It turned out that the ISP, Charter, was not compromised. The user had
some nasty spyware install itself on his computer. Here are the details:
http://ask.slashdot.org/comments.pl?cid=6260281sid=68266tid=172
-- sidney
-
The
Enzo Michelangeli wrote:
but the slight risk of collision,
although practically negligible, is a bit irksome
If you quantify the practically negligible risk, it might be less
irksome: SHA-1 is a 160 bit hash. The birthday paradox says that you
would need to hash 2^80 different credit card
As a separate issue from whether you want to implement AES, if you do
decide to implement it look at Brian Gladman's code at
http://fp.gladman.plus.com/cryptography_technology/rijndael/
It is the fastest free implementation of AES that I know of, and has a
good history and credentials behind
Carl Ellison wrote:
So, in capsule: this proposal assumes that you use
the same machine for outgoing and incoming e-mail.
No, it implies a service that your outgoing mail server makes available
that has you authenticate to it in some way and then signs your mail in
some way.
The article doesn't
[EMAIL PROTECTED] wrote:
To avoid replay attacks one needs to
sign a string that is tied to a
specific message or time period
I agree. Even time period and message content aren't good enough: Let's
say that the outgoing SMTP mailer at example.com is trusted. Spammer
gets an account at
[EMAIL PROTECTED] wrote:
Does anybody know what has become of the low-tech,
no-cryptography-needed RMX DNS record entry proposal?
A google search for rmx dns without quotes brings up as its first hit
the Internet Draft at IETF which is dated October 2003. The subsequent
hits show lots of
[Moderator's note: that's one -- but only one -- of the reasons I
think Bob found the exchange so funny. --Perry]
Ah, I thought he was being honest but naive and couldn't understand how
he could apply for clearance from the US for an import.
I looked at the rest of the thread in their mailing
This isn't worked out enough to be a proof of concept, but I can imagine
a piece of code that has a comment This can't overflow because value X
computed from the magic bits table will always be between A and B. Get
0.1% speed boost by leaving out range check here but don't change magic
bits.
in a bank vault -- which also has its uses and
its drawbacks. Now it will be easier to tie the dyed material and the
dyed thieves to the specific crime. It is not a big deal that it does
not solve all problems in one stroke.
-- sidney markowitz
http://www.sidney.com
Ian G wrote:
I'm after an AES implementation in C, preferably with
something approximating BSD/open licence. Does anyone
have a view on which would be a current favourite?
Brian Gladman's code is the fastest free version I know of, is widely used,
and has a BSD-like license.
information in garbage collected strings
when writing in perl. Google and reading perl documentation hasn't
helped me so far, but I find it hard to believe that this has not been
considered when writing crypto software in perl.
Thanks,
Sidney Markowitz
http://www.sidney.com
on their faces and there is nothing wrong with having
passport photos to match
http://www.greens.org.nz/searchdocs/PR8903.html
-- Sidney Markowitz
http://www.sidney.com
-
The Cryptography Mailing List
Unsubscribe by sending
the GPL and maybe FOSS in general in countries in which the
patents are valid.
-- Sidney Markowitz
http://www.sidney.com
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
be an interesting twist.
-- Sidney Markowitz
http://www.sidney.com
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
: BSD
licensed Suite B code may be possible, GPL'd Suite B code is not
possible unless Certicom makes appropriate free license to the patents
available for software licensed under GPL.
-- Sidney Markowitz
http://www.sidney.com
a 511 bit positive integer, not
512 bit. It also is unnecessarily complicated compared to this form of
the BigInteger constructor and the or method (see the javadoc):
curNum = BigInteger.ONE.or(new BigInteger(512, rand));
-- Sidney Markowitz
http://www.sidney.com
Joseph Ashwood wrote:
Granted this is only a test of the
generation of 128 numbers, but I got 128 primes (based on 128 MR rounds).
That doesn't make sense, unless I'm misinterpreting what you are saying. Primes
aren't that common, are they?
I don't have time right now to look for a bug in
Joseph Ashwood wrote:
Apparently, they are, I'm ran a sample, but even with the added second
sanity check, every one of them that passes a single round comes up prime.
