[EMAIL PROTECTED]: Re: [p2p-hackers] P2P Authentication]

- Forwarded message from Kerry Bonin <[EMAIL PROTECTED]> - From: Kerry Bonin <[EMAIL PROTECTED]> Date: Mon, 31 Oct 2005 07:25:20 -0800 To: "Peer-to-peer development." <[EMAIL PROTECTED]> Subject: Re: [p2p-hackers] P2P Authentication User-Agent: Mozilla Thunder

Re: Multiple passports?

Bill Stewart wrote: When I saw the title of this thread, I was assuming it would be about getting Mozambique or Sealand or other passports of convenience or coolness-factor like the Old-School Cypherpunks used to do :-) Actually the only passports that are significantly more convenient than U

Re: On the orthogonality of anonymity to current market demand

Chris Palmer <[EMAIL PROTECTED]> writes: >James A. Donald writes: > >> Further, genuinely secure systems are now becoming available, notably >> Symbian. > >What does it mean for Symbian to be genuinely secure? How was this determined >and achieved? By executive fiat. Peter.

Re: packet traffic analysis

> Modes that are based on a small window of previous plaintext, such as > OFB, would be vulnerable too. My mistake, OFB does not have this property. I thought there was a common mode with this property, but it appears that I am mistaken. If it makes you feel any better, you can consider the PRNG

Re: packet traffic analysis

> I very much doubt it. Where did that factor of "half" come frome. During lulls, you are constantly sending chaff packets. On average, you're halfway through transmitting a chaff packet when you want to send a real one. The system has to wait for it to finish before sending another. QED. > A

Re: On the orthogonality of anonymity to current market demand

James A. Donald writes: > > Further, genuinely secure systems are now becoming available, notably > > Symbian. Chris Palmer <[EMAIL PROTECTED]> > What does it mean for Symbian to be genuinely secure? How was this > determined and achieved? There is no official definition of "genuinely secure", an

Re: On the orthogonality of anonymity to current market demand

James A. Donald writes: > Further, genuinely secure systems are now becoming available, notably > Symbian. What does it mean for Symbian to be genuinely secure? How was this determined and achieved? -- http://www.eff.org/about/staff/#chris_palmer signature.asc Description: Digital signature

Re: Multiple passports?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter Gutmann wrote: > Gregory Hicks <[EMAIL PROTECTED]> writes: > > >>As for applying for one now, I think the deadline for the non-RFID passwords >>is about 3 days away (31 Oct 2005), but I could be wrong. (In other words, if >>your application is

Re: On the orthogonality of anonymity to current market demand

At 10:22 AM -0500 10/31/05, [EMAIL PROTECTED] wrote: >and doesn't history show that big corporations are only interested in >revenue One should hope so. ;-) Cheers, RAH -- - R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street,

Re: On the orthogonality of anonymity to current market demand

hi ( 05.10.26 09:17 -0700 ) James A. Donald: > While many people are rightly concerned that DRM will > ultimately mean that the big corporation, and thus the > state, has root access to their computers and the owner > does not, it also means that trojans, viruses, and > malware does not. do you r

Passport Hell (was [Clips] Re: [duodenalswitch] Re: Konstantin)

--- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Mon, 31 Oct 2005 09:55:05 -0500 To: "Philodox Clips List" <[EMAIL PROTECTED]> From: "R.A. Hettinga" <[EMAIL PROTECTED]> Subject: [Clips] Re: [duodenalswitch] Re: Konstantin Reply-To: [EMAIL PROT

RE: [EMAIL PROTECTED]: Skype security evaluation]

7 AM > To: [EMAIL PROTECTED]; cryptography@metzdowd.com > Subject: Re: [EMAIL PROTECTED]: Skype security evaluation] > > Wasn't there a rumor last year that Skype didn't do any encryption > padding, it just did a straight exponentiation of the plaintext? > > Would that be

Re: packet traffic analysis

In the context of: >>If your plaintext consists primarily of small packets, you should set the MTU >>of the transporter to be small. This will cause fragmentation of the >>large packets, which is the price you have to pay. Conversely, if your >>plaintext consists primarily of large packets, yo

Re: Multiple passports?

