,
journal = Lecture Notes in Computer Science,
volume = 1403,
pages = 576--??,
year = 1998,
note = Also available as \url{http://citeseer.nj.nec.com/naor98secure.html};
}
On Wed, Jul 31, 2002 at 09:34:35PM +0100, Adam Back wrote:
I proposed a construct which could be used
I proposed a construct which could be used for this application:
called amortizable hashcash.
http://www.cypherspace.org/hashcash/amortizable.pdf
The application I had in mind was also file sharing. (This was
sometime in Mar 2000). I described this problem as the disitrbuted
document
On Tue, Jul 23, 2002 at 06:11:04PM +, Jason Holt wrote:
The default behavior for an SSL proxy is to pass the encrypted bytes
back and forth, allowing you to connect all the way to the other server.
This isn't just the default behavior; it's the only defined behavior
right?
Tim describes how US national debt may be as high as US$200k /
household.
Now some interesting question related questions are:
- who is that debt owed to?
- what proportion of current year US tax revenues go to service that
debt?
some of the debt may not be being serviced (no interest paid
But right now copies of recent release movies (post screen release,
but pre DVD/VHS relase) are not generally available in high quality
format, suitable for projecting.
So one way that the movie distribution industry could plausibly
continue to make money would be rather than the movie theatre
But right now copies of recent release movies (post screen release,
but pre DVD/VHS relase) are not generally available in high quality
format, suitable for projecting.
So one way that the movie distribution industry could plausibly
continue to make money would be rather than the movie theatre
On Fri, Jul 05, 2002 at 03:10:07AM +0200, Nomen Nescio wrote:
Suppose you know someone who has been working for years on a novel.
But he lacks confidence in his work and he's never shown it to anyone.
Finally you persuade him to let you look at a copy of his manuscript,
but he makes you
There's been some recent discussion of ethics and markets relating to
copyright prompted by the Orwellian sounding overtones of the latest
Microsoft powergrab.
Seems about time to replay my periodic reminder that copyright is not
a black-and-white moral issue, it is merely a societal convention
On Wed, Jun 26, 2002 at 10:01:00AM -0700, bear wrote:
As I see it, we can get either privacy or DRM,
but there is no way on Earth to get both.
[...]
Hear, hear! First post on this long thread that got it right.
Not sure what the rest of the usually clueful posters were thinking!
DRM
On Wed, Jun 26, 2002 at 03:57:15PM -0400, C Wegrzyn wrote:
If a DRM system is based on X.509, according to Brand I thought you could
get anonymity in the transaction. Wouldn't this accomplish the same thing?
I don't mean that you would necessarily have to correlate your viewing
habits with
On Wed, Jun 26, 2002 at 10:01:00AM -0700, bear wrote:
As I see it, we can get either privacy or DRM,
but there is no way on Earth to get both.
[...]
Hear, hear! First post on this long thread that got it right.
Not sure what the rest of the usually clueful posters were thinking!
DRM
On Wed, Jun 26, 2002 at 03:57:15PM -0400, C Wegrzyn wrote:
If a DRM system is based on X.509, according to Brand I thought you could
get anonymity in the transaction. Wouldn't this accomplish the same thing?
I don't mean that you would necessarily have to correlate your viewing
habits with
On Wed, Jun 12, 2002 at 07:58:49AM +0200, Tom wrote:
speaking of unfiltered - I subscribed to ssz exactly because I don't
want to have anyone moderating for me. however, the spam volume is
deafening.
is there a fee available that is filtered, but only for spam?
[EMAIL PROTECTED]
gold with sudden shortage of gold
supply, or similar.
Adam
On Thu, Jun 06, 2002 at 05:31:28PM +0300, Marcel Popescu wrote:
From: Adam Back [EMAIL PROTECTED]
So this would be the argument for a closed supply of money in the
system, like the digicash betabucks where they stated up from
gold with sudden shortage of gold
supply, or similar.
