Re: A proposal for secure videoconferencing and videomessaging over the Internet

-- James A. Donald: > > I do not understand what is meant by "provably secure"] At 09:57 AM 7/28/2000 -0400, Rich Salz wrote > An unfortunate admission for a would-be cryptographer. It should have been obvious from the context that you deleted that I was criticizing

Re: A proposal for secure videoconferencing and video messaging over the Internet

icular threat. There will always be yet another attack. Few things are secure against rubber hoses and hot pincers, or against foolishness and carelessness, which tends to be even more common than rubber hoses. --digsig James A. Donald 6YeGpsZR+nOTh/cGw

Re: A proposal for secure videoconferencing and video messaging over the Internet

l get especially difficult for Mallory if Bob and Alice check into a conference call, into a chat room. Suppose Bob and Alice want to bring Carol into their discussions. Now Mallory needs to have anticipated this, and fed both Bob and Alice with a false address for Carol.

Re: A proposal for secure videoconferencing and video messaging over the Internet

-- James A. Donald writes: > > In real life situations where one wishes a conversation to be > > secure, people are most commonly authenticated by not by true > > name, but by face. At 02:49 PM 7/26/2000 -0700, Eugene Leitl wrote: > We're mixing several

Re: A proposal for secure videoconferencing and video messaging over the Internet

c minority prefer the terminology "Mark of the beast".) We will need a new terminology for the protocol I have proposed. I propose to call it "face based". --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG EebeJcUrCnomop+HVlb67

Re: What would you like to see in a book on cryptography for programme

ood attack. If they have not been subject to much attack, people should not use them, but should read them. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG jWnprzbdcockuFt7jlrh6D57vGi84SX9Qz8lhH+j 4f1X5tAzhVXqKLOeFps1Q4DXRbKUyYfziiL68LAce

Re: Comcast@Home bans VPNs

ctions to businesses, and lower price low bandwidth connections to consumers. Now they want to continue selling high price high bandwidth connections to business while selling low price high bandwidth connections to consumers. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3

Re: DeCSS and imminent harm ...

uch an act was beyond the power of a judge, that judges not only should not censor thei internet, but that they *could* not censor the internet, that the interenet was stronger than the judiciary. It is not about copyright law. It is about power. --digsig James A. Donald

Re: Intel announcements at RSA '99

designed. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 17Dd+YQp5Kf8bt/Y873n/xKTRWPMKN2qcvVsAAg5 4XzWgPvQ5KxYUjNf5+hg96PNe9lqEJMPR4q+ld95i - We have the right to defend ourselves and our property, becaus

Does any patent cover Wagner's ecash scheme?

l possible uses of signing a quantity with its exponential, including those that Chaum never imagined.) 2. Is there some other patent that covers Wagner's method? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG

Bernstein Opinion Up

ingled with explanation, discussion, and sufficient information for a human to construct a makefile. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG uPMpxXwshmNpXlGGiHThXA2waVAdPIcMzRs4eF6D 4an5T6V823cgpj1l1hAxD2MmyFdsHIAUHfB+RxHt3

Re: Exporting crypto from the US? Think first...

-- At 12:13 AM 5/7/99 -0700, James A. Donald wrote: > > Large numbers of people have been conspicuously breaking > > this law for a long time. At 09:04 AM 5/7/99 -0700, Greg Broiles wrote: > Charles Booher of San Jose received investigatory attention > and subpoena(s) fr

Re: Five years, and still no useful internet cash

s for CyberCoin's failure. I think I > know some of them. I'd be very interested in an informed > discussion of them. You may well be the only person that knows some of them. I would be interested in knowing more about its birth and death. --digsig James A. D

Five years, and still no useful internet cash

s, and doubtless my somewhat cynical reviews contain many errors. I would appreciate some corrections. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG NFp27X1a/dOuflEHZVEne4jPgR5pv0B1oQZLKLCD 4UWKbe0Nf8PuVr7JbtiivALwCAfG3/JwPjrzSW8z/

Re: NSA's economic interest in European GAK

arly. As we all predicted, if the government has access to keys, it will be incapable of restraining itself to lawful uses of that information, and lo and behold, the government was incapable of restraining itself to lawful uses of that information. Surprise surprise. --digsig James A. Dona

Re: US spying on Europe

at kind of hostile and cynical attitude do not get appointed to those kind of jobs. When everyone discovered that everyone was lying, nobody wanted to mention it because that would constitute being a trouble maker and rocking the boat. --digsig James A. Donald 6YeGpsZR+nOTh

