An attacker could easily flip bits until the key is found. Also, what
is the typical key length? Furthermore, couldn't an attacker get a hold
of the software's dictionary?
On 1/15/2017 4:19 PM, mok-kong shen wrote:
WORDLISTTEXTSTEGANOGRAPHY is a new software (employing an extensive
Authors of ransomware as a service such as encryptor RaaS steal
certificates all the time.
On 6/24/2016 2:30 PM, Ron Garret wrote:
What matters is not the certificate. The certificate is public. You can’t
“steal" a certificate.
What you *can* steal is the private key associated with a
Do you want to take chances in a world of stolen certificates?
On 6/24/2016 11:09 AM, Jason Richards wrote:
I just downloaded the new MBAM installer.
Its certificate expired 6/19/2016.
Should I just ignore that fact?
I wouldn't ignore it at all.
The certificate that signed the code
I wouldn't ignore it at all.
On 6/21/2016 1:25 PM, rv...@insightbb.com wrote:
I just downloaded the new MBAM installer.
Its certificate expired 6/19/2016.
Should I just ignore that fact?
___
cryptography mailing list
cryptography@randombit.net
This is why I always advocate for focusing more on layering security.
The cryptographic community has spent so much time fiddling around with
that one source of randomness. It's better to have another layer of
security. For instance:
https://www.github.com/kjsisco/securerg
On 6/10/2016
Oh I'm not saying that it can't someday happen.
On 5/25/2016 6:18 PM, d...@deadhat.com wrote:
I guess it was all just a matter of time.
A matter of time until the authors of this and certain other related
papers realize that recreating new mask sets for deep sub wavelength
silicon imaging
I guess it was all just a matter of time.
On 5/25/2016 11:25 AM, Ron Garret wrote:
Coming soon to a microprocessor near you
http://static1.1.sqspcdn.com/static/f/543048/26931843/1464016046717/A2_SP_2016.pdf?token=Sqki%2BUKuhrHYxCqc2HU9B1dlHEQ%3D
You make a good point. Entropy needs to feel dangerous in some way. It
needs to make us stop and take notice.
On 5/18/2016 2:46 AM, Jon Callas wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sadly, people's prejudices get them overcomplicating the issue.
It's certainly true that a
Is this using a source of true randomness or just another breakable
algorithm?
On 5/18/2016 2:38 AM, grarpamp wrote:
Let's do another 100 post round on the favorite subject shall we...
because serious RNG is serious.
Academics Make Theoretical Breakthrough in Random Number Generation
The truth is, entropy is only really interesting if you have the funds
to hook up a Geiger counter to your computer.
On 5/12/2016 11:18 PM, David Johnston wrote:
On 5/9/2016 2:01 AM, Luca Testoni wrote:
On 06/05/2016 18:12, Kevin wrote:
I may be way off but it seems to me that a colonel
that's a shame. Not even open source is immune to the usual riff raf.
On 5/10/2016 11:35 PM, Mansour Moufid wrote:
I just heard very unfortunate news about some intellectual property
dispute between Open Whisper Systems and another company.
I won't link to it here, I don't think it would do
That was my original point. However, I now realize how much of a
nightmare that would be.
On 5/9/2016 5:37 AM, Luca Testoni wrote:
On 06/05/2016 19:48, Russell Leidich wrote:
But to answer your question, if we assume that the TRNG resides in the
kernel, I see no way in which an acoustic
Alright that makes sense.
On 5/6/2016 1:48 PM, Russell Leidich wrote:
Kevin, first of all, Krisztian says that the kernel has access to more
entropy, while you say that userspace does. In a sense, you're both
correct: For its part, the kernel has access to a wider array of
devices, and it's
I see what you mean :)
On 5/5/2016 2:45 PM, Ron Garret wrote:
On May 5, 2016, at 11:13 AM, Kevin <kevinsisco61...@gmail.com> wrote:
One can never be to secure!
