- Sent from my phone
Den 5 apr. 2016 09:17 skrev "John Gilmore" :
>
> > The key idea here is that you get to have *one* identifier for yourself
> > under your control, that you can use everywhere, securely.
>
> The key idea here is a bad idea.
>
> I don't want everyone I interact with to have the s
Den 4 apr. 2016 19:23 skrev "Sean Leonard" :
>
> I think it’s called a URI.
>
> Any “universal” address is going to have to have embedded info about the
protocol or system that it is addressing. See URI.
People see URL:s and think websites, they see email addresses and think
people.
OpenID essent
I'm crossposting this to a few lists, a few of the relevant mail archives
are here for those who want to follow the replies on the other lists;
http://www.metzdowd.com/pipermail/cryptography/
http://lists.randombit.net/pipermail/cryptography/
http://www.ietf.org/mail-archive/web/endymail/current/m
Den 10 dec 2015 21:02 skrev "realcr" :
>
> It has been a while, but I think I know now about an idea to solve this
problem.
> I really appreciate all the help I got from your responses.
>
> I wrote a document that explains it here:
>
>
https://www.newtolife.net/the-trusted-supernode-and-distributed
@Richard Clayton: I'm aware of Fawkes signatures. They are somewhat
applicable, but in some circumstances they aren't useful and/or safe.
Here's the best case stateless implementation of Fawkes signatures that I
can see that matches this usecase;
Use a seed and a counter to derive commitment valu
This started with the following Reddit thread:
http://www.reddit.com/r/crypto/comments/32gh1v/looking_for_signing_algorithm_that_keeps_signee/
The goal is to be able to publish signed messages anonymously and then
later on prove it was you who signed them, at a time of your choosing.
NOTE: I'm no
Den 24 jan 2015 22:06 skrev "Greg" :
>
> So, I understand that QM algos can pretty much dismantle all popular
asymmetric encryption algos with enough q-bits, but I haven't thought hard
enough to see if they also can be used to compromise communications that
used DH to do PFS underneath the initial
Den 8 jan 2015 13:00 skrev "realcr" :
>>
>> You still don't get any meaningful security if old band members are
assumed to be untrusted and you don't use a public checkpointing mechanism.
Transfer of the title of being the real group must be a one-time only thing
for each version of the group, and
Den 8 jan 2015 11:54 skrev "realcr" :
>
> Hey, thanks again for the reply.
>>
>> The only notable difference is that in my version you are checkpointing
the change in th blockchain.
>>
>> You still have the very same form of signing, but you sign a slightly
different message (transfer of a colored
Den 8 jan 2015 08:03 skrev "realcr" :
>
> Hey Natanael, Thanks for your response.
>
>>
>> It's the chain of signatures always published in an accessible way so
that the original members can't "doublespend" and claim to be the task
group? Otherwise
Den 7 jan 2015 22:14 skrev "realcr" :
>
> Hey,
> Thank you for all the responses. I figured out that I left some important
details out, probably because I thought about it for a long time. I'm sorry
about that.
> I will try to formulate it again:
>
> Assume that the world contains correct people (P
Den 10 sep 2014 22:34 skrev "Aaron Toponce" :
>
> I've since put together a site of playing card ciphers, weak and strong.
It's
> still _very_ much a work in progress, but some input would be appreciated:
>
> http://aarontoponce.org/card-ciphers/
[...]
> I still have a great amount of work to
Den 28 jul 2014 18:23 skrev "Lodewijk andré de la porte" :
>
> Hey everyone,
>
> If I XOR probably random data with good enough random data, does that
result in at least good enough random data?
