of PL/I for
the lack of buffer overruns in Multics. However, in the Unix/Linux/PC/Mac
world, a successor language has not yet appeared.
YMMV - Bill
-
Bill Frantz | Due process for all| Periwinkle -- Consulting
.
But with a key server, I didn't have to bother Carl to send me my key. Or
depend on him being online when I needed it.
Cheers - Bill
-
Bill Frantz | Due process for all| Periwinkle -- Consulting
(408)356-8506
-
Bill Frantz | A Jobless Recovery is | Periwinkle -- Consulting
(408)356-8506 | like a Breadless Sand- | 16345 Englewood Ave.
[EMAIL PROTECTED] | wich. -- Steve Schear | Los Gatos, CA 95032, USA
Note that proposals such as Tyler Close's YURL
http://www.waterken.com/dev/YURL/ avoid the issue of trust in the
TTP/CA. As such, I find them attractive whenever they can be used.
Cheers - Bill
-
Bill Frantz| There's
would just go away.
See:
http://www.combex.com/tech/edesk.html
http://www.combex.com/papers/darpa-review/index.html
http://www.combex.com/papers/darpa-report/index.html
Cheers - Bill
-
Bill Frantz| There's nothing so
At 8:12 AM -0700 9/27/03, [EMAIL PROTECTED] wrote:
On Fri, 26 Sep 2003, Bill Frantz wrote:
The real problem is that the viewer software, whether it is an editor, PDF
viewer, or a computer language interpreter, runs with ALL the user's
privileges. If we ran these programs with a minimum
, our degree of trust in an HTML should be less, and we
shouldn't trust a Word format renderer at all (thanks to Word Macro
viruses).
At 9:21 PM -0700 9/30/03, Peter Gutmann wrote:
Bill Frantz [EMAIL PROTECTED] writes:
The real problem is that the viewer software, whether it is an editor, PDF
protocols seems to be obvious,
although the inspector part seems to be more ad hoc and community based.
(But there's no building permit either.)
Cheers - Bill
-
Bill Frantz| There's nothing so clear as | Periwinkle
- Bill
-
Bill Frantz| There's nothing so clear as | Periwinkle
(408)356-8506 | vague idea you haven't written | 16345 Englewood Ave
www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
code to subvert KeyKOS. How do people feel about this form of
argument?
Cheers - Bill
-
Bill Frantz| There's nothing so clear as a | Periwinkle
(408)356-8506 | vague idea you haven't written | 16345 Englewood
in transit. I suppose
it also provides some level of security because someone wanting to do a
quick grab from luggage will probably pick a less-secured piece.\
Cheers - Bill
-
Bill Frantz| There's nothing so clear
-
Bill Frantz| There's nothing so clear as a | Periwinkle
(408)356-8506 | vague idea you haven't written | 16345 Englewood Ave
www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
-
Bill Frantz| There's nothing so clear as a | Periwinkle
(408)356-8506 | vague idea you haven't written | 16345 Englewood Ave
www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
-
Bill Frantz| There's nothing so clear as a | Periwinkle
(408)356-8506 | vague idea you haven't written | 16345 Englewood Ave
www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
following a hyperlink, you
need only check that the expected reminder note is being displayed. If so, you
can be sure you are using the same site you have in the past.
Cheers - Bill
-
Bill Frantz| The first thing you need
practitioner skilled in the art
as to be non-patentable (except in the USA, where obviousness is no barrier).
In any case I put it into the public domain.
---
Bill Frantz| gets() remains as a monument | Periwinkle
(408
a good master password, and a site name, and hashes them together to
produce a site-specific password.
Cheers - Bill
-
Bill Frantz| The first thing you need | Periwinkle
(408)356-8506 | when using a perimeter
-
Bill Frantz| The first thing you need | Periwinkle
(408)356-8506 | when using a perimeter | 16345 Englewood Ave
www.pwpconsult.com | defense is a perimeter.| Los Gatos, CA 95032
-
The Cryptography Mailing
for System Programming.
Datamation, May 1969. 15(5): p. 68-76. URL:
http://home.nycap.rr.com/pflass/plisprg.htm
Cheers - Bill
---
Bill Frantz| gets() remains as a monument | Periwinkle
(408)356-8506 | to C's
-
Bill Frantz| The first thing you need | Periwinkle
(408)356-8506 | when using a perimeter | 16345 Englewood Ave
www.pwpconsult.com | defense is a perimeter.| Los Gatos, CA 95032
One issue I have not seen addressed in these contactless payment systems is
the needs of people who carry multiple payment instruments. A simple example
is a personal and a corporate credit card.
