Gil Hamilton wrote:
> I've never heard it disclosed how the prosecutor discovered that Miller had
> had such a conversation but it isn't relevant anyway. The question is, can
> she defy a subpoena based on membership in the privileged Reporter class that
> an "ordinary" person could not defy?
Why
Gil Hamilton wrote:
> The problem is that reporters want to be made into a special class of
> people that don't have to abide by the same laws as the rest of us. Are
> you a reporter? Am I? Is the National Inquirer? How about Drudge?
> What about bloggers? Which agency will you have to apply
Tyler Durden wrote:
> We need a WiFi VoIP over Tor app pronto! Let 'em CALEA -that-. Only then
> will the ghost of Tim May rest in piece.
Don't really need one. the Skype concept of "supernodes" - users that relay
conversations for other users - could be used just as simply, and is
Starbucks-comp
Tyler Durden wrote:
Hey...this looks interesting. I'd like to see the email chain before this.
sorry, accidental crosspost from mailto:cryptography@metzdowd.com; see
http://diswww.mit.edu/bloom-picayune/crypto/18225 for the post it is a reply to.
Hasan Diwan wrote:
if the US wants to maintain its fantasy, it will need a Ministry of Truth to
do so. Cheers, Hasan Diwan <[EMAIL PROTECTED]>
And the airing of government-issued news bulletins without attributation (or
indeed, anything from Fox News) doesn't convince you there already is one?
Eugen Leitl wrote:
http://wired.com/news/print/0,1294,68306,00.html
Privacy Guru Locks Down VOIP
By Kim Zetter
Story location: http://www.wired.com/news/technology/0,1282,68306,00.html
10:20 AM Jul. 26, 2005 PT
First there was PGP e-mail. Then there was PGPfone for modems. Now Phil
Zimmermann
Eugen Leitl wrote:
On Sat, Feb 19, 2005 at 03:53:53PM +, Dave Howe wrote:
I wasn't aware that FPGA technology had improved that much if any - feel
free to correct my misapprehension in that area though :)
FPGAs are too slow (and too expensive), if you want lots of SHA-1
performance,
Joseph Ashwood wrote:
I believe you substantially misunderstood my statements, 2^69 work is
doable _now_. 2^55 work was performed in 72 hours in 1998, scaling
forward the 7 years to the present (and hence through known data) leads
to a situation where the 2^69 work is achievable today in a reaso
Joseph Ashwood wrote:
> I believe you are incorrect in this statement. It is a matter of public
record that RSA Security's DES Challenge II was broken in 72 hours by
$250,000 worth of semi-custom machine, for the sake of solidity let's
assume they used 2^55 work to break it. Now moving to a comp
Roy M. Silvernail wrote:
I was thinking more of the rumor that Longhorn's filesystem would
start at '/', removing the 'X:' and the concept of separate drives
(like unix has done for decades :) ). When I first saw this
discussed, the consensus was that it would break any application that
expected t
Ian Grigg wrote:
It's actually quite an amusing problem. When put
in those terms, it might be cheaper and more secure
to go find some druggie down back of central station,
and pay them a tenner to write out the ransom demand.
Or buy a newspaper and start cutting and pasting the
letters...
or sligh
[EMAIL PROTECTED] wrote:
This is what I love about the Internet -- ask a question
and get silence but make a false claim and you get all the
advice you can possibly eat.
Yup. give wrong advice, and you look like a fool. correct someone
else's wrong advice, and you make them look foolish (unless
Roy M. Silvernail wrote:
I'd thought it was so Microsoft could offer an emulation-based migration
path to all the apps that would be broken by Longhorn. MS has since
backed off on the new filesystem proposal that would have been the
biggest source of breakage (if rumors of a single-rooted, more *n
Tyler Durden wrote:
Yet what of your blindness, which doubts *everything* the current
administration does?
1. Abu Ghraib
2. WMD in Iraq
3. Patriot Act
4. Countless ties between this administration and the major contract
winners in Iraq
Hum. Seems a decent amount of doubt is called for.
For that ma
R.A. Hettinga wrote:
The stored software will serve as a comparison tool for election officials
should they need to determine whether anyone tampered with programs
installed on voting equipment.
IIRC during the last set, the manufacturers themselves updated
freshly-minted software from their ftp
Tyler Durden wrote:
I'm sure there are several Cypherpunks who would be very quick to
describe Kerry as "needs killing".
but presumably, lower down the list than shrub and his current advisors?
