Re: Open Source (was Simple SSL/TLS - Some Questions)

2003-10-07 Thread Florian Weimer
Jill Ramonsky wrote: Example. You're a company. You build hardware devices which need to talk to each other securely. (Say, ATMs for example). Obviously it wouldn't make sense for that company to have to supply its ATM-using-customers with the source code of the ATMs. Who's the customer,

Re: Open Source (was Simple SSL/TLS - Some Questions)

2003-10-11 Thread Florian Weimer
David Honig wrote: For the former, you give a password or two --maybe reuse a POP3 that your users already have-- and all your users get in fairly securely, and you can verify them. Easy for them because they already have a browser. Has anybody tried to revert the political decision not

Re: US antispam bill is death to anonymity

2003-11-23 Thread Florian Weimer
John Gilmore wrote: This bill makes it a crime to use any false or misleading information in a domain name or email account application, and then send an email. That would make a large fraction of hotmail users instant criminals. Why? Can't you register a domain using a proxy? I think this

Re: Bouncing to crypto world domination

2004-04-03 Thread Florian Weimer
R. A. Hettinga wrote: An Australian-made open source project is set to become one of the world's leading cryptography tools. Hasn't this already happened with OpenSSL? -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: postino.it, tiscali.co.uk,

Re: voting

2004-04-09 Thread Florian Weimer
Perry E. Metzger wrote: Complicated systems are the bane of security. Systems like this are simple to understand, simple to audit, simple to guard. I fully agree, but there is a wide variety of voting schemes out there, of varying complexity. In a ballot with only very few options, your

Re: Using crypto against Phishing, Spoofing and Spamming...

2004-07-07 Thread Florian Weimer
* Amir Herzberg: # Protecting (even) Naïve Web Users, or: Preventing Spoofing and Establishing Credentials of Web Sites, at http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/trusted%20credentials%20area.PDF The trusted credentials area is an interesting concept. However, experience suggests

Re: Using crypto against Phishing, Spoofing and Spamming...

2004-07-10 Thread Florian Weimer
* Amir Herzberg: Florian Weimer wrote: * Amir Herzberg: # Protecting (even) Naïve Web Users, or: Preventing Spoofing and Establishing Credentials of Web Sites, at http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/trusted%20credentials%20area.PDF The trusted credentials area is an interesting

Re: Using crypto against Phishing, Spoofing and Spamming...

2004-07-10 Thread Florian Weimer
* Hal Finney: Only now are we belatedly beginning to pay the price for that decision. If anything, it's surprising that it has taken this long. If phishing scams had sprung up five years ago it's possible that SET would have had a fighting chance to survive. Wouldn't typical phishing

Re: First quantum crypto bank transfer

2004-08-22 Thread Florian Weimer
* Jerrold Leichter: | Not quite correct, the first bank transfer occurred earlier this year, | in a PR event arranged by the same group: | | http://www.quantenkryptographie.at/rathaus_press.html | | However, I still don't believe that quantum cryptography can buy you | anything but

Re: First quantum crypto bank transfer

2004-08-23 Thread Florian Weimer
* Bill Stewart: I agree that it doesn't look useful, but lawful intercept is harder, if you're defining that as undetected eavesdropping with possible cooperation of the telco in the middle, because quantum crypto needs end-to-end fiber so there's nothing the telco can help with except

Re: Are new passports [an] identity-theft risk?

2004-10-28 Thread Florian Weimer
* Dave Emery: Correct me if I am wrong, but don't most of the passive, cheap RF or magnetic field powered RFIDs transmit maybe 128 bits of payload, not thousands and thousands of bits which would be enough to include addresses, names, useful biometric data and so forth ? Those that

Re: Blinky Rides Again: RCMP suspect al-Qaida messages

2004-12-11 Thread Florian Weimer
* R. A. Hettinga quotes a news article: There have been numerous media reports in recent years that terrorist groups, including al-Qaida, were using steganographic techniques. As far as I know, these news stories can be tracked back to a particular USA Today story. There's also been a bunch

