Re: [cryptography] Cryptome’s searing critique of Snowden Inc.

(Note: Removed some mailing lists that I am not subscribed to.) On Sun, Feb 14, 2016 at 5:38 AM, John Young wrote: > > Cryptome's searing critique of Snowden Inc. > > http://timshorrock.com/?p=2354 One thing that I'm not quite getting here that perhaps you can explain. Ms. Natsios made this comm

Re: [cryptography] Java RNG

On Wed, Dec 30, 2015 at 10:24 AM, Givon Zirkind wrote: > Does anyone have any thoughts on the randomness of the Java random number > generator? You really need to be more specific. Here are some things to consider in no particular order: 1) java.util.Random vs. java.security.SecureRandom Th

Re: [cryptography] fonts and viruses

On Dec 15, 2015 9:49 AM, "Marcus Brinkmann" < marcus.brinkm...@ruhr-uni-bochum.de> wrote: > > I'd start here: > > http://www.cvedetails.com/vulnerability-list/vendor_id-9705/product_id-17354/opec-1/Pango-Pango.html > > But if you are looking for specific examples, I don't know any. > > What you are

[cryptography] Fwd: [SC-L] Silver Bullet: Whitfield Diffie

Seems as though this interview might be of interest to those on these lists. I've not listened to it yet so I don't know how interesting it may be. -kevin P.S. - Happy Gnu Year to all of you. Sent from my Droid; please excuse typos. -- Forwarded message -- From: "Gary McGraw" Date

Re: [cryptography] Browser JS (client side) crypto FUD

[Note: Dropped cypherpunks list as I'm not subscribed to that list.] On Sat, Jul 26, 2014 at 11:03 AM, Lodewijk andré de la porte wrote: > http://matasano.com/articles/javascript-cryptography/ > > Is surprisingly often passed around as if it is the end-all to the idea of > client side JS crypto.

Re: [cryptography] Best practices for paranoid secret buffers

On Wed, May 7, 2014 at 8:15 AM, Jeffrey Walton wrote: > On Tue, May 6, 2014 at 11:56 PM, Tony Arcieri wrote: >> Can anyone point me at some best practices for implementing buffer types for >> storing secrets? >> >> There are the general coding rules at cryptocoding.net for example, that say >> yo

Re: [cryptography] question about heartbleed on Linux

On Thu, Apr 10, 2014 at 1:09 PM, Scott G. Kelly wrote: > A friend and I were discussing this. If the memory management is "lazy" > (doesn't clear on page allocation/free), and if processes don't clear their > own memory, I wondered if heartbleed would expose anything. My friend thinks > "modern" o

[cryptography] A little crypto protocol humor

http://xkcd.com/1323/ Enjoy, -kevin -- Blog: http://off-the-wall-security.blogspot.com/ NSA: All your crypto bit are belong to us. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] NSA Molecular Nanotechnology hardware trojan

On Jan 6, 2014 10:29 AM, "Krassimir Tzvetanov" wrote: > > Guys, are you trying to kill this list as well? > > Can you, please, move this discussion to the sci-fi or theory of conspiracy _forums_. Indeed; let's not feed the trolls! -kevin Sent from my Droid; please excuse typos. _

Re: [cryptography] NSA Molecular Nanotechnology hardware trojan

On Jan 6, 2014 10:29 AM, "Krassimir Tzvetanov" wrote: > > Guys, are you trying to kill this list as well? > > Can you, please, move this discussion to the sci-fi or theory of conspiracy _forums_. Indeed; let's not feed the trolls! -kevin Sent from my Droid; please excuse typos. _

Re: [cryptography] To Protect and Infect Slides

On Tue, Dec 31, 2013 at 3:13 PM, Jacob Appelbaum wrote: > Kevin W. Wall: > > On Tue, Dec 31, 2013 at 3:10 PM, John Young wrote: > > > >> 30c3 slides from Jacob Appelbaum: > >> > >> http://cryptome.org/2013/12/appelbaum-30c3.pdf (3.8MB) > >

Re: [cryptography] To Protect and Infect Slides

On Tue, Dec 31, 2013 at 3:10 PM, John Young wrote: > 30c3 slides from Jacob Appelbaum: > > http://cryptome.org/2013/12/appelbaum-30c3.pdf (3.8MB) > And you can find his actual prez here: Worth the hour, although I'm sure your blood pressure will go

Re: [cryptography] Password Blacklist that includes Adobe's Motherload?