Actually, I learned the hard way last week that this is not true.
Four years ago I bought a 2010 MacBook air from a private
I personally feel that this is overkill. However, it is always a good
idea to cover all of your bases so I would never say that it's a bad
idea. One can never be to secure!
On 5/5/2016 5:40 AM, shawn wilson wrote:
Just reflecting on the Linux RNG thread a bit ago, is there any
technical
PRISM report and obtain them that
way. Yeah, good luck with that.
-kevin
--
Blog: http://off-the-wall-security.blogspot.com/| Twitter: @KevinWWall
NSA: All your crypto bit are belong to us.
___
cryptography mailing list
cryptography@randombit.net
http:/
I for one signed because I fully support the cause.
On 1/12/2016 4:28 PM, John Young wrote:
Sign the Letter to Secure the Internet
https://securetheinternet.org/
Via Henry Baker, Cryptography List
___
cryptography mailing list
I would need to see this in action but I love the concept.
On 1/5/2016 5:37 PM, Brian Hankey wrote:
http://nimbusid.com
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
---
This
eat model?
7) Probably a dozen or more questions that I'm forgetting to ask.
-kevin
--
Blog: http://off-the-wall-security.blogspot.com/
NSA: All your crypto bit are belong to us.
___
cryptography mailing list
cryptography@randombit.net
http://lists.r
es, I don't know any.
>
> What you are looking for is bugs in the font rendering libraries, which
are system dependent.
Googling for
vulnerabilities in font libraries
is also a good starting place.
-kevin
Sent from my Droid; please excuse typos.
_
On 11/27/2015 5:47 PM, Greg wrote:
Thought this list would be interested in reading about the roll that Google
played in compromising 100k+ users (in addition to Dell):
https://www.reddit.com/r/crypto/comments/3u92aw/dells_tumble_googles_fumble_and_how_government/cxejl5y
- Greg
On 11/8/2015 8:06 PM, sten...@nymphet.paranoici.org wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
My true name is the OpenPGP key whose public component is appended
below. "Igor Stenski" is just a nickname. Each message from me is
signed with this key.
Interests include
o
http://www.networkworld.com/article/2990801/sha-1-hashing-algorithm-could-succumb-to-75k-attack-researchers-say.html
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
___
cryptography mailing
On 8/4/2015 12:29 AM, Patrick Pelletier wrote:
I was on an e-commerce site today, and was horrified when I saw the
following badge:
https://lib.store.yahoo.net/lib/yhst-11870311283124/secure.gif
Did they still have SSLv2 enabled? I checked, and luckily they don't:
On 6/15/2015 6:46 PM, Moti wrote:
I always had my doubts about keeping my passwords in the cloud.
Let's hope for LastPass users that their data is as secure as LastPass
claims it is.
No reason to think otherwise of course, but still. If i read correctly
between the lines, some people's
On 5/25/2015 11:01 PM, Russell Leidich wrote:
As annouced here in the original Jytter blog:
http://jytter.blogspot.com
It has been a long 3 years since Jytter was released. Enranda is now
available for download, analysis, and criticism. It's open source with
awesome licensing terms, courtesy
On 5/26/2015 2:01 PM, coderman wrote:
On 5/25/15, Russell Leidich pke...@gmail.com wrote:
...
Enranda is a cryptographically secure (in the postquantum sense) true
random number generator requiring nothing but a timer (ideally, the CPU
timestamp counter). It produces roughly 4 megabytes of
On 5/26/2015 1:46 PM, coderman wrote:
On 5/26/15, Kevin kevinsisco61...@gmail.com wrote:
Are we talking about entropy taken from hard drive turbulence, the
keyboard or mouse, heat decay, or what?
