Re: Cisco VPN password recovery program

2005-10-21 Thread Bill Squier
On Oct 19, 2005, at 10:29 AM, Perry E. Metzger wrote: Via cryptome: The Cisco VPN Client uses weak encryption to store user and group passwords in your local profile file. I coded a little tool to reveal the saved passwords from a given

Surprise! Another serious hole in Diebold voting machines...

2006-05-15 Thread Bill Squier
...okay, not so much surprise. [...] Scientists said Diebold appeared to have opened the hole by making it as easy as possible to upgrade the software inside its machines. The result, said Iowa's Jones, is a violation of federal voting system rules. All of us who have heard the

Re: Cryptome cut off by NTT/Verio

2007-04-29 Thread Bill Squier
On Apr 29, 2007, at 11:47 AM, Perry E. Metzger wrote: Slightly off topic, but not deeply. Many of you are familiar with John Young's Cryptome web site. Apparently NTT/Verio has suddenly (after many years) decided that Cryptome violates the ISP's AUP, though they haven't made it particularly

Re: Fixing SSL (was Re: Dutch Transport Card Broken)

2008-02-14 Thread Bill Squier
On Feb 11, 2008, at 8:28 AM, Philipp G├╝hring wrote: I had the feeling that Microsoft wants to abandon the usage of client certificates completely, and move the people to CardSpace instead. But how do you sign your emails with CardSpace? CardSpace only does the realtime authentication part of

Re: delegating SSL certificates

2008-03-17 Thread Bill Squier
On Mar 17, 2008, at 10:06 AM, Leichter, Jerry wrote: | So at the company I work for, most of the internal systems have | expired SSL certs, or self-signed certs. Obviously this is bad. | | You only think this is bad because you believe CAs add some value. | | Presumably the value they add

Re: Permanent Privacy - Snake Oil or unbreakable encryption?

2008-07-07 Thread Bill Squier
On Jul 7, 2008, at 10:54 AM, Ali, Saqib wrote: Quoting the Foxbusiness article: PermanentPrivacy announces the world's first practical data encryption system that is absolutely unbreakable. And is offering a $1,000,000 challenge to anyone who can crack it. Permanent Privacy (patent pending)

Re: consulting question.... (DRM)

2009-05-27 Thread Bill Squier
This is getting a bit far afield from cryptography, but proper threat analysis is still relevant. On May 27, 2009, at 4:07 AM, Ray Dillinger wrote: On Tue, 2009-05-26 at 18:49 -0700, John Gilmore wrote: It's a little hard to help without knowing more about the situation. I.e. is this a

Re: Secret Lock Detecting Lock

2009-11-10 Thread Bill Squier
On Nov 9, 2009, at 9:25 AM, wrote: From Unlock your door with a secret knock. Prior to watching the video I said to myself, Great, now I can break into most of the homes on my block with 'Shave and a

Re: What if you had a very good patent lawyer...

2010-07-24 Thread Bill Squier
On Jul 22, 2010, at 8:59 PM, John Gilmore wrote: It's pretty outrageous that anyone would try to patent rolling barcoded dice to generate random numbers. I've been generating random strings from dice for years. I find that gamers' 20-sided dice are great; each roll gives you a hex digit,

GSM eavesdropping

2010-08-02 Thread Bill Squier
...In his presentation at the Black Hat Conference, German GSM expert Karsten Nohl presented a tool he calls Kraken, which he claims can crack the A5/1 encryption used for cell phone calls within seconds.

Re: [Cryptography] Aside on random numbers (was Re: Opening Discussion: Speculation on BULLRUN)

2013-09-06 Thread Bill Squier
On Sep 6, 2013, at 10:03 AM, Perry E. Metzger wrote: Naively, one could take a picture of the dice and OCR it. However, one doesn't actually need to OCR the dice -- simply hashing the pixels from the image will have at least as much entropy if the position of the dice is