>
> I'm working on some Javascript client side crypto. There's a
cryptographic quality random generator
On Mon, Jun 9, 2014 at 7:35 PM, ianG wrote:
> Original Message
> Subject: [Tcpcrypt] WG Review: TCP Increased Security (tcpinc)
> Date: Thu, 05 Jun 2014 14:31:12 -0700
> From: The IESG
> To: IETF-Announce
> CC: tcpinc WG
>
> A new IETF working group has been proposed in the T
Den 8 jun 2014 21:52 skrev "Jerry Leichter" :
>
> On Jun 7, 2014, at 7:56 PM, Bill Cox wrote:
>>>
>>> Is there reliable evidence that putting mobiles in a fridge is any
>>> better illusory comsec than putting pillows around the door also
>>> comically exhibited to clueless journalists favored by S
Den 9 feb 2014 00:53 skrev "Eric Mill" :
>
> On Sat, Feb 8, 2014 at 4:38 PM, Natanael wrote:
>>
>> 1: Domains expire unless renewed.
>
> I did not understand that about Namecoin at all, that is A+.
>>
>> 3: The security model of blockchain based syste
1: Domains expire unless renewed.
2: Transfers are possible.
3: The security model of blockchain based systems like Namecoin is that the
primary chain had the greatest amount of proof-of-work behind it, and you
can't fake the proof-of-work. You can try to isolate a node and provide a
fake chain,
Den 9 jan 2014 00:56 skrev "Paul F Fraser" :
>
> Software and physical safe keeping of Root CA secret key are central to
security of a large set of issued certificates.
> Are there any safe techniques for handling this problem taking into
account the need to not have the control in the hands of one
Den 5 jan 2014 13:23 skrev "Randolph" :
>
> Hi
>
> - a "scrambler" could send out from time to time fake messages.
> - an "impersonator" could record your own chat behaviour and generate
random time and lenght and content data, so it looks like your own chat
> - the main problem remains that from a
Den 3 jan 2014 20:42 skrev "coderman" :
>
> use case is long term (decade+) identity rather than privacy or
> session authorization.
>
> eternity key signs working keys tuned for speed with limited secret
> life span (month+). working keys are used for secret exchange and any
> other temporal purp
To those asking for a decentralized and anonymous solution - there is
Syndie on I2P, but I doubt that anyone here will like the interface or the
excessive slowness of the entire thing. Fetching lists of conversations can
take hours, and you don't really know if posts are missing or not.
Then there
need to distinguish between them anymore. A 'light'
> messaging client could simply ignore the non transport email headers,
> or use your standard msg@nodekey address.
> Please do not continue to talk about antique tradional centralized
> systems in this thread, except of course to b
That sounds a lot like my Web of Trust based DNS suggestion. Link:
http://www.reddit.com/r/Meshnet/comments/o3wex/wotdns_web_of_trust_based_domain_name_system
Domain names would not be globally unique, where they go would instead be
based on each individual node's trust ranking for the site's nod
It's always a good idea to use several entropy sources and
cryptographically mix their outputs into your pool. They won't reduce your
total entropy either way, any predictable sources will only be adding less
entropy than promised.
- Sent from my phone
Den 19 dec 2013 09:19 skrev "Joachim Strömber
Sounds just like the Bitcoin blockchain to me. Or maybe the fork Namecoin.
- Sent from my phone
Den 18 dec 2013 02:20 skrev "James A. Donald" :
> On 2013-12-18 04:38, Joseph Birr-Pixton wrote:
>
>> In very general terms, you cannot hope to achieve confidentiality
>> without authenticity.
>>
>> Yo
Bote mail and I2P messenger are two pieces of serverless software that
ALREADY is public key addressed within I2P. Have you tried them? You need
to add the public keys of the recipients to be able to send a message to
start with, although the DHT based search system Seedless allow you to
publish Bo
So, Convergence/Perspectives done on email headers?
- Sent from my phone
Den 27 nov 2013 22:07 skrev "Stephen Farrell" :
>
>
> On 11/27/2013 09:01 PM, Jeffrey Walton wrote:
> > Isn't the key distribution problem being pushed into DNS? The
> > underlying problem still exists.
>
> Depends. If say s
Bote mail doesn't have to be used for it's anonymous properties, for me
that is just a bonus. For many people it is more than enough to be able to
know that it is impossible for anybody else than the intended recipient to
read the message thanks to public key addressing. Guaranteed end-to-end
secur
That can really only be solved by gateways, IMHO. It's the only way to talk
between the systems that don't put limits on how secure either one can be.