Re: Blinky Rides Again: RCMP suspect al-Qaida messages

2004-12-13 Thread Florian Weimer
* Adam Shostack: On Sat, Dec 11, 2004 at 10:24:09PM +0100, Florian Weimer wrote: | * R. A. Hettinga quotes a news article: | | There have been numerous media reports in recent years that terrorist | groups, including al-Qaida, were using steganographic techniques. | | As far as I know

Re: SSL/TLS passive sniffing

2004-12-22 Thread Florian Weimer
* Victor Duchovni: The third mode is quite common for STARTTLS with SMTP if I am not mistaken. A one day sample of inbound TLS email has the following cipher frequencies: 8221(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) 6529(using TLSv1 with cipher

Re: SSL/TLS passive sniffing

2004-12-22 Thread Florian Weimer
* Victor Duchovni: The Debian folks have recently stumbled upon a problem in this area: Generating the ephemeral DH parameters is expensive, in terms of CPU cycles, but especailly in PRNG entropy. The PRNG part means that it's not possible to use /dev/random on Linux, at least on servers.

Re: AOL Help : About AOL® PassCode

2005-01-05 Thread Florian Weimer
* Ian G.: R.A. Hettinga wrote: http://help.channels.aol.com/article.adp?catId=6sCId=415sSCId=4090articleId=217623 Have questions? Search AOL Help articles and tutorials: . If you no longer want to use AOL PassCode, you must release your screen name from your AOL PassCode so that you will no

Re: OpenVPN and SSL VPNs

2005-01-08 Thread Florian Weimer
* Stefan Mink: a) It would be good to hear from this community if there are any negative aspects of OpenVPN (vs. IPsec VPNs). It's not standardized, and it only interoperates with itself (but this is true for many IPsec implementations as well). This is more than compensated by its

Re: Simson Garfinkel analyses Skype - Open Society Institute

2005-01-28 Thread Florian Weimer
* David Wagner: I don't buy it. How do you know that Skype is more secure, let alone vastly more private? Maybe Skype is just as insecure as those other systems. For all we know, maybe Skype is doing the moral equivalent of encrypting with the all-zeros key, or using a repeating xor with a

Re: SHA-1 results available

2005-03-03 Thread Florian Weimer
* Jack Lloyd: http://theory.csail.mit.edu/~yiqun/shanote.pdf Thanks for the pointer. No real details, just collisions for 80 round SHA-0 (which I just confirmed) and 58 round SHA-1 (which I haven't bothered with), plus the now famous work factor estimate of 2^69 for full SHA-1. As usual,

Re: comments wanted on gbde

2005-03-13 Thread Florian Weimer
* Joseph Ashwood: Page 5 finally begins the actual information. Page 5 plaintext sector data should be encrypted with one-time-use (pseudo-)random keys serves no purpose if a strong mode is used. The only purpose this serves is to slow the system down as additional searches have to be

Re: and constrained subordinate CA costs?

2005-03-25 Thread Florian Weimer
* Adam Back: Does anyone have info on the cost of sub-ordinate CA cert with a name space constraint (limited to issue certs on domains which are sub-domains of a your choice... ie only valid to issue certs on sub-domains of foo.com). Is there a technical option to enforce such a policy on

Re: encrypted tapes

2005-06-09 Thread Florian Weimer
- you must prove it before you can report it I don't think this is a good policy in general. Often, it's more cost-effective to fix a potential vulnerability than to investigate it in detail, construct a proof that it's real, and fix it. This is especially true in environments where changes

Re: de-identification

2005-06-13 Thread Florian Weimer
I'd like to come up to speed on the state of the art in de-identification (~=anonymization) of data especially monitoring data (firewall/hids logs, say). We call it pseudonymization (Pseudonymisierung). It's a commonly used technique in Germany to detaint personally identifiable information,

RSA signatures without padding

2005-06-20 Thread Florian Weimer
I came across an application which uses RSA signatures on plain MD5 hashes, without padding (the more significant bits are all zero). Even worse, the application doesn't check if the padding bits are actually zero during signature verification. The downside is that the encryption exponent is

Re: massive data theft at MasterCard processor

2005-06-21 Thread Florian Weimer
* Peter Fairbrother: No, it isn't! A handwritten signature is far better, it gives post-facto evidence about who authorised the transaction - it is hard to fake a signature so well that later analysis can't detect the forgery, Apparently, handwritten signatures can be repudiated, at least

Re: RSA gets a reprieve?

