XML-proof UIDs

2003-11-16 Thread Eugen Leitl
. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE pgp0.pgp Description: PGP signature

Re: The future of security

2004-05-28 Thread Eugen Leitl
, and will require agoric load levelling elements (to prevent bad nodes from DoSing the global store) which also requires prestige tracking. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http

Re: Satellite eavesdropping of 802.11b traffic

2004-05-28 Thread Eugen Leitl
want to fly a LEO constellation of them, you need a very sparse structure (or a huge density of pongsats, which doesn't agree with observations). -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http

Re: The future of security

2004-05-31 Thread Eugen Leitl
model; it looks like people can't be bothered to keep track of the trust relationships or reputations within the web. The real issue is whether people can volunteer information stored in their addressbook. Not everybody is an Orkut/Friendster/FOAF exhibitionist. -- Eugen* Leitl a href=http

Re: The future of security

2004-06-01 Thread Eugen Leitl
is supposed to do the checking. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org

Re: Article on passwords in Wired News

2004-06-03 Thread Eugen Leitl
, but it has its own problems (Bluetooth/IrDa, security, fax effect, etc). -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29

Interview with Glenn Henry, founder of VIA processor subsidiary Centaur (fwd from [EMAIL PROTECTED])

2004-06-16 Thread Eugen Leitl
From: Eugen Leitl [EMAIL PROTECTED] Subject: Interview with Glenn Henry, founder of VIA processor subsidiary CeTo: [EMAIL PROTECTED] Date: Tue, 15 Jun 2004 18:51:21 +0200 http://linuxdevices.com/articles/AT2656883479.html [ker-snip] The third one, is one you haven't asked me about

Re: EZ Pass and the fast lane ....

2004-07-12 Thread Eugen Leitl
non-truck license plates are discarded, but it's clear enough theres demand for realtime tracing of select and movement profiles for the masses, for data mining. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144

[Muscle] [PATCH] MuscleCard engine for OpenSSL (fwd from mgold@cbnco.com)

2004-08-28 Thread Eugen Leitl
key 1 using muscleTool: exportkey 1 /var/ssl/cflex_pub.key) - Michael ___ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle -- -- Eugen* Leitl a href=http://leitl.org;leitl

[wearables] CFP: Workshop on Pervasive Computing and Communication Security (fwd from [EMAIL PROTECTED])

2004-09-06 Thread Eugen Leitl
, Eurecom, France * Kai Rannenberg, University of Frankfurt, Germany * Stephen Weis, MIT -- -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA

Re: [anonsec] Re: potential new IETF WG on anonymous IPSec (fwd from hal@finney.org) (fwd from touch@ISI.EDU)

2004-09-11 Thread Eugen Leitl
] Clarifications below... Eugen Leitl wrote: - Forwarded message from \Hal Finney\ [EMAIL PROTECTED] - From: [EMAIL PROTECTED] (Hal Finney) Date: Thu, 9 Sep 2004 12:57:29 -0700 (PDT) To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: potential new IETF WG on anonymous

pci hardware for secure crypto storage (OpenSSL/OpenBSD)

2004-09-14 Thread Eugen Leitl
is OpenBSD/Linux/OpenSSL/gpg. Any suggestions? -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http

Re: VIA PadLock reloaded (fwd from [EMAIL PROTECTED])

2004-10-25 Thread Eugen Leitl
in ESP). Michal Ludvig ___ Subscription: http://lists.logix.cz/mailman/listinfo/cryptoapi List archive: http://lists.logix.cz/pipermail/cryptoapi -- -- Eugen* Leitl a href=http://leitl.org;leitl

OpenSSL 0.9.7e released (fwd from [EMAIL PROTECTED])

2004-10-25 Thread Eugen Leitl
List Manager [EMAIL PROTECTED] -- -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

OCF port to linux (fwd from [EMAIL PROTECTED])

2004-11-18 Thread Eugen Leitl
http://www.uCdot.org ___ Subscription: http://lists.logix.cz/mailman/listinfo/cryptoapi List archive: http://lists.logix.cz/pipermail/cryptoapi -- -- Eugen* Leitl a href=http://leitl.org;leitl

[PadLock] PadLock patches for linux kernel 2.6.10 (fwd from [EMAIL PROTECTED])

