Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

2004-10-23 Thread dan
compatibility for new things but bridging the old things with a magic box that both preserves the annuity revenue stream from locked-in users while it keeps the liability bar at bay. Or so I think. --dan [1] http://www.microsoft.com/windows/virtualpc/previous/default.mspx

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

2004-10-25 Thread dan
| in those environments is VirtualPC). Thank you for | playing. TILT No need to buy a company just to use its product in your development shop. Please insert additional coins. --dan - The Cryptography Mailing List Unsubscribe

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

2004-10-28 Thread dan
for corroborating evidence. --dan, on the road [1] Some circumstantial evidence is very strong, like finding a trout in the milk. -- Henry David Thoreau - The Cryptography Mailing List Unsubscribe by sending unsubscribe

SHA-1 passe' for US Fed

2005-02-07 Thread dan
http://www.geocities.com/khlim777_my/b777cockpit4r.jpg --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: NSA warned Bush it needed to monitor networks

2005-03-28 Thread dan
it not for compelled disclosure.[1] --dan [1] sample state list, to which you can add gunshot wounds == Acquired Immunodeficiency Syndrome (AIDS) Amebiasis Anthrax Botulism Brucellosis Campylobacteriosis Cancer Chancroid Chickenpox Chlamydial

philosophical cum practical point

2005-05-20 Thread dan
center. --dan [1] Whitten A Tygar JD, Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0, Proceedings of the 8th USENIX Security Symposium, August 23-36, 1999, Washington, D.C., pp 169-184. http://www.usenix.org/publications/library/proceedings/sec99/full_papers/whitten/whitten_html

Re: Digital signatures have a big problem with meaning

2005-06-01 Thread dan
have no other leverage for recourse. And, of course, proving anything by way of dueling experts doesn't provide much predictability in a jury system, e.g., OJ Simpson. --dan - The Cryptography Mailing List Unsubscribe by sending

de-identification

2005-06-08 Thread dan
. If someone here can point me at the mother lode of insight, I would be most grateful. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: encrypted tapes

2005-06-13 Thread dan
-down to the individual desktop. split K as 2-of-3 quorum (1) smartcard (2) laptop (3) corp server encrypt disk using K (or another key protected by K, of course) situations handled (a) Dan offline inside Faraday cage, use frags 1,2 to do work (b) fire Dan / confiscate laptop, use

Re: de-identification

2005-06-17 Thread dan
, thus anonymizing it, within a single corporate shell. This is second best and tends to have little motive power of its own, though I/we proved it can be done[1] as has Qualys[2], inter alia. Clear enough? --dan [1] http://www.atstake.com/research/reports/acrobat/atstake_app_reloaded.pdf [2

Re: WYTM - but what if it was true?

2005-06-24 Thread dan
if it can't talk to its distant master? (Why do I care if I have a tumor if angiostatin keeps it forever smaller than 1mm in diameter?) Of course, there are details, and, of course, I am willing to discuss them at far greater length. /commercial_message --dan

Re: WYTM - but what if it was true?

2005-06-24 Thread dan
Dan Kaminsky writes: | Dan-- | | I had something much more complicated, but it comes down to. | | You trust Internet Explorer. | Spyware considers Internet Explorer crunchy, and good with ketchup. | Any questions? | | A little less snarkily, Spyware can trivially use

Re: Why Blockbuster looks at your ID.

2005-07-09 Thread dan
, if you ever have the opportunity to hear Frank Abagnale's discussion of check forgery by all means do so. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: the limits of crypto and authentication

2005-07-09 Thread dan
advise this company ] Take a look at Boojum Mobile -- it is precisely the idea of using the cell phone as an out-of-band chanel for an in-band transaction. http://www.boojummobile.com [ Disclaimer -- I advise this company ] --dan

Re: the limits of crypto and authentication

2005-07-09 Thread dan
Nick Owen writes: | I think that the cost of two-factor authentication will plummet in the | face of the volumes offered by e-banking. Would you or anyone here care to analyze what I am presuming is the market failure of Amex Blue in the sense of its chipcard and reader combo? --dan

Re: the limits of crypto and authentication

2005-07-12 Thread dan
Well, whether you like the cell phone as the out-of-band second-factor, you can now unlock your front door with it... http://weblog.physorg.com/news2334.html --dan - The Cryptography Mailing List Unsubscribe by sending

Re: [Clips] Does Phil Zimmermann need a clue on VoIP?

