Re: Interesting article

On Fri, Jul 08, 2005 at 01:32:34PM -0400, Tyler Durden wrote: > That is interesting. One wonders if in certain circles of Russia people are > much more careful with their data and encrypting it. Who knows? A country > like that might evolve some fairly rigorous privacy procedures. Here in the >

Re: FW: on FPGAs vs ASICs

On Mon, Mar 21, 2005 at 06:34:07PM -0800, Major Variola (ret) wrote: > Tangentially, I should note that there are "modes of encryption" which can be > scaled infinitely with parallel hardware; they use interleaved blocks so each > chip sees every Nth block of the real stream. So high clock rates

SHA-1 results available

http://theory.csail.mit.edu/~yiqun/shanote.pdf No real details, just collisions for 80 round SHA-0 (which I just confirmed) and 58 round SHA-1 (which I haven't bothered with), plus the now famous work factor estimate of 2^69 for full SHA-1. As usual, "Technical details will be provided in a fort

Re: Congress Close to Establishing Rules for Driver's Licenses

On Tue, Oct 12, 2004 at 10:09:26AM -0500, Riad S. Wahby wrote: > Dave Howe <[EMAIL PROTECTED]> wrote: > > And how many americans have a passport,and carry one for identification > > purposes? > > Probably not all that many. > > Tangentially, I was once told that, at least in Massachusetts liquor

Re: Most Disturbing Yet - Senate Wants Database Dragnet

On Thu, Oct 07, 2004 at 06:19:43AM -0400, Sunder wrote: > > > To prevent abuses of the system, the Markle task force recommended > anonymized technology, graduated levels of permission-based access and > automated auditing software constantly hunting for abuses. > > {Huh? How would anonimize

Re: Seth Schoen's Hard to Verify Signatures

On Wed, Sep 08, 2004 at 12:44:39PM -0700, Major Variola (ret) wrote: [...] > In an RSA cryptosystem the public exponent is typically low, often > 3 or 65537 (for efficiency reasons only a few bits are set; the other > constraint is that your message, raised to that power, wraps in your > modulus, w

Re: Remailers an unsolveable paradox?

On Sat, Sep 04, 2004 at 09:50:14PM +0200, Nomen Nescio wrote: > Let's take our shining example of truth and freedom, the whistle-blower. > When they send out mail to the media or whomever, one of two things happens: > they see the story published or they don't. If not, there's no idea why: was > i

Re: On what the NSA does with its tech

On Wed, Aug 04, 2004 at 11:04:15AM -0700, "Hal Finney" wrote: [...] > The system will consume 10^25 * 60 nanowatts or about 6 * 10^17 watts. > Now, that's a lot. It's four times what the earth receives from the sun. > So we have to build a disk four times the area (not volume) of the earth, > co

NSA crypto at DNC?

http://www.nytimes.com/2004/07/26/business/26verizon.html "Nextel, the official mobile provider to both conventions, is deploying its iDEN network with encryption codes used by the National Security Agency to make sure no one eavesdrops on all the deal making." Anyone know what's up with this? I'

Re: Secure telephones

On Sun, Jul 18, 2004 at 08:53:35PM +0100, Dave Howe wrote: > >That may have just been an artifact of a bad implementation, though. DTLS > >might be a better pick for securing VoIP. There's also SRTP. > > The strength of a pure VPN solution is that you aren't limited to *just* > VoIP - you can tra

Re: Secure telephones

On Sun, Jul 18, 2004 at 07:31:59PM +0100, Dave Howe wrote: > OpenVPN is of course built on SSL, and can use either X509 certificates > or a preshared key for authentication. Sadly, there is no convenient way > to use DNS-SEC key records for OpenVPN. How well is VoIP going to work over SSL/TLS (

Re: For Liars and Loafers, Cellphones Offer an Alibi

> More recent phones from Sprint must support real GPS, since Qualcomm > offers chipsets with GPS support, which they wouldn't do unless their > only customers (Sprint phone manufacturers) wanted it. I was looking at getting a Sprint phone last week - every model I looked at had a GPS chip. -J

Re: Linksys WRT54G (and clones)

> The WRT54G clones are largely useful as very cheap Linux boxes with radio, > for individual homes and small scall meshes. They should be able to support a > few VPNs over typical ADSL/cable modem link bitrate, but for more serious > work I'd go with VIA's C5 family (1 GHz fanless, and hardware c

Re: 2 million bank accounts robbed

So... don't give your account info to organized crime, and don't use Outlook, and your risk is reduced by, what, 90%? And doing online banking from a Net cafe... I mean really. At least some of these numbers seem wrong. If "nearly 2 million" people got ripped off last year, and "at least 1.8 milli