2005-01-07 Thread Eugen Leitl
mailing list [EMAIL PROTECTED] http://lists.logix.cz/mailman/listinfo/padlock -- -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0

[i2p] Tunnel cryptography for I2P 0.5 (corrected typo) (fwd from [EMAIL PROTECTED])

2005-01-26 Thread Eugen Leitl
to detect whether we have previously seen a preIV. This document has been placed in the public domain by Connelly Barnes, 2005-01-17. ___ i2p mailing list [EMAIL PROTECTED] http://i2p.dnsalias.net/mailman/listinfo/i2p -- -- Eugen* Leitl

Re: Dell to Add Security Chip to PCs

2005-02-04 Thread Eugen Leitl
has the effect of erasing it and regenerating new internal keys. Really? How interesting. Please tell us more. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D

ocf-linux-20050315 - Asynchronous Crypto support for linux (fwd from [EMAIL PROTECTED])

2005-03-15 Thread Eugen Leitl
://www.SnapGear.com Custom Embedded Solutions + Security Fx:+61 7 38913630 http://www.uCdot.org ___ Subscription: http://lists.logix.cz/mailman/listinfo/cryptoapi List archive: http://lists.logix.cz/pipermail/cryptoapi -- -- Eugen* Leitl a href=http

DTV Content Protection (fwd from cripto@ecn.org)

2005-05-20 Thread Eugen Leitl
principle of security through obscurity (keeping the details secret) may in practice give it a greater degree of protection. -- -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org

[EMAIL PROTECTED]: [IP] Intel quietly embeds DRM in it's 945 chips firmware]

2005-05-31 Thread Eugen Leitl
as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl

Re: Retailers Experiment With Biometric Payment article

2005-06-09 Thread Eugen Leitl
are to be right. The fingerprint hash (fingerprint's fingerprint) has to be resistant to rotation/translation, area size and subpattern presence, and tolerate some skin lesion noise, so it's the very opposite of a cryptographic hash. Probably quite easy to reverse. -- Eugen* Leitl a href=http://leitl.org

Re: Is there any future for smartcards?

2005-09-10 Thread Eugen Leitl
to an insecure, networked machine. Is there a real problem that they uniquely solve, sufficient to drive the building of the needed infrastructure? I don't see it, and I'd love to be made smarter. -- Eugen* Leitl a href=http://leitl.org;leitl

Re: Is there any future for smartcards?

2005-09-11 Thread Eugen Leitl
is PIN/TAN (TANs distributed on dead tree). -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description

Re: Is there any future for smartcards?

2005-09-12 Thread Eugen Leitl
smartcards and smartcard readers, or suffer extreme losses through fraud they won't introduce these secure readers and smartcards. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org

Re: Is there any future for smartcards?

2005-09-13 Thread Eugen Leitl
. Teenagers are pretty sophisticated. Are we talking even about the same species? About the same teenagers which already own malware-infested PCs, and swap whatever ringtones, logos and games en vogue with their FOAFs? -- Eugen* Leitl a href=http://leitl.org;leitl

Re: European country forbids its citizens from smiling for passport photos

2005-09-17 Thread Eugen Leitl
(still) isn't ready for prime time. Not ready for 1984? One sure would hope so. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443

[EMAIL PROTECTED]: [IP] more on ARMSTRONG LECTURE on Quantum Crypto and Optical Networks (Forwarded)]]

2005-09-20 Thread Eugen Leitl
- You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl

[EMAIL PROTECTED]: Wikipedia proposal]

2005-10-07 Thread Eugen Leitl
forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature

Re: Cisco VPN password recovery program

2005-10-19 Thread Eugen Leitl
On Wed, Oct 19, 2005 at 09:45:38AM -0500, Alaric Dailey wrote: Cisco seems to be doing these kinds of boneheaded things for quite sometime. Does Juniper have a better security story? -- Eugen* Leitl a href=http://leitl.org;leitl

[EMAIL PROTECTED]: Re: [p2p-hackers] P2P Authentication]

2005-10-31 Thread Eugen Leitl
___ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820

Re: automatic toll collection, was Japan Puts Its Money on E-Cash

2005-12-16 Thread Eugen Leitl
of every vehicle (currently, only trucks are charged) by OCR. The police is purportely very interested to obtain realtime access to the logs. Don't we all feel much safer, already? -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org

[EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: [IP] more on AP Story Justice Dept. Probing Domestic Spyin]

2006-01-03 Thread Eugen Leitl
a desired requirement to ensure trust is properly placed. - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3

[EMAIL PROTECTED]: Tor-stored Pads]

2006-01-03 Thread Eugen Leitl
, but the difference with traditional Pads is that this one is tored in an anonymous location.(See Coderman's post.) - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820

[EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: [IP] more on AP Story Justice Dept. Probing Domestic Spyin]

2006-01-03 Thread Eugen Leitl
for access to the pads but even this would require manual destruction. do they make physically hardened authentication tokens with timed self destruction built in? - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org

[EMAIL PROTECTED]: Tor security advisory: hidden services can be located quickly]

2006-01-13 Thread Eugen Leitl
] http://www.shmoocon.org/speakers.html#overlier [6] http://www.blackhat.com/html/bh-federal-06/bh-fed-06-speakers.html#Syverson - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM

[EMAIL PROTECTED]: Re: FIPS 140-2 Validation Revoked]

2006-07-20 Thread Eugen Leitl
[EMAIL PROTECTED] - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29

[EMAIL PROTECTED]: Re: FIPS 140-2 Validation Revoked]

2006-07-20 Thread Eugen Leitl
://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org

C7, Jetway, performance

2007-04-30 Thread Eugen Leitl
..1000 MBit/s speed, with IPsec or OpenVPN (FreeBSD 6.2 or pfsense data would be great). -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D

ad hoc IPsec or similiar

2007-06-21 Thread Eugen Leitl
endpoints? -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

Re: ad hoc IPsec or similiar

2007-06-22 Thread Eugen Leitl
of that into national laws is supposed to be completed by October 2007; most countries have until March 2009 for Internet logs Apparently, Germany will implement Internet connection retention by end of the year/beginning of 2008 latest. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org

Re: Quantum Cryptography

2007-06-22 Thread Eugen Leitl
Computing is science fiction. Some science fiction eventually becomes reality. A nice blog to follow here is Shtetl-Optimized: http://www.scottaaronson.com/blog/ -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org

Re: [Beowulf] Re: hobbyists

2008-06-21 Thread Eugen Leitl
=en -- Kilian ___ Beowulf mailing list, [EMAIL PROTECTED] To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf -- -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org

Re: road toll transponder hacked

2008-08-28 Thread Eugen Leitl
before the human assist is all but unneeded. http://en.wikipedia.org/wiki/Toll_Collect is in operation in entire Germany. It does OCR on all license plates (also used for police purposes in realtime, despite initial vigorous denial) but currently is only used for truck toll. -- Eugen* Leitl

Re: road toll transponder hacked

2008-08-28 Thread Eugen Leitl
://www.heise.de/newsticker/Debatte-um-Zugriff-auf-LKW-Mautdaten-fuer-Fahndungen-geht-weiter--/meldung/76321 -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http

26 historic Enigmas found in Spain

2008-10-24 Thread Eugen Leitl
http://www.theregister.co.uk/2008/10/24/spanish_enigmas/ Spanish discover cache of 26 Enigma machines Franco's 'secret weapon' tracked to army HQ By Lester Haines Posted in Science, 24th October 2008 10:03 GMT Spanish newspaper El Pa�s last week tracked down 26 examples of Franco's secret

the skein hash function

2008-10-29 Thread Eugen Leitl
http://www.schneier.com/blog/archives/2008/10/the_skein_hash.html?1 October 29, 2008 The Skein Hash Function NIST is holding a competition to replace the SHA family of hash functions, which have been increasingly under attack. (I wrote about an early NIST hash workshop here.) Skein is our

Quantum direct communication: secrecy without key distribution

2008-12-05 Thread Eugen Leitl
/arXivblog -- -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

Re: [Opensim-dev] Technical assessment of Cable Beach asset server

2009-01-17 Thread Eugen Leitl
From: Toni Alatalo ant...@kyperjokki.fi Subject: Re: [Opensim-dev] Technical assessment of Cable Beach asset server To: opensim-...@lists.berlios.de Date: Thu, 15 Jan 2009 18:47:00 +0200 Reply-To: opensim-...@lists.berlios.de Eugen Leitl kirjoitti: On Thu, Jan 15, 2009 at 02:10:13PM +0900, Mike

[tahoe-dev] SHA-1 broken! (was: Request for hash-dependency in Tahoe security.)

