Re: Cross logins

2005-08-04 Thread Victor Duchovni
On Wed, Aug 03, 2005 at 03:15:00PM -0700, James A. Donald wrote: -- Is it possible for two web sites to arrange for cross logins? The goal is that if someone is logged into website https://A.com as user127, and then browses to https://B.com/A_com_registrants, he will be

Re: Cross logins

2005-08-04 Thread Rich Salz
Is it possible for two web sites to arrange for cross logins? Check out SAML, esp the browser artifact profile. /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway

Re: [Clips] Escaping Password Purgatory

2005-08-04 Thread Bill Frantz
On 8/3/05, [EMAIL PROTECTED] (R.A. Hettinga) quoted: http://www.forbes.com/2005/08/03/usps-password-casestudy-cx_de_0803password_print.html Forbes Computer Hardware Software Escaping Password Purgatory David M. Ewalt, 08.03.05, 3:00 PM ET ... I think I have passwords for over 47

Re: draft paper: Deploying a New Hash Algorithm

2005-08-04 Thread Alex Alten
Steve, At 05:34 PM 7/29/2005 -0400, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Alex Alten write s: At 08:12 AM 7/25/2005 -0400, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Alex Alten write s: Steve, This also seems to be in conjunction with the potential switch

Re: Cross logins

2005-08-04 Thread Steve Furlong
On 8/3/05, James A. Donald [EMAIL PROTECTED] wrote: -- Is it possible for two web sites to arrange for cross logins? snippety-do-dah Does this question have a practical end in mind? If so, can you simplify matters by running both web sites on the same host? (cc-ing JAD because I never

[Clips] At Online Stores, Sniffing Out Crooks Is a Matter of Survival

2005-08-04 Thread R.A. Hettinga
--- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Thu, 4 Aug 2005 09:33:22 -0400 To: Philodox Clips List [EMAIL PROTECTED] From: R.A. Hettinga [EMAIL PROTECTED] Subject: [Clips] At Online Stores, Sniffing Out Crooks Is a Matter of Survival Reply-To: [EMAIL PROTECTED] Sender:

Re: Cross logins

2005-08-04 Thread Florian Weimer
* James A. Donald: Is it possible for two web sites to arrange for cross logins? SXIP is a relatively open effort in that direction. The rootsite seems to be proprietary, though. - The Cryptography Mailing List Unsubscribe

Re: [Clips] Escaping Password Purgatory

2005-08-04 Thread Ian Grigg
On Thursday 04 August 2005 04:31, Bill Frantz wrote: Try Site Password, http://www.hpl.hp.com/personal/Alan_Karp/site_password/. It takes a good master password, and a site name, and hashes them together to produce a site-specific password. I think PwdHash also does this for browsers

Re: Query about hash function capability

2005-08-04 Thread Victor Duchovni
On Thu, Aug 04, 2005 at 12:55:51PM +1000, Arash Partow wrote: Hi all, My question relates to hash functions in general and not specifically cryptographic hashes. I was wondering if there exists a group of hash function(s) that will return an identical result for sequentially similar yet

RE: Query about hash function capability

2005-08-04 Thread Dean, James
Sort the letters then apply any hash. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Standardization and renewability

2005-08-04 Thread Thierry Moreau
Hagai Bar-El wrote: [...] Up till now I could come up with three approaches to solve this problem: 1. Limit renewability to keying. Then you should study A Note About Trust Anchor Key Distribution, see http://www.connotech.com/takrem.pdf. It allows to distribute public keys to be used,

Re: Query about hash function capability

2005-08-04 Thread Alexander Klimov
On Thu, 4 Aug 2005, Arash Partow wrote: My question relates to hash functions in general and not specifically cryptographic hashes. I was wondering if there exists a group of hash function(s) that will return an identical result for sequentially similar yet rotate/shift wise dissimilar input:

Re: draft paper: Deploying a New Hash Algorithm

2005-08-04 Thread Steve Furlong
[Moderator's note: ... attackers are often cleverer than protocol designers. ... Is that true? Or is it a combination of (a) a hundred attackers for every designer, and (b) vastly disparate rewards: continued employment and maybe some kudos for a designer or implementer, access to

Re: Cross logins

2005-08-04 Thread Peter Saint-Andre
Rich Salz wrote: Is it possible for two web sites to arrange for cross logins? Check out SAML, esp the browser artifact profile. Check out Passel, which lacks the complexity of SAML: http://www.passel.org/ Peter smime.p7s Description: S/MIME Cryptographic Signature

Re: Query about hash function capability

2005-08-04 Thread Ian Clelland
On Aug 3, 2005, at 7:55 PM, Arash Partow wrote: My question relates to hash functions in general and not specifically cryptographic hashes. I was wondering if there exists a group of hash function(s) that will return an identical result for sequentially similar yet rotate/shift wise dissimilar