In case this is useful to anyone, here's the Windows code to use rdrand, to
complement the gcc version for Unix systems. It'll also be present in the
next release of the cryptlib RNG code, available under a GPL, LGPL, or BSD
license, depending on which you prefer.
#if defined( _MSC_VER )
101 - 200 of 226 matches
Mail list logo