Re: identification + Re: authentication and authorization

2004-07-09 Thread Aram Perez
by CitiBank. With high regards, Aram Perez [snip] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: New Attack on Secure Browsing

2004-07-16 Thread Aram Perez
go to there site, see http://www.yahoo.com or http://www.google.com. Maybe Jon can answer the question. Respectfully, Aram Perez - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: should you trust CAs? (Re: dual-use digital signature vulnerability)

2004-07-30 Thread Aram Perez
. I can repeat this until I'm bankrupt and Verisign will gladly accept my money. I agree with Michael H. If you trust the CA to issue a cert, it's not that much more to trust them with generating the key pair. Respectfully, Aram Perez

Re: should you trust CAs? (Re: dual-use digital signature vulnerability)

2004-08-03 Thread Aram Perez
Hi Adam, From: Adam Back [EMAIL PROTECTED] Date: Fri, 30 Jul 2004 17:54:56 -0400 To: Aram Perez [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], Cryptography [EMAIL PROTECTED], Adam Back [EMAIL PROTECTED] Subject: Re: should you trust CAs? (Re: dual-use digital signature vulnerability) On Wed

Re: Al Qaeda crypto reportedly fails the test

2004-08-13 Thread Aram Perez
Hi Chris, Steven M. Bellovin writes: http://www.petitcolas.net/fabien/kerckhoffs/index.html for the actual articles.) Does there exist an English translation (I'd be surprised if not)? If not, I'd be happy to provide one if there were sufficient interest. I'd be interested in an English

Blowsearch Secured Messanger

2005-02-10 Thread Aram Perez
sarcasmBSM must be very secure!/sarcasm Quote from the web site: Blowsearch Secured Messenger utilizes the OpenSSL library to provide encryption routines for your Instant Messages. We use a combination of randomly selected schemes and bit lengths, ranging up to 4096 bits, with additional

Re: ID theft -- so what?

2005-07-14 Thread Aram Perez
support./RANT-PET_PEEVE Respectfully, Aram Perez On Jul 14, 2005, at 6:19 AM, Perry E. Metzger wrote: Ian Grigg [EMAIL PROTECTED] writes: It's 2005, PKI doesn't work, the horse is dead. He's not proposing PKI, but nymous accounts. The account is the asset, the key is the owner; Actually, I

Re: the limits of crypto and authentication

2005-07-14 Thread Aram Perez
installed on their PCs before selling a product? Or were you going to sell to anyone who used a web browser that supported SSL? It was very simple economics, even if you had to pay VeriSign $400 for your SSL certificate and pay Visa/MasterCard a higher fee. Respectfully, Aram Perez

Re: the limits of crypto and authentication

2005-07-15 Thread Aram Perez
. The client-merchant protocol supported clients without certs. Respectfully, Aram Perez - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Motorist wins case after maths whizzes break speed camera code

2005-08-11 Thread Aram Perez
, Aram Perez - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

High-risk flaws in Skype

2005-10-26 Thread Aram Perez
http://searchsecurity.techtarget.com/originalContent/ 0,289142,sid14_gci1136763,00.html?track=NL-102ad=530772 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Another Skype Study

2005-11-10 Thread Aram Perez
Don't recall seeing this on the list: http://www.ossir.org/windows/ supports/2005/2005-11-07/EADS-CCR_Fabrice_Skype.pdf Enjoy, Aram Perez - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography

Web Browser Developers Work Together on Security

2005-11-30 Thread Aram Perez
Core KDE developer George Staikos recently hosted a meeting of the security developers from the leading web browsers. The aim was to come up with future plans to combat the security risks posed by phishing, ageing encryption ciphers and inconsistent SSL Certificate practise. Read on for

Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-07 Thread Aram Perez
as a (million dollar) yacht. There is no such thing as one-size encryption system fits all cases. Regards, Aram Perez - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: CD shredders, was Re: thoughts on one time pads

2006-02-02 Thread Aram Perez
On Feb 1, 2006, at 3:50 AM, Travis H. wrote: On 1/28/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: In our office, we have a shredder that happily takes CDs and is designed to do so. It is noisy and cost $500. Here's one for $40, although it doesn't appear to shred them so much as make them

Re: passphrases with more than 160 bits of entropy

2006-03-22 Thread Aram Perez
- 255 have maximum entropy but have no randomness (although there is finite probability that a RNG will produce the sequence). Regards, Aram Perez - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography

Re: passphrases with more than 160 bits of entropy

2006-03-22 Thread Aram Perez
On Mar 22, 2006, at 9:04 AM, Perry E. Metzger wrote: Aram Perez [EMAIL PROTECTED] writes: Entropy is a highly discussed unit of measure. And very often confused. Apparently. While you do want maximum entropy, maximum entropy is not sufficient. The sequence of the consecutive numbers 0

Entropy Definition (was Re: passphrases with more than 160 bits of entropy)

2006-03-22 Thread Aram Perez
requested passphrases with more than 160 bits of entropy, what was he requesting? * Does processing an 8 character password with a process similar to PKCS#5 increase the entropy of the password? * Can you add or increase entropy? Thanks in advance, Aram Perez

Why phishing works

2006-04-24 Thread Aram Perez
I don't recall seeing this here, but a friend sent me the following link: http://people.deas.harvard.edu/~rachna/papers/ why_phishing_works.pdf Enjoy, Aram Perez - The Cryptography Mailing List Unsubscribe by sending

Re: Chinese WAPI protocol?