On Thu, Nov 14, 2013 at 6:07 PM, Patrick Mylund Nielsen wrote: > On Thu, Nov 14, 2013 at 5:57 PM, Ben Laurie wrote: >> >> On 14 November 2013 03:29, shawn wilson wrote: >> > This is the only thing I've seen (haven't really looked): >> > http://stricture-group.com/files/adobe-top100.txt >> >> I h

Re: [cryptography] urandom vs random

On Fri, Aug 23, 2013 at 12:54 AM, Patrick Pelletier wrote: > > On 8/22/13 9:40 AM, Nico Williams wrote: > >> My suggestion is /dev/urandomN where N is one of 128, 192, or 256, and >> represents the minimum entropy estimate of HW RNG inputs to date to >> /dev/urandomN's pool. If the pool hasn't re

Re: [cryptography] "best practices" for hostname validation when using JSSE

On Fri, Aug 9, 2013 at 3:03 PM, Patrick Pelletier wrote: > One thing mentioned in the "Most Dangerous Code in the World" paper (and > I've verified experimentally) is that JSSE doesn't validate the hostname > against the X.509 certificate, so if one uses JSSE naively, one is open to > man-in-the-m

[cryptography] Recommendations for glossary of cryptographic terms

I am trying to wrap of the writing of the cryptography section of the new OWASP Dev Guide 2013 and rather than writing all my definitions, my thought was to just refer to some good glossary of cryptographic terms rather than doing all that work over again (and probably not as well). Does anyone ha

[cryptography] Interesting presentation on CryptDB

There is very interesting presentation at Microsoft Research by MIT PhD candidate Raluca Ada Popa on CryptoDB over at: http://research.microsoft.com/apps/video/default.aspx?id=178914 CryptDB works as a trusted proxy used on the application side and is completely transparent to the database and

[cryptography] OT: Skype-Based Malware Forces Computers into Bitcoin Mining

You know Bitcoin must have "arrived" when this is going on. (For that matter, I even heard Bitcoin mentioned on NPR a few days ago.) As reported on IEEE Computer Society's _Computing Now_ news site:

[cryptography] Privacy-Preserving Photo Sharing via crypto

http://www.usc.edu/uscnews/newsroom/news_release.php?id=3017 Interesting use of crypto, not a lot of details here. Haven't checked the USENIX proceedings yet though. However, somewhat disturbing though that software developed via NFS grants on the U.S. taxpayer's dime can be patented. -kevin --

Re: [cryptography] ICIJ's project - comment on cryptography & tools

Some OT comments to an OT response... On Mon, Apr 8, 2013 at 8:30 AM, ianG wrote: > On 7/04/13 09:38 AM, Nico Williams wrote: [big snip] >> We've built a house of cards, not so much on the Internet as >> on the web (but not only!). Web application security is complete >> mess. And anyways, we b

Re: [cryptography] ICIJ's project - comment on cryptography & tools

On Sat, Apr 6, 2013 at 7:34 AM, ianG wrote: > On 6/04/13 07:27 AM, Nico Williams wrote: [snip] > This bit: > >> We hope the NSA types haven't forgotten that good guys >> need crypto, whether LEA like it or not. > > I personally believe that the NSA's policy that the good guys don't need > good cry

[cryptography] RSA SecurID breach (was "Re: Here's What Law Enforcement Can Recover From A Seized iPhone")

Note subject change. On Thu, Mar 28, 2013 at 9:36 PM, Steven Bellovin wrote: >> All excellent, well articulated points. I guess that means that >> RSA Security is an insane company then since that's >> pretty much what they did with the SecurID seeds. > > Well, we don't really know what RSA store

Re: [cryptography] Here's What Law Enforcement Can Recover From A Seized iPhone

On Thu, Mar 28, 2013 at 7:27 PM, Jon Callas wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > [Not replied-to cryptopolitics as I'm not on that list -- jdcc] Ditto. > On Mar 28, 2013, at 3:23 PM, Jeffrey Goldberg wrote: > >>> Do hardware manufacturers and OS vendors have alternate me

Re: [cryptography] Cryptographers win Turing award

On Mar 14, 2013 7:52 AM, "ianG" wrote: > ACM Press release is helpful: > http://www.acm.org/press-room/news-releases/2013/turing-award-12 > Wikipedia is too: > http://en.wikipedia.org/wiki/Probabilistic_encryption > better copy of the 1984 article: > http://groups.csail.mit.edu/cis/pubs/shafi/19

[cryptography] Cryptographers win Turing award

MIT professors Shafi Goldwasser and Silvio Micali were selected as this year's ACM Turing award winner. Their work on introducing mathematical formalism to the field of cryptography was cited. http://www.networkworld.com/news/2013/031313-turing-award-267635.html -- Blog: http://off-the-wall-secu

