> On 7 Jul 2017, at 22:52, Jaromil <jaro...@dyne.org> wrote:
>
> On Tue, 04 Jul 2017, Lodewijk andré de la porte wrote:
>
>> this is a good answer, in particular your declaration that you
>> "haven't bought or sold any ZEC". I believe you should
>
> I'd agree that "forums" are a poor choice.
> They're magnets for masses of the clueless,
> which is fine for that purpose.
They are easy to use, rather than archaic and unappealing. Not sure what
kind of argument this is, anyway.
> And they're heavyweight, captive, and exploitable.
>
My
No. Every request has a header with the cookies in it.
Again: /every request contains the cookie/
This is also a reason for placing static content on a seperate server; it
saves bandwidth by not sending the cookie in the request.
___
cryptography
Just to check if I'm getting this correctly: There's an immense amount of
sigint data that's (being) leaked into public infrastructure - and
wilf...@vt.edu is telling us about it?
Can we access this data **? How is Wilfred knowing of this, and allowed to
speak of it? Why not speak of the
Thanks for the responses everyone!
Reg. making a CSPRNG in JS: I don't have experience and wouldn't trust it.
Using someone else's is even worse, I find other's often do things even
worse (somehow). And seeding it would sort of have moved the problem rather
than solving it. A PRNG shouldn't be
Come to think of it, is there or why isn't there a block-cipher mode that
chains using a hashing algorithm?
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
2014-07-11 12:38 GMT+02:00 L. M. Goodman lmgood...@hushmail.com:
B)
As I've mentioned before, I think the gap can be bridged by using social
networks to form consensus... but it's tricky. I've been playing with some
datasets from G+ and Facebook (snap.standford.edu) but they were too
Hey everyone,
If I XOR probably random data with good enough random data, does that
result in at least good enough random data?
I'm working on some Javascript client side crypto. There's a cryptographic
quality random generator present in modern browsers, but not in older ones.
I also don't
http://matasano.com/articles/javascript-cryptography/
Is surprisingly often passed around as if it is the end-all to the idea of
client side JS crypto.
TL;DR: It's a fantastic load of horse crap, mixed in with some extremely
generalized cryptography issues that most people never thought about
http://hyperledger.com/
With this nifty little tool one can manage pools that validate
transactions. So instead of a consortium of anonymous miners motivated
exclusively by profit you can trust a consortium selected according to a
predefined procedure.
Then if you trust the procedure, you can
2014-06-20 21:46 GMT+02:00 Greg Zaverucha gr...@microsoft.com:
Hi Lodewijk
Here are some relevant references.
Thanks!
A cryptanalytic time-memory trade-off.
ME Hellman - IEEE Transactions on Information Theory, , 1980
http://www.cs.miami.edu/home/burt/learning/Csc609.122/doc/36.pdf
With common algorithms, how much would a LOT of storage help? I know this
one organization that seems to be building an omnious observation storage
facility, even though omnious observation has very mixed effectiveness
(read: not really worth it), and I'm wondering; is the NSA planning on
using it
2013/9/30 Florian Weimer f...@deneb.enyo.de
3. Message integrity does not matter.
4. The security proof assumes there is only one message, ever.
3 and your paper about VOIP regard traffic analysis. I'm not sure what else
3 refers to. Certainly a known plaintext attack would negate that part
2013/9/22 Tony Arcieri basc...@gmail.com
Furthermore, 3DES continues to remain a viable cipher.
I, personally, find that a most commendable and remarkable fact. To use DES
with longer keying (and more rounds) is, to this very day, a solid choice.
It makes one wonder why the longer keys weren't
1) We advise mining the block in which you collect your bounty yourself;
scriptSigs satisfying the above scriptPubKeys do not cryptographically
sign
the transaction's outputs. If the bounty value is sufficiently large
other miners may find it profitable to reorganize the chain to kill
2013/9/10 David D da...@7tele.com
Quote, You've got to think (NSA claims to be the biggest employer of
mathematicians) that seeing the illegal activities the US has been getting
up to with the fruits of their labour that they may have a mathematician
retention or motivation problem on their
2013/9/6 ianG i...@iang.org
Hmmm, curious. I haven't seen that. I would also suspect it breaks a lot
of CPSs and user agreements. But no matter, they're all broken anyway.
