[cryptography] Moderation (Was: US Appeals Court upholds right not to decrypt a drive)
[Kevin W. Wall kevin.w.w...@gmail.com (2012-02-27 01:50:40 UTC)] Well, we're already considerably OT, but since the moderator seems to be letting this thread play itself out, [...] Moderator? The list has a moderator? I had no idea. But seriously, we can all be moderators in the sense of asking nicely to take certain discussions elsewhere. I have done so myself recently, and others can too, if they wish. But I guess the majority is too fascinated by this thread to ask for an end to it. And you can argue that much of the discussion is on topic if the topic is construed broadly. I am not asking anybody to stop, at least not yet. (But some of the discussion about whether we need a government at all, fascinating as it is, really is off topic in my opinion.) - Harald ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] US Appeals Court upholds right not to decrypt a drive
James A. Donaldjam...@echeque.com writes: Hidden compartment? What hidden compartment? If I have one, you are welcome to search it. Go knock yourselves out. On 2012-02-27 1:30 PM, Peter Gutmann wrote: James, meet Bertha. Sorry about her cold hands, just give her a minute to get the gloves on. In the meantime if you'll drop your trousers... Yes, they can make me miss my flight, vandalize my luggage, and all that, but they cannot make me reveal that my truecrypt drive has a hidden inner volume. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Moderation (Was: US Appeals Court upholds right not to decrypt a drive)
On 2012-02-27 6:01 PM, Harald Hanche-Olsen wrote: And you can argue that much of the discussion is on topic if the topic is construed broadly. Ninety percent of cryptography is threats, in the sense that most of the failures we see around us, are failures to consider the real world in which the attack takes place. Those chilly gloves, while deeply disturbing, are unlikely to result in me revealing incriminating information that could result in jail time. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] US Appeals Court upholds right not to decrypt a drive
James A. Donaldjam...@echeque.com writes: Hidden compartment? What hidden compartment? If I have one, you are welcome to search it. Go knock yourselves out. On 2012-02-27 1:30 PM, Peter Gutmann wrote: James, meet Bertha. Sorry about her cold hands, just give her a minute to get the gloves on. In the meantime if you'll drop your trousers... James A. Donald wrote: Yes, they can make me miss my flight, vandalize my luggage, and all that, but they cannot make me reveal that my truecrypt drive has a hidden inner volume. There's a fundamental legal difference. It's called the administrative search exemption. Basically, the way the TSA can do such things is that they do it to everyone, and you are told beforehand that you will be subjected to such procedures. If such a search is applied only to some, it would be a violation of the fourth amendment. Similarly, secondary screening such as the unpleasantness you described is still illegal unless we get into Clear and Present territory. Josh E ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] (off-topic) Bitcoin is a repeated lesson in cryptography applications - was endgame
1. No offline transactions, which makes Bitcoin useless for a large class of transactions. On Mon, 27 Feb 2012, James A. Donald wrote: Smartphones. The implicit assumptions here, namely that * everyone who wants to make financial transactions carries a smartphone * smartphones never break down * smartphone batteries never run down * smartphones always have network connectivity don't always hold. I feel obliged to note that anyone carring an up-to-date wallet file can permit and validate transactions. If his/her wallet file is out of date double spending might occur, even then one might apply trust to still do transactions. [Another key bitcoin flaw is that it's not particularly anonymous in the face of NSA-level network surveillance. Cash *is* (remains) under these conditions.] Working on this. And the network problem. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Moderation (Was: US Appeals Court upholds right not to decrypt a drive)
On Mon, Feb 27, 2012 at 09:01:31AM +0100, Harald Hanche-Olsen wrote: [Kevin W. Wall kevin.w.w...@gmail.com (2012-02-27 01:50:40 UTC)] Well, we're already considerably OT, but since the moderator seems to be letting this thread play itself out, [...] Moderator? The list has a moderator? No. As it says on the tin at http://lists.randombit.net/mailman/listinfo/cryptography The list is entirely unmoderated... My assumption is that anyone who is interested and capable of moderating a crypto mailing list will inevitably find that they have more interesting things to do than moderating a crypto mailing list (the failure mode of cryptogra...@metzdowd.com). But seriously, we can all be moderators in the sense of asking nicely to take certain discussions elsewhere. That's the intent, and your efforts are appreciated. There was a long discussion about this approach and the possible failure modes early on. Obviously this strategy working well assumes a lot things about the nature of the list participants which may or may not be true. -Jack ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] (off-topic) Bitcoin is a repeated lesson in cryptography applications - was endgame
