quot;)
centers. Perhaps there's a lesson here: leave carpentry to people
who are experts at carpentry.
And leave crypto to people who are experts at crypto.
--
-- "Jonathan Thornburg [remove -animal to reply]"
Dept of Astronomy & IUCSS, Indiana University, Bloomington,
countermeasure does NOT require hand examination of compiler
output -- the tests are (or can be) fully automated even for realistic
industrial-strength compilers like GCC (on which Wheeler demonstrated
DCC in his thesis).
And a tiny historical nit: Wheeler's dissertation was in 2009, not
sure that no one else has seen the contents of the email.
This probably needs amending to deal with messages addressed to multiple
recipients (either cc:, bcc:, or simply multiple to: addresses).
--
-- "Jonathan Thornburg [remove -animal to reply]"
Dept of Astronomy & IU
> my public key has been compromised.
Maybe it's because you've forgotten the passphrase guarding the
corresponding private key?
Or because you'd like to do the electronic equivalent of "change my name,
start [this facet of] my electronic life over"?
--
-- "
iption of DNSSEC.
Assuming it were widely deployed, would DNSSEC-for-key-distribution
be a reasonable way to store
email_address --> public_key
mappings?
--
-- "Jonathan Thornburg
Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
"There was o
This message was cryptographically signed but the signature ]
[ could not be verified. ]
ciao,
--
-- "Jonathan Thornburg [remove -animal to reply]"
Dept of Astronomy, Indiana University, Bloomington, Indiana, USA
"Washing one's hands of the conflict between the power
inor nit... his name was "Lagrange" (one word), not "La Grange"
(2 words). See http://en.wikipedia.org/wiki/Lagrange for further details.
Lagrange interpolating polynomials are widely used in non-crypto numerical
computations (solving differential equations and suchlike).
--
-- &q
pitch...)
> Ultimately though, the only thing that's going to get some people off
> IE6 is the machines they are running it off of finally dying, either
> due to hardware failure or being so badly owned by worms that the
> machine becomes inoperable, at which point it goes into the t
| Hanging on in quiet desperation
is
Oxford University Computing Service | the English way.
13 Banbury Road, Oxford, OX2 6NN, UK | The time is come, the song is
over.
Tel: +44-865-273200 Fax: +44-865-273275 | Thought I'd something more to say.
Finger p...@bl
back attacks for as long as in-the-field software
still groks the old (now-insecure) versions, so "versioning" is actually
more like "Byzantine versioning".
--
-- Jonathan Thornburg
Dept of Astronomy, Indiana University, Bloomington, Indiana, USA
"Washing one's
authors' reputations suggest their advice is probably excellent...
ciao,
--
-- "Jonathan Thornburg [remove -animal to reply]"
Dept of Astronomy, Indiana University, Bloomington, Indiana, USA
"C++ is to programming as sex is to reproduction. Better ways might
technically exist but they're not nearly as much fun." -- Nikolai Irgens
of different software encryption schemes -- and
compilers to turn them into binary code (which is what the NSA/Intel
backdoor ultimately has to key on) that, I think, makes it so much
harder for a hardware backdoor to work (i.e. to subvert software
encryption) in this context.
--
-- "Jonath
get a "yes" answer to my
question if the encryption is done in hardware, disk-drive firmware,
or indeed anywhere except "software that I fully control".
--
-- Jonathan Thornburg
Dept of Astronomy, Indiana University, Bloomington, Indiana, USA
"Washing one's hand
y major government to monitor all Bitcoin transactions
to watch for botnet-to-botnet sending?
--
-- From: "Jonathan Thornburg [remove -animal to reply]"
Dept of Astronomy, Indiana University, Bloomington, Indiana, USA
"Washing one's hands of the conflict betwee
re passing control to it.
If the bootloader is running on malicious hardware I don't think that
test can be trusted. :(
-- Jonathan Thornburg (remove -animal to reply) <[EMAIL PROTECTED]>
School of Mathematics, U of Southampton, England
"C++ is to programming as sex is t
cal access to the slave/owned machines.
