- Original Message -
Subject: [Tom Berson Skype Security Evaluation]
Tom Berson's conclusion is incorrect. One needs only to take a look at the
publicly available information. I couldn't find an immediate reference
directly from the Skype website, but it uses 1024-bit RSA keys, the
- Original Message -
Subject: [Tom Berson Skype Security Evaluation]
Tom Berson's conclusion is incorrect. One needs only to take a look at the
publicly available information. I couldn't find an immediate reference
directly from the Skype website, but it uses 1024-bit RSA keys, the
- Original Message -
From: Dave Howe [EMAIL PROTECTED]
Subject: Re: SHA1 broken?
Indeed so. however, the argument in 1998, a FPGA machine broke a DES
key in 72 hours, therefore TODAY... assumes that (a) the problems are
comparable, and (b) that moores law has been applied to FPGAs
- Original Message -
From: Dave Howe [EMAIL PROTECTED]
Subject: Re: SHA1 broken?
Indeed so. however, the argument in 1998, a FPGA machine broke a DES
key in 72 hours, therefore TODAY... assumes that (a) the problems are
comparable, and (b) that moores law has been applied to FPGAs
- Original Message -
From: Dave Howe [EMAIL PROTECTED]
Sent: Thursday, February 17, 2005 2:49 AM
Subject: Re: SHA1 broken?
Joseph Ashwood wrote:
I believe you are incorrect in this statement. It is a matter of public
record that RSA Security's DES Challenge II was broken in 72 hours
- Original Message -
From: Joseph Ashwood [EMAIL PROTECTED]
Sent: Friday, February 18, 2005 3:11 AM
[the attack is reasonable]
Reading through the summary I found a bit of information that means my
estimates of workload have to be re-evaluated. Page 1 Based on our
estimation, we expect
- Original Message -
From: Dave Howe [EMAIL PROTECTED]
Sent: Thursday, February 17, 2005 2:49 AM
Subject: Re: SHA1 broken?
Joseph Ashwood wrote:
I believe you are incorrect in this statement. It is a matter of public
record that RSA Security's DES Challenge II was broken in 72 hours
- Original Message -
From: James A. Donald [EMAIL PROTECTED]
Subject: Re: SHA1 broken?
2^69 is damn near unbreakable.
I believe you are incorrect in this statement. It is a matter of public
record that RSA Security's DES Challenge II was broken in 72 hours by
$250,000 worth of
- Original Message -
From: James A. Donald [EMAIL PROTECTED]
Subject: Re: SHA1 broken?
2^69 is damn near unbreakable.
I believe you are incorrect in this statement. It is a matter of public
record that RSA Security's DES Challenge II was broken in 72 hours by
$250,000 worth of
- Original Message -
From: Shawn K. Quinn [EMAIL PROTECTED]
Subject: Re: Dell to Add Security Chip to PCs
Isn't it possible to emulate the TCPA chip in software, using one's own
RSA key, and thus signing whatever you damn well please with it instead
of whatever the chip wants to sign?
- Original Message -
From: Shawn K. Quinn [EMAIL PROTECTED]
Subject: Re: Dell to Add Security Chip to PCs
Isn't it possible to emulate the TCPA chip in software, using one's own
RSA key, and thus signing whatever you damn well please with it instead
of whatever the chip wants to sign?
- Original Message -
From: Major Variola (ret) [EMAIL PROTECTED]
Subject: Mixmaster is dead, long live wardriving
At 07:47 PM 12/9/04 -0800, Joseph Ashwood wrote:
If the Klan doesn't have
a right to wear pillowcases what makes you think mixmaster will
survive?
Well besides
- Original Message -
From: Major Variola (ret) [EMAIL PROTECTED]
Subject: punkly current events
If the Klan doesn't have
a right to wear pillowcases what makes you think mixmaster will
survive?
Well besides the misinterprettaion of the ruling, which I will ignore, what
makes you think
- Original Message -
From: Major Variola (ret) [EMAIL PROTECTED]
Subject: Mixmaster is dead, long live wardriving
At 07:47 PM 12/9/04 -0800, Joseph Ashwood wrote:
If the Klan doesn't have
a right to wear pillowcases what makes you think mixmaster will
survive?
Well besides
- Original Message -
From: Major Variola (ret) [EMAIL PROTECTED]
Subject: punkly current events
If the Klan doesn't have
a right to wear pillowcases what makes you think mixmaster will
survive?
