Re: Anyone know anything about the new AT&T encrypted voice service?

On Wed, Oct 06, 2010 at 08:19:29PM -0400, Steven Bellovin wrote: | | On Oct 6, 2010, at 6:19 01PM, Perry E. Metzger wrote: | | > AT&T debuts a new encrypted voice service. Anyone know anything about | > it? | > | > http://news.cnet.com/8301-13506_3-20018761-17.html | > | > (Hat tip to Jacob App

Re: Haystack (helping "dissidents"?)

On Thu, Sep 16, 2010 at 04:49:19PM +, M.R. wrote: | I said (something like) this when Haystack first appeared on this | list... | | Words "dissidents" and "oppressive regimes" have no place in | serious discussions among cryptographers. Once we start assigning | ethical categorizations to thos

Re: Is this the first ever practically-deployed use of a threshold scheme?

On Sat, Jul 31, 2010 at 06:44:12PM +1200, Peter Gutmann wrote: | Apparently the DNS root key is protected by what sounds like a five-of-seven | threshold scheme, but the description is a bit unclear. Does anyone know | more? | | (Oh, and for people who want to quibble over "practically-deployed",

Re: Privacy Plug-In Fakes out Facebook

Perry, If you'll let one more through, there's a related tool under development. See Enforcing Access Control in Social Network Sites Filipe Beato, Markulf Kohlweiss and Karel Wouters, HOTPETS 2009, http://www.cosic.esat.kuleuven.be/publications/article-1240.pdf No 3rd party, but you have to m

Re: password safes for mac

On Wed, Jul 01, 2009 at 12:32:40PM -0400, Perry E. Metzger wrote: | | Adam Shostack writes: | > On Tue, Jun 30, 2009 at 11:26:06AM -0500, Nicolas Williams wrote: | > | On Mon, Jun 29, 2009 at 11:29:48PM -0700, Jacob Appelbaum wrote: | > | > This would be great if LoginWindow.app

Re: password safes for mac

On Wed, Jul 01, 2009 at 01:06:05PM -0500, Nicolas Williams wrote: | On Wed, Jul 01, 2009 at 12:32:40PM -0400, Perry E. Metzger wrote: | > I think he's pointing out a more general problem. | | Indeed. IIRC, the Mac keychain uses your login password as its passphrase | by default, which means that

Re: password safes for mac

On Tue, Jun 30, 2009 at 11:26:06AM -0500, Nicolas Williams wrote: | On Mon, Jun 29, 2009 at 11:29:48PM -0700, Jacob Appelbaum wrote: | > This would be great if LoginWindow.app didn't store your unencrypted | > login and password in memory for your entire session (including screen | > lock, suspend

Re: password safes for mac

I'm using 1password, but mostly because of the UI, I haven't done a cryptanalysis of it. the wifi sync to the iphone is a little worrisome. Adam On Sat, Jun 27, 2009 at 09:57:39PM -0400, Perry E. Metzger wrote: | | Does anyone have a recommended encrypted password storage program for | the mac?

Re: preparing a web 2.0 crypto talk

On Fri, Feb 13, 2009 at 08:08:34PM -0600, Travis wrote: | http://video.google.com/videoplay?docid=-5187022592682372937 | | It has a lot of similar material, but I think his talk is much better | because it goes into how it would actually be attacked. He also must | have powerpoint-fu whereas I'm

Re: Security by asking the drunk whether he's drunk

[Moderator's note: top posting and failing to trim what you're replying to are both considered bad form... --Perry] Peter, Do you have evidence of either Authenticode or business impersonation? I agree that they're highly plausible, but you say " if the putative owner of an AuthentiCode certifica

Re: once more, with feeling.

