ple devices, devices whose identity
is baked into their individual hardware, as is already the case in
mobile telephony.
There is then neither need nor process to assert "My name is Dan"
as Dan's several devices will collectively confirm that this is
Dan, perhaps in consultation wi
http://www.technologyreview.com/view/543896/6-ways-law-enforcement-can-track-terrorists-in-an-encrypted-world/
6 Ways Law Enforcement Can Track Terrorists in an Encrypted World
Nathan Freitas
November 24, 2015
Government officials want us to believe that encryption is helping
terrorists,
amongst losses.
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
it. Sorry for the noise if noise it is.
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
to move on to something productive.
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
nowhere to hide from you.
(The part of your note that I elided was very interesting and I will
read the references you included.)
--dan
(*) http://geer.tinho.net/geer.rsa.28ii14.txt
___
cryptography mailing list
cryptography@randombit.net
http
by the laws of
his tribe. Civilization is the process of setting man free
from men. In any case, I concur with you that it would indeed
be prudent to nail down an answer to your question well before
science allows us to read the mind externally and without reserve.
--dan
-8
Intelligence Agents
Now, the final technical talk at last February's RSA Conference;
see geer.tinho.net/geer.rsa.28ii14.txt .
Still got no Clearance...
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo
[lots of cross posting, as per original]
Stipulating that I'm not in any conceivable sense the last word on
this topic, you might find some of this
Tradeoffs in Cyber Security
Dan Geer, 9 October 13, UNCC
http://geer.tinho.net/geer.uncc.9x13.txt
relevant. If short on reading time, scan
The order of optimality:
1. no cell phone no how
2. cell phone with battery removed
3. disinformation feed
4. faraday cage for otherwise operational phone
Film at 11,
--dan
___
cryptography mailing list
cryptography@randombit.net
http
to have been unwise.
Restated as logic,
If I can trust, then I have effective recourse.
and in contrapositive
If I have no effective recourse, then I cannot trust.
YMMV,
--dan
___
cryptography mailing list
cryptography@randombit.net
http
, one might conclude, group-rating the trustworthiness
of various options should now pause.
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
on XYZ the more one needs XYZ to be open source, along
with the build environment through which it passes.
--dan
[ It is impossible to ascertain at the time of introduction whether
something new will or will not go to scale. ]
___
cryptography mailing
, this is how you look for
Patient Zero.
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
At this point, one can but humbly remember John 8:7,
...He that is without sin among you, let him first cast a stone...
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
for crypto
software apply here, especially that of pointlessness.
--dan
[ Software doesn't spy on people; people spy on people ]
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
After all that discussion of the randomness beacon, it belatedly
occurs to me to ask if anyone has ever applied, even for fun, any
of the various tests for randomness to the transmissions from the
various shortwave numbers stations.
http://en.wikipedia.org/wiki/Numbers_station
--dan
As we're down a rat hole now, perhaps this can be the last word:
We reject: kings, presidents and voting.
We believe in: rough consensus and running code.
-- David Clark
___
cryptography mailing list
cryptography@randombit.net
it. PBKDF2 + current GPU or ASIC farms = game over for passwords.
Before discarding passwords as yesterday's fish, glance at this:
http://www.wired.com/opinion/2013/09/the-unexpected-result-of-fingerprint-authe
ntication-that-you-cant-take-the-fifth
--dan
it is true that closed source is better out of the box on
average, open source has a brisker repair time. Or so it seems to
this observer.
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo
/article/658/encounter
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
and support projects creating these tools around the world. More
information on our program can be found at https://opentechfund.org/about.
If you have any questions, please send them our way by emailing o...@rfa.org.
We look forward to your submission.
--
Dan Meredith
pgp 0x36377134
any example, but I think
the point is clear.) I can't even pay for someone else to review
it, since if they do find a bug, they can sell it for much more
than what I can give them.
Trust but verify is dead.
--dan
___
cryptography mailing list
Jon Callas writes, in part:
-+-
| Let me ask again -- what could an LE or GOV offer that would be
| better than being cool? Being a snitch, being a sell-out isn't cool.
| Lots of people don 't get that. To them, money is more important
| than being cool. And all that
. Though tangential enough to
perhaps be off-topic, I wrote on the same theme last month.