Adam
On Thu, Jun 06, 2002 at 05:31:28PM +0300, Marcel Popescu wrote:
From: Adam Back [EMAIL PROTECTED]
So this would be the argument for a closed supply of money in the
system, like the digicash betabucks where they stated up from
On Fri, May 24, 2002 at 04:40:36PM -0700, Eric Murray wrote:
Additionally, there is nothing that prevents one from issuing certs
that can be used to sign other certs. Sure, there are key usage bits
etc but its possible to ignore them.
The S/MIME aware MUAs do not ignore the trust delegation
Certificate authorities also can forge certificates and issue
certificates in fake names if asked by government agencies. S/MIME is
too much under central control by design to be a sensible choice for
general individual use.
The central control is doubtless primarily motivated by the hopes of
You can apparently get Canadian $1,000 notes too, not that I've ever
seen one. That would be worth almost exactly the same as 1000 swiss
francs.
If you get a bundle of 50 GBP notes from a bank in the UK they put
them in a little sealed bag containing 10 notes (500 pounds). That
note collection
On Tue, May 14, 2002 at 10:38:21PM +0100, Ben Laurie wrote:
Actually, the way house buying works (generally) in the UK is that you
deposit your money with _your_ solicitor, who promises the seller's
solicitor that they have it, contracts are exchanged (typically by fax!)
and then they settle
On Mon, Apr 29, 2002 at 11:58:46AM +1200, Peter Gutmann wrote:
Adam Back [EMAIL PROTECTED] writes:
| [RFC3211 mode]
are you sure it's not vulnerable to splicing attacks (swapping
ciphertext blocks around to get a partial plaintext change which
recovers after a block or two)? CBC
I guess there are a fair number of people from Europe on the list. I
think there are a number of UK readers, plus others Tim mentioned.
(I'm from the UK, but living in Canada right now). There is a UK
crypto list, but it's full of news and legal stuff so relatively
uninteresting.
But the
Joseph Ashwood wrote:
Adam Back Wrote:
This becomes completely redoable (or if you're willing to sacrifice
a small portion of each block you can even explicitly stor ethe IV.
That's typically not practical, not possible, or anyway very
undesirable for performance (two disk hits
On Fri, Apr 26, 2002 at 11:48:11AM -0700, Joseph Ashwood wrote:
From: Bill Stewart [EMAIL PROTECTED]
I've been thinking about a somewhat different but related problem lately,
which is encrypted disk drives. You could encrypt each block of the disk
with a block cypher using the same key
On Wed, Apr 10, 2002 at 06:41:52PM -0700, Mike Rosing wrote:
On Wed, 10 Apr 2002, Adam Back wrote:
btw I did a google search for PKILAB and Brands to see if I could find
anything along the lines you mention and look what it said:
Mar 2001 Welcome Stefan Brands to PKILabs Advisory Board
New thread about deployment barriers to explore the topic of whether
there are now more internet services and technologies that would allow
us to get closer to deployment of ecash. (It would be about time
you'd think).
On Thu, Apr 11, 2002 at 08:30:07AM +0200, Anonymous wrote:
[...]
Of course
I just wrote:
If they grew large enough their acceptance, or an ecash system backed
in them, might spill over into the real world and allow purchase of
services on the web, or even physical goods.
To be more concrete: there are already apparently e-gold backed credit
cards. So why not
On Wed, Apr 10, 2002 at 06:41:52PM -0700, Mike Rosing wrote:
On Wed, 10 Apr 2002, Adam Back wrote:
btw I did a google search for PKILAB and Brands to see if I could find
anything along the lines you mention and look what it said:
Mar 2001 Welcome Stefan Brands to PKILabs Advisory Board
New thread about deployment barriers to explore the topic of whether
there are now more internet services and technologies that would allow
us to get closer to deployment of ecash. (It would be about time
you'd think).
On Thu, Apr 11, 2002 at 08:30:07AM +0200, Anonymous wrote:
[...]
Of course
On Tue, Apr 09, 2002 at 06:45:43AM -0700, Mike Rosing wrote:
On Tue, 9 Apr 2002, Adam Back wrote:
If you use the normal approach of putting the identity in the coin,
you can't double-spend anonymously.