Adam wrote:
You know, the more I read posts by Mr. Donald, the more I believe that
he is quite possibly the most apt troll I have ever encountered. It is
quite apparent from reading his responses that he is obviously an
exceptionally intelligent (academically anyway) individual. I find it
hard to b
Tyler Durden wrote:
So. Why don't we see terrorist attacks in Sweden, or Switzerland, or
Belgium or any other country that doesn't have any military or
Imperliast presence in the middle east? Is this merely a coincidence?
What I strongly suspect is that if we were not dickin' around over there
Damian Gerow wrote:
I've had more than one comment about my ID photos that amount to basically:
"You look like you've just left a terrorist training camp." For whatever
reason, pictures of me always come out looking like some crazed religious
fanatic. But that doesn't mean that I'm going to bomb
R.A. Hettinga wrote:
The technology at the core of Certicom's products - elliptic-curve
cryptography, or ECC - is well suited to such purposes since it can work
faster and requires less computing power and storage than conventional
forms of cryptography, he said.
Well, best of luck to them. any sc
Riad S. Wahby wrote:
...except (ta-d) the passport, which is universally accepted by
liquor stores AFAICT.
And how many americans have a passport,and carry one for identification
purposes?
J.A. Terranson wrote:
Which of course neatly sidesteps the issue that a DRIVERS LICENSE is
not "identification", it is proof you have some minimum competency to
operate a motor vehicle...
IIRC, several states have taken to issuing a "no compentency" driving
licence (ie, the area that says what that
Steve Furlong wrote:
On Thu, 2004-10-07 at 14:50, Dave Howe wrote:
The "regular encryption scheme" (last I looked at a QKE product) was XOR
Well, if it's good enough for Microsoft, it's good enough for everyone.
I have it on good authority that Microsoft's designers a
Tyler Durden wrote:
Oops. You're right. It's been a while. Both photons are not utilized,
but there's a Private channel and a public channel. As for MITM attacks,
however, it seems I was right more or less by accident, and the
collapsed ring configuration seen in many tightly packed metro areas
Major Variola (ret) wrote:
There is a bill in this year's Ca election to require DNA sampling of
anyone arrested. Not convicted of a felony, but arrested.
Doesn't surprise me - the UK police collected a huge bunch of
fingerprints and dna samples "for elimination purposes" during one of
the child
Dave Howe wrote:
I think this is part of the
purpose behind the following paper:
http://eprint.iacr.org/2004/229.pdf
which I am currently trying to understand and failing miserably at *sigh*
Nope, finally strugged to the end to find a section pointing out that it
does *not* prevent mitm attacks
r anything more than a trivial link (two
buildings within easy walking distance, sending high volumes of
extremely sensitive material between them)
-TD
From: Dave Howe <[EMAIL PROTECTED]>
To: Email List: Cryptography <[EMAIL PROTECTED]>,
Email List: Cypherpunks <[EMAIL
R. A. Hettinga wrote:
Two factors have made this possible: the
vast stretches of optical fiber (lit and dark) laid in metropolitan areas,
which very conveniently was laid from one of your customers to another
of your customers (not between telcos?) - or are they talking only
having to lay new lin
Major Variola (ret) wrote:
t 11:22 PM 10/1/04 -0700, Bill Stewart wrote:
In the US its generally illegal to tattoo someone who is drunk.
Not sure about that - certainly its illegal in the UK to tattoo for a
number of reasons, but the drunkenness one usually comes down to "is not
capable of giving
Pete Capelli wrote:
On Thu, 05 Aug 2004 20:07:23 +0100, Dave Howe <[EMAIL PROTECTED]> wrote:
all generalizations are false, including this one.
Is this self-referential?
yes - some generalizations are accurate - and its also a quote, but I
may have misworded it so I didn't quotemark i
Morlock Elloi wrote:
Hint: all major cryptanalytic advances, where governments broke a cypher and
general public found out few *decades* later were not of brute-force kind.
all generalizations are false, including this one.
most of the WWII advances in computing were to brute-force code engines,
n
Particularly disgusted by the last paragraph
|http://www.visual-mp3.com/review/14986.html
|
| X-Cipher - Secure Encrypted Communications
|
|The Internet is a wonderful shared transmission technology, allowing
|any one part of the Internet to communicate to any other part of the
|Internet. Like
Jack Lloyd wrote:
How well is VoIP going to work over SSL/TLS (ie, TCP) though?