[cryptography] Recommendations for crypto package for ASP.NET 4.5

Hi list, I'm looking for some crypto package (preferably FOSS) that supports some sort of authenticated encryption cipher mode (prefer GSM or CCM, but anything without patent encumbrances will probably do) that will work for ASP.NET 4.5 out-of-the-box. It can be built from C code if there is a man

Re: [cryptography] side channel analysis on phones

Ian, Hopefully some more food for thought. However, given that neither Android development nor side-channels is where my expertise lies, I can't guarantee that such "food" won't cause undue illness. ;-) On Sat, Mar 9, 2013 at 5:06 AM, ianG wrote: >> On Mar 8, 2013 5:46 AM, "Ethan Heilman" >

Re: [cryptography] Eating your own dog food

On Tue, Feb 12, 2013 at 5:00 PM, ianG wrote: > On 12/02/13 04:49 AM, Kevin W. Wall wrote: > > > > In addition to >> using their own software, you would have thought that they at least >> would have air-gapped their code-signing private key, or at a minimum, >&g

Re: [cryptography] Q: CBC in SSH

On Mon, Feb 11, 2013 at 6:20 PM, Peter Gutmann wrote: > > > ... I don't understand the resistance either, in the case > of TLS it's such a trivial change (in my case it was two lines of code > added > and two lines swapped, alongside hundreds of lines of ad-hockery dealing > with > MAC-then-en

[cryptography] Eating your own dog food

[Full-disclosure: I am not a Bit9 customer; I just get their spam^H^H^H^H, er, informative product emails, thanks to a colleague who signed me up for their mailing list.] Security company, Bit9, has been hacked and have had their private code-signing keys for their flagship software stolen. This

Re: [cryptography] any reason to prefer one java crypto library over another

At long last, a question that I can (almost) answer! ;-) On Tue, Jan 29, 2013 at 9:05 PM, wrote: > First, are there any documented vulns in java cryptography providers, > such that one would prefer one over another? I'm not aware of any outstanding vulnerabilities, but there have been a few in t

Re: [cryptography] phishing/password end-game (Re: Why anon-DH ...)

On Wed, Jan 16, 2013 at 9:21 PM, wrote: > > > To clarify: I think everyone and everything should be identified by > > their public key,... > > Would re-analyzing all this in a key-centric model rather than > a name-centric model offer any insight? (key-centric meaning > that the key is the id

[cryptography] Rocra malware targets files encrypted by Acid Cryptofiler

May be of some interest to this group. Looks like another US intelligence cyber-espionage malware has been reported by Kaspersky, this time primarily targeting former Soviet-block republics. Full story is here:

Re: [cryptography] yet another certificate MITM attack

On Sat, Jan 12, 2013 at 4:37 PM, Jeffrey Walton wrote: > On Sat, Jan 12, 2013 at 2:35 PM, Kevin W. Wall wrote: [snip] >> Whoa...hold on there Jeff. I'm hoping that I'm misunderstanding your >> last statement about what the pen testers did to "destroy a secure >&

Re: [cryptography] yet another certificate MITM attack

Relevant to this thread, but OT to the charter of this list. On Sat, Jan 12, 2013 at 5:46 AM, Jeffrey Walton wrote: > On Sat, Jan 12, 2013 at 4:27 AM, ianG wrote: >> On 11/01/13 02:59 AM, Jon Callas wrote: >>> >>> -BEGIN PGP SIGNED MESSAGE- >>> Hash: SHA1 >>> >>> Others have said pretty

Re: [cryptography] current limits of proving MITM (Re: Gmail and SSL)

[A bit OT. Sorry] On Sun, Dec 16, 2012 at 5:51 PM, Jeffrey Walton wrote: > On Sun, Dec 16, 2012 at 4:48 AM, ianG wrote: >> On 16/12/12 11:47 AM, Adam Back wrote: [snip] >>> On Sun, Dec 16, 2012 at 10:52:37AM +0300, ianG wrote: [...] we want to prove that a certificate found in an MITM

Re: [cryptography] Questions about crypto in Oracle TDE

On Sun, Nov 11, 2012 at 4:19 PM, Jeffrey I Schiller wrote: > This all sounds like another variation on "encrypting data at rest." It > protects against threats related to acquisition (legally or not) of the > media that the data is stored on. [snip] > At first I thought all of this of limited va

Re: [cryptography] Questions about crypto in Oracle TDE

On Sun, Nov 11, 2012 at 7:34 AM, Florian Weimer wrote: > * Kevin W. Wall: > >> Oracle TDE is being looked at as oneoption because it is thought to be >> more or less transparent to application itself and its JDBC code. > > If it's transparent, it's unlikel

