So what happened to passphrase guessing? That's got to be
one of the weakest links. Unless their private key wasn't
stored on the device?
--Anton
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography
- Original Message -
From: "Jaap-Henk Hoepman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, June 20, 2003 5:02 AM
Subject: Security of DH key exchange
>
> In practice the following method of exchanging keys using DH is used, to
ensure
> bit security of the resulting session
I'm not certain I understand your questions, but here are some answers (I
think).
In the DH protocol you have what we call public parameters, p and g.
p is a large prime integer, which defines a group Z*p, g is a generator
which
defines a subgroup in Z*p.
You can use fix values for p an g.
Now, par
- Original Message -
From: "Whyte, William" <[EMAIL PROTECTED]>
[...]
> But you don't have to contact the CA to get someone's certificate.
> A standard way is to send them an email saying "can you send me
> a signed message?"
Yes, that works. When I want someone to send me confidential
> Integrity: Financial protocols that use crypto
> (as opposed to ones abused by crypto) generally
> include signed messages. The signature provides
> for its own integrity, as well as a few other
> things.
I don't believe that is enough. Take for example
the SSL 2.0 ciphersuite rollback vulner
> Does anyone have any idea where I might learn about this algorithm - or
> indeed any algorithm which does the job.
Just as Perry mentioned, look into Shamir Secret Sharing.
There are also implementations of this, see for example
http://www.astro.gla.ac.uk/users/norman/distrib/tontine.html
(I'm
> "Software Generation of Practically Strong Random Numbers" by Peter
> Gutmann
>
> http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix98.pdf
>
> and the followup:
>
> http://www.cypherpunks.to/~peter/06_random.pdf
>
> David
That's a good reference on PRNGs. There is also the work on Yarrow,
h
- Original Message -
From: "Bob Baldwin PlusFive" <[EMAIL PROTECTED]>
To: "Tim Dierks" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, August 22, 2003 1:00 PM
Subject: Re: PRNG design document?
> Tim,
> One issue to consider is whether the system
> that includes the PRNG
- Original Message -
From: "Thor Lancelot Simon" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 29, 2003 3:45 PM
Subject: Re: PRNG design document?
> On Fri, Aug 29, 2003 at 11:27:41AM +0100, Ben Laurie wrote:
> > >
> > > As you mentioned, the FIPS-140-2 approved PRNG
> Allow me to clarify my problem a little. I'm commonly engaged to review
> source code for a security audit, some such programs include a random
> number generator, many of which are of ad-hoc design. The nature of such
> audits is that it's much more appealing to be able to say "here are three
>
Really exiting news. If I'm not mistaken, this would be the first free,
open-source,
crypto library that has FIPS 140 module certification! Other free
open-source
libraries have algorithms that have been FIPS 140 certified, but the whole
module
hasn't been certified (exemple Cryptlib and Crypto++
> On Fri, Sep 05, 2003 at 01:32:21PM -0400, Anton Stiglic wrote:
> > If I'm not mistaken, this would be the first free,
> > open-source, crypto library that has FIPS 140 module certification!
>
> I believe that this is incorrect.
>
> The two open-source proj
> [...]
> The Yarrow RNG uses counter-mode as a PRNG. However in the paper they
> describe some effects you may want to avoid by re-keying depending on
> your application as the stream becomes distinguishable from random
> output.
>
> Adam
This is essentially because if your output sequence of n-
>- Original Message -
>From: "John Doe Number Two" <[EMAIL PROTECTED]>
>To: "R. A. Hettinga" <[EMAIL PROTECTED]>; "Clippable"
<[EMAIL PROTECTED]>
>Cc: <[EMAIL PROTECTED]>
>Sent: Sunday, September 07, 2003 6:45 PM
>Subject: Re: Code breakers crack GSM cellphone encryption
>
>It's nice to
- Original Message -
From: "Greg Rose" <[EMAIL PROTECTED]>
To: "Anton Stiglic" <[EMAIL PROTECTED]>
Cc: "John Doe Number Two" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Monday, September 08, 2003 1:39 PM
Subject: Re: Code break
> Why is it that none of those 100-odd companies with keys in the browsers
> are doing anything with them? Verisign has such a central role in
> the infrastructure, but any one of those other companies could compete.