On Mon, Sep 08, 2008 at 04:16:46PM +0100, Darren J Moffat wrote: | | I believe the only way both of these highly dubious deployment practices | will be stamped out is when the browsers stop allowing users to see such | web pages. So that there becomes a directly attributable financial | impact

Re: Microsoft COFEE

My understanding, based mostly on what I've read in the press, is that COFFEE is a set of scripts that run existing tools, making it easier for law enforcement to do things which are already known to be possible. Note the words "executing 150 seperate commands," which, I think, would be odd if thi

Re: Death of antivirus software imminent

On Mon, Jan 07, 2008 at 10:35:00AM -0500, [EMAIL PROTECTED] wrote: | | Jerry, | | It is always possible that I misunderstand the McCabe | score which may come from the fact that so many build | environments compute it along with producing the binary, | i.e., independent of human eyeballs. If com

Re: 2008: The year of hack the vote?

On Wed, Dec 26, 2007 at 04:34:55PM -0500, [EMAIL PROTECTED] wrote: | Quoting my friend Marcus Ranum, the Internet | will remain as insecure as it can and still | apparently function. Why should voting be | different? Voting is different (by which I mean worse) because the requirements are hard.

Re: The bank fraud blame game

On Sun, Jul 01, 2007 at 11:09:16PM -0400, Leichter, Jerry wrote: | | | > > Given that all you need for this is a glorified pocket | | | > > calculator, you could (in large enough quantities) probably get | | | > > it made for < $10, provided you shot anyone who tried to | | | > > introduce product-

Re: The bank fraud blame game

On Sun, Jul 01, 2007 at 04:01:03PM -0400, Perry E. Metzger wrote: | | Adam Shostack <[EMAIL PROTECTED]> writes: | > On Mon, Jul 02, 2007 at 01:08:12AM +1200, Peter Gutmann wrote: | > > | > > Given that all you need for this is a glorified pocket calculator, | > >

Re: The bank fraud blame game

On Mon, Jul 02, 2007 at 01:08:12AM +1200, Peter Gutmann wrote: | | Given that all you need for this is a glorified pocket calculator, you could | (in large enough quantities) probably get it made for < $10, provided you shot | anyone who tried to introduce product-deployment DoS mechanisms like sm

Re: 0wned .gov machines (was Re: Russian cyberwar against Estonia?)

On Sat, May 19, 2007 at 05:01:03PM -0400, Perry E. Metzger wrote: | | "Trei, Peter" <[EMAIL PROTECTED]> writes: | > 1. Do you have any particular evidence that any significant | > number of US .gov machines are bots? They may well be, just | > I haven't heard this. | | I've heard nothing formal

Re: Banking Follies

On Sun, Jan 14, 2007 at 03:31:22PM -0500, Steven M. Bellovin wrote: | Anyway -- we're so focused in this group on the Internet that we | sometimes forget about physical world attacks. Theft of financial data | (and financial objects, such as checks and credit cards) from physical | mailboxes (or g

Re: Can you keep a secret? This encrypted drive can...

On Tue, Oct 31, 2006 at 06:50:20PM -0500, Ivan Krsti?? wrote: | On the other hand, Vista is shipping with BitLocker enabled by default | in the upper editions (Enterprise or somesuch), and doesn't rely on Just a nit: as I understand things, Bitlocker is available, but not on, by default. Someone

Re: Securely handling credit card transactions earns Blackboard kudos

Aren't these the same guys who sued a researcher to secure their systems? http://www.google.com/search?client=safari&rls=en&q=blackboard+billy+hoffman&ie=UTF-8&oe=UTF-8 On Sat, Jun 10, 2006 at 11:36:24AM -0600, Anne & Lynn Wheeler wrote: | Securely handling credit card transactions earns Blackb

Re: Face and fingerprints swiped in Dutch biometric passport crack (anothercard skim vulnerability)

On Wed, Feb 01, 2006 at 02:03:10PM -0500, [EMAIL PROTECTED] wrote: | Anne & Lynn Wheeler pointed out: | | > Face and fingerprints swiped in Dutch biometric passport crack | > http://www.theregister.co.uk/2006/01/30/dutch_biometric_passport_crack/ | | Didn't the EU adopt the same design that the U

