On May 5, 2016 2:22 PM, wrote:
>
> I think this sums it up well. Today you are thrown into having to know
> what to do specifically because it's a system level problem (matching
> entropy sources to extractors to PRNGs to consuming functions).
>
> The OS kernel does a thing
Just reflecting on the Linux RNG thread a bit ago, is there any technical
reason to have RNG in kernel space? There are things like haveged which
seem to work really well and putting or charging code in any kernel can be
a bit of a battle (as it should be with code as complex as that involving
http://www.technologyreview.com/news/544276/google-says-it-has-proved-its-controversial-quantum-computer-really-works/
Just curious what y'all think about NASA's research and Google's paper
(linked to in the article - I read the abstract, but not much else
yet) ?
Yahoo has always had lax security (weak spam filters, no bad pass lock, no
attachment virus scan). But as a news site (as long as their reporters get
to have better security), they don't do bad.
On Aug 3, 2015 10:03 PM, Patrick Pelletier c...@funwithsoftware.org
wrote:
I was on an e-commerce
On May 4, 2015 5:09 AM, Jane laterc...@consultant.com wrote:
Actually, in my oh so very humble opinion, world has enough reasonably
good VPNs that can operate on reasonably good connections.
What is lacking is something that can function transparently and
effectively on a very flakey
Good catch - it would seem 10 years old to be exact:
http://www.hostreview.com/news/050215geotrust.html
On Mon, Apr 6, 2015 at 10:30 AM, Peter Bowen pzbo...@gmail.com wrote:
I think that press release is years old. GeoTrust was bought by VeriSign
years ago who was then bought by Symantec.
I skimmed a few of those and noticed two submissions for signature
issues: RyanCastellucci, and AleksanderEssex. Is it normal for people
to find issues with the signing/verification process or is this just
coincidence?
On Sat, Mar 21, 2015 at 5:44 PM, Adam Caudill a...@adamcaudill.com wrote:
FYI
On Mar 7, 2015 9:11 PM, coderman coder...@gmail.com wrote:
On 3/7/15, Dave Horsfall d...@horsfall.org wrote:
On Sat, 7 Mar 2015, Kevin wrote:
No 1 vulnerability of crypto is the user
2nd passphrases
3rd overconfidence
4th trust in the producer
5th believing backdoors are No. 1
I'd look at the rfc before asking this.
You seem to be looking for application issue (overrun or parse issues)
which has nothing to do with the crypto. IIRC the password is padded up to
112 characters - Idr much more than that.
___
cryptography mailing
On Wed, Jan 7, 2015 at 2:40 PM, Jeffrey Goldberg jeff...@goldmark.org wrote:
On 2015-01-07, at 12:26 PM, Kevin kevinsisco61...@gmail.com wrote:
Any company could review it and decide if it's worth using or not.
Hi Kevin.
Actually that’s a part of my job within the company I work for. I’m
On Wed, Jan 7, 2015 at 1:26 PM, Kevin kevinsisco61...@gmail.com wrote:
Any company could review it and decide if it's worth using or not.
Ok, lets run with that - as a company, show me the steps (make file, a
test suite in any programming language, or just english if you
prefer), explain to
So the practical reason behind everyone saying unless you have
qualifications, etc, don't do this is because, even if you make
something and say it's just for your learning or a joke or w/e,
someone (no joke) *will* use it and then some Fortune 500 will fall
over because of your joke code. So,
You can smartly limit resolution in squid - I don't trust this is what
they were doing, but you could provide a better experience like this.
On Tue, Jan 6, 2015 at 11:01 AM, Peter Maxwell pe...@allicient.co.uk wrote:
On 6 January 2015 at 15:40, Jeffrey Altman jalt...@secure-endpoints.com
Does anyone have a best practice options to use in use for self signed
certs with openssl?
I just noticed that default_md = md5 was in most examples and a
debian/ubuntu bug to up the default to sha1 and i think the best md
openssl supports is sha256. So I figured I'd see if anyone had made
some
I've created a @cryptopartydc twitter account where I'll put more
frequent updates.