2006-06-12 Thread Aram Perez
Hi Richard, I have not looked at WAPI, but they have been trying to get it approved for a number of years, check out http://en.wikipedia.org/wiki/WAPI (has link to algorithm) and http://www.foxnews.com/story/0,2933,199082,00.html. Regards, Aram Perez On Monday, June 12, 2006, at 03:25PM

Re: Chinese WAPI protocol?

2006-06-12 Thread Aram Perez
Hi Folks, My apologies on stating that the Wiki page had a link to the algorithm. I saw the link but didn't click on it to see if in fact there was a description of the actual algorithm. Regards, Aram Perez On Monday, June 12, 2006, at 06:45PM, David Wagner [EMAIL PROTECTED] wrote: [snip

Re: EMC is buying RSA

2006-06-29 Thread Aram Perez
version of the story: http:// news.moneycentral.msn.com/ticker/article.asp?Feed=BWDate=20060629ID =5836046Symbol=US:RSAS Regards, Aram Perez - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography

Interesting paper on PKI and TRUSTe

2006-09-28 Thread Aram Perez
results for the same search terms. See http://www.benedelman.org/publications/advsel-trust-draft.pdf Enjoy, Aram Perez - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

More info in my AES128-CBC question

2007-04-20 Thread Aram Perez
. As I mentioned, the response to my question of why would we standardize this was that's how SD cards do it. I'll look at the references and hopefully convince enough people that it's a bad idea. Thanks again, Aram Perez

Change of Heart WRT to a Fixed IV of 0's

2007-04-22 Thread Aram Perez
Hi Folks, The latest version the document, where the use of a fixed IV of zeros was originally proposed, now has a regular random IV. Thanks for all the support, Aram Perez - The Cryptography Mailing List Unsubscribe

Re: More info in my AES128-CBC question

2007-04-24 Thread Aram Perez
Hi Nico, On Apr 23, 2007, at 8:11 AM, Nicolas Williams wrote: On Sun, Apr 22, 2007 at 05:59:54PM -0700, Aram Perez wrote: No, there will be message integrity. For those of you asking, here's a high level overview of the protocol is as follows: [...] 3) Data needing confidentiality

The best riddle you wil hear today...

2007-05-02 Thread Aram Perez
http://farm1.static.flickr.com/191/480556169_6d731d2416_o.jpg - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Quantum Cryptography

2007-06-21 Thread Aram Perez
Hi Folks, On a legal mailing list I'm on there is a bunch of emails on the perceived effects of quantum cryptography. Is there any authoritative literature/links that can help clear the confusion? Thanks in advance, Aram Perez

Another Snake Oil Candidate

2007-09-11 Thread Aram Perez
The world's most secure USB Flash Drive: https://www.ironkey.com/demo. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Another Snake Oil Candidate

2007-09-12 Thread Aram Perez
Hi Jon, On Sep 11, 2007, at 5:35 PM, Jon Callas wrote: I'm a beta-tester for it, and while I can understand a small twitch when they talk about miltary and beyond military levels of security, it is very cool. It has hardware encryption and will erase itself if there are too many

Re: flavors of reptile lubricant, was Another Snake Oil Candidate

2007-09-13 Thread Aram Perez
extend Unbreakability (normally applied to software, but IronKey claims the epoxy prevents criminals from getting to the internal hardware components). Respectfully, Aram Perez - The Cryptography Mailing List Unsubscribe

Re: OK, shall we savage another security solution?

2007-09-19 Thread Aram Perez
Hi Jerry, On Tuesday, September 18, 2007, at 07:24PM, Leichter, Jerry [EMAIL PROTECTED] wrote: Anyone know anything about the Yoggie Pico (www.yoggie.com)? It claims to do much more than the Ironkey, though the language is a bit less marketing-speak. On the other hand, once I got through the

Re: Dutch Transport Card Broken

2008-01-25 Thread Aram Perez
by the reader. Regards, Aram Perez - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Book Review

2008-03-15 Thread Aram Perez
Hi Folks, Does anyone have a review on the upcoming book Modern Cryptanalysis: Techniques for Advanced Code Breaking by Christopher Swenson? Thanks, Aram Perez - The Cryptography Mailing List Unsubscribe by sending unsubscribe