- Sent from my phone
Den 26 nov 2013 16:09 skrev "c1cc10" :
> If we're discussing about this topic it is because of people. emails are
> one peopl
ts to be done on
> existing interoperable platforms.
>
> Let's first cut-off the massive passive traffic analysis, then improve
> current systems to provide some added protection against metadata,
> focusing in a far future, when the new system got already wide adoption,
> make
Say hello to Bote mail on I2P.
I2P provides encrypted anonymizing networking, Bote mail provides DHT based
serverless encrypted mailing with public crypto keys as addresses (ECDSA or
NTRU).
http://i2p2.de and i2pbote.i2p (if you don't have I2P installed, add .us to
visit it via an inproxy).
Ther
Because there's no guarantees at all for anything at all for that site.
On Wed, Nov 13, 2013 at 6:10 PM, Joshua Kingsolver Price
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Something of a noob question, but what about random.org? Is there some
> reason why this site isn't used by
You can also submit a hash of the documents of the event to the Bitcoin
blockchain in a transaction. There are so many who can confirm it was
published at a certain date that it can't be practically faked.
- Sent from my phone
Den 12 nov 2013 00:30 skrev "Peter Gutmann" :
> Warren Kumari writes:
t; On Mon, Nov 11, 2013 at 8:14 PM, Natanael wrote:
> > Proof-of-work, just like Bitcoin itself uses for hashing?
> No this idea isn't about proof of work. The idea is delaying the
> computation result, preventing a miner from picking a value.
> If the computation takes an
Proof-of-work, just like Bitcoin itself uses for hashing? See hashcash as
well. Require that the message in question is hashed together with a random
value, with an output that matches a given pattern. And specify that one
part of the message has to be the hash of a Bitcoin block from the given
tim
SCIPR is another one. http://www.scipr-lab.org/
If it became efficient it could be useful for mining in a Bitcoin fork
(commonly called altcoins). Don't know what kind of computations you'd
actually would want it to do, though. Most meaningful computations could
easily be deprecated by better algo
Can't the distributed pool P2Pool easily be updated to account for that?
- Sent from my phone
Den 4 nov 2013 16:33 skrev "Peter Todd" :
> On Mon, Nov 04, 2013 at 09:31:04AM -0430, Karn Kallio wrote:
> >
> > The paper "Majority is not Enough Bitcoin Mining is Vulnerable" may be of
> > interest.
>
No hints at what kind of client it takes? Custom config or recompile?
- Sent from my phone
Den 1 nov 2013 05:11 skrev "coderman" :
> On Thu, Oct 31, 2013 at 7:55 PM, coderman wrote:
> > my contempt for email is well known and reinforced by choice of provider.
> >
> > there are myriad rebuttals t
Should we create some kind of CRL style protocol for algorithms? Then we'd
have a bunch of servers run by various organizations specialized on
crypto/computer security that can issue warnings against unsecure
algorithms, as well as cipher modes and combinations of ciphers and
whatever else it might
That would be known plaintext attack (or statistical analysis like how
simple ciphers typically are broken) vs chosen plaintext attack (BREACH is
the latter, while compression would increase "entropy density" to make the
former harder since each individual bit becomes harder to predict).
Sorry, no
Carrier-agnostic encrypted mesh routing software: CJDNS.
Cantenna, IR-link based RONJA, ethernet/LAN, whatever. If you've got a
data link you can use it.
It creates an IPv6 network internally in the 'fc' range (private
network) where the address is a hash of the node's public key.
On Wed, Sep 25
For your question: Session keys and key rotation?
Den 25 sep 2013 16:11 skrev "John Young" :
> NSA Technical Journal published "The Unbreakable Cipher" in Spring 1961.
