PRE-ANNOUNCE: San Francisco Cypherpunks, 4/7, 1pm, Downtown

r be at Moscone Center, where the conference is being held, or within two blocks, at AT&T 795 Folsom St., or at the Thirsty Bear Tavern on Howard. All of these are 5-10 minutes walk from Caltrain and BART. A follow-on announcement will give the definite location. Thanks! Bill Stewart

ANNOUNCE: San Francisco Cypherpunks, 4/7, 1pm, Moscone Center North

Folsom between 5th and 4th, and there are in-building on Folsom between 4th and 3rd that are usually less expensive on weekends. Thanks! Bill Stewart, [EMAIL PROTECTED], Cell +1-415-307-7119. Dave Del Torto, [

ANNOUNCE*N: San Francisco Cypherpunks, 4/7, 1pm, Moscone Center North, Room 122

tween 5th and 4th, and there are in-building on Folsom between 4th and 3rd that are usually less expensive on weekends. Thanks! Bill Stewart, [EMAIL PROTECTED], Cell +1-415-307-7119. Da

Re: Requesting feedback on patched RC4-variant

At 06:26 PM 04/20/2001 +0200, Matthijs van Duin wrote: >I needed a high-speed stream cipher in REALbasic, which has exceptionally >poor support for the kind of operations needed (no unsigned 32-bit >integers, no bitshift) >I already made an RC4 implementation a while ago, but the algorithm has

SF Bay Area Cypherpunks 5/12/01 Meeting - Stanford

lost on the way, you can try calling: +1.415.307.7119 (Bill) If you have questions, comments or last-minute agenda requests, please contact the meeting organizers: Bill Stewart [EMAIL PROTECTED] Dave Del Torto [EMAIL PROTECTED] ---

Re: NSA tapping undersea fibers?

At 09:46 PM 05/28/2001 -0700, Tib <[EMAIL PROTECTED]> wrote: >To sum this whole thing up - /IS/ there a way to put a tap on a fiber line >without letting the whole world know you're doing it, if not just the >operator/owner of the line itself? And if so could someone sketch it out for >me or point

SF Bay Area Cypherpunks, June 9, 2001, San Francisco [REMINDER ANNOUNCEMENT]

[Mailing these sorts of announcements to me the day before, when I'm possibly gone for the weekend, is a way not to get the announcement out on time. :( --Perry] See http://cryptorights.org/cypherpunks/meetingpunks.html for SF, Toronto, & Bangalore Cypherpunks announcements. SF Bay Area Cypherp

Re: tapping undersea fibers?

At 12:55 PM 06/04/2001 -0400, Lenny Foner wrote: >So we now have at least two people who've confirmed my expectation, >namely that one can feasibly encrypt the entire cable. (After all, >I know what's involved in making fast, special-purpose chips to do >varous sorts of digital operations, and th

Re: WAS: Thermal Imaging Decision Applicable to TEMPEST?

>David Koontz wrote: > >Is the average person susceptible to TEMPEST attacks? At 01:22 PM 06/13/2001 -0700, John Young wrote: >Probably most people are not subject to TEMPEST attacks >in the same way they are not in need in crypto. The average person's equipment could be eavesdropped relatively

ANNOUNCE CYPHERPUNKS Saturday, Aug 11, 1-5pm, Stanford

.pdf Printable Stanford Map (407k). GPS Coordinates: 37d23:40 N 122d04:49 W If you get lost on the way, you can try calling: +1.415.307.7119 (Bill) If you have questions, comments or last-minute agenda requests, please contact the meeting or

Stealth Computing Abuses TCP Checksums

http://fyi.cnn.com/2001/TECH/internet/08/29/stealth.computing/index.html http://slashdot.org/article.pl?sid=01/08/29/199205&mode=thread A group of researchers at Notre Dame figured out how to use the TCP Checksum calculations to get other computers to do number-crunching for them. "Bel

Cypherpunks 9/8/01 - GOLDEN GATE PARK - EFF Music Share-In

s+Below&addr=haight+st.+and+stanyon+st.&csz=San+Francisco%2C+CA+94117&country=us&Get%A0Map=Get+Map > Thanks! Bill Stewart, [EMAIL PROTECTED], Cell +1-415-307-7119. >Dave Del Torto, [EMAIL PROTECTED] -

Re: Sen. Hollings plans to introduce DMCA sequel: The SSSCA

At 09:27 PM 09/08/2001 -0400, Jay Sulzberger wrote: >The Hollings bill simply outlaws private ownership of home computers. It >requires the Ministry of Infotainment to have permanent irremovable root >privileges on every personal computer. The Ministry is required to run a >complete log of every