> Why isn't anyone undercutting Verisign's prices? Look what happened with
> Th
> Schu stressed that several layers of security will prevent hackers from
> accessing the system. VeriSign will house the security servers in its own
> hosting centers. The company will ask military personnel to use their
> Common Access Cards--the latest form of ID for the military--to access
> th
- Original Message -
From: "Tim Dierks" <[EMAIL PROTECTED]>
>
> I think it's a tautology: there's no such thing as MITM if there's no such
> thing as identity. You're talking to the person you're talking to, and
> that's all you know.
That seems to make sense. In anonymity providing s
- Original Message -
From: "Jack Lloyd" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, October 03, 2003 5:13 AM
Subject: DH with shared secret
> This was just something that popped into my head a while back, and I was
> wondering if this works like I think it does. And who ca
- Original Message -
From: "Jerrold Leichter" <[EMAIL PROTECTED]>
> [...]
> | > I think it's a tautology: there's no such thing as MITM if there's no
such
> | > thing as identity. You're talking to the person you're talking to, and
> | > that's all you know.
> |
> | That seems to make se
- Original Message -
From: "Ed Gerck" <[EMAIL PROTECTED]>
To: "Anton Stiglic" <[EMAIL PROTECTED]>
Cc: "Jerrold Leichter" <[EMAIL PROTECTED]>; "Cryptography list"
<[EMAIL PROTECTED]>; "Tim Dierks" <[EMAIL PROTECT
- Original Message -
From: "bear" <[EMAIL PROTECTED]>
To: "John S. Denker" <[EMAIL PROTECTED]>
Cc: "R. A. Hettinga" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, October 03, 2003 6:05 PM
Subject: Re: anonymity +- credentials
>
>
> On Fri, 3 Oct 2003, John S. Denker wrote:
>
> >
- Original Message -
From: "Jerrold Leichter" <[EMAIL PROTECTED]>
To: "Anton Stiglic" <[EMAIL PROTECTED]>
Cc: "Jerrold Leichter" <[EMAIL PROTECTED]>; "Cryptography list"
<[EMAIL PROTECTED]>; "Tim Dierks" <[EMAIL
- Original Message -
From: "Jerrold Leichter" <[EMAIL PROTECTED]>
To: "Tim Dierks" <[EMAIL PROTECTED]>
Cc: "Jerrold Leichter" <[EMAIL PROTECTED]>; "Cryptography list"
<[EMAIL PROTECTED]>
Sent: Friday, October 03, 2003 8:19 PM
Subject: Re: anonymous DH & MITM
> | From: Tim Dierks <[EMAIL
- Original Message -
From: "Ian Grigg" <[EMAIL PROTECTED]>
> [...]
> In terms of actual "practical" systems, ones
> that implement to Brands' level don't exist,
> as far as I know?
There were however several projects that implemented
and tested the credentials system. There was CAFE
- Original Message -
From: "Peter Gutmann" <[EMAIL PROTECTED]>
> [...]
> If you think that's scary, look at Microsoft's CryptoAPI for Windows XP
FIPS
> 140 certification. As with physical security certifications like BS 7799,
you
> start by defining your security perimeter, defining ever
- Original Message -
From: "Peter Gutmann" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, October 07, 2003 11:07 AM
Subject: Re: NCipher Takes Hardware Security To Network Level
> "Anton Stiglic" <[EMAIL
- Original Message -
From: "Peter Gutmann" <[EMAIL PROTECTED]>
> [...]
>
> The problem is
> that what we really need to be able to evaluate is how committed a vendor
is
> to creating a truly secure product.
