at Tuesday, April 01, 2003 11:53 PM, Kevin S. Van Horn
<[EMAIL PROTECTED]> was seen to say:
> What's a legitimate government? One with enough firepower to make its
> rule stick?
One with real (not imagined) WMD to frighten off american presidents. NK
being a good example...
at Thursday, March 27, 2003 6:36 AM, Sarad AV <[EMAIL PROTECTED]>
was seen to say:
> there is a lot of self imposed sensor ship in US on
> the war.The Us pows's shown on al-jazeera were not
> broadcasted over Us and those sites which had pictures
> of POW's were removed as unethical graphics on web
at Thursday, March 20, 2003 3:23 PM, Tyler Durden
<[EMAIL PROTECTED]> was seen to say:
> I've heard that for terror alert black we're all supposed to down a
> few 100 milligrams of valium, and stay in our beds, butts-up.
> For hidden weapons inspections, of course.
*lol*
might be close to the trut
> About the threat to Washington: I think it's relatively high. A
> nerve gas attack on buildings or the Metro seems likely. (The
> Japanese AUM cult had Sarin, but was inept. A more capable,
> military-trained operative has had many months to get into D.C. and
> wait for the obvious time to attack
> > at Thursday, March 06, 2003 5:02 PM, Ed Gerck <[EMAIL PROTECTED]> was
seen
> > to say:
> > > On the other hand, photographing a paper receipt behind a glass,
which
> > > receipt is printed after your vote choices are final, is not
readily
> > > deniable because that receipt is printed only afte
> There is no weakness in it that I could come up with (presuming the
audio
> input is sufficiently random, which in case of badly tuned station it
> seems to be; white noise generator would be better, though).
Sounds good to me. you should certainly get 16 good bytes from 128, and
while assuming a
at Friday, February 21, 2003 4:44 PM, James A. Donald
<[EMAIL PROTECTED]> was seen to say:
> Highly capitalist nations do not murder millions.
but their highly capitalist companies sometimes do. is this a meaningful
distinction?
at Thursday, February 20, 2003 1:28 AM, Harmon Seaver
<[EMAIL PROTECTED]> was seen to say:
> No oil but lots of dope, especially lots of high grade opium and
> the CIA and the US scum military has been just desperate to get
> control of the world heroin trade again like they did in Vietnam days
at Thursday, February 20, 2003 2:04 AM, Harmon Seaver
<[EMAIL PROTECTED]> was seen to say:
> The real school of the future won't have classrooms at all, and no
> "teachers" as we now know them. Instead there will be workstations
> with VR helmets and a number of software "gurus" in the machine
at Monday, February 10, 2003 3:09 AM, Jim Choate
<[EMAIL PROTECTED]> was seen to say:
> On Mon, 10 Feb 2003, Dave Howe wrote:
>> no, lilo is. if you you can mount a pgpdisk (say) without software,
>> then you are obviously much more talented than I am :)
> Bullshit. lilo isn't doing -anything- at t
at Monday, February 10, 2003 3:20 AM, Jim Choate
<[EMAIL PROTECTED]> was seen to say:
> On Sun, 9 Feb 2003, Sunder wrote:
>> The OS doesn't boot until you type in your passphrase, plug in your
>> USB fob, etc. and allow it to read the key. Like, Duh! You know,
>> you really ought to stop smoking c
at Thursday, February 06, 2003 4:48 PM, Chris Ball
<[EMAIL PROTECTED]> was seen to say:
> Another point is that ``normal'' constables aren't able to action the
> request; they have to be approved by the Chief Constable of a police
> force, or the head of a relevant Government department. The full
at Thursday, February 06, 2003 3:44 PM, Peter Fairbrother
<[EMAIL PROTECTED]> was seen to say:
> David Howe wrote:
> a) it's not law yet, and may never become law. It's an Act of
> Parliament, but it's two-and-a-bit years old and still isn't in
> force. No si
at Thursday, February 06, 2003 2:34 PM, Tyler Durden
<[EMAIL PROTECTED]> was seen to say:
> I've got a question...
>
>> If you actually care about the NSA or KGB doing a low-level
>> magnetic scan to recover data from your disk drives,
>> you need to be using an encrypted file system, period, no qu
at Thursday, February 06, 2003 11:21 AM, Pete Capelli
> Then which one of these groups does the federal government fall
> under, when they use crypto? In the feds opinion, of course. Or do
> they believe that their use of crypto is the only wholesome one?