2005-08-05 Thread dan
This seems, ah, relevant to today's discussion... --dan FCC Requires Certain Broadband and VoIP Providers to Accommodate Wiretaps Order Strikes Balance Between Law Enforcement, Innovation Washington, D.C. - Responding to a petition from the Department of Justice, the Federal Bureau

Re: online MD5 crack database

2005-08-22 Thread dan
text on-disk to see what tape it was on and to then read that tape. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Defending users of unprotected login pages with TrustBar 0.4.9.93

2005-09-21 Thread dan
Dare I say that the best must not be the enemy of the good? --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: PKI too confusing to prevent phishing, part 28

2005-09-28 Thread dan
to be an expert to be safe. --dan [1] http://www.cra.org/Activities/grand.challenges/security/home.html - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: [Clips] Read two biometrics, get worse results - how it works

2005-10-20 Thread dan
with a potentially more expensive test that has low/no false positives. There is a whole health policy management literature on this. I reproduce the barest precis of same below, assuming the reader can manage to view it in a fixed width font while respecting my hard carriage returns as writ. --dan cheat

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-03 Thread dan
You know, I'd wonder how many people on this list use or have used online banking. To start the ball rolling, I have not and won't. --dan Cryptography is nothing more than a mathematical framework for discussing the implications of various paranoid delusions. -- Don Alvarez

Re: A small editorial about recent events.

2005-12-22 Thread dan
Clinton's Asst. A.G. http://www.chicagotribune.com/news/opinion/chi-0512210142dec21,0,3553632.story? coll=chi-newsopinioncommentary-hed Dick Morris http://www.drudgereport.com/flash7.htm --dan - The Cryptography Mailing

Re: A small editorial about recent events.

2005-12-23 Thread dan
can attack location independently, and likely without self identification, your only choice is pre-emption, which requires intell, which requires surveillance, which requires listening posts. And I'm just talking about intellectual property in the Fortune 1000, not the freaking country. --dan

Re: A small editorial about recent events.

2005-12-24 Thread dan
interpret as apologies for the first or second estate are, at least as I mean them, nothing but an attempt at Real Politik. Hope I'm wrong, but I don't bet against my intuition. Probably a rat hole, --dan - The Cryptography Mailing

Re: thoughts on one time pads

2006-01-31 Thread dan
In our office, we have a shredder that happily takes CDs and is designed to do so. It is noisy and cost $500. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: NPR : E-Mail Encryption Rare in Everyday Use

2006-02-24 Thread dan
Usability should by now be recognized as the key issue for security - namely, if users can't use it, it doesn't actually work. % man gpg | wc -l 1705 % man gpg | grep dry -n, --dry-run Don't make any changes (this is not completely implemented). I rest my case. --dan

Re: History and definition of the term 'principal'?

2006-04-27 Thread dan
, perhaps the canoe is now far enough upriver. If it is a patent claim or the like and one needs to find the exact wet spot in the ground that the river starts, well, let me know. --dan [1] Proceedings of the IEEE. Vol. 63, No. 9 (September 1975), pp. 1278-1308; Manuscript received October 11, 1974

Re: fyi: Deniable File System - Rubberhose

2006-05-04 Thread dan
OK, I'll say it. This site: http://www.truecrypt.org/ makes me visualize tinfoil hats. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

MetriCon 1.0

2006-05-08 Thread dan
, this will be the place. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: NSA knows who you've called.

2006-05-12 Thread dan
Security Agency as part of an effort to thwart terrorism. snip --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: NSA knows who you've called.

