Eric Rescola [ER] replied to Eugene Leitl [EL]:
...
> > EL:
> > Personally, I no longer trust RSA for long term security.
> >
> > This is public-key crypto, not symmetric, so a break of your RSA key
> > means that all your encrypted traffic becomes readable rather than
> > just one message. E.g.
http://www.law.nyu.edu/ili/events.html
Conversation: Siva Vaidhyanathan -- Life in a Distributed Age
Wednesday, February 6, 2002
5:30 PM
room: 210
Vanderbilt Hall
40 Washington Square South
New York, NY 10012
The Information Law Institute presents a lecture by Siva Vaidhyanathan,
author of "Co
> [EMAIL PROTECTED][SMTP:[EMAIL PROTECTED]]
>
>
> "Trei, Peter" <[EMAIL PROTECTED]> writes:
>
> >One other scheme I've seen, and which, while it doesn't give me warm
> fuzzies,
> >seems reasonable, is to issue the the enduser a smartcard with a keypair
> on
> >it. The SC generates the pair onbo
"Trei, Peter" <[EMAIL PROTECTED]> writes:
>One other scheme I've seen, and which, while it doesn't give me warm fuzzies,
>seems reasonable, is to issue the the enduser a smartcard with a keypair on
>it. The SC generates the pair onboard, and exports only the public half. The
>private half never l
Greg Rose <[EMAIL PROTECTED]> writes:
>The scariest thing, though... at first I put in an unkeyed RC4 generator for
>the self-test data, but accidentally ran the FIPS test on a straight counter
>output... and it passed (even version 1)! I'd always assumed that something in
>the regularity of a co
Jaap-Henk Hoepman <[EMAIL PROTECTED]> writes:
>It's worse: it's even accepted practice among certain security specialists.
>One of them involved in the development of a CA service once told me that they
>intended the CA to generate the key pair. After regaining consciousness I
>asked him why he t
On Tue, Feb 05, 2002 at 06:18:35PM -0500, Ryan McBride wrote:
> Having the manufacturer provide the random data changes the burden of
> proof drastically - there is no way for to _prove_ that they did not
> retain a copy of the random data, while it can be proved that they did
> not try to cheat s
At 02:45 PM 2/4/2002 +0100, Jaap-Henk Hoepman wrote:
>
>It's worse: it's even accepted practice among certain security
>specialists. One of them involved in the development of a CA service
>once told me that they intended the CA to generate the key pair.
>After regaining consciousness I asked him
> In the article they repeat the recommendation that you never
> use/register the same shared-secret in different domains ... for
> every environment you are involved with ... you have to choose a
> different shared-secret. One of the issues of biometrics as a
> "shared-secret pass
CodeCon's schedule has now been announced, see
http://codecon.org/schedule.html
Registration is $50 online before Feb. 7th. A $15 late fee will be charged
at the door. CodeCon will be held Feb 15-17, Noon-5pm at DNA Lounge in San
Francisco.
There will be a PGP key signing which requires some adv
|At 07:59 PM 1/26/2002 -0500, Scott Guthery wrote:
|>(A test GSM authentication algorithm, COMP128, was attacked
|>but it is not used in any large GSM networks. And it
|>was the algorithm not the SIM that was attacked.)
|
|and at "Sun, 27 Jan 2002 13:56:13 EST." Greg Rose
On Wed, Feb 06, 2002 at 10:06:46AM +1100, Greg Rose wrote:
> At this point I am detecting a pattern... So, I'm afraid it isn't true that
> it will pick up even these simple linear sequences. (An LFSR of length 12
> only generates 4095 bits, repeated about 5 times!) I find this less
> surprising
12 matches
Mail list logo