Re: [Cryptography] Crypto being blamed in the London riots.

2011-08-10 Thread Sampo Syreeni
On 2011-08-09, Nick wrote: However, as was pointed out then, apparently the encryption is to from RIM's servers, not the recipient. So RIM have access to all the 'secret' messages. I expect GCHQ the Met will make sure said systems are patched in to their surveillance programme in no time.

[Cryptography] Today's XKCD is on password strength.

2011-08-10 Thread Perry E. Metzger
Today's XKCD is on password strength. The advice it gives is pretty good in principle... http://xkcd.com/936/ -- Perry E. Metzgerpe...@piermont.com ___ The cryptography mailing list cryptography@metzdowd.com

Re: [Cryptography] Today's XKCD is on password strength.

2011-08-10 Thread Steve Furlong
On Wed, Aug 10, 2011 at 10:12 AM, Perry E. Metzger pe...@piermont.com wrote: Today's XKCD is on password strength. The advice it gives is pretty good in principle... http://xkcd.com/936/ For a single password on a system with flexible rules, it's good advice. Real world, with a dozen

[Cryptography] Vulnerabilities (in theory and in practice) in P25 two-way radios

2011-08-10 Thread Matt Blaze
Our (Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu and me) Usenix Security paper on vulnerabilities in the P25 two-way radio system (used by public safety agencies in the US and elsewhere) is out today. See http://www.crypto.com/papers/p25sec.pdf for the paper

Re: [Cryptography] Crypto being blamed in the London riots.

2011-08-10 Thread Perry E. Metzger
On Wed, 10 Aug 2011 11:53:11 -0400 Ken Buchanan ken.bucha...@gmail.com wrote: On Tue, Aug 9, 2011 at 8:02 PM, Sampo Syreeni de...@iki.fi wrote: Thus, why not turn the Trusted Computing idea on its head? Simply make P2P public key cryptography available to your customers, and then bind your

Re: [Cryptography] Crypto being blamed in the London riots.

2011-08-10 Thread Perry E. Metzger
On Wed, 10 Aug 2011 11:59:53 -0400 John Ioannidis j...@tla.org wrote: On Tue, Aug 9, 2011 at 8:02 PM, Sampo Syreeni de...@iki.fi wrote: Thus, why not turn the Trusted Computing idea on its head? Simply make P2P public key cryptography available to your customers, and then bind your hands

Re: [Cryptography] Today's XKCD is on password strength.

2011-08-10 Thread Adam Fields
On Aug 10, 2011, at 10:12 AM, Perry E. Metzger wrote: Today's XKCD is on password strength. The advice it gives is pretty good in principle... http://xkcd.com/936/ You still need a password manager to remember which of the dozens of easily-remembered passwords you used, so you might as

Re: [Cryptography] Crypto being blamed in the London riots.

2011-08-10 Thread Steven Bellovin
On Aug 10, 2011, at 12:19 53PM, Perry E. Metzger wrote: On Wed, 10 Aug 2011 11:59:53 -0400 John Ioannidis j...@tla.org wrote: On Tue, Aug 9, 2011 at 8:02 PM, Sampo Syreeni de...@iki.fi wrote: Thus, why not turn the Trusted Computing idea on its head? Simply make P2P public key cryptography

Re: [Cryptography] Today's XKCD is on password strength.

2011-08-10 Thread Tim Dierks
On Wed, Aug 10, 2011 at 10:12 AM, Perry E. Metzger pe...@piermont.comwrote: Today's XKCD is on password strength. The advice it gives is pretty good in principle... http://xkcd.com/936/ FWIW, http://tim.dierks.org/2007/03/secure-in-browser-javascript-password.html - Tim

Re: [Cryptography] Today's XKCD is on password strength.

2011-08-10 Thread Chad Perrin
On Wed, Aug 10, 2011 at 07:12:07AM -0700, Perry E. Metzger wrote: Today's XKCD is on password strength. The advice it gives is pretty good in principle... . . . unless the person trying to crack the password treats the password as a passphrase like the user does, and uses combinations of common

[Cryptography] ADMIN: sending from a second account to the list

2011-08-10 Thread Perry E. Metzger
Several people have complained to me that they get their email for the list sent from a different address than the one they send from and that their mail has bounced as a result. To take care of this, on your own, just add a second account using the web interface and click the no mail option. You