2006-05-13 Thread dan
-related lists are composed of people who are off-center when it comes to risk, it is us what be the outliers in the distribution and in no way are our various paranoias widely shared. Not trying to debate the hive mind, etc., --dan

Re: NSA knows who you've called.

2006-05-13 Thread dan
not be able to see (such as organized survey takers who talk to each other). Sort of like an Internet-mailing-list, no? --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: NSA knows who you've called.

2006-05-13 Thread dan
Alan, You and I are in agreement, but how do we get the seemingly (to us) plain truth across to others? I've been trying for a good while now, reaching a point where I'd almost wish for a crisis of some sort as persuasiveness is not working. We are probably well off-topic for this list. --dan

Re: NSA knows who you've called.

2006-05-13 Thread dan
administration. As Gilmore would say now (hi, John), don't give any government a power you would not want a despot to have. --dan = What's on my car https://www.protestwarrior.com/store/files/master/democrat_president.gif

Re: Phil Zimmerman and voice encryption; a Skype problem?

2006-05-22 Thread dan
2004 Turing Award Lecture * Absolutely secure systems do not exist * To halve your vulnerability, you have to double your expenditure * Cryptography is typically bypassed, not penetrated --dan - The Cryptography Mailing List

Re: Interesting bit of a quote

2006-07-11 Thread dan
for NAIS) with a requirement to file with USDA any off premises transportation (taking the kids' heifer to the the 4H show included). --dan === The great distinction: A conservative is a socialist who worships order. A liberal is a socialist who worships safety

Re: Interesting bit of a quote

2006-07-12 Thread dan
, e.g.), then you get prove-a-negative from the regulators and auditors -- madness on the same scale as tulip mania or the defenestration of Prague. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe

de-certification of Open-SSL

2006-07-20 Thread dan
Anyone know what is up with this? http://www.gcn.com/online/vol1_no1/41371-1.html --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

obituary

2006-10-03 Thread dan
http://www.boston.com/news/globe/obituaries/articles/2006/10/01/mildred_hayes_78_decoded_russian_messages_for_nsa/ Mildred Hayes, 78; decoded Russian messages for NSA By Joe Holley, Washington Post | October 1, 2006 WASHINGTON -- Mildred Louise Hayes, a retired Russian-language cryptologist

Read the reviews

2006-10-21 Thread dan
http://www.amazon.com/gp/product/customer-reviews/0833030477/ref=cm_cr_dp_pt/102-8179025-1336125?ie=UTF8n=283155s=books - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

randomness in space..

2006-12-13 Thread dan
http://news.zdnet.com/2100-1009_22-6142935.html?part=rsstag=feedsubj=zdnn - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

ATM vulnerability

2006-12-17 Thread dan
I hesitate to use the syllable crypto in describing this paper, but those who have not seen it may find it interesting. http://www.arx.com/documents/The_Unbearable_Lightness_of_PIN_Cracking.pdf Or profitable. --dan

news story - Jailed ID thieves thwart cops with crypto

2006-12-21 Thread dan
http://news.com.com/Jailed+ID+thieves+thwart+cops+with+crypto/2100-7348_3-6144521.html Jailed ID thieves thwart cops with crypto By Tom Espiner Story last modified Tue Dec 19 06:46:45 PST 2006 Three men have been jailed in the U.K. for their part in a massive data theft operation. One

Re: DNSSEC to be strangled at birth.

2007-04-05 Thread dan
an all-countries-are-created-equal position statement. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: 0wned .gov machines (was Re: Russian cyberwar against Estonia?)