Well besides the misinterprettaion of the ruling, which I will ignore, what
makes you think
- Original Message -
From: John Gilmore [EMAIL PROTECTED]
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, June 17, 2004 10:31 AM
Subject: Re: A National ID: AAMVA's Unique ID
The solution then is obvious, don't have a big central database. Instead
use
a distributed database.
- Original Message -
From: John Gilmore [EMAIL PROTECTED]
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, June 17, 2004 10:31 AM
Subject: Re: A National ID: AAMVA's Unique ID
The solution then is obvious, don't have a big central database. Instead
use
a distributed database.
- Original Message -
From: Tim May [EMAIL PROTECTED]
Subject: [cdr] Re: Digital cash and campaign finance reform
There are too many loopholes to close.
I think that's the smartest thing any one of us has said on this topic.
Joe
- Original Message -
From: Anonymous [EMAIL PROTECTED]
Subject: CDR: Re: An attack on paypal -- secure UI for browsers
You clearly know virtually nothing about Palladium.
Actually, properly designed Palladium would be little more than a smart card
welded to the motherboard. As
- Original Message -
From: Anonymous [EMAIL PROTECTED]
Subject: CDR: Re: An attack on paypal -- secure UI for browsers
In short, if Palladium comes with the ability to download site-specific
DLLs that can act as NCAs
Ok what flavor of crack are you smoking? Because I can tell from
First let me say that I am anti-war. Maybe it is just because I've changed
from being purely a tech player to now owning Trust Laboratories, and so
primarily being a businessman, but I see things slightly differently from
the WSJ.
I was just wondering if anyone has a digital certificate issuing system I
could get a few certificates issued from. Trust is not an issue since these
are development-only certs, and won't be used for anything except testing
purposes.
The development is for an open source PKCS #11 test suite.
- Original Message -
From: Eric Murray [EMAIL PROTECTED]
Subject: CDR: Re: Digital Certificates
On Tue, Feb 18, 2003 at 01:22:21PM -0800, Joseph Ashwood wrote:
I was just wondering if anyone has a digital certificate issuing system
I
could get a few certificates issued from. Trust
I was just wondering if anyone has a digital certificate issuing system I
could get a few certificates issued from. Trust is not an issue since these
are development-only certs, and won't be used for anything except testing
purposes.
The development is for an open source PKCS #11 test suite.
- Original Message -
From: Eric Murray [EMAIL PROTECTED]
Subject: CDR: Re: Digital Certificates
On Tue, Feb 18, 2003 at 01:22:21PM -0800, Joseph Ashwood wrote:
I was just wondering if anyone has a digital certificate issuing system
I
could get a few certificates issued from. Trust
- Original Message -
From: Thomas Shaddack [EMAIL PROTECTED]
To: Harmon Seaver [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Saturday, February 01, 2003 4:42 PM
Subject: CDR: Re: Shuttle Diplomacy
[snip conspiracy theory]
Especially in this case, I'd bet my shoes on Murphy; Columbia was
- Original Message -
From: Thomas Shaddack [EMAIL PROTECTED]
To: Harmon Seaver [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Saturday, February 01, 2003 4:42 PM
Subject: CDR: Re: Shuttle Diplomacy
[snip conspiracy theory]
Especially in this case, I'd bet my shoes on Murphy; Columbia was
- Original Message -
From: Harmon Seaver [EMAIL PROTECTED]
On Mon, Jan 27, 2003 at 08:23:15AM -0800, Major Variola (ret) wrote:
The versions of all the secure phones I've evaluated needed this
feature:
a minimal answering machine. With just the ability to record IPs of
hosts that
to the
security of anyone/group that makes use of it.
- Original Message -
From: James A. Donald [EMAIL PROTECTED]
Subject: Clarification of challenge to Joseph Ashwood:
Joseph Ashwood:
So it's going to be broken by design. These are critical
errors that will eliminate any semblance
- Original Message -
From: James A. Donald [EMAIL PROTECTED]
What email encryption is actually in use?
In my experience PGP is the most used.
When I get a PGP encrypted message, I usually cannot read it --
it is sent to my dud key or something somehow goes wrong.