Terrorism of course, using their own defi
> No, the various provisions of the Constitution, flawed though it is,
> make it clear that there is no "prove that you are not guilty"
> provision (unless you're a Jap, or the government wants your land, or
> someone says that you are disrespectful of colored people).
Unfortuately, this is not tru
at Friday, January 31, 2003 2:18 AM, Peter Gutmann
<[EMAIL PROTECTED]> was seen to say:
> More particularly, governments are likely to want to explore the
> issues related to potential foreign control/influence over domestic
> governmental use/access to domestic government held data.
> In othe
at Wednesday, January 29, 2003 11:18 PM, Bill Frantz
<[EMAIL PROTECTED]> was seen to say:
> Back a few years ago, probably back during the great gas crisis (i.e.
> OPEC) years, there were a lot of small companies working on solar
> power. As far as I know, they were all bought up by oil companies.
at Friday, January 24, 2003 4:53 PM, Mike Rosing <[EMAIL PROTECTED]>
was seen to say:
> Thanks Eugen, It looks like the IBM TPM chip is only a key
> store read/write device. It has no code space for the kind of
> security discussed in the TCPA. The user still controls the machine
> and can still
at Tuesday, January 07, 2003 1:14 AM, Michael Motyka <[EMAIL PROTECTED]>
was seen to say:
> financial resources,
> other than those that pass through verified identity
> gatekeepers;
That's an odd way to spell "Campaign Fund Contributing Corporations"
at Monday, December 23, 2002 7:29 PM, Mike Rosing <[EMAIL PROTECTED]>
was seen to say:
> On Tue, 24 Dec 2002, Matthew X wrote:
>
>> The containment vessel may survive a jet impact but the control room
>> and/or temporary pools of spent fuel lying outside the containment
>> vessel might not survive.
at Tuesday, December 17, 2002 5:33 AM, the following Choatisms were
heard:
> Nobody (but perhaps you by inference) is claiming it is identical,
> however, it -is- a broadcast (just consider how a packet gets routed,
> consider the TTL for example or how a ping works).
ping packets aren't routed any
at Monday, December 16, 2002 8:34 AM, Major Variola (ret) <[EMAIL PROTECTED]>
was seen to say:
> "The network?" Sorry, its one wire from here to there. Even a router
> with multiple NICs only copies a given packet to a single interface.
That is unfortunately too much of a generalisation - althoug
at Monday, December 02, 2002 8:42 AM, Eugen Leitl <[EMAIL PROTECTED]> was
seen to say:
> No, an orthogonal identifier is sufficient. In fact, DNS loc would be
> a good start.
I think what I am trying to say is - given a "normal" internet user
using IPv4 software that wants to connect to someone "
at Thursday, November 21, 2002 2:26 PM, Sarad AV
<[EMAIL PROTECTED]> was seen to say:
> 'A' uses a very strong crytographic algorithm which
> would be forced out by rubber horse cryptanalysis
> Now if Aice could give another key k` such that the
> cipher text (c) decrypts to another dummy plain
>
at Thursday, November 21, 2002 1:52 PM, Jim Choate
<[EMAIL PROTECTED]> was seen to say:
> http://www.extremetech.com/article2/0,3973,717170,00.asp
LOL!
which references - the archive of this list for bibliography :)
at Thursday, November 07, 2002 6:13 PM, David Honig <[EMAIL PROTECTED]>
was seen to say:
> Wouldn't a crypto coder be using paranoid-programming
> skills, like *checking* that the memory is actually zeroed?
That is one of the workarounds yes - but of course a (theoretical)
clever compiler could rea
at Monday, November 04, 2002 3:13 PM, Tyler Durden
> This is an interesting issue...how much information can be gleaned
> from encrypted "payloads"?
Usually, the VPN is an encrypted tunnel from a specified IP (individual
pc or lan) to another specified IP (the outer marker of the lan, usually
the
at Monday, November 04, 2002 2:28 AM, Tim May <[EMAIL PROTECTED]> was seen
to say:
> Those who need to know, know.