On Sun, Aug 17, 2014 at 5:51 PM, shawn wilson ag4ve...@gmail.com wrote:
Is anyone (or know anyone) in the DC area who would like to talk at
this event? The focus is on defensive security, identity, and tools
is interested, the hacdc forum is an open Google group or
you can email me (I can also provide another email that I use gpg with
if you'd prefer).
-- Forwarded message --
From: shawn wilson ag4ve...@gmail.com
Date: Sun, Jun 8, 2014 at 7:27 PM
Subject: Cryptoparty 2014 - Hi my name
I just use gpg and armor the file. If its text, there's also a vim plugin
that works perfectly with this method.
On Aug 16, 2014 12:06 AM, Mark Thomas mark00tho...@gmail.com wrote:
I have a question for the group, if I may ask it here and in this manner
(?).
What are you guys using to encrypt
On Thu, Jul 10, 2014 at 10:52 PM, Tony Arcieri basc...@gmail.com wrote:
On Thu, Jul 10, 2014 at 4:45 PM, John Young j...@pipeline.com wrote:
This is the comsec dilemma. If a product or system becomes mainstream
it is more likely to be overtly and/or covertly compromised.
I don't find this a
So I trust EFF's analysis more here. However this is newer than the latest
article I've seen from EFF. So, where's Bloomberg's technical analysis on
the subject?
On Apr 11, 2014 5:50 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Thu, Apr 10, 2014 at 10:31 PM, John Levine jo...@iecc.com wrote:
Well, the operating system clears memory when it is allocated to a new
process,
That's plenty bad, of course.
Yeah, too bad none of that memory can be made executable :)
___
On Apr 8, 2014 2:03 AM, Edwin Chu edwinche...@gmail.com wrote:
I am not openssl expert and here is just my observation.
TLS frame messages into length-prefixed records. Each records has a
1 byte contentType and a 2 byte record length, followed by the record
content and MAC.
Heartbeat
On Tue, Apr 8, 2014 at 3:18 PM, tpb-cry...@laposte.net wrote:
Message du 08/04/14 18:44
De : ianG
E.g., if we cannot show any damages from this breach, it isn't worth
spending a penny on it to fix! Yes, that's outrageous and will be
widely ignored ... but it is economically and
On list
-- Forwarded message --
From: shawn wilson ag4ve...@gmail.com
Date: Mar 2, 2014 11:37 AM
Subject: Re: [cryptography] Commercialized Attack Hardware on SmartPhones
To: Tom Ritter t...@ritter.vg
Cc:
How about a dictionary and rules. Even if you choose an alphanumeric
strong
If you'll notice that both political parties have expanded on the NSA's
mission, scope, and probably funding. I doubt there are any business motives
here. In fact, it seems to me there are the exact opposite. Though, since much
of government is now contracted out, I do wonder who this was
andrew cooke and...@acooke.org wrote:
it's difficult to know what would interest you, but there's a
collection of
puzzles / challenges that you can sign up for here -
http://www.matasano.com/articles/crypto-challenges/ - which are pretty
inteesting. you get to solve problems and at the same
On Wed, Nov 13, 2013 at 9:13 PM, Jeffrey Walton noloa...@gmail.com wrote:
Hi All,
Is anyone aware of a blacklist that includes those 150 million records
from Adobe's latest breach?
This is the only thing I've seen (haven't really looked):
http://stricture-group.com/files/adobe-top100.txt
I
Just an example of how to spend $250M.
Jared Hunter feralch...@gmail.com wrote:
New to the list, so I'm sorry if I missed it, but what was the evidence
presented that RSA took a $10M payoff to make Dual EC DRBG the default
in Crypto-C?