Gregory Hicks <[EMAIL PROTECTED]> writes: >As for applying for one now, I think the deadline for the non-RFID passwords >is about 3 days away (31 Oct 2005), but I could be wrong. (In other words, if >your application is not in processing by 31 Oct, then you get the new, >improved, RFID passport.)

Re: Blood, Bullets, Bombs and Bandwidth

At 11:59 PM + 10/30/05, Justin wrote: >Tyler likes the high-speed lifestyle so much that he ditched it and >moved to London? He and Jayme are back in Kurdistan, now. Don't know for how long, though. He's teaching a new class of engineers, including crypto and security stuff. Watched their jaws

Re: Multiple passports?

On 2005-10-29T21:17:25-0700, Gregory Hicks wrote: > > Date: Sun, 30 Oct 2005 03:05:25 + > > From: Justin <[EMAIL PROTECTED]> > > > > If I apply for a new one now, and then apply for a another one once > > the gov starts RFID-enabling them, will the first one be > > invalidated? Or can I have

Re: Blood, Bullets, Bombs and Bandwidth

On 2005-10-22T01:51:50-0400, R.A. Hettinga wrote: > --- begin forwarded text > > Tyler and Jayme left Iraq in May 2005. The Arbil office failed; there > wasn't enough business in Kurdistan. They moved to London, where Tyler > still works for SSI. His time in Iraq has transformed him to the exte

Re: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants start

At 01:31 AM 10/30/05 -0700, Bill Stewart wrote: >They've said they'll fall back on the traditional >"If we can't read the passport it's invalid and you'll need to >replace it before we'll let you leave the country" technique, >just as they often do with expired passports and sometimes What is the

Re: Multiple passports?

On Sun, Oct 30, 2005 at 03:05:25AM +, Justin wrote: > If I apply for a new one now, and then apply for a another one once the > gov starts RFID-enabling them, will the first one be invalidated? Or > can I have two passports, the one without RFID to use, and the one with > RFID to play with? H

Re: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants start

On Sat, Oct 29, 2005 at 08:42:35PM -0400, Tyler Durden wrote: > One thing to think about with respect to the RFID passports... > > Um, uh...surely once in a while the RFID tag is going to get corrupted or > something...right? I'd bet it ends up happening all the time. In those > cases they proba

Re: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants start

At 01:42 AM 10/30/2005, Roy M. Silvernail wrote: Tyler Durden wrote: > One thing to think about with respect to the RFID passports... > > Um, uh...surely once in a while the RFID tag is going to get corrupted > or something...right? I'd bet it ends up happening all the time. In > those cases the

Re: Multiple passports?

When I saw the title of this thread, I was assuming it would be about getting Mozambique or Sealand or other passports of convenience or coolness-factor like the Old-School Cypherpunks used to do :-) On 10/30/05, Gregory Hicks <[EMAIL PROTECTED]> wrote: > The only people that I knew that had two

Re: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants start

Tyler Durden wrote: > One thing to think about with respect to the RFID passports... > > Um, uh...surely once in a while the RFID tag is going to get corrupted > or something...right? I'd bet it ends up happening all the time. In > those cases they probably have to fall back upon the traditional >

Re: Multiple passports?

On 10/30/05, Gregory Hicks <[EMAIL PROTECTED]> wrote: > The only people that I knew that had two passports were those with an > "Official" (red) passport or a "Diplomatic" (black) passport. If they > wanted to go play tourist, they had to also have a "tourist" (Blue) > passport. I wasn't able to

Re: Multiple passports?