2009-04-30 Thread Eugen Leitl
___ tahoe-dev mailing list tahoe-...@allmydata.org http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev -- -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http

Mission Impossible: The Code Even the CIA Can't Crack

2009-04-30 Thread Eugen Leitl
http://www.wired.com/print/science/discoveries/magazine/17-05/ff_kryptos Mission Impossible: The Code Even the CIA Can't Crack By Steven Levy Email 04.20.09 The sculpture named Kryptos at CIA headquarters contains a secret message ? but not even the agency's brightest can crack its code.

Tellitec Tellinet Sat Spy manual leaked

2009-06-05 Thread Eugen Leitl
http://wikileaks.org/wiki/Tellitec_Tellinet_Sat_Spy_manual%2C_6_Mar_2006 Tellitec Tellinet Sat Spy manual, 6 Mar 2006 May 24, 2009 Summary Tellinet is an accelerator for satellite communications made by Tellitec GmbH of Berlin. It supports encrypted TCP (ETCP), but as this confidential

Re: [btns] IETF75

2009-06-25 Thread Eugen Leitl
I can has contributions, please? From: Michael Richardson m...@sandelman.ottawa.on.ca Subject: Re: [btns] IETF75 To: Eugen Leitl eu...@leitl.org cc: b...@ietf.org Date: Wed, 24 Jun 2009 15:03:33 -0400 Eugen == Eugen Leitl eu...@leitl.org writes: Eugen On Wed, Jun 24, 2009 at 03:15:59PM

Serpent close to AES speed thanks to SSE2

2009-09-10 Thread Eugen Leitl
http://www.randombit.net/bitbashing/programming/serpent_in_simd.html Wed, 09 Sep 2009 Speeding up Serpent: SIMD Edition The Serpent block cipher was one of the 5 finalists in the AES competition, and is widely thought to be the most secure of them due to its conservative design. It was also

Old Trick Threatens the Newest Weapons

2009-10-27 Thread Eugen Leitl
http://www.nytimes.com/2009/10/27/science/27trojan.html?8dpc=pagewanted=all Old Trick Threatens the Newest Weapons By JOHN MARKOFF Published: October 26, 2009 Despite a six-year effort to build trusted computer chips for military systems, the Pentagon now manufactures in secure facilities run

AES-CBC + Elephant diffuser

2009-10-29 Thread Eugen Leitl
We discuss why no existing cipher satisfies the requirements of this application. Uh-oh. http://www.microsoft.com/downloads/details.aspx?FamilyID=131dae03-39ae-48be-a8d6-8b0034c92555DisplayLang=en AES-CBC + Elephant diffuser Brief Description A Disk Encryption Algorithm for Windows Vista The

Re: AES-CBC + Elephant diffuser

2009-11-01 Thread Eugen Leitl
On Thu, Oct 29, 2009 at 07:15:53AM -0700, Paul Hoffman wrote: At 2:24 PM +0100 10/29/09, Eugen Leitl wrote: We discuss why no existing cipher satisfies the requirements of this application. Uh-oh. Yeah, we all know what a light-weight and careless person Neils Ferguson is. Who would listen

Fault-Based Attack of RSA Authentication

2010-03-16 Thread Eugen Leitl
-- -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

Re: [vserver] Bought an entropykey - very happy

2010-03-25 Thread Eugen Leitl
input stream and add encrypted/digested product to the host entropy pool with the specified entropy density estimate adjusted downward to your requirements. (most OS'es support this) -- -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org

Re: Quantum Key Distribution: the bad idea that won't die...

