and server.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
EWYCMfM1ZE4FqHNgG8Xxq4Raoo0u92HCJxUTm9d6
4UkMVch4UVf7oFF6jEx+Nj5WJffMhrKnlz65qZyH1
-
The Cryptography Mailing List
.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
VBdyipPLv5JzjJ0eIFxxeMDsO30Us9Mvs7lmm2ka
4R5+YjVhKptjgGIVZsjTfX5nDogjTf2G8x7fRhKmN
-
The Cryptography Mailing List
Unsubscribe by sending
--
James A. Donald wrote:
This flaw is massive, and the biggest villain is the server
side code created for Apache.
Ben Laurie
This isn't the case. I analysed several sites I work on for
attacks of the type described when this paper first came out.
None of them were vulnerable
--
On 14 Jun 2003 at 21:42, Ben Laurie wrote:
The obvious answer is you always switch to a new session
after login. Nothing cleverer is required, surely?
I had dreamed up some rathe complicated solutions.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0
generated the cookie
in response to a valid login, as Ben Laurie does.. The
framework, however, generally provides insecure cookies.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
hOTy2gXIGpC8U37+/qzVoX8ytaUtHZWZGueU4kX5
, if people were able to ensure they saw the same
cert every time they hit what is purportedly the same site,
this would take out most scams.
Unfortunately, no one is going to memorize fingerprints.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
means that freenet could, if
implemented correctly, prevent the authorities from knowing who
published what, even with universal monitoring, and even if
they did know who read what.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
tries to get a free certificate from Thawte will discover,
makes it difficult, expensive, and inconvenient to get
certificates.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
id/UsYl2xTf9Mswn+zhPXu3gZK4Hx7RMoDuc1LXZ
4TEx1/ENp2au248aS2r
--
On 1 Sep 2003 at 19:17, Hadmut Danisch wrote:
Is cryptography where security took the wrong branch?
True names is where security took the wrong branch. The entire
PKI structure has been rejected.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
--
At 12:30 PM 9/7/2003 -0700, James A. Donald wrote:
To the extent that trust information is centrally handled,
as it is handled by browsers, it will tend to be applied in
ways that benefit the state and the central authority
On 7 Sep 2003 at 17:19, Anne Lynn Wheeler wrote:
Out
://jtcfrost.sourceforge.net/
If the music companies continue to try to hold back the tide,
this may be the best thing yet for encryption.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
vpu+9/zR0VeZ9yrq0tX02mDo/qom+zk9HNCpvzBg
4Rh7IsRRuJOCzDjntfegD
. Just say no to Windows XP.
It's easy, especially when he's storing a bearer bond worth a
car.
What machine, attached to a network, using a web browser, and
sending and receiving mail, would you trust?
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
would be programmed by burning new
proms, thus enabling easy reprogramming, while making it
resistant to trojans and viruses.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
Fkc1LRTOk91ROlSR8FZ74DmqbH7hISIn+MSojROa
to me that MD5 was considered harmful back in 1997,
though I did not know why at the time, and perhaps no one knew
why.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
bEcutcm49V2l4gs02N+hlx0RuvlNCxolYqbHGLNY
is that it conceals your threat model.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
aV25L9tGoz00uU3bzcY+rbFDV5nX9BCkK67CRwcd
4mBXnVakFBPiPRCdugeDolUdtnd8iueWgYFwR3Pch
-
The Cryptography
that they
are in danger of being forgetten.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
Dn3N69hcbr+mL/HUTw8OhGtKmD9rHYOMN4NTBkIY
47AOCXrb7e35xm5QBsHbFVr/jfm+XwTUvzdiytKpG
what the owner of the records chose to reveal.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
PS5fDA87MKS6uCbiF0gJ/R+39ekRuwLazrAsTyAa
4MxSlekoFzNrLXER1RoAItoikUPxKn3udKQokRxkB
broken as to justify starting over.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
QVYtFQAELN4YlZ9xB60CvXTqW8QT8rOABMbJrPXE
4hz2qo1jnDwc3tmFFeyh6lG9sOrXL1783FYSh2s+v
your computer off your desk. If your
cleaning lady is out to get you, it is much easier to create
software that creates a false and misleading sense of security,
than software that stops her.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
20zhgc
inflation and debasement.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
R4I4vh9JdcWBUfeQFXQ+i/TlFSVcljg/Og6KRDDj
4qwXmonSAX1xgyPdaB5TsB80yC66PjeWY5mzIpBuo
-
The Cryptography
an unobtrusive and
easily ignored warning if he has never received a
signed message from that source, a considerably
stronger warning if he has previously received
signed mail from that source.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
(SICS) in
SCN'04 [available off my site],
And your site is?