... requiring nothing but a timer (ideally, the CPU timestamp counter)
for comparison, i run
http://forums.codeguru.com/showthread.php?549845-Triangular-Encryption-of-Data
---
This email is free from viruses and malware because avast! Antivirus protection
is active.
http://www.avast.com
___
cryptography mailing list
On 3/20/2015 2:50 PM, Dave Horsfall wrote:
On Fri, 20 Mar 2015, stef wrote:
Or a reasonably clever and trolling satire on snakeoil products. :)
the less optimistic alternative is this being a well-crafted
water-holing site targeted at the members of this mailing-list.
But wouldn't the
On 3/20/2015 12:06 PM, Tony Arcieri wrote:
On Fri, Mar 20, 2015 at 4:02 AM, Enrique Soriano esori...@lsub.org
mailto:esori...@lsub.org wrote:
These days we can buy 128GB pendrives (i.e. very long pads) for $35.
This simple approach seems viable to me:
This software uses the one-time pad. Have any of you seen this?
http://www.unbreakable-crypto.com
---
This email is free from viruses and malware because avast! Antivirus protection
is active.
http://www.avast.com
___
cryptography mailing list
On 3/19/2015 4:00 PM, Ben Lincoln (F70C92E3 - Cryptography ML) wrote:
On Thu, March 19, 2015 12:33 pm, Kevin wrote:
This software uses the one-time pad. Have any of you seen this?
http://www.unbreakable-crypto.com
There's no demo version available, but based on the screenshots
On 3/10/2015 7:38 AM, John Young wrote:
The Intercept has released files on Apple, DPA and other
cryptanalysis:
http://cryptome.org/2015/03/nsa-apple-dpa-intercept-15-0309.zip (12pp,
1.9MB)
___
cryptography mailing list
cryptography@randombit.net
On 3/7/2015 12:01 PM, Dave Horsfall wrote:
On Sat, 7 Mar 2015, Kevin wrote:
No 1 vulnerability of crypto is the user
2nd passphrases
3rd overconfidence
4th trust in the producer
5th believing backdoors are No. 1
I don't agree that the user should be first on that list unless you are
talking
On 3/7/2015 10:23 AM, John Young wrote:
No 1 vulnerability of crypto is the user
2nd passphrases
3rd overconfidence
4th trust in the producer
5th believing backdoors are No. 1
___
cryptography mailing list
cryptography@randombit.net
-spacetime-encryption-of-a-signal/
The code for easy review:
;Spacetime Encryption
;by
;Kevin J. Sisco(kevinsisco61...@gmail.com
;Spacetime Encryption takes a signal and encrypts it using the power of
the universe!
;this algorithm uses key material from the spacetime continuum
;note
;Spacetime
to quantum
computation.
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
Yes, we have research but can we see it in action yet?
--
Kevin
---
This email is free from viruses and malware
if the product actually works.
--
Kevin
---
This email is free from viruses and malware because avast! Antivirus protection
is active.
http://www.avast.com
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman
The issue is we do not know how to conduct a loophole free bell test.
That's the thing that is really holding us back.
--
Kevin
---
This email is free from viruses and malware because avast! Antivirus protection
is active.
http://www.avast.com
Okay, we see a lot about quantum cryptography and how today's
cryptosystems are mere toys compared to a quantum computer. Great, but
in this post-quantum world how close are we to seeing it in action?
--
Kevin
---
This email is free from viruses and malware because avast! Antivirus
.
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
I believe Grover's algorithm is the quickist at doing what you are
talking about.
--
Kevin
---
This email is free from viruses and malware
On 1/7/2015 3:05 PM, shawn wilson wrote:
On Wed, Jan 7, 2015 at 2:40 PM, Jeffrey Goldberg jeff...@goldmark.org wrote:
On 2015-01-07, at 12:26 PM, Kevin kevinsisco61...@gmail.com wrote:
Any company could review it and decide if it's worth using or not.
Hi Kevin.
Actually that’s a part
On 1/7/2015 2:40 PM, Jeffrey Goldberg wrote:
On 2015-01-07, at 12:26 PM, Kevin kevinsisco61...@gmail.com wrote:
Any company could review it and decide if it's worth using or not.
