Re: Decimal encryption

2008-08-29 Thread Peter Gutmann
Eric Rescorla <[EMAIL PROTECTED]> writes: >There's noting inherently wrong with this mechanism, but like all stream >ciphers, it can't be used if you want to encrypt multiple independent values, >e.g., credit cards in a database--without a randomizer (which implies >expansion) you have the usual t

Re: privacy in public places

2008-08-29 Thread Peter Gutmann
"Perry E. Metzger" <[EMAIL PROTECTED]> writes: >Unfortunately, I don't see anything technological that people can reasonably >do here to provide more privacy, Painting the camera lenses with laser pointers is quite effective, at least as a short-term civil-disobedience measure. Since there's no

Re: privacy in public places

2008-08-29 Thread Perry E. Metzger
[EMAIL PROTECTED] (Peter Gutmann) writes: > "Perry E. Metzger" <[EMAIL PROTECTED]> writes: > >>Unfortunately, I don't see anything technological that people can reasonably >>do here to provide more privacy, > > Painting the camera lenses with laser pointers is quite effective, at least as > a sho

Re: privacy in public places

2008-08-29 Thread "Hal Finney"
It is hard to argue with Perry's point that privacy in public is an endangered species at best. Suggesting that one confine one's illegal actions to the virtual world is not a particularly appealing response. Robin Hanson considered the problem in this article from back in the 1990s, a response to

Generating AES key by hashing login password?

2008-08-29 Thread Muffys Wump
Hello, We're two Students and we're developing an online password manager like Clipperz or PassPack. In order to securely authenticate an user he has to submit his login password. But to encrypt his data (mainly credentials for other websites) with AES he would have to submit another password fo

Re: privacy in public places

2008-08-29 Thread Sherri Davidoff
Perry E. Metzger wrote: > There has been a lot of talk on the list recently about the privacy > issues associated with various toll and fare collecting systems, but For folks that haven't seen it, next month's Scientific American is about "The Future of Privacy": http://www.sciam.com/article.cfm?

Re: Generating AES key by hashing login password?

2008-08-29 Thread Daniel Carosone
On Fri, Aug 29, 2008 at 09:01:26PM +, Muffys Wump wrote: > Master Password: hash(hash(login_password)) > > Would this be a good idea if we've used this generated hash as a key for AES? > Would the hashing be secure enough against different kinds of attacks? You want to look at something like