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
To5/mH1p3iCBlpaC6McgYo2aehoFMV42OcrSW6Ze
4AmE3tC68Tiyw+VQHexWjeQmXnrDHI+41ty416j11
to the disk?
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
MWz38lml3/o9dkGLtWtJQZ1tp0gyiyL5eFG9bY/j
4tFQd7DIdLt5X6V438CPm2mQIV4/O2PZST9PN9sAM
-
The Cryptography Mailing List
From: Patrick [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Lucrative-L] double spends, identity agnosticism, and
Lucrative Date: Tue, 29 Apr 2003 14:46:48 -0600 Importance: Normal
Sender: [EMAIL PROTECTED]
A quick experiment has confirmed the obvious: when a client
reissues a coin
in the middle
attacks. Have these bugs been addressed?
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
vPV62zjEtpTJHTV5lKXu2Sw+/5fke2gh9AwPeqQj
4oqqXlvYYKn9rR63ZsSEEjgV5fVyWT9+e6YttP3G
--
James A. Donald:
PKI was designed to defeat man in the middle attacks
based on network sniffing, or DNS hijacking, which
turned out to be less of a threat than expected.
However, the session fixation bugs
http://www.acros.si/papers/session_fixation.pdf make
https and PKI
at the individual level - one key per email
address, not one key per domain name. which would solve
the spam problem, but is less immediately helpful than
one key per domain name.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
Fl8/gx81XkbuiLaqs0tMz
to be geek oriented, and do not
secure stuff that is under heavy attack. Does anyone
have any examples of SSH securing something that was
valuable to the user, under attack, and then the key
changed without warning? How then did the users react?
--digsig
James A. Donald
6YeGpsZR
--
James A. Donald wrote:
The way to beat session fixation is to issue a
privileged and impossible to predict session ID in
response to a correct login.
If, however, you grant privileges to a session ID on
the basis of a successful login, which is in fact
the usual practice
--
James A. Donald wrote:
Adversary accesses web site as if about to log in,
gets a session ID. Then supplies false information
to someone else's browser, causes that browser on
some one else's computer to use that session ID.
Someone else logs in with hacker's session ID
random
data which the end user decrypts. End user should then
prove knowledge of that encrypted data.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
mvLPUs8OZQJeGGYzUgIlJCvGBKsPF9FUruhnF3tE
4Krdy9r1LLw/aZSGjrIDNHXOcHkloS7F9MGLCTB6o
, and on a timer
event, send out the buffer.
Your code is now of course multithreaded - very easy to
get multithreading bugs that never show up during
testing, but non deterministically show up in actual
use.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
--
James A. Donald:
Suppose you have something that is inadvertently an
oracle - it encrypts stuff from many different users
preparatory to sending it out over the internet, and
makes no effort to strongly authenticate a user.
Have it encrypt stuff into a buffer, and on a timer
that
is needed - a trusted device to put the application,
display, keypad and net connection on - is even more
expensive than the stop-gap two-factor authentication
units commonly sold.
Such a device sounds like a cell phone.
