Re: Deniable data storage
On Wed, Nov 05, 2003 at 06:58:58PM -0800, James A. Donald wrote: > -- > I want fully deniable information storage -- information > theoretic deniable, not merely steganographic deniable, for > stenography can never be wholly secure. > > So I would have a fixed sized block of data containing a > variable number of smaller secret chunks of data. A random key > would extract a random length of gibberish, a valid key would > extract a stream of valid data, and revealing one secret key to > the adversary would not give the adversary any evidene that > more secrety keys were present or absent. > > Any good known algorithms for this? > rubberhose probably does what you want. is there some problem with it? http://www.rubberhose.org/
Re: Panther's FileVault can damage data
On Fri, Nov 07, 2003 at 08:55:08AM -0800, Tim May wrote: > It's astounding to me that that Apple failed to do basic QC on its > major new release. > > The problem with the Firewire 800 drives using the Oxford 922 chips is > inexcusable. Did Apple never bother to run the new version of OS X with > drives made by vendors other than Apple? (I'm assuming here the > Firewire 800 problem is not present in Apple drives, about which I am > not 100% convinced.) > Which Apple drives? Is there such a thing as an Apple firewire drive, and if so does it use the Oxford 922 bridge chipset? This is the closest product I am aware of: http://www.apple.com/ipod/ It's firewire 400 and most assuredly does not use a 922 chip. If software companies were responsible for bugs in hardware that they do not manufacture, MS would be in much more trouble than it is already. petard
Re: Silly Linux Kernel Bug
On Tue, Dec 02, 2003 at 01:09:31AM -0800, Eric Cordian wrote: > An interesting occurrence, because it demonstrates that massive numbers of > open source participants auditing the code aren't sufficient to ferret out > every giant coding blunder. I don't know that I'd call it "auditing" exactly; to my knowledge, no audit as such has been undertaken with the kernel. That said, evidently, a pair of the "many eyes" did ferret this one out, about 9 weeks ago: http://linux.bkbits.net:8080/linux-2.4/diffs/mm/[EMAIL PROTECTED]@1.1148.2.2 Unfortunately, he did not see it as critical enough to throw out security alerts and make a new release right then, so anyone with untrusted local users was completely unprotected. Including Debian, apparently. Regards, petard
Re: 1st amend, compelled speech in US
On Thu, Jan 22, 2004 at 09:47:07AM -0800, Major Variola (ret.) wrote: > ...public health officials are considering legal action to force AOL and > certain websites to warn members about... > > http://wired.com/news/medtech/0,1286,62005,00.html?tw=wn_tophead_2 > > Compelled speech is prohibited, suggesting it is treason, no matter the > reason. > So is it prohibited that drug companies are compelled to disclose known side effects of their medications in order to sell them, and treason on the part of FDA employees who enforce that?
Re: Cypherpunks response to viral stimuli
On Mon, Feb 02, 2004 at 04:27:04PM -0500, Tyler Durden wrote: > Well, I'm still wondering... > > Could a TLA or other group, wanting to know who was lurking or otherwise > subscribed to a list (such as cypherpunks) deliberately craft a virus that > was easy to detect, for the purposes of having the automated email reply > systems "out" that subscriber? > > And then, is it possible to create some kind of filter that stops these > replies? > > Of course, it could be very difficult to determine the difference between > an automated reply and a real posting. > > ANyone have any thoughts? > Along these same lines, mightn't a TLA or similar induce someone downstream of them to spam the cypherpunks remailers and collect the identities of those who complain? At any rate, the two problems reduce to the same one. You could filter AV replies/complaints from the remailers, but there's no way to stop the automoton/spamee from directing it to the virus "sender"/upstream provider directly. Perhaps people who run AV systems which send out automated notifications deserve any unwanted attention they might get this way. regards, petard
Re: Saving Opportunistic Encryption
a couple nitpicks on otherwise interesting points... On Wed, Mar 17, 2004 at 09:02:17AM -0500, sunder wrote: > Look at how many folks use PGP - those who really know it and want it, or > those who know enough about it and have some easily automated > implementation that plugs in to their mail client. (i.e. commercial pgp > with Eudora/Outlook plug in. As an aside, I'm still pissed off that the > Mozilla mail client doesn't support PGP/GPG in addition to S/MIME or > whatever the hell..) > There's a well-supported extension for that: http://enigmail.mozdev.org/ Actually, plans are in the works to make S/MIME an extension as well, so the two will soon be on equal footing. > There are ways to protect against this such as publishing a line for the > known-hosts entry by other means, but no one does this (yet?) (i.e: > sneakernet, finger, web page, pgp signed/encrypted email, over the > telephone, etc.) (Another useful thing is to use public keys for SSH > instead of passwords: this way the attacker won't be able to reuse your > password - but you're still compromised the second you login.) > Out-of-band transmission of known-hosts entries has been standard operating procedure everywhere *I* have used ssh for the past 10 years. I thought everyone did that. regards, petard
Re: Anonymizer employees need killing
On Fri, Mar 26, 2004 at 01:32:43AM -0500, An Metet wrote: > >From http://www.theregister.co.uk/content/55/36485.html : > > "To download the online picture, he used the Anonymizer.com service, > believing the companys privacy policy would protect him. Not so. Dutch The article got it wrong. He used Surfola. They've since corrected it.
Re: legally required forgetting
On Sat, Apr 10, 2004 at 10:33:39AM -0700, Major Variola (ret) wrote: > Thanks for the distinction, however it still makes CC folks slaves of > the > State. Suppose Joe Badcredit finds a blank application and applies? > The State then uses violence to coerce the CC into non-consensual > transactions. > No. AIUI the CC company is not obligated by the state to offer joe any credit at all in response to his application. They may reject him based on his nonpayment twenty years later. They simply may not attempt to collect the old debt. Also, in practice, the people who aggregate such information from other creditors will have a hard time reporting on the old default. But you are not obligated to extend any credit that you do not wish to extend.
