At 11:50 AM -0600 10/20/2000, Bob Jueneman wrote:
Let's put this problem in perspective, and try to avoid the "chicken
little, the sky is falling" syndrome.
It's quite unlikely that someone would come up with "Eureka!" type
of solution to factoring large numbers that would end up completely
At 10:23 AM -0700 10/18/2000, Ed Gerck wrote:
"Arnold G. Reinhold" wrote:
At 11:21 AM -0700 10/17/2000, Ed Gerck wrote:
As Tony Bartoletti wrote, apologies for what seems a rant, but the "solid
mathematical foundations" underlying digital signatures, "Qualified
Certificates",
unmistakable
Tony Bartoletti wrote:
The problem goes beyond simple impersonation in that the victims
subsequently find it difficult to convince large institutions that
they are who they say they are. My understanding is that the term
comes from victims' statements that they felt as if their
"Arnold G. Reinhold" wrote:
At 11:21 AM -0700 10/17/2000, Ed Gerck wrote:
As Tony Bartoletti wrote, apologies for what seems a rant, but the "solid
mathematical foundations" underlying digital signatures, "Qualified
Certificates",
unmistakable IDs, biometrics and so forth create in me a
At 4:37 PM -0700 10/16/2000, Ed Gerck wrote:
Borrowing from a private comment from Bob Jueneman, whatever the technical
community decides that non-repudiation means, it probably isn't what the legal
community means. So be it. Certainly the legal profession uses
ordinary English
words to mean
At 10:20 PM -0700 10/15/2000, Ed Gerck wrote:
Arnold,
Internet RFCs are technical specifications that use common English words in
a strictly defined manner. To suggest that the use of names in computer code
or Internet RFCs might have legal implications ... imagine lawyers examining
some code
Oh and as to non-repudiation and lawyers throwing that term
around loosely: Most lawyers would probably tell you that,
for their purposes, whatever the parties *agree* to be
non-repudiation *is* non-repudiation as between *them*.
The hard cases are the ones where there's no agreement and
Mac Norton wrote:
Oh and as to non-repudiation and lawyers throwing that term
around loosely: Most lawyers would probably tell you that,
for their purposes, whatever the parties *agree* to be
non-repudiation *is* non-repudiation as between *them*.
Yes.
The hard cases are the ones where
Arnold,
Internet RFCs are technical specifications that use common English words in
a strictly defined manner. To suggest that the use of names in computer code
or Internet RFCs might have legal implications ... imagine lawyers examining
some code and trying to attach meaning to variable
"Arnold G. Reinhold" wrote:
You may well be right about the accepted definition of
non-repudiation, but if you are then I would amend my remarks to say
that known cryptographic technology cannot provide non-repudiation
service unless we are willing to create a new legal duty for
On Sat, 7 Oct 2000, Ben Laurie wrote:
Since we're in hair-splitting mode, I should point out that "prevents
the denial of an act" is not equivalent to a "negation that something is
false". Of course, logically, it comes to the same thing, but then, so
does "assertion that something is
Ed Gerck wrote:
"Arnold G. Reinhold" wrote:
In public-key cryptography "Non-Repudiation" means that that the
probability that a particular result could have been produced without
access to the secret key is vanishingly small, subject to the
assumption that the underlying public-key
At 8:10 PM -0700 8/9/2000, David Honig wrote:
At 08:29 AM 8/9/00 -0700, Eric Murray wrote:
It's 1) saying that the passphrase can "usually be broken". I'm sure
that some people manage to choose poor/short passphrases, but "usually"
would be pushing it.
Has anyone ever published an entropy vs.
Hi Salz!
Saving time, labor money and gaining in the money market for transaction
time differentials was the banks initial motivation but the co$t advantages
of unsupervised authentication assurances, liability confinment and real-time auditing
(read all as: higher security) brought by
On Wed, Aug 09, 2000 at 11:05:02AM -0400, Derek Atkins wrote:
Um, it has been the case in the past that the secret keyring was
encrypted using IDEA and the user's passphrase. I doubt that this
has changed recently.
The cluelesness is in the second sentence, not the first.
It's 1) saying
At 08:29 AM 8/9/00 -0700, Eric Murray wrote:
It's 1) saying that the passphrase can "usually be broken". I'm sure
that some people manage to choose poor/short passphrases, but "usually"
would be pushing it.
Has anyone ever published an entropy vs. frequency study for
real-world passwords?
I'm not sure how much confidence one of the paper's footnotes gives me:
26. The secret key ring in PGP is usually encrypted with a much simpler
crypto-system. Also the key ring is subject to a pass phrase but this can
usually be broken using one of the hacker programs available on the Internet
17 matches
Mail list logo