> Date: Sun, 30 Oct 2005 03:05:25 + > From: Justin <[EMAIL PROTECTED]> > > If I apply for a new one now, and then apply for a another one once > the gov starts RFID-enabling them, will the first one be > invalidated? Or can I have two passports, the one without RFID to > use, and the one wit

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

On 10/28/05, Daniel A. Nagy <[EMAIL PROTECTED]> wrote: > Irreversibility of transactions hinges on two features of the proposed > systetm: the fundamentally irreversible nature of publishing information in > the public records and the fact that in order to invalidate a secret, one > needs to know i

RE: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants start

ly-To: [EMAIL PROTECTED] Begin forwarded message: From: Edward Hasbrouck <[EMAIL PROTECTED]> Date: October 28, 2005 11:07:28 AM EDT To: [EMAIL PROTECTED] Subject: Re: [IP] more on U.S. passports to receive RFID implants starting in October 2006 [priv] >From: "Lin, Herb" &

Re: Return of the death of cypherpunks.

-- James A. Donald: > > Since cryptography these days is routine and > > uncontroversial, there is no longer any strong > > reason for the cypherpunks list to continue to > > exist. John Kelsey > The ratio of political wanking to technical posts and > of talkers to thinkers to coders needs

Re: Return of the death of cypherpunks.

>From: "James A. Donald" <[EMAIL PROTECTED]> >Sent: Oct 28, 2005 12:09 PM >To: [EMAIL PROTECTED] >Subject: Return of the death of cypherpunks. >From: Eugen Leitl <[EMAIL PROTECTED]> ... >> The list needs not to stay dead, with some finite >> effort on our part (all of us) we can well resurrect >

Re: On Digital Cash-like Payment Systems

>From: cyphrpunk <[EMAIL PROTECTED]> >Sent: Oct 27, 2005 9:15 PM >To: "James A. Donald" <[EMAIL PROTECTED]> >Cc: cryptography@metzdowd.com, [EMAIL PROTECTED] >Subject: Re: On Digital Cash-like Payment Systems >On 10/26/05, James A. Donald <[EMAIL PROTE

RE: Return of the death of cypherpunks.

I don't agree. One thing we do know is that, although Crypto is available and, in special contexts, used, it's use in other contexts is almost counterproduct, sending up a red flag so that those that "Protect Our Freedoms" will come sniffing around and bring to bear their full arsenal of tech

Re: packet traffic analysis

one optimization is to stop encrypting when switching on the chaff. The peer can then encrypt the escape sequence as it would appear in the encrypted stream, and do a simple string match on that. In this manner the peer does not have to do any decryption until the [encrypted] escape sequence re-appear

Re: packet traffic analysis

Good catch on the encryption. I feel silly for not thinking of it. > If your plaintext consists primarily of small packets, you should set the MTU > of the transporter to be small. This will cause fragmentation of the > large packets, which is the price you have to pay. Conversely, if your > p

Re: Any comments on BlueGem's LocalSSL?

At 7:51 PM -0400 10/28/05, R.A. Hettinga wrote: >OTOH, if markets overtake the DRM issue, ^" moot", was what I meant to say... Anyway, you get the idea. Cheers, RAH -- - R. A. Hettinga The Internet Bearer Underwriting Corporation

Re: Any comments on BlueGem's LocalSSL?

At 11:10 AM -0700 10/28/05, James A. Donald wrote: >I am a reluctant convert to DRM. At least with DRM, we >face a smaller number of threats. I have had it explained to me, many times more than I want to remember, :-), that strong crypto is strong crypto. It's not that I'm unconvinceable, but I'

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

On Fri, Oct 28, 2005 at 02:18:43PM -0700, cyphrpunk wrote: > In particular I have concerns about the finality and irreversibility > of payments, given that the issuer keeps track of each token as it > progresses through the system. Whenever one token is exchanged for a > new one, the issuer record

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

One other point with regard to Daniel Nagy's paper at http://www.epointsystem.org/~nagydani/ICETE2005.pdf A good way to organize papers like this is to first present the desired properties of systems like yours (and optionally show that other systems fail to meet one or more of these properties);

Re: Any comments on BlueGem's LocalSSL?

