On Fri, 17 Sep 1999, Greg Broiles wrote:
<. . . .>
>
> What scares me is the possibility that there won't even be an argument
> about whether or not a particular clump of ciphertext decodes to a
> particular bit of plaintext because I don't think it'll be possible to
> cross-examine prosecution
On Fri, 17 Sep 1999, Robert Hettinga wrote:
>
> We must also recognize the inherent security risks posed by the
> spread of and dependence on "open systems" and ready accessibility.
> The Defense Department's situation is typical.
Making open, publicly-reviewed systems readily accessible is
On Fri, Sep 17, 1999 at 04:58:26PM -0400, Arnold Reinhold wrote:
| I think we should take Deputy Secretary of Defense John Hambre at his
| word (from the White House briefing):
|
| "MR. HAMRE: ... The national security establishment -- the Department
| of Defense, the intelligence community --
From: Lucky Green <[EMAIL PROTECTED]>
> after he began talking about some very curious, very complex, very
> undocumented instruction he discovered in late-model CPU's. Instructions
> that will put the processor into a mode that makes OS protections
> irrelevant.
This is scary. It could be time
Are there any other advantages in a hardware PRNG other than it cannot
be overwritten? (Yes your hardware might be incorruptible but the
software layers always be). I could imagine the soon-to-arrive (you
might disagree but the writing's on the wall) CPUs with considerable
FPGA areas will make pu
I think we should take Deputy Secretary of Defense John Hambre at his
word (from the White House briefing):
"MR. HAMRE: ... The national security establishment -- the Department
of Defense, the intelligence community -- strongly supports this
strategy. Indeed, we created the first draft of the
I seem to recall someone saying that if you can get one bit of an RSA
message, you can get the whole thing. Or maybe it was the key. Does
anyone know where I might be able to find out more about this?
--
Mike Stay
Programmer / Crypto guy
AccessData Corp.
mailto:[EMAIL PROTECTED]
Our company works with the FBI a lot. We provide the software they
actually use to recover passwords.
The majority of software out there uses access-denial: the encryption /
ofuscation doesn't depend on the password. But to be acceptable in
court, you have to prove that you didn't change a si
In message <[EMAIL PROTECTED]>, Greg Broiles writes:
>
> What scares me is the possibility that there won't even be an argument
> about whether or not a particular clump of ciphertext decodes to a
> particular bit of plaintext because I don't think it'll be possible to
> cross-examine prosecutio
Lucky wrote:
> What I found most interesting about today's announcement was not that it
> was
> largely content-free with respect to crypto export regulations and the
> fifth
> or sixth such content-free "crypto deregulation" announcement that I can
> remember causing the exact same pred
I do not see anything "reasonable" in the excuses Anonymous
attributes to Intel not allowing access to raw RNG bits. If Intel
wants developers to use their RNG API they need only publish it.
Professional programmers these days respect APIs and realize they
risk future problems if the do not fo
--- begin forwarded text
From: [EMAIL PROTECTED]
Date: Fri, 17 Sep 1999 09:50:09 -0500
To: [EMAIL PROTECTED]
Subject: IP: Privacy: Watch Out for Doublespeak
Cc: [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Source: US Newswire
http://www.usnewswire.com/topnews/Curre
On Fri, Sep 17, 1999 at 11:05:37AM -0400, Russell Nelson wrote:
> What's the difference between that, and someone claiming that a
> certain piece of text decrypts to a sinister message?
What's the difference between this and claiming that a certain
drop of blood has DNA characteristics that matc
On Fri, Sep 17, 1999 at 11:05:37AM -0400, Russell Nelson wrote:
> What's the difference between that, and someone claiming that a
> certain piece of text decrypts to a sinister message?
>
> Seems to me like the best defense against that is mass-market crypto.
> Because if the TLA claims that some
Jeffrey Altman writes:
: > I agree it's scary. What's the difference between that, and being
: > stopped on a dark road at 2AM by a state trooper? I was, and it was
: > scary, because he kept asking me if I had any guns, and he wanted to
: > see what was inside the foil candy wrapper on my dash
A client of mine is using SSH for all their Unix server access and
management and is looking to do something similar for NT --
unfortunately, they can't find a commercial SSH server for NT. Does
anyone know of anything else that's in the same class but which *does*
run on NT?
--
Perry Metzger
> I agree it's scary. What's the difference between that, and being
> stopped on a dark road at 2AM by a state trooper? I was, and it was
> scary, because he kept asking me if I had any guns, and he wanted to
> see what was inside the foil candy wrapper on my dashboard (more
> foil), but obvious
Generally, they'll just be recovering passwords. Then it's easy to show
that the plaintext matches the ciphertext. They don't have to reveal
where the password came from, of course, merely that it decrypts the
file.