2005-07-05 Thread Florian Weimer
* Michael Heyman: www.newscientist.com/channel/info-tech/mg18625054.000 ATTEMPTS to build quantum computers could run up against a fundamental limit on how long useful information can persist inside them. My local source of quantum computing knowledge says that the conclusions

Re: /dev/random is probably not

2005-07-05 Thread Florian Weimer
* Jason Holt: You may be correct, but readers should also know that, at least in Linux: /usr/src/linux/drivers/char/random.c: * All of these routines try to estimate how many bits of randomness a * particular randomness source. They do this by keeping track of the * first and second

Re: Feature or Flaw?

2005-07-05 Thread Florian Weimer
* Lance James: Feature, or flaw? Couldn't you just copy (or proxy all content) and get the same effect without using frames at all? Maybe I'm just missing something. - The Cryptography Mailing List Unsubscribe by sending

Re: Feature or Flaw?

2005-07-05 Thread Florian Weimer
* Lance James: Couldn't you just copy (or proxy all content) and get the same effect without using frames at all? How would you go about doing that and still get the SSL Lock to remain as the banks? Can you give an example? In both cases, you have the SSL lock on your own certificate. At

Re: Feature or Flaw?

2005-07-05 Thread Florian Weimer
* Lance James: And as stated above, reverse the effect and it would be the banks in scenarios such as XSS. In case of XSS or CSRF, you have lost anyway. The web was not designed as a presentation service for transaction processing, especially if the transactions involve significant value.

Re: the limits of crypto and authentication

2005-07-09 Thread Florian Weimer
* Steven M. Bellovin: In message [EMAIL PROTECTED], Nick Owen writes: It would seem simple to thwart such a trojan with strong authentication simply by requiring a second one-time passcode to validate the transaction itself in addition to the session. How does the user know which transaction

Re: [Forwarded] RealID: How to become an unperson.

2005-07-09 Thread Florian Weimer
* Perry E. Metzger: [EMAIL PROTECTED] writes: But nevertheless, I do not understand why americans are so afraid of an ID card. Perhaps I can explain why I am. I do not trust governments. I've inherited this perspective. My grandfather sent his children abroad from Speyer in Germany just

Re: the limits of crypto and authentication

2005-07-09 Thread Florian Weimer
* Nick Owen: I think that the cost of two-factor authentication will plummet in the face of the volumes offered by e-banking. I doubt this is true. In Germany, we already use some form of two-factor authentication for Internet banking transaction (account number/password and a one-time

Re: EMV

2005-07-11 Thread Florian Weimer
* David Alexander Molnar: Actually, smart cards are here today. My local movie theatre in Berkeley, California is participating in a trial for MasterCard PayPass. There is a little antenna at the window; apparently you can just wave your card at the antena to pay for tickets. I haven't

Re: the limits of crypto and authentication

2005-07-11 Thread Florian Weimer
* Perry E. Metzger: Nick Owen [EMAIL PROTECTED] writes: It would seem simple to thwart such a trojan with strong authentication simply by requiring a second one-time passcode to validate the transaction itself in addition to the session. Far better would be to have a token with a display

Re: the limits of crypto and authentication

2005-07-11 Thread Florian Weimer
Take a look at Boojum Mobile -- it is precisely the idea of using the cell phone as an out-of-band chanel for an in-band transaction. http://www.boojummobile.com In the foreseeable future, this approach won't stop fraudulent transactions because the one-time password does not depend on the

Re: Qualified Certificate Request

2005-07-25 Thread Florian Weimer
* Nap van Zuuren: Might be a nice (intellectual) crypto-exercise, but I am afraid that the concept of the Qualified Signature will not get a widespread implementation, expect for very specific areas/disciplines. That's by design, all those notaries public don't like being replaced by

Re: Cross logins

2005-08-04 Thread Florian Weimer
* James A. Donald: Is it possible for two web sites to arrange for cross logins? SXIP is a relatively open effort in that direction. The rootsite seems to be proprietary, though. - The Cryptography Mailing List Unsubscribe

Re: spyware targets bank customers. news at 11.

