Perry E. Metzger [EMAIL PROTECTED] writes:
The problem, Peter, is that people who don't know you may mistake your
sarcasm for agreement with misconception in the article Arshad quoted.
What, me, sarcastic? Never!
The point is not that fools (often including us) haven't built monstrous
At 8:28 PM -0400 7/1/08, Perry E. Metzger wrote:
[EMAIL PROTECTED] (Peter Gutmann) writes:
Perry E. Metzger [EMAIL PROTECTED] writes:
No. In fact, it is about as far from the truth as I've ever seen. No real
expert would choose to deliberately make a protocol more complicated.
IPsec.
On Jul 1, 2008, at 12:46 PM, Perry E. Metzger wrote:
My experience with European banks is quite limited -- my consulting
practice is pretty much US centric. My general understanding, however,
is that they are doing better, not worse, with login security.
As a data point, the largest bank in
Ivan Krstić [EMAIL PROTECTED] writes:
On Jul 1, 2008, at 12:46 PM, Perry E. Metzger wrote:
My experience with European banks is quite limited -- my consulting
practice is pretty much US centric. My general understanding, however,
is that they are doing better, not worse, with login security.
[EMAIL PROTECTED] (Peter Gutmann) writes:
(Actually even that doesn't really explain something like IKE... :-).
Having been peripherally involved in the causation change for IKE, let
me confess that it was caused by human stupidity destroying the
alternatives. The author of the much cleaner
On Wed, Jul 02, 2008 at 07:25:36AM -0400, Perry E. Metzger wrote:
[EMAIL PROTECTED] (Peter Gutmann) writes:
(Actually even that doesn't really explain something like IKE... :-).
Having been peripherally involved in the causation change for IKE, let
me confess that it was caused by human
On Wed, 2 Jul 2008, Peter Gutmann wrote:
| Date: Wed, 02 Jul 2008 12:08:18 +1200
| From: Peter Gutmann [EMAIL PROTECTED]
| To: [EMAIL PROTECTED], [EMAIL PROTECTED]
| Cc: cryptography@metzdowd.com, [EMAIL PROTECTED]
| Subject: Re: Strength in Complexity?
|
| Perry E. Metzger [EMAIL PROTECTED]
Jack Lloyd [EMAIL PROTECTED] writes:
Having been peripherally involved in the causation change for IKE, let
me confess that it was caused by human stupidity destroying the
alternatives. The author of the much cleaner spec asserted copyright
and control over it, and fearing lawsuits, people
Perry E. Metzger wrote:
Jack Lloyd [EMAIL PROTECTED] writes:
Out of curiosity, was this other spec Photuris?
Sadly. That situation was long and complicated and I'd prefer not to
go into it -- and I'd prefer actually if others didn't either, as it
is much more about humans and non-security
I don't recall seeing any discussion of this article on the list.
http://www.theglobeandmail.com/servlet/story/RTGAM.20080702.wgtatmbreach0702
/BNStory/Technology/?page=rssid=RTGAM.20080702.wgtatmbreach0702
Chuck Jackson
[Moderator's note: when forwarding links, please include some
For some reason, Microsoft's anti-spam filter at microsoft.com is
rejecting a large fraction of the list's traffic as spam. I've looked
at the messages in question carefully and can't for the life of me
figure out why. We're not getting bounced regularly anywhere else.
If you're at Microsoft and
There was a terrific interdisciplinary workshop this week at MIT on
security and human behavior. Organized by Ross Anderson and
Bruce Schneier, the idea was to bring together security researchers
from diverse fields who don't normally talk with each other: computing,
psychology, economics,
There are, of course, obstacles that must still be overcome by EKMI
proponents. For example, the proposed components are somewhat simple
by design, which concerns some encryption purists who prefer more
complex protocols, on the logic that they're more difficult to break
into.
Let me
Hal Finney wrote:
An example where this concern might arise would be an overly simplistic
protocol that used AES in ECB mode - simple by design, while the
encryption purist advocated GCM, more difficult to break into but
more complex. Now, I'm sure EKMI is not doing things this way but it
is
Perry E. Metzger [EMAIL PROTECTED] writes:
[EMAIL PROTECTED] (Peter Gutmann) writes:
(Actually even that doesn't really explain something like IKE... :-).
Having been peripherally involved in the causation change for IKE, let me
confess that it was caused by human stupidity destroying the
Peter Gutmann wrote:
For most crypto protocols, usability is job #8,107,
right after did we get the punctuation right in the footnotes for the third
appendix?.
Usability disasters such as DNSSEC are more common than strictly
cryptographic disasters such as wifi. DNSSEC is near impossible to
Pat Farrell [EMAIL PROTECTED] writes:
At CyberCash, where we had real RSA/DES in the system, we found that users
want convenience, not security
I think that's phrasing it a bit badly, it'd be better put as without
usability, you won't have users (see the Tor paper Challenges in deploying
17 matches
Mail list logo