Re: once more, with feeling.

2008-09-08 Thread Darren J Moffat
] the only thing that will work is stopping the page being seen - replacing it with a clearly worded explanation with *no* way to pass through and render the page (okay maybe with a debug build of the browser but not in the shipped product). -- Darren J Moffat

Re: once more, with feeling.

2008-09-18 Thread Darren J Moffat
thing it still doesn't mean anything real about trust all it really means is how much money was invested in getting the cert and setting up the correct information about the company identity behind it. -- Darren J Moffat

Re: MD5 considered harmful today, SHA-1 considered harmful tomorrow

2009-01-20 Thread Darren J Moffat
the apps important to you for some other reason. It also very much depends on why the app uses the crypto algorithm in question, and in the case of digest/hash algorithms wither they are key'd (HMAC) or not. -- Darren J Moffat

Re: full-disk subversion standards released

2009-05-01 Thread Darren J Moffat
support available. -- Darren J Moffat - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: full-disk subversion standards released

2009-05-01 Thread Darren J Moffat
wanted to put on in machines that didn't have PCIe capability. -- Darren J Moffat - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: full-disk subversion standards released

2009-05-01 Thread Darren J Moffat
up with replacements) but I didn't think there'd be much problem with finding the necessary hardware, unless you've got some particular requirement that rules a lot of it out. The Sun CA-6000 card I just pointed to in my other email is such a card it uses Broadcom 582x. -- Darren J Moffat

Re: Warning! New cryptographic modes!

2009-05-21 Thread Darren J Moffat
and re-encrypt the data. Note this doesn't help rsync though since the stream format is specific to ZFS. [1] http://opensolaris.org/os/project/zfs-crypto/ -- Darren J Moffat - The Cryptography Mailing List Unsubscribe by sending

Re: consulting question.... (DRM)

2009-05-27 Thread Darren J Moffat
reference here is aimed at iTunes. You do know that iTunes Music Store no longer uses any DRM right ? -- Darren J Moffat - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: Weakness in Social Security Numbers Is Found

2009-07-12 Thread Darren J Moffat
they are sometimes used for identification I know I have never been asked for mine other than by an employer or suitably authorised government body how has a real need to know. -- Darren J Moffat - The Cryptography Mailing List Unsubscribe

Re: Unattended reboots (was Re: The clouds are not random enough)

2009-08-03 Thread Darren J Moffat
to be accepted practice even in organisations that by policy don't want passphrase/PIN on disk. -- Darren J Moffat - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: SHA-1 and Git (was Re: [tahoe-dev] Tahoe-LAFS key management, part 2: Tahoe-LAFS is like encrypted git)

2009-08-25 Thread Darren J Moffat
. -- Darren J Moffat - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: AES-GMAC as a hash

2009-09-04 Thread Darren J Moffat
Hal Finney wrote: Darren J Moffat darren.mof...@sun.com asks: Ignoring performance for now what is the consensus on the suitabilty of using AES-GMAC not as MAC but as a hash ? Would it be safe ? The key input to AES-GMAC would be something well known to the data and/or software. No, I

Re: FileVault on other than home directories on MacOS?

2009-09-23 Thread Darren J Moffat
was) the case http://en.wikipedia.org/wiki/FileVault There is also a sleep mode issue identified by the NSA: http://crypto.nsa.org/vilefault/23C3-VileFault.pdf TrueCrypt on the other hand uses AES in XTS mode so you get confidentiality and integrity. -- Darren J Moffat

Re: FileVault on other than home directories on MacOS?

2009-09-28 Thread Darren J Moffat
for certain classes of ciphertext modification than just using CBC. -- Darren J Moffat - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: AES-CBC + Elephant diffuser

2009-11-01 Thread Darren J Moffat
have a place to store an IV. So every encrypted ZFS block is self contained, has an IV and a 16 byte MAC. This means that the crypto is all standards based algorithms and modes for ZFS. http://hub.opensolaris.org/bin/view/Project+zfs-crypto/ -- Darren J Moffat

Truncating SHA2 hashes vs shortening a MAC for ZFS Crypto

2009-11-01 Thread Darren J Moffat
, but is it ? Option 6 IV 96 bits MAC 96 bits ChecksumSHA224 or SHA256 truncated to 192 bits -- Darren J Moffat - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography

Re: Crypto dongles to secure online transactions

2009-11-25 Thread Darren J Moffat
/s_lenslok.php -- Darren J Moffat - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com