> [...]
I agree 100% with what you said. Your 3 group classification seems
accur
- Original Message -
From: "R.Sriram" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, October 10, 2003 1:20 AM
Subject: Internal format of RSA private keys in microsoft keystore.
> Greetings,
>
> In the process of trying to work around some of the limitations
> of the m$-CAPI
- Original Message -
From: "Ian Grigg" <[EMAIL PROTECTED]>
> * In contrast, someone who knows little about cars,
> can objectively evaluate a car. They can take it
> for a test drive and see if it feels right. Using
> it is proving it.
I'm not totally convinced of this... Someone wit
- Original Message -
From: "Tom Otvos" <[EMAIL PROTECTED]>
> As far as I can glean, the general consensus in WYTM is that MITM attacks
are very low (read:
> inconsequential) probability.
I'm not certain this was the consensus.
We should look at the scenarios in which this is possible,
> I'm not sure how you come to that conclusion. Simply
> use TLS with self-signed certs. Save the cost of the
> cert, and save the cost of the re-evaluation.
>
> If we could do that on a widespread basis, then it
> would be worth going to the next step, which is caching
> the self-signed certs,
- Original Message -
From: "Jeremiah Rogers" <[EMAIL PROTECTED]>
To: "crypto list" <[EMAIL PROTECTED]>
Sent: Sunday, November 16, 2003 12:50 PM
Subject: Re: A-B-a-b encryption
> This is Shamir's Three-Pass Protocol, described in section 22.3 of
> Schneier. It requires a commutative crypt
"David Wagner" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> martin f krafft wrote:
> >it came up lately in a discussion, and I couldn't put a name to it:
> >a means to use symmetric crypto without exchanging keys:
> >
> > - Alice encrypts M with key A and sends it to Bob
> > -
- Original Message -
From: "Perry E.Metzger" <[EMAIL PROTECTED]>
> Some notes have been floating around claiming that there are bugs in
> GPG's use of El Gamal keys. For example, see:
>
http://groups.google.com/groups?selm=E1AOvTM-0001nY-00%40alberti.g10code.de&oe=UTF-8&output=gplain
>
>
- Original Message -
From: "Ralf Senderek" <[EMAIL PROTECTED]>
To: "Werner Koch" <[EMAIL PROTECTED]>; "cryptography" <[EMAIL PROTECTED]>
Sent: Thursday, November 27, 2003 11:23 AM
Subject: Re: Problems with GPG El Gamal signing keys?
> On Thu, 27 Nov 2003, Werner Koch wrote:
>
> > Yes,
- Original Message -
From: "Peter Fairbrother" <[EMAIL PROTECTED]>
To: "David Wagner" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Saturday, December 06, 2003 7:58 PM
Subject: Re: safety of Pohlig-Hellman with a common modulus?
> David Wagner wrote:
>
> > Steve Bellovin wrote:
> >> I
- Original Message -
From: "Carl Ellison" <[EMAIL PROTECTED]>
To: "'Will Rodger'" <[EMAIL PROTECTED]>; "'Steve Bellovin'"
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Sunday, December 07, 2003 8:44 AM
Subject: RE: yahoo to use public key technology for anti-spam
> I, for one, hate the
- Original Message -
From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
> I use a variety of email addresses, for various reasons. I have my
> usual work account, some university accounts, a few personal accounts,
> one I reserve for EBay use, etc. I also use several different SMTP
> se
> Previously used primarily in scientific/academic applications, "zero
> knowledge" authentication is a method of proving a user's identity without
> revealing his password to the verifier.
So anybody knows exactly what this zero-knowledge authentication is
that they use?
> Using this technology,
>Good day,
> I wonder if you could suggest some of the best postgraduate programs
focusing on crypto related themes in the world?
>I am making research that will relate schools, security advances and
government policies on several countries and knowing your suggestions >on
good schools is a key com
> Some folks here might be interested in
>http://webservices.xml.com/pub/a/ws/2003/12/09/salz.html
> which walks through a secure, auditable root keygen and signing ceremony.
