/s_lenslok.php
--
Darren J Moffat
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
have a
place to store an IV. So every encrypted ZFS block is self contained,
has an IV and a 16 byte MAC. This means that the crypto is all
standards based algorithms and modes for ZFS.
http://hub.opensolaris.org/bin/view/Project+zfs-crypto/
--
Darren J Moffat
, but is it ?
Option 6
IV 96 bits
MAC 96 bits
ChecksumSHA224 or SHA256 truncated to 192 bits
--
Darren J Moffat
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography
was) the case http://en.wikipedia.org/wiki/FileVault
There is also a sleep mode issue identified by the NSA:
http://crypto.nsa.org/vilefault/23C3-VileFault.pdf
TrueCrypt on the other hand uses AES in XTS mode so you get
confidentiality and integrity.
--
Darren J Moffat
Hal Finney wrote:
Darren J Moffat darren.mof...@sun.com asks:
Ignoring performance for now what is the consensus on the suitabilty of
using AES-GMAC not as MAC but as a hash ?
Would it be safe ?
The key input to AES-GMAC would be something well known to the data
and/or software.
No, I
.
--
Darren J Moffat
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
to be accepted practice even in
organisations that by policy don't want passphrase/PIN on disk.
--
Darren J Moffat
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
they are sometimes used for
identification I know I have never been asked for mine other than by an
employer or suitably authorised government body how has a real need to know.
--
Darren J Moffat
-
The Cryptography Mailing List
Unsubscribe
reference here is aimed at iTunes. You do know that
iTunes Music Store no longer uses any DRM right ?
--
Darren J Moffat
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
and
re-encrypt the data. Note this doesn't help rsync though since the
stream format is specific to ZFS.
[1] http://opensolaris.org/os/project/zfs-crypto/
--
Darren J Moffat
-
The Cryptography Mailing List
Unsubscribe by sending
support available.
--
Darren J Moffat
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
wanted to put on in machines that didn't
have PCIe capability.
--
Darren J Moffat
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
up with replacements) but I didn't think there'd be much
problem with finding the necessary hardware, unless you've got some particular
requirement that rules a lot of it out.
The Sun CA-6000 card I just pointed to in my other email is such a card
it uses Broadcom 582x.
--
Darren J Moffat
the apps important to you for some other reason. It also very much
depends on why the app uses the crypto algorithm in question, and in the
case of digest/hash algorithms wither they are key'd (HMAC) or not.
--
Darren J Moffat
thing it still doesn't mean
anything real about trust all it really means is how much money was
invested in getting the cert and setting up the correct information
about the company identity behind it.
--
Darren J Moffat
] the only
thing that will work is stopping the page being seen - replacing it with
a clearly worded explanation with *no* way to pass through and render
the page (okay maybe with a debug build of the browser but not in the
shipped product).
--
Darren J Moffat
On Tue, Apr 01, 2008 at 12:47:45AM +1300, Peter Gutmann wrote:
Actually there are already companies doing something like this, but they've
run into a problem that no-one has ever considered so far: The GTCYM needs a
(relatively) high-bandwidth connection to a remote server, and there's no easy
Ed Gerck wrote:
BTW, one may wonder what is really happening. Any other reports?
The NYT today had this article:
http://www.nytimes.com/2007/08/17/business/17ebay.html
Wren
begin:vcard
fn:J. Wren Hunt
n:Hunt;J. Wren
adr;dom:;;;Cambridge;MA;02138
email;internet:[EMAIL PROTECTED]
title:Sr
On Fri, Mar 24, 2006 at 06:47:07PM -, Dave Korn wrote:
J. Bruce Fields wrote:
If all that information's printed on the outside of the card, then
isn't this battle kind of lost the moment you hand the card to them?