>
> http://www.nsa.gov/public_info/_files/tech_journals/The_Unbreakable_Cipher.pdf
>
> Excerpts:
>
> [Quote]
>
> David Kahn, "Lye
I made a suggestion like this elsewhere:
Store the keys split up in several different files using Shamir's Secret
Sharing Scheme. Encrypt each file with a different key. Encrypt those keys
with a master key. XOR each encrypted key with the SHA256 of their
respective encrypted files. Put those XORe
http://blog.cryptographyengineering.com/2012/02/multiple-encryption.html
Apparently it's called "cascade encryption" or "cascade encipherment",
and the implementations are apparently called "robust combiners". And
by the way, Truecrypt already lets you pick your chosen combo of AES
and two other ci
If the server isn't trusted enough to be allowed to know how many
devices there are behind one proxy/IP address, then cookies should
never be reused, otherwise it might be able to tell that there's
simultaneously maybe 5 or so different cookies being used when sending
time requests from the same IP
Considering that it's designed to not trust the servers in the first
place (just your gateway, which often will be part of your own client
or otherwise run locally), it's not all too hard. If you've verified
the client, then you can be sure your data is secure.
2013/8/29 Nikos Fotiou :
> A naive c
Elsewhere it has been speculated that they got access to the VPN they used.
2013/8/27 :
> Dear Cryptographers,
>
> The article on "UN video-conference spying allegations" (
> http://america.aljazeera.com/articles/2013/8/25/nsa-bugged-u-n-headquarters.
> html ) claims:
>
> "In the summer of 2012,
Bitcoin Brainwallet software creates ECDSA keys that you can use for
multiple purposes, not only for Bitcoin.
A link to Phidelius, which was previously mentioned:
http://dankaminsky.com/2012/01/03/phidelius/
---
I would like to see some standardized hierarchial deterministic scheme
to generate v
The client and the server shouldn't both generate responses exactly the
same way with the same key, no. If you use HMAC, I think including a simple
identifier would be good enough. Something like this: HMAC(key, device ID
+ counter + timestamp), where the server and client has different IDs.
Den 2
--
> Hash: SHA1
>
> On 8/20/13 8:31 PM, Natanael wrote:
>
> https://jitsi.org/Documentation/ZrtpFAQ
>
> "ZRTP and the GNU ZRTP implementation provide features to
> communication programs to setup of secure audio and video session
> without additional infrastructure, s
https://jitsi.org/Documentation/ZrtpFAQ
"ZRTP and the GNU ZRTP implementation provide features to
communication programs to setup of secure audio and video session
without additional infrastructure, server programs, registration, and
alike."
While this doesn't state outright that Jitsi uses ZRTP
Most regular people can't accurately test or evaluate the output.
Numbers aren't random, the sources are. You can't just judge a PRNG by
it's output. For all you know the PRNG could be doing nothing more
than doing SHA256 of a fixed value plus a counter, and if somebody
would know that fixed value
That's trademarks, not copyright, and they get it transfered IF they
request it and the original owner did not have a valid reason to use that
domain with the trademarked name/phrase.
And either way, reusing previously malicious domains for legit purposes is
probably THE WORST method ever of accid
Big fat disclaimer: I'm also not a crypto expert. Don't trust this without
verification from somebody who is.
To add to what CodesInChaos said, just in case you can't use different keys
for different types of data then just before encrypting it you could add a
HMAC of the plaintext with a tag (sho
You might find my suggested scheme interesting:
http://www.reddit.com/r/crypto/comments/r003r/are_others_interested_in_cryptographybased_voting/c42lo83
It uses Secure Multiparty Computing plus Shamir's Secret Sharing Scheme
among a number of nodes with conflicting interests (in order to avoid
col
Convergence, (in-browser) certificate pinning, and a few more. You could
also use DNSSEC to serve the certificate.
2013/6/30 James A. Donald
> The biggest Tor vulnerability is that governments and large criminal
> organizations (but I repeat myself) can use their influence over a CA to
> perfor
rather than for live chat (IM or IRC) or continous browsing.
2013/6/30 Jacob Appelbaum
> Natanael:
> > I'm not seeing that many options though. The Phantom project died pretty
> > fast;
> > https://code.google.com/p/phantom/
> > https://groups.google.c
dy*? Could we try to start a new project (if needed) to create one?