2005-08-10 Thread Florian Weimer
* Perry E. Metzger: A major identity theft ring has been discovered that affects up to 50 banks, according to Sunbelt Software, the security company that says it uncovered the operation. The operation, which is being investigated by the FBI, is gathering personal data from

Re: spyware targets bank customers. news at 11.

2005-08-10 Thread Florian Weimer
* Adam Fields: They stated on their blog that they only did so because they couldn't get anyone's attention in law enforcement, You mean this part? | We have notified the FBI, but no response just yet. We have notified a | few of the parties involved. (Update: It looks like they were working

Re: no visas for Chinese cryptologists

2005-08-17 Thread Florian Weimer
* Udhay Shankar N.: http://nytimes.com/2005/08/17/business/worldbusiness/17code.html Chinese Cryptologists Get Invitations to a U.S. Conference, but No Visas Didn't something similar happen at the FIRST conference in Hawaii a couple of years ago? It's sad that it's going to happen again next

Re: [Clips] RSA Security Sees Hope in Online Fraud

2005-08-25 Thread Florian Weimer
* R. A. Hettinga quotes: Today RSA is perhaps best known for staging a prestigious annual security conference and for selling 20 million little devices that display a six-digit code computer users must type to gain access to computer networks. The code, which changes every minute as

Re: Cisco VPN password recovery program

2005-10-20 Thread Florian Weimer
* Perry E. Metzger: Via cryptome: http://evilscientists.de/blog/?page_id=343 The Cisco VPN Client uses weak encryption to store user and group passwords in your local profile file. I coded a little tool to reveal the saved passwords from a given profile file. If this is true,

Re: Cisco VPN password recovery program

2005-10-20 Thread Florian Weimer
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00803ee1f0.html#wp2477015 - - - Cisco Client Parameters Allow Password Storage on Client - Check this box to allow IPSec clients to store their login passwords on their local

Re: How broad is the SPEKE patent.

2005-11-11 Thread Florian Weimer
* James A. Donald: I figured that the obvious solution to all this was to deploy zero knowledge technologies, where both parties prove knowledge of the shared secret without revealing the shared secret. Keep in mind that one party runs the required software on a computed infected with

Re: FW: Fermat's primality test vs. Miller-Rabin

2005-11-13 Thread Florian Weimer
* Charlie Kaufman: The probability of a single run of Miller-Rabin or Fermat not detecting that a randomly chosen number is composite is almost vanishingly small. How do you chose a random integer, that this, based on which probability distribution? 8-) Anyway, one can show that for some

Re: ISAKMP flaws?

2005-11-17 Thread Florian Weimer
* Perry E. Metzger: I haven't been following the IPSec mailing lists of late -- can anyone who knows details explain what the issue is? These bugs have been uncovered by a PROTOS-style test suite. Such test suites can only reveal missing checks for boundary conditions, leading to

Re: ISAKMP flaws?

2005-11-18 Thread Florian Weimer
* Peter Gutmann: I haven't been following the IPSec mailing lists of late -- can anyone who knows details explain what the issue is? These bugs have been uncovered by a PROTOS-style test suite. Such test suites can only reveal missing checks for boundary conditions, leading to out- of-bounds

Re: ISAKMP flaws?

2005-11-18 Thread Florian Weimer
* William Allen Simpson: Quoting Photuris: Design Criteria, LNCS, Springer-Verlag, 1999: The hallmark of successful Internet protocols is that they are relatively simple. This aids in analysis of the protocol design, improves implementation interoperability, and reduces operational

Re: ISAKMP flaws?