Re: [cryptography] Questions about crypto in Oracle TDE

On Thu, Nov 8, 2012 at 11:25 PM, ianG wrote: > On 9/11/12 15:00 PM, Kevin W. Wall wrote: > >> I was only considering it because it seemed like it was the easiest way >> to get from point A (plaintext SSNs) to point B (encrypted SSNs). Been >> trying to get that done for al

Re: [cryptography] Questions about crypto in Oracle TDE

On Thu, Nov 8, 2012 at 6:22 PM, Morlock Elloi wrote: > We have been using a different approach for securing particular fields in the > database. > > The main issue with symmetric ciphers inside (distributed) systems is that > the encrypting entity is always the most numerous weak point. Whoever

Re: [cryptography] Questions about crypto in Oracle TDE

Adam, Thanks for answering. On Thu, Nov 8, 2012 at 1:09 PM, Adam Back wrote: > I'd guess they mean salt is pre-pended to the plaintext and then presume eg > then salt + plaintext encrypted with AES in CBC mode with a zero IV. That > would be approximately equivalent to encrypting with a random

[cryptography] Questions about crypto in Oracle TDE

All, I'm hoping someone on this list can either provide details on how Oracle's "Transparent Data Encryption" (TDE) works in their Oracle Database, especially with Oracle 10g. We have an application that is storing SSNs as cleartext which they are finally getting read to store in an encrypted for

Re: [cryptography] Public Key Pinning Extension for HTTP (draft-ietf-websec-key-pinning-01)

On Nov 1, 2012 5:23 PM, "Jeffrey Walton" wrote: > > Hi All, > > I was reading through Public Key Pinning Extension for HTTP > (draft-ietf-websec-key-pinning-01, > http://tools.ietf.org/html/draft-ietf-websec-key-pinning-01). > > Section 3.1. Backup Pins, specifies that a backup should be available

[cryptography] Reaction to SHA-3 announcement

Observation after reading today's posts to this list. I think this should be the next xkcd cartoon: NIST: Keccak ... FTW!!! Cryptographers: Keccak ... WTF??? Just sayin'. -kevin Sent from my Droid; please excuse typos. ___ cryptogr

Re: [cryptography] Data breach at IEEE.org: 100k plaintext passwords.

I'm thinking the IEEE should pick up the membership dues for 2013 for all those 100k users. :-p -kevin Sent from my Droid; please excuse typos. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptogra

Re: [cryptography] Data breach at IEEE.org: 100k plaintext passwords.

-kevin Sent from my Droid; please excuse typos. On Sep 25, 2012 1:39 PM, "Jeffrey Walton" wrote: > > In case anyone on the list might be affected... [Please note: I am not > the "I' in the text below] > > http://ieeelog.com For shame. This should make for a "nice" article in a future _IEEE Securi

Re: [cryptography] Key extraction from tokens (RSA SecurID, etc) via padding attacks on PKCS#1v1.5

On Mon, Jul 2, 2012 at 1:56 AM, Jeffrey Walton wrote: > On Sat, Jun 30, 2012 at 11:11 PM, Noon Silk wrote: >> From: >> http://blog.cryptographyengineering.com/2012/06/bad-couple-of-years-for-cryptographic.html [snip] >> Direct link to the paper: >> http://hal.inria.fr/docs/00/70/47/90/PDF/RR-7

Re: [cryptography] Intel RNG

Marsh, Am I missing something? On Fri, Jun 22, 2012 at 1:06 PM, Marsh Ray wrote: > On 06/21/2012 09:05 PM, ianG wrote: >> >> >> On 22/06/12 06:53 AM, Michael Nelson wrote: [snip] >> It's a natural human question to ask. "I want to see what's under the >> hood." But it seems there is also a very

Re: [cryptography] data integrity: secret key vs. non-secret verifier; and: are we winning?

On Wed, May 2, 2012 at 5:01 AM, Darren J Moffat wrote: > On 05/02/12 06:33, Kevin W. Wall wrote: >> >> primitives that do not include *any* AE cipher modes at all. Some >> great examples are in the standard SunJCE that comes with the >> JDK (you have to use somethi

Re: [cryptography] data integrity: secret key vs. non-secret verifier; and: are we winning? (was: “On the limits of the use cases for authenticated encryption”)

On Thu, Apr 26, 2012 at 12:22 AM, Nico Williams wrote: > Also, > > On Wed, Apr 25, 2012 at 10:11 PM, Zooko Wilcox-O'Hearn > wrote: [big snip] >> I don't question the usefulness of the Authenticated Encryption >> abstraction for protocols that fall into that category. > > Right, me either.  I c