In what way has this stopped (or even slowed) the Storm worm,
to name one notorious example?
--
-- Jonathan Thornburg (remove -animal to reply) <[EMAIL PROTECTED]>
School of Mathematics, U of Southampton, England
"Wash
is mailing list of nefarious purposes.
Rather, I'm asking a serious question about the practicality of anonymous
(crypto-enabled) financial services in the 21st century, namely, will
governments be willing to allow them to operate?]
ciao,
--
-- "Jonathan Thornburg -- remove -animal to r
e (I haven't seen any problems on an old 486/33
laptop I'm using as a home firewall/router).
For laptops (where physical theft is major concern), I think the
combination of an encrypting file system and swap encryption gives a
pretty good -- and readily configurable -- security/performa
files under Matt Blaze's CFS; any of the
other open-source {linux,bsd} cryptographic file systems would be
reasonable alternatives.
--
-- "Jonathan Thornburg -- remove -animal to reply" <[EMAIL PROTECTED]>
Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut),
ware the performance hit is minimal
(compared to the cost of the disk access). See
http://www.openbsd.org/papers/swapencrypt.ps
for a discussion of the security model.
ciao,
--
-- "Jonathan Thornburg -- remove -animal to reply" <[EMAIL PROTECTED]>
Max-Planck-Institut fuer G
arate keys for separate categories of information
(eg one key for my tax forms, a different key for company-confidential
project stuff, a different key for old love letters, still another one
for My Secret Plan For World Domination, etc etc). These might all
live on the same laptop, but they probabl
For smaller files the hit is truly negligible -- when
I tried this test on 64K files there was no difference in times between
(a), (b), and (c) within the timing noise.
ciao,
--
-- "Jonathan Thornburg -- remove -animal to reply" <[EMAIL PROTECTED]>
Max-Planck-Institut fue
support. In particular, OpenBSD
(http://www.openbsd.org) supports a number of crypto boards/boxes,
detailed on their crypto page (http://www.openbsd.org/crypto.html).
They provide nice documentation, in particular they have _very_ good
man pages.
ciao,
--
-- "Jonathan Thornburg -- remove -animal
k... but in practice that takes a specialized
"oven" (I seriously doubt my home oven gets hot enough), and is likely
to produce toxic fumes, and leave behind a sticky mess (stuck to the
surface of the specialized oven).
ciao,
--
-- Jonathan Thornburg <[EMAIL PROTECTED]>
Max-Plan
in to deciding
to not leave your house because you "can't be sure" someone won't shoot
you dead.
Well, in certain places that's basically what people do. For example,
many foreign people in Bhagdad don't venture out of the "green zone".
My point is that when
ame reason.
[I don't particularly trust buying things online with a credit card,
either, but there my liability is limited to 50 Euros or so, and the
credit card companies actually put a modicum of effort into watching
for suspicious transactions, so I'm willing to buy (a few) things online.]
re kernel modes. So far
as I know, in this regard cfs is unique among cryptographic filesystems.
ciao,
--
-- Jonathan Thornburg <[EMAIL PROTECTED]>
Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut),
Golm, Germany, "Old Europe" http://www.aei.mpg.de/~jth
ust how reliably could he have spotted a fake passport?
ciao,
--
-- "Jonathan Thornburg -- remove -animal to reply" <[EMAIL PROTECTED]>
Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut),
Golm, Germany, "Old Europe" http://www.aei.mpg.de/~jthor
arder to find bugs of any sort, including security ones) snprintf()
call:
#define N_LINE 999
static char line[N_LINE];
len = snprintf(line, N_LINE, "%ul , %ul\r\n", rp, lp);
snprintf() first appeared in 4.4BSD and is now in C99, so any modern
system should support it by now
ives 3DES
protected 100Mbit Ethernet
* Next by Date: linux-ipsec: IP Sec w/ dynamic IP addresses ?
* Prev by thread: Re: linux-ipsec: Intel IPSEC accelerator gives
3DES protected 100Mbit Ethernet
* Next by thread: Re: linux-ipsec: Intel IPSEC accelerator gi
30 matches
Mail list logo