Re: Maybe It's Snake Oil All the Way Down

2003-06-08 Thread Jaap-Henk Hoepman
I thought the 3G (UMTS) cellphones at least were going to use reasonably good crypto; don't know about the overall security architecture though. Jaap-Henk On Fri, 06 Jun 2003 14:30:04 -0400 Ian Grigg [EMAIL PROTECTED] writes: John Kelsey wrote: So, what can I do about it, as an individual?

Re: Nullsoft's WASTE communication system

2003-06-08 Thread Werner Koch
On Thu, 5 Jun 2003 19:52:28 -0700, Kevin Elliott said: Out of curiosity, how does the performance of AES compare to Blowfish (seeing as how performance would be the obvious advantage of Blowfish Encrypt/decrypt time for Libgcrypt: Algo ECB CBC CFB CTR

Re: An attack on paypal

2003-06-08 Thread Tim Dierks
At 02:55 PM 6/8/2003, James A. Donald wrote: Attached is a spam mail that constitutes an attack on paypal similar in effect and method to man in the middle. The bottom line is that https just is not working. Its broken. The fact that people keep using shared secrets is a symptom of https not

About AIM Personal Certificates

2003-06-08 Thread R. A. Hettinga Encrypted Instant Messaging AIM users can now send and receive messages, participate in chats and send files using industry-standard digital encryption using AIM (version 5.2.3211 or higher, Windows operating systems). Messages sent

Re: An attack on paypal

2003-06-08 Thread Anne Lynn Wheeler
At 11:43 PM 6/8/2003 +0100, Dave Howe wrote: HTTPS works just fine. The problem is - people are broken. At the very least, verisign should say ok so '..go1d..' is a valid server address, but doesn't it look suspiously similar to this '' site over here? for https://pseudo-gold-site/ - but

Re: An attack on paypal

2003-06-08 Thread Dave Howe
in a world where there are repeated human mistakes/failures at some point it is recognized that people aren't perfect and the design is changed to accommodate peoples foibles. in some respects that is what helmets, seat belts, and air bags have been about. The problem is here, we are