-- R.A. Hettinga" <[EMAIL PROTECTED]> > Intel doing their current crypto/DRM stuff, [...] You > know they're going to do evil, but at least the > *other* malware goes away. I am a reluctant convert to DRM. At least with DRM, we face a smaller number of threats. --digsig James A

Re: [PracticalSecurity] Anonymity - great technology but hardly used

>From: Eugen Leitl <[EMAIL PROTECTED]> >Sent: Oct 27, 2005 3:22 AM >To: "Shawn K. Quinn" <[EMAIL PROTECTED]>, [EMAIL PROTECTED] >Subject: Re: [PracticalSecurity] Anonymity - great technology but hardly used ... >It's never about merit, and not e

Re: [PracticalSecurity] Anonymity - great technology but hardly used

On Thu, Oct 27, 2005 at 11:28:42PM -0400, R.A. Hettinga wrote: > The cypherpunks list is about anything we want it to be. At this stage in > the lifecycle (post-nuclear-armageddon-weeds-in-the-rubble), it's more > about the crazy bastards who are still here than it is about just about > anything e

[EMAIL PROTECTED]: RE: [p2p-hackers] P2P Authentication]

- Forwarded message from Matthew Kaufman <[EMAIL PROTECTED]> - From: Matthew Kaufman <[EMAIL PROTECTED]> Date: Thu, 27 Oct 2005 19:28:53 -0700 To: "'Peer-to-peer development.'" <[EMAIL PROTECTED]> Subject: RE: [p2p-hackers] P2P Authentication X-M

Re: [PracticalSecurity] Anonymity - great technology but hardly used

At 8:41 PM -0700 10/27/05, cyphrpunk wrote: >Where else are you going to talk about >this shit? Talk about it here, of course. Just don't expect anyone to listen to you when you play list-mommie. Cheers, RAH -- - R. A. Hettinga The Internet Bearer Underwriting Corporation

Re: Any comments on BlueGem's LocalSSL?

At 9:11 PM +1300 10/28/05, Peter Gutmann wrote: >The West Coast Labs tests report that they successfully evade all known >sniffers, which doesn't actually mean much since all it proves is that >LocalSSL is sufficiently 0-day that none of the sniffers target it yet. The >use of SSL to get the keyst

Re: [EMAIL PROTECTED]: Re: [p2p-hackers] P2P Authentication]

At 9:27 PM -0700 10/27/05, cyphrpunk wrote: >Every key has passed >through dozens of hands before you get to see it. What are the odds >that nobody's fucked with it in all that time? You're going to put >that thing in your mouth? I don't think so. So, as Carl Ellison says, get it from the source.

Re: [EMAIL PROTECTED]: Re: [p2p-hackers] P2P Authentication]

> From: Kerry Bonin <[EMAIL PROTECTED]> > Date: Thu, 27 Oct 2005 06:52:57 -0700 > To: [EMAIL PROTECTED], "Peer-to-peer development." <[EMAIL PROTECTED]> > Subject: Re: [p2p-hackers] P2P Authentication > User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)

Re: On Digital Cash-like Payment Systems

On 10/26/05, James A. Donald <[EMAIL PROTECTED]> wrote: > How does one inflate a key? Just make it bigger by adding redundancy and padding, before you encrypt it and store it on your disk. That way the attacker who wants to steal your keyring sees a 4 GB encrypted file which actually holds about a

Re: [EMAIL PROTECTED]: Skype security evaluation]

Wasn't there a rumor last year that Skype didn't do any encryption padding, it just did a straight exponentiation of the plaintext? Would that be safe, if as the report suggests, the data being encrypted is 128 random bits (and assuming the encryption exponent is considerably bigger than 3)? Seems

Re: [PracticalSecurity] Anonymity - great technology but hardly used

On Thu, 2005-10-27 at 23:28 -0400, R.A. Hettinga wrote: > RAH > Who thinks anything Microsoft makes these days is, by definition, a > security risk. Indeed, the amount of trust I'm willing to place in a piece of software is quite related to how much of its source code is available for review. Surp

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

On 10/25/05, Travis H. <[EMAIL PROTECTED]> wrote: > More on topic, I recently heard about a scam involving differential > reversibility between two remote payment systems. The fraudster sends > you an email asking you to make a Western Union payment to a third > party, and deposits the requested a