Thanks,
-Jared
On Sep 22, 2013, at 9:01 AM, Peter
James A. Donald jam...@echeque.com wrote:
On 2013-09-22 23:01, Peter Gutmann wrote:
You're assuming that someone got passed a suitcase full of cash and
that was
it. Far more likely that RSA got a $10M contract for some government
work and
at some point that included a request to make the
Does anyone have a list of processes people have come up with to create
images for hashes? The only one that I'm aware of is the randomart that
is generated when creating a keypair for ssh (
http://www.ece.cmu.edu/~adrian/projects/validation/validation.pdf)
I wanted a fuzzy solution - so an image
Per the purpose - this is to encrypt messages that generally traverse
TCP/53 (zone transfer and the like), correct?
On Thu, Sep 19, 2013 at 4:37 PM, pjklau...@gmail.com wrote:
Dear cryptographers,
I've been working privately on the design and proof-of-concept of an
enterprise messaging
Not exactly. I think havaged is better at this as you're relying on the same
type of data but with a single source. I also don't believe you want a
microphone inline in order to do this. You should rely purely on electric noise
with the ADC/mixer. I don't even think the volume level affects the
They're also not super good. They barely keep up with my ssh traffic and it
took ages to create a key for whatever Arch wanted (don't recall what).
On Mon, Aug 19, 2013 at 10:21 AM, Harald Hanche-Olsen
han...@math.ntnu.nowrote:
[Aaron Toponce aaron.topo...@gmail.com (2013-08-19 13:20:45 UTC)]
On Mon, Aug 19, 2013 at 11:31 AM, Aaron Toponce aaron.topo...@gmail.comwrote:
Hopefully they rise like a phoenix, and their product is for sale again. I
would like to purchase more.
No kidding. I think someone on here told me about them and I tried to get
one a bit later and couldn't. I
I thought that decent crypto programs (openssh, openssl, tls suites)
should read from random so they stay secure and don't start generating
/insecure/ data when entropy runs low. The only way I could see this
as being a smart thing to do is if these programs also looked at how
much entropy the
On Fri, Aug 16, 2013 at 10:03 AM, Swair Mehta swairme...@gmail.com wrote:
As far as I know, there is no measure like 50 or so for /dev/random.
/proc/sys/kernel/random/entropy_avail
___
cryptography mailing list
cryptography@randombit.net
Figured some here might be interrested in this...
Our password cracking contest started about 4 hours ago. Register
online and play along at home!
Or just watch the pretty stats as the participants duke it out.
http://contest-2013.korelogic.com/
And I really need to go to bed.
--
You
On Tue, Jul 30, 2013 at 1:51 AM, Andreas Bürki abue...@anidor.com wrote:
Am 30.07.2013 01:25, schrieb Tony Arcieri:
Here's the source of the data, if you're curious:
https://sks-keyservers.net/
To me as a boring consumer it looks curious, right:
I was not asked to keep this off list but removing attribution just in
case.
On Thu, May 30, 2013 at 8:49 PM, shawn wilson ag4ve...@gmail.com wrote:
Thanks for all of the input. In the end I think I'm going to go with
the simplest solution (along the way, I found ima-linux and signelf
on running GPG
and/or on data presented to user on screen, but minimizes the risk for a lot
of other possible mischief.
Criticisms concerning cookbooklet above more than welcome.
Sincerely, Erick
On 05/29/2013 07:20 AM, shawn wilson wrote:
This is sort of a trusting trust question. However
On Mar 27, 2013 11:38 PM, Jeffrey Goldberg jeff...@goldmark.org wrote:
http://blog.agilebits.com/2012/03/30/the-abcs-of-xry-not-so-simple-passcodes/
Days? Not sure about the algorithm but both ocl and jtr can be run in
parallel and idk why you'd try to crack a password on an arm device
On Fri, Dec 14, 2012 at 11:10 AM, Bernhard Amann
bernh...@icsi.berkeley.edu wrote:
Hi,
On Dec 14, 2012, at 4:25 AM, Ralph Holz h...@net.in.tum.de wrote:
Root-CAs are pictured as red nodes, intermediate CAs are green.
The node diameter scales logarithmically with the number of
certificates
41 matches
Mail list logo