I then proceeded to move it to 2048-bit numbers. It takes longer and the
gaps between primes is averaging around 700 right
to customers who go through it, and charges the
little guys for the right.
Do you mean like Amazon Marketplace and Amazon zShops? I think it's been
done already:
http://www.amazon.com/exec/obidos/tg/browse/-/1161232/103-4791981-1614232
-- Sidney Markowitz
http://www.sidney.com
that there are none of the more subtle vulnerabilities that are only
discovered by many smart people taking a very hard look over a significant time
period.
-- Sidney Markowitz
http://www.sidney.com
-
The Cryptography Mailing
that recorded
the conversations.
Sidney Markowitz
http://www.sidney.com
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
the communication channel, not the CPU.
He also presents arguments for authenticating before encrypting which I won't
repeat here -- It's all there in a pretty clear three pages in his book.
-- Sidney Markowitz
http://www.sidney.com
-stuttgart.de/openpgp/2003/04/msg00026.html
It points out that a fixed IV results in information leakage if the
first block or more of plaintext is the same in two messages encrypted
with the same key.
Sidney Markowitz
http://www.sidney.com
Cryptome.org has not been shut down yet (the notice from Verio dated 28
April says they were being given two weeks to find another provider).
They seem to have been slashdotted.
The shutdown notice page is not yet archivd at archive.org, but is
mirrored on a responsive site, mirror.org:
Ivan Krstić wrote, On 3/5/07 4:50 AM:
But all the artwork is just ugly numbers in a monospace font
My thoughts too. This one looks much better, but I don't see a link
anywhere to get it. Perhaps the author just photoshopped the picture as
a proof of concept to go with his blog comment?
Article AACS cracks cannot be revoked, says hacker
http://arstechnica.com/news.ars/post/20070415-aacs-cracks-cannot-be-revoked-says-hacker.html
Excerpt: The latest attack vector bypasses the encryption performed
by the Device Keys -- the same keys that were revoked by the WinDVD
update -- and
/10065)
-- Sidney Markowitz
http://www.sidney.com
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
attacker who is eavesdropping.
That is an awfully impractical constraint on the threat model, which
makes this issue moot in practice.
Sidney Markowitz
http://www.sidney.com
-
The Cryptography Mailing List
Unsubscribe by sending
Sidney Markowitz wrote, On 21/9/07 8:24 AM:
Ben Laurie wrote, On 21/9/07 1:34 AM:
Entity i cannot be coerced into sharing a key with entity j without i’s
knowledge, ie, when i believes the key is shared with some entity l != j.
The without i's knowledge part is critical to the argument
Ivan Krsti? wrote, On 31/12/07 12:48 PM:
We've recently had to jump through the BIS crypto export hoops at
OLPC
I find that very strange considering this from a BIS FAQ
http://www.bis.doc.gov/encryption/encfaqs6_17_02.html
all encryption source code that would be considered publicly
Ivan Krsti? wrote, On 6/1/08 1:33 PM:
On Jan 3, 2008, at 10:47 PM, Peter Gutmann wrote:
That's because there's nothing much to publish:
In the US, notify the BIS via email.
Our outside counsel -- specializing in this area -- thought this was
insufficient
That's the problem with using
by Google within the hour.
(As an aside, see Google Taking Blog Comments Searching Real-Time?
http://www.groklaw.net/article.php?story=20080122132516514 for a discussion of this
remarkable update to their search engine).
Sidney Markowitz
http://www.sidney.com
Udhay Shankar N wrote, On 9/7/08 5:52 PM:
I think Dan Kaminsky is on this list. Any other tidbits you can add
prior to Black Hat?
He's posted a quite long article on his blog
http://www.doxpara.com/?p=1162
that looks like all the details he is likely to provide for the next 30
days. It
IanG wrote, On 7/9/08 2:06 AM:
Then, when a new Thunderbird comes out, you load that up and
the other packages cease to work
As far as I recall, the last time Thunderbird had an upgrade it told me
that one was available, I clicked to upgrade, and the addons, including
Enigmail, continue to
34 matches
Mail list logo