Re: [cryptography] "Combined" cipher modes

Jeff, On Wed, Apr 11, 2012 at 8:02 AM, Jeffrey Walton wrote: > On Wed, Apr 11, 2012 at 1:22 AM, Kevin W. Wall wrote: >> On Tue, Apr 3, 2012 at 9:35 AM, ianG wrote: >>> >>> [Big SNIP] >>> >> >> The big risk in having CCs or banking info s

Re: [cryptography] "Combined" cipher modes

On Tue, Apr 3, 2012 at 9:35 AM, ianG wrote: > Belated reply! On belated reply deserves another. Actually Uncle Sam has me busy doing taxes and GSoC busy with mentoring activities. > On 21/02/12 06:40 AM, Kevin W. Wall wrote: >> >> First of all, let me thank all who have res

Re: [cryptography] [info] The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)

On Mar 24, 2012 3:29 AM, "Marsh Ray" wrote: > > On 03/24/2012 01:28 AM, J.A. Terranson wrote: >> >> >> Ah... Probably not. Think Jim Bell et al. I suspect it is far more >> likely that the vast majority of subscribers here are listed in the >> Potentially Dangerous category, if not the flat

Re: [cryptography] trustwave admits issuing corporate mitm certs

On Mon, Feb 27, 2012 at 6:08 PM, coderman wrote: > On Sat, Feb 25, 2012 at 4:54 PM, Marsh Ray wrote: >>... >> Still it might be worth pointing that if Wells Fargo really wanted to forbid >> a Trustwave network-level MitM, SSL/TLS provides the capability to enforce >> that policy at the protocol l

Re: [cryptography] US Appeals Court upholds right not to decrypt a drive

On Sun, Feb 26, 2012 at 8:36 PM, James A. Donald wrote: > On 2012-02-27 3:35 AM, Jon Callas wrote: >> Remember what I said -- they're law enforcement and border >> control. In their world, Truecrypt is the same thing as a >> suitcase with a hidden compartment. When someone crosses a >> border (or

Re: [cryptography] Explaining crypto to engineers (was: Duplicate primes in lots of RSA moduli)

one with sufficient experience/expertise to ask (the > mentoring part mentioned in this thread) > > F) understanding randomness/entropy is very hard, implementing correctly > extremely hard > > - end short summary - > > > Some answers/opinions on Kevin's points,

Re: [cryptography] US Appeals Court upholds right not to decrypt a drive

On Sat, Feb 25, 2012 at 2:50 AM, Jon Callas wrote: [snip] > But to get to the specifics here, I've spoken to law enforcement and > border control people in a country that is not the US, who told me > that yeah, they know all about TrueCrypt and their assumption is > that *everyone* who has TrueC

Re: [cryptography] Duplicate primes in lots of RSA moduli

Apologies for this being a bit OT as far as the charter of this list goes, and perhaps a bit self-serving as well. I hope you will bear with me. I'm going to use Adam's comment as a jumping off point. I hope that Adam doesn't mind because I've not asked him in advance. (Right now, Adam is saying t

Re: [cryptography] "Combined" cipher modes

anG wrote: > On 20/02/12 18:11 PM, Kevin W. Wall wrote: >> >> Hi list, >> >> This should be a pretty simple question for this list, so please pardon >> my ignorance. But better to ask than to continue in ignorance. :-) >> >> NIST refers to "combined&

[cryptography] "Combined" cipher modes

Hi list, This should be a pretty simple question for this list, so please pardon my ignorance. But better to ask than to continue in ignorance. :-) NIST refers to "combined" cipher modes as those supporting *both* authenticity and confidentiality, such as GCM and CCM. So my first question: Are t

Re: [cryptography] trustwave admits issuing corporate mitm certs

On Wed, Feb 15, 2012 at 12:49 AM, Jeffrey Walton wrote: > On Sun, Feb 12, 2012 at 8:17 PM, Steven Bellovin wrote: >> >> On Feb 12, 2012, at 6:31 AM, Harald Hanche-Olsen wrote: >> >>> [Jeffrey Walton (2012-02-12 10:57:02 UTC)] >>> (1) How can a company actively attack a secure channel and ta

Re: [cryptography] trustwave admits issuing corporate mitm certs

On Sun, Feb 12, 2012 at 9:52 PM, Nico Williams wrote: > On Sun, Feb 12, 2012 at 7:51 PM, Krassimir Tzvetanov > wrote: >> Sorry, tough questions only... no answers :) > > Not really tough.  A good policy is: don't allow personal use of the > corporate network.  No gmail.  No yahoo.  No employee-ow

Re: [cryptography] Well, that's depressing. Now what?

