Am Donnerstag, den 30.08.2007, 20:43 -0500 schrieb travis
[EMAIL PROTECTED]:
> If you have a break of some scheme you wish to contribute, please
> do forward me a URL and I'll link to it.
Sorry, german, but definitely worth reading:
http://www.kryptochef.de/
signature.asc
Description: Dies ist
Am Freitag, den 06.07.2007, 02:52 -0400 schrieb silvio:
> > http://www.spectrum.ieee.org/print/5280
>
> So what are the options these days (the article even mentions
> end-to-end
> encryption to make such an attack far more difficult)?
> Every "crypto-phone" offering seems to go stale and disappea
Am Mittwoch, den 18.04.2007, 23:29 -0700 schrieb Aram Perez:
> Hi Folks,
>
> Is there any danger in using AES128-CBC with a fixed IV of all zeros? This is
> being proposed for a standard "because that's how SD cards implemented it".
That depends. What would be a valid attack on a SD-card?
sign
Am Freitag, den 02.02.2007, 16:15 -0500 schrieb James Muir:
> > You can find more and download Odysseus here:
> >
> > http://www.bindshell.net/tools/odysseus
>
> It is my understanding that SSL is engineered to resist mitm attacks,
> so
> I am suspicious of these claims. I wondered if someone m
Am Dienstag, den 23.01.2007, 20:47 -0600 schrieb Travis H.:
> Verify return code: 21 (unable to verify the first certificate)
> ---
> DONE
>
> I can't seem to get that certificate chain to have any contents other
> than what you see above, no matter what I do, and hence can't get rid
> of the
Am Samstag, den 13.01.2007, 19:03 -0800 schrieb Richard Powell:
> I was hoping someone on this list could provide me with a link to a
> tool
> that would enable me to dump the raw HTTP data from a web request that
> uses SSL/HTTPS. I have full access to the server, but not to the
> client, and I w
Am Mittwoch, den 10.01.2007, 18:31 -0500 schrieb Steven M. Bellovin:
> I just stumbled on a web site that strongly believes in crypto --
> *everything* on the site is protected by https. If you go there via
> http, you receive a Redirect. The site? www.cia.gov:
http://www.trustedcomputing.org/
Am Donnerstag, den 12.10.2006, 14:31 -0400 schrieb Ivan Krstić:
> Kuehn, Ulrich wrote:
> > Who is "we"? In the case of my own system I payed for (so speaking
> > for myself) I would like to have such a mechanism to have the system
> > prove to me before login that it is not tampered with. The TCG
>
Am Freitag, den 06.10.2006, 17:29 -0400 schrieb Thor Lancelot Simon:
> On Thu, Oct 05, 2006 at 11:51:49PM +0200, Erik Tews wrote:
> > Am Donnerstag, den 05.10.2006, 16:25 -0500 schrieb Travis H.:
> > > On 10/2/06, Erik Tews <[EMAIL PROTECTED]> wrote:
> > > > Am
Am Donnerstag, den 05.10.2006, 16:25 -0500 schrieb Travis H.:
> On 10/2/06, Erik Tews <[EMAIL PROTECTED]> wrote:
> > Am Sonntag, den 01.10.2006, 23:42 -0500 schrieb Travis H.:
> > > Anyone have any information on how to develop TPM software?
> >
Am Sonntag, den 01.10.2006, 23:42 -0500 schrieb Travis H.:
> Anyone have any information on how to develop TPM software?
Yes, thats easy. We created a java library for the tpm chip. You can get
it at
http://tpm4java.datenzone.de/
Using this lib, you need less than 10 lines
Am Montag, den 25.09.2006, 01:28 +0200 schrieb Philipp Gühring:
> Hi,
>
> We have been researching, which vendors were generating Exponent 3 keys, and
> we found the following until now:
>
> * Cisco 3000 VPN Concentrator
> * CSP11
> * AN.ON / JAP (they told me they would change it on the next da
Am Freitag, den 15.09.2006, 00:40 +0200 schrieb Erik Tews:
> I have to check some legal aspects before publishing the names of the
> browser which accepted this certificate and the name of the
> ca-certificates with exponent 3 I used in some hours, if nobody tells me
> not to do that.
Am Donnerstag, den 14.09.2006, 22:23 -0700 schrieb Tolga Acar:
> You need to have one zero octet after bunch of FFs and before DER encoded
> has blob in order to have a proper PKCS#1v1.5 signature encoding.
>
> Based on what you say below, "I used this cert and my key to sign an
> end-entity certi
Hi
I had an idea very similar to the one Peter Gutmann had this morning. I
managed to write a real world exploit which takes as input:
* an CA-Certificate using 1024 Bit RSA and Exponent 3 (ca-in)
* a Public Key, using an algorithm and size of your choice
(key-in)
and generat
15 matches
Mail list logo
