2003-10-17 Thread Damien Miller
On Mon, 2003-10-13 at 20:27, Ian Grigg wrote: The situation is so ludicrously unbalanced, that if one really wanted to be serious about this issue, instead of dismissing certs out of hand (which would be the engineering approach c.f., SSH), one would run ADH across the net and wait to see


2003-10-19 Thread Damien Miller
On Sun, 2003-10-19 at 00:47, Peter Gutmann wrote: What was the motive for adding lip service into the document? So that it's possible to claim PGP and X.509 support if anyone's interested in it. It's (I guess) something driven mostly by marketing so you can answer Yes to any question of Do

Re: Is finding security holes a good idea?

2004-06-16 Thread Damien Miller
Eric Rescorla wrote: I don't find that argument at all convincing. After all, these bugs *are* being found! Well, SOME bugs are being found. I don't know what you mean by these bugs. We don't have any real good information about the bugs that haven't been found. What makes you think that

Re: Time for new hash standard

2004-09-21 Thread Damien Miller
R. A. Hettinga wrote: Luckily, there are alternatives. The National Institute of Standards and Technology already has standards for longer - and harder to break - hash functions: SHA-224, SHA-256, SHA-384, and SHA-512. They're already government standards, and can already be used. This is a

Re: Another entry in the internet security hall of shame....

2005-09-02 Thread Damien Miller
On Tue, 30 Aug 2005, Peter Gutmann wrote: - A non-spoofable means of password entry that only applies for TLS-PSK passwords. In other words, something where a fake site can't trick the user into revealing a TLS-PSK key. This sounds like a solution replete with all the problems that

Re: [EMAIL PROTECTED]: Skype security evaluation]

2005-10-24 Thread Damien Miller
On Sun, 23 Oct 2005, Joseph Ashwood wrote: - Original Message - Subject: [Tom Berson Skype Security Evaluation] Tom Berson's conclusion is incorrect. One needs only to take a look at the publicly available information. I couldn't find an immediate reference directly from the Skype

Re: Crypto and UI issues

2005-12-17 Thread Damien Miller
David Mercer wrote: And my appologies to Ben Laurie and friends, but why after all these years is the UI interaction in ssh almost exactly the same when accepting a key for the first time as overriding using a different one when it changed on the other end, whether from mitm or just a

Re: browser vendors and CAs agreeing on high-assurance certificates

2005-12-18 Thread Damien Miller
James A. Donald wrote: -- Has anyone been attacked through a certificate that would not have been issued under stricter security? The article does not mention any such attacks, nor have I ever heard of such an attack. How much money does a phishing site make before it is forced to

Re: Zfone and ZRTP :: encryption for voip protocols

2006-03-17 Thread Damien Miller
On Wed, 15 Mar 2006, Ed Gerck wrote: cybergio wrote: Zfone :: achieves security without reliance on a PKI, key certification, trust models, certificate authorities, or key management... Good. But, uf course, there's a trust

Re: A weird macro virus story

2006-06-23 Thread Damien Miller
John Kelsey wrote: Guys, Some of my co-workers here at NIST got an email macro virus which appeared to be targeted to cryptographers. It appeared to be addressed to Moti Yung, and come from Lawrie Brown and Henri Gilbert (though that name was misspelled, maybe a transcription error from an

Re: SSL Cert Prices Notes

2006-08-10 Thread Damien Miller
On Mon, 7 Aug 2006, John Gilmore wrote: Here is the latest quick update on SSL Certs. It's interesting that generally prices have risen. Though ev1servers are still the best commercial deal out there. The good news is that CAcert seems to be posistioned for prime time debut, and you

Re: compressing randomly-generated numbers

2006-08-11 Thread Damien Miller
On Wed, 9 Aug 2006, Travis H. wrote: Hey, I was mulling over some old emails about randomly-generated numbers and realized that if I had an imperfectly random source (something less than 100% unpredictable), that compressing the output would compress it to the point where it was nearly so.

Re: Exponent 3 damage spreads...

2006-09-19 Thread Damien Miller
On Fri, 15 Sep 2006, Jostein Tveit wrote: [EMAIL PROTECTED] (Peter Gutmann) writes: What's more scary is that if anyone introduces a parameterised hash (it's quite possible that this has already happened in some fields, and with the current interest in randomised hashes it's only a

Re: Spammer using Graphical Steganography

2006-10-25 Thread Damien Miller
On Mon, 23 Oct 2006, Bill Stewart wrote: Spammers have been including images in their email to evade anti-spammers. Anti-spammers have been using OCR to identify spammy words in images. Spammers have recently come up with tricks to work around OCRs, by doing steganography with animated GIF

Re: Can you keep a secret? This encrypted drive can...

2006-11-01 Thread Damien Miller
On Mon, 30 Oct 2006, Saqib Ali wrote:

Re: Scare tactic?

2007-09-21 Thread Damien Miller
On Wed, 19 Sep 2007, Nash Foster wrote: Any actual cryptographers care to comment on this? I don't feel qualified to judge. I discovered this minor weakness in most of the open source IPSec implementations in May

Re: street prices for digital goods?

2008-09-11 Thread Damien Miller
On Thu, 11 Sep 2008, Peter Gutmann wrote: David Molnar [EMAIL PROTECTED] writes: Dan Geer's comment about the street price of heroin as a metric for success has me thinking - are people tracking the street prices of digital underground goods over time? I've been (very informally) tracking

Re: CPRNGs are still an issue.

2008-12-13 Thread Damien Miller
On Thu, 11 Dec 2008, James A. Donald wrote: If one uses a higher resolution counter - sub microsecond - and times multiple disk accesses, one gets true physical randomness, since disk access times are effected by turbulence, which is physically true random. Until someone runs your software

Re: CPRNGs are still an issue.

2008-12-17 Thread Damien Miller
On Tue, 16 Dec 2008, wrote: On Thu, Dec 11, 2008 at 8:42 PM, Damien Miller wrote: On Thu, 11 Dec 2008, James A. Donald wrote: If one uses a higher resolution counter - sub microsecond - and times multiple disk accesses, one gets true physical

Re: RNG using AES CTR as encryption algorithm

2009-09-14 Thread Damien Miller
On Wed, 9 Sep 2009, Peter Gutmann wrote: I was just going to reply with a variation of this, if you're implementing a full protocol that uses AES-CTR (or any algorithm/mode for that matter), find other implementations that do it too and make sure that you can talk to them. In theory everyone

Re: RNG using AES CTR as encryption algorithm

2009-09-14 Thread Damien Miller
On Mon, 14 Sep 2009, Peter Gutmann wrote: Damien Miller writes: The seems unlikely, since we don't use OpenSSL for AES-CTR in OpenSSH. I don't think OpenSSL even supports a CTR mode through its EVP API. I first saw it reported on the Putty bugs list [0], a good place

Re: Why the onus should be on banks to improve online banking security

2009-11-25 Thread Damien Miller
On Fri, 20 Nov 2009, Peter Gutmann wrote: There's been a near-neverending debate about who should be responsible for improving online banking security measures: the users, the banks, the government, the OS vendor, ... . Here's an interesting perspective from Peter Benson

Re: [Cryptography] Snowden fabricated digital keys to get access to NSA servers?

2013-07-04 Thread Damien Miller
On Sat, 29 Jun 2013, Alec Muffett wrote: My own, personal guess is that it is obfuscation which translates as using passwords or accessing a portal over SSL plus we're too embarrassed to admit that it was that easy. Or simply:${N}