On Sat, Jan 28, 2012 at 11:13 AM, Warren Kumari wrote: > Fine. Good point. > > For future reference (just so the researchers are aware, you understand): > Quantum foo does not protect against: > Stealing interesting things before they reach the encryption bit. > Employees who copy the plain text o

Re: [cryptography] Password non-similarity?

On Tue, Jan 3, 2012 at 8:07 PM, wrote: > >  > So I would conjecture, at least in cases like this where users only >  > login infrequently, that the password change policy every N days >  > be done away with, or at the very least, we make N something >  > reasonably long, like 365 or more days. >

Re: [cryptography] Password non-similarity?

On Mon, Jan 2, 2012 at 7:12 PM, Craig B Agricola wrote: > On Sun, Jan 01, 2012 at 03:16:39AM -, John Levine wrote: >> Where's this log?  Wherever it is, it's on a system that also has their >> actual password. >> >> If I wanted to reverse engineer passwords, this doesn't strike me as a >> part

Re: [cryptography] Password non-similarity?

On 2012/1/2 lodewijk andré de la porte : > The reason for regular change is very good. It's that the low-intensity > brute forcing of a password requires a certain stretch of time. Put the > change interval low enough and you're safer from them. This may make sense in specific cases, but in the ge

Re: [cryptography] Password non-similarity?

On Sat, Dec 31, 2011 at 10:32 PM, Jeffrey Walton wrote: > On Sat, Dec 31, 2011 at 10:29 PM, Kevin W. Wall > wrote: >> On Sat, Dec 31, 2011 at 9:56 PM, Jeffrey Walton wrote: >>> On Sat, Dec 31, 2011 at 9:05 PM, Kevin W. Wall >>> wrote: >>>> On Tue

Re: [cryptography] Password non-similarity?

On Sat, Dec 31, 2011 at 10:24 PM, Randall Webmail wrote: > From: Kevin W. Wall > >>Boy, the latter sounds like advice that a black hat hacker would give someone >>to > ensure simple dictionary attacks are successful. Your dog's name? Really??? > > Beats the usua

Re: [cryptography] Password non-similarity?

On Sat, Dec 31, 2011 at 9:56 PM, Jeffrey Walton wrote: > On Sat, Dec 31, 2011 at 9:05 PM, Kevin W. Wall wrote: >> On Tue, Dec 27, 2011 at 6:12 PM, Steven Bellovin >> wrote: >> [snip] >>> Here's a heretical thought: require people to change their passwords --

Re: [cryptography] Password non-similarity?

On Sat, Dec 31, 2011 at 9:02 PM, Bernie Cosell wrote: > On 1 Jan 2012 at 11:02, Peter Gutmann wrote: > >> Bernie Cosell writes: >> >On 31 Dec 2011 at 15:30, Steven Bellovin wrote: >> >> Yes, ideally people would have a separate, strong password, changed >> >> regularly for every site. >> > >> >Th

Re: [cryptography] Password non-similarity?

On Tue, Dec 27, 2011 at 6:12 PM, Steven Bellovin wrote: [snip] > Here's a heretical thought: require people to change their passwords -- > and publish the old ones.  That might even be a good idea... I'm not sure if you were just being facetious here or if you were serious, but you know, I think

Re: [cryptography] Password non-similarity?

On Fri, Dec 30, 2011 at 8:40 PM, Randall Webmail wrote: > On Tue, 27 Dec 2011 15:54:35 -0500 (EST), Jeffrey Walton > wrote: >>Hi All, >> >>We're bouncing around ways to enforce non-similarity in passwords over >> time: password1 is too similar too password2 (and similar to >> password3, etc). >

Re: [cryptography] implementation of NIST SP-108 KDFs?

Adam, On Wed, Dec 28, 2011 at 5:51 PM, Adam Back wrote: > As there are no NIST KAT / test vectors for the KDF defined in NIST SP 108, > I wonder if anyone is aware of any open source implementations of them to > use for cross testing? I am not aware of any NIST test vectors, but ESAPI Java does

Re: [cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

On Fri, Dec 2, 2011 at 1:07 AM, Peter Gutmann wrote: [snip] > OK, so it does appear that people seem genuinely unaware of both the fact that > this goes on, and the scale at which it happens.  Here's how it works: > > 1. Your company or organisation is concerned about the fact that when people > g

[cryptography] Bitcoin featured the IEEE Spectrum

In case anyone is interested... http://spectrum.ieee.org/computing/networks/the-worlds-first-bitcoin-conference/ -kevin -- Blog: http://off-the-wall-security.blogspot.com/ "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're comput