Which of course is a viable model, provided you are only using your key
for private email to "those who need to know"
if you are using it for signatures posted to a mailing list though
at Monday, September 30, 2002 7:52 PM, James A. Donald
<[EMAIL PROTECTED]> was seen to say:
> Is it practical for a particular group, for
> example a corporation or a conspiracy, to whip up its own
> damned root certificate, without buggering around with
> verisign? (Of course fixing Microsoft's
at Monday, October 28, 2002 9:34 PM, Major Variola (ret) <[EMAIL PROTECTED]>
was seen to say:
> Did that Wired reporter just admit to a crime? Does it matter that
> the site is overseas? That they're "Evil(tm)"??
nope, hacking into overseas servers is officially not a crime in the
US - after that
at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann
<[EMAIL PROTECTED]> was seen to say:
> For encryption, STARTTLS, which protects more mail than all other
> email encryption technology combined. See
> http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf
> (towards the back).
I would di
at Saturday, October 26, 2002 1:18 AM, Tim May <[EMAIL PROTECTED]> was seen
to say:
> Yes, but check very carefully whether one is in violation of the
> "anti-hacking" laws (viz. DMCA). By some readings of the laws, merely
> trying to break a cipher is ipso fact a violation.
IIRC, you can't be arre
at Friday, October 25, 2002 6:22 PM, bear <[EMAIL PROTECTED]> was seen to
say:
> The implication is that they have a "hard problem" in their
> bioscience application, which they have recast as a cipher.
The temptation is to break it, *tell* them you have broken it (and offer
to break any messages t
at Monday, October 21, 2002 3:14 PM, Trei, Peter
<[EMAIL PROTECTED]> was seen to say:
> I'd be nervous about a availability with centralized servers,
> even if they are "triple redundant with two sites". DDOS
> attacks, infrastructure (backhoe) attacks, etc, could all
> wreck havoc.
Indeed so, yes.
at Monday, October 21, 2002 4:20 PM, Eric Murray <[EMAIL PROTECTED]> was
seen to say:
> Looking at their web site, they seem pretty generic about
> what it's for, but I did not see any mention of using it for payments.
> So I assume it's for logins.
well, I was working from:
"The Quizid registry
at Saturday, October 12, 2002 2:01 AM, Steve Furlong
<[EMAIL PROTECTED]> was seen to say:
> On Thursday 10 October 2002 13:13, Tim May wrote:
> There are two advantages of web-based discussion fora over usenet:
> propagation time and firewalls.
Not sure about that - propagation time is a issue of
-BEGIN PGP SIGNED MESSAGE-
at Tuesday, October 01, 2002 9:04 PM, Petro <[EMAIL PROTECTED]> was
seen
to say:
> Well, it's a start. Every mail server (except mx1 and
> mx2.prserv.net) should use TLS.
Its nice in theory, but in practice look how long it takes the bulk
of the internet
at Wednesday, October 02, 2002 3:13 AM, Peter Gutmann
<[EMAIL PROTECTED]> was seen to say:
> As opposed to more conventional encryption, where you're protecting
> nothing at any point along the chain, because 99.99% of the user base
> can't/won't use it.
That is a different problem. if you assume
at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann
<[EMAIL PROTECTED]> was seen to say:
> For encryption, STARTTLS, which protects more mail than all other
> email encryption technology combined. See
> http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf
> (towards the back).
I would d
at Monday, September 30, 2002 7:52 PM, James A. Donald
<[EMAIL PROTECTED]> was seen to say:
> Is it practical for a particular group, for
> example a corporation or a conspiracy, to whip up its own
> damned root certificate, without buggering around with
> verisign? (Of course fixing Microsoft's
at Thursday, September 26, 2002 7:14 PM, Major Variola (ret)
<[EMAIL PROTECTED]> was seen to say:
The original fax from the Met is now online
http://www.thinkofthechildren.co.uk/metfaxbig.shtml
at Monday, September 23, 2002 10:35 PM, Curt Smith
<[EMAIL PROTECTED]> was seen to say:
> http://www.drivecrypt.com/dcplus.html
> DriveCrypt Plus does everything you want. I believe it may
> have descended from ScramDisk (Dave Barton's disk encryption
> program).
As an aside - Dave Barton? Shaun
at Monday, September 23, 2002 10:35 PM, Curt Smith
<[EMAIL PROTECTED]> was seen to say:
> http://www.drivecrypt.com/dcplus.html
> DriveCrypt Plus does everything you want. I believe it may
> have descended from ScramDisk (Dave Barton's disk encryption
> program).