you can do SSL over UDP if you like - I think most VPN software is UDP
only, while OpenVPN has a "fallback" TCP mode for cases where you can't
use UDP (and TBH there aren't many)
> I've never used
any VoIP-over-TCP
Thomas Shaddack wrote:
The easiest way is probably a hybrid of telephone/modem, doing normal
calls in "analog" voice mode and secure calls in digital modem-to-modem
connection. The digital layer may be done best over IP protocol, assigning
IP addresses to the phones and making them talk over TCP
Eric Cordian wrote:
But Nigeria is a very poor country, with high unemployment, where
people are forced by economic circumstances to do almost anything to
try and feed their families. I see no reason to be proud of
reverse-scamming a Nigerian out of $80 when it might be his entire
family's foo
Eric Cordian wrote:
> I have a dual boot system which normally runs Linux. Since it had
> been a couple of months since I last ran XP, I booted it on Tuesday
> to run Windows Update, and keep it current with critical patches.
> Within minutes, before I had even downloaded the first update, my box
Tyler Durden wrote:
> "HANOVER, Germany -- German police have arrested an 18-year-old man
> suspected of creating the Sasser computer worm, believed to be one of
> the Internet's most costly outbreaks of sabotage."
> Note the language...an "18 year old MAN" and "sabotage"...
> So a HS kid, living w
opinions?
http://www.wisdom.weizmann.ac.il/~tromer/acoustic/
R. A. Hettinga wrote:
> At 12:09 PM +0200 4/22/04, Eugen Leitl wrote:
>> Are you truly expecting a worldwide ban on encryption?
> It's like expecting a worldwide ban on finance. Been tried. Doesn't
> work.
There isn't a worldwide ban on breaking CSS - doesn't stop the film
industry trying to enforc
Eugen Leitl wrote:
> On Thu, Apr 22, 2004 at 01:13:48AM +0100, Dave Howe wrote:
>> No, it is a terrible situation.
>> It establishes a legal requirement that communications *not* be
>> private from the feds. from there, it is just a small step to
>> defining encryption
Riad S. Wahby wrote:
> SAN FRANCISCO (Reuters) - A California state senator on Monday said
> she was drafting legislation to block Google Inc.'s free e-mail
> service "Gmail" because it would place advertising in personal
> messages after searching them for key words.
Is she planning to block all t
[EMAIL PROTECTED] wrote:
> If you're not the driver and you don't drive you don't have to have
> an ID. And you can't show what you don't have.
IIRC, in the case above the guy was outside his car - his daughter (still
in the car) may well have been the driver, not him
Interesting looking case coming up soon - an employee (whose motives are
probably dubious, but still :) installed a keyghost onto his boss' pc and
was charged with unauthorised wire tapping.
That isn't the interesting bit. the interesting bit is this is IIRC exactly
how the FBI obtained Scarfo's PG
Riad S. Wahby wrote:
> John Young <[EMAIL PROTECTED]> wrote:
>> Despite the long-lived argument that public review of crypto assures
>> its reliability, no national infosec agency -- in any country
>> worldwide -- follows that practice for the most secure systems.
>> NSA's support for
>> AES notwit
Tyler Durden wrote:
> Encryption ain't the half of it. Really good liottle article. And I
> didin't know Skype was based in Luxemborg
> http://slate.msn.com/id/2095777/
Not playing with Skype - why risk a closed source propriatory solution
when there is open source, RFC documented SIP?
Bah, I really miss the crap-filtered version of cypherpunks
can anyone recommend a better node than the one I am using now?
> Would something like this go over in the US? I wonder ...
I thought that there was already a levy on blank CDR media in the US;
there is certainly already one on blank audio tapes...
[EMAIL PROTECTED] wrote:
> http://www.topsecretcrypto.com/
> Snake oil?
I am not entirely sure.
on the plus side - it apparently uses Sha-1 for a signing algo, RSA with a
max keysize of 16Kbits (overkill, but better than enforcing something
stupidly small), built in NTP synch for timestamps (probab
Jim Dixon wrote:
> The Geneva conventions require, among other things, that soldiers wear
> uniforms.
No, they don't.
Fox news repeats this enough that more than half of america believes it,
but then, more than half of america believes Iraq was somehow involved in
the Trade Center attacks too.
Miles Fidelman wrote:
> - option for a quick and dirty recount by feeding the ballots through
> a different counting machine (maybe with different software, from a
> different vendor)
or indeed constructing said machines so they *assume* they will be feeding
another machine in a chain (so every par
Tim May wrote:
> Without the ability to (untraceably, unlinkably, of course) verify
> that this vote is "in the vote total," and that no votes other than
> those
> who actually voted, are in the vote total, this is all meaningless.