Re: [cryptography] validating SSL cert chains & timestamps

On Fri, Oct 7, 2011 at 5:56 PM, Peter Gutmann wrote: > travis+ml-rbcryptogra...@subspacefield.org writes: > > >If we assume that the lifetime of the cert is there to limit its window of > >vulnerability to factoring, brute force, and other attacks against > >computational security properties, > >

Re: [cryptography] Client certs

On Tue, Sep 27, 2011 at 10:17 AM, M.R. wrote: > On 25/09/11 21:52, ianG wrote: >> >> ... Any client cert is better than the current best saved >> password situation, because the technical security of a >> public key pair always exceeds a password... > > Client certs are not a practical solution fo

[cryptography] Duong-Rizzo TLS attack (was 'Re: SSL is not "broken by design"')

On Mon, Sep 19, 2011 at 12:42 PM, Marsh Ray wrote: > IMHO, as far as crypto protocols go the TLS protocol itself is pretty solid > as long as the endpoints restrict themselves to negotiating the right > options. > > On that note, there's a little more info coming out on the Duong-Rizzo > attack: >

[cryptography] DigiNotar news

The DigiNotar breach made the IEEE Spectrum: I only skimmed it and while I didn't see anything new, it is

Re: [cryptography] Let's go back to the beginning on this

[Note to moderator: May be slightly OT. Unfortunately, Gmail web interface won't allow me to alter the Subject: to mention it there.] On Wed, Sep 14, 2011 at 5:52 PM, Seth David Schoen wrote: > More fundamentally, as Peter Biddle points out, trust isn't > transitive. Suppose we think that a par

Re: [cryptography] Let's go back to the beginning on this

On Tue, Sep 13, 2011 at 2:22 PM, Andy Steingruebl wrote: > On Tue, Sep 13, 2011 at 10:48 AM, Steven Bellovin > wrote: > >> Furthermore, >> they're probably right; most of the certificate errors I've >> seen over the years were from ordinary carelessness or errors, >> rather than an attack; click

Re: [cryptography] Diginotar broken arrow as a tour-de-force of PKI fail

On Mon, Sep 5, 2011 at 9:29 PM, Marsh Ray wrote: > > Preliminary report on-line: > >> >> http://www.rijksoverheid.nl/documenten-en-publicaties/rapporten/2011/09/05/fox-it-operation-black-tulip.html I don't read Dutch(?), but seems to have been pulled down. I saw it yesterday. Was hoping to share

Re: [cryptography] An appropriate image from Diginotar

On Tue, Aug 30, 2011 at 1:02 PM, Peter Gutmann wrote: > http://www.diginotar.com/Portals/0/Skins/DigiNotar_V7_COM/image/home/headerimage/image01.png > > The guy in the background must have removed his turban/taqiyah for the photo. In keeping with the impersonation theme and Peter Steiner's famous

Re: [cryptography] OT: Found: the missing link in RSA SecurID hack Read more: Found: the missing link in RSA SecurID hack

On Fri, Aug 26, 2011 at 11:36 PM, Jeffrey Walton wrote: > It kind of takes the wind out of the sails of the "Advanced Persistent > Threat" defense > > http://www.pcpro.co.uk/news/security/369556/found-the-missing-link-in-rsa-securid-hack: Pretty much what I've been saying all along, every sin

Re: [cryptography] Single-key key recovery for full AES

On Sat, Aug 20, 2011 at 12:12 PM, Ian G wrote: > Curiously, AES is now being reported as "broken." > > http://www.theregister.co.uk/2011/08/19/aes_crypto_attack/ Well, in the headlines they claim this, but if you read the article, to their credit, the quote Nate Lawson as saying: “However, i

Re: [cryptography] OT: RSA's Pwnie Award

On Mon, Aug 8, 2011 at 8:00 PM, Jeffrey Walton wrote: > In case anyone is interested, RSA won a Pwnie for lamest vendor > response for its RSA SecurID token compromise: > http://pwnies.com/winners/ What, you didn't like that "APT" excuse? ;-) Rightly deserved, I'd say. -kevin -- Blog: http://o

Re: [cryptography] preventing protocol failings

On Wed, Jul 13, 2011 at 11:39 AM, Andy Steingruebl wrote: > On Wed, Jul 13, 2011 at 7:11 AM, Peter Gutmann > wrote: >> Andy Steingruebl writes: >> >>>The way it for for everyone I knew that went through it was: >>> >>>1. Sniffing was sort of a problem, but most people didn't care >>>2. Telnet wa

