Re: New toy: SSLbar

2003-06-25 Thread Andy Isaacson
On Wed, Jun 25, 2003 at 12:02:39PM +0100, Pete Chown wrote: On the other hand, once a back door is installed in binary-only software, it is much less likely to be found. The Interbase back door was only found when the source was opened. I doubt the truth of this statement. Certainly, the

Re: [Mac_crypto] Apple should use SHA! (or stronger) to authenticate software releases

2004-04-14 Thread Andy Isaacson
On Mon, Apr 12, 2004 at 06:00:26PM -0700, Joseph Ashwood wrote: From: Nicko van Someren [EMAIL PROTECTED] It's not clear to me that you need all this complexity. All you need if to arrange that the attacker does not know exactly what will be signed until it has been signed. So you

SHA-1 broken, says Schneier

2005-02-16 Thread Andy Isaacson
From Bruce Schneier's weblog: http://www.schneier.com/blog/archives/2005/02/sha1_broken.html # SHA-1 has been broken. Not a reduced-round version. Not a simplified # version. The real thing. # # The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly # from Shandong University