Then you are
- Original Message -
From: Eric Cordian [EMAIL PROTECTED]
Although I appear to have been the final catalyst for the discussion of
unemployment. I agree with pretty much everything Eric Cordian said. In fact
my current state of lack of work, has little to do with lack of employment,
I am
- Original Message -
From: Ben Laurie [EMAIL PROTECTED]
The important part for this, is that TCPA has no key until it has an
owner,
and the owner can wipe the TCPA at any time. From what I can tell this
was
designed for resale of components, but is perfectly suitable as a point
of
- Original Message -
From: Ben Laurie [EMAIL PROTECTED]
Joseph Ashwood wrote:
There is nothing stopping a virtualized version being created.
What prevents this from being useful is the lack of an appropriate
certificate for the private key in the TPM.
Actually that does nothing
Lately on both of these lists there has been quite some discussion about
TCPA and Palladium, the good, the bad, the ugly, and the anonymous. :)
However there is something that is very much worth noting, at least about
TCPA.
There is nothing stopping a virtualized version being created.
There is
- Original Message -
From: Ben Laurie [EMAIL PROTECTED]
Joseph Ashwood wrote:
There is nothing stopping a virtualized version being created.
What prevents this from being useful is the lack of an appropriate
certificate for the private key in the TPM.
Actually that does nothing
- Original Message -
From: Ben Laurie [EMAIL PROTECTED]
The important part for this, is that TCPA has no key until it has an
owner,
and the owner can wipe the TCPA at any time. From what I can tell this
was
designed for resale of components, but is perfectly suitable as a point
of
Lately on both of these lists there has been quite some discussion about
TCPA and Palladium, the good, the bad, the ugly, and the anonymous. :)
However there is something that is very much worth noting, at least about
TCPA.
There is nothing stopping a virtualized version being created.
There is
I need to correct myself.
- Original Message -
From: Joseph Ashwood [EMAIL PROTECTED]
Suspiciously absent though is the requirement for symmetric encryption
(page
4 is easiest to see this). This presents a potential security issue, and
certainly a barrier to its use for non
- Original Message -
From: Mike Rosing [EMAIL PROTECTED]
Are you now admitting TCPA is broken?
I freely admit that I haven't made it completely through the TCPA
specification. However it seems to be, at least in effect although not
exactly, a motherboard bound smartcard.
Because it is
- Original Message -
From: Mike Rosing [EMAIL PROTECTED]
Are you now admitting TCPA is broken?
I freely admit that I haven't made it completely through the TCPA
specification. However it seems to be, at least in effect although not
exactly, a motherboard bound smartcard.
Because it is
I need to correct myself.
- Original Message -
From: Joseph Ashwood [EMAIL PROTECTED]
Suspiciously absent though is the requirement for symmetric encryption
(page
4 is easiest to see this). This presents a potential security issue, and
certainly a barrier to its use for non
- Original Message -
From: AARG! Anonymous [EMAIL PROTECTED]
[brief description of Document Revocation List]
Seth's scheme doesn't rely on TCPA/Palladium.
Actually it does, in order to make it valuable. Without a hardware assist,
the attack works like this:
Hack your software (which is
- Original Message -
From: Eugen Leitl [EMAIL PROTECTED]
Can anyone shed some light on this?
Because of the sophistication of modern processors there are too many
variables too be optimized easily, and doing so can be extremely costly.
Because of this diversity, many compilers use
- Original Message -
From: Eugen Leitl [EMAIL PROTECTED]
Can anyone shed some light on this?
Because of the sophistication of modern processors there are too many
variables too be optimized easily, and doing so can be extremely costly.
Because of this diversity, many compilers use
- Original Message -
From: AARG! Anonymous [EMAIL PROTECTED]
[brief description of Document Revocation List]
Seth's scheme doesn't rely on TCPA/Palladium.
Actually it does, in order to make it valuable. Without a hardware assist,
the attack works like this:
Hack your software (which is
- Original Message -
From: Anonymous [EMAIL PROTECTED]
Ross Anderson's paper at
http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/toulouse.pdf
has been mostly discussed for what it says about the TCPA. But the
first part of the paper is equally interesting.
Ross Andseron's approximate
- Original Message -
From: Anonymous [EMAIL PROTECTED]
Ross Anderson's paper at
http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/toulouse.pdf
has been mostly discussed for what it says about the TCPA. But the
first part of the paper is equally interesting.
Ross Andseron's approximate
- Original Message -
From: Ryan Lackey [EMAIL PROTECTED]
I consider DRM systems (even the not-secure, not-mandated versions)
evil due to the high likelyhood they will be used as technical
building blocks upon which to deploy mandated, draconian DRM systems.
