Too late. I've already started. Besides which, posts on this group
suggest that there is a demand for such a toolkit.
Also, I have a lot of interest in SSL/TLS, and no interest whatsoever in
IPsec. I believe I am a competent programmer, but the fact is, if you
want me to write something in my o
Ian asked about the possibility of distributing binaries built with a
crypto toolkit. I took the initial view that closed source and trustable
crypto are mutually incompatible, but on reflection, I can think of
circumstances where that might not be true.
Example. You're a company. You build har
Comments inlined below
> -Original Message-
> From: Ian Grigg [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 06, 2003 10:35 PM
> To: Jill Ramonsky
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: Simple SSL/TLS - Some Questions
>
> Th
Hi. This is just a quick note to say that over the weekend I've done a
lot of thinking about coding, and even some /actual/ coding, that I've
re-read parts of Eric's book in somewhat more detail than I read it last
time, and I've read all the various posts on the subject of "simple
SSL". And at
Having been greatly encouraged by people on this list to go ahead with a
new SSL implementation, it looks like I am going to go for it, but I'd
kinda like to not make any enemies in the process so I'll try to keep
this list up to date with progress and decisions and stuff ... and I
will ask a l
e "It can't
be done". (That may not be a problem if other browsers don't have this
design flaw, of course, since Alice can tell all of her friends "don't
use Microsoft").
Jill
> -Original Message-
> From: Don Davis [mailto:[EMAIL PROTECTED]
> S
I could do an implementation of SSL. Speaking as a programmer with an
interest in crypto, I'm fairly sure I could produce a cleanly
implemented and simple-to-use version.
I confess I didn't realise there was a need. You see, it's not that it
"doesn't seem to excite" [me] - it's just that, well,
Hi,
I remember reading (many years ago) a description on some web page somewhere
of an algorithm by which an arbitrary file F could be split into M pieces,
such that:
(1) given any N pieces, F can be reconstructed precisely, and
(2) given fewer than N pieces, it is impossible to determine even a
Hi,
I've been following the SSL thread with great interest, but the truth is I
don't know enough about SSL to add anything meaningful to the discussion.
But this much remains true: I'm a competent programmer, and I know enough
about crypto to put together some basic algorithms (like the early P
Hi,
Could anyone offer
any thoughts on what is the "best" encrypted virtual disk drive, which can run
on (at least) Windows XP Pro.
I used to use the
free version of PGPdisk (which you get with PGP version 6.0.2i), but that won't
work with Windows XP.
I also used to use
ScramDisk, but
> From: Matthew Byng-Maddick [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 16, 2003 2:28 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Session Fixation Vulnerability in Web Based Apps
>
>
> On Mon, Jun 16, 2003 at 10:47:04AM +0100, [EMAIL PROTECTED] wrote:
> > session id). Authentication of subeseq
This has got nothing whatsoever to do with session fixation. It _has_
however, got something to do with security. In particular, with
authentication.
[Moderator's note: Actually, it seems to have everything to do with
session fixation. --Perry]
I may be ignorant about a few things but I'm learn
I've come up with a (very simple) defence against session hijacking and so
on. It's probably flawed (I admit I'm not an expert on these things), so if
someone could please tell me why it won't work, I'd be very grateful.
When the user logs in, the server stores the client's IP address in a
sessio
t thinking it
through a bit more thoroughly.
Jill
-Original Message-----
From: Jill Ramonsky
Sent: Wednesday, June 11, 2003 9:20 AM
To: [EMAIL PROTECTED]
Subject: RE: Keyservers and Spam
> From: David Honig
> Sent: Tuesday, June 10, 2003 11:53 PM
> Subject: RE: Keyservers and Spam
> From: David Honig
> Sent: Tuesday, June 10, 2003 11:53 PM
> Subject: RE: Keyservers and Spam
>
> You email your key to those who justify the request. In plaintext,
> or on the phone. What is the problem with that?
The possibility of a MITM attack.
I observe that "confirmation" of the finge
> -Original Message-
> From: David Honig
> Sent: Monday, June 09, 2003 6:42 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: Keyservers and Spam
>
> Why not publish your key under a bogus name that goes no-where?
The answer is simple. I cannot publish a PGP under a false nam
Ah, but surely there's a problem with this idea? If you communicate with me
in the clear, you will know my email address to be
"[EMAIL PROTECTED]". If you hit the reply button following a
communication with me, your message will reach me. BUT - if you then decide
that you want to communicate with
Hi,
It seems to me that the possibilty that spammers might harvest PGP
keyservers for email addresses is a serious disincentive to using
keyservers. Does anyone have any thoughts on this?
Jill
-
The Cryptography Mailing List
Un
I confess to being confused - though admittedly part of the blame for this
is my own ignorance.
I remember a time when PGP was a command line application. The only
algorithms it used were IDEA (symmetric), RSA (assymetric) and MD5 (hash). I
came to trust these algorithms.
Now these once-'standar
Actually, I _am_ the proud posessor of a Psion Series 5mx, and I have had
PGP for EPOC installed on it for a few years now. It's not the original,
obviously, but it claims to be a port to the EPOC operating system of PGP
2.6.3ia. The About page says "International version - not for use in the
USA.
20 matches
Mail list logo