Re: quantum codebreaker

difficult to conceive of what it would mean for the Hamiltonian to be non linear. If the non linearity was sufficient to have perceptible effects in everyday life, reality would be unimaginably different. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQd

Re: IBM MP - error in site, our meaning of open, standard etc

o something less cynical and pessimistic. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG U6dLsn/tUV6iMtbo48pXXBVGmdGu+PWuPke5YO9w 4bscPXK7ICHSYiKE/sKFZP9GxHlzMhCpwAM/aatqW

Re: EPIC releases 1999 Crypto report

amount of truth. This presentation probably does not appeal to citizens of the outside world. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG oQuGno2KeatkJ8lm5fJxZinp71JAuBDxmeQMRmf3 4CY2kNueZuow8KiMnPEy3OQH9nc4WRft2RzeKpGTo

Re: so why is IETF stilling adding DES to protocols? (Re: It's official... DES is History)

. Microsoft has made some effort to get around these laws, but seemed to lose interest. Perhaps Bill Gates was the recipient of a little talk. Netscape does not seem to have made any effort to get around these laws. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVp

Re: NPR story on crypto...

n an advantage for the US government over US citizens. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 1Or62Yo2734CUUOeRD2kSfdrhpiM8Q4CGyBqQbaV 4NvZ/17IPS0YGa5nUzZoTAbMgjjNF9ElbQIe4vD2

Re: depleting the random number generator

t" the entropy pool if he can gain information about the pool from the entropy he sees. It is possible to make this computationally very expensive. Use a cryptographically strong PSEUDO random number generator, such as RC4. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3

Re: depleting the random number generator

. (the number of possible internal states of an RC4 state machine used as a pseudo random number generator.) One can acquire that much entropy by catching mouse moves while the setup wizard is running. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3Tdzcl

"If only you knew what we knew"

getting rid of the communist state and instituting liberty. Not getting rid of one form of fascism and substituting another. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG ILz8NgHWCv8iqIxlum5mmm

Re: depleting the random number generator

entropy attacks? Yes: If the attacker knows exactly when the packets arrive (which he cannot) this cannot give him any additional knowledge about the state. The worst case is that the attacker does not lose any information. --digsig James A. Donald

Re: depleting the random number generator

-- > > > Oh dear! This suggestion worries me. > > > Is it reasonable to expect this arrangement to be secure > > > against e.g. chosen-entropy attacks? On Mon, 26 Jul 1999, James A. Donald wrote > > Yes If the attacker knows exactly when the packets arrive

Re:

r get that way. Why don't we start that way? The initialization rule is for i = 0 to 255 j = j+ s[i] + input(i) swap s[i], s[j] next i; To go bad at the end of initialization it has to wind up in the state j=1 (which can always be forced true by some suitable input, and

Re: US Urges Ban of Internet Crypto

n the Swiss --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG bT/ujRQ/NM6YXq9HnVSDd55pFvld6GCr5jFNvdZx 4IHA6/iHFW0Ci5N1mn38xq9TctHM1cmA/lFmCcAMc

Re: Legal/patent analysis of Lucre?

coin issued to him by the issuer. If the coin issuer marks coins by using a different key for some coins and not others, the blinding will generate unrecognizable garbage and the system will fail. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG

Weak user keys, strong servers.

this exposes the client to man in the middle attack from the server, and only works for instant messaging and for transactions that either fail or complete within a single logon session at the server. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3Y

Re: Weak user keys, strong servers.

-- At 06:16 PM 7/20/2000 -0400, David Jablon wrote: > This is a solved problem, under slightly different assumptions. At 07:34 AM 7/20/00 -0700, James A. Donald wrote: > > One can achieve almost the same effect by having transient user > > keys separate from the user lo

Re: Weak user keys, strong servers.

-- James A. Donald: >The problem is that I assume that people find each other's IP and > transient public key through the server. I also assume the user's > computer is insecure, the user is ignorant and careless about > security and the user may change compu

Re: Weak user keys, strong servers.

borate on the points below? At 09:50 PM 7/21/00 -0700, James A. Donald wrote: > > On reflection, the obvious solution to this is for the user to > > have his possibly low entropy key p, and the server to keep for > > him a high entropy key q. > > > > The public k

Re: Weak user keys, strong servers.

's machine. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG fBygsLvIO8PYdMDoivJRJg6J1OvIXDR+USrBa0Ou 4HRCExGCubrGiwhyIUJmf2QkOYOTYuvZsh/AXJjyA

A proposal for secure videoconferencing and video messaging over the Internet

A proposal for secure videoconferencing and video messaging over the Internet Personal presence service is going to be a protocol as widely used as http, and if we can get security into that protocol, it will result in widely deployed nyms, unli