Hi Kevin.
Actually that’s a part of my job within the company I work for. I’m the one who
can read some
On 1/7/2015 3:32 PM, Warren Kumari wrote:
On Wed, Jan 7, 2015 at 3:09 PM, Kevin kevinsisco61...@gmail.com wrote:
On 1/7/2015 2:40 PM, Jeffrey Goldberg wrote:
On 2015-01-07, at 12:26 PM, Kevin kevinsisco61...@gmail.com wrote:
Any company could review it and decide if it's worth using
picture, though; for these purposes, 32 = 35.
Great! You see at the verry least, we're getting some practice with
these algorithms. I believe that this list is great for this.
--
Kevin
---
This email is free from viruses and malware because avast! Antivirus protection
is active.
http
as golden key to natsec.
QODE, QED.
Kevin wrote: I figured I'd start building my own open source
encryption algorithm: https://github.com/kjsisco/qode If you feel
overwhelmed by the sarcasm directed your way, there is a reason for
that. Designing cryptosystems is *hard*. No, that's too mild
applicators to wed it to code
and hardware without recourse to alchemy and astrology favored by
promoters, sales and PhDs who dream of math as golden key to natsec.
QODE, QED.
Kevin wrote: I figured I'd start building my own open source encryption
algorithm: https://github.com/kjsisco/qode If you feel
On 1/7/2015 1:46 PM, shawn wilson wrote:
On Wed, Jan 7, 2015 at 1:26 PM, Kevin kevinsisco61...@gmail.com wrote:
Any company could review it and decide if it's worth using or not.
Ok, lets run with that - as a company, show me the steps (make file, a
test suite in any programming language
I figured I'd start building my own open source encryption algorithm:
https://github.com/kjsisco/qode
--
Kevin
---
This email is free from viruses and malware because avast! Antivirus protection
is active.
http://www.avast.com
___
cryptography
Seems as though this interview might be of interest to those on these
lists. I've not listened to it yet so I don't know how interesting it may
be.
-kevin
P.S. - Happy Gnu Year to all of you.
Sent from my Droid; please excuse typos.
-- Forwarded message --
From: Gary McGraw g
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
I would like to get back to serious crypto conversations now. Thank you.
--
Kevin
---
This email is free from viruses and malware because avast! Antivirus protection
is active.
http
is original.
--
Kevin
---
This email is free from viruses and malware because avast! Antivirus protection
is active.
http://www.avast.com
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
.
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
If this was already brought up I apologize, but how about looking into
the NIST Randomness Beacon?
--
Kevin
---
This email is free from viruses and malware because avast! Antivirus
Hello. I am wondering if we have any knew info on shellshock? How much
of a threat is it at this point? Patch Tuesday anyone?
--
Kevin
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo
could trust something like
abcdcdhhiklklklmn...@hotmail.com
Am I missing something? If I'm not, it seems more measures should be
taken. What about digital signatures? Would you change the scheem?
--
Kevin
___
cryptography mailing list
://lists.randombit.net/mailman/listinfo/cryptography
I think section 8.1 answers your question. People will most likely feel
that the risks make this mechanism not worth it.
--
Kevin
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net
generator. My advise is combine
that with another source and a hash. In other words:
Good enough is not good enough.
--
Kevin
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
everyone in it. Then again, he probably uses Windoze, so there's little
hope.
-- Dave
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
Now now, window users are people too.
--
Kevin
that it is still
pertinent.
[snip]
-kevin
--
Blog: http://off-the-wall-security.blogspot.com/
NSA: All your crypto bit are belong to us.
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
/mailman/listinfo/cryptography
The problem is, this will never really hit the mainstream. When or if
it does, I might feel better about it. I remain suspicious.
--
Kevin
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net
guarantees.
...
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
I think this is great!
--
Kevin
___
cryptography mailing list
cryptography
this and I seriously doubt it will be the last. Is it wise to point
fingers and start using conspiratorial statements?
