old rumor brought to mind by:
...
The UNIX password, a more-formidable challenge, allows users to specify up
to 5,132,188,731,375,620 combinations of letters, numbers or symbols.
"The machine we had access to doesn't quite have enough computing power,"
Kedem acknowledged.
Shabbir,
In the 70's and early 80's, I was part of a team distributing
a modestly massive Fortran program that we wanted people to
use but not commercialize. Our solution then, well before we
all got so smart, was to convert every label, variable, subroutine
name, etc., to a random sequence of
OTOH, a Palm isn't quite a 'secure' OS, either.. Sure, you can at
least see what you are signing, but there is no secure key storage
available. A trojan application could easily steal your credentials
off a PalmPilot. I don't know if this is the case for an iButton.
I think that our history books should have a
small line notation that in the space of four
months, both DES-56 and RSA-512 were shown to
be crackable within the capacity of a single
wealthy individual, much less a national lab.
As these correspond to the limits embodied in
the exportability
... About three-quarters of the
1,329 wiretaps authorized were related to drug cases,
And, FWIW, the score was 1329 approved and 2 rejected,
though the FBI will and does rightly say that if you
want to keep real score you should include the successful
Motions to Suppress (evidence)
McCain replied by stating his problem this way: he's sitting across
the table from the Secretary of Defense, the CJCS, and the other
leaders of the national security community, and they tell him
encryption exports will harm national security. What can he say in
response?
The point is that in Netscape, it is very hard to tell if a given link
is 40 bit or 128 bit. Sure, with enough poking around looking at page
info you could probably figure it out. Or maybe someone knows if the
little padlock means something like the little key used to. But
[Forwarded because no one has brought up this notion in a while. My
problem with it is that most people don't seem to like the 2nd
amendment any more so this can hardly help to popularize the cause. My
feeling is that the 4th and 5th amendments have more potential
protection in them. --Perry]
A working group like this with only two years to go in
an administration worrying about its place in history
must be one of two things, only:
1. we are referring this to committee so that we can say
we did something without having actually to do anything
(what is sometimes rendered in Italian
I will be on stage at a minor league debating forum with Bill Reinsch
on Thursday of this week.
If you had one question you would want asked, what would it be?
Reply directly, please. I'll read it all late Wednesday.
--dan
The Palm's security model is, by most accounts I've seen, non-existant.
The issue is the lack of memory protection, i.e., that there is no
protected space for keying material. Visor is said to use the PalmOS
as is, so that is not a magic wand. Of course, if your OS has no memory
Mention was made recently of a graphical keying method out of
stanford (?) for palm-pilots. Does anyone have a reference or url
for the paper/code involved?
Best paper at USENIX 8th Security Symposium
http://www.usenix.org/publications/library/proceedings/sec99/jermyn.html
For details of how to order, see www.xs4all.nl/~brands/order.txt
What is it about wanting to change the instantaneous electronic world
that generates this sort of time paper hazing ritual?
Yours in irreverent confusion,
Lightning Rod
[a] A 56-bit key of any algorithm, on any modern production machine
is, as far as I can tell, absolutely unconscionable.
[b] .. It would seem to be a relatively simple
matter for Apple to offer strong crypto domestically weak
crypto everywhere else; Netscape and
Always collecting examples of "secret signatures"
that predate all the stuff we do, I offer this for
your amusement/pleasure.
--dan
==
"Marion Dorset," Progressive Farmer, November 1999, p31.
His solution to hog cholera saved
ACLU today launched a new web site www.echelonwatch.org...
I find the phrasing of this site curious...
You're talking about end-product...
It is my strong suspicion that whereas the lead
enjoyed by national agencies in crypto matters
is substantial, such leads as they
... For that matter, what is "export"? Posting something to Usenet?
Putting it up on a Web page or FTP server? The act of downloading it?
Egad, Steve, a highest and best use for spam. I'll buy
those 300,000 e-mail addresses and send them all a copy
of the GPG source, each with
Did this "$100 secure phone" ever come to pass?