Re: Sen. Hollings plans to introduce DMCA sequel: The SSSCA

At 12:26 PM 09/09/2001 +0100, Carsten Kuckuk wrote: >Am I right in that this bill would effectively outlaw all free >open-source operating systems like Linux, OpenBSD, FreeBSD, etc.? Only if the free operating system hasn't developed a US-government-certified-copy-protection-system and paid the U

Re: Compression side channel

At 11:11 AM 09/10/2001 +1000, Greg Rose wrote: >At 12:44 AM 9/9/2001 -0400, Sandy Harris wrote: >>Does using non-adaptive compression save the day? > >Huffman coding using a fixed code table is not a bad way to go. You can >even peek at the characteristics of the input and choose a table based on

Re: NYC events and cell phones

At 07:59 AM 09/13/2001 -0400, Angelos D. Keromytis wrote: >An interesting bit of information: on Tuesday afternoon, to the extend that >cellphones operated, GSM encryption was turned off throughout Manhattan. My >GSM phone would repeatedly warn me of this on every call I made (or tried >to make).

Re: How to ban crypto?

At 07:21 PM 09/16/2001 -0700, David Honig wrote: >At 06:02 PM 9/16/01 -0400, Angelos D. Keromytis wrote: > >Niels Provos (U. of Michigan) has a very interesting paper on detecting > >steganography on the network (he talked about it during the USENIX Sec. WIP > >session). Basically, he didn't find

Re: Field slide attacks and how to avoid them.

But XDR is so BORING compared to a REAL standard like ASN.1! It doesn't have infinite possibilies for object definitions requiring help from standards committees, multiple incompatible data representations with different kinds of ambiguity, or ugly API packages that are too large to believe that t

Re: chip-level randomness?

he content, though many people don't trust this, and the cards may not always be present, especially on dialup machines. But using the Inter chipset RNG if it's present takes care of the problem. Bill Stewart --

Re: New encryption technology closes WLAN security loopholes

At 06:22 PM 09/21/2001 -0400, Arnold G. Reinhold wrote: >As I understand things, and please correct me if I am misinformed, IPSec >is still quite complex to install and setup. Many 802.11b users are >individuals or small offices. Until IPSec is user friendly enough for >them, a solution that re

Re: New encryption technology closes WLAN security loopholes

At 07:48 AM 10/01/2001 +0530, Udhay Shankar N wrote: >Is there a howto for IPsec or any other kind of session encryption over >802.11 ? The basic howto is "ignore 802.11 - pretend it's just an ethernet that anybody can plug in to, and do whatever flavor of ipsec you like." Getting slightly more

Re: Best practices/HOWTO for key storage in small office/home office setting?

At 07:23 PM 10/02/2001 +0300, Sampo Syreeni wrote: >Or integrate some computing power into those IBM thingies, and use >remotely keyed encryption. Enough power is available through USB so that >you don't have to end up with battery power. Sounds like you're starting to reinvent the I-Button. (Dal

Dilbert Random Number Generator

Dilbert's been visiting the Trolls In Accounting, who have been spitting all over his data. Now he's on a tour, and the troll is showing him their random number generator. http://www.dilbert.com/comics/dilbert/archive/images/dilbert2001182781025.gif ---

Speaker Wanted - This Wednesday, Pulver Conference - Presence & Instant Messaging

(Forwarded for [EMAIL PROTECTED] ) = This is Brad Templeton from the EFF. This Wednesday I'm moderating a panel at Jeff Pulver's semi-annual conference on Presence and Instant Messaging. It's a smallish (couple of hundred) conference where you'll see most of the commercial players in instan

Wed 7 Nov Stanford - Provos talks on Detecting Steganogaphic Content on the Internet

Niels Provos will be talking at Stanford on Wednesday, just a few hours before the EFF BOF at the Linux shindig in Oakland. Does anybody have a picture of a Peter Honeyman related shirt to auction off on E-Bay with appropriate embedded content? :-) -- Forwarded message -- Date:

Re: Best practices/HOWTO for key storage in small office/home office setting?