But it's not until the coin goes back online, you need the minter's secret
key
On Tue, Apr 09, 2002 at 07:47:51PM -0700, Morlock Elloi wrote:
In the smart card setting with Brands protocols there is a host
computer (eg pda, laptop, mobile-phone main processor, desktop) and a
tamper-resistant smart-card which computes part of the coin transfer
and prevents
On Mon, Apr 08, 2002 at 07:52:32PM -0700, Mike Rosing wrote:
While I agree with goal, it's not clear to me that it's physically
possible. What makes money useful is it's physical existance, people
have been counterfiting coins since they were invented but it's been
getting harder to do.
Anonymous gives some comments on some deficiencies in the properties
of the transferable ecash schemes to date:
On Mon, Apr 08, 2002 at 04:15:09AM +0200, Anonymous wrote:
[...]
And second, because they grow, it is possible to tell exactly how
many hands a particular coin has passed through -
A short while ago I wrote this comment on the dbs list describing a
transferable off-line ecash idea I'd been thinking about with
on-and-off:
On Fri, Mar 29, 2002 at 02:43:42AM +, Adam Back wrote:
[...]
I spent some time a few years back trying to find ways to do the
free-circulating
Hi
I've trimmed the Cc line a bit as this is now focussing more on GPG
and not adding any thing new technically for the excluded set.
On Sun, Mar 31, 2002 at 06:08:14PM -0500, David Shaw wrote:
The OpenPGP spec handles compatibility issues quite well.
The catch, of course, is that PGP 2.x
[This is actually slightly more accurate and even worse than my first
mail which bounced to some of the lists as I had a typo, _and_
separately encountered a mail hub outage at cyberpass.net -- apologies
to those who get duplicates].
So I was trying to decrypt this stored mail sent to me by a
Hi
I've trimmed the Cc line a bit as this is now focussing more on GPG
and not adding any thing new technically for the excluded set.
On Sun, Mar 31, 2002 at 06:08:14PM -0500, David Shaw wrote:
The OpenPGP spec handles compatibility issues quite well.
The catch, of course, is that PGP 2.x
On Sat, Mar 30, 2002 at 01:20:18PM +0100, Eugene Leitl wrote:
To resist 2. you have to be able to randomly probe IP addresses to find
a node.
Yes, probabilistic headless node discovery vs. a centralist approach.
I never really found discovering a currently active node on the
network a
On Wed, Mar 27, 2002 at 04:56:32PM -0800, [EMAIL PROTECTED] wrote:
I got the impression (maybe wrong) that guntella as it exists is
something much worse than a tree, that connections are
pretty much haphazard and when you send out a query it reaches
the same node by multiple paths, and that
I think it wouldn't hurt to use 2048 bit RSA keys for anything that
supports them. I've been using 2048 bit RSA keys with PGP since 1995
based on the assumption even given uncertainty about the future of
factoring that double the key size can't hurt, and didn't make any
significant difference to
On Wed, Mar 27, 2002 at 04:56:32PM -0800, [EMAIL PROTECTED] wrote:
I got the impression (maybe wrong) that guntella as it exists is
something much worse than a tree, that connections are
pretty much haphazard and when you send out a query it reaches
the same node by multiple paths, and that
A while ago I wrote some code to search for human readable test
vectors for Arnold Reinhold's ciphersaber-2
(http://ciphersaber.gurus.com).
Ciphersaber-2 is designed to be simple enough to be implemented from
memory, to avoid the risk of being caught with crypto software on your
computer for
I think Merkle authentication trees allow you to do this, if you don't
care about specific time, but just about the ordering of events. Most
of the time-stamping services are based on this, where they publish a
daily master hash somewhere.
I can't seem to find an online copy of the Merkle paper
To follow-up on Tim's comments about the safety to be had from
publihsing p2p software anonymously, and the risks of not doing so,
this is an interesting analysis of the topic by Berkeley Centre for
Law Technology lawyer Fred von Lohmann, hosted by EFF.