Cheers - Bill
-
Bill Frantz
On 9/21/05, [EMAIL PROTECTED] (Nick Owen) wrote:
Interesting question. I know that we can solve it on a
application-enabled cell phone with public keys - each service has only
swapped public keys so you can have any number. Can such a thing be
done on an RFID card too?
Bill Frantz wrote:
One
remaining correct
during maintenance. This level of coupling between caller and callee is
too risky for reliable software.
Cheers - Bill
-
Bill Frantz| The first thing you need | Periwinkle
(408)356-8506 | when using
the petname or
trustbar tools to provide the memory that make self-signed certs like
SSH keys.
Cheers - Bill
-
Bill Frantz| The first thing you need | Periwinkle
(408)356-8506 | when using a perimeter | 16345
- Bill
-
Bill Frantz| The first thing you need | Periwinkle
(408)356-8506 | when using a perimeter | 16345 Englewood Ave
www.pwpconsult.com | defense is a perimeter.| Los Gatos, CA 95032
---
Bill Frantz| gets() remains as a monument | Periwinkle
(408)356-8506 | to C's continuing support of | 16345 Englewood Ave
www.pwpconsult.com | buffer overruns. | Los Gatos, CA 95032
in an exchange can be represented. (A terabit/second is
10**12 bits/second. 32 bits can represent a million seconds at that
data rate. 64 bits can represent much longer data items.)
Cheers - Bill
---
Bill Frantz| gets
---
Bill Frantz| I like the farmers' market | Periwinkle
(408)356-8506 | because I can get fruits and | 16345 Englewood Ave
www.pwpconsult.com | vegetables without stickers. | Los Gatos, CA 95032
from virus scanners.
Cheers - Bill
---
Bill Frantz| I like the farmers' market | Periwinkle
(408)356-8506 | because I can get fruits and | 16345 Englewood Ave
www.pwpconsult.com | vegetables without stickers. | Los
. And in all cases,
OSes should give the user more support in making sound decisions.
See for example: http://www.skyhunter.com/marcs/granmaRulesPola.html
Cheers - Bill
-
Bill Frantz| The first thing you need when
/distrib/vattp/index.html
[2] http://www.erights.org/elib/distrib/vattp/SSLvsDataComm.html
---
Bill Frantz| gets() remains as a monument | Periwinkle
(408)356-8506 | to C's continuing support of | 16345 Englewood Ave
-
Bill Frantz| The first thing you need when | Periwinkle
(408)356-8506 | using a perimeter defense is a | 16345 Englewood Ave
www.pwpconsult.com | perimeter. | Los Gatos, CA 95032
-
The Cryptography
-
Bill Frantz| The first thing you need when | Periwinkle
(408)356-8506 | using a perimeter defense is a | 16345 Englewood Ave
www.pwpconsult.com | perimeter. | Los Gatos, CA 95032
securely recognize a
site, we can form our own trust decisions, without the necessity of
involving third parties.
Cheers - Bill
-
Bill Frantz| The first thing you need when | Periwinkle
(408)356-8506 | using a perimeter
they don't use it
to track people's trips.
If one were paranoid, one could put a different ID into the
transponder for each trip, and only put the one it was issued with
into it for toll crossings. :-)
Cheers - Bill
---
Bill
---
Bill Frantz|We used to quip that password is the most common
408-356-8506 | password. Now it's 'password1.' Who said users haven't
www.periwinkle.com | learned anything about security? -- Bruce Schneier
the same way as the real world one has.
Cheers - Bill
-
Bill Frantz| The first thing you need when | Periwinkle
(408)356-8506 | using a perimeter defense is a | 16345 Englewood Ave
www.pwpconsult.com | perimeter
on the basis that they cannot be trusted to
protect themselves adequately.
My 96 year old mother does not have a check book or credit cards.
All her bills are paid through her lawyer's office. QED.
Cheers - Bill
---
Bill Frantz
of the CNCI.
Multidisciplinary contributions from organizations with cybersecurity
interests are especially encouraged.
