- Original Message -
Subject: [Tom Berson Skype Security Evaluation]
Tom Berson's conclusion is incorrect. One needs only to take a look at the
publicly available information. I couldn't find an immediate reference
directly from the Skype website, but it uses 1024-bit RSA keys, the cover
- Original Message -
From: "Dave Howe" <[EMAIL PROTECTED]>
Subject: Re: SHA1 broken?
Indeed so. however, the argument "in 1998, a FPGA machine broke a DES
key in 72 hours, therefore TODAY..." assumes that (a) the problems are
comparable, and (b) that moores law has been applied to FP
- Original Message -
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Sent: Friday, February 18, 2005 3:11 AM
[the attack is reasonable]
Reading through the summary I found a bit of information that means my
estimates of workload have to be re-evaluated. Page 1 "Based o
- Original Message -
From: "Dave Howe" <[EMAIL PROTECTED]>
Sent: Thursday, February 17, 2005 2:49 AM
Subject: Re: SHA1 broken?
Joseph Ashwood wrote:
> I believe you are incorrect in this statement. It is a matter of public
record that RSA Security's DES Chall
- Original Message -
From: "James A. Donald" <[EMAIL PROTECTED]>
Subject: Re: SHA1 broken?
2^69 is damn near unbreakable.
I believe you are incorrect in this statement. It is a matter of public
record that RSA Security's DES Challenge II was broken in 72 hours by
$250,000 worth of semi
- Original Message -
From: "Shawn K. Quinn" <[EMAIL PROTECTED]>
Subject: Re: Dell to Add Security Chip to PCs
Isn't it possible to emulate the TCPA chip in software, using one's own
RSA key, and thus signing whatever you damn well please with it instead
of whatever the chip wants to sign
- Original Message -
From: "Major Variola (ret)" <[EMAIL PROTECTED]>
Subject: Mixmaster is dead, long live wardriving
At 07:47 PM 12/9/04 -0800, Joseph Ashwood wrote:
If the Klan doesn't have
a right to wear pillowcases what makes you think mixmaster will
surv
- Original Message -
From: "Major Variola (ret)" <[EMAIL PROTECTED]>
Subject: punkly current events
If the Klan doesn't have
a right to wear pillowcases what makes you think mixmaster will
survive?
Well besides the misinterprettaion of the ruling, which I will ignore, what
makes you thi
- Original Message -
From: "John Gilmore" <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, June 17, 2004 10:31 AM
Subject: Re: A National ID: AAMVA's Unique ID
> > The solution then is obvious, don't have a big central database. Instead
use
> > a distributed d
- Original Message -
From: "Anonymous" <[EMAIL PROTECTED]>
Subject: CDR: Re: An attack on paypal --> secure UI for browsers
> You clearly know virtually nothing about Palladium.
Actually, properly designed Palladium would be little more than a smart card
welded to the motherboard. As cu
- Original Message -
From: "Anonymous" <[EMAIL PROTECTED]>
Subject: CDR: Re: An attack on paypal --> secure UI for browsers
> In short, if Palladium comes with the ability to download site-specific
> DLLs that can act as NCAs
Ok what flavor of crack are you smoking? Because I can tell f
- Original Message -
From: "Eric Murray" <[EMAIL PROTECTED]>
Subject: CDR: Re: Digital Certificates
> On Tue, Feb 18, 2003 at 01:22:21PM -0800, Joseph Ashwood wrote:
> > I was just wondering if anyone has a digital certificate issuing system
I
> > could get
I was just wondering if anyone has a digital certificate issuing system I
could get a few certificates issued from. Trust is not an issue since these
are development-only certs, and won't be used for anything except testing
purposes.
The development is for an open source PKCS #11 test suite.
- Original Message -
From: "Thomas Shaddack" <[EMAIL PROTECTED]>
To: "Harmon Seaver" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Saturday, February 01, 2003 4:42 PM
Subject: CDR: Re: Shuttle Diplomacy
[snip conspiracy theory]
> Especially in this case, I'd bet my shoes on Murphy; Co
- Original Message -
From: "Harmon Seaver" <[EMAIL PROTECTED]>
> On Mon, Jan 27, 2003 at 08:23:15AM -0800, Major Variola (ret) wrote:
> > The versions of all the secure phones I've evaluated needed this
> > feature:
> > a minimal answering machine. With just the ability to record IPs of
>
isk to the
security of anyone/group that makes use of it.