IAAL: Peer-to-Peer File Sharing and
On Sat, Mar 23, 2002 at 12:23:17PM -0800, Morlock Elloi wrote:
The number of programmers that would publish a usable package which
has not even theoretical means of being traced to them is very
limited. Even signing it and keeping the key is a risk.
[...]
The fact that such even never
I'm finding the open-relay black-list is starting to cause more
problems than it solves -- the reliability of email is suffering at
the hands of over-zealous and dictatorial black-listers. I had in the
last month to effect two changes to such things to avoid problems
people reported to me about
Apart from my recent comments about NoCeM's and on onspool NoCeM
reader, another perhaps simpler idea would be to do it all with simple
CGI stuff and a web archive. I'm sure this has been discussed before
in the past, but I don't recall anyone actually trying it out:
subscribers would choose how
://groups.google.com/groups?q=alt.privacy.anon-server%20hashcashhl=ensa=Ntab=wg
google rocks.
Adam
On Sun, Mar 24, 2002 at 12:17:56AM +, Adam Back wrote:
[...]
I made recently a number of functionality and portability improvements
to the hashcash code and some windows binaries as there are some
On Thu, Mar 21, 2002 at 04:38:57PM -0500, Matt Curtin wrote:
Adam Back [EMAIL PROTECTED] writes:
Anyone explored NoCeM's?
Maybe the thing to do would be to have an NNRP Cypherpunk node that
understands NoCeM messages.
I believe that `cleanfeed' is the software Adam cites to handle
I filled in the (semi?-)automated online archive for
[EMAIL PROTECTED] at:
http://www.mail-archive.com
I presume in due course it will start archiving at:
http://www.mail-archive.com/cypherpunks-moderated@minder.net/
It seems to be already archiving (separately and multiply)
Here's something I wrote up the other night with my thoughts about the
differences between peer-to-peer networks vs the more ambitious
storage surface type propsals and the design criteria which one might
entertain designing against.
http://www.cypherspace.org/p2p/
Suggestions for more
Given that Jim Choate has a different view of events and the purpose
of the list to it seems just about everyone else, why don't we just
disconnect his lists from the other lists, then he and perhpas mattd
and a few other noisy types can go inhabit Jim's list and Jim will
surely be content to
Igor wrote:
Would not be an act of disconnecting other nodes be an act of
proprietorship also?
I personally think that a separate filtered list would be a better
solution, more choice and all.
Yes perhaps.
There is a technology, and in theory it should work, and was designed
for
1) few will read it
I think coderpunks has died -- John Gilmore had ISP problems. Perhaps
if we could motivate some kind of distributed (and optionally
subscribed-to) filtering as I described in previous article to Igor,
cypherpunks might again be the preferred applied crypto strong
cypherpunk
I was looking for a file in my collection of archived stuff recently
and came across my attempts to reverse engineer the NSA's RSA public
key out of lotus notes. I think I never did publicly post the RSA key
that I found.
So here it is as a PGP key, the name associated with this key in Lotus
Just looking around at peer to peer file sharing sites, and came
across this research project page at microsoft, and in their faq they
describe convergent encryption.
Heh. Thought you might all find it amusing to observe what is wrong
with this picture:
On Sun, Mar 17, 2002 at 08:36:37PM +, Adam Back wrote:
Just looking around at peer to peer file sharing sites, and came
across this research project page at microsoft, and in their faq they
describe convergent encryption.
Heh. Thought you might all find it amusing to observe
I made a number of improvements to the hashcash software to make it
into a more robust and better documented unix tool, including man page.
In doing this I changed the date format to be the simpler and more
human readable YYMMDD rather than 5 digit days since begining of unix
EPOC.
So the
(There has been some discussion of controlling floods on USENET
through mail2news gateways on remailer-operators list recently -- take
a look for example at alt.anon.privacy-server).
