--
On 2013-09-09 3:18 PM, Greg Rose wrote:
>>> I actually hate to point this out, but having access to
>>> something that "looks like" a raw entropy source proves
>>> nothing.
On 9/9/2013 5:12 AM, James A. Donald wrote:
>> A genuine hardware noise source will show colored noise,
>> which is v
A distinctive, well-known and exploited, weakness of
comsec is reluctance to give up use of a widely deployed
system even when a fault has been exposed. This happens
again and again because it is difficult to find a new system
that has been tested for wide use, distributed the system,
training in
On Mon, Sep 9, 2013 at 6:08 AM, Jon Callas
wrote:
>> ... I have to disagree with you. Lots of us have told
>> Intel that we really need to see the raw bits, and lots of
>> us have gotten informal feedback that we'll see that in a
>> future chip.
On 2013-09-10 3:43 AM, coderman wrote:
> i've neve
On Mon, Sep 09, 2013 at 01:50:54PM -0500, Nicolai wrote:
> On Mon, Sep 09, 2013 at 02:20:35PM +0200, David D wrote:
>
> > TrueCrypt can be assumed "ok" based on Greenwald using it.If Snowden
> > knew of a hole in TrueCrypt then Greenwald would not be using it. IMO.
>
> I don't think this is
On Mon, Sep 9, 2013 at 6:06 AM, David D wrote:
> Lots of gems in this video:
>
> http://g1.globo.com/fantastico/noticia/2013/09/nsa-documents-show-united-sta
> tes-spied-brazilian-oil-giant.html
Boy that sounds like corporate espionage. I was not aware that was in
the charter.
I guess it makes se
On Mon, Sep 09, 2013 at 02:20:35PM +0200, David D wrote:
> TrueCrypt can be assumed "ok" based on Greenwald using it.If Snowden
> knew of a hole in TrueCrypt then Greenwald would not be using it. IMO.
I don't think this is a useful criteria. After all, Greenwald probably
uses Windows, right
On Mon, Sep 9, 2013 at 6:08 AM, Jon Callas wrote:
> ...
> I have to disagree with you. Lots of us have told Intel that we really need
> to see the raw bits, and lots of us have gotten informal feedback that we'll
> see that in a future chip.
i've never seen this stated; it would be great news!
Thanks for the info... I found the document that goes to what you say at:
http://cryptome.org/2013/09/computer-forensics-2013.pdf
And while we are on the subject of backdoors, what's the though on Winmagic's
SecureDoc? Bruce has a testimonial on it at:
https://www.winmagic.com/corporate/testim
On 9/9/2013 5:12 AM, James A. Donald wrote:
On 2013-09-09 3:18 PM, Greg Rose wrote:
I actually hate to point this out, but having access to something
that "looks like" a raw entropy source proves nothing.
A genuine hardware noise source will show colored noise, which is very
hard to simulate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sep 8, 2013, at 10:10 PM, coderman wrote:
> and so forth and so on, to no effect. the lines have been drawn, and
> nothing will convince Intel to release raw access to the entropy
> source.
I have to disagree with you. Lots of us have told Intel
On 09/07/2013 07:48 PM, David Johnston wrote:
> It interesting to consider the possibilities of corruption and deception
> that may exist in product design. It's a lot more alarming when it's
> your own design that is being accused of having been backdoored.
> Claiming the NSA colluded with intel t
The document you cited hosted by Techarp is claimed to be
a hoax based on an earlier authentic document from 2012.
A notice about it:
http://cryptome.org/2013/09/computer-forensics-2013.pdf
However, with recent revelations about NSA some of the
document's assertions may turn to have more truth t
That document is fake. It was an April Fools joke based on a real
document. Refer to:
https://www.schneier.com/blog/archives/2013/08/opsec_details_o.html
TrueCrypt can be assumed "ok" based on Greenwald using it.If Snowden
knew of a hole in TrueCrypt then Greenwald would not be using it.
On 2013-09-09 3:18 PM, Greg Rose wrote:
I actually hate to point this out, but having access to something that
"looks like" a raw entropy source proves nothing.