[Another key bitcoin flaw is that it's not particularly anonymous in the face of NSA-level network surveillance. Cash *is* (remains) under these conditions.] On 2012-02-27 10:26 PM, lodewijk andré de la porte wrote: Working on this. And the network problem. What is the plan? Seems to me that what bitcoin needs is banking layer on top of the bitcoin layer to issue chaumian coins, with bitcoins acting as gold for the banks as in free banking (with the potential for ponzis and bank failure. Of course bitcoin banks are unavoidably capable of doing a ponzi, thus one should not keep bitcoins in them for very long periods. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] (off-topic) Bitcoin is a repeated lesson in cryptography applications - was endgame
Hmm... Where have I heard of that idea before... http://disattention.com/78/digital-currencies-crypto-finance-and-open-source/#ot https://github.com/FellowTraveler/Open-Transactions https://github.com/FellowTraveler/Open-Transactions/wiki/FAQ UNTRACEABLE DIGITAL CASH? … FOR REAL? Is this the real stuff? With blinded tokens? As in, invented by David Chaum? Yes, Open Transactions provides a full and working implementation of Chaumian blinded tokens. Specifically, the Wagner variant as implemented by Ben Laurie in his Lucre Project It works just fine with Bitcoins. On Mon, Feb 27, 2012 at 21:53, James A. Donald jam...@echeque.com wrote: [Another key bitcoin flaw is that it's not particularly anonymous in the face of NSA-level network surveillance. Cash *is* (remains) under these conditions.] On 2012-02-27 10:26 PM, lodewijk andré de la porte wrote: Working on this. And the network problem. What is the plan? Seems to me that what bitcoin needs is banking layer on top of the bitcoin layer to issue chaumian coins, with bitcoins acting as gold for the banks as in free banking (with the potential for ponzis and bank failure. Of course bitcoin banks are unavoidably capable of doing a ponzi, thus one should not keep bitcoins in them for very long periods. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Moderation (Was: US Appeals Court upholds right not to decrypt a drive)
On 2012-02-27 10:45 PM, Jack Lloyd wrote: My assumption is that anyone who is interested and capable of moderating a crypto mailing list will inevitably find that they have more interesting things to do than moderating a crypto mailing list (the failure mode of cryptogra...@metzdowd.com). Discussion of rubber hose cryptography by the police, courts, customs and TSA appears to me to be on topic, even though some feel that rubber hose cryptography is off topic. The potentially disruptive death penalty thread was (eventually) taken off list, due to the self restraint of some of the participants. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] trustwave admits issuing corporate mitm certs
On Sat, Feb 25, 2012 at 4:54 PM, Marsh Ray ma...@extendedsubset.com wrote: ... Still it might be worth pointing that if Wells Fargo really wanted to forbid a Trustwave network-level MitM, SSL/TLS provides the capability to enforce that policy at the protocol level. They could configure their web app to require a client cert (either installed in the browser or from a smart card). many years ago at $my_old_telco_employer they supported web based call monitoring. they required a client side cert purchased from verisign specifically for the purpose. we had pages of documentation detailing how to generate the request, and add the cert into your browser. this was the first and only time i had ever used client certificates from a CA vendor in such a manner. mutual authentication... what a concept. is it really that rare? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] trustwave admits issuing corporate mitm certs
On Mon, Feb 27, 2012 at 6:08 PM, coderman coder...@gmail.com wrote: On Sat, Feb 25, 2012 at 4:54 PM, Marsh Ray ma...@extendedsubset.com wrote: ... Still it might be worth pointing that if Wells Fargo really wanted to forbid a Trustwave network-level MitM, SSL/TLS provides the capability to enforce that policy at the protocol level. They could configure their web app to require a client cert (either installed in the browser or from a smart card). many years ago at $my_old_telco_employer they supported web based call monitoring. they required a client side cert purchased from verisign specifically for the purpose. we had pages of documentation detailing how to generate the request, and add the cert into your browser. this was the first and only time i had ever used client certificates from a CA vendor in such a manner. mutual authentication... what a concept. is it really that rare? Very rare for residential consumers; not quite as rare for B2B transactions. For instance, we reguarly use if for B2B web services and require it when ILECs or CLECs are retrieving CPNI data. YMMV depending on your telco. -kevin -- Blog: http://off-the-wall-security.blogspot.com/ The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We *cause* accidents. -- Nathaniel Borenstein ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] use of mutual authentication (was: trustwave admits issuing corporate mitm certs)
On 28/02/12 10:08 AM, coderman wrote: On Sat, Feb 25, 2012 at 4:54 PM, Marsh Rayma...@extendedsubset.com wrote: mutual authentication... what a concept. is it really that rare? Not really. It is widely used in protocols that didn't drink the PKI kool-aid. Skype, SSH, SOX, DigiCash, all use it, to name a few. And they did so more or less naturally following good design processes. A particularly indicative data point is SSH which offered both client-side keys and passwords, and the latter sort of fell by the wayside. iang ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] vmware offering grants to universities in Homomorphic encryption research
apply if you are interested in the topic and affiliated with a university: http://labs.vmware.com/academic/rfp-spring-2012 ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