The same argument can be
- Original Message -
From: Ryan Lackey [EMAIL PROTECTED]
I consider DRM systems (even the not-secure, not-mandated versions)
evil due to the high likelyhood they will be used as technical
building blocks upon which to deploy mandated, draconian DRM systems.
The same argument can be
Subject: CDR: Piracy is wrong
This shouldn't have to be said, but apparently it is necessary.
Which is a correct statement, but an incorrect line of thinking. Piracy is
an illegitimate use of a designed in hole in the security, the ability to
copy. This right to copy for personal use is well
- Original Message -
From: Lucky Green [EMAIL PROTECTED]
Joseph Ashwood wrote:
This looks like just a
pilot program. Watch the normal piracy channels though, if
Harry Potter shows up stronger than other releases
Macrovision will be around a while. But if Harry Potter isn't
- Original Message -
From: Steve Schear [EMAIL PROTECTED]
Harry Potter released unprotected
So, is this just a test or has at least one industry giant decided, as the
software industry learned long ago, that the cost of copy protection often
exceeds its value.
I believe it's a
- Original Message -
From: [EMAIL PROTECTED]
Subject: Re: CDR: RE: Degrees of Freedom vs. Hollywood Control Freaks
Ok, somebody correct me if I'm wrong here, but didn't they officially
cease
production of vinyl pressings several years ago? As in *all* vinyl
pressings???
They
- Original Message -
From: [EMAIL PROTECTED]
Subject: Re: CDR: RE: Degrees of Freedom vs. Hollywood Control Freaks
Ok, somebody correct me if I'm wrong here, but didn't they officially
cease
production of vinyl pressings several years ago? As in *all* vinyl
pressings???
They
- Original Message -
From: Neil Johnson [EMAIL PROTECTED]
To: Joseph Ashwood [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday, May 31, 2002 6:59 PM
Subject: Re: FC: Hollywood wants to plug analog hole, regulate A-D
On Sunday 02 June 2002 08:24 pm, Joseph Ashwood wrote:
The MPAA
- Original Message -
From: Neil Johnson [EMAIL PROTECTED]
To: Joseph Ashwood [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday, May 31, 2002 6:59 PM
Subject: Re: FC: Hollywood wants to plug analog hole, regulate A-D
On Sunday 02 June 2002 08:24 pm, Joseph Ashwood wrote:
The MPAA
Everything I'm about to say should be taken purely as an analytical
discussion of possible solutions in light of the possibilities for the
future. For various reasons I discourage performing the analyzed alterations
to any electronic device, it will damage certain parts of the functionality
of
Everything I'm about to say should be taken purely as an analytical
discussion of possible solutions in light of the possibilities for the
future. For various reasons I discourage performing the analyzed alterations
to any electronic device, it will damage certain parts of the functionality
of
- Original Message -
From: surinder pal singh makkar [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, May 31, 2002 5:30 AM
Subject: CDR: How can i check the authenticity of a private key
Hi List,
I am a newbie in cryptography. What I have learnt till
now is that in assymeric
- Original Message -
From: Morlock Elloi [EMAIL PROTECTED]
Collision means same plaintext to the same ciphertext.
Actually all it means in this case is the same ciphertext, since the key is
the same it of course carries back to the plaintext, but that is irrelevant
at this point. The
- Original Message -
From: Adam Back [EMAIL PROTECTED]
On Fri, Apr 26, 2002 at 11:48:11AM -0700, Joseph Ashwood wrote:
From: Bill Stewart [EMAIL PROTECTED]
I've been thinking about a somewhat different but related problem
lately,
which is encrypted disk drives. You could
- Original Message -
From: Adam Back [EMAIL PROTECTED]
Joseph Ashwood wrote:
Actually I was referring to changing the data portion of the block
from {data} to {IV, data}
Yes I gathered, but this what I was referring to when I said not
possible. The OSes have 512Kbytes ingrained
Title: RE: Re: disk encryption modes (Re: RE: Two ideas for random number generation)
- Original Message -
From:
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, April 27, 2002 12:11
PM
Subject: CDR: RE: Re: disk encryption
modes (Re: RE: Two ideas for
- Original Message -
From: Morlock Elloi [EMAIL PROTECTED]
There's no need to go to great lengths to find a place to store the IV.