Identity as Privacy
geer.tinho.net/ieee/ieee.sp.geer.1301b.pdf
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman
You've now exported crypto to a restricted country. What happens next?
repl{physicist,
javascripter,
In some sort of crude sense, which no vulgarity, no humor, no
overstatement can quite extinguish, the physicists have known sin; and this is
a knowledge which they cannot lose.
Workshop on Real-World Cryptography
https://crypto.stanford.edu/RealWorldCrypto/program.php
Did anyone in attendance compose a digest, trip report,
praecis, or something of that sort? If so, might you
share?
--dan
___
cryptography mailing list
offtopic to list purpose, but perhaps timely to this thread
http://www.webmonkey.com/2013/01/users-scramble-as-github-search-exposes-passwords-security-details/
--dan
___
cryptography mailing list
cryptography@randombit.net
http
To clarify: I think everyone and everything should be identified by
their public key,...
Would re-analyzing all this in a key-centric model rather than
a name-centric model offer any insight? (key-centric meaning
that the key is the identity and Dan is an attribute of that
key; name
, and not just in the matter of which we are speaking here?
Consider the shrinking proportion of the web that is available to
those who refuse Javascript, just to give a second example.
If irrelevant, please forgive the diversion,
--dan
___
cryptography mailing
you may have already seen this, but
http://www.bbc.co.uk/news/technology-20908546
Cyber thieves pose as Google+ social network
The lapse let cyber thieves trick people into thinking they were
on Google+ Continue reading the main story Related Stories
Cyber-warriors join treasure hunt Insecure
defaulting.
--dan
It is criminal to steal a purse, daring to steal a fortune, a mark of
greatness to steal a crown. The blame diminishes as the guilt increases.
-- Friedrich Schiller
___
cryptography mailing list
cryptography@randombit.net
http
, Sharon Bertsch McGrayne
http://yalepress.yale.edu/book.asp?isbn=9780300169690
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
Since justice did not catch up with him in life, I was honored to
observe his demise and death. My only regret is he did not die sooner.
I have never killed a man, but I have read many obituaries with great
pleasure. -- Clarence Darrow
___
secrecy?
--dan
...those who control the past control the future.
-- George Orwell
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
You may want to read
The End of Money, David Wolman, 240 pp, Da Capo Press, 14 February 2012
insofar as it suggests that turning your smartphone
into a branch bank makes all other forms of money
irrelevant. Perhaps especially digital cash.
--dan
If this conversation on the death penalty gets taken offline,
take me along for the ride but it just doesn't seem germane
to crypto so I'm holding my tongue.
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net
?
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
were not amused.
And here we all are on New Year's Eve.
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
-independent categorization of all
Tweets in real time), thus ending long-term thinking altogether.
A republic, if you can keep it.
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
it in a place where you
could then encapsulate it in a signature-based protection
scheme.
--dan
good reading:
Cormac Herley,
The Plight of the Targeted Attacker in a World of Scale
http://research.microsoft.com/pubs/132068/TargetedAttacker.pdf
Another wrinkle, at least as a logic problem, would be
whether you can revoke the signing cert for a CRL and
what, exactly, would that mean -- particularly if the
last known good date is well astern and hence the
revocation would optimally be retroactive.
--dan, quite possibly in a rat hole
greatest side effect of a personalized
web -- what you see depends on who you are. Like that is
good or something.
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
Whoever said security by obscurity doesn't work? Must have been
on something.
Obscurity works for the offense.
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
,
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
*not* nitpicking...
...as Peter Biddle points out, trust isn't transitive.
as an engineer, I feel compelled to add that security is not
composable, either (joining two secure systems does not necessarily
result in a secure composite)
*not* nitpicking.
--dan
parties that do not already know each other.
Consequent:
The market opportunity is in protecting 1,000,000 x $10 transactions,
not protecting 10 x $1,000,000 transactions.
Complicating Factor:
The fully automated opponent sees those two multiplications as equal.
--dan
to be the absence of unmitigatable surprise
and if you acknowledge the primary design constraint in security
engineering to be no silent failure, then your threat model is
your exposure to that which precludes mitigation due either to its
impact velocity or to its silence.
IMHO,
--dan
CAs please? Extra credit (as in thank
you) for its plausible role in public clouds.
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
this over for some time.
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
50 matches
Mail list logo