you may trade off a major gain for a minor loss, say
become a cigarette smuggler in the foreground to hide your setup message.
Again, that all falls in the realm of psychology.
j
n key be
available and the message readable.
The key holder needs a trusted source of time to make sure he
is not releasing the key too soon or late. That, in turn depends on
how paranoid you are, but in general a GPS source might be enough.
j
-BEGI
ar) fragments.
It may also help producing the passphrase and showing the user the
process used to develop it so s/he may learn to do it by him/herself.
Just my 2c worth.
j
-BEGIN PGP SIGNATURE-
Version: 2.6.3i
Charset: noconv
iQEVAwUBORgtvrgsTQLvQjxFAQE
I've seen a lot of discussion on this list pertaining to making
crypto archives in order to foil increasing export restrictions.
Isn't this exactly the kind of thing that the eternity service
is designed for?http://www.dcs.ex.ac.uk/~aba/eternity/
mjr.
--
Marcus J. Ranum, CE
This is from a recent E-Commerce report in California. It highlights the
'Cat Being Out of the Bag' argument against crypto controls. The full
report is available from: http://www.e-commerce.ca.gov/
6 The federal government should overhaul its current restrictions on the
export of encryption
Excerpt from a US House Commerce Committee press release. The full text
can be found at:
http://www.house.gov/commerce/releases/pr122198.htm
Talks about easing export controls on strong encryption, and there is
mention of creating a 'technologically neutral' national standard for
electronic aut
o-statist diatribe and
>Clipper apologia good enough to make even Dorothy Denning blow coffee out her
>nose, laughing so hard...
It is, but you can expect that from Clancy. The book gets an A for writing
but a D for content.
Lance J. Hoffman, Director, Cyberspace Policy Institute
Wei Dai's recently announced crypto library has some notes in it about
licenses and mentions in the documentation that there may be patent
restrictions on some of the code included in the distribution. I figure
the RSA stuff is covered by a patent (due to expire in a year or two?) and
I know that
On Thu, 21 Jan 1999, David R. Conrad wrote:
> Doesn't this just amount to saying, "If we subpoena a document you have to
> turn it over or face the consequences"?
>
> It seems to me that a) this is relatively non-objectionable and b) this is
> probably unavoidable.
There was a US case discuss
while Colossus is often said (mostly by the British (-: ) to be
the world's first
digital computer, (an argument i try to stay away from) it
certainly wasn't a
general purpose machine. it did run a program of sorts, but not
a 'stored program'
that was readily changed. there is no indication tha
This is a snippet from today's Edupage:
SECURITY-CONSCIOUS THINKPADS
IBM is offering a new feature on its popular ThinkPad laptops -- a two-layer
security system to protect the mobile machines and their files. The IBM
Smart Card Security kit provides software that automatically encrypts data
as
> mybox$ ssh -v -l irc -p 443 -L 6667:crypto.iq.org:70 irc.iq.org &
> mybox$ irc myname localhost:6667
Just want to point out that if you're using ssh 2.x, you need
to use the 'ssh1' executable because the iq.org server is running
1.2.26.
Regards,
Daniel
her than the usual NSA/FBI driven model where strong
crypto is carefully regulated and the government gets all the keys.
If we torque too many people the wrong way, particularly at this early
stage, we'll poison our own well.
So, in summary, while I think you have your heart in the right place,
Greetings,
We are teaching an introductory cryptography and computer security
course in our department. One of my responsibilities is to create a resource
page with links to various useful documents, sites, etc.
From my personal archives, I found a tarfile containing what appears
> Seems to me we paid for this thing. Shouldn't it be available to all who
> are interested? IOW, where's the ftp site? Not that I would expect too
> much from it.
I mentioned to Mike in a reply that I honestly have no clue where
my copy came from (timestamp is from 1996). I found hundred
(Disclaimer: Off-topic, but relevant to anyone who might be interested in the
quantum sim project)
> This is quite cool.
>
> I assume this will come in handy for checking out some of the ideas in
> quantum computation and quantum crypto, long in advance of actually
> being able to build a real
A rather sketchy and somewhat misleading article:
http://www.mercurycenter.com/svtech/news/breaking/merc/docs/084300.htm
Posted at 7:30 a.m. PST Friday, February 12, 1999
New encryption code could remain a secret
BY MICHAEL BROOKS
The Guardian
If you have an uneasy feeling about the security
The complete audio/video/written archives of that hearing are at
http://www.computerprivacy.org/archive/03041999/
The Deputy Director of the NSA (Barbara McNamara) testified; you can watch
the tape.