>If you can not reveal how you descramble it, doesn't that mean you >can't be
More a proof of the uselessness of the new encryption policy than an
endorsement, I'd say.
If the lobbyists like it, there must be something wrong with it?
Cheers,
RAH
--- begin forwarded text
Date: 17 Sep 1999 02:39:53 -
To: [EMAIL PROTECTED]
From: "Privacy Concerns" <[EMAIL PROTECTED]>
... thought there was a certain irony in this appearing on the same link as
mentioned below:
"NOW, THEREFORE, I, WILLIAM J. CLINTON, President of the United States of
America, do hereby proclaim September 17, 1999, as Citizenship Day and
September 17 through September 23, 1999, as Constitution We
Declan asks, in his Wired News article at
http://www.wired.com/news/news/politics/story/21810.html
>Why did the Clinton administration cave on crypto?
I don't understand that they caved on crypto. They've made it easier
for commercial products to include crypto, yes. But there are still
contro
Declan McCullagh wrote:
>
> Lucky, actually not everyone missed it. It's our top story on Wired News
> this morning.
>
> http://www.wired.com/news/news/politics/story/21810.html
> Decoding the Crypto Policy Change
> 3:00 a.m. Why did the White House suddenly change its mind on
> regulati
The subject of government mediated evaluations of computer security
products has come up a few times on this list, so I'm taking this
opportunity to ask the readership for assistance in a survey I've been
working on.
I'm collecting information about security product evaluations under formal
crite
Ben Laurie writes:
> Declan McCullagh wrote:
> > Another answer might lie in a
> > little-noticed section of the legislation the
> > White House has sent to Congress. It
> > says that during civil cases or cri
You can find all that and more already archived at www.epic.org and
www.cdt.org.
-Declan
At 08:54 9/17/1999 -0400, Robert Hettinga wrote:
>To: [EMAIL PROTECTED]
>From: John Muller <[EMAIL PROTECTED]>
>Subject: Re: more re Encryption Technology Limits Eased
>Sender: [EMAIL PROTECTED]
>Reply-To:
Declan McCullagh wrote:
> Another answer might lie in a
> little-noticed section of the legislation the
> White House has sent to Congress. It
> says that during civil cases or criminal
> prose
At 12:51 AM 9/17/99 , Bill Stewart wrote:
>In the absence of technical constraints, it's hard to tell what
>the technical review could be reviewing - we're being told to believe
>that we're allowed to export full-strength crypto,
>and there aren't requirements for key compromise,
>and "works in No
Sorry for the confusion.
The title above referred to me passing the *right* information along,
as opposed to last year's press announcement, which was, of course,
embarrassing, but not the end of the world.
As to whether the current administration's new cryptography
regulations are better, I
--- begin forwarded text
Date: Thu, 16 Sep 1999 16:08:10 -0700
To: [EMAIL PROTECTED]
From: John Muller <[EMAIL PROTECTED]>
Subject: Re: more re Encryption Technology Limits Eased
Sender: [EMAIL PROTECTED]
Reply-To: John Muller <[EMAIL PROTECTED]>
You can now find a fuller set of White House ma
http://www.wired.com/news/news/politics/story/21810.html
Decoding the Crypto Policy Change
by Declan McCullagh ([EMAIL PROTECTED])
3:00 a.m. 17.Sep.99.PDT
Why did the Clinton administration cave
Lucky, actually not everyone missed it. It's our top story on Wired News
this morning.
http://www.wired.com/news/news/politics/story/21810.html
Decoding the Crypto Policy Change
3:00 a.m. Why did the White House suddenly change its mind on
regulating encryption? It couldn't be because the N
Washington Post, Friday, 17 September 1999, Page A1
Curbs on Export of Secrecy Codes Ending
By Peter S. Goodman and John Schwartz
Washington Post Staff Writers
The Clinton administration yesterday handed the nation's technology
industry the long-sought right to freely export software that cloaks
As various people have commented, the critical issue is the
> "one-time technical review" by the NSA.
In the absence of technical constraints, it's hard to tell what
the technical review could be reviewing - we're being told to believe
that we're allowed to export full-strength crypto,
and there
"Steven M. Bellovin" wrote:
>
> In message <[EMAIL PROTECTED]>, Declan McCullagh wr
> ites:
> > What I found most interesting was what Attorney General Reno said about the
> > government's cryptanalysis abilities. When asked if she can break strong,
> > >64 bit equivalent crypto, she said, "We ha
Declan wrote:
[Various quality information elided]
> What I found most interesting was what Attorney General Reno said
> about the
> government's cryptanalysis abilities. When asked if she can break strong,
> >64 bit equivalent crypto, she said, "We have carefully looked at this and
> think it's p
35 matches
Mail list logo