--digsig
James A. Donald
6YeGpsZR+nOTh
insecure, and no
good practices exist to make them secure.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
pPiA9t4S8XPLqBdKsuV/tb+p7tvWdaBMwkYer7hl
4+JSXe6MBo4npe1jgiYmnZNAqOAsX9u+daHcBra01
transfers
take place over non internet networks, and rely on non
internet identity. Inevitably, this will change, and
that change will both necessitate, and be based on, the
use of public key cryptography.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
--
James A. Donald
Is it possible for two web sites to arrange for
cross logins?
Steve Furlong
Does this question have a practical end in mind? If
so, can you simplify matters by running both web sites
on the same host?
The situation envisaged is that A.com is known to B.com
, then the adversary has control
of the token, even though the rightful user retains
physical control of the token.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
k8jT9lI+qnD2l9zmgoEnD1dREI6nEAq21MKjTBy2
4l82lryIH7nTP4rjhCMmKYcuZkd3xQSd8Mtpt1S8d
, is near zero and seems
unlikely to change. PGP has substantially superior
penetration.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
5l+2/VgKKsZ7L2MtEJUMxtB3jqOuld2RYZgm3QcV
4HS67bQDIU6jSwHy8CH7u3qvqnY5XGqLUbRMG5mgy
it by
their browsers, but it does not give the protection
intended, because people do what is necessary to avoid
being nagged by browsers, not what is necessary to be
secure.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
mQ0rM7wYdVTuoeMRUcrpDc1V9pUqhEgUmJMtyCZZ
Also petnames need to be linked to favorites. When you
are on a site that is on your favorites list, you should
see that it is on your favorites list.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
/RwA4zRnu4D2L0mSgGcsMv2Z3UGRcRDZnsqwkzh0
party that they know that secret without revealing it.
If that's indeed so, wouldn't this have key management
and storage issues that PK was designed to prevent in
the first place?
But does not, in fact, prevent.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0
are just blowing
smoke. It has been a long time, and no one has paid out
money on an ECC patent yet.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
T2A5LZ0emoxvUB9mpzAbsQaP6ZNjQpWobkfHEPls
4o11NuYw0FpVl962xoPzHTvBwM2AkgESWNKRblf9u
: :
: : Installation Security warning: Unable to
: : verify supplier. Continue anyway? Y/N
Seems to me that the phone designers have done a better
job with virus, worm, and malware resistance than
Microsoft or Linux. Teenagers are pretty sophisticated.
--digsig
James A. Donald
6YeGpsZR
--
James A. Donald:
Typical worm installation [on a smartphone] goes
like this:
: : Receive message via bluetooth from
: : unnamed device? Y/N
: :
: : Installation Security warning: Unable to
: : verify supplier. Continue anyway? Y/N
Eugen Leitl
It's just a networked
at least the other six NIST curves
as well, and most likely the other twelve.
The three curves that are licensed look different from
the other twelve, though I have no idea of the
significance of this, if any.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
strings where they must be non const.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
nsfA32EGEKM0cU+MepqW0siOwFXqhO6L4ObDt/5P
4n7mr1z57RP4q1W6q39DjzRerUpSJz4w3SYQPtVCh
Date sent: Tue, 25 Oct 2005 00:38:36 +0200
To: cyphrpunk [EMAIL PROTECTED]
Copies to: John Kelsey [EMAIL PROTECTED], Ian G [EMAIL
PROTECTED],
[EMAIL PROTECTED], cryptography@metzdowd.com, [EMAIL PROTECTED]
From: [EMAIL
, and
provides a secure channel to the user. So secrets
representing ID, and secrets representing value, can
only be manipulated by the software that is supposed to
be manipulating it.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
--
It seems to me that mutual authentication is pretty much
irrelevant to HTTPS and certificates. You mutually
authenticate by both knowing the password, as in SPEKE.
Of course, SPEKE is patented, so is this scheme a way of
getting around the patents?
--digsig
James A. Donald
on a weak passphrase?