(I would like one with at least the same level of functionality as I2P,
even if it would have to have a very different architecture.)
2013/6/30 Jacob Appelbaum
> Natanael:
> > I would like to point out that th
I would like to point out that the developers of the anonymizing network
I2P are looking for more external review of the codebase (it's in Java, by
the way). Everybody who knows how to do security reviews of source code and
has time to spare should take a look at it.
FYI, I also think that I2P's s
That depends on the system. Consider how HDCP encryption was broken;
https://en.wikipedia.org/wiki/High-bandwidth_Digital_Content_Protection
It used a scheme where access to enough keys allowed you to calculate the
master key, breaking the entire scheme.
2013/6/25 Bill Scannell
> This Daily B
Would anybody dare to use a SHA256 based stream cipher? (XOR with checksum
of key and counter or whatever you want to throw in there.) Would it be
faster than RC4/Salsa20? I'm a bit curious about why nobody seems to be
using hash/checksum based stream ciphers.
2013/6/23 James A. Donald
> On 20
Isn't that equivalent to sender doing XOR on the plaintext, recipient doing
XOR on first ciphertext, sender doing another XOR on second ciphertext to
create third ciphertext, and the recipient doing XOR again to get plaintext?
That's key-reuse and breaks XOR/OTP. The middleman simply XORs the
ciph
So basically, the way around having one insecure channel is to use so many
insecure channels that the same attacker can't control them all. Which IRL
means you run around between computers and check if what you published is
available under the exact identity/keys you specified, and keep making up
n
My suggestion is that you research the history of (cryptographic)
authentication, mutual authentication (thanks Wikipedia for that phrase)
and MITM. (Maybe you already have done that, though?)
I can at least point out that spy agencies have known for many many decades
that you can not securely and
>From what I have read, and as far as I have understood it, your
zero-knowledge proofs are linked to a specific "state" of your choice. In
other words, you prove that your Zerocoin mint was one of a certain set of
Zerocoin mints. One can ONLY test the zero-knowledge proof against that set
(since yo
The OCR file link is wrong. Ditch that "e" in "text".
http://cryptome.org/2013/03/nsa-cryptologs-txt.zip
2013/3/20 John Young
> Most of the Cryptologs were formerly classified Top Secret.
> NSA calls it a "monumental release."
>
> Non-searchable image files at NSA:
>
> http://www.nsa.gov/public
This is precisely how I2P eepsites work. The true addresses are [52
characters of b32 encoded checksum of public key].b32.i2p while the
hosts.txt file is a list of these with their readable [sitename].i2p
domains. You can modify your own lists as you wish.
I2P Messenger and Bote mail could be comb
mselves does, I
personally don't think as many people would be interested in the
discussions. But then I don't have any data on that, and I don't know how
many or what kind of responses you got.
2013/1/26 Paul Hoffman
> On Jan 25, 2013, at 4:11 PM, Natanael wrote:
>
>
On topic for the thread: I don't *think* there's currently any insurance
companies with special policies for CA:s. There might be about 600
organizations that can issue SSL certs according to EFF, but there's more
insurance companies than that in the world. Most of them probably don't
have many CA:
However, quantum cryptography adds so many more requirements that it has
almost no benefits at all compared to what we have already.
Den 8 jan 2013 00:19 skrev :
> > There is already too much hype over QKD. It's "unbreakable" (if you pay
> > no attention to all those vulnerabilities at the physic
Bitcoin based DNS? That would be Namecoin. I am unsure if it also manages
SSL or similiar link encryption or if that is a separate thing for the
scheme.
Den 6 jan 2013 08:27 skrev "James A. Donald" :
> On 2013-01-05 12:07 PM, Morlock Elloi wrote:
>
>> Correct. The cost of being CA is equal to the
*Rootkits*. Just replace the firmware.
Den 30 okt 2012 19:13 skrev "Jonas Wielicki" :
> On 30.10.2012 14:30, Natanael wrote:
> > Yeah, this looks like TPM with software protection instead of hardware
> > protection.
> >
> > Rootkits can screw it up.