2007-05-21 Thread dan
makes the entire edifice untrustable). --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: The bank fraud blame game

2007-06-27 Thread dan
their Admin privilege to accept ActiveX controls that strip the OS of this or that subsystem, and to do so in the name of security. --dan P.S., The S.E.C. tackling some Estonian clown for $353,609 [2], is an irrelevant side show at the scale I am talking about: It's not material to anyone who

Re: Skype new IT protection measure

2007-08-17 Thread dan
Ed Gerck writes: | We've heard it so many times: There's nothing to worry about. | Now, Skype adds a new IT protection measure -- love: | | The Skype system has not crashed or been victim of a cyber | attack. We love our customers too much to let that happen. | -- Forwarded

Re: interesting paper on the economics of security

2007-08-23 Thread dan
just said is hearsay, though my office-mate says that he has bought three cars by this method. It almost causes me to say relying party out loud... If this idea is a rathole, then my fault and my apology. --dan - The Cryptography

Re: PlayStation 3 predicts next US president

2007-12-05 Thread dan
If on the one hand, the correct procedure is sign-encrypt-sign, then why, on the other hand, is the parallel not sign-hash-sign ? --dan = http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.ps Donald T. Davis, Defective Sign Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML

Re: 2008: The year of hack the vote?

2007-12-26 Thread dan
May I point out that if voting systems have a level of flaw that says only an idiot would use them, then how can you explain electronic commerce, FaceBook, or gambling sites? More people use just those three than will *ever* vote. --dan

Re: 2008: The year of hack the vote?

2007-12-26 Thread dan
money. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: 2008: The year of hack the vote?

2007-12-26 Thread dan
and still apparently function. Why should voting be different? We are approaching a rat hole... --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Question on export issues

2007-12-30 Thread dan
to the embargoed country list (Cuba, Iran, Sudan, Syria, North Korea, and Libya). YMMV. --dan -8cut-here8- A. BIS Checklist of Questions: 1. Does your product perform cryptography, or otherwise contain any parts or components that are capable

Re: Death of antivirus software imminent

2008-01-03 Thread dan
who've already seen it. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: 2008: The year of hack the vote?

2008-01-21 Thread dan
Well, for all of you who want to prove that hacking the vote is easy, here's your chance to do something: http://apnews.myway.com/article/20080121/D8UA8VGG0.html [ ObDebate: is a winner-take-all state more or less attractive to vote hacking? ] --dan

Re: DRM Helps Sink Another Content Distribution Project

2008-01-21 Thread dan
So, what is Apple doing for its brand-new iTunes movie rental thing? 1/3rd of the way into Jobs' song-and-dance http://stream.qtv.apple.com/events/jan/f27853y2/m_972345688g_650_ref.mov --dan - The Cryptography Mailing List

Re: patent of the day

2008-01-23 Thread dan
and unobvious) *and* Type II (false negative) errors (when confronted with something sufficiently unobvious that they find it impossible to understand that it is either unobvious or useful much less both). --dan [1] http://www.usenix.org/publications/library/proceedings/sec96/boneh.html

Re: Interesting editorial comment on security vs. privacy

2008-02-06 Thread dan
of the inter-relation of security privacy. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Gutmann Soundwave Therapy

2008-02-09 Thread dan
Amateurs talk about algorithms. Professionals talk about economics. That would be Amateurs study cryptography; professionals study economics. -- Allan Schiffman, 2 July 04 Quotationally yours, --dan

reminder of upcoming deadline

2008-05-06 Thread dan
. Important Dates Requests to participate: by May 12, 2008 Notification of acceptance: by June 2, 2008 Materials for distribution: by July 21, 2008 Workshop Organizers Dan Geer, Geer Risk Services, Chair Bob Blakley, The Burton Group Fred Cohen, Fred Cohen Associates California Sciences

Re: not crypto, but fraud detection + additional

2008-05-27 Thread dan
, then it would today be $300. (1968-present) --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: reminder of upcoming deadline

2008-06-15 Thread dan
MetriCon 3.0 agenda at this URL http://www.securitymetrics.org/content/Wiki.jsp?page=Metricon3.0 Workshop is limited attendance though some small number of requests can still be granted; send same by e-mail to [EMAIL PROTECTED] Best, --dan

Re: [Beowulf] Re: hobbyists

2008-06-21 Thread dan
not occur, but two such parties, if they really care, would do their own end-to-end protections even if it is a simple as speaking Navajo. All hail Saltzer, Reed, and Clark. --dan - The Cryptography Mailing List Unsubscribe

Re: The wisdom of the ill informed

2008-06-30 Thread dan
number | (in some cases after 3 tries). | ... So I hold the PIN constant and vary the bank account number. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Strength in Complexity?

