Re: How useful is www.crypto.com/exports/mail.txt?
For the last three years, I've operated a mail alias, [EMAIL PROTECTED] ... It was started on a whim, at the suggestion of someone on this list, if I recall correctly. That was me. I think the openssl folks mention it and use it, so sending your posting there is good idea. Thanks for all the years of service! /r$ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Who's afraid of Mallory Wolf?
I get the impression that we're talking at cross-purposes here, with at least two different discussions. I suspect that the discussion started from commercial motivations; cf www.systemics.com /r$ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cryptoprocessors compliant with FIPS 140-2
Damien O'Rourke wrote: I was wondering if anyone could list a number of cryptographic processors that are compliant with the Federal information processing standard (FIPS) 140-2 Security Requirements for cryptographic modules. NIST, the US Government Agency responsible for FIPS 140, maintains lists of certified products: http://csrc.nist.gov/cryptval/vallists.htm - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Microsoft: Palladium will not limit what you can run
All video game consoles are sold under cost today. This is wrong. Cf, http://www.actsofgord.com/Proclamations/chapter02.html /r$ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: EU Privacy Authorities Seek Changes in Microsoft 'Passport'
The Liberty Alliance was stillborn to begin with. Not that it made any practical difference, but the Liberty Alliance received an additional bullet through the head the day that RSA Security, a key participant in the Liberty Alliance, announced that they would also support Microsoft Passport. {I'm not on DBS so they won't see this.} I wasn't discussing the politics, just the architecture. But anyway: if Liberty does manage to field something run by the CCard companies, then it will survive, and probably win. MSFT will have to acceede to what Visa and MC deploy. /r$ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: EU Privacy Authorities Seek Changes in Microsoft 'Passport'
but the idea of putting everything you do online on the same password or credential is just... stupid beyond belief. Liberty is architected to be federated, unlike Passport. /r$ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Did you *really* zeroize that key?
Probably moving out of the domain of the crypto list. volatile char *foo; volatile, like const, is a storage-class modifier. As written, it means a pointer to memory that is volatile; this means, in particular, that you can't optimize away dereferences. If you wrote char * volatile foo; That means that foo itself is volatile, and you must fetch it from memory whenever you want its value. You might find the cdecl program useful... ; cdecl Type `help' or `?' for help cdecl explain volatile void* vp declare vp as pointer to volatile void cdecl explain void * volatile vp declare vp as volatile pointer to void cdecl explain volatile void * volatile vp declare vp as volatile pointer to volatile void - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: QuizID?
Marc Branchaud wrote: Any thoughts on this device? At first glance, it doesn't seem particularly impressive... http://www.quizid.com/ Looks like hardware S/Key, doesn't it? If I could fool the user into entering a quizcode, then it seems like I could get the device and the admin database out of sync and lock the user out of the system. /r$ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6f released
The checksums were calculated using the following commands: openssl md5 openssl-0.9.6f.tar.gz openssl md5 openssl-engine-0.9.6f.tar.gz Is there another md5/hash program that's readily available? Cf: Thompson's reflections on trusting trust. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: when a fraud is a sale, Re: Rubber hose attack
Nobody is gonna indemnify the world against infringement, but I thought Stanford's SRP protocol comes as close as realistically possible to what you're asking for. /r$ -- Zolera Systems, Securing web services (XML, SOAP, Signatures, Encryption) http://www.zolera.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Crypographically Strong Software Distribution HOWTO
Oh? How? All you are suggesting is that the role key is held by a CA - well, who is that going to be, then? Unh, no. The same way the ASF determines who gets commit access could be teh same way the ASF determines who their CA will give release-signing keys to. The same way the ASF takes away someone's commit access is the same way they could update the CRL. All those key update, distribution, revocation, etc., stuff -- all those hard problems you said you want to automate -- go away. Recipients need only trust the Apache CA and its CRL. /r$ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Crypographically Strong Software Distribution HOWTO
What this does not address is the common situation where the distribution gets signed by a different person each time (example: Apache). I've put some pretty serious thought into this problem and come to a few conclusions. The obvious answer is use a role key. All that work... when a conventional PKI will solve all the problems you listed. /r$ -- Zolera Systems, Securing web services (XML, SOAP, Signatures, Encryption) http://www.zolera.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]