2005-11-18 Thread Florian Weimer
* William Allen Simpson: Florian Weimer wrote: Photuris uses a baroque variable-length integer encoding similar to that of OpenPGP, a clear warning sign. 8-/ On the contrary: + a VERY SIMPLE variable-length integer encoding, where every number has EXACTLY ONE possible representation

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Florian Weimer
* Nicholas Bohm: [EMAIL PROTECTED] wrote: You know, I'd wonder how many people on this list use or have used online banking. To start the ball rolling, I have not and won't. --dan I do. My bank provides an RSA SecureId, so I feel reasonably safe against anyone other than the bank.

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Florian Weimer
You know, I'd wonder how many people on this list use or have used online banking. To start the ball rolling, I have not and won't. Why? Repudiating transactions is easier than ever. As a consumer, I fear technology which is completely secure according to experts, but which can be broken

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Florian Weimer
* Eugen Leitl: The German PIN/TAN system is reasonably secure, being an effective one-time pad distributed through out of band channel (mailed dead tree in a tamperproof envelope). Some banks have optimized away the special envelope. 8-( It is of course not immune to phishing (PIN/TAN

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Florian Weimer
* Jonathan Thornburg: Ahh, but how do you know that the transaction actually sent to the bank is the same as the one you thought you authorized with that OTP? If your computer (or web browser) has been cracked, you can't trust _anything_ it displays. There are already viruses in the wild

Re: AW: [Clips] Banks Seek Better Online-Security Tools

2005-12-07 Thread Florian Weimer
* Ulrich Kuehn: In 2000 someone here in Germany already demonstrated how to attack smart card based HBCI transactions. Those transactions are authorized by an RSA signature done by the card. Here's a link: http://www.heise.de/newsticker/meldung/9349 The attack relyed on the card reader not

Re: GnuTLS (libgrypt really) and Postfix

2006-02-14 Thread Florian Weimer
* Werner Koch: On Sat, 11 Feb 2006 12:36:52 +0100, Simon Josefsson said: 1) It invoke exit, as you have noticed. While this only happen in extreme and fatal situations, and not during runtime, it is not that serious. Yet, I agree it is poor design to do this in a library.

Re: NPR : E-Mail Encryption Rare in Everyday Use

2006-03-08 Thread Florian Weimer
* Bill Stewart: Or you could try using the Google Keyserver - just because there isn't one doesn't mean you can't type in 9E94 4513 3983 5F70 or 9383DE06 or [EMAIL PROTECTED] PGP Key and see what's in Google's cache. What a peculiar advice. We know for sure that Google logs these

Re: History and definition of the term 'principal'?

2006-04-29 Thread Florian Weimer
* Hadmut Danisch: The only precise definition I found is in a law dictionary where it is defined as a legal term. The OED might also be helpful: B. [...] 2. a. A chief actor or doer; the chief person engaged in some transaction or function, esp. in relation to one employed by or acting

Re: picking a hash function to be encrypted

2006-05-15 Thread Florian Weimer
* Travis H.: IIUC, protocol design _should_ be easy, you just perform some finite-state analysis and verify that, assuming your primitives are ideal, no protocol-level operations break it. Is this still true if you don't know your actual requirements?

Re: Status of opportunistic encryption

2006-05-29 Thread Florian Weimer
* Sandy Harris: Recent news stories seem to me to make it obvious that anyone with privacy concerns (i.e. more-or-less everyone) should be encrypting as much of their communication as possible. Implementing opportunistic encryption is the best way I know of to do that for the Internet. I'm

Re: Status of SRP

2006-06-01 Thread Florian Weimer
* James A. Donald: The obvious solution to the phishing crisis is the widespread deployment of SRP, but this does not seem to happening. SASL-SRP was recently dropped. What is the problem? There is no way to force an end user to enter a password only over SRP. That's why SRP is not

Re: Status of SRP

2006-06-03 Thread Florian Weimer
* Ka-Ping Yee: Passpet's strategy is to customize a button that you click. We are used to recognizing toolbar buttons by their appearance, so it seems plausible that if the button has a custom per-user icon, users are unlikely to click on a spoofed button with the wrong icon. Unlike other