Re: [cryptography] preventing protocol failings

On Wed, Jul 13, 2011 at 2:01 AM, Ian G wrote: > On 13/07/11 9:25 AM, Marsh Ray wrote: >> >> On 07/12/2011 04:24 PM, Zooko O'Whielacronx wrote: >>> >>> On Tue, Jul 12, 2011 at 11:10 AM, Hill, Brad >>> wrote: I have found that when H3 meets deployment and use, the reality too often be

Re: [cryptography] preventing protocol failings

On Wed, Jul 13, 2011 at 2:02 AM, Ian G wrote: > On 13/07/11 3:10 AM, Hill, Brad wrote: >> >> Re: H3, "There is one mode and it is secure" >> >> I have found that when H3 meets deployment and use, the reality too often >> becomes: "Something's gotta give."  We haven't yet found a way to hide >> eno

Re: [cryptography] this house believes that user's control over the root list is a placebo

On Mon, Jun 27, 2011 at 8:59 PM, Arshad Noor wrote: > In 2008, I sent the following e-mail to my representatives and both > Presidential candidates: > > http://seclists.org/dataloss/2008/q3/133 > > Its intent was to initiate a change in policy wrt breach disclosures. > There was not even the court

Re: [cryptography] IETF Working Group Charter on Common Interface to Cryptographic Modules (CICM)

On Wed, Jun 22, 2011 at 8:17 AM, Peter Gutmann wrote: > Marsh Ray writes: > >>Right, so one of the lessons learned here was that if IETF had considered >>APIs and not just protocols those bugs in TLS would have been found long ago. > > A pen-tester I know once found a (fairly serious) security ho

[cryptography] IETF Working Group Charter on Common Interface to Cryptographic Modules (CICM)

First of all, I must say I apologize to Lev Novikov, as I promised to do this several months ago, but unfortunately I had completely forgotten about it. My bad. I hope, better late than never. There is a IETF working group that is working on defining something that may interest the readers of this

Re: [cryptography] crypto & security/privacy balance (Re: Digital cash in the news...)

On Thu, Jun 16, 2011 at 5:27 PM, James A. Donald wrote: > On 2011-06-17 4:02 AM, Nico Williams wrote: > > Crypto is no more than an equivalent of doors, locks, keys, safes, and >> hiding. >> > > The state can break locks, but it cannot break crypto. > > Hiding *is* effectual against the state -

Re: [cryptography] Digital cash in the news...

;-) On Sat, Jun 11, 2011 at 6:29 PM, Jeffrey Walton wrote: > On Sat, Jun 11, 2011 at 4:13 PM, John Levine wrote: > >>Unlike fiat currencies, algorithms assert limit of total volume. > >>And the mint and transaction infrastructure is decentral, so there's > >>no single point of control. These bo

Re: [cryptography] Preserve us from poorly described/implemented crypto

On Sat, Jun 4, 2011 at 9:46 PM, Stephan Somogyi wrote: > "So what is AES? It's a unique pre-programmed 128-bit encryption key which > is designed to help prevent your keystrokes, which are transmitted > over-the-air, from being intercepted and deciphered." > > I just discovered the preceding at: >

Re: [cryptography] Mobile Devices and Location Information as Entropy?

On 04/02/2011 11:36 PM, Randall Webmail wrote: > First, join the Navy ... Too old...afraid they wouldn't take me. I'd just hang out with an ex-Navy submariner instead. Or I guess in some cases, an ex-Marine might qualify. :) -- Kevin W. Wall "The most likely way for the wor

Re: [cryptography] Mobile Devices and Location Information as Entropy?

e. Hash functions > exist for a purpose. Use them. Of course, if the GPS is tracking the random walk of a drunken sailor, you might be OK in terms of your entropy. (Sounds like an experiment is in order. ;-) -kevin -- Kevin W. Wall "The most likely way for the world to be destroyed, most ex

Re: [cryptography] Mobile Devices and Location Information as Entropy?

might be able to exploit just about anything if your movements are more or less predictable. -kevin -- Kevin W. Wall "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents.&

Re: [cryptography] OTR algos for multi-user chat

On 12/30/2010 12:14 PM, travis+ml-rbcryptogra...@subspacefield.org wrote: > On Tue, Dec 21, 2010 at 07:33:23PM -0500, Kevin W. Wall wrote: >> On 12/21/2010 04:28 PM, travis+ml-rbcryptogra...@subspacefield.org wrote: >> >>> PS: If you know any coders who

Re: [cryptography] OTR algos for multi-user chat

On 12/21/2010 04:28 PM, travis+ml-rbcryptogra...@subspacefield.org wrote: > PS: If you know any coders who are bored, > > http://www.subspacefield.org/~travis/good_ideas.txt Or maybe I should have said, if I respond to those that *HAVE* been done, would you update your list? -kevin -

  1   2   >