We had something similar going on at Zeroknowlege Systems for the PKI
of the Freedom servers. But the password that pr
The thing about CIA is that it is commonly used in security (not
cryptography)
courses to mean Confidentiality, Integrity (of systems) and Availability
(instead
of Authentication). Availability of systems, services and information.
For crypto I always talked about CAIN or PAIN (like in no PAIN
no
NSA Windows hardening guides:
http://nsa2.www.conxion.com/
--Anton
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
- Original Message -
From: "Jerrold Leichter" <[EMAIL PROTECTED]>
Cc: "Cryptography" <[EMAIL PROTECTED]>
Sent: Wednesday, January 07, 2004 7:14 AM
Subject: Re: [Fwd: Re: Non-repudiation (was RE: The PAIN mnemonic)]
> Now that we've trashed non-repudiation ... just how is it different fr
The attacks by Dobbertin on MD5 only allow to find collisions in the
compression function, not the whole MD5 hash.
But it is a sign that something might be fishy about MD5.
MD5 output is 128 bits. There are two types of collision finding
attacks that can be applied. In the first you are given
> > But if you are given the choice between using MD5 and SHA1, I'd prefer
> > SHA1, but I wouldn't be concerned with someone using MD5 isntead of SHA1
> > for the time being. In other words, if I were to do a risk analysis, I
would
> > identify
> > the use of MD5 instead of SHA1 as one of the maj
Stefan Brands started his own company,
http://www.credentica.com/
There isn't much on the web site yet, but if you click on the image you get
the info
email address.
The code that was developed for Brands credentials at ZKS was never
released. There was also code written during the ESPRIT proje
- Original Message -
From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
To: "Ian Grigg" <[EMAIL PROTECTED]>
Cc: "Graeme Burnett" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, May 11, 2004 11:36 AM
Subject: Re: The future of security
> In message <[EMAIL PROTECTED]>, Ian Grigg wri
>
> Does anyone know of an SSL acceleration card that actually works under
> Linux/*BSD?
I successfully used a Broadcom PCI card on a Linux (don't remember
what Linux and kernel version, this was close to 2 years ago).
If I remember correctly it was the BCM5820 processor I used
http://www.broadcom
A list can be found here
http://www.homeport.org/~adam/crypto/
There are several things that you might want to consider, other than the
language in which the library was written of course.
You might want to consider the cryptographic algorithms that are supported,
and support for standards such
>-Original Message-
>From: [EMAIL PROTECTED]
[mailto:owner->[EMAIL PROTECTED] On Behalf Of Peter Gutmann
>Sent: 29 juin 2004 09:49
>To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
>Subject: RE: recommendations/evaluations of free / low-cost crypto
>librar
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Denker
Sent: 1 juillet 2004 14:27
To: [EMAIL PROTECTED]
Cc: Ian Grigg
Subject: Re: authentication and authorization (was: Question on the state of
the security industry)
>1) For starters, "identity theft
>-Original Message-
>From: John Denker [mailto:[EMAIL PROTECTED]
>Sent: 5 juillet 2004 18:28
>To: Anton Stiglic
>Cc: [EMAIL PROTECTED]; 'Ian Grigg'
>Subject: Re: authentication and authorization
>[...]
>We should assume that the participants on
>However, in some scenarios
>http://www.garlic.com/~lynn/2001h.html#61
>the common use of static data is so pervasive that an individual's
>information
>is found at thousands of institutions. The value of the information to the
>criminal is that the same information can be used to perpetrate fraud
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ed Gerck
Sent: 7 juillet 2004 14:46
To: [EMAIL PROTECTED]
Subject: identification + Re: authentication and authorization
>I believe that a significant part of the problems discussed here is that
>the three
My 2 cents on the subject...