A 'user agreement' is an agreement between a company and a 'user'. All
claims in it shall hold valid unless law
Assume all mayor cryptotools are exploited. Sad but true. Any other reason
people complain OpenSSL is written in tongues (so to speak)? Hiding
exploits is easier in a mess.
That said the people in the IETS might be ignorant to the fact that TLS is
likely backdoor'ed. The thing with this problem
2013/7/31 grarpamp grarp...@gmail.com
And so where does Cisco and Juniper gear come from again... ?
Let's not argue about whether Taiwan is China or The People's Republic of
China is China ;)
They do use foxxcon, but it's not clear whatfor. I can imagine they use
foxconn for non-sensitive
2013/7/19 Mahrud S dinovi...@gmail.com
Isn't the thermal noise a good enough entropy source? I mean, it's a $25
computer, you can't expect much of it.
See, sir, you shouldn't wonder why all your data isn't actually encrypted.
You shouldn't think it's weird that nothing is secure on your pc.
2013/6/26 Taral tar...@gmail.com
Truncated sha512 is odd but not wrong, although it seems odd to
use both sha256 and truncated sha512 in the same application. I'm
going to assume it's for extensibility in case they decide to go to a
512-bit curve.
512 is a lot heavier. The truncation makes
2013/3/25 James A. Donald jam...@echeque.com
You don't have cryptopolitics unless the government is trying to ban
stuff. Current bans focus on bitcoins and file sharing.
To politics there is more than the destructive side.
___
cryptography mailing
I'd like to try and read it, but how do I get it? I have access to two
universities worth of subscriptions so I presume it truly is a matter of
Where is it?!.
2012/9/29 d...@geer.org
I was asked to read this
Fundamentals of a classical chaos-based cryptosystem with some quantum
cryptography
So to be short: no, there cannot.
The absence of new information cannot cause the information needed for
decryption to become known. Unless you find some way to reverse that or use
a hybrid crypto and non-crypto solution a DMS cannot happen.
Anyone disagree?
Note that a Bitcoin-like/distributed
But as SHA-2 is still a pure Merkle–Damgård construction it deviates
from an ideal pseudorandom function or random oracle in a couple of
ways.
Firstly, and most significantly, it is subject to length extension
attacks. This means that given a hash value of some secret message,
we can
1. No offline transactions, which makes Bitcoin useless for
a large class of transactions.
On Mon, 27 Feb 2012, James A. Donald wrote:
Smartphones.
The implicit assumptions here, namely that
* everyone who wants to make financial transactions carries a smartphone
* smartphones never
2012/1/3 Jonathan Katz jk...@cs.umd.edu
On Mon, 2 Jan 2012, lodewijk andré de la porte wrote:
The reason for regular change is very good. It's that the low-intensity
brute forcing of a password requires a certain stretch of time. Put the
change interval low enough and you're safer from them
Would a security system that does not model a human attacker really
qualify as a security system?
If it's man-controlled it certainly does, like a ballistic missile blocking
device is also security/safety.
In real life security is also an analog kind of thing. Something becomes
more secure.
I'd like to add to this conversation, as a side note, that a new type of
security has (fairly) recently emerged: legal security. It's illegal to
break in, so we don't need security. Quite common in convenience stores,
people's homes and now, the Internet. Some will find that this sort of
security
The reason for regular change is very good. It's that the low-intensity
brute forcing of a password requires a certain stretch of time. Put the
change interval low enough and you're safer from them.
We've had someone talk on-list about a significant amount of failed remote
ssh login attempts.
My neighborhood Wal*Mart has pretty much eliminated cashiers in favor of
self-checkouts.