- Original Message -
From: "James A. Donald" <[EMAIL PROTECTED]>
Subject: Clarification of challenge to Joseph Ashwood:
> Joseph Ashwood:
> > > So it's going to be broken by design. These are cr
- Original Message -
From: "Ben Laurie" <[EMAIL PROTECTED]>
> > The important part for this, is that TCPA has no key until it has an
owner,
> > and the owner can wipe the TCPA at any time. From what I can tell this
was
> > designed for resale of components, but is perfectly suitable as a p
- Original Message -
From: "Ben Laurie" <[EMAIL PROTECTED]>
> Joseph Ashwood wrote:
> > There is nothing stopping a virtualized version being created.
> What prevents this from being useful is the lack of an appropriate
> certificate for the private key
Lately on both of these lists there has been quite some discussion about
TCPA and Palladium, the good, the bad, the ugly, and the anonymous. :)
However there is something that is very much worth noting, at least about
TCPA.
There is nothing stopping a virtualized version being created.
There is
I need to correct myself.
- Original Message -
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
> Suspiciously absent though is the requirement for symmetric encryption
(page
> 4 is easiest to see this). This presents a potential security issue, and
> certainly a b
- Original Message -
From: "Mike Rosing" <[EMAIL PROTECTED]>
> Are you now admitting TCPA is broken?
I freely admit that I haven't made it completely through the TCPA
specification. However it seems to be, at least in effect although not
exactly, a motherboard bound smartcard.
Because it
- Original Message -
From: "AARG! Anonymous" <[EMAIL PROTECTED]>
[brief description of Document Revocation List]
>Seth's scheme doesn't rely on TCPA/Palladium.
Actually it does, in order to make it valuable. Without a hardware assist,
the attack works like this:
Hack your software (which
- Original Message -
From: "Eugen Leitl" <[EMAIL PROTECTED]>
> Can anyone shed some light on this?
Because of the sophistication of modern processors there are too many
variables too be optimized easily, and doing so can be extremely costly.
Because of this diversity, many compilers use s
- Original Message -
From: "Anonymous" <[EMAIL PROTECTED]>
> Ross Anderson's paper at
> http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/toulouse.pdf
> has been mostly discussed for what it says about the TCPA. But the
> first part of the paper is equally interesting.
Ross Andseron's approxi
- Original Message -
From: "Ryan Lackey" <[EMAIL PROTECTED]>
> I consider DRM systems (even the not-secure, not-mandated versions)
> evil due to the high likelyhood they will be used as technical
> building blocks upon which to deploy mandated, draconian DRM systems.
The same argument ca
- Original Message -
From: "Steve Schear" <[EMAIL PROTECTED]>
> >Harry Potter released unprotected
> So, is this just a test or has at least one industry giant decided, as the
> software industry learned long ago, that the cost of copy protection often
> exceeds its value.
I believe it'
- Original Message -
From: <[EMAIL PROTECTED]>
Subject: Re: CDR: RE: Degrees of Freedom vs. Hollywood Control Freaks
> Ok, somebody correct me if I'm wrong here, but didn't they officially
cease
> production of vinyl pressings several years ago? As in *all* vinyl
> pressings???
They st
- Original Message -
From: "Neil Johnson" <[EMAIL PROTECTED]>
To: "Joseph Ashwood" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, May 31, 2002 6:59 PM
Subject: Re: FC: Hollywood wants to plug "analog hole," regulate A-D
> On
Everything I'm about to say should be taken purely as an analytical
discussion of possible solutions in light of the possibilities for the
future. For various reasons I discourage performing the analyzed alterations
to any electronic device, it will damage certain parts of the functionality
of the
- Original Message -
From: "surinder pal singh makkar" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, May 31, 2002 5:30 AM
Subject: CDR: How can i check the authenticity of a private key
> Hi List,
>
> I am a newbie in cryptography. What I have learnt till
> now is that in as
- Original Message -
From: "Morlock Elloi" <[EMAIL PROTECTED]>
> Collision means same plaintext to the same ciphertext.
Actually all it means in this case is the same ciphertext, since the key is
the same it of course carries back to the plaintext, but that is irrelevant
at this point. T
- Original Message -
From: "Morlock Elloi" <[EMAIL PROTECTED]>
> > There's no need to go to great lengths to find a place to store the IV.