I stopped off at http://www.starium.com/ but the page is
unmodified since April last.
Starium-ites, are you out there?
--dan
My daughter was ordering a CD this evening from the site cdnow.com
and I noted that besides the SSL option they also had a PGP option.
Take a look at
http://www.cdnow.com/cgi-bin/mserver/SID=0/pagename=/RP/HELP/order.html#8q
This is new to me.
--dan
Working for Xerox I can assure you that all of our colour machines together
with all our competitors colour machines leave a "trace".
Pointer to how this trace is applied, recorded, accounted for,
and handled when components are swapped out?
--dan
If the picture was taken by an actual camera, the least significant
bits will be random due to the nature of the way CCDs work in the real
world. They might be biased, but it's not very hard to bias a
"random" data stream. You could have the sender look at the bias in
the
I need to know, whether any of you know any other financial-crypto-like
international conferences at the second half of this year. I want to submit
several of my papers, and I can't wait for FC 2001. The conference need not
to be very theorethical or very prestigious, preferably
previously sent to WSJ:
| To the Editor:
|
| As reported, the Chinese government has moved to restrict the use
| of privacy-enhancing technologies and to surveill use of the Internet
| generally. Any country that does that ensures that in the global
| economy the only role they can
I agree with Peter and Arnold; in fact, I am convinced that
as of this date, there are only two areas where national
agencies have a lead over the private/international sector,
namely one-time-pad deployment and traffic analysis. Of those,
I would place a bet that only traffic analysis will
off topic, but
http://search.npr.org/cf/cmn/cmnpd01fm.cfm?PrgDate=03/14/2000PrgID=3
http://search.npr.org/cf/cmn/cmnpd01fm.cfm?PrgDate=03/15/2000PrgID=3
http://search.npr.org/cf/cmn/cmnpd01fm.cfm?PrgDate=03/16/2000PrgID=3
contains a three part series on the NSA and listening posts;
many
Along the same lines as this discussion, http://www.ivta.org
was recently brought to my attention in/on the "cert-talk"
([EMAIL PROTECTED]) mailing list.
I appreciate that pointer (and others like it such as are appearing
here and elsewhere) a great deal, especially in quotation:
Well put, Greg. I do think that a small circle of trusted
friends is a tautology -- if it is not small, it cannot be
trusted. Was it not ever thus?
--dan
How do they exchange public keys? Via email I'll bet.
Note that it is trivial(*) to construct a self-decrypting
archive and mail it in the form of an attachment. The
recipient will merely have to know the passphrase. If
transit confidentiality is your aim and old versions
of documents
I said,
Note that it is trivial(*) to construct a self-decrypting
archive and mail it in the form of an attachment. The
recipient will merely have to know the passphrase. If
transit confidentiality is your aim and old versions
of documents are irrelevant once the ink is
As the US banking system (and especially the bank clearinghouses controlled
by the Federal Reserve system) has gone electronic, all the banks I know of
have stopped bothering to verify the signatures on checks, and similarly
those on credit- and debit-card drafts. Getting them to start
"We're not going to outlaw photography because someone takes dirty
pictures. People use it for good things and bad things - and it's
the same with encryption."
-- Missouri Senator John Ashcroft (Rep.)
make that Attorney General Ashcroft.
The notion that e-mail should be permitted to contain arbitrary
programs that are executed automatically by default on being opened
is so over the top from a security stand point that it is hard to
find language strong enough to condemn it. It goes far beyond the
ordinary risks
This would seem relevant ...
http://dailynews.yahoo.com/h/nm/20010206/ts/voting_systems_dc_1.html
Tuesday February 6 12:23 PM ET Study: Old Voting Systems May Work Best
By Deborah Zabarenko
WASHINGTON (Reuters) - Looking back at Florida's election mess,
scientists say the old ways of casting
33 matches
Mail list logo