&g
Yeah, this looks like TPM with software protection instead of hardware
protection.
Rootkits can screw it up.
Den 30 okt 2012 14:27 skrev "Solar Designer" :
> This is very curious, but ...
>
> On Tue, Oct 30, 2012 at 10:08:06AM +0100, Eugen Leitl wrote:
> > Cloning the actual SRAM state in a GPU i
AFAIK the key is just generated once and then hashes are generated in two
rounds, if it is 0xFC at the first try it's done, otherwise it runs more
checksum rounds in groups of two.
Den 4 okt 2012 22:55 skrev "Guus Sliepen" :
> On Thu, Oct 04, 2012 at 02:37:53PM +0200, Eugen Leitl wrote:
>
> > I've
Homomorphic encryption isn't really that new, it's just that it's starting
to get practical first now.
On Wed, Sep 26, 2012 at 11:49 PM, Moti wrote:
>
> http://www.americanscientist.org/issues/num2/2012/5/alice-and-bob-in-cipherspace/1
>
> ___
> crypto
In that case Anonymous and other hacker groups is your problem.
Den 23 sep 2012 01:37 skrev "StealthMonger" :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Natanael writes:
>
> > I do not want to trust that single server won't be hacked, tappe
I can not imagine anything inherently trustable. I do not want to trust
that single server won't be hacked, tapped by NSA or raided by FBI.
Den 22 sep 2012 22:49 skrev "StealthMonger" :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> "James A. Donald" writes:
>
> > On 2012-09-05 11:51 PM, S
In this case I definitely prefer my version that requires no activity at
all of this kind, unless somebody manages to hack a majority of the servers
you hired. None need at all to move something continuously, just wipe
enough of your servers so that the threshold can't be reached by the
hacker. The
his thing? Remember that the overhead makes
it slooow, so no secret bruteforcing of anything.
- Sent from my tablet
Den 5 sep 2012 16:21 skrev "Natanael" :
> If the trustee (correct word?) stops passing the messages to your "CDMS"
> (cryptographic dead man switch), it wo
But you can't revoke his ability to keep bruteforcing the message.
- Sent from my tablet
Den 19 sep 2012 23:01 skrev "mhey...@gmail.com" :
> Doh, don't know why I brought public-key crypto into this. There isn't
> a need for it. Just pick, say, an AES key and give the trustee some of
> the key's
It can detect passive snooping, not full MITM.
- Sent from my tablet
Den 18 sep 2012 18:17 skrev "Zack Weinberg" :
> On Tue, Sep 18, 2012 at 3:30 PM, Natanael wrote:
> > Does anybody here take quantum crypto seriously? Just wondering. I do not
> > see any benefit over
Does anybody here take quantum crypto seriously? Just wondering. I do not
see any benefit over classical methods. If one trusts the entire link and
knows it's not MitM'd in advance, what advantage if any does quantum key
distribution have over ordinary methods? And isn't it just as useless
otherwis
ion to become known. Unless you find some way to reverse that or use
> a hybrid crypto and non-crypto solution a DMS cannot happen.
>
> Anyone disagree?
>
> Note that a Bitcoin-like/distributed network could in potential be an
> automated DMS-crypto-cheat.
>
> 2012/9/5 Natanael
If the trustee (correct word?) stops passing the messages to your "CDMS"
(cryptographic dead man switch), it would simply decrypt the original
message automatically. So you can not put the entire mechanism in the hands
of the trustee, especially not the part that authorizes the decryption. I
could
Isn't the standard answer to always verify, verify, verify? Make sure you
only accept some types of data from Malloc and verify it *can't* do strange
crap. Also, read up on XSS prevention and all that.
BTW, it doesn't have to be done in the browser. You can do it server side,
although it will incr
Never trust that the server delete data.
- Sent from my tablet
Den 21 jul 2012 11:15 skrev :
> Hello, I have a question regarding encrypted bloom filter protocols. I
> have come to the understanding that I can use such protocols to allow a
> client to query a server for the presence of a string,
or & colleague i knew, before submission. easy to err on this
> things.