Re: [PracticalSecurity] Anonymity - great technology but hardly used

On Thu, 2005-10-27 at 20:18 -0700, cyphrpunk wrote: > This is off-topic. Let's not degenerate into random Microsoft bashing. > Keep the focus on anonymity. That's what the cypherpunks list is > about. Sorry, but I have to disagree. I highly doubt that Microsoft is interested in helping users of th

Re: [PracticalSecurity] Anonymity - great technology but hardly used

> The cypherpunks list is about anything we want it to be. At this stage in > the lifecycle (post-nuclear-armageddon-weeds-in-the-rubble), it's more > about the crazy bastards who are still here than it is about just about > anything else. Fine, I want it to be about crypto and anonymity. You can

Re: [PracticalSecurity] Anonymity - great technology but hardly used

At 8:18 PM -0700 10/27/05, cyphrpunk wrote: >Keep the focus on anonymity. That's what the cypherpunks list is >about. Please. The cypherpunks list is about anything we want it to be. At this stage in the lifecycle (post-nuclear-armageddon-weeds-in-the-rubble), it's more about the crazy bastards w

Re: [PracticalSecurity] Anonymity - great technology but hardly used

On 10/26/05, Shawn K. Quinn <[EMAIL PROTECTED]> wrote: > On Tue, 2005-10-25 at 23:40 -0500, Travis H. wrote: > > Many of the anonymity protocols require multiple participants, and > > thus are subject to what economists call "network externalities". The > > best example I can think of is Microsoft

Re: [PracticalSecurity] Anonymity - great technology but hardly used

At 12:23 PM -0700 10/27/05, Major Variola (ret) wrote: >Why don't you send her comma-delimited text, Excel can import it? But, but... You can't put Visual *BASIC* in comma delimited text... ;-) Cheers, RAH Yet another virus vector. Bah! :-) -- - R. A. Hettinga The Internet Bea

Re: [PracticalSecurity] Anonymity - great technology but hardly used

At 08:41 PM 10/26/05 -0500, Shawn K. Quinn wrote: >On Tue, 2005-10-25 at 23:40 -0500, Travis H. wrote: >> Many of the anonymity protocols require multiple participants, and >> thus are subject to what economists call "network externalities". The >> best example I can think of is Microsoft Office fi

[EMAIL PROTECTED]: Re: [p2p-hackers] P2P Authentication]

- Forwarded message from Kerry Bonin <[EMAIL PROTECTED]> - From: Kerry Bonin <[EMAIL PROTECTED]> Date: Thu, 27 Oct 2005 06:52:57 -0700 To: [EMAIL PROTECTED], "Peer-to-peer development." <[EMAIL PROTECTED]> Subject: Re: [p2p-hackers] P2P Authentication User-Agen

Re: [PracticalSecurity] Anonymity - great technology but hardly used

On Wed, Oct 26, 2005 at 08:41:48PM -0500, Shawn K. Quinn wrote: > 1) You have told your HR person what a bad idea it is to introduce a > dependency on a proprietary file format, right? Telling is useless. Are you in a sufficient position of power to make them stop using it? I doubt it, because th

Re: Can you help?

Thanks for notifying us with your weight problem concerns. Our 2 Nutritionists are online 24 hours a day to answer your questions or concerns. Charles Hernandez and Pamela King have been nutritionists for the past 10 years and are recommending that you try a 2-3 month supply of hoodia. Th

Re: [PracticalSecurity] Anonymity - great technology but hardly used

On Tue, 2005-10-25 at 23:40 -0500, Travis H. wrote: > Many of the anonymity protocols require multiple participants, and > thus are subject to what economists call "network externalities". The > best example I can think of is Microsoft Office file formats. I don't > buy MS Office because it's the

Re: [PracticalSecurity] Anonymity - great technology but hardly used

Travis H. wrote: > Part of the problem is using a packet-switched network; if we had > circuit-based, then thwarting traffic analysis is easy; you just fill > the link with random garbage when not transmitting packets. I > considered doing this with SLIP back before broadband (back when my > frien

Re: [PracticalSecurity] Anonymity - great technology but hardly used

Hello, At 25/10/05 07:18, cyphrpunk wrote: > http://www.hbarel.com/Blog/entry0006.html > > I believe that for anonymity and pseudonymity technologies to survive > they have to be applied to applications that require them by design, > rather than to mass-market applications that can also do (