On Mon, Feb 25, 2002 at 11:02:47AM +0100, christian mock wrote:
the killer issue ATM seems to be relative CPU
Is a person credentials would help make the e-bay seller's fraud
tactic harder (I only read briefly about the case, but I think he
made use of lots of personas to talk up his own reliability and
merchandize quality; if this is not what he did the hypothetical
stands anyway)
To perpetrate his
I think the asymmetric up/down speed is not as much a problem for
peer2peer as anonymous fears. Morpheus has demonstrated that the
approach of having a single request served by multiple servers works
well. A cable modem users download speed can be merrily supplied by
dozens of even dialup, or
George [EMAIL PROTECTED] writes:
Chaum's digital cash system in several places seems to rely on
having the customer affirmitively identify himself to the bank, for
example in order to prevent double spending.
There are two general approaches to ecash protocols, online and
offline. This
There is some discussion of pipenet and freedom attacks in:
Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems
Adam Back, Ulf Moeller, and Anton Stiglic
http://crypto.cs.mcgill.ca/~stiglic/
Adam
On Tue, Nov 27, 2001 at 05:13:44PM -0800, William Hitzke wrote:
i'm
Let me try give some more details behind this. The idea was to create
separate modules that can be separately shipped and sold. Freedom 3.0
privacy security tools is the first of those. It has a subset of
the functions in freedom 2.2 (cookie management etc), but some of
those functions have
On Thu, Sep 20, 2001 at 03:44:49PM -0700, [EMAIL PROTECTED] wrote:
Good ideas about private sector security practices, but does anyone
have any suggestions that particularly pertain to technology that
might serve to slow up the biometrics bandwagon? Deperessingly
enough, that's the way it
On Thu, Jul 12, 2001 at 03:41:57PM -0700, Morlock Elloi wrote:
Probably people would be willing to accept other issuers currencies even if
they don't know the issuer so long as they had the reputation rating for the
currency / issuer.
But anonymous reptuations alone aren't any use as a
I was thinking online obscurity (nyms, pseudonymous web pages etc) coupled
with a low tax jurisdiction like Anguilla wouldn't be one interesting
combination.
But there are plenty of disadvantages too -- limited amenities - shops,
computer parts, the advantages being within reasonable travelling
Greg Broiles wrote:
presentation in it at the O'Reilly
P2P conference, slides are at
ftp://ftp.ora.com/pub/conference/p2p2001/1178/broiles_1178.sdd.
What is a .sdd file netscape on linux doens't know what to do
with it. Do you have the info in a more portable format?
Adam
If we get to the situation where ISPs want people to
use their bandwidth because they're getting paid for it,
it makes sense for the ISP to give a kick back to the
person who hosted the data or was involved in the chain
which caused the user to reach that content.
We already have many cable
Peter wrote:
This first meeting is a brief, relatively unstructured get-to-know-you
affair, designed to identify those interested and start them talking to
one another.
[...]
-- J. Bashinski
Secretary, NymIP-RG
For some reason I didn't see Greg's message earlier and only recently
saw Declan's forwarded snippets on politech (I'm not currently
subscribed to politech). The closing remark at the bottom of Declan's
post (from Declan) was "Neither Austin nor anyone at Zero Knowledge
replied to the above
Wei wrote:
However I think this scheduling algorithm would have the side effect
of making this variant of PipeNet very vulnerable to DoS attacks.
Any user can arbitrarily delay packet delivery for the entire
network by ceasing to send packets.
It would also seem that performance
Tom Vogt writes:
This is to defend against active attacks delaying packets to observe
the effect on the network and hence trace routes.
I don't understand the necessity of this. if the amount of traffic is a
constant anyway, a delay would vanish at the first node.
e.g. my upstreams
Wei Dai wrote:
On Thu, Nov 02, 2000 at 10:14:24AM -0500, Adam Shostack wrote:
Actually, I'm unconvinced that even pipenet style padding is
sufficient. Looking at the work on traffic analysis thats been done,
we're in about 1970. We have one time pads (dc-nets), and some other
The US export regulations no longer prevent export of crypto. PGP
exported binary copies of PGP from US websites, as now do many other
companies. Crypto source is exported also from numerous web sites.
I don't follow why all the discussion talking as if ITAR and EARs were
still in effect in
101 - 174 of 174 matches
Mail list logo