Jon Callas writes:
>That's hilarious! I love it! But I see some security problems:
>
>[...]
One final one: There's no (implied) guarantee that any money changed hands.
How can I trust a CA certificate if no-one paid for it? This destroys the
very foundations of commercial PKI and the high lev
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mar 31, 2012, at 7:38 PM, Marsh Ray wrote:
>
> Has anyone seen this CA before?
>
> Sounds like an interesting business model, even if the site design looks a
> bit anachronistic.
>
> http://print-a-cert.com/
>
That's hilarious! I love it! Bu
Has anyone seen this CA before?
Sounds like an interesting business model, even if the site design looks
a bit anachronistic.
http://print-a-cert.com/
- Marsh
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mail
On 2012-04-01 7:51 AM, natanae...@gmail.com wrote:
It's running in a browser using JS...
To attack JS, the attacker needs to induce the victim to open the
attackers web page at the same time as the attacked web page, and
successfully apply a cross site scripting attack. The simplicity of the
It's running in a browser using JS...
2012-03-31 23:33 skrev Nadim:
This strikes me as a sizeable assumption.
NK
On Saturday, 31 March, 2012 at 5:28 PM, natanae...@gmail.com wrote:
And javascript controls how it is used. Modify or add some JS and you can take
the key.
2012-03-31 22:56 skr
This strikes me as a sizeable assumption.
NK
On Saturday, 31 March, 2012 at 5:28 PM, natanae...@gmail.com wrote:
>
> And javascript controls how it is used. Modify or add some JS and you can
> take the key.
>
>
>
> 2012-03-31 22:56 skrev James A. Donald:
> On 2012-04-01 6:17 AM, natanae..
And javascript controls how it is used. Modify or add some JS and you can take
the key.
2012-03-31 22:56 skrev James A. Donald:
On 2012-04-01 6:17 AM, natanae...@gmail.com wrote:
> There are two issues IMHO:
>
> * SSL flaws/Javascript MITM/bad servers. Your key can be leaked.
According to the
On 2012-04-01 6:17 AM, natanae...@gmail.com wrote:
There are two issues IMHO:
* SSL flaws/Javascript MITM/bad servers. Your key can be leaked.
According to the spec, your key remains on your browser.
So cannot be leaked unless your computer has been got at.
___
On 2012-03-31 11:49 PM, Mario Contestabile wrote:
You guys have any cypherpunk opinions on https://crypto.cat/ ?
It's a "secure" online communication tool, apparently used by Anonymous.
It was developed by Nadim Kobeissi, (yet another Montrealer).
Mario
Public source, standard algorithms, do
There are two issues IMHO:
* SSL flaws/Javascript MITM/bad servers. Your key can be leaked.
* If you already have a way to verify fingerprint PER SESSION, then why use
this service? I can only imagine it's because you prefer to type on a computer
keyboard on a public access computer than on you
It seems that isn't true:
https://crypto.cat/about/spec-rev1.2c.pdf
(Section 6 in particular)
Nadim's response via twitter (until he can get the list working)
https://twitter.com/#!/kaepora/status/186130431048036352
"Just subscribed, can't seem to reply. It does actually have
authentication via f
It seems to lack verification and authorization = easy to MITM.
2012-03-31 15:49 skrev Mario Contestabile:
You guys have any cypherpunk opinions on https://crypto.cat/ ?
It's a "secure" online communication tool, apparently used by Anonymous.
It was developed by Nadim Kobeissi, (yet another
You guys have any cypherpunk opinions on https://crypto.cat/ ?
It's a "secure" online communication tool, apparently used by Anonymous.
It was developed by Nadim Kobeissi, (yet another Montrealer).
Mario
___
cryptography mailing list
cryptography@rand
On 30 March 2012 22:23, Landon Hurley wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Does anyone have any knowledge of academic papers focused on methods
> of detecting whether a crypto scheme has been compromised in situ or
> on how to utilize intelligence gleaned from compromised
StealthMonger writes:
>If we had won, crypto would be in widespread use today for email. As it is,
>enough FUD and confusion was sown to avert that outcome. Even on geek
>mailing lists such as this, signatures are rare.
That's because they serve little purpose and the tools are wy too hard
15 matches
Mail list logo