At 09:32 AM 10/03/2001 +0100, Ben Laurie wrote: >Enzo Michelangeli wrote: > > > > - Original Message ----- > > From: "Bill Stewart" <[EMAIL PROTECTED]> > > > Sounds like you're starting to reinvent the I-Button. > > > (Dallas semic

Re: AGAINST ID CARDS

authorized users, especially if the expanded set of uses expands the set of authorized users. It's possible to keep the different sets of information separate, if there's the technical skill and political will to do so, but there's little enough of the former and none of the latter amon

Re: AGAINST ID CARDS

[Moderator's note: we are rapidly getting off topic again. --Perry] > > we already have a national ID card: a passport. > >Are you required to have one? Certainly in the UK its only required if >you want to leave the EU (though there are still some people manning the >borders that believe

ANNOUNCE: SF Cypherpunks, Saturday, 12/8, U.C.SANTA CRUZ, College VIII Room 240, 12:30-5:30

solis has reserved a room for Saturday, 12/8 from 12:30~5:30. UCSC College VIII Room 240. While UCSC is a mere 30 minutes from Silicon Valley, it's tough to get to from SF without a car, so Bill Stewart will be meeting several Usual Suspects at Mountain View Caltrain at 12:13pm (train leaves S

FreeSWAN Release 1.93 ships!

From Claudia Schmeing <[EMAIL PROTECTED]>'s summary: = 1. Release 1.93 ships! === 1 post Dec 3 http://lists.freeswan.org/pipermail/users/2001-December/005632.html A number of small improvements have been add

Re: Customer Acts Odd? U.S. Wants to Know

At 09:54 AM 12/10/2001 -0500, R. A. Hettinga wrote: >http://www.nytimes.com/2001/12/10/national/10CUST.html?searchpv=nytToday&pagewanted=print >WASHINGTON, Dec. 9 - Federal agents are planning to fan out across the >country this week in an effort to recruit American businesses in the war on >terro

Re: CFP: PKI research workshop

SST is the SuperSonic Transport; I think the term was specific to US attempts to build something like the Concorde, but it may have been more generic. Among other problems (making it work, sonic booms, economics in general), use of fast airplanes in non-military airspace was limited by the capabi

RE: Stegdetect 0.4 released and results from USENET search available

At 01:59 PM 12/28/2001 -0800, David Honig wrote: >A.A.M + PGP = covert radio transmitter which sends coded messages. Obviously >interesting, so you direction-find to defeat the anonymity. And Perry replied: >[Moderator's note: And how would you possibly do that? --Perry] Back in the old days, i

Cypherpunks 011202 at Stanford: Corrected - it's January 12, 2002.

PROTECTED]> Cell: +1.415.730.3583 Bill Stewart <[EMAIL PROTECTED]> Cell: +1.415.307.7119 .. END - The Cryptography Mailing List Unsubscribe by sendin

Cypherpunks 011202 at Stanford: Anti-Terrorism & Security Policy

se contact your friendly meeting organizers: Dave Del Torto <[EMAIL PROTECTED]> Cell: +1.415.730.3583 Bill Stewart <[EMAIL PROTECTED]> Cell: +1.415.307.7119 .. END

[PLANNING FEB CPUNKS] Who's going to be in the Bay Area in February for RSA?

Zooko talking about Mojo Nation derivatives. Who's going to be in town that weekend? Would you like to speak at the Cypherpunks meeting, either as an organized talk or as a works-in-progress session? Thanks; Bill Stewart

RSA Attacks - Talk at Stanford - 1/28/2002 4PM (fwd)

Looks like an interesting talk! -- Forwarded message -- Date: Thu, 24 Jan 2002 16:52:35 -0800 (PST) From: Glenn Durfee <[EMAIL PROTECTED]> Subject: Ph.D. Oral Exam: Monday, January 28, 4PM Algebraic Cryptanalysis Glenn Durfee

Attacks using Pure Text (Was: Re: Results, not Resolutions)

At 10:17 PM 01/26/2002 -0800, Bill Frantz wrote: >At 7:42 PM -0800 1/25/02, R. A. Hettinga quoted Schneier and Shostack: > >Here's one example: Originally, e-mail was text only, and e-mail viruses > >were impossible. ... > >Well, the line between code and data is fuzzier than that. That 7 bit >AS

RE: Welome to the Internet, here's your private key

> From:Jaap-Henk Hoepman[SMTP:[EMAIL PROTECTED]] > > It's worse: it's even accepted practice among certain security > specialists. One of them involved in the development of a CA service > once told me that they intended the CA to generate the key pair. > After regaining consciousnes

Re: Welome to the Internet, here's your private key

At 05:12 PM 02/08/2002 +0100, Jaap-Henk Hoepman wrote: >I think there _are_ good business reasons for them not wanting the users to >generate the keys all by themselves. Weak keys, and subsequent >compromises, may >give the CA really bad press and resulting loss of reputation (and this >business