Re: browser vendors and CAs agreeing on high-assurance certificates

Higher assurance means that when the CA gets duped, it's even better for the phishers, because that nice, reassuring green bar will be there. To preserve the internet channel as a means of communicating with customers, we need to move to bookmarks, not email with clickable URLs. That method is a

Re: SecurID and garage door openers

On Tue, Oct 18, 2005 at 03:25:40AM -0500, Travis H. wrote: | Speaking of two-factor authentication, can anyone explain how servers | validate the code from a SecurID token in the presence of clockskew? | Does it look backwards and forwards in time a few minutes? Yes, it rolls forward and back 3-5

Re: US Banks: Training the next generation of phishing victims

On Wed, Oct 12, 2005 at 09:36:58PM +1300, Peter Gutmann wrote: | | Can anyone who knows Javascript better than I do figure out what the mess of | script on those pages is doing? It looks like it's taking the username and | password and posting it to an HTTPS URL, but it's rather spaghetti-ish cod

Re: continuity of identity

On a somewhat related note, the other day, I was working on a shell script to automate Mac access to Google's Secure Access system. Now, as I did this, I was able to get curl to respect a single CA as the only CA it should accept, but I was totally unable to get any form of certificate persistan

Re: An overview of cryptographic protocols to prevent spam

On Mon, Sep 26, 2005 at 09:28:19AM +0200, Amir Herzberg wrote: | John Gilmore wrote: | >>I wrote an overview of Cryptographic Protocols to Prevent Spam, | > | >I stopped reading on page V -- it was too painfully obvious that Amir | >has bought into the whole censorship-list based "anti-spam" menta

Re: Clearing sensitive in-memory data in perl

On Sat, Sep 17, 2005 at 08:36:11PM +0100, Ben Laurie wrote: | Adam Shostack wrote: | >On Sat, Sep 17, 2005 at 11:40:26AM -0400, Victor Duchovni wrote: | >| On Sat, Sep 17, 2005 at 11:53:20AM +0100, Ben Laurie wrote: | >| | >| > >My view is that C is fine, but it needs

Re: Clearing sensitive in-memory data in perl

On Sat, Sep 17, 2005 at 11:40:26AM -0400, Victor Duchovni wrote: | On Sat, Sep 17, 2005 at 11:53:20AM +0100, Ben Laurie wrote: | | > >My view is that C is fine, but it needs a real library and programmers | > >who learn C need to learn to use the real library, with the bare-metal | > >C-library us

Re: solving the wrong problem

Here's a thought: "Putting up a beware of dog sign, instead of getting a dog." On Sun, Aug 07, 2005 at 09:10:51PM +0100, Dave Howe wrote: | Ilya Levin wrote: | >John Denker <[EMAIL PROTECTED]> wrote: | > | >>So, unless/until somebody comes up with a better metaphor, | >>I'd vote for "one-picket

Re: the limits of crypto and authentication

On Tue, Jul 12, 2005 at 02:48:02PM -0700, Bill Stewart wrote: | At 09:29 PM 7/9/2005, Perry E. Metzger wrote: | >The Blue Card, so far as I can tell, was poorly thought out beyond its | >marketing potential. I knew some folks at Amex involved in the | >development of the system, and I did not get t

Re: City National Bank is the latest major US company to admit it has lost customer data.

If anyone knows how many people this affected, I'd love to know. (I'm assuming its their entire customer base) Adam On Mon, Jul 11, 2005 at 09:07:45AM -0600, Anne & Lynn Wheeler wrote: | http://81.144.183.106/Articles/2005/07/11/210820/AnotherUSbanksownsuptodataloss.htm | | City National Bank i

Re: Why Blockbuster looks at your ID.

