I originally sent this to John Levine privately, but the discussion seems to
have leaked onto this list so I’m re-sending my response to John here for the
record.
Begin forwarded message:
> From: Ron Garret <r...@flownet.com>
> Subject: Re: [cryptography] MalwareBytes
> Date
What matters is not the certificate. The certificate is public. You can’t
“steal" a certificate.
What you *can* steal is the private key associated with a certificate, and the
more time goes by the more likely it becomes that someone has done so.
However, the expiration date is completely
Coming soon to a microprocessor near you
http://static1.1.sqspcdn.com/static/f/543048/26931843/1464016046717/A2_SP_2016.pdf?token=Sqki%2BUKuhrHYxCqc2HU9B1dlHEQ%3D
___
cryptography mailing list
cryptography@randombit.net
On May 17, 2016, at 11:46 PM, Jon Callas wrote:
> Sadly, people's prejudices get them overcomplicating the issue.
Indeed.
> It's certainly true that a geiger counter measures something that's truly
> random (for some suitable value of truly random) because of quantum
On May 5, 2016, at 11:13 AM, Kevin wrote:
> One can never be to secure!
Actually, I learned the hard way last week that this is not true.
Four years ago I bought a 2010 MacBook air from a private party (i.e. I’ve
owned it for four years, and it was two years old
On Apr 14, 2016, at 2:36 AM, stef <s...@ctrlc.hu> wrote:
> On Tue, Apr 12, 2016 at 08:12:52PM -0700, Tony Arcieri wrote:
>> On Tue, Apr 12, 2016 at 7:26 PM, Ron Garret <r...@flownet.com> wrote:
>> Well, that's true, but it's also hundreds of times bigger than a to
On Apr 13, 2016, at 4:16 PM, Jerry Leichter wrote:
>>> Yes, make it significantly smaller than the current form factor.
>>
>> Ah. OK, well, that is certainly doable, though how small you can make it is
>> ultimately limited by the size of the display. How small do you want
On Apr 13, 2016, at 2:22 PM, Bill Frantz <fra...@pwpconsult.com> wrote:
> On 4/13/16 at 10:14 AM, r...@flownet.com (Ron Garret) wrote:
>
>> Here’s a photo of an earlier version of the HSM using a seven-segment
>> display instead of the current 128x32 pixel OLED, next to
On Apr 13, 2016, at 8:27 AM, John Ioannidis <j...@tla.org> wrote:
> On Tue, Apr 12, 2016 at 11:28 AM, Ron Garret <r...@flownet.com> wrote:
>> One of the biggest challenges in crypto is protecting your keys against an
>> attacker who pwns your machin
On Apr 13, 2016, at 8:56 AM, Tony Arcieri wrote:
> On Wed, Apr 13, 2016 at 2:06 AM, Thierry Moreau
> wrote:
> Who wants to be optimistic with respect to threat models in the current IT
> landscape?
>
> I prefer to be realistic about threats,
On Apr 12, 2016, at 5:39 PM, Tony Arcieri <basc...@gmail.com> wrote:
> On Tue, Apr 12, 2016 at 8:28 AM, Ron Garret <r...@flownet.com> wrote:
> Some hardware tokens have an input device built in (usually a push button,
> sometimes a fingerprint sensor) which needs t
On Apr 4, 2016, at 7:55 AM, Natanael wrote:
> The key idea here is that you get to have *one* identifier for yourself under
> your control, that you can use everywhere, securely. Knowing that people have
> your real address should provide a strong guarantee that messages
On Feb 26, 2016, at 8:13 AM, Henry Baker wrote:
> It would be quite interesting for DOJ to publicly stipulate that NSA could
> (or could not) break into iOS 8 or 9.
Why? Lying to the public (and even to Congress) seems to be standard operating
procedure for the
cular ARM processor can keep a secret if it
> gets into the wrong hands. People with logic analyzers and chip probes.