--
Kevin
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
On 6/9/2014 11:53 AM, John Young wrote:
C400 040D 6C36 C7B0 B680 6E25 EA30 0D8A 7D53 1E84
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
Private or public key? Hmmm
--
Kevin
I began thinking about how hard cryptographers of the future may have to
work to secure systems. I have come up with an algorithm that will
hopefully get people thinking about so-called unbreakable codes. The
algorithm follows(don't worry, it's not long):
;Titanic
;by
;Kevin J. Sisco
On 5/28/2014 4:35 PM, Sadiq Saif wrote:
http://truecrypt.sourceforge.net/
https://gist.github.com/anonymous/e5791d5703325b9cf6d1
https://twitter.com/matthew_d_green
So WTF happened?
So encrypt with BitLocker and decrypt with TrueCrypt? Why?
--
Kevin
process is taxed.
This is what I mean:
Let's assume you set aside a chunk of memory. At some point it needs to
be freed. How often do you wish the algorithm to do this? It is
important to figure this out because your ram will be used and flushed
(in part) over and over.
--
Kevin
around that time. Maybe I'm
just blabbering here since I can barely remember what I had
for lunch two days ago much less recall details of papers that
I've read from 5 or 6 years ago. Anyhow, I'm sure someone
on this list knows the details and I probably have it all wrong
anyway.
-kevin
--
Blog
or not. If not, well, like I
said it's be a long time that I've written C/C++ programs and even
longer since doing an serious kernel work.
-kevin
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
?
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
This could lead to a heart attack. Okay, now we're just getting silly!
--
Kevin
___
cryptography mailing list
a catchall for
inexcusable invasion of the public realm.
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
Okay, isn't this a bit over the top?
--
Kevin
this, but I'm sure attacking android is
quite simple as mobile security is farely new. I have to wonder why you
are asking?
--
Kevin
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
What sort of claims?
--
Kevin
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
On 1/28/2014 11:38 AM, grarpamp wrote:
On Tue, Jan 28, 2014 at 10:03 AM, Kevin kevinsisco61...@gmail.com wrote:
What sort of claims?
1) secure
2) anonymous
3) free
4) the usual etc
___
cryptography mailing list
cryptography@randombit.net
http
://lists.randombit.net/mailman/listinfo/cryptography
I would suggest looking at the NIST randomness beacon.
--
Kevin
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
On 1/14/2014 7:55 AM, Teemu Väisänen wrote:
Thank you Kevin for your comments!
One-time pad offers perfect secrecy, but yes, it is not much used in
practice mainly because of several problems/challenges I am sure you
in this list are well aware of.
About the XEP proposal: if Prover
-time pad is
great in theory; I personally like it. Realistically, however, I'd
replace it with something else. Just my thoughts.
--
Kevin
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
.
Sent from Yahoo Mail on Android
http://overview.mail.yahoo.com/mobile/?.src=Android
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
I'm sorry but that is a crock of bull.
--
Kevin
On Jan 6, 2014 10:29 AM, Krassimir Tzvetanov mailli...@krassi.biz wrote:
Guys, are you trying to kill this list as well?
Can you, please, move this discussion to the sci-fi or theory of
conspiracy _forums_.
Indeed; let's not feed the trolls!
-kevin
Sent from my Droid; please excuse typos
On Jan 6, 2014 10:29 AM, Krassimir Tzvetanov mailli...@krassi.biz wrote:
Guys, are you trying to kill this list as well?
Can you, please, move this discussion to the sci-fi or theory of
conspiracy _forums_.
Indeed; let's not feed the trolls!
-kevin
Sent from my Droid; please excuse typos
On Tue, Dec 31, 2013 at 3:13 PM, Jacob Appelbaum ja...@appelbaum.netwrote:
Kevin W. Wall:
On Tue, Dec 31, 2013 at 3:10 PM, John Young j...@pipeline.com wrote:
30c3 slides from Jacob Appelbaum:
http://cryptome.org/2013/12/appelbaum-30c3.pdf (3.8MB)
And you can find his actual prez
this sort of view.