2010-04-22 Thread Eugen Leitl
exchange is over traditional cryptography. I agree with Perry that it solves a non-problem. There is a human-readable summary at: http://focus.aps.org/story/v25/st7 -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org

Intel to also add RNG

2010-07-09 Thread Eugen Leitl
http://www.technologyreview.com/printer_friendly_article.aspx?id=25670channel=Briefingssection=Microprocessors Tuesday, June 29, 2010 Nanoscale Random Number Circuit to Secure Future Chips Intel unveils a circuit that can pump out truly random numbers at high speed. By Tom Simonite It

Re: GSM eavesdropping

2010-08-03 Thread Eugen Leitl
. starting with the DNS itself, and also most public contents (because Encryption is cheap enough (especially if you cache keys from previous sessions). Why not encrypt everything? their purveyors won't want to pay for the crypto; sad but true). -- Eugen* Leitl a href=http://leitl.org;leitl/a http

Former Stasi Cryptographers Now Develop Technology for NATO

2010-09-27 Thread Eugen Leitl
http://www.spiegel.de/international/germany/0,1518,druck-719726,00.html 09/27/2010 11:23 AM Recruited by West Germany Former Stasi Cryptographers Now Develop Technology for NATO By Marcel Rosenbach and Holger Stark After the fall of the Berlin Wall, the West Germans were desperate to

[tt] Random numbers created out of nothing

2010-09-30 Thread Eugen Leitl
, statistically random set from elsewhere. Journal source: Nature Photonics, DOI: 10.1038/nphoton.2010.197 ___ tt mailing list t...@postbiota.org http://postbiota.org/mailman/listinfo/tt - End forwarded message - -- Eugen* Leitl a href=http

FY;) Stick Figure Guide to AES

2010-10-06 Thread Eugen Leitl
Not new, but some probably have missed it. http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http

[Cryptography] [cryptography] OT: RSA's Pwnie Award

2011-08-09 Thread Eugen Leitl
/mailman/listinfo/cryptography - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779

[Cryptography] crypto breakage in SALT

2013-07-04 Thread Eugen Leitl
Comments? https://github.com/saltstack/salt/commit/5dd304276ba5745ec21fc1e6686a0b28da29e6fc ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

Re: [Cryptography] Email and IM are ideal candidates for mix networks

2013-08-26 Thread Eugen Leitl
On Mon, Aug 26, 2013 at 02:44:32PM -0400, Perry E. Metzger wrote: My main issue with this proposal is that somebody identifiable is going to manufacture these boxes. Maybe several somebodies, but IMO, that's an identifiable central point of control/failure. Recently there's a trend for at

Re: [Cryptography] Keeping backups (was Re: Separating concerns

2013-08-30 Thread Eugen Leitl
On Thu, Aug 29, 2013 at 01:30:35PM -0400, Perry E. Metzger wrote: On Wed, 28 Aug 2013 20:04:34 +0200 Faré fah...@gmail.com wrote: One thing that irks me, though, is the problem of the robust, secure terminal: if everything is encrypted, how does one survive the loss/theft/destruction of a

Re: [Cryptography] Opening Discussion: Speculation on BULLRUN

2013-09-06 Thread Eugen Leitl
On Thu, Sep 05, 2013 at 04:11:57PM -0400, Phillip Hallam-Baker wrote: If a person at Snowden's level in the NSA had any access to information Snowden didn't have clearance for that information. He's being described as 'brilliant' and purportedly was able to access documents far beyond his

Re: [Cryptography] Bruce Schneier has gotten seriously spooked

2013-09-06 Thread Eugen Leitl
On Fri, Sep 06, 2013 at 04:25:12PM -0400, Jerry Leichter wrote: A response he wrote as part of a discussion at http://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html: Q: Could the NSA be intercepting downloads of open-source encryption software and silently replacing these with

Re: [Cryptography] Opening Discussion: Speculation on BULLRUN

2013-09-07 Thread Eugen Leitl
On Fri, Sep 06, 2013 at 09:19:07PM -0400, Derrell Piper wrote: ...and to add to all that, how about the fact that IPsec was dropped as a 'must implement' from IPv6 sometime after 2002? Apropos IPsec, I've tried searching for any BTNS (opportunistic encryption mode for IPsec) implementations,

Re: [Cryptography] [liberationtech] Random number generation being influenced - rumors

2013-09-07 Thread Eugen Leitl
://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org

Re: [Cryptography] [tor-talk] NIST approved crypto in Tor?