On Sun, Jul 10, 2005 at 12:13:42AM +0100, Peter Fairbrother wrote: | Perry E. Metzger wrote: | | > A system in which the credit card was replaced by a small, calculator | > style token with a smartcard style connector could effectively | > eliminate most of the in person and over the net fraud we

Re: Why Blockbuster looks at your ID.

On Fri, Jul 08, 2005 at 01:16:13PM -0400, Perry E. Metzger wrote: | | Dan Kaminsky <[EMAIL PROTECTED]> writes: | > Credit card fraud has gone *down* since 1992, and is actually falling: | > | > 1992: $2.6B | > 2003: $882M | > 2004: $788M | > | > We're on the order of 4.7 cents on the $100. | >

Re: "Retailers Experiment With Biometric Payment" article

On Thu, Jun 09, 2005 at 12:02:19PM -0400, Adam Shostack wrote: | On Thu, Jun 09, 2005 at 11:17:59AM -0400, Heyman, Michael wrote: | | From | | <http://www.washingtonpost.com/wp-dyn/content/article/2005/06/08/AR20050 | | 60802335_pf.html>: | | | share its biometric data with government ag

Re: WYTM - "but what if it was true?"

On Wed, Jun 22, 2005 at 01:54:34PM +0100, Ian Grigg wrote: | A highly aspirated but otherwise normal watcher of black helicopters asked: | | > Any idea if this is true? | > (WockerWocker, Wed Jun 22 12:07:31 2005) | > http://c0x2.de/lol/lol.html | | Beats me. But what it if it was true. What's

Re: encrypted tapes (was Re: Papers about "Algorithm hiding" ?)

On Fri, Jun 10, 2005 at 01:11:45PM -0400, [EMAIL PROTECTED] wrote: | "Ben Laurie wrote" | > Sure, but Equifax should. | | No, they shouldn't! If you think they should, you are missinformed. At | least in Canada, the Privacy Act protects the SIN, Equifax cannot demand | it. | See for example | h

Re: "Retailers Experiment With Biometric Payment" article

On Thu, Jun 09, 2005 at 11:17:59AM -0400, Heyman, Michael wrote: | From | : | share its biometric data with government agencies, and | in fact, the full fingerprints are not stored in the | system.

Re: encrypted tapes

On Thu, Jun 09, 2005 at 08:57:51AM +0100, [EMAIL PROTECTED] wrote: | | From: "Perry E. Metzger" <[EMAIL PROTECTED]> | | > It is worse than that. At least one large accounting company sends new | > recruits to a "boot camp" where they learn how to conduct "security | > audits" by rote. They then s

Re: encrypted tapes (was Re: Papers about "Algorithm hiding" ?)

On Wed, Jun 08, 2005 at 01:33:45PM -0400, [EMAIL PROTECTED] wrote: | | "Ken Buchanan wrote:" | > There are a number of small companies making products that can encrypt | > data in a storage infrastructure, including tape backups (full disclosure: | > I work for one of those companies). The soluti

Re: Papers about "Algorithm hiding" ?

On Tue, Jun 07, 2005 at 05:41:12PM +0100, Ian G wrote: | | The difficulty here is that there is what we might call | the Choicepoint syndrome and then there is the | specific facts about the actual Choicepoint heist. | When I say Choicepoint I mean the former, and the | great long list of similar

Re: [Clips] Storm Brews Over Encryption 'Safe Harbor' in Data Breach Bills

On Fri, Jun 03, 2005 at 12:12:31AM -0400, Thierry Moreau wrote: | Here is a suggestion for an encrypted data exception based on reasonable | key management principles: | | | | Sec xyz) The [breach notification requirement set forth in section ...] | does not apply to [breac

Re: "SSL stops credit card sniffing" is a correlation/causality myth

On Tue, May 31, 2005 at 06:43:56PM -0400, Perry E. Metzger wrote: | | Ian G <[EMAIL PROTECTED]> writes: | >> Perhaps you are unaware of it because no one has chosen to make you | >> aware of it. However, sniffing is used quite frequently in cases where | >> information is not properly protected. I