Announce: San Francisco Cypherpunks, Sat 2/16/02, 6pm - 225 11th, SF

This announcement will be at http://cryptorights.org/cypherpunks/meetingpunks.html and is being sent to several cypherpunks-related mailing lists. === The San Francisco Bay Area Cypherpunks Meeting will be Saturday, February 16, 2002, at Don Ramon's Re

Re: 40 teraflops (fwd)

Unfortunately, the article that Bob Hettinga excerpted from the South China Morning Post is a pay-only article. http://www.es.jamstec.go.jp/ <- Japanese government site. http://www.es.jamstec.go.jp/esc/eng/ <- Good page http://www.es.jamstec.go.jp/esrdc/eng/menu.html <- The ES center http://www.e

Re: 1024-bit RSA keys in danger of compromise

At 05:38 PM 03/23/2002 -0800, Lucky Green wrote: >While the latter doesn't warrant comment, one question to ask >spokespersons pitching the former is "what key size is the majority of >your customers using with your security product"? Having worked in this >industry for over a decade, I can state

Re: Lucky's 1024-bit post [was: RE: objectivity and factoring analysis]

At 08:52 AM 04/24/2002 +0800, Enzo Michelangeli wrote: >In particular, none of the naysayers explained me clearly why it should be >reasonable to use 256-bit ciphers like AES with 1024-bit PK keypairs. Even >before Bernstein's papers it was widely accepted that bruteforcing a 256-bit >cipher requi

Bay Area Cypherpunks - Claremont Hotel, Saturday May 11, 2002, Berkeley

ig%2fq7nt%2f4LNgWNF%2fa1qhqHICeS9a7ai2OltFkZiYgPDszCFjxJvJ3UztMHzmFTCWjOQiJv2UTeibsDTf5lX9Oul8Duzz5H7zRf28q5W1dNWEBuSwmIPN5CsnCBt%2fxKER0o8urmuYY0JLBD%2bcq4kxukn3wumZakgMOfn1A8xylUh5faGP64S6LM40YY9rGDpd4sUKuLClF5LIam8E%3d Weather Forecast: high 70s. --- Contact information, or if lost Bill Stewart - +1-415-307-7119 - [EM

Re: FC: Hollywood wants to plug "analog hole," regulate A-D conve rters

At 01:33 PM 05/29/2002 -0600, Hughes, James P wrote: >Change the billboard for elevator music (which will be protected). Will you >be able to play back your digital dictations *if* they were recorded in an >environment that included background music. If you don't see the fnords, they won't eat yo

Re: DOJ proposes US data-rentention law.

At 06:38 PM 06/22/2002 -0400, Steve Fulton wrote: >At 17:37 22/06/2002 -0400, [EMAIL PROTECTED] wrote: > >>Not arguing, but the hardware cost curve for storage has a shorter >>halving time than the cost curve for CPU (Moore's Law) and the >>corresponding halving time for bandwidth is shorter still

Re: Microsoft's Palladium transforms Internet from Wild West to suburban neighborhood

At 03:35 PM 06/28/2002 -0400, R. A. Hettinga wrote: >http://worldtechtribune.com/worldtechtribune/asparticles/buzz/bz06282002.asp >WorldTechTribune/Buzz___ > >Microsoft's Palladium transforms Internet from Wild West to suburban >neighborhood Stepford CT? > Special

Re: Palladium and malware

At 01:50 AM 08/29/2002 +0100, Paul Crowley wrote: >I'm informed that malware authors often go to some lengths to prevent >their software from being disassembled. Could they use Palladium for >this end? Are there any ways in which the facilities that Palladium >and TCPA provide could be useful to

Re: unforgeable optical tokens?

At 06:20 PM 09/23/2002 +0100, Ben Laurie wrote: >David Wagner wrote: >>What is it, then? > >The ultimate pokemon card! But if you're trying to use the card in two-players-competing mode, as opposed to just "I've got a card you don't have" mode, how do you decide who wins? Where are they on the ro

Re: RSA's RC5-64 Secret Key Challenge has been solved.

At 03:02 AM 09/28/2002 +1000, Greg Rose wrote: >At 01:16 PM 9/27/2002 +0200, Ralf-P. Weinmann wrote: >>Is A5/3 deployed yet? > >Kasumi (in the form of "f8" (ciphering) and "f9" (integrity) is >beginning to be deployed in UMTS (WidebandCDMA) mobiles as we speak. >But an exact specification of how t

Re: What email encryption is actually in use?