2008-08-04 Thread dan
://www.infobyte.com.ar/down/isr-evilgrade-Readme.txt Likely off-topic, --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

another proprietary symmetric cipher ?

2008-08-09 Thread dan
yet another proprietary symmetric cipher ? http://www.pureentropy.com ... Encryption Security Solutions provides unprecedented encryption security, efficiency, and performance for business applications ensuring critical information is secure. Encryption Security Solutions, LLC (ES²) has

Re: Voting machine security

2008-08-18 Thread dan
reproduce it. It was a photo of the tail end of her car and on it a bumper sticker. That bumper sticker read PREVENT UNWANTED PRESIDENCIES MAKE VOTE COUNTING A HAND JOB In no other state could a Constitutional Officer get away with such a bumper sticker, but... --dan

Re: road toll transponder hacked

2008-08-27 Thread dan
, at least the kind of security that says they can't misuse what they ain't got. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: road toll transponder hacked

2008-08-27 Thread dan
wouldn't go into government in the first place. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: road toll transponder hacked

2008-08-28 Thread dan
for the company to do is to just keep everything forever. With disk prices falling as they are, keeping everything is cheaper than careful selective deletion, that's for sure. --dan - The Cryptography Mailing List Unsubscribe by sending

Re: once more, with feeling.

2008-09-09 Thread dan
) and the growing role of virtual machines should be of intense interest. Inferentially yours, --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: street prices for digital goods?

2008-09-10 Thread dan
David Molnar writes, in part: -+--- | Dan Geer's comment about the street price of | heroin as a metric for success has me thinking - | are people tracking the street prices of digital | underground goods over time? This material is in fact tracked but not so

Re: street prices for digital goods?

2008-09-10 Thread dan
Sigh... typing in a moving vehicle. This is the right URL, verified by cutpaste. http://geer.tinho.net/ieee/ieee.sp.geer.0801.pdf Sorry. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe

Re: street prices for digital goods?

2008-09-11 Thread dan
Damien Miller writes: -+--- | | David Molnar [EMAIL PROTECTED] writes: | | Dan Geer's comment about the street price of heroin as a metric for | success has me thinking - are people tracking the street prices of | digital underground goods over time? | | I've been

Re: voting by m of n digital signature?

2008-11-10 Thread dan
ones signed? | quorum threshhold crypto; if Avishai Wool or Moti Yung or Yvo Desmedt or Yair Frankel or... are here on this list, they should answer a *tiny* contribution on my part http://geer.tinho.net/geer.yung.pdf humbly, --dan

Re: AES HDD encryption was XOR

2008-12-11 Thread dan
. Thinking out loud, --dan [ just for amusement, 2008 world production of wheat and rice would each cover 53 squares, with maize coming in at 51 squares ] - The Cryptography Mailing List Unsubscribe by sending unsubscribe

Re: Security by asking the drunk whether he's drunk

2008-12-25 Thread dan
or asking Can I trust you? --- http://blog.startcom.org/?p=145 Slashdot and others are reporting on this story about how it was possible for a person to receive a completely valid certificate for a random domain of his choosing without any

Re: [heise online UK] Secure deletion: a single overwrite will do it

2009-01-20 Thread dan
Peter Gutmann has responded http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html (see the Further Epilogue section well down the page) --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe

Re: Bitcoin v0.1 released

2009-01-25 Thread dan
. On this basis and others, bot-nets are a life form. Rest of text upon request. Incidentally, I *highly* recommend Daniel Suarez's _Daemon_; trust me as to its relevance. Try this for a non-fiction taste: http://fora.tv/2008/08/08/Daniel_Suarez_Daemon_Bot-Mediated_Reality --dan

anyone know Morris Code?