It has. Basically, the author of
> Same version of compiler on same source using same build produces
> identical binaries.
It doesn't though - that is the point. I am not sure if it is simply
that there are timestamps in the final executable, but Visual C (to give
a common example, as that is what the windows PGP builds compile w
John Kozubik <[EMAIL PROTECTED]> was seen to declaim:
> SSH java applets exist:
>
http://www.appgate.com/ag.asp?template=products&level1=product_mindterm
> http://javassh.org/
And indeed are very useful - but I think you miss the whole point of a
java applet. the applet downloads to (and runs on)
Roy M. Silvernail <[EMAIL PROTECTED]> was seen to declaim:
> Given internet access from a private intranet, through an HTTP
> proxy out of the user's control, is it possible to establish a secure
> tunnel to an outside server? I'd expect that ordinary SSL
> connections will secure user <-> proxy
[EMAIL PROTECTED] <[EMAIL PROTECTED]> was seen to declaim:
> IE comes preloaded with about 34 root certificate authorities, and
> it is easy for the end user to add more, to add more in batches.
> Anyone can coerce open SSL to generate any certificates he
> pleases, with some work.
> Why is not so
Mike Rosing <[EMAIL PROTECTED]> wrote:
> Having it be "transparent" where the user doesn't need to know
> anything about how it works does not have to destroy the
> effectiveness of digital signatures or crypto. When people sign a
> document they don't know all the ramifications because few bothe
Mike Rosing <[EMAIL PROTECTED]> wrote:
> Having it be "transparent" where the user doesn't need to know
> anything about how it works does not have to destroy the
> effectiveness of digital signatures or crypto. When people sign a
> document they don't know all the ramifications because few bothe
>Microsoft also said open-source software is inherently less secure
>because the code is available for the world to examine for flaws,
>making it possible for hackers or criminals to exploit
>them. Proprietary software, the company argued, is more secure because
>of its closed nature.
Presumably t
> Bullshit Tim. The card holder (person paying) has an interest rate
> tacked on their payments -EVERY MONTH-. It's right there at
> the bottem of your statement.
I would switch to a better card provider then if I were you - here in
the UK, that interest payment only kicks in if you don't clear th
"Jim Choate" <[EMAIL PROTECTED]> gave us the benefit of the following
opinion:
> It makes no sense to talk about 'cheapness of payment' from the
recipients
> view. It costs them nothing to get paid (outside of whatever service
or
> labor was involved in the exchange). You have your cognates revers
> I don't think you get freelance IRA guys. Not with both
> kneecaps, anyway.
might be surprised - donations from the states have apparently tailled off
(having been the subject of a terrorist attack themselves they seem less
willing to fund them) and they could do with the revenue - but you are
p
On Sunday, April 28, 2002, at 07:32 AM, Jan Dobrucki wrote:
> Greetings,
> I've been reading the list for a while now, and what I find annoying
> is that there are mostly American news and little about what's
> happening in Europe. As little as I respect America, America is not
> all of the world
<[EMAIL PROTECTED]> wrote:
> On 24 Apr 2002 at 17:41, David Howe wrote:
> > its probably a better (if much slower) stream cypher than most currently
in
> > use; I can't think of any that have larger than a 256 internal state,
and
> > that implies a 2^256 step cycle
> No it isn't. You -want- a RNG but you can't have one. Nobody
> -wants- a PRNG, they -settle- for it.
I think there is some confusion here - if you are using a PRNG as a stream
cypher, the last thing in the world you want is for it to be truely random -
you need to sync up two prngs in order to d
"Jim Choate" <[EMAIL PROTECTED]> wrote:
> But that changes the game in the middle of play, the sequence of digits
> in pi is fixed, not random. You can't get a random number from a constant.
> Otherwise it wouldn't be a constant.
PRNG output is fixed/repeatable too - that is a properly you *want*
Peter Trei wrote:
> Encrypted files on a portable device that you keep with you would
> seem to be the best of all worlds.
any of the usb "mini drives" can manage that - just set them to autorun
Scramdisk Traveller and mount a SD volume from the device. just don't forget
to dismount it before you
59 matches
Mail list logo