-Shabbir
At 5:27 PM -0500 3/11/99, Steven M. Bellovin wrote:
>In message <[EMAIL PROTECTED]>, "
short: if someone thinks the spooks are actually
tapping big ISP backbones, I want to know where I can
buy the kind of stuff they're using! :)
mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr
So I'm looking to protect some Perl code from the situation where someone
might break into my site and copy it and start marketing it. I'm mostly
interested in going beyond what the lawyers are telling me to do, and it
occurs to me that it ought to be relatively easy to do stegonography over
Perl
> At the 2600-coordinated Beyond HOPE conference (NYC, 1997), it was made
> very clear to users that passwords transmitted in-the-clear would be
Right, passwords always have been the weakest link.
> panel singled-out an unlucky telnet user, announcing a domain name and
Not just telnet is vulner
RSA has a note on their web site about a patent issued April 7, 1999,
which provides a memory efficient means of converting between polynomial
basis and normal basis stored numbers.
http://www.rsa.com/pressbox/html/990407.html
> With this being the state of the art in protection, why bother with
> intercepts, cryptoanalysis etc?
Why try to protect your information if someone is eventually going to
discover it? Like so many things in life, the game of security is based
on the probability of a certain event occurring an
of our 1987 Consent Agreement that has since barred us from using
the dreaded three letters in ANY commercial context?
Looks like we may see yet another letter clarifying this last one...
if only to add the list of individuals and corporations SDTI wants
to explicitly prohibit from using th
I have found the Cryptix class library works fine for
3DES and other encryptions. It's a little slow.
Here are two java programs I wrote which illustrate
how 3DES works using the Cryptix class library.
The first program encrypts a string (in the program)
using a key (in the program), and prints
A javacard created by Schlumberger (the "Cyberflex
Access Card") both implements cryptographic functions
(RSA, triple-DES) and allows you to download your
own programs to the card. Moreover, you can reuse
the EEPROM space by deleting a program and
downloading a different one into the same space.
In a previous email, I commented on problems in the Triple-DES
implementation in Schlumberger's Java Card (which is called the
"Cyberflex Access Card").
Apparently Schlumberger has addressed some of these problems
with a new version which has an ATS (answer to reset) with a
hex string ending in "
~~> From: Jon Callas <[EMAIL PROTECTED]>
~~>
~~>1. All encrypted or clearsigned messages go out as _attachments_, and
~~>not as message bodies. This leads to a profusion of files with the
~~>extension .MSG in the \WINDOWS\TEMP directory. The plugin apparently
~~>does not delete th
e? I can't think of what
good it'd be that a microprocessor with some crypto can't do better.
Which must mean I'm missing something since it presumably took
a lot of work to make.
mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr
Does anyone out there have any statistics about usage of
SSLV3 versus SSLV2? I'm trying to get a feeling for how much
product support there needs to be for V2 -- is there even
a significant user base for it anymore? Does anyone keep any
measures of version usage??
mjr.
--
Marcus J. Ranum
Does anyone have a pointer to why the session ID in SSLV3 is
in the clear, rather than encrypted? I'm sure there's a good
reason for it (audit? logging? other...?) but I'm trying to
pin down exactly why it was done that way. Can anyone point
me in the right direction?
mjr.
--
table, has a
skeleton in his closet, and who will sign an executive order
once elected.
mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr
ok sufficiently
like a cheese that you caught a spook-mousie you could go public
with the information (especially if you _were_ innocent) and you
could embarrass them bigtime.
mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr
7;s
description to be able to associate the FUD with a case and then
find out what kind of evidence they present?
mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr
I realise it was a comment in jest but this area is more significant than
many of us may think.
If quantum computation comes of age, cryptography will have to change
enormously since we are faced with potential new technology that overcomes
classical limits underlying cryptographic systems, eg
Amazing. If you could get this address publicized far wider than the
original BXA address, it would save the folks at EPIC countless hours
of FOIA filings to find out what's been sent to [EMAIL PROTECTED] :-)
-Shabbir
At 3:37 PM -0500 1/20/00, Matt Blaze wrote:
>Consider it done; the alias:
>
[I have sent to Declan, cypherpunks, and cryptography. Please
forward appropriately. -Shabbir]
ICIJ, a working network of the world's leading investigative
reporters, is seeking volunteers to help ICIJ members in Latin
America install PGP. Note that PGP training is provided by ICIJ
staff, a
s information (who the
business partners are) changes over time.
Many enlightened firms give the option to just subscribe and receive
nothing else unless you ask for it. I'd hope that Safevote would add that
option also.
Lance Hoffman
Lance J. Hoffman, Director, Cyberspace Policy Institute
38 matches
Mail list logo