Re: Traffic Analysis in the New York Times

On Mon, May 23, 2005 at 02:49:03PM -0400, Adam Shostack wrote: | On Mon, May 23, 2005 at 11:46:25AM -0400, Perry E. Metzger wrote: | | | | The original article has some nice diagrams, but unfortunately, | | because of the NY Times' policies, the article won't be online in a | | few days

Re: Traffic Analysis in the New York Times

On Mon, May 23, 2005 at 11:46:25AM -0400, Perry E. Metzger wrote: | | The original article has some nice diagrams, but unfortunately, | because of the NY Times' policies, the article won't be online in a | few days. The times is trying to address this for RSS readers. Aaron Swartz has some code

Re: Secure Science issues preview of their upcoming block cipher

Really? How does one go about proving the security of a block cipher? My understanding is that you, and others, perform attacks against it, and see how it holds up. Many of the very best minds out there attacked AES, so for your new CS2 cipher to be "provably just as secure as AES-128," all thos

Re: Encryption plugins for gaim

On Tue, Mar 15, 2005 at 09:33:51PM +0100, Jim Cheesman wrote: | Ian G wrote: | | >Adam Fields wrote: | > | >>Given what may or may not be recent ToS changes to the AIM service, | >>I've recently been looking into encryption plugins for gaim. | >>Specifically, I note gaim-otr, authored by Ian G, wh

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

On Wed, Feb 09, 2005 at 07:22:05PM +, Ian G wrote: | Adam Shostack wrote: | | >Have you run end-user testing to demonstrate the user-acceptability of | >Trustbar? | > | > | | Yes, this was asked over on the cap-talk list. | Below is what I posted there. I'm somewhat | sym

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

On Wed, Feb 09, 2005 at 07:41:36PM +0200, Amir Herzberg wrote: | Want to see a simple, working method to spoof sites, fooling | Mozilla/FireFox/... , even with an SSL certificate and `lock`? | | http://www.shmoo.com/idn/ | | See also: | | http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=38

Re: Call For Papers : HITB Security Conference Bahrain 2005

Posting to Dave Aitel's DailyDave list, HD Moore complained that he had not been reimbursed for 2003. The organizers responded that payment is forthcoming. Richard Thieme suggested that the correct response is to ensure you put forth no money to speak at this event. On Tue, Feb 01, 2005 at 06:

Re: Simson Garfinkel analyses Skype - Open Society Institute

On Sun, Jan 30, 2005 at 11:12:05AM -0500, John Kelsey wrote: | >From: Adam Shostack <[EMAIL PROTECTED]> | >Sent: Jan 29, 2005 12:45 PM | >To: Mark Allen Earnest <[EMAIL PROTECTED]> | >Cc: cryptography@metzdowd.com | >Subject: Re: Simson Garfinkel analyses Skype - Open

Re: Simson Garfinkel analyses Skype - Open Society Institute

On Fri, Jan 28, 2005 at 02:38:49PM -0500, Mark Allen Earnest wrote: | Adam Shostack wrote: | >I hate arguing by analogy, but: VOIP is a perfectly smooth system. | >It's lack of security features mean there isn't even a ridge to trip | >you up as you wiretap. Skype has some

Re: Simson Garfinkel analyses Skype - Open Society Institute

On Thu, Jan 27, 2005 at 03:22:09PM -0800, David Wagner wrote: | Adam Shostack <[EMAIL PROTECTED]> writes: | >On Mon, Jan 10, 2005 at 08:33:41PM -0800, David Wagner wrote: | >| In article <[EMAIL PROTECTED]> you write: | >| >Voice Over Internet Protocol and Skype Securi

Re: Simson Garfinkel analyses Skype - Open Society Institute

On Mon, Jan 10, 2005 at 08:33:41PM -0800, David Wagner wrote: | In article <[EMAIL PROTECTED]> you write: | >Voice Over Internet Protocol and Skype Security | >Simson L. Garfinkel | >http://www.soros.org/initiatives/information/articles_publications/articles/security_20050107/OSI_Skype5.pdf | | >

Re: Where to get a Jefferson Wheel ?