The missing step is that that paper receipt isn't kept by the voter
Neil Johnson wrote:
> On Wednesday 19 November 2003 05:33 pm, Dave Howe wrote:
> SIP is just the part of the VoIP protocols that handling signaling
> (off-hook, dialing digits, ringing the phone, etc.). The voice data
> is handled by Real-Time Streaming Protocol (RTSP), one strea
Steve Schear wrote:
> No, but this may be of interest.
> http://www.technologyreview.com/articles/wo_hellweg111903.asp
>
> Its closed source but claims to use AES.
*nods*
closed source, proprietory protocol, as opposed to SIP which is an RFC
standard (and interestingly, is supported natively by Win
Steve Schear wrote:
> If and when this is accomplished the source could then be used, if it
> can't already, for PC-PC secure communications. A practical
> replacement for SpeakFreely may be at hand. The limitation of either
> direct phone or ISDN connection requirement is a problem though.
*nods
Sunder wrote:
> Which only works on win9x, and no freeware updates exist for
> Win2k/XP/NT. i.e. worthless...
There was a payware (but disclosed source) update for NT/2K, and of course
E4M (on which the NT driver for scramdisk was based) was always NT
compatable and very similar to Scramdisk. I don
Students of UK politics should be aware that the british prime minister
considered it a sign of "moral courage" to press ahead with an attack on
iraq despite protests in the streets and massed opposition by politicians
of all parties, and that forging evidence is fully justified by the
results.
Tim May wrote:
> On Thursday, November 6, 2003, at 09:20 AM, Dave Howe wrote:
>>> No Such Agency doesn't fab much of anything; they can't afford to.
>>> They and their ilk are far more interested in things like FPGAs and
>>> adapting numerical algorithms
Tim May wrote:
> Reading about the Romanian student arrested today for allegedly
> releasing one of the "Blaster" variants, I was struck by how easy it
> would be to "bring a shitstorm down" on someone by inserting comments
> into the virus code.
oh joy - yet another way to joe-job someone.
> Outlook and outlook express support digital signing and
> encryption -- but one must first get a certificate.
>
> Now what I want is a certificate that merely asserts that the
> holder of the certificate can receive email at such and such an
> address, and that only one such certificate has been
Eric Cordian wrote:
> Now that the new standard for pre-emptive war is to murder the
> legitimate leader of another sovereign nation and his entire family,
> an "artist's rendering" of Shrub reaping what he sows would surely be
> an excellent political statement.
I am not sure these two were murder
John Kozubik wrote:
> On Mon, 21 Jul 2003, Major Variola (ret) wrote:
>
>>> Where do these ridiculous ideas come from ? If I own a piece of
>>> private property, like an airplane (or an entire airline) for
>>> instance, I can impose whatever senseless and arbitrary conditions
>>> on your use of it
Anonymous wrote:
> Under the Hatch Doctrine, the computer that serves his web site
> at www.senate.gov/~hatch/, is a target for elimination. It appears
> that the Honorable Senator was using JavaScript code in violation
> of the license:
> http://www.wired.com/news/politics/0,1283,59305,00.html
> S
James A. Donald wrote:
> How many attacks have there been based on automatic trust of
> verisign's feckless ID checking? Not many, possibly none.
I imagine if there exists a https://www.go1d.com/ site for purposes of
fraud, it won't be using a self-signed cert. Of course it is possible that
the a
James A. Donald wrote:
> Attached is a spam mail that constitutes an attack on paypal similar
> in effect and method to man in the middle.
>
> The bottom line is that https just is not working. Its broken.
HTTPS works just fine.
The problem is - people are broken.
At the very least, verisign shoul
James A. Donald wrote:
> Could you point me somewhere that illustates server issued
> certs, certification with zero administrator overhead and small
> end user overhead?
Been a while since I played with it, but IIRC OpenCA (www.openca.org) is a
full implimentation of a CA, in perl cgi, with no adm
Anonymous Sender wrote:
> James A. Donald writes:
> E-Gold could set things up to allow its customers to authenticate with
> certs issued by Verisign, or with considerably more work it could even
> issue certs itself that could be used for customer authentication.
> Why doesn't it do so? Well, it'
Neil Johnson wrote:
> - Most important, using Biological or Chemical Weapons is a two-edged
> sword. They could do just as much damage to their own troops as to
> the US and UK troops if they make a mistake.