2013-09-07 Thread Eugen Leitl
go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org

Re: [Cryptography] [cryptography] Random number generation influenced, HW RNG

2013-09-07 Thread Eugen Leitl
- Forwarded message from Thor Lancelot Simon t...@panix.com - Date: Sat, 7 Sep 2013 15:36:33 -0400 From: Thor Lancelot Simon t...@panix.com To: Eugen Leitl eu...@leitl.org Cc: cryptogra...@randombit.net Subject: Re: [cryptography] Random number generation influenced, HW RNG User-Agent

Re: [Cryptography] Washington Post: Google racing to encrypt links between data centers

2013-09-07 Thread Eugen Leitl
On Sat, Sep 07, 2013 at 01:53:13PM -0700, Tony Arcieri wrote: On Fri, Sep 6, 2013 at 4:53 PM, Marcus D. Leech mle...@ripnet.com wrote: One wonders why they weren't already using link encryption systems? Probably line rate and the cost of encrypting every single fiber link. There are few

Re: [Cryptography] Washington Post: Google racing to encrypt links between data centers

2013-09-07 Thread Eugen Leitl
On Sat, Sep 07, 2013 at 04:41:04PM -0400, Richard Outerbridge wrote: Surely not Canada? After all, we're one of the five eyes! ;) Six. Sweden (FRA) is part of it. http://www.heise.de/tp/blogs/8/154917 ___ The cryptography mailing list

Re: [Cryptography] [cryptography] Random number generation influenced, HW RNG

2013-09-08 Thread Eugen Leitl
- -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5

Re: [Cryptography] [tor-talk] NIST approved crypto in Tor?

2013-09-08 Thread Eugen Leitl
the Koblitz curves). -- tor-talk mailing list - tor-t...@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org

Re: [Cryptography] MITM source patching [was Schneier got spooked]

2013-09-08 Thread Eugen Leitl
On Sat, Sep 07, 2013 at 07:42:33PM -1000, Tim Newsham wrote: Jumping in to this a little late, but: Q: Could the NSA be intercepting downloads of open-source encryption software and silently replacing these with their own versions? A: (Schneier) Yes, I believe so. perhaps, but they

[Cryptography] Opening Discussion: Speculation on BULLRUN

2013-09-08 Thread Eugen Leitl
...@yahoo.com To: Eugen Leitl eu...@leitl.org Subject: [Cryptography] Opening Discussion: Speculation on BULLRUN X-Mailer: YahooMailWebService/0.8.156.576 Reply-To: Andreas Davour ko...@yahoo.com Apropos IPsec, I've tried searching for any BTNS (opportunistic encryption mode for IPsec) implementations

[Cryptography] very little is missing for working BTNS in Openswan

2013-09-09 Thread Eugen Leitl
Just got word from an Openswan developer: To my knowledge, we never finished implementing the BTNS mode. It wouldn't be hard to do --- it's mostly just conditionally commenting out code. There's obviously a large potential deployment base for BTNS for home users, just think of

[Cryptography] IETF: Security and Pervasive Monitoring

2013-09-09 Thread Eugen Leitl
http://www.ietf.org/blog/2013/09/security-and-pervasive-monitoring/ Security and Pervasive Monitoring The Internet community and the IETF care deeply about how much we can trust commonly used Internet services and the protocols that these services use. So the reports about large-scale

[Cryptography] SSH uses secp256/384r1 which has the same parameters as what's in SEC2 which are the same the parameters as specified in SP800-90 for Dual EC DRBG!

2013-09-09 Thread Eugen Leitl
Forwarded without permission, hence anonymized: Hey, I had a look at SEC2 and the TLS/SSH RFCs. SSH uses secp256/384r1 which has the same parameters as what's in SEC2 which are the same the parameters as specified in SP800-90 for Dual EC DRBG! TLS specifies you can use those two curves as

[Cryptography] Scott Aaaronson: NSA: Possibly breaking US laws, but still bound by laws of computational complexity

2013-09-09 Thread Eugen Leitl
http://www.scottaaronson.com/blog/?p=1517 NSA: Possibly breaking US laws, but still bound by laws of computational complexity Last week, I got an email from a journalist with the following inquiry. The recent Snowden revelations, which made public for the first time the US government’s “black

Re: [Cryptography] Thoughts about keys

2013-09-11 Thread Eugen Leitl
On Tue, Sep 10, 2013 at 09:01:49PM +0200, Guido Witmond wrote: My scheme does the opposite. It allows *total strangers* to exchange keys securely over the internet. With a FOAF routing scheme with just 3 degrees of separation there are not that many strangers left. If you add opportunistic