>
> Gé
> On Tue, Jan 19, 2016 at 12:38 Ron Garret <r...@flownet.com> wrote:
> I’m working on a design for a minimalist secure hardware dongle. The goal is
&g
I’m working on a design for a minimalist secure hardware dongle. The goal is
to have it be usable as an HSM for the secure storage of secrets. I have a
prototype running on a Teensy3, but I’ve come to the conclusion that in order
to really be secure there has to be some I/O on the dongle
On Nov 23, 2015, at 9:00 AM, John Young wrote:
> https://www.wired.com/wp-content/uploads/2015/11/ISIS-OPSEC-Guide.pdf
This is ironic:
[ron@mighty:~]➔ wget
https://www.wired.com/wp-content/uploads/2015/11/ISIS-OPSEC-Guide.pdf
--09:08:54--
On Sep 16, 2015, at 6:31 AM, Lodewijk andré de la porte wrote:
> No. Every request has a header with the cookies in it.
>
> Again: /every request contains the cookie/
>
> This is also a reason for placing static content on a seperate server; it
> saves bandwidth by not
From the department of ironic timing comes this recent posting on Hacker News:
https://news.ycombinator.com/item?id=9727297
On Jun 16, 2015, at 9:59 AM, d...@deadhat.com wrote:
Are there any password managers that let the user specify where to
store a remote copy of the passwords (FTP server,
SC4 is a PGP replacement based on tweetnacl-js that runs in a browser. It has
completed its first security audit, conducted by Cure53:
https://github.com/Spark-Innovations/SC4/blob/master/audit-report.pdf
The TL;DR version:
Our verdict is that SC4 has developed from a proof-of-concept to an
a9C8lRa1PfP7/rcR8qwUM3BvXkBvT8kaZMJhcCoPCw==
---END KEY---
Thanks,
Ron Garret
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
On Apr 17, 2015, at 11:27 AM, Dominik Schuermann domi...@dominikschuermann.de
wrote:
what problem of traditional PGP implementations did you solve?
The fact that to use PGP you have to install an application. (This is true for
Peerio as well.) That turns out to be too much friction for
On Apr 17, 2015, at 12:32 PM, z...@manian.org wrote:
I don't think this really solves any actual crypto problems.
Just to be clear, I’m not claiming to solve any actual crypto problems. I’m
claiming (or maybe “aiming” is a better word) to solve a UI/UX problem.
I also suspect it's pretty
On Apr 17, 2015, at 3:51 PM, Tony Arcieri basc...@gmail.com wrote:
On Fri, Apr 17, 2015 at 11:56 AM, Ron Garret r...@flownet.com wrote:
The fact that to use PGP you have to install an application. (This is true
for Peerio as well.) That turns out to be too much friction for most people
On Apr 17, 2015, at 6:59 PM, Tony Arcieri basc...@gmail.com wrote:
On Fri, Apr 17, 2015 at 4:25 PM, Ron Garret r...@flownet.com wrote:
Why should anyone trust anyone’s web page? When was the last time you
obtained a software application that was *not* delivered via the web?
There's a big
On Jan 25, 2015, at 9:17 PM, Ryan Carboni rya...@gmail.com wrote:
Actually D-wave supposedly managed 512-Qubits.
Yes, but they’re not all mutually entangled. Each qubit only communicates with
six others. (Even that is pretty impressive though.)
rg
, 2015, at 9:34 PM, Watson Ladd watsonbl...@gmail.com wrote:
On Sun, Jan 25, 2015 at 9:21 PM, Ron Garret r...@flownet.com wrote:
On Jan 25, 2015, at 9:17 PM, Ryan Carboni rya...@gmail.com wrote:
Actually D-wave supposedly managed 512-Qubits.
Yes, but they’re not all mutually entangled
Far. The state of the art in quantum computing hardware is a small handful of
qbits. I think the current record is three or four, and the engineering
challenges grow more daunting as the number grows. It might turn out that
practical quantum computing is in fact not possible. But if that’s
27 matches
Mail list logo