Might be interesting to see what would happen if iran felt threatened by
bush's aggressive
Morlock Elloi wrote:
> Ever tried to install a ssh client on a random internet cafe computer
Yup.
1. download putty
2. run putty
3. run batchfile that changes password to next oneshot
4. do whatever is needed
5. exit putty
:)
[EMAIL PROTECTED] wrote:
> Once the war is over senior people in the U.S. administration better
> have proof acceptable to the international community in open forums if
> they do not wish to share a similar fate as their Iraqi counterparts.
I think the US believe that, with the USSR gone, they are
Jim Choate wrote:
> Yes, it can mount the partition. That isn't the problem. The problem
> is that for lilo to do this it has to have access to the key in
> plaintext. That makes the entire exercise moot.
not if you have to type it every time.
if you take that as criteria, then *all* encryption is
Jim Choate wrote:
> On Sat, 8 Feb 2003, Sunder wrote:
>> In real life this will not work as most Windoze hard disk encryption
>> schemes can't encrypt the OS disk - and this is where the temp/cache
>> stuff goes.
Not always - certainly, windows cache goes to a partition that must be
available at wi
I have seen this *five* times already - is there some sort of wierd mailing
loop in action?
I am fairly certain I haven't sent it five times spread out over two
days
Jim Choate wrote:
> On Wed, 11 Dec 2002, Steve Schear wrote:
>> From the article:
>> "The court dismissed suggestions the Internet was different from
>> other broadcasters, who could decide how far their signal was to be
>> transmitted."
>> This is totally bogus thinking. The Internet is not broad
Jim Choate wrote:
> http://www.newscientist.com/news/news.jsp?id=ns3180
yeah. downloaded that (its about 300MB!) and after going though the setup it
doesn't like my video card *sigh*
At first look though, it would appear the system is set up for a decent
proportion of the money to flow in the
Eugen Leitl wrote:
> On Sat, 30 Nov 2002, Dave Howe wrote:
> I believe I mentioned geographic routing (which is actually
> switching, and not routing) so your packets get delivered, as the
> crow flies. The question of name services. How often do you actually
> use a domain name
Jeroen C. van Gelderen wrote:
>> The last, I think, is the right answer. On the whole, when my laptop
>> is stolen I don't want anybody to get *anything* useful off of that
>> drive. If they can't get anything useful, then in particular they
>> cannot get my crypto keys and I'm done.
> Law enforcem
Bill Frantz wrote:
> There is a common example of this corner case where the memory is
> paged. The page containing the key is swapped out, then it is read
> back in and the key is overwritten, and then the page is deallocated.
> Many OSs will not zero the disk copy of the key.
Given the nature of
Kevin Elliott wrote:
> The point is though, that according to C99 today
>
> volatile int myflag;
> myflag=0;
> if (myflag!=0) { do stuff } ;
>
> does _exactly_ what you want, per the spec. The only compilers that
> don't work this way are by definition out of spec, so adding new
> stuff isn't goin
David Honig wrote:
> I was thinking more in terms of arrays
>
> memset( arr, 0, sizeof(arr)) // zero
> unsigned int v=1;
> for (int i=0; i< arr_size; i++) v += arr[i]; // check
> if ( v>0 && v<2 ) // test
> sanity();
> else
> insanity();
>
> But I suppose that if compilers can be arbitrarily 'cleve
James A. Donald wrote:
>> And PGP tells me "signature not checked, key does not meet
> validity threshold"
what version are you on? ckt never does that - it checks it, and marks the
sig status as good or bad - but obviously marks the key status as invalid
(due to lack of signing) on anyone I don't
Ben Laurie wrote:
|| Errr - its tricky anyway, coz the cert has to match the final
|| destination, and, by definition almost, that can't be the proxy.
provided you can impose a CA cert onto the user browser (not hard in a
corporate environment) it isn't as if signing a certificate "on the fly"
is
Phil Youngblood posted the following to the securecomp server - thought
it might interest people here, given the recent discussion of M$'s DRM
stuff...
--
This from the Eula for the latest Windows Media Player patch.
* Digital Rights Management (Sec
> http://yro.slashdot.org/yro/02/05/30/1640210.shtml?tid=111
It was a combo bill - the Spammers have to restrict themselves to
Opt-In, but the Governments get to demand ISPs keep records of who does
what where on demand. Of course, none of this has legal force until
ratified in the countries own l
> 1. How do you create a X.509 signing hierarchy?
by issuing other people's keys with a subordinate CA certificate.?
84 matches
Mail list logo