The automatic toll fee system I am most familiar with is that of Kapsh (used
to be Combitech). They have implemented automatic toll fee collection in
many countries around the world (in Europe, Asia, Australia, south
America)...
http://www.kapsch.se/
I think they u
>This barely deserves mention, but is worth it for the humor:
>"Information Security Expert says SSL (Secure Socket Layer) is Nothing More
>Than a Condom that Just Protects the Pipe"
>http://www.prweb.com/releases/2004/7/prweb141248.htm
The article says
"The weaknesses of SSL implementations have
>> [...] I find it hard to imagine how you
>> can even know whether it "seems to work", let alone has some subtle
>> problem.
>
>That's clearly a much harder problem--and indeed I suspect it's behind
>the general lack of interest that the public has shown in anonymous
>systems.
>
>-Ekr
The lack o
>You stated that http://www.pgp.com is an SSL-protected page, but did you
>mean https://www.pgp.com? On my Powerbook, with all the browsers I get an
>error that the certificate is wrong and they end up at http://www.pgp.com.
What I get is a bad certificate, and this is due to the fact that the
ce
About using a signature key to only sign contents presented in a meaningful
way that the user supposedly read, and not random challenges:
The X.509 PoP (proof-of-possession) doesn't help things out, since a public
key certificate is given to a user by the CA only after the user has
demonstrated t
There is some detail in the FIPS 140 security policy of Microsoft's
cryptographic provider, for Windows XP and Windows 2000. See for example
http://csrc.nist.gov/cryptval/140-1/140sp/140sp238.pdf
where they say the RNG is based on FIPS 186 RNG using SHS. The seed is
based on the collection of al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ed Gerck
Sent: 10 août 2004 13:42
To: [EMAIL PROTECTED]
Subject: Re: Microsoft .NET PRNG (fwd)
>The PRNG should be the least concern when using MSFT's cryptographic
>provider. The MSFT report 140sp238.pdf s
>Mathematicians could be on the verge of solving two separate million dollar
>problems. If they are right - still a big if - and somebody really has
>cracked the so-called Riemann hypothesis, financial disaster might follow.
>Suddenly all cryptic codes could be breakable. No internet transaction
>w
http://www.theregister.co.uk/2004/10/05/biometric_thinkpad_t42/
I wonder how well it can counter the attacks discussed by researchers in the
last few years. Like reactivating a fingerprint authentication by breathing
on the sensor's surface containing residue fat traces of the finger, or
placing
>This sounds very confused. Certs are public. How would knowing a copy
>of the server cert help me to decrypt SSL traffic that I have intercepted?
I found allot of people mistakenly use the term certificate to mean
something like a pkcs12 file containing public key certificate and private
key.
>David Wagner wrote:
>> Ben Laurie writes:
>
>
>> Or, even more contrived, imagine that img1.jpg looks
>> like a completely normal JPG file, but img2.jpg exploits some buffer
>> overrun in the startup screen's JPG decoder to overwrite the program's
>> image with some other malicious code.
>>
>> Su
>> I guess the small increase in efficiency would not be worth additional
>> program code.
>
> That depends on the size of the numbers you're working with...
> Considering the research that goes into fast implementations of
> PowerMod I don't think the required computation is trivial.
>
>> Although
>> Although the Carmichael numbers fool the Fermat test
>> (that is, $a^{n-1} = 1 (n)$) for *all* a, there are no such things for
>> the Miller-Rabin test: for any odd composite n at least 3/4 of a's
>> fail the test, that is if you made m MR tests with random a's then you
>> are mistaken with pr
>The general consensus is that for 500-bit numbers one needs only 6 MR
>tests for 2^{-80} error probability [1]:
>...
> and thus a single test gives ~2^{-13}.