At 09:05 AM 10/01/2002 -0700, Major Variola (ret) wrote: >So yes Alice at ABC.COM sends mail to Bob at XYZ.COM and >the SMTP link is encrypted, so the bored upstream-ISP netops >can't learn anything besides traffic analysis. >But once inside XYZ.COM, many unauthorized folks could >intercept Bob's

Re: Gaelic Code Talkers

There's at least one Celtic-related code story from Bletchley Park, though its not a Gaelic or code-talker one. One of the intelligence honchos was referred to as "C" rather than by name (a practice later picked up by James Bond stories.) One Scottish worker there didn't follow the practice, and w

Re: Real-world steganography

At 09:38 PM 09/30/2002 -0700, Bram Cohen wrote: Peter Gutmann wrote: > I recently came across a real-world use of steganography which hides extra > data in the LSB of CD audio tracks to allow (according to the vendor) the > equivalent of 20-bit samples instead of 16-bit and assorted other features

Re: Public Key Addressing?

Abstract: Maybe he's saying that phone calls could be implemented like remailers or onion routers, or at least like ipsec tunnels, where the contents of the call are kept separate from the signalling information, so the ISPs only see what they need to. At 01:05 PM 11/13/2002 +0100, Hadmut Danisch

Re: DBCs now issued by DMT

At 02:17 AM 12/05/2002 +, Peter Fairbrother wrote: OK, suppose we've got a bank that issues bearer "money". Who owns the bank? It should be owned by bearer shares, of course. Why? Or the propounders wanting to: make a profit/control the bank? There are two main reasons honest people star

RE: Implementation guides for DH?

At 03:07 PM 01/01/2003 -0800, Zulfikar Ramzan replied to Adam: Anton Stiglic has a paper on various security issues that arise in DH implementations: http://crypto.cs.mcgill.ca/~stiglic/Papers/dhfull.pdf The Photuris keying system (RFC2522) also has some good insight into Diffie-Hellman implemen

Re: DeCSS, crypto, (regions removed??!)

At 03:54 PM 01/08/2003 +0100, Martin Olsson wrote: Hi, I dont know if this is relevant to the discussion, but in Sweden (not a region-1 country) people where so pissed at the regionsystem (and the fact that most computer geeks could go around it, but the average person could not) that the whole

Re: DeCSS, crypto, law, and economics

At 08:45 AM 01/08/2003 -0800, Eric Rescorla wrote: Maybe. Not necessarily if that meant that no new movies ever got made. Now, the UK isn't a big enough market for this, but consider what would happen if the US said "listen, free drugs would be great for consumers so let's get rid of all drug pate

Re: JILT: New Rules for Anonymous Electronic Transactions? An Exploration of the Private Law Implications of Digital Anonymity

At 07:56 AM 01/24/2003 -0500, Bob Hettinga wrote: http://elj.warwick.ac.uk/jilt/01-2/grijpink.html There's some interesting discussion about the ability of the Dutch legal culture to provide useful tools for regulating transactions in anonymous or semi-anonymous environments - if you can't find

Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)

At 09:12 PM 01/26/2003 -0500, Donald Eastlake 3rd wrote: It's just silly to spend, say, $50 more, on a more secure lock unless you are really willing, in the forseeable future, to spend hundreds or thousands of dollars or even more on other weaknesses to make most of them approximately as strong.

Re: Columbia crypto box

On Sat, Feb 08, 2003 at 01:36:46PM -0500, Adam Fields wrote: > On Sat, Feb 08, 2003 at 01:24:14PM -0500, Tim Dierks wrote: > > There may be more valid reasons for treating the device as secret; some > > categories that come to mind include protecting non-cryptographic > > information, such as the

RE: Columbia crypto box

At 11:08 AM 02/13/2003 -0500, Trei, Peter wrote: > Pete Chown[SMTP:[EMAIL PROTECTED]] > As a footnote to those times, 2 ** 40 is 1,099,511,627,776. My PC can > do 3,400,000 DES encryptions per second (according to openssl). I > believe DES key setup is around the same cost as one encryption, so

Roger Needham Died - from The Register

Obit: Roger Needham By Guy Kewney, Newswireless.net Posted: 02/03/2003 at 12:13 GMT Sadly, we record the death of Roger Needham, computer pioneer... There isn't much more to say, except that the man who was the reason Microsoft set up its research centre in Cambridge, England

