Amir Herzberg wrote:
Excellent point. From which follows the question: can we improve the
security of password-based web login, with less drastic changes - at
least in the servers? Or is TLS-PSK the best/only way for us to improve
pw-based web login?
I think we can. For simplicity and
In message [EMAIL PROTECTED], Amir Herzberg writes:
Amazon have this lovely service: if you tell if you forgot your pw, they
send you to:
https://www.amazon.com/exec/obidos/self-service-forgot-password-get-email-done
/104-2901457-0883904
where they ask you to confirm your identity... using 5
From: rbg9000 [EMAIL PROTECTED]
Sent: Sep 8, 2005 3:01 PM
To: cryptography@metzdowd.com
Subject: multiple keys to 1
Sorry, I really don't know much about encryption, and my
google searches haven't turned up much. I wondering if it's
possible to reduce a set of symmetric keys (aes, twofish,
http://www1.ietf.org/proceedings_new/04nov/slides/saag-2/sld9.htm:
What is Really Covered
o The use of elliptic curves defined over GF(p) where p is a prime
number greater than 2^255 when the product satisfies the Field of
Use conditions
o Both compressed and
Date: Wed, 14 Sep 2005 18:30:22 -0400 (EDT)
From: Dan Rubenstein [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
The Department of Electrical Engineering at Columbia University invites you
to attend
THE ARMSTRONG MEMORIAL LECTURE
Monday, September 19 - 3:00pm
Davis Auditorium (Schapiro/Host)
Host:
At 12:29 PM -0400 9/14/05, Steven M. Bellovin wrote:
TODAY * TODAY * TODAY * WEDNESDAY, Sept. 14 2005
So, I saw this here at Farquhar Street at 14:55EST, jumped in the shower,
thus missing the train 13:20 train at Rozzy Square :-), instead took the
bus, and then the T, and got to MIT's New
Interesting new paper:
http://www.cs.berkeley.edu/~tygar/papers/Keyboard_Acoustic_Emanations_Revisited/preprint.pdf
We examine the problem of keyboard acoustic emanations. We
present a novel attack taking as input a 10-minute sound recording
of a user typing English text using a
there is somewhat an anciallary philosphical issue. most of the current
password-based systems have been oriented towards a static environment
... contributing to a mindset that addresses authentication technology
as a static issue.
The PKI paradigm even goes further with contributing to a
Some clarification of the proposal:
Initialization:
===
client has dedicated pw(server) to each server (today's situation).
Client is supposed to be able to identify server based on the server's
certificate etc., e.g. using TrustBar over regular browser.
Client also installs the
Victor Duchovni wrote:
Joint works with [...]
Is it politically correct to not cite DJB in this context [...]
The phrase joint work with XXX means that this was a collaboration
between XXX and the speaker. If DJB wasn't part of the collaboration,
then of course he wouldn't be on that list.
James A. Donald wrote:
--
Whyte, William:
It hints that only some particular curves have been
licensed. It could be that NSA has decided not to buy
a license for the other curves, or it could be that
operations on those curves aren't patented. The
presentation doesn't give enough
In message [EMAIL PROTECTED], James A. Donald writes:
--
Whyte, William:
It hints that only some particular curves have been
licensed. It could be that NSA has decided not to buy
a license for the other curves, or it could be that
operations on those curves aren't patented. The
If the NSA paid anything significant for any of the
curves, we would be told.
You were better off not responding; you have lost your credibility on
this topic.
Given
the NSA's history of secrecy; and
the fact that it's common practice to not disclose
(financial) terms
At 09:54 2005-09-15 -0700, James A. Donald wrote:
I doubt that the NSA paid any money whatsoever for this
license, making it profoundly unimpressive as evidence
that *any* curves have a plausible valid patent. If the
NSA paid real money, the patent holders would be
sticking it in our face as a
They paid $25MM.
William
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of James A. Donald
Sent: Thursday, September 15, 2005 12:54 PM
To: cryptography@metzdowd.com
Subject: RE: ECC patents?
--
Whyte, William:
It hints that only some
$25MM figure:
http://lists.jammed.com/ISN/2003/10/0097.html
More details about what's covered:
http://www.nsa.gov/ia/industry/crypto_elliptic_curve.cfm
http://www.nsa.gov/ia/industry/crypto_suite_b.cfm
William
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
16 matches
Mail list logo