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
c3YaEtPqVbOMIjHk3eId6UngzMgXPFWqhwk9daye
4S2HlmFAZeCAhYaaxiPBSR5+8yf8Wwqy+gi8rWY6f
-
The Cryptography Mailing
, not the web page, must set up and verify the password.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
FtM0KMPHrqFLxpaSShaR05Rlxb8CnxF4pHnz9Yqy
4RHOMGs4NJv8heDXAxtfYQ4sYI82tcElZ5wJ4qgvc
--
James A. Donald:
We can, and should, compare any system with the
attacks that are made upon it. As a boat should
resist every probable storm, and if it does not it
is a bad boat, an encryption system should resist
every real threat, and if it does not it is a bad
encryption
that this is because true names don't really address the
issue of true relationships. Does anyone have any market research
information as to why phishing targets generally send out plain mail?
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
relationship between two people
that know and trust each other.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
FYVMooN6NmFglw4lbAf5aNMCV9JMCU/ozMfXJMgI
4WWQ2pQAOpm3Ttro+Ga5AcJIyW4/gefQzmeVWEsPN
--
James A. Donald:
We can, and should, compare any system with the
attacks that are made upon it. As a boat
should resist every probable storm, and if it
does not it is a bad boat, an encryption system
should resist every real threat, and if it does
--
James A. Donald wrote:
However, the main point of attack is phishing, when
an outsider attempts to interpose himself, the man
in the middle, into an existing relationship between
two people that know and trust each other.
Anne Lynn Wheeler [EMAIL PROTECTED]
in the traditional
.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
gvDLBPaNQFZ3Y0yhzmO2KnYEKGolt9E+eey2rPxE
4bGpW6AUGiMGbJFzaXJ8QcBY0HMhbypcque+5LrMd
-
The Cryptography Mailing List
Unsubscribe
for public keys.
After all these years, we still do not have a good fit
between the capabilities of the technology, the
usability of the interface, and the problems people need
solved.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
X1okruQ3BE
serves any
useful purpose.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
ca4N69sv32Q/plWYe5BnvcydTDFaMVJkZ0rPbVp6
4CRaaWK8UP3bCPHDbDzuPW7zEKImu5L9x7RUMIrbG
form of shared secret - their
credit card number - the password whereby they login to
their mail server. Therefore, whenever a user
communicates anything to anyone, it should be secure,
but it is not.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
Date sent: Mon, 12 Dec 2005 00:41:13 -0600
From: Travis H. [EMAIL PROTECTED]
To: cryptography@metzdowd.com
Subject:crypto for the average programmer
In Peter Gutmann's godzilla cryptography tutorial, he has some really
good
was not the same as the
problems that other standards solve.
You should, however, never roll your own damned standard
without good reason.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
TXXgVeLZjViyf6+f7NQt7WCs7MzxO/j25GYLXcEg
4js14nleizkni3mC38n
telling customers to conform to designer
procedures. This has not had much success in the past.
People using PGP in practice verify keys out of band,
not through web of trust.
People using https tend to click through.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0
name is a deep and difficult question,
and one that people have little patience for when trying
to log in. We are overloaded with names, with the
result that true names are of limited value in
ascertaining true relationships.
--digsig
James A. Donald
6YeGpsZR+nOTh
--
James A. Donald
Let us imagine that SSH had certified keys. Well,
certifying a key is bound to be complicated, and
things are bound to go wrong, and the name that you
bind it to is bound to be somewhat shifty.
Ben Laurie
I don't see why that would happen all that much
, nor have I
ever heard of such an attack.
If no attacks, this is just an excuse for higher priced
holy water, an attempt to alter the Browser interface to
increase revenue, not increase security - to solve the
CA's problem, not solve the user's problem.