I got mine in "Secret Codes" by Jackson. It's a cheap plastic model in a kids book. I didn't try to assemble the morse code thing, so can't comment on its quality. http://www.amazon.com/exec/obidos/tg/detail/-/0762413514/ Adam On Sun, Jan 02, 2005 at 12:59:14PM +0100, Hadmut Danisch wrote: | H

Re: AOL Help : About AOL® PassCode

On Tue, Jan 04, 2005 at 08:44:11PM +, Ian G wrote: | R.A. Hettinga wrote: | | > | >Have questions? Search AOL Help articles and tutorials: | >. | >If you no longer want to use AOL PassCode, you must rel

Re: Blinky Rides Again: RCMP suspect al-Qaida messages

On Sat, Dec 11, 2004 at 10:24:09PM +0100, Florian Weimer wrote: | * R. A. Hettinga quotes a news article: | | > There have been numerous media reports in recent years that terrorist | > groups, including al-Qaida, were using steganographic techniques. | | As far as I know, these news stories can

Re: RSA Implementation in C language

http://www.homeport.org/~adam/crypto/ On Mon, Nov 29, 2004 at 01:47:05PM +0530, Sandeep N wrote: | Hi, | | Can anybody tell me where I can get an implementation of RSA | algorithm in C language? I searched for it, but could not locate one. | I would be grateful to you if you could give me the loc

Re: Are new passports [an] identity-theft risk?

On Sun, Oct 24, 2004 at 12:58:56AM -0400, Dave Emery wrote: | On Sat, Oct 23, 2004 at 03:23:21PM -0400, Adam Shostack wrote: | > | > The technology will mature *very* rapidly if Virginia makes their | > driver's licenses RFID-enabled, or if the US goes ahead with the | > passport

Re: Are new passports [an] identity-theft risk?

On Fri, Oct 22, 2004 at 11:01:16AM -0400, Whyte, William wrote: | | > R.A. Hettinga wrote: | > > | > | > | > > An engineer and RFID expert with Intel claims there is | > little danger of | > > unauthorized people reading the

Re: Crypto blogs?

On Mon, Oct 18, 2004 at 12:49:27PM -0700, "Hal Finney" wrote: | Does anyone have pointers to crypto related weblogs? Bruce Schneier | recently announced that Crypto-Gram would be coming out incrementally | in blog form at http://www.schneier.com/blog/. I follow Ian Grigg's | Financial Cryptograph

Re: Academics locked out by tight visa controls

Hi Dan, Not Rome, but in Athens, Pericles said, in his funeral oration: "The freedom which we enjoy in our democratic government extends also to our ordinary life. We throw open our city to the world, and never by alien acts exclude foreigners from any opportunity of learning or observing alth

Re: Academics locked out by tight visa controls

On Mon, Sep 20, 2004 at 10:03:57AM -0400, John Kelsey wrote: | >Academics locked out by tight visa controls | >U.S. SECURITY BLOCKS FREE EXCHANGE OF IDEAS | >By Bruce Schneier | | I guess I've been surprised this issue hasn't seen a lot more | discussion. It takes nothing more than to look at th

Re: public-key: the wrong model for email?

On Thu, Sep 16, 2004 at 06:12:48PM +0100, Ian Grigg wrote: | Adam Shostack wrote: | >Given our failure to deploy PKC in any meaningful way*, I think that | >systems like Voltage, and the new PGP Universal are great. | | I think the consensus from debate back last year on | this group when V

Re: public-key: the wrong model for email?