Re: Proven Primes

And the proof? Sorry, an exercise for the student. :-) I thought that finding them was the hard part, and verifying one once found was relatively easy. I used the probable prime test in the Java BigInteger package. It sounds like, from some of the list traffic, that there are better tests. Well

Re: Scientists question electronic voting

At 01:33 PM 03/07/2003 -0800, Ed Gerck wrote: David Howe wrote: > This may be the case in france - but in england, every vote slip has a > unique number which is recorded against the voter id number on the > original voter card. any given vote *can* be traced back to the voter > that used it. This

Re: Scientists question electronic voting

of you who've never seen a confusing layout on a computer interface can let me know At 12:39 PM 03/08/2003 -0800, Ed Gerck wrote: Bill Stewart wrote: > No, legal authorization is only required to do so _legally_. > We're talking about different threat models here, > sinc

Re: Active Countermeasures Against Tempest Attacks

At 09:14 AM 03/10/2003 -0500, Arnold G. Reinhold wrote: On the other hand, remember that the earliest Tempest systems were built using vacuum tubes. An attacker today can carry vast amounts of signal processing power in a briefcase. And while some of the signal processing jobs need to scale with th

Re: Diffie-Hellman 128 bit

At 01:48 PM 03/13/2003 -0800, NOP wrote: I am looking at attacks on Diffie-Hellman. The protocol implementation I'm looking at designed their diffie-hellman using 128 bit primes (generated each time, yet P-1/2 will be a prime, so no go on pohlig-hellman attack), so what attacks are there that I ca

Brumley & Boneh timing attack on OpenSSL

From Slashdot: http://slashdot.org/article.pl?sid=03/03/14/0012214&mode=thread&tid=172 David Brumley and Dan Boneh write: "Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a

Re: Face-Recognition Technology Improves

At 09:01 AM 03/15/2003 -0500, Derek Atkins wrote: "Sidney Markowitz" <[EMAIL PROTECTED]> writes: > > In addition, only one subject in 100 is falsely linked > > to an image in the data base in the top systems. > > Wow, 99% accuracy for false positives! That means only a little more than > 75 pe

Re: Microsoft: Palladium will not limit what you can run

Anish asked for references to Palladium. Using a search engine to find things with "palladium cryptography wasabisystems" or "palladium cypherpunks" will find a bunch of pointers to articles, some of them organized usefully. On Thursday, Mar 13, 2003, at 21:45 US/Eastern, Jay Sulzberger wrote: T

Re: Face-Recognition Technology Improves

At 12:39 PM 03/16/2003 +0100, Eugen Leitl wrote: On Sat, 15 Mar 2003, Bill Stewart wrote: > They're probably not independent, but they'll be influenced by lighting, > precise viewing angles, etc., so they're probably nowhere near 100% > correlated either. I notice the

Re: Brumley & Boneh timing attack on OpenSSL (fwd)

At 09:51 AM 03/22/2003 +0100, Eugen Leitl wrote: Some clarification by Peter Gutmann <[EMAIL PROTECTED]> on why cryptlib doesn't do timing attack resistance default: Peter Gutmann <[EMAIL PROTECTED]>: cryptlib was never intended to be a high-performance SSL server (the docs are fairly clear on this

Re: Who's afraid of Mallory Wolf?

At 11:10 PM 03/23/2003 -0500, Ian Grigg wrote: Consider this simple fact: There has been no MITM attack, in the lifetime of the Internet, that has recorded or documented the acquisition and fraudulent use of a credit card (CC). (Over any Internet medium.) One of the major reasons for this, of cour

Re: Who's afraid of Mallory Wolf?

I get the impression that we're talking at cross-purposes here, with at least two different discussions. Let's look at several cases: 1 - Sites that have SSL and Expensive Certs that need them and need MITM protection 1a - These sites, but with other security holes making it easy to break in. 1b

Re: Run a remailer, go to jail?

At 06:06 PM 03/28/2003 -0500, Steven M. Bellovin wrote: What's unclear to me is who is behind this. Felten thinks it's content providers trying for state-level DMCA; I think it's broadband ISPs who are afraid of 802.11 hotspots. It looked to me like it was the cable TV industry trying to ban posse

Re: Logging of Web Usage

At 11:32 AM 04/03/2003 -0800, Bill Frantz wrote: Ah yes, I haven't updated my timings for the new machines that are faster than my 550Mhz. :-) The only other item is importance is that the exhaustive search time isn't the time to reverse one IP, but the time to reverse all the IPs that have been r