At 01:13 PM 7/27/2001, Steven M. Bellovin wrote:
It's certainly not broad enough -- it protects encryption research,
and the definition of encryption in the law is meant to cover just
that, not cryptography. And the good-faith effort to get permission
is really an invitation to harrassment,
At 05:44 PM 9/24/2001, [EMAIL PROTECTED] wrote:
In increasingly many environments, the term perimeter makes little sense.
See, for example, the CCS-2000 paper on Distributed Firewalls by Sotiris
Ioannidis et al. You can get it (among other places) from
At 11:41 AM 10/2/2001, Bill Stewart wrote:
At 07:23 PM 10/02/2001 +0300, Sampo Syreeni wrote:
Or integrate some computing power into those IBM thingies, and use
remotely keyed encryption. Enough power is available through USB so that
you don't have to end up with battery power.
Sounds like
At 11:08 AM 11/1/2001, vertigo wrote:
It appears that a lot
of work has to be done and a lot of money spent before even a small amount of
trust in an individual's proof of identity (on a world- or Internet-wide
scale) can be established.
Hmmm. I'm able to walk into a bank in semi-rural Italy
At 11:44 AM 11/2/2001, vertigo wrote:
The point is, without this cosmic notion of trust, _I_ could walk into a bank
in semi-rurual Turkey and pull hundreds of dollars from YOUR credit card ac-
count.
Of course. But this hasn't prevented people from acquiring and using credit
cards. More to the
Rick Smith at Secure Computing writes:
While I would feel compassion for consumers
who are hurt or inconvenienced by some huge scam that exploited a poor
Microsoft security implementation, such a scenario would be
entertaining to
watch.
At 11:49 AM 11/2/2001, [EMAIL PROTECTED
At 09:00 AM 11/1/2001, Roop Mukherjee wrote:
Can someone offer some criticism of the practice formal verification in
general ?
Okay, I'll grab this hot potato.
There are a few cases where a commercial development organization performs
formal verification, which would seem to indicate that it
At 06:48 PM 11/5/2001, David Jablon wrote:
Yet, strong network-based authentication of people does not require
complex secret information ... if complex means demanding
at least {64, 80, 128} random bits.
With emerging strong password schemes, your average one-in-a-thousand
or one-in-a-million
At 05:21 AM 10/16/2001, Ben Laurie wrote:
Rick Smith at Secure Computing wrote:
Is this a serious security failure in PGP?
No, it's a problem with any programmable computer. If you can install new
programs, you can install changes to existing programs.
That is not true - its a function
The essential problem I've always seen with biometrics (and one that
Dorothy Denning acknowledged in her recent op ed piece without seriously
examining) is the question of whether it's as efficient to deploy and
manage biometrics safely as it is to deploy and manage some keyed
alternative
At 02:46 PM 1/28/2002, [EMAIL PROTECTED] wrote:
The process took about 20-30 minutes;
Have you been fingerprinted before? Did it take that long in that case? In
my own experience, it only takes a few minutes to be fingerprinted on a
standard card and, in theory, they should be able to build a
At 12:20 PM 2/4/2002, Bill Stewart wrote:
A smartcard-only system probably _is_ too limited to generate keys,
but that's the only realistic case I see.
Here are some manufacturer claims for the DataKey 330 smart card: average
of 23 seconds to generate a 1,024-bit RSA key, average of 3 minutes
12 matches
Mail list logo