Re: Status of SRP

2006-06-03 Thread Florian Weimer
* Anne Lynn Wheeler: Florian Weimer wrote: If you've deployed two-factor authentication (like German banks did in the late 80s/early 90s), the relevant attacks do involve compromised customer PCs. 8-( Just because you can't solve it with your technology doesn't mean you can pretend

Re: Status of SRP

2006-06-06 Thread Florian Weimer
* Anne Lynn Wheeler: Florian Weimer wrote: FINREAD is really interesting. I've finally managed to browse the specs, and it looks as if this platform can be used to build something that is secure against compromised hosts. However, I fear that the support costs are too high, and that's why

Re: Greek cellular wiretapping scandal

2006-06-25 Thread Florian Weimer
* Steven M. Bellovin: I have more than a passing aquaintance with the complexity of phone switch software; doing that was *hard* for anyone, especially anyone not a switch developer. Isn't Ericsson's switching software written in Erlang, is highly modular and officially supports run-time code

Re: NIST hash function design competition

2006-07-20 Thread Florian Weimer
* Travis H.: On 7/11/06, Hal Finney [EMAIL PROTECTED] wrote: : So what went wrong? Answer: NIST failed to recognize that table lookups : do not take constant time. âTable lookup: not vulnerable to timing : attacks, NIST stated in [19, Section 3.6.2]. NIST's statement was, : and is,

Re: Recovering data from encrypted disks, broken CD's

2006-07-29 Thread Florian Weimer
* Steven M. Bellovin: I wonder how accurate this is. It's certainly true that some drives have vendor passwords to unlock them. It's hard to see how they could break through (good) software encryption, A lot of software tends to create temporary files in random places. If you don't encrypt

Re: Locating private keys in RAM?

2006-09-07 Thread Florian Weimer
* Douglas F. Calvert: I remember seeing a paper about identifying private keys in RAM. I thought it was by Rivest but I can not locate it for the life of me. Does anyone remember reading something like this? The basic operation was to identify areas in RAM that had certain characteristics

Re: Circle Bank plays with two-factor authentication

2006-10-01 Thread Florian Weimer
* Steven M. Bellovin: Again -- the scheme isn't foolproof, but it's probably *good enough*. I agree that if you consider this scheme in isolation, it's better than plain user names and passwords. But I wonder if it significantly increases customer confusion because banks told their customer

Re: Hamiltonian path as protection against DOS.

2006-10-03 Thread Florian Weimer
* James A. Donald: DOS is now a major problem - every business, online games, money movers, banks, porno sites, casinos, now comes under DOS attack from extortionists. How do Hamiltonian paths protect against the H.R.4411 attack? (Part of the DoS problem online casinos face is that due to

Re: ATM vulnerability

2006-12-21 Thread Florian Weimer
I hesitate to use the syllable crypto in describing this paper, but those who have not seen it may find it interesting. http://www.arx.com/documents/The_Unbearable_Lightness_of_PIN_Cracking.pdf Or profitable. In a weired sense, yes. If I understand the paper correctly, the authors show

Re: Fwd: [FDE] Largest Ever Single FDE implementation

2007-01-03 Thread Florian Weimer
* Saqib Ali: You can read about the competition, which will come to a close in the next 90 days at: http://www.fbo.gov/spg/USAF/AFMC/ESC/FA8771-07-R-0001/Attachments.html In the process, the following document has been published:

Re: Free WiFi man-in-the-middle scam seen in the wild.

2007-01-30 Thread Florian Weimer
* Perry E. Metzger: If you go over to, say, www.fidelity.com, you will find that you can't even get to the http: version of the page any more -- you are always redirected to the https: version. Of course, this only helps if users visit the site using bookmarks that were created after the

Re: Failure of PKI in messaging

2007-02-15 Thread Florian Weimer
* James A. Donald: Obviously financial institutions should sign their messages to their customers, to prevent phishing. The only such signatures I have ever seen use gpg and come from niche players. Deutsche Postbank uses S/MIME, and they are anything but a niche player. It doesn't help

Re: DNSSEC to be strangled at birth.