Re: Breaking Iranian Codes (Re: CRYPTO-GRAM, June 15, 2003)

On Wed, Jun 16, 2004 at 03:37:54AM +1200, Peter Gutmann wrote: > "R. A. Hettinga" <[EMAIL PROTECTED]> forwarded: > > >So now the NSA's secret is out. The Iranians have undoubtedly changed > >their encryption machines, and the NSA has lost its source of Iranian > >secrets. But little else is know

Re: The Fingerprint As Password

a) Why do I have the feeling that there is no way to tell which password a piece of software is asking for when you thumb it. Does the host machine get all of them and figure out which one it wants to use? b) How hard is it to bypass the check and simply pull the complete set of passwords out of i

Re: Shoulder surfing for passwords by ear

On Thu, May 13, 2004 at 09:32:40AM -0400, Sunder wrote: > http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci963348,00.html > > 'Whispering keyboards' could be next attack trend > By Niall McKay, Contributing Writer > 11 May 2004 | SearchSecurity.com > > > OAKLAND -- L

Re: Can Skype be wiretapped by the authorities? (fwd from em@em.no-ip.com)

Like it matters. Do you really think that the government would really allow Intel and AMD to sell CPUs that didn't have tiny transmitters in them? Your CPU is actually transmitting every instruction it executes to the satellites. On Mon, May 10, 2004 at 11:14:49AM -0700, Hasan Diwan wrote: >

Re: BBC on all-electronic Indian elections

On Mon, Apr 26, 2004 at 11:18:52AM -0400, sunder wrote: > Jack Lloyd wrote: > > >Still, I liked this quote: '"I came to vote because wasting one's ballot > >in a > >democracy is a sin," he told the BBC.' Not too common a view in the US > &g

Re: BBC on all-electronic Indian elections

On Tue, Apr 20, 2004 at 04:28:07PM +0100, Graham Lally wrote: > Current report: > > > > The tech: > > > > Bit scant on details.. anyone know anything more about how the machine >

Re: The Gilmore Dimissal

> > I was curious about that. I notice now that Amtrak requires ID as well: > http://www.amtrak.com/idrequire.html > > Does anyone know when this happened, or have experiences with having to > show ID on Amtrak? Sometime before early January this year, at least (probably significantly before).

Re: chatroom conversation turing computable

On Thu, Mar 18, 2004 at 10:37:25AM -0800, Major Variola (ret.) wrote: > http://news.scotsman.com/scitech.cfm?id=312492004 "If a nanniebot detects signs of paedophile activity, such as an adult posing as a child, it sends out an alert." I can't wait for two of them to meet and each decide the othe

Re: Freedomphone

> > "We allow everyone to check the security for themselves, because > > we're the only ones who publish the source code," said Rop Gonggrijp "We are currently performing a internal round of reviews with a expert group of security researchers and cryptographers. Depending on the results of this re

Re: someone stealing e-gold passwords

I got one of these in early January, but I don't use e-gold. Probably they hit everyone they can find an address for on the assumption that some of them use e-gold. Even a small number of accounts could be quite profitable for them. (Perhaps they are more selective, mailing people who post on crypt

RE: Supremes and thieves.

On Tue, 21 Jan 2003, Trei, Peter wrote: > The song is sung by Jimmy Stewart, on camera, so a new soundtrack > would be tough. Given that they can make dead actors dance in commercials, I can't imagine it would be terribly difficult to do it. Though I know next to nothing about video editing in ge

Re: Hollywood Hackers

On Wed, 31 Jul 2002, A.Melon wrote: > and on the left hand side of the page it says: > > At the moment, we do not support non-Javascript browsers. > > If they are concerned about security, Shouldn't they be avoiding > javascript? Shapiro has a strange love for Javascript. I don't know what

Re: Hollywood Hackers

On Wed, 31 Jul 2002, Steve Schear wrote: > Looks amazingly familiar. Could it be, could be, could it be Mojo > Nation (now MNet http://mnet.sourceforge.net )? Or OpenCM (http://www.opencm.org) -Jack

Re: NAI pulls out the DMCA stick

On Fri, 24 May 2002, Eric Murray wrote: > > 3. Is a relavent developer reference is available for X.509? > > X.509 is an ITU/T standard, which means, among other things, that > they charge money for copies. You can find copies on the net though. Depending on how good your local library is, the

RE: Two ideas for random number generation

On Mon, 22 Apr 2002, Trei, Peter wrote: > So my suggestion is that while hardware accelaration of PRNGs may have > some usefulness, true RNGs need not have the same performance. I'd > rather see people work on making the true RNGs *trustworthy*, which is > a much more difficult problem. Out of c