>
> --- jd.cypherpu...@gmail.com wrote:
>
> From: "jd.cypherpunks"
> To: "givo...@37.com"
> Cc: Natanael , "cryptography@randombit.net" <
> cryptography@random
but, good
> enough for most ppl. I stand by phil zimmerman's point. most ppl use
> envelopes. easily opened. but a good deterent.
>
> --- natanae...@gmail.com wrote:
>
> From: Natanael
> To: givo...@37.com
> Cc: cryptography@randombit.net, jam...@echeque.com
>
What I think people react on is that it's really pointless to use decimals
and having to keep track of when they repeat. A simple RNG with normal
numbers could be used instead, and probably *should* be used unless your
crypto really *needs* numbers consisting of primes divided by primes.
So essent
I'm not a crypto expert, but I have read a bit about it, and have some
comments. I am pretty sure that my comments below are accurate and
relevant. Feel free to correct me if I am wrong.
One: On the second paper, you assume a prime number as long as the message
is secure, and give an example of a
Looks like that only would be useful when you can't protect the link's
resource itself with authentication requirements, and I can only see it as
being useful when assuming a passive attacker who aren't trying to access
the link before the intended recipient.
I would even consider encrypting the li
Just FYI, there's been claims that these guys faked it. But on the other
hand, there ARE other tools that can extract data from iPhones so you can
bruteforce the encryption later.
I might look for the links later.
Sent from my tablet
Den 10 apr 2012 19:07 skrev "Randall Webmail" :
> Cop tools ea
Again - SSL flaws, bad server, etc... Maybe a buggy browser. Can you imagine a
bug allowing JS injection in any tab? Post a bit.ly link and wait for keys...
Bugs like that have existed before.
2012-04-01 02:54 skrev James A. Donald:
On 2012-04-01 7:51 AM, natanae...@gmail.com wrote:
> It's run
It's running in a browser using JS...
2012-03-31 23:33 skrev Nadim:
This strikes me as a sizeable assumption.
NK
On Saturday, 31 March, 2012 at 5:28 PM, natanae...@gmail.com wrote:
And javascript controls how it is used. Modify or add some JS and you can take
the key.
2012-03-31 22:56 skr
And javascript controls how it is used. Modify or add some JS and you can take
the key.
2012-03-31 22:56 skrev James A. Donald:
On 2012-04-01 6:17 AM, natanae...@gmail.com wrote:
> There are two issues IMHO:
>
> * SSL flaws/Javascript MITM/bad servers. Your key can be leaked.
According to the
There are two issues IMHO:
* SSL flaws/Javascript MITM/bad servers. Your key can be leaked.
* If you already have a way to verify fingerprint PER SESSION, then why use
this service? I can only imagine it's because you prefer to type on a computer
keyboard on a public access computer than on you
It seems to lack verification and authorization = easy to MITM.
2012-03-31 15:49 skrev Mario Contestabile:
You guys have any cypherpunk opinions on https://crypto.cat/ ?
It's a "secure" online communication tool, apparently used by Anonymous.
It was developed by Nadim Kobeissi, (yet another
Sounds good, but they're already asking for backdoors to the haystacks...
2012-03-27 17:45 skrev Ed Stone:
Just as immunizations protect not only the person immunized, but also help
protect the community from contagion, wouldn't more encrypted content have a
public benefit through increasing t
NSA flamebait? Hehe.
On Sat, Mar 24, 2012 at 18:14, Jeffrey Walton wrote:
> On Fri, Mar 23, 2012 at 8:08 PM, Randall Webmail
> wrote:
> > From: "Jeffrey I. Schiller"
> >
> >>I bet everyone on this list can send encrypted messages to each other
> >>and they will never be broken... because they
He actually asked two different questions on #2, if all hashes have collisions
and if all messages have collisions. For MD5, the latter is "almost" proven
true. There's a tool that let you enter two plaintexts, and then it generates a
shared appended string (like md5(text_a+string)=md5(text_b+st
1 - 100 of 105 matches
Mail list logo