2007-04-05 Thread Florian Weimer
* Peter Gutmann: Dave Korn [EMAIL PROTECTED] writes: Surely if this goes ahead, it will mean that DNSSEC is doomed to widespread non-acceptance. I realise this is a bit of a cheap shot, but: How will this be any different from the current situation? You can see that the keys change and

Re: DNSSEC to be strangled at birth.

2007-04-05 Thread Florian Weimer
* Simon Josefsson: However, in practice I don't believe many will trust the root key alone -- for example, I believe most if not all Swedish ISPs would configure in trust of the .se key as well. There are some examples that such static configuration is extremely bad. Look at the problems

Re: Public key encrypt-then-sign or sign-then-encrypt?

2007-05-02 Thread Florian Weimer
* Travis H.: Also there's a semantic issue; am I attesting to the plaintext, or the ciphertext? It's possible the difference could be important. With sign, then encrypt, it's also possible that the receiver decrypts the message, and then leaks it, potentially giving the impression that the

Re: Was a mistake made in the design of AACS?

2007-05-02 Thread Florian Weimer
* Perry E. Metzger: This seems to me to be, yet again, an instance where failure to consider threat models is a major cause of security failure. Sorry, but where's the security failure? Where can you buy hardware devices that can copy HD disks? Or download software that does, with a readily

Re: no surprise - Sun fails to open source the crypto part of Java

2007-05-12 Thread Florian Weimer
* Ian G.: Does anyone know what Sun failed to opensource in the crypto part of Java? The Sun JCE provider appears to be missing, which means that few cryptographic algorithms are actually implemented in the source drop. All the symmetric encryption algorithms are missing, for instance.

Re: no surprise - Sun fails to open source the crypto part of Java

2007-05-14 Thread Florian Weimer
* Ian G.: My worry was that they hadn't open sourced the architecture component, the part that wasn't meant to be replaceable. However even if open sourced, Sun may still wield a stick over the providers by insisting that they manage the signing process for the providers. The signing

Re: 307 digit number factored

2007-05-23 Thread Florian Weimer
* Victor Duchovni: That's good of you not to expect it, given that zero of the major CAs seem to support ECC certs today, and even if they did, those certs would not work in IE on XP. We are not talking about this year or next of course. My estimate is that Postfix releases designed this

Re: 307 digit number factored

2007-06-09 Thread Florian Weimer
* Victor Duchovni: But no one is issuing certificates which are suitable for use with SMTP (in the sense that the CA provides a security benefit). As far as I know, there isn't even a way to store mail routing information in X.509 certificates. There is no need to store routing

Re: IBM Lost Tape(s)

2007-06-11 Thread Florian Weimer
* John Ioannidis: I wonder how much it cost them to find current addresses for everybody so we could be notified. I guess it's pretty easy because your personal information is available to so many organizations, without any safeguards. Obviously, they had your social security number (it's only

Re: The bank fraud blame game

2007-07-01 Thread Florian Weimer
* Jerry Leichter: OK, I could live with that as stated. But: The code also adds: We reserve the right to request access to your computer or device in order to verify that you have taken all reasonable steps to protect your computer or device and safeguard your

Re: The bank fraud blame game

2007-07-02 Thread Florian Weimer
* Ian G.: Banks are the larger and more informed party. But not as far as client-side fraudulent activity is concerned. After all, the attacked systems are not under their administrative control. They need to provide systems that are reasonable given the situation (anglo courts generally

Re: The bank fraud blame game

2007-07-02 Thread Florian Weimer
* Anne Lynn Wheeler: In the mid-90s, financial institutions looking at the internet for online, commercial banking and cash management (i.e. business equivalent to consumer online banking) were extremely conflicted ... they frequently were almost insisting on their own appliance at the

Re: UK RIPA Pt 3

2007-07-05 Thread Florian Weimer
* Peter Fairbrother: I forgot to mention that Pt.3 also includes coercive demands for access keys - so for instance if Mr Bill Gates came to the UK, and if there was some existing question about Microsoft's behaviour in some perhaps current EU legal matter, Mr Gates could be required to give

Re: Hackers target C-level execs and their families

2007-07-05 Thread Florian Weimer
* Udhay Shankar N.: Hasn't this already been going on a while? I'm only surprised there hasn't been a big public incident yet. Doesn't this one count? | According to Chief Superintendent Arye Edelman, head of the Tel Aviv | fraud squad, which ran the investigation, Haephrati used two methods

Re: How the Greek cellphone network was tapped.