Cheers - Bill
-
Bill Frantz| When it comes to the world | Periwinkle
(408)356-8506
and far between.
Short of building special random number generation hardware, does
anyone have any suggestions for additional sources?
Cheers - Bill
---
Bill Frantz| Barack Hussein Obama, President of the United States.
408
compromising their machines. I could see the operators moving toward
being legitimate security firms, protecting computers against compromise in
exchange for some of the proof of work (POW) money.
Cheers - Bill
-
Bill Frantz
bothered. There
is probably safe profit in skimming small amounts from large number of
machines just like there was profit in skimming the round off in payroll
calculations.
Cheers - Bill
-
Bill Frantz| The first thing you
for the first introduction, and something
more robust for subsequent sessions, these attack scenarios would be less
likely.
Cheers - Bill
---
Bill Frantz| gets() remains as a monument | Periwinkle
(408)356-8506 | to C's
. The popularity of the noscript plugin for Firefox means
that perhaps I'm not the only one out in left field.
Cheers - Bill
---
Bill Frantz| gets() remains as a monument | Periwinkle
(408)356-8506 | to C's continuing
if you're not going to lock the key schedule?)
You should probably use the encrypted swap feature on the Mac.
System Preferences - Security - Use secure virtual memory.
Cheers - Bill
---
Bill Frantz| gets() remains
in their database on a
certain date. Fat chance it will happen.
Cheers - Bill
---
Bill Frantz|Web security is like medicine - trying to do good for
408-356-8506 |an evolved body of kludges - Mark Miller
www.periwinkle.com
using a
non-deterministic key, then there doesn't seem to be anything obvious wrong
with the approach. (But remember, I'm far from an expert.)
Cheers - Bill
---
Bill Frantz|After all, if the conventional wisdom was working
, but that seems a minor inconvenience.
This kind of device sounds like a fine device for a banking industry
committee to specify.
Cheers - Bill
-
Bill Frantz| Airline peanut bag: Produced | Periwinkle
(408)356-8506
target companies...
Cheers - Bill
---
Bill Frantz|After all, if the conventional wisdom was working, the
408-356-8506 | rate of systems being compromised would be going down,
www.periwinkle.com | wouldn't
for everyone.
Cheers - Bill
---
Bill Frantz| I like the farmers' market | Periwinkle
(408)356-8506 | because I can get fruits and | 16345 Englewood Ave
www.pwpconsult.com | vegetables without stickers. | Los Gatos, CA
to go any further than this.
Cheers - Bill
---
Bill Frantz| I like the farmers' market | Periwinkle
(408)356-8506 | because I can get fruits and | 16345
Englewood Ave
www.pwpconsult.com | vegetables without stickers
to find a ceramic
tile store. The paper yellow pages had survived being left in
the driveway in the rain and I used it.
However, I agree that this is the 2% case for many parts of the world.
Cheers - Bill
---
Bill Frantz
to share this with interested parties
via email, but
no posting is allowed on web sites. For a free subscription,
(and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
Cheers - Bill
---
Bill
, there's always AMD.
Cheers - Bill
---
Bill Frantz| gets() remains as a monument | Periwinkle
(408)356-8506 | to C's continuing support of | 16345
Englewood Ave
www.pwpconsult.com | buffer overruns. | Los
/
---
Bill Frantz| Truth and love must prevail | Periwinkle
(408)356-8506 | over lies and hate. | 16345
Englewood Ave
www.pwpconsult.com | - Vaclav Havel | Los Gatos,
CA 95032
___
The cryptography mailing list
cryptography
safer if the data is also protected with a well-examined
algorithm which does not have those properties.
Cheers - Bill (who has finally caught up with the list)
---
Bill Frantz| Re: Computer reliability, performance
On 9/16/13 at 12:36 PM, leich...@lrw.com (Jerry Leichter) wrote:
On Sep 16, 2013, at 12:44 PM, Bill Frantz fra...@pwpconsult.com wrote:
After Rijndael was selected as AES, someone suggested the really paranoid
should super encrypt with
all 5 finalests in the competition. Five level super
signature
algorithms, sends both, and checks both. I think it meets the
no worse than the best of the two test.
Cheers - Bill
---
Bill Frantz|We used to quip that password is the most common
408-356-8506 | password
performance
applications to do something like Bill Frantz suggests. It is in the
nature of people in our community to like playing with such things.