--
Kevin
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
://lists.randombit.net/mailman/listinfo/cryptography
I'm sorry, but is this a sick joke? Why are we beeing advised not to
trust the U.S? Did I read this wrong?
--
Kevin
___
cryptography mailing list
cryptography@randombit.net
http
pressure will go up a few points.
-
kevin
--
Blog: http://off-the-wall-security.blogspot.com/
NSA: All your crypto bit are belong to us.
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
/mailman/listinfo/cryptography
I am anoter fellow programmer if that is your aim.
--
Kevin
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
Hello list. What is the best key stretching method that can be used?
--
Kevin
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
On 12/28/2013 6:02 PM, Jeffrey Goldberg wrote:
On Dec 28, 2013, at 2:01 PM, Kevin kevinsisco61...@gmail.com wrote:
Hello list. What is the best key stretching method that can be used?
Best for what?
If you are trying to stretch from a password to a key and wish to add some
resistance
good resources would be great, I've watched a lot of the
YouTube stuff but would like a step up from there.
Hopefully I'll join you again one day ;)
Thanks in advance.
Ross
On 28 Dec 2013, at 09:01 PM, Kevin kevinsisco61...@gmail.com wrote:
Hello list. What is the best key stretching method
,
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
I would be interested to see where this would come in handy. It's a
great beginning algorithm for sure.
--
Kevin
___
cryptography
://lists.randombit.net/mailman/listinfo/cryptography
A valid point. However this is a hand cipher which probably would not
see its way into a system.
--
Kevin
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo
Maybe it's just me, but the soup to nuts cryptanalysis process is
black magic. So I am curious...does one start with side channel
attacks? Which attacks are tried on an algorithm first and how is that
decided?
--
Kevin
___
cryptography mailing
.
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
I feel that tweeting code has dangers. Congradulations on opening your
code up to security breaches.
--
Kevin
___
cryptography mailing
* backdoor.
--
Kevin
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
'
then to 'snoopy3', etc. when your password inevitably changes. Plus, it makes
a lot easier to remember than to start out with 'sn00py' and then go
to 'sn11py',
'sn22py', etc. :-)
-kevin
--
Blog: http://off-the-wall-security.blogspot.com/
NSA: All your crypto bit are belong to us
because there is not sufficient
entropy. It would be up to the application to repeat the read() attempt
(hopefully sleeping awhile in between) if they haven't read enough
bytes.
-kevin
--
Blog: http://off-the-wall-security.blogspot.com/
The most likely way for the world to be destroyed, most
search for HostnameVerifier on that page, it should lead you in
the right direction. If you have a specific question about the code, ping
me off-list and I'll see if I can answer.
HTH,
-kevin
--
Blog: http://off-the-wall-security.blogspot.com/
The most likely way for the world to be destroyed, most
different people, but if you have one that you've created,
don't let you dissuade you from recommending it.
Thanks,
-kevin
P.S.- If there are any takers in reviewing this once I've completed the
initial draft, please let me know off-list. It's looking like it will be
somewhere between 12-15
in the implementation, but I didn't see anything
particularly in the design that was a show-stopper in that regard.
Anyhow, I'd be interesting in hearing other's opinion on this especially
since it is a problem that I regularly face when it comes to application
security.
Thanks,
-kevin
--
Blog: http
-into-bitcoin-mining
-kevin
--
Blog: http://off-the-wall-security.blogspot.com/
The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents.-- Nathaniel Borenstein
http://www.usc.edu/uscnews/newsroom/news_release.php?id=3017
Interesting use of crypto, not a lot of details here. Haven't checked the
USENIX proceedings yet though. However, somewhat disturbing though that
software developed via NFS grants on the U.S. taxpayer's dime can be
patented.
-kevin
1 - 100 of 155 matches
Mail list logo