2007-07-09 Thread Florian Weimer
* Ian Farquhar: Crypto has been an IP minefield for some years. With the expiry of certain patents, and the availability of other unencumbered crypto primitives (eg. AES), we may see this change. But John's other points are well made, and still valid. Downloadable MP3 ring tones are a

Re: How the Greek cellphone network was tapped.

2007-07-10 Thread Florian Weimer
* John Ioannidis: Florian Weimer wrote: It's also an open question whether network operators subject to interception requirements can legally offer built-in E2E encryption capabilities without backdoors. You probably meant device vendors, not network operators. The whole *point* of E2E

Re: interesting paper on the economics of security

2007-08-22 Thread Florian Weimer
* Hal Finney: Information on the quality of AV and other security products is widely available on the net, in magazines and other places that consumers might look for reviews and comparisons. This is completely unlike the situation with individual used cars. I don't see this analogy as

Re: Seagate announces hardware FDE for laptop and desktop machines

2007-10-03 Thread Florian Weimer
* Simon Josefsson: One would assume that if you disable the password, the data would NOT be accessible. Making it accessible should require a read+decrypt+write of the entire disk, which would be quite time consuming. It may be that this is happening in the background, although it isn't

Re: Seagate announces hardware FDE for laptop and desktop machines

2007-10-05 Thread Florian Weimer
* Ivan Krstić: On Oct 3, 2007, at 4:39 AM, Florian Weimer wrote: But this exhibits an issue with disk-based encryption: you can't really know what they are doing, and if they are doing it right. (Given countless examples of badly-deployed cryptography, this isn't just paranoia, but a real

Re: PlayStation 3 predicts next US president

2007-12-13 Thread Florian Weimer
* William Allen Simpson: Assuming, Dp := any electronic document submitted by some person, converted to its canonical form Cp := a electronic certificate irrefutably identifying the other person submitting the document Cn := certificate of the notary Tn := timestamp

Re: Question on export issues

2008-01-02 Thread Florian Weimer
* Ivan Krstić: We've recently had to jump through the BIS crypto export hoops at OLPC. Our systems both ship with crypto built-in and, due to their Fedora underpinnings, allow end-user installation of various crypto libraries -- all open-source -- through our servers. It was a nightmare; the

Re: SSL/TLS and port 587

2008-01-23 Thread Florian Weimer
) if this message turns out to be spam. There's nothing related to confidentiality that I know of. -- Florian Weimer[EMAIL PROTECTED] BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721

Re: patent of the day

2008-01-23 Thread Florian Weimer
approaches: | | * The content of a page disappears when its respective encryption key | is deleted, a very fast operation. [...] AFAICS, the patent does not reference the paper. -- Florian Weimer[EMAIL PROTECTED] BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100

Re: How is DNSSEC

2008-03-26 Thread Florian Weimer
* James A. Donald: From time to time I hear that DNSSEC is working fine, and on examining the matter I find it is working fine except that Seems to me that if DNSSEC is actually working fine, I should be able to provide an authoritative public key for any domain name I control, and

Re: OpenSparc -- the open source chip (except for the crypto parts)

2008-05-05 Thread Florian Weimer
, or if the code is actually bogus. (And for most (all?) non-trivial software, source code acquisition costs are way below validiation costs, so public availability of source code is indeed a red herring.) -- Florian Weimer[EMAIL PROTECTED] BFK edv-consulting GmbH http://www.bfk.de

Re: [ROS] The perils of security tools

2008-05-23 Thread Florian Weimer
* Peter Gutmann: Debian seem to be particularly bad for not reporting changes to maintainers, This shouldn't be the case. There's a clear policy that non-packaging changes (basically, anything beyond trivial build fixes and pathname changes for FHS compliance) should be submitted upstream.

  1   2   >