--digsig
James A. Donald
many names.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
CS4AkcyJ2ZhuZtOouD5yH0AnqodmyrqySuYZgRXQ
4Y1XkuPvMRrV9M2owdKcEoRRGZzIuxUqEcgxLcPX7
-
The Cryptography Mailing List
--
James A. Donald:
My two most recent logins were with First National
Bank of Omaha and Your IBM Savings plan
Is firstnational.com the same entity as First
National Bank of Omaha? Is
https://lb22.resources.hewitt.com; the same entity
as Your IBM Savings plan
From: Ben
, we will never succeed in explaining to
users that https://atbbr.bankofadelaide.com is safe
while https://bankofadelaide.atbbr.com is unsafe.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
7lvFKmh9CI9ZQfYIy78zI4N2dRYic3ejlTGQRoao
4R5oEEaOy
-TLS-OpenSSL This also requires that establishing a
relationship, and verifying a shared secret, should be
part of the browser chrome, rather than a particular
application of generic web forms.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
8epIQqxZ
, but that is not quite the same thing.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
x7HSdxkv/c2zoTJF7n9vrmNpEhiSFAXRD6FAlbcM
4KYwEbsOwZRupedV+quY2YciDAmLaxyYeulIr8mLr
-
The Cryptography Mailing
to observe directly. One must study what goes in, not what goes out.
For any test, ask yourself this: If the source of random numbers
was the current time, hashed with SHA and a sixteen bit fixed code,
would your test show any problem?
--digsig
James A. Donald
6YeGpsZR+nOTh
is to take advantage of the only-one-popup rule for
untrusted web pages, by popping up two related overlapping dialogs
which hold a fixed position relative to each other - which visually is
a sort of non rectangular dialog.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0
is in fact achievable for really crucial applications. The more
crucial the application, the more reason to write code that halts on
error.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
Cau3evB8n2DnP2D8ej3FHKKnKnMeseK65pUDF346
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
Ywzx2XsxbvPNX+eeGZVUpnq16108eQo1eBvq8K1I
46HVM7avhGKHTF4Y1SqhFSUdIsTlbJvpXX43jkvQP
-
The Cryptography Mailing List
Unsubscribe by sending
such, there
are better methods than testing.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
EQ0NuuGe3F81FVYLaVzuREVIM95sviNDw7cku0j6
4MEZw0qU0NMPYTNTSCMcjRi7wZSGRo06TUwlSmzr8
abort.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
yT/vxBNSRjFYGpU6iWTY1tvxDKTWkDa9wubFEmYD
40btwbJ8sjQGTu/vmkD4fjY1gud+1641iRf+Uq+Pb
-
The Cryptography Mailing List
Unsubscribe
, but that they were
writing for a more trusting and trustworthy world. Today, we have to
do things differently.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
PRRq2Za8iG5qzD2wX3ug3xGXEWyekUqHQTZAspUQ
4Mjw8nFOqtf9erylBgQZo+5aUTVPzgKVdij0TQUDs
, and no new ones have turned up for
some time, nor does it seem likely that they will.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
aMGHaG1NbogokuNeDdZ0lhGIuup5dcnanNmv/M3z
4bFF4Yq8bD+vAGqsKwFG62Fy4ZEiJb+gVrl+FMJjh
--
James A. Donald
AES is new, and people keep claiming progress towards
breaking it, without however, so far producing any
breaks.
RC4 is old and has numerous known weaknesses, which
are tricky to code around, and have caught many an
implementor - notice for example Wifi
--
Joseph Ashwood wrote:
RC4 should have been retired a decade ago,
Why?
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
pvLUSroPw35whI+/0Tq1IYPZh/GDEidGMu+4KvZc
4zyBqLBt4fFho62NSUZuECGjiLrFpqppx7lXuvebv
the DNS system.
After all, we have not fixed or replaced PKI, despite
the enormous phishing attack that renders it useless and
irrelevant, so we are going to be slower still fixing
DNS.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
cwXK8++rEMivkYVd
The obvious solution to the phishing crisis is the widespread deployment
of SRP, but this does not seem to happening. SASL-SRP was recently
dropped. What is the problem?