If you just took the exponent 80 and divided it by 6 to get ~13, I don't
think that is the right reasoning. Look at table 4.3 of the H
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joseph Ashwood
Sent: November 18, 2005 3:18 AM
To: cryptography@metzdowd.com
Subject: Re: Fermat's primality test vs. Miller-Rabin
>> Look at table 4.3 of the Handbook of
>> applied cryptography: for t = 1
It can be useful to derive a key encryption key from the password, and not
use the key derived from the password to directly encrypt data you want to
protect, when the resulting ciphertext can be found in different places
where your encrypted key won't necessarly also be found. For example, to
enc
>Ok after making that change, and a few others. Selecting only odd numbers
>(which acts as a small seive) I'm not getting much useful information. It
>appears to be such that at 512 bits if it passes once it passes 128 times,
>and it appears to fail on average about 120-130 times, so the sieve
>Actually, by definition, a cipher should be a permutation from the set
>of plaintexts to the set of ciphertexts. It has to be 1 to 1 bijective
>or it isn't an encryption algorithm.
>
>Therefore, if you want an ergodic sequence of size 2^N, a counter
>encrypted under an N bit block cipher will do i
I agree. The cryptodox page looks nice, but I would rather see the content
go in wikipedia, which is worked on, and looked at, by many more people, a
really beautiful community work.
--anton
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Whyte, William
I don't believe MtE is good advice, and I have yet to see a decent reason
why one would want to use that instead of EtM.
Of course when we talk about EtM, the MAC should be applied over all
plaintext headers and trailers (including IV used for encryption, algorithm
identifier, protocol version, wh
>More strongly, if we've never met, and you are not in the habit of
>routinely signing email, thereby tying a key to your e-persona, it
>makes no sense to speak of *secure* communication to *you*.
Regularly signing email is not necessarily a good idea. I like to be able
to repudiate most emails
> David Wagner writes:
> SB1386 says that if a company conducts business in Caliornia and
> has a system that includes personal information stored in unencrypted from
> and if that company discovers or is notified of a breach of the security
> that system, then the company must notify any Californi
I tried coming up with my own forged signature that could be validated with
OpenSSL (which I intended to use to test other libraries). I haven't
succeeded, either because in the particular example I came up with OpenSSL
does something that catches the invalid signature, or I messed up somewhere
(
E: Exponent 3 damage spreads...
Anton Stiglic writes:
> I tried coming up with my own forged signature that could be validated
with
> OpenSSL (which I intended to use to test other libraries). ...
> Now let's look at s^3
> 1FF
As other's have mentioned, I don't believe the small RSA exponent (e = 3)
is to blame in Bleichenbacher's attack.
Indeed, the mathematical problem of computing the cubic root of m modulo
an rsa modulus n, for a *fixed*, arbitrary m, is still considered to be
hard (no one has shown the opposite).
Wh
O.k., thanks to Hal Finney for pointing out to me in a private email that my
modulus wasn't in fact the right size. I have had some problems with the
openssl key generation (doesn't always seem to generate the exact modulus
size I ask for).
In attachment, the forged signature opensslB-fake-bin.
Very interesting, I wonder how this integrates with the following paper
http://citeseer.ist.psu.edu/bellare06new.html
which basically says:
Abstract: HMAC was proved in [2] to be a PRF assuming that (1) the
underlying compression function is a PRF, and (2) the iterated hash
function is weakly col
You will find a couple of references on traffic analysis applied to
anonymous networks here
http://freehaven.net/anonbib/
--Anton
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Leandro Meiners
Sent: October 19, 2006 2:09 PM
To: Cryptography
Subject: Traf
I am not convinced that we need intuitive cryptography.
Many things in life are not understood by the general public.
How does a car really work: most people don't know but they still drive one.
How does a microwave oven work?
People don't need to understand the details, but the high level conce
Bill Stewart wrote:
>Salt is designed to address a couple of threats
>- Pre-computing password dictionaries for attacking wimpy passwords
>...
Yes indeed. The rainbow-tables style attacks are important to protect
against, and a salt does the trick. This is why you can find rainbow tables
for Lan
86 matches
Mail list logo