[Cryptography] SPDZ, a practical protocol for Multi-Party Computation

2013-09-11 Thread Eugen Leitl
http://www.mathbulletin.com/research/Breakthrough_in_cryptography_could_result_in_more_secure_computing.asp Breakthrough in cryptography could result in more secure computing (9/10/2013) Tags: computer science, research, security, cryptography Nigel Smart, Professor of Cryptology New

[Cryptography] NIST reopens RNG public comment period

2013-09-11 Thread Eugen Leitl
http://csrc.nist.gov/publications/PubsDrafts.html Sep. 9, 2013 SP 800-90 A Rev 1 B and C DRAFT Draft SP 800-90 Series: Random Bit Generators 800-90 A Rev. 1: Recommendation for Random Number Generation Using Deterministic Random Bit Generators 800-90 B: Recommendation for the Entropy

[Cryptography] Stealthy Dopant-Level Hardware Trojans

2013-09-13 Thread Eugen Leitl
http://people.umass.edu/gbecker/BeckerChes13.pdf Stealthy Dopant-Level Hardware Trojans ? Georg T. Becker1 , Francesco Regazzoni2 , Christof Paar1,3 , and Wayne P. Burleson1 1University of Massachusetts Amherst, USA 2TU Delft, The Netherlands and ALaRI - University of Lugano, Switzerland

Re: [Cryptography] Radioactive random numbers

2013-09-13 Thread Eugen Leitl
On Thu, Sep 12, 2013 at 08:47:16AM +1000, Dave Horsfall wrote: Another whacky idea... Given that there is One True Source of randomness to wit radioactive What makes you think that e.g. breakdown oin a reverse biased Zener diode is any less true random? Or thermal noise in a crappy CMOS

Re: [Cryptography] Perfection versus Forward Secrecy

2013-09-13 Thread Eugen Leitl
On Thu, Sep 12, 2013 at 09:33:34AM -0700, Tony Arcieri wrote: What's really bothered me about the phrase perfect forward secrecy is it's being applied to public key algorithms we know will be broken as soon as a large quantum computer has been built (in e.g. a decade or two). I do not think

Re: [Cryptography] Introducing strangers. Was: Thoughts about keys

2013-09-13 Thread Eugen Leitl
On Wed, Sep 11, 2013 at 07:32:04PM +0200, Guido Witmond wrote: With a FOAF routing scheme with just 3 degrees of separation there are not that many strangers left. How do you meet people outside your circle of friends? You don't. The message is routed through the social network, until it

Re: [Cryptography] Gilmore response to NSA mathematician's make rules for NSA appeal

2013-09-25 Thread Eugen Leitl
On Tue, Sep 24, 2013 at 12:30:40PM -0400, Kelly John Rose wrote: If Google, or other similar businesses want to convince people to store data in the cloud, they need to set up methods where the data is encrypted or secured before it is even provided to them using keys which That would

Re: [Cryptography] [cryptography] Asynchronous forward secrecy encryption

2013-09-28 Thread Eugen Leitl
___ cryptography mailing list cryptogra...@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http

Re: [Cryptography] prism-proof email in the degenerate case

2013-10-11 Thread Eugen Leitl
On Thu, Oct 10, 2013 at 03:54:26PM -0400, John Kelsey wrote: Having a public bulletin board of posted emails, plus a protocol for anonymously finding the ones your key can decrypt, seems like a pretty decent architecture for prism-proof email. The tricky bit of crypto is in making access to

Re: [Cryptography] PGP Key Signing parties

2013-10-11 Thread Eugen Leitl
On Thu, Oct 10, 2013 at 04:24:19PM -0700, Glenn Willen wrote: I am going to be interested to hear what the rest of the list says about this, because this definitely contradicts what has been presented to me as 'standard practice' for PGP use -- verifying identity using government issued ID,

[Cryptography] funding Tor development

2013-10-14 Thread Eugen Leitl
Guys, in order to minimize Tor Project's dependance on federal funding and/or increase what they can do it would be great to have some additional funding ~10 kUSD/month. If anyone is aware of anyone who can provide funding at that level or higher, please contact exec...@torproject.org