1- I don't hand it to them. I put it in the chip-and-pin card reader
On Thu, Mar 23, 2006 at 08:15:50PM -, Dave Korn wrote:
So what they've been doing at my local branch of Marks Spencer for the
past few weeks is, at the end of the transaction after the (now always
chip'n'pin-based) card reader finishes authorizing your transaction, the
cashier at the
--- Lee Parkes [EMAIL PROTECTED] wrote:
Hi,
A colleague of mine is locked in a battle with a client about the use
of
NULL ciphers for OpenSSL. The client claims that he has/wants to
allow NULL
ciphers so that people in countries that ban the use of crypto can
still use
the website. My
--- Travis H. [EMAIL PROTECTED] wrote:
[snip]
Another issue involves the ease of use when switching between a
[slower] anonymous service and a fast non-anonymous service. I have
a
tool called metaprox on my website (see URL in sig) that allows you
to
choose what proxies you use on a
--- Dan Kaminsky [EMAIL PROTECTED] wrote:
Bank Of America put my photo on my ATM card back in '97. They're
shipping me a new one right now, so I assume they kept it in the DB.
My local bank asked me apply for a Visa photo credit card back in 1998.
There were two problems though:
1.) Their
--- John Denker [EMAIL PROTECTED] wrote:
[...]
It's only a problem if somebody uses that _identifying_
information to spoof the _authorization_ for some
transaction. [...]
Identifying information cannot be kept secret. There's
no point in trying to keep it secret. Getting a new
SSN
--- [EMAIL PROTECTED] wrote:
[decline in credit card fraud]
Interesting statistics.
[...]
But these are still considerable numbers, [...]
I totally agree. And I would just like to make a quick point: the
credit card companies (especially Visa/Mastercard) have been very
agressive in fraud
(and, I think, more clearly) in my paper. My paper also analyzes the
merits of various defenses against the attack.
---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago
attacks.
(Subsequent versions of the poly1305 paper report even more timing
information but, for space reasons, have to compress the information
into small graphs. Big tables are on the web.)
---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science
undergraduate will figure out a remote exploit for a less extreme
form of the effect.
Section 13 of my paper discusses a solution to the interrupt problem,
but that solution requires massive software changes. I'm not aware of
simpler solutions.
---D. J. Bernstein, Associate Professor, Department
On 6/21/05, Florian Weimer [EMAIL PROTECTED] wrote:
Also there are several attacks on Chip n' PIN as deployed here in
the UK, starting with the fake reader attacks - for
instance, a fake reader says you are authorising a payment for
$6.99 while in fact the card and PIN are being used to
is considered to be a fatal flaw in a cryptographic standard. The user
isn't supposed to have to worry that someone who influences part of the
plaintext will be able to read all the rest.
---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science
fight than one
might expect. This is why we have combined both sides of the debate to
produce a dual licensed product that has the security benefits of open
source, with the market responsibility of a commercial product.
J Harper
PeerSec Networks
http://www.peersec.com
- Original Message
This barely deserves mention, but is worth it for the humor:
Information Security Expert says SSL (Secure Socket Layer) is Nothing More
Than a Condom that Just Protects the Pipe
http://www.prweb.com/releases/2004/7/prweb141248.htm
On Wed, Jun 09, 2004 at 04:56:03PM -0400, Perry E. Metzger wrote:
Actual practical impact on cryptography? Likely zero, even if it turns
out the proof is correct (which of course we don't know yet), but it
still is neat for math geeks.
Also, the impact of such a proof is often that it
adoption of standard security protocols in Internet enabled devices.
J Harper
PeerSec Networks
http://www.peersec.com
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
if desired.
J Harper
PeerSec Networks
http://www.peersec.com
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Markowitz [EMAIL PROTECTED]
To: J Harper [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, November 25, 2003 5:23 PM
Subject: Re: Open Source Embedded SSL - Export Questions
J Harper wrote:
pointers to documentation on the steps required for government
registration
The official site
on current release.
Any word on whether it's OK to use the TLS AES cipher suite with SSLv3?
J
-Original Message-
From: Sidney Markowitz [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 26, 2003 5:13 PM
To: J Harper
Cc: [EMAIL PROTECTED]
Subject: Re: Open Source Embedded SSL
wondering how
they handled the situation.
Thanks,
J Harper
PeerSec Networks
http://www.peersec.com
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
38 matches
Mail list logo