>
> Wouldn't it be much simpler (having in mind the low cost of storage), to
simply
> append several random bits to the plaintext before ECB encrypton
Title: RE: Re: disk encryption modes (Re: RE: Two ideas for random number generation)
- Original Message -
From:
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, April 27, 2002 12:11
PM
Subject: CDR: RE: Re: disk encryption
modes (Re: RE: Two ideas for
- Original Message -
From: "Adam Back" <[EMAIL PROTECTED]>
> Joseph Ashwood wrote:
> > Actually I was referring to changing the data portion of the block
> > from {data} to {IV, data}
>
> Yes I gathered, but this what I was referring to when
- Original Message -
From: "Adam Back" <[EMAIL PROTECTED]>
> On Fri, Apr 26, 2002 at 11:48:11AM -0700, Joseph Ashwood wrote:
> > From: "Bill Stewart" <[EMAIL PROTECTED]>
> > > I've been thinking about a somewhat different but relat
- Original Message -
From: "Bill Stewart" <[EMAIL PROTECTED]>
> I've been thinking about a somewhat different but related problem lately,
> which is encrypted disk drives. You could encrypt each block of the disk
> with a block cypher using the same key (presumably in CBC or some similar
- Original Message -
From: "Jim Choate" <[EMAIL PROTECTED]>
> For a RNG to -be- a RNG it -must- be infinity-distributed. This means that
> there are -no- string repititions -ever-.
Ummm, wrong. That would imply that in a binary stream, once 0 has been used
it can never be used again. Thi
- Original Message -
From: "Morlock Elloi" <[EMAIL PROTECTED]>
> Most hardware solutions that I'm aware of support 1024-bit modular
arithmetic.
> I don't know how easy or hard it is to do 2048-bit ops with 1024-bit
> primitives, or is there any 2048-bit HW around.
For encryption, you're
- Original Message -
From: "gfgs pedo" <[EMAIL PROTECTED]>
> > > Oh surely you can do better than that - making it
> > hard to guess the seed
> > > is also clearly a desirable property (and one that
> > the square root "rng"
> > > does not have).
> U can choose any arbitrary seed(greater
- Original Message -
From: "Eugen Leitl" <[EMAIL PROTECTED]>
> On Mon, 22 Apr 2002, Tim May wrote:
>
> > What real-life examples can you name where Gbit rates of random digits
> > are actually needed?
>
> Multimedia streams, routers. If I want to secure a near-future 10 GBit
> Ethernet st
- Original Message -
From: <[EMAIL PROTECTED]>
To: "Tim May" <[EMAIL PROTECTED]>; "Eugen Leitl" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, April 21, 2002 1:33 PM
Subject: CDR: Re: Two ideas for random number generation
> Why would one want to implement a PRNG in silicon,
I have done a significant amount of considering on the very questions raised
in this. This consideration has spanned approximately a month of time. These
are my basic conclusions:
Bernstein's proposal does have an impact, but I do not believ that 3x the
key size is necessary
I believe Bernstein's
- Original Message -
From: "Jeremy Lennert" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, February 23, 2002 8:15 AM
Subject: CDR: Re: Jail Cell Cipher (modified RC4)
> > Unfortunately it has a rather damning effect on the cipher.
> > First in the key
> > scheduling there i
- Original Message -
From: "Jeremy Lennert" <[EMAIL PROTECTED]>
To: "'Neil Johnson'" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>; "'R. A. Hettinga'" <[EMAIL PROTECTED]>
Sent: Friday, February 22, 2002 10:15 PM
Subject: CDR: RE: Jail Cell Cipher (modified RC4)
> I'm not having difficulty wit
- Original Message -
From: "Anonymous" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 08, 2001 4:48 PM
Subject: CDR: Re: Remailer Phases
> An Unknown Party wrote:
> > On Wed, 8 Aug 2001, Anonymous wrote:
> > > We need a good mixmaster net.
> > >
> > > working remaile
- Original Message -
From: "Jim Choate" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 08, 2001 7:05 PM
Subject: CDR: Re: Mixmaster Message Drops
> The next major question is to determine where the drops are happening.
> Inbound, outbound, inter-remailer, intra-remai
- Original Message -
From: "Meyer Wolfsheim" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 08, 2001 5:40 AM
Subject: Re: CDR: Re: re: Remailer Phases
> On Tue, 7 Aug 2001, Joseph Ashwood wrote:
>
> > > > 2. Operator pro
- Original Message -
From: "A. Melon" <[EMAIL PROTECTED]>
Subject: CDR: re: Remailer Phases
> > 2. Operator probably trustworthy
>
> Impossible, and unnecessary. Don't assume any remops are trustworthy.
Actually it is absolutely necessary. If all operators are willing to
collude, then
What probably happened is that you didn't see the other windows come up
where it was gathering entropy and needed your mouse input. If you don't see
that window I can see where you wouldn't be able to upgrade.
Joe
- Original Message -
From: "Steve Schear" <[EMAIL PROTEC
49 matches
Mail list logo