Re: [PracticalSecurity] Anonymity - great technology but hardly used

On 2005-10-26T08:21:08+0200, Stephan Neuhaus wrote: > cyphrpunk wrote: > > The main threat to > > this illegal but widely practiced activity is legal action by > > copyright holders against individual traders. The only effective > > protection against these threats is the barrier that could be prov

Re: [PracticalSecurity] Anonymity - great technology but hardly used

On Wed, 26 Oct 2005, JЖrn Schmidt wrote: > --- "Travis H." <[EMAIL PROTECTED]> wrote: > > [snip] > > Another issue involves the ease of use when switching between a > > [slower] anonymous service and a fast non-anonymous service. I > > have a tool called metaprox on my website (see URL in sig) th

Re: On the orthogonality of anonymity to current market demand

-- John Kelsey > What's with the heat-death nonsense? Physical bearer > instruments imply stout locks and vaults and alarm > systems and armed guards and all the rest, all the way > down to infrastructure like police forces and armies > (private or public) to avoid having the biggest gang > en

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

John Kelsey wrote: From: cyphrpunk <[EMAIL PROTECTED]> Digital wallets will require real security in user PCs. Still I don't see why we don't already have this problem with online banking and similar financial services. Couldn't a virus today steal people's passwords and command their banks to tr

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

-- Steve Schear <[EMAIL PROTECTED]> > Yes, but unfortunately it is not clear at all that > courts would find the opposite, either. If a lawsuit > names the currency issuer as a defendant, which it > almost certainly would, a judge might order the > issuer's finances frozen or impose other meas

Re: [EMAIL PROTECTED]: Skype security evaluation]

On Mon, 24 Oct 2005, cyphrpunk wrote: > Is it possible that Skype doesn't use RSA encryption? Or if they do, > do they do it without using any padding, and is that safe? You may want to read the report itself: http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf an

Re: [PracticalSecurity] Anonymity - great technology but hardly used

--- "Travis H." <[EMAIL PROTECTED]> wrote: [snip] > Another issue involves the ease of use when switching between a > [slower] anonymous service and a fast non-anonymous service. I have > a > tool called metaprox on my website (see URL in sig) that allows you > to > choose what proxies you use on

RE: crypto on sonet is free, Tyler

Yo Variola! Did you notice the date stamp on that post? Did you do a stint on "Survivor" or something? Or as I said to the short-lived Tom Veil, "What, no Starbucks near your Unabomber shack?" -TD From: "Major Variola (ret)" <[EMAIL PROTECTED]> To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>

RE: [EMAIL PROTECTED]: Skype security evaluation]

hy@metzdowd.com; [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Skype security evaluation] On 10/23/05, Travis H. <[EMAIL PROTECTED]> wrote: > My understanding of the peer-to-peer key agreement protocol (hereafter > p2pka) is based on section 3.3 and 3.4.2 and is something like this

Re: On the orthogonality of anonymity to current market demand

>From: "R.A. Hettinga" <[EMAIL PROTECTED]> >Sent: Oct 25, 2005 8:34 AM >To: cryptography@metzdowd.com, [EMAIL PROTECTED] >Subject: On the orthogonality of anonymity to current market demand ... >That is to say, your analysis conflicts with the whole trend towards >T-0 trading, execution, clearing

Re: [PracticalSecurity] Anonymity - great technology but hardly used

cyphrpunk wrote: The main threat to this illegal but widely practiced activity is legal action by copyright holders against individual traders. The only effective protection against these threats is the barrier that could be provided by anonymity. An effective, anonymous file sharing network woul

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

> If you have > to be that confident in your computer security to use the payment > system, it's not going to have many clients. Maybe the trusted computing platform (palladium) may have something to offer after all, namely enabling naive users to use services that require confidence in their own

Re: [PracticalSecurity] Anonymity - great technology but hardly used

Part of the problem is using a packet-switched network; if we had circuit-based, then thwarting traffic analysis is easy; you just fill the link with random garbage when not transmitting packets. I considered doing this with SLIP back before broadband (back when my friend was my ISP). There are t

