On Mon, Mar 6, 2017 at 2:59 PM, Andrew Savchenko wrote:
> On Thu, 2 Mar 2017 19:04:06 -0500 Rich Freeman wrote:
>>
>> Huh? I thought protection against DMA attacks was half the reason for
>> an IOMMU in the first place.
>>
>> https://en.wikipedia.org/wiki/Input%E2%80%93output_memory_management_un
On Fri, 3 Mar 2017 08:48:30 -0500 taii...@gmx.com wrote:
> Of course, as I stated you have to bootstrap the crypto from the
> motherboard EEPROM chip.
> >> One way is to use a blob-free coreboot IOMMU supporting board and
> >> bootstrap the crypto/kernel off of the board firmware EEPROM chip to
>
On Thu, 2 Mar 2017 19:04:06 -0500 Rich Freeman wrote:
> On Thu, Mar 2, 2017 at 6:26 PM, Andrew Savchenko wrote:
> > On Thu, 2 Mar 2017 03:42:24 -0500 taii...@gmx.com wrote:
> >>
> >> The IOMMU (theoretically) protects the CPU and memory from rogue
> >> devices, such as the hard drive.
> >
> > No.
On 03/02/2017 06:26 PM, Andrew Savchenko wrote:
On Thu, 2 Mar 2017 03:42:24 -0500 taii...@gmx.com wrote:
It is possible to have a reasonably secure system where the hard drive
firmware (or any other devices) can't fuck around with the stuff on
disk, although I highly doubt that the gentoo infra
On Thu, Mar 2, 2017 at 6:26 PM, Andrew Savchenko wrote:
> On Thu, 2 Mar 2017 03:42:24 -0500 taii...@gmx.com wrote:
>>
>> The IOMMU (theoretically) protects the CPU and memory from rogue
>> devices, such as the hard drive.
>
> No. Any DMA capable device can bypass IOMMU. IOMMU was not
> designed to
On Tue, 28 Feb 2017 18:05:29 +0100 Miroslav Rovis wrote:
[...]
> Gentoo Keys
> ---
>
> ### About
>
> Gentoo Keys is a Python based project that aims to manage the GPG keys used
> for validation on users and Gentoo's infrastracutre servers. Gentoo Keys
> will be able
> to verify GPG k
On Thu, 2 Mar 2017 03:42:24 -0500 taii...@gmx.com wrote:
> It is possible to have a reasonably secure system where the hard drive
> firmware (or any other devices) can't fuck around with the stuff on
> disk, although I highly doubt that the gentoo infrastructure (and
> kernel.org, and all the so
On 170302-03:42-0500, taii...@gmx.com wrote:
> On 02/28/2017 12:05 PM, Miroslav Rovis wrote:
>
> > On 170227-21:59-0500, Rich Freeman wrote:
> >> On Mon, Feb 27, 2017 at 8:10 PM, Miroslav Rovis
> >> wrote:
...
> > And finally Andrew Shavchenko pointed me to gkeys !
> >
> > Here's the answer to my
On 02/28/2017 12:05 PM, Miroslav Rovis wrote:
On 170227-21:59-0500, Rich Freeman wrote:
On Mon, Feb 27, 2017 at 8:10 PM, Miroslav Rovis
wrote:
Apologies for my not being able to reply sooner!
On 170227-18:18+0300, Andrew Savchenko wrote:
And via a new private big business, the Github. Givi
On 170227-21:59-0500, Rich Freeman wrote:
> On Mon, Feb 27, 2017 at 8:10 PM, Miroslav Rovis
> wrote:
> > Apologies for my not being able to reply sooner!
> >
> > On 170227-18:18+0300, Andrew Savchenko wrote:
> >
> >> > And via a new private big business, the Github. Giving over all users to
> >> >
On Mon, Feb 27, 2017 at 8:10 PM, Miroslav Rovis
wrote:
> Apologies for my not being able to reply sooner!
>
> On 170227-18:18+0300, Andrew Savchenko wrote:
>
>> > And via a new private big business, the Github. Giving over all users to
>> > big Github brother.
>>
>> ???
>> Github is entirely optio
Apologies for my not being able to reply sooner!
On 170227-18:18+0300, Andrew Savchenko wrote:
> On Sun, 26 Feb 2017 12:00:50 +0100 Miroslav Rovis wrote:
>
> > But, when we talk crypto being broken,
>
> Git is not in the immediate threat due to SHA1 collision being
> practical. See Linux blog a
On Mon, Feb 27, 2017 at 1:02 PM, Alan McKinnon wrote:
>
> I always though git's use of SHA hashes was to identify commits and
> detect random bit flips, not to provide any measure of security.
>
As somebody said in Twitter recently (and Linus to some degree in his
post), it is, except when it isn
On 26/02/2017 22:32, R0b0t1 wrote:
> On Sun, Feb 26, 2017 at 5:00 AM, Miroslav Rovis
> wrote:
>> On 170225-21:34-0600, R0b0t1 wrote:
>>> On Saturday, February 25, 2017, Miroslav Rovis
>>>
>>> wrote:
>>> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
>> ...
>>>
On Sun, 26 Feb 2017 12:00:50 +0100 Miroslav Rovis wrote:
> But, when we talk crypto being broken,
Git is not in the immediate threat due to SHA1 collision being
practical. See Linux blog about this:
https://plus.google.com/+LinusTorvalds/posts/7tp2gYWQugL
Note that git devs are working on mo
On Mon, Feb 27, 2017 at 9:46 AM, Andrew Savchenko wrote:
>
> So danger of SHA1 collision is much closer than
> 9,223,372,036,854,775,808 SHA1 computations or 1 110-GPU year.
Indeed in every way it is closer than that than when Google started
their project, and tomorrow it will be closer still.
T
On Sat, 25 Feb 2017 22:12:10 +0100 Miroslav Rovis wrote:
> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
>
> ( you know I hate the Schmoog, and didn't take their cookies, and so
> they didn't show me their page in my Palemoon --working great here!, an
> Angel of Hone
On 170226-14:32-0600, R0b0t1 wrote:
> On Sun, Feb 26, 2017 at 5:00 AM, Miroslav Rovis
> wrote:
> > On 170225-21:34-0600, R0b0t1 wrote:
> >> On Saturday, February 25, 2017, Miroslav Rovis
> >>
> >> wrote:
> >> >
> >> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
> >
On Sun, Feb 26, 2017 at 5:00 AM, Miroslav Rovis
wrote:
> On 170225-21:34-0600, R0b0t1 wrote:
>> On Saturday, February 25, 2017, Miroslav Rovis
>> wrote:
>> >
>> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
> ...
>>
>> Very interesting. The first useful SHA-1 collis
On 170225-21:34-0600, R0b0t1 wrote:
> On Saturday, February 25, 2017, Miroslav Rovis
> wrote:
> >
> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
...
>
> Very interesting. The first useful SHA-1 collision was, if I remember, done
> in 2015, and subverted an HTTPS ce
On Saturday, February 25, 2017, Miroslav Rovis
wrote:
>
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
>
> --
> Miroslav Rovis
> Zagreb, Croatia
> http://www.CroatiaFidelis.hr
>
Very interesting. The first useful SHA-1 collision was, if I remember, done
in 2015, and
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
( you know I hate the Schmoog, and didn't take their cookies, and so
they didn't show me their page in my Palemoon --working great here!, an
Angel of Honesty in comparison to Firefox --and if anybody else don't
want Schmo
22 matches
Mail list logo