2009-02-12 Thread dan
=AJournalNumber=6221 As always, the phrase proprietary coding readable only by us caught my ear. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: Has any public CA ever had their certificate revoked?

2009-05-04 Thread dan
to take no longer baked into the browser as effectively revocation, there is a retrospective clerical job that might be a fun project if you had some graduate student labor to assign. --dan - The Cryptography Mailing List Unsubscribe

MetriCon 4.0

2009-05-07 Thread dan
. The theme of this episode is The Importance of Context. This workshop series is intense, and is focused on progress rather than claims of first discovery. See http://securitymetrics.org/content/Wiki.jsp?page=Metricon4.0 Dan Geer

Re: Weakness in Social Security Numbers Is Found

2009-07-09 Thread dan
sequential numbers. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: New Technology to Make Digital Data Disappear, on Purpose

2009-07-21 Thread dan
addresses change as they come and go from the network. One would imagine that as IPv6 rolls out, the need for DHCP goes to zero excepting for mobile devices attaching to public (not carrier) nets. Yes? --dan - The Cryptography Mailing

Re: The latest Flash vulnerability and monoculture

2009-07-28 Thread dan
they can debug. This may apply to the world at large. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: [Barker, Elaine B.] NIST Publication Announcements

2009-10-02 Thread dan
. Put differently, only within airtight surveillance will the absence of evidence be the evidence of absence. In factually, if not politically, correct terms, the Electronic Health Record is the surest path to a surveillance state, but I digress. --dan

Re: TLS break

2009-11-11 Thread dan
| | This is the first attack against TLS that I consider to be | the real deal. To really fix it is going to require a change to | all affected clients and servers. Fortunately, Eric Rescorla | has a protocol extension that appears to do the job. | ...silicon... --dan

Re: Crypto dongles to secure online transactions

2009-11-16 Thread dan
-protecting that it is capable of refusing a command. Long live HAL, --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: Law Enforcement Appliance Subverts SSL

2010-03-25 Thread dan
in SSL and certificates when (as far as we can determine) 100% of all certificate errors seen by users are false positives. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord

High assurance cryptographic interface specification

2010-04-18 Thread dan
://www.ietf.org/mailman/listinfo/cicm . Dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

random but not by chance

2010-07-09 Thread dan
and - most importantly - certified random by laws of physics. article cut there as there both a diagram and a video --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: A mighty fortress is our PKI

2010-07-27 Thread dan
False metrics are rampant in the security industry. We really need to do something about them. I propose that we make fun of them. You might consider joining us in D.C. on 10 August at http://www.securitymetrics.org/content/Wiki.jsp?page=Metricon5.0 --dan, program committee

Re: A mighty fortress is our PKI

2010-07-28 Thread dan
Best, --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: Cars hacked through wireless tire sensors

2010-08-11 Thread dan
at the toll stations where the license plates are read and correlation between plate number and current radio fingerprint trivially recorded. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography

Re: Haystack

2010-08-18 Thread dan
be unwitting)? Probably too out there. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: towards https everywhere and strict transport security (was: Has there been a change in US banking regulations recently?)

2010-08-26 Thread dan
investment than the accumulated profits in the sale of SSL domain name certs, we could have solved this by now. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: Obama administration wants encryption backdoors for domestic surveillance

2010-09-29 Thread dan
as usual, there's an XKCD for that http://xkcd.com/504/ --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: [Cryptography] dead man switch [was: Re: Snowden fabricated digital keys to get access to NSA servers?]

2013-07-10 Thread dan
to know collectively what each part of it is doing and that without a CC channel other than the repurposed MSM; the fun begins when the botnet reads the obituary of a certain person /spoiler --dan ___ The cryptography mailing list cryptography@metzdowd.com

Re: [Cryptography] NIST about to weaken SHA3?

2013-10-01 Thread dan
, not penetrated.[*] Nevertheless, the value of scepticism is profound; it is the chastity of the intellect. --dan [*] www.financialcryptography.com/mt/archives/000147.html ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com

  1   2   >