RE: info you requested B0568

Hi, I sent you an email last week and need to confirm everything now. Please read the info below and let me know if you have any questions. We are accepting your mortgage refinance application. If you have poor credit, it is ok. You can get a refinance loan for a rock-bottom payment. Approv

RE: On special objects, and Judy Miller's treason

Its unfortunate that some posters had to be reminded that anyone calling for government-licensed "reporters" (and "religions", as one author included) deserves to have their carbon recycled, because of the treason to the BoR. Tim May used to call government licensed citizens "special objects". S

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-l ike Payment Systems

| U.S. law generally requires that stolen goods be returned to the | original owner without compensation to the current holder, even if | they had been purchased legitimately (from the thief or his agent) by | an innocent third party. This is incorrect. The law draws a distinction between recogniz

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

>From: cyphrpunk <[EMAIL PROTECTED]> >Sent: Oct 24, 2005 5:58 PM >To: John Kelsey <[EMAIL PROTECTED]> >Subject: Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like >Payment Systems ... >Digital wallets will require real security in user PCs. S

Re: [PracticalSecurity] Anonymity - great technology but hardly used

> http://www.hbarel.com/Blog/entry0006.html > > I believe that for anonymity and pseudonymity technologies to survive > they have to be applied to applications that require them by design, > rather than to mass-market applications that can also do (cheaper) > without. If anonymity mechanisms a

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

One intresting security measure protecting valuable digital assets (WM protects private keys this way) is "inflating" them before encryption. While it does not protect agains trojan applications, it does a surprisingly good job at reducing attacks following the key logging + file theft pattern. T

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

On Mon, Oct 24, 2005 at 02:58:32PM -0700, cyphrpunk wrote: > Digital wallets will require real security in user PCs. Still I don't > see why we don't already have this problem with online banking and > similar financial services. Couldn't a virus today steal people's > passwords and command their

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

On 10/24/05, John Kelsey <[EMAIL PROTECTED]> wrote: > More to the point, an irreversible payment system raises big practical > problems in a world full of very hard-to-secure PCs running the > relevant software. One exploitable software bug, properly used, can > steal an enormous amount of money i

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

On 10/24/05, Steve Schear <[EMAIL PROTECTED]> wrote: > I don't think E-gold ever held out its system as non-reversible with proper > court order. All reverses I am aware happened either due to some technical > problem with their system or an order from a court of competence in the > matter at hand

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

From: cyphrpunk <[EMAIL PROTECTED]> Sent: Oct 24, 2005 2:14 PM Subject: Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems On 10/22/05, Ian G <[EMAIL PROTECTED]> wrote: >Note that e-gold, which originally sold non-reversibility as a key >ben

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

At 11:14 AM 10/24/2005, cyphrpunk wrote: Note that e-gold, which originally sold non-reversibility as a key benefit of the system, found that this feature attracted Ponzi schemes and fraudsters of all stripes, and eventually it was forced to reverse transactions and freeze accounts. It's not cle

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

On 10/22/05, Ian G <[EMAIL PROTECTED]> wrote: > R. Hirschfeld wrote: > > This is not strictly correct. The payer can reveal the blinding > > factor, making the payment traceable. I believe Chaum deliberately > > chose for one-way untraceability (untraceable by the payee but not by > > the payer)

Re: [EMAIL PROTECTED]: Skype security evaluation]

On 10/23/05, Travis H. <[EMAIL PROTECTED]> wrote: > My understanding of the peer-to-peer key agreement protocol (hereafter > p2pka) is based on section 3.3 and 3.4.2 and is something like this: > > A -> B: N_ab > B -> A: N_ba > B -> A: Sign{f(N_ab)}_a > A -> B: Sign{f(N_ba)}_b > A -> B: Sign{A, K_a

[EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Skype security evaluation]]

- Forwarded message from Damien Miller <[EMAIL PROTECTED]> - From: Damien Miller <[EMAIL PROTECTED]> Date: Mon, 24 Oct 2005 12:39:42 +1000 (EST) To: cryptography@metzdowd.com Cc: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Skype security evaluation] On Sun, 23 Oct