Just don't take them *too* seriously please.
Hay, I like playing in the crypto sandbox, and redundancy is a
classic technique. I have seen questions
would have worked too, but the MAC was free. (I
really don't trust my own code very much.)
Cheers - Bill
-
Bill Frantz| The first thing you need when | Periwinkle
(408)356-8506 | using a perimeter defense
a $50 limit on my risk from fraud.
Cheers - Bill
---
Bill Frantz| Truth and love must prevail | Periwinkle
(408)356-8506 | over lies and hate. | 16345
Englewood Ave
www.pwpconsult.com
client, I suspect a reasonable
percentage of people would do it. It is, after all a one time operation.
Cheers - Bill
---
Bill Frantz| If the site is supported by | Periwinkle
(408)356-8506 | ads, you
a indicator of
which methods passed. :-)
Let's add to the list of methods the SSH method of, The same
key used the last time.
I assume users of the CA method would register with the CA in
some maner which would probably cost money. (How the CA
separates me from Bill Frantz, the professional
they say they aren't interested
in grandma's cookie recipe. I am, but I like good cookies. :0)
---
Bill Frantz| Privacy is dead, get over| Periwinkle
(408)356-8506 | it. | 16345
Englewood
solution I can think of is to audit the output. Look very
carefully at the output of the tool chain, and at the final
piece that loads the configuration data into the device.
Cheers - Bill
---
Bill Frantz|Web
-meta-shift-whoopie which erased the key should the
device be in danger of being captured. And this was a relatively
low security device.
Cheers - Bill
---
Bill Frantz|After all, if the conventional wisdom was
working
judgment based on $$$, Moore's law,
and the speed of DES.
Cheers - Bill
---
Bill Frantz| Privacy is dead, get over| Periwinkle
(408)356-8506 | it. | 16345
Englewood Ave
www.pwpconsult.com
On 9/30/13 at 4:09 PM, cryptogra...@dukhovni.org (Viktor Dukhovni) wrote:
Just because they're after you, doesn't mean they're controlling
your brain with radio waves. Don't let FUD cloud your judgement.
ROTFLOL!
---
Bill
if the system fails.
Cheers - Bill, NCRC instructor
---
Bill Frantz| If the site is supported by | Periwinkle
(408)356-8506 | ads, you are the product.| 16345
Englewood Ave
www.pwpconsult.com
to be weak to them.
Or NSA could have done what it did with DES and chosen a
construct that didn't have that weakness. We just don't know.
Cheers - Bill
---
Bill Frantz| I don't have high-speed | Periwinkle
(408
not increase the level of user work in cases where there
isn't, in fact, a security problem.
I'm interested in cases where Mailman passwords have been abused.
Cheers - Bill
---
Bill Frantz| If the site is supported
the cost of the abuse.
Cheers - Bill
-
Bill Frantz| When it comes to the world | Periwinkle
(408)356-8506 | around us, is there any choice | 16345
Englewood Ave
www.pwpconsult.com | but to explore? - Lisa
they can include update in their installation planning.
Cheers - Bill
---
Bill Frantz| If the site is supported by | Periwinkle
(408)356-8506 | ads, you are the product.| 16345
Englewood Ave
www.pwpconsult.com
On 10/8/13 at 7:38 AM, leich...@lrw.com (Jerry Leichter) wrote:
On Oct 8, 2013, at 1:11 AM, Bill Frantz fra...@pwpconsult.com wrote:
We seriously need to consider what the design lifespan of our
crypto suites is in real life. That data should be
communicated to hardware and software
to make the same judgements in high security/high risk applications.
Cheers - Bill
---
Bill Frantz|The nice thing about standards| Periwinkle
(408)356-8506 |is there are so many to choose| 16345
Englewood Ave
On 10/9/13 at 7:12 PM, watsonbl...@gmail.com (Watson Ladd) wrote:
On Tue, Oct 8, 2013 at 1:46 PM, Bill Frantz fra...@pwpconsult.com wrote:
... As professionals, we have an obligation to share our
knowledge of the limits of our technology with the people who
are depending on it. We know
, which are a lot like the
Foolscap references. They are documented at www.erights.org.
Cheers - Bill
---
Bill Frantz| Truth and love must prevail | Periwinkle
(408)356-8506 | over lies and hate. | 16345
77 matches
Mail list logo