-
The Cryptography Mailing List
Unsubscribe by sending
problems including password capture
and dictionary attack, and for the authentication part
i chose SRP. So that's one place it's getting used,
anyway.
Cannot find a web page that presents passpet.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
--
James A. Donald wrote:
The obvious solution to the phishing crisis is the
widespread deployment of SRP
Lance James
I disagree here, I don't think this will stop phishing
for many reasons. Please explain how it would. It will
stop man-in-the-middle attacks on the protocol
, it doesn't matter because today, we must
assume that the client is thoroughly compromised,
which means that entering passwords over SRP isn't
safe, either.
That is an all purpose argument that is deployed
selectively against some measures and not others.
--digsig
James A. Donald
- by supplying non cryptographic evidence
of an existing relationship.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
O37xiq0aPJeqGc7fQTWWTY85hPPktIPGAwbDifVD
4bDTmZTlI9gWsmLu9xhSdisgc26xogVtQOnIi5/DI
does
not require competent web masters, who tend to be in
short supply. When do you hope to release an actual
working passpet?
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
2XJ1hBQB4Lh88oartvxNB9R47imTGm9ijr/vCQ5S
4tw2qTJbgf91cRjr3IilUO
be fixed.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
K0DkzvBcnUAkU1t725Cg9Fmh6awjA9b9S8SmmanA
4HYHXPVEWxmojVTOmRDh7L/Eu6KRWMz3WCh5tL2Eq
-
The Cryptography Mailing List
the mimicry, the less people are likely to fall
for it. Certainly some people will fall for it, there
is a sucker born every minute, but right now we are
seeing phishing attacks that quite sophisticated people
fall for.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0
Thomas Harold:
I do suspect at some point that the lightweight
nature of DNS will give way to a heavier, encrypted
or signed protocol. Economic factors will probably
be the driving force (online banking).
Thierry Moreau wrote:
E.g. RFC4033, RFC4034, RFC4035.
Well I wish it was going
recognized for a long time that a major source of
account financial fraud has been the data breaches
http://www.garlic.com/~lynn/subpubkey.html#harvest
Have any merchants adopted the X9.59 standard?
Is it in fact possible for a merchant to today take
orders over X9.59?
--digsig
James
as their entropy source, and doing the stirring in
software.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
2PU8nEsxKqJuKTcJtk5EoKYjFF0Uh/9Xr5sJ6nxm
4YaYrOcfMCcakjCz0TyfilHAYuMSbGUG2qHHdxLBA
Hal Finney wrote:
I had not heard that there had been an official
decision to hold a new competition for hash functions
similar to AES. That is very exciting! The AES
process was one of the most interesting events to have
occured in the last few years in our field.
Seemed like one of the
Lance James wrote:
The site asks for your user name and password, as well as the
token-generated key. If you visit the site and enter bogus information to
test whether the site is legit -- a tactic used by some security-savvy
people -- you might be fooled. That's because this site acts as the
alteration by an adversary who knows or
strongly suspects the plaintext but did not find anyone
saying that.
Why the oversupply of remedies?
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
PPq8l9FHjabhO8nTB28VyFfiMXCf9NJ+pa+2HT1q
4Ttu2nqimJg3wjiGx
- but SSL does use it correctly.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
8PORO+zKpxIcfbxPbIn6QJCWObzpBeAHXq1ayeRH
4Xom0un81cmvTp/yhXOteppnRKtloRB7itr3E2ASz
hand, if we try to do something
clever, we are likely to exceed a few microseconds,
which defeats the purpose. While Hamiltonian path
problems are more elegant, and directly appropriate to
the problem, SHA is hard to beat.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0
, and if they are
physically rather close then the owner of the server can
find them and go after them with an axe handle, reducing
the problem to the previously solved problem of
protecting property rights in physical space.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0
1 - 100 of 304 matches
Mail list logo