A genuine hardware noise source will show colored noise, which is very
hard to simulate in software, and especially hard to simulate
The article of "der Spiegel" in ENGLISH can be found on:
http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-sma
rt-phone-data-a-920971.html
and an update ( in English ) has been added today:
iSpy: How the NSA Accesses Smartphone Data at:
http://www.spiegel.de/i
Reading this PDF:
http://www.techarp.com/article/LEA/Encryption_Backdoor/Computer_Forensics_for_Prosecutors_%282013%29_Part_1.pdf
It suggests that TrueCrypt has a backdoor. Has anyone found anything to
suggest that claim is true?
Do we operate as if it does?
John
__
On 2013-09-09 2:26 PM, David Johnston wrote:
On 9/7/2013 6:11 PM, James A. Donald wrote:
On 2013-09-07 9:14 PM, Eugen Leitl wrote:
That's the claimed design, yes. I see no particular reason to believe
that the hardware in my server implements the design. I can't even
test
that the AES white
In re: US-983 Stormbrew - "KEY CORPORATE PARTNER WITH ACCESS TO
INTERNATIONAL CABLES, ROUTERS, AND SWITCHES".
http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-docum
ents/images/prism-slide-5.jpg
Traceroute facebook.com FACEBOOK-IN.edge5.Atlanta2.Level3.net
Traceroute googl
On Mon, 9 Sep 2013, Daniel wrote:
> Is there anyone on the lists qualified in ECC mathematics that can
> confirm that?
NIST SP 800-90A, Rev 1 says:
The Dual_EC_DRBG requires the specifications of an elliptic curve and
two points on the elliptic curve. One of the following NIST approved
curv
http://g1.globo.com/fantastico/noticia/2013/09/nsa-documents-show-united-sta
tes-spied-brazilian-oil-giant.html
No millisecond counter:
1:49 US-983 Stormbrew - Fiber connections
1:49 US-983 Stormbrew - "KEY CORPORATE PARTNER WITH ACCESS TO INTERNATIONAL
CABLES, ROUTERS, AND SWITCHES". (# tra
Lots of gems in this video:
http://g1.globo.com/fantastico/noticia/2013/09/nsa-documents-show-united-sta
tes-spied-brazilian-oil-giant.html
-Original Message-
From: cryptography [mailto:cryptography-boun...@randombit.net] On Behalf Of
coderman
Sent: Monday, September 09, 2013 12:27 AM
- Forwarded message from "Jeffrey I. Schiller" -
Date: Sun, 8 Sep 2013 21:23:33 -0400
From: "Jeffrey I. Schiller"
To: John Gilmore
Cc: Cryptography
Subject: Re: [Cryptography] Opening Discussion: Speculation on "BULLRUN"
User-Agent: Mutt/1.5.21 (2010-09-15)
-BEGIN PGP SIGNED MESSA
http://www.ietf.org/blog/2013/09/security-and-pervasive-monitoring/
Security and Pervasive Monitoring
The Internet community and the IETF care deeply about how much we can trust
commonly used Internet services and the protocols that these services use.
So the reports about large-scale monitoring
Is there anyone on the lists qualified in ECC mathematics that can
confirm that? And what ramifications it has, if any..
On Mon, Sep 9, 2013 at 8:45 PM, Eugen Leitl wrote:
>
> Forwarded without permission, hence anonymized:
>
> "
> Hey, I had a look at SEC2 and the TLS/SSH RFCs. SSH uses secp25
Forwarded without permission, hence anonymized:
"
Hey, I had a look at SEC2 and the TLS/SSH RFCs. SSH uses secp256/384r1
which has the same parameters as what's in SEC2 which are the same the
parameters as specified in SP800-90 for Dual EC DRBG!
TLS specifies you can use those two curves as well.
Just got word from an Openswan developer:
"
To my knowledge, we never finished implementing the BTNS mode.
It wouldn't be hard to do --- it's mostly just conditionally commenting out
code.
"
There's obviously a large potential deployment base for
BTNS for home users, just think of Openswan/Open
On Sun, Sep 8, 2013 at 10:18 PM, Greg Rose wrote:
> ...
> I actually hate to point this out, but having access to something that "looks
> like" a raw entropy source proves nothing. Given a design for a hardware RNG,
> with a characterization of its biases, I could straightforwardly take a
> str
27 matches
Mail list logo