On Thu, Sep 16, 2004 at 12:05:57PM -0700, Ed Gerck wrote: | >Adam Shostack wrote: | > | >I think the consensus from debate back last year on | >this group when Voltage first surfaced was that it | >didn't do anything that couldn't be done with PGP, | >and added more

Re: public-key: the wrong model for email?

Given our failure to deploy PKC in any meaningful way*, I think that systems like Voltage, and the new PGP Universal are great. * I don't see Verisign's web server tax as meaningful; they accept no liability, and numerous companies foist you off to unrelted domains. We could get roughly the same s

Re: will spammers early adopt hashcash? (Re: Spam Spotlight on Reputation)

On Mon, Sep 13, 2004 at 01:18:32PM +0100, Ben Laurie wrote: | Adam Shostack wrote: | | >On Tue, Sep 07, 2004 at 04:13:13PM -0400, Adam Back wrote: | > | >| Well we'll see. If they have lots of CPU from zombies and can get and | >| maintain more with limited effort maybe e

Re: references on traffic analysis?

On Tue, Sep 07, 2004 at 11:12:03PM -0400, Steve Bellovin wrote: | What are some of the classic, must-read, references on traffic analysis? | (I'm familiar with the Zendian problem, of course.) A. Back, U. Muller, and A. Stiglic, Traffic Analysis Attacks and Trade-Offs in Anonymity Providing System

Re: will spammers early adopt hashcash? (Re: Spam Spotlight on Reputation)

On Tue, Sep 07, 2004 at 03:16:21PM -0600, R. A. Hettinga wrote: | Apropos of nothing (specific) here... | | At 4:56 PM -0400 9/7/04, Adam Shostack wrote: | >What do you see as | >equilibrium postal rates | | Remember, boys and girls, prices are *discovered*, not calculated. Heck, | you pr

Re: will spammers early adopt hashcash? (Re: Spam Spotlight on Reputation)

On Tue, Sep 07, 2004 at 04:13:13PM -0400, Adam Back wrote: | Well we'll see. If they have lots of CPU from zombies and can get and | maintain more with limited effort maybe even they can, and CAMRAM's | higher cost stamp on introductions only will prevail as the preferred | method. Adam,

Re: Anyone Remember Zero Knowledge Systems?

On Wed, Sep 10, 2003 at 11:32:29AM -0400, R. A. Hettinga wrote: | | | Cryptonomicon.Net - | | Anyone Remember Zero Knowledge Systems? | Date: Wednesday, September 10 @ 11:15:00 EDT | Topic: Commercial Operations / Services

Re: Computer Voting Expert, Dr. Rebecca Mercuri, Ousted From Elections Conference

Well, if you can't win on the truth, win on the procedures. At least Dr. Mercuri is in fine company there, ranging all the way back to Socrates and Galileo. Little consolation, I know, as our democracy gets replaced by a kleptocracy, but what can you do? Maybe she should set up stealdemocracy.co

Re: Maybe It's Snake Oil All the Way Down

On Wed, Jun 04, 2003 at 07:15:13PM -0400, John Kelsey wrote: | At 03:50 PM 6/3/03 -0700, Eric Blossom wrote: | ... | >GSM and CDMA phones come with the crypto enabled. The crypto's good | >enough to keep out your neighbor (unless he's one of us) but if you're | >that paranoid, you should opt for t

Re: Maybe It's Snake Oil All the Way Down

On Wed, Jun 04, 2003 at 01:11:51AM +1200, Peter Gutmann wrote: | "Lucky Green" <[EMAIL PROTECTED]> writes: | | >I trust that we can agree that the volume of traffic and number of | >transactions protected by SSL are orders of magnitude higher than those | >protected by SSH. As is the number of use

Re: Maybe It's Snake Oil All the Way Down

The assumption that "having cracked a cipher" leads to "can make lots of money from the break" is one held mostly by those who have never attacked real systems, which have evolved with lots of checks and balances. The very best way to make money from cracking ciphers seems to be to patent the brea