Re: [cryptography] fonts and viruses

Duqu exploited a vulnerability in the Windows TrueType font parser to gain kernel privs. !2013. Also some similar instances IIRC ~2011. W On Tue, Dec 15, 2015 at 7:23 AM Givon Zirkind wrote: > i've been researching this subject with little results. is it possible > to some

Re: [cryptography] Unbreakable crypto?

https://www.schneier.com/crypto-gram/archives/1999/0215.html Warning Sign #6: One-time pads. http://en.wikipedia.org/wiki/Snake_oil_%28cryptography%29 etc etc etc. On Thu, Mar 19, 2015 at 2:33 PM, Kevin kevinsisco61...@gmail.com wrote: This software uses the one-time pad. Have any of you

Re: [cryptography] QODE(quick offline data encryption)

On Wed, Jan 7, 2015 at 3:09 PM, Kevin kevinsisco61...@gmail.com wrote: On 1/7/2015 2:40 PM, Jeffrey Goldberg wrote: On 2015-01-07, at 12:26 PM, Kevin kevinsisco61...@gmail.com wrote: Any company could review it and decide if it's worth using or not. Hi Kevin. Actually that’s a part of

Re: [cryptography] The Wandering Music Band

On Wed, Jan 7, 2015 at 10:40 AM, realcr rea...@gmail.com wrote: Hi, I am looking for some crypto primitive to solve a problem I have. Assume that I meet a group of people. call it S. I get to talk to them a bit, and then they are gone. This group of people walk together in the world.

Re: [cryptography] QODE(quick offline data encryption)

On Tue, Jan 6, 2015 at 4:12 PM, Kevin kevinsisco61...@gmail.com wrote: I figured I'd start building my own open source encryption algorithm: ... 'cos that can only end well? https://github.com/kjsisco/qode The entire contents of which is: --- qode An encryption algorithm

Re: [cryptography] Misuses/abuses of Sony's compromised root certificate?

Well, yes and no https://securelist.com/blog/security-policies/68073/destover-malware-now-digitally-signed-by-sony-certificates/ This particular incident may have been a joke, but there are rumors (on closed lists) of it being seen in the wild... W On Wed, Dec 17, 2014 at 3:41 PM, Jeffrey

Re: [cryptography] Improving the state of end-to-end crypto

On Sun, Apr 27, 2014 at 7:45 PM, Arshad Noor arshad.n...@strongauth.com wrote: On 04/27/2014 10:33 AM, Ben Laurie wrote: http://www.links.org/files/SimplySecure.pdf Ben, As noble as the goals are of this initiative, the solution is likely to be accepted only in UK and the USA - only

Re: [cryptography] NIST Randomness Beacon

On Nov 10, 2013, at 3:15 AM, andrew cooke and...@acooke.org wrote: the idea of a service that provides data unknown before a certain date (like a photo of a recent newspaper) was suggested here - http://rachelbythebay.com/w/2012/08/29/info/ Ok, so the take a photo of the victim with

Re: [cryptography] [Cryptography] RSA equivalent key length/strength

On Sep 20, 2013, at 1:34 PM, Ben Laurie b...@links.org wrote: On 18 September 2013 22:23, Lucky Green shamr...@cypherpunks.to wrote: According to published reports that I saw, NSA/DoD pays $250M (per year?) to backdoor cryptographic implementations. I have knowledge of only one such

Re: [cryptography] Reply to Zooko (in Markdown)

On Aug 23, 2013, at 12:19 PM, Nicolas Rachinsky crypto-ran...@ml.turing-complete.org wrote: * Zooko Wilcox-OHearn zo...@leastauthority.com [2013-08-23 15:21 +]: But before we get into the nuts and bolts of how to facilitate verification of end-to-end security, I want to hammer on the

Re: [cryptography] Agreement.

On Jan 25, 2013, at 11:32 PM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: John Levine jo...@iecc.com writes: I'd like a list where people ensured that the subject lines of their messages described what the message was about, so I can easily skip the ones that aren't of interest. Then I

Re: [cryptography] phishing/password end-game (Re: Why anon-DH ...)

On Jan 18, 2013, at 11:14 AM, ianG i...@iang.org wrote: On 17/01/13 05:21 AM, d...@geer.org wrote: To clarify: I think everyone and everything should be identified by their public key,... Would re-analyzing all this in a key-centric model rather than a name-centric model offer any

Re: [cryptography] phishing/password end-game (Re: Why anon-DH ...)

On Jan 18, 2013, at 2:04 PM, Jeffrey Walton noloa...@gmail.com wrote: On Fri, Jan 18, 2013 at 12:29 PM, Warren Kumari war...@kumari.net wrote: On Jan 18, 2013, at 11:14 AM, ianG i...@iang.org wrote: On 17/01/13 05:21 AM, d...@geer.org wrote: To clarify: I think everyone and everything

Re: [cryptography] phishing/password end-game (Re: Why anon-DH ...)

On Jan 18, 2013, at 5:14 PM, d...@geer.org wrote: As to secure storage, ya'll might find cleversafe.com interesting. Yup. There is also Tahoe-LAFS ( https://tahoe-lafs.org/trac/tahoe-lafs ), the Least-Authority File System Tahoe-LAFS is a Free and Open cloud storage system. It distributes

Re: [cryptography] Let's go back to the beginning on this

On Sep 13, 2011, at 7:14 PM, Ralph Holz wrote: Hi, HTTPS Everywhere makes users encounter this situation more than they otherwise might. A week or three ago, I got cert warnings - from gmail's page. (Yes, I'm using HTTPS Everywhere). When _that_ happens, please tell Google and EFF.