[EMAIL PROTECTED]: Re: Publicizing Hidden Services]

- Forwarded message from Roger Dingledine <[EMAIL PROTECTED]> - From: Roger Dingledine <[EMAIL PROTECTED]> Date: Sun, 23 Oct 2005 23:41:20 -0400 To: [EMAIL PROTECTED] Subject: Re: Publicizing Hidden Services User-Agent: Mutt/1.5.9i Reply-To: [EMAIL PROTECTED] On Sun, Oct 23

[EMAIL PROTECTED]: Re: Access for the uncomputed]

- Forwarded message from Geoffrey Goodell <[EMAIL PROTECTED]> - From: Geoffrey Goodell <[EMAIL PROTECTED]> Date: Sun, 23 Oct 2005 21:54:04 -0400 To: [EMAIL PROTECTED] Subject: Re: Access for the uncomputed User-Agent: Mutt/1.5.6+20040907i Reply-To: [EMAIL PROTECTED] I see th

Re: [EMAIL PROTECTED]: Skype security evaluation]

egistrar. 3) It looks like the peer-to-peer communication involves the same key, SK_AB, in both directions, opening the door for keystream re-use, but there's 64 bits of presumably random salt so it shouldn't be very common. Vagueness: 1) They use an unencrypted 2-byte CRC on each packet

Re: [EMAIL PROTECTED]: Skype security evaluation]

- Original Message - Subject: [Tom Berson Skype Security Evaluation] Tom Berson's conclusion is incorrect. One needs only to take a look at the publicly available information. I couldn't find an immediate reference directly from the Skype website, but it uses 1024-bit RSA keys, the cover

Re: Morris's V story

I am in good health and have always enjoyed sex. I was losing my erection during intercourse and during oral sex with my girlfriend. It was difficult to pinpoint the problem so I decided to order some Vjagrra online. I ordered my Vjagrra which arrived in several days. I ordered 4x100mg pills an

Re: Judy Miller needing killing

>The question is, can >she defy a subpoena based on membership in the privileged Reporter class >that an "ordinary" person could not defy? It seems like the real question is how membership in the class is determined. If anyone who's acting like a reporter in a certain context (say, Adam Shosta

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

R. Hirschfeld wrote: Date: Thu, 20 Oct 2005 11:31:39 -0700 From: cyphrpunk <[EMAIL PROTECTED]> 2. Cash payments are final. After the fact, the paying party has no means to reverse the payment. We call this property of cash transactions _irreversibility_. Certainly Chaum ecash has this prope

Re: cypherpunks@minder.net closing on 11/1

On 10/13/05, Brian Minder <[EMAIL PROTECTED]> wrote: > The minder.net CDR node will be shutting down on November 1, 2005. This > includes the cypherpunks-moderated list. Please adjust your subscriptions > accordingly. Gmail would facilitate automating a new cypherpunks-moderated list. Gmail's sp

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

At 11:17 AM -0700 10/21/05, someone who can't afford a vowel, Alex, ;-) expressed his anal glands thusly in my general direction: >You're such an asshole. My, my. Tetchy, this morning, oh vowelless one... At 11:17 AM -0700 10/21/05, cyphrpunk wrote: >This is what you characterized as a "unitary

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

On 10/20/05, Daniel A. Nagy <[EMAIL PROTECTED]> wrote: > On Thu, Oct 20, 2005 at 03:36:54PM -0700, cyphrpunk wrote: > > As far as the issue of receipts in Chaumian ecash, there have been a > > couple of approaches discussed. > > > > The simplest goes like this. If Alice will pay Bob, Bob supplies A

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

On 10/20/05, R.A. Hettinga <[EMAIL PROTECTED]> wrote: > At 12:32 AM +0200 10/21/05, Daniel A. Nagy wrote: > >Could you give us a reference to this one, please? > > Google is your friend, dude. > > Before making unitary global claims like you just did, you might consider > consulting the literature.

  1   2   3   4   5   6   7   8   9   10   >