Wouldn't it be much simpler (having in mind the low cost of storage), to
simply
append several random bits to the plaintext before ECB encrypton and
- Original Message -
From: Bill Stewart [EMAIL PROTECTED]
I've been thinking about a somewhat different but related problem lately,
which is encrypted disk drives. You could encrypt each block of the disk
with a block cypher using the same key (presumably in CBC or some similar
- Original Message -
From: Morlock Elloi [EMAIL PROTECTED]
Most hardware solutions that I'm aware of support 1024-bit modular
arithmetic.
I don't know how easy or hard it is to do 2048-bit ops with 1024-bit
primitives, or is there any 2048-bit HW around.
For encryption, you're out of
- Original Message -
From: Jim Choate [EMAIL PROTECTED]
For a RNG to -be- a RNG it -must- be infinity-distributed. This means that
there are -no- string repititions -ever-.
Ummm, wrong. That would imply that in a binary stream, once 0 has been used
it can never be used again. This of
- Original Message -
From: Eugen Leitl [EMAIL PROTECTED]
On Mon, 22 Apr 2002, Tim May wrote:
What real-life examples can you name where Gbit rates of random digits
are actually needed?
Multimedia streams, routers. If I want to secure a near-future 10 GBit
Ethernet stream with a
- Original Message -
From: gfgs pedo [EMAIL PROTECTED]
Oh surely you can do better than that - making it
hard to guess the seed
is also clearly a desirable property (and one that
the square root rng
does not have).
U can choose any arbitrary seed(greater than 100 bits
as
- Original Message -
From: [EMAIL PROTECTED]
To: Tim May [EMAIL PROTECTED]; Eugen Leitl [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Sunday, April 21, 2002 1:33 PM
Subject: CDR: Re: Two ideas for random number generation
Why would one want to implement a PRNG in silicon, when one can
- Original Message -
From: Eugen Leitl [EMAIL PROTECTED]
On Mon, 22 Apr 2002, Tim May wrote:
What real-life examples can you name where Gbit rates of random digits
are actually needed?
Multimedia streams, routers. If I want to secure a near-future 10 GBit
Ethernet stream with a
- Original Message -
From: gfgs pedo [EMAIL PROTECTED]
Oh surely you can do better than that - making it
hard to guess the seed
is also clearly a desirable property (and one that
the square root rng
does not have).
U can choose any arbitrary seed(greater than 100 bits
as
- Original Message -
From: [EMAIL PROTECTED]
To: Tim May [EMAIL PROTECTED]; Eugen Leitl [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Sunday, April 21, 2002 1:33 PM
Subject: CDR: Re: Two ideas for random number generation
Why would one want to implement a PRNG in silicon, when one can
I have done a significant amount of considering on the very questions raised
in this. This consideration has spanned approximately a month of time. These
are my basic conclusions:
Bernstein's proposal does have an impact, but I do not believ that 3x the
key size is necessary
I believe
- Original Message -
From: Jeremy Lennert [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, February 23, 2002 8:15 AM
Subject: CDR: Re: Jail Cell Cipher (modified RC4)
Unfortunately it has a rather damning effect on the cipher.
First in the key
scheduling there is a
- Original Message -
From: A. Melon [EMAIL PROTECTED]
Subject: CDR: re: Remailer Phases
2. Operator probably trustworthy
Impossible, and unnecessary. Don't assume any remops are trustworthy.
Actually it is absolutely necessary. If all operators are willing to
collude, then your
- Original Message -
From: Meyer Wolfsheim [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, August 08, 2001 5:40 AM
Subject: Re: CDR: Re: re: Remailer Phases
On Tue, 7 Aug 2001, Joseph Ashwood wrote:
2. Operator probably trustworthy
Impossible, and unnecessary
- Original Message -
From: Jim Choate [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, August 08, 2001 7:05 PM
Subject: CDR: Re: Mixmaster Message Drops
The next major question is to determine where the drops are happening.
Inbound, outbound, inter-remailer, intra-remailer?
- Original Message -
From: Anonymous [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, August 08, 2001 4:48 PM
Subject: CDR: Re: Remailer Phases
An Unknown Party wrote:
On Wed, 8 Aug 2001, Anonymous wrote:
We need a good mixmaster net.
working remailer:
1.
What probably happened is that you didn't see the other windows come up
where it was gathering entropy and needed your mouse input. If you don't see
that window I can see where you wouldn't be able to upgrade.
Joe
- Original Message -
From: Steve Schear [EMAIL
80 matches
Mail list logo