Anyone so inclined could walk in, load up a cart, walk up to a
self-checkout, check maybe half the items in the cart, pay for them and
leave, with no one the wiser until the physical inventory didn't
I figured it'd be effective to create a security awareness group figuring
the most prominent (and only effective) way to show people security is a
priority is by placing a simple marking, something like this site isn't
safe! and contacting the owners with what the exploit is. That'd also
provide
I'm afraid signing software is multiple levels of bullocks. Imagine a user
just clicking yes when something states Unsigned software, do you really
want to install?. Imagine someone working at either a software or a
signing company. Imagine someone owning a little bitty software company
that's
signing stuff, I'm just saying I don't think it ever
helped me.
Op 8 december 2011 02:54 schreef Marsh Ray ma...@extendedsubset.com het
volgende:
On 12/07/2011 07:01 PM, lodewijk andré de la porte wrote:
I figured it'd be effective to create a security awareness group
figuring the most
Personally, I think it's hilarious the Extraterrestial Intelligence
parts, about how would other races try to contact us haven't changed AT
ALL since then and this actually had some orgininal ideas. Like the
controlled neutron bursts for communication, that's actually extra
usefull because they
Or pluk any old PC/laptop/notebook you have lying around and make it
talk over IP. Phones consume less energy though, nice idea. It's
arguably more secure than a CPU but I doubt it'd make a noticeable
difference (since the rest of the hardware needs to be secure also).
2011/10/28 Morlock Elloi
What I read in the history books (on
wikipediahttp://en.wikipedia.org/wiki/Federal_Reserve_System#Creation_of_Third_Central_Bank)
is
he main motivation for the third central banking system came from the Panic
of 1907 http://en.wikipedia.org/wiki/Panic_of_1907, which caused renewed
demands for
de la porte wrote:
The gold standard was fine as far as I know, as long as the gold flow was
steady.
And when the gold flow was not steady, inflation and deflation was
generally less than 1% a year.
I conjecture that the expectation that value of the currency would remain
stable
For a shipped product the ~5 minutes to a few hours delay isn't going to
matter much, since the product has to go through shipping first. Kinda like
buying an express shipment when you're not at home for the coming few weeks.
-Lewis
2011/7/22 Daniel Carosone d...@geek.com.au
On Thu, Jul 21,
There's currently a limited amount of transactions per block, this limit can
be changed. There's certain stuff in place to give bigger transactions,
older transactions and transactions with higher fee's precedence. That
should kill the possibility to truly DoS the network, although it's possible
This would revive many of the things people have aspired to kill with
bitcoins. Among others the creation of money (I can borrow and store
more money than I have). It would also mean moving the scalability problem
to a centralized system, a trusted party.
In other words: wouldn't having money
.)
Lewis
2011/7/8 Nico Williams n...@cryptonector.com
2011/7/7 lodewijk andré de la porte lodewijka...@gmail.com:
I honestly don't see how. A transaction has an orgin, which is verified
to
have the coins, and a destination, which is a public key that must have a
private key. AFAIK every public
-You could perform a (very simple) software hash or something of the kind to
make the data sent to the HW accelerated thingy (performing difficult
operations) useless, that's less effective but it should work. Note that
this is in fact a new protocol and the applications are different.
-A better
I get back from vacation and suddenly my inbox is filled with
misconceptions.
While this is supossed to be a fairly technical mailinglist (about
cryptography) it seems clear many people haven't quite understood bitcoins'
workings.
Let me break it down:
* With a private/public key combination you
Usage of the word rolling is also trademarked and limited.
You forgot about wheels that do not roll. Can't use that either.
You may have found some people using wheels for rolling. They should be
frowned upon, given extra-intimate pat-downs, blackmailed, arrested anyway,
made fun of before
Rot13 (or any other number) and many other pre-digital era message
encription methods. What is for you the advantage of this kind of
encription?
2011/5/10 Paul Crowley p...@ciphergoth.org:
Most standards that include encryption are to do with transport-level
encryption (SSL, SSH, IPSec/IKE, WPA
46 matches
Mail list logo