At 11:56 PM +0200 6/19/04, Hadmut Danisch wrote:
Hi,
does anyone know good jokes about
cryptography, cryptographers, or security?
Q: How many cryptographers does it take to change a light bulb?
A: XIGHCBS
---
There was a story in the NY Times many years ago about an apartment
dwe
"The Mythical Man-Month" is a great book, but it's almost 30 years
old. Brooks considered OS/360 to be hopelessly bloated. My favorite
quote (from Chapter 5, The Second System Effect, p. 56):
"For example, OS/360 devotes 26 bytes of the permanently resident
date-turnover routine to the proper h
At 9:19 PM -0400 5/27/04, Perry E. Metzger wrote:
"R. A. Hettinga" <[EMAIL PROTECTED]> writes:
At 12:35 PM -0400 5/27/04, John Kelsey wrote:
Does anyone know whether the low-power nature of wireless LANs protects
them from eavesdropping by satellite?
It seems to me that you'd need a pretty big di
The 2003 wiretap report from the US Court system's Administrative
Office is out:
http://uscourts.gov/wiretap03/contents.html This annual report is
mandated by Congress and since 2002 has been required to include
information on encryption. It states:
"In 2003, no instances were reported of encr
At 8:21 PM +0100 4/26/04, Graeme Burnett wrote:
Hello folks,
I am doing a presentation on the future of security,
which of course includes a component on cryptography.
That will be given at this conference on payments
systems and security: http://www.enhyper.com/paysec/
Would anyone there have any
At 10:49 PM +0200 4/27/04, Axel H Horns wrote:
Is something known about the details of the crypto protocol within
Skype? How reliable is the encryption?
See e.g.
http://www.financialcryptography.com/mt/archives/76.html
Can Skype be wiretapped by the authorities? With collaboration of the
Skype
I was the one who updated the Wikipedia entry . It was shortly before
the cryptography list came back up. I found the June 2003 CNSS fact
sheet while looking for other information on NIST's standards
program. The first reference that I found that suggested AES could be
used for classified was
At 4:01 PM +0200 4/14/04, [EMAIL PROTECTED] wrote:
Hi,
I'm looking for interesting and unusal defitions of the
term "Security" (or "secure").
I'm fully aware that it is difficult or impossible to give
a precise, compact, and universal definitions, and some
book authors explicitely say so. However,
At 8:24 AM -0400 4/8/04, Perry E. Metzger wrote:
"Trei, Peter" <[EMAIL PROTECTED]> writes:
I think Perry has hit it on the head, with the one exception that
the voter should never have the receipt in his hand - that opens
the way for serial voting fraud.
The receipt should be exposed to the vot
At 4:51 PM +0100 4/5/04, Nicko van Someren wrote:
...
While I agree that it is somewhat lax of Apple to be using MD5 for
checking its updates it's far from clear to me that an attack of the
sort described above would ever be practical. The problem is that
the while there are methods for finding
ut i don't know whether he's more of a free agent.
- don davis, boston
To: [EMAIL PROTECTED]
From: "Arnold G. Reinhold" <[EMAIL PROTECTED]>
Subject: [Mac_crypto] Apple should use SHA! (or stronger) to authenticate
software
releases
Sender: [EMAIL PROTECTED]
I did a Google search on "irrebuttable presumption" and found a lot
of interesting material. One research report on the State of
Connecticut web site
http://www.cga.state.ct.us/2003/olrdata/ph/rpt/2003-R-0422.htm
says: "The Connecticut Supreme Court and the U. S. Supreme Court have
held that i
At 11:12 AM + 12/31/03, Ben Laurie wrote:
Perry E. Metzger wrote:
In my opinion, the various hashcash-to-stop-spam style schemes are not
very useful, because spammers now routinely use automation to break
into vast numbers of home computers and use them to send their
spam. They're not paying fo
One approach to securing infrequent signing or working keys from a
corporate master certificate is to store the certificate in a bank
safe deposit box. The certificate generation software (say on a self
booting CD or perhaps an entire laptop) could be stored in the safe
deposit box as well. The
Jill's approach to key stretching is not quite the same as the
traditional iterated hash. It imposes no cost at encryption time,
you only have to work at decryption. This might be valuable when you
want to save your files as the Gestapo is breaking down your door.
I've been working on a simila
At 11:50 PM -0400 10/1/03, Ian Grigg wrote:
...
A threat must occur sufficiently in real use, and incur
sufficient costs in excess of protecting against it, in
order to be included in the threat model on its merits.
I think that is an excellent summation of the history-based approach
to threat mod
At 6:38 PM -0400 9/18/03, John S. Denker wrote:
Yes, Mallory can DoS the setup by reading (and thereby
trashing) every bit. But Mallory can DoS the setup by
chopping out a piece of the cable. The two are equally
effective and equally detectable. Chopping is cheaper and
easier.
Other key-exchange
At 10:18 PM + 9/13/03, David Wagner wrote:
...
One could reasonably ask how often it is in practice that we have a
physical channel whose authenticity we trust, but where eavesdropping
is a threat. I don't know.
I think there is another problem with quantum cryptography. Putting
aside the que
At 1:22 PM -0400 5/29/03, Ian Grigg wrote:
The following appears to be a bone fide case of a
threat model in action against the PGP program.
Leaving aside commentary on the pros and cons
within this example, there is a desparate lack of
real experience in how crypto systems are attacked.
IMHO, this
19 matches
Mail list logo
