On Tue, Sep 10, 2013 at 02:41:24PM +0200, Moon Jones wrote:
> A portable distribution on an encrypted stick.
I know of two distributions that do this.. one is TAILS and
the one I prefer is liberte linux.. and the guy who does it
is even on this list.
> But is it feasable to have a two device solu
That's a valid concern.
But I think you should probably be more concerned that it's only a matter
of time until malware is released which grabs the fingerprint and quietly
uploads it to someone's database. I'm sure they'll find uses for it,
doubly so if it happens to unlock something other than a
> This is likely subject to a precompiled hash lookup table attack,
> as the number of all possible fingerprints, quantized via a classification
> vector is not that large.
Can you give us a better idea of how large "not that large" is?
Rainbow tables are always a problem, but I suspect that ther
> my guess is that fingerprint scanners don't produce the exact same output
every
> time a finger is scanned (similar to what an image scanner might see).
Hash
> functions should produce completely different output if only a single bit
is
> changed, making comparison with a stored value at least a
On Wed, Sep 11, 2013 at 11:04:44AM -0500, Matt Mackall wrote:
> Similarly, any other sort of one-way algorithm that prevents you from
> reconstructing a valid input from the stored data is not going to work.
Typical fingerprint matching uses classification, recognizing and
encoding multiple featu
On Wed, 2013-09-11 at 08:42 -0700, Peat Bakke wrote:
> Are there any reasons why fingerprint data couldn't be treated with the
> same concern as passwords? That is, subject to a one-way hash before being
> stored, transmitted in signed payloads, etc?
>
> I'm not sure how securing this data would be
On Wed, Sep 11, 2013 at 09:20:56AM -0700, Peat Bakke wrote:
> > This is likely subject to a precompiled hash lookup table attack,
> > as the number of all possible fingerprints, quantized via a classification
> > vector is not that large.
>
> Can you give us a better idea of how large "not that la
Peat,
Am 11.09.2013 17:42, schrieb Peat Bakke:
Are there any reasons why fingerprint data couldn't be treated with
the same concern as passwords? That is, subject to a one-way hash
before being stored, transmitted in signed payloads, etc?
my guess is that fingerprint scanners don't produce the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/10/2013 03:27 PM, Lucas Gonze wrote:
This may be illustrative:
https://www.eff.org/deeplinks/2007/10/qwest-ceo-nsa-punished-qwest-refusing-participate-illegal-surveillance-pre-9-11
http://www.businessinsider.com/the-story-of-joseph-nacchio-an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2013 02:33 AM, Moon Jones wrote:
> Yes, Tails seems to be the solution here as well. It has a very
> elegant way of handling this with its encrypted storage. But, in
> this case, it's rather limited upgrade-wise.
In what sense?
At least ins
Awesome. That's plenty for me to chew on. I'm satisfied for now. :)
Thanks, Eugen!
On Wed, Sep 11, 2013 at 9:35 AM, Eugen Leitl wrote:
> On Wed, Sep 11, 2013 at 09:20:56AM -0700, Peat Bakke wrote:
> > > This is likely subject to a precompiled hash lookup table attack,
> > > as the number of al
On Wed Sep 11 12:59:57 2013, The Doctor wrote:
>
> A question that hasn't been asked yet (to my knowledge, anyway): Will
> any of the iProduct copying devices available to LEOs bypass the 5S'
> fingerprint reader?
Not sure about that... certainly the reporting Declan did a few months
ago about t
On 9/10/13 4:51 PM, Kyle Maxwell wrote:
> In general, as has been well documented, the telcos and other firms
> charge the government for data records. While possibly distasteful
> ("they're making money off of giving our data to the gov!"), it makes
> sense from an operational point of view: the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/10/2013 05:57 PM, Bill Woodcock wrote:
> Coming soon to a checkpoint near you: 3D printing in gummi-bear
> material.
Or lifting one of the owner's fingerprints from the device in question
and using it to unlock the phone.
A question that hasn
On 9/11/13 12:08 PM, Eugen Leitl wrote:
> On Wed, Sep 11, 2013 at 11:04:44AM -0500, Matt Mackall wrote:
>
>> Similarly, any other sort of one-way algorithm that prevents you from
>> reconstructing a valid input from the stored data is not going to work.
>
> Typical fingerprint matching uses cla
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi libtech,
Back in May I asked for examples of fake websites and social media
that impersonate civil society and news organizations to include in a
report that we at Access were working on. Thanks to all those who
provided feedback, we have now relea
Again, the cash payments are a deception. They are in no way enough to
compensate these companies. Operational expenses associated with processing
data requests are a small part of the overall cost.
On Wed, Sep 11, 2013 at 10:36 AM, Joseph Lorenzo Hall wrote:
>
>
> On 9/10/13 4:51 PM, Kyle Maxw
On 11.09.2013 19:03, The Doctor wrote:
On 09/11/2013 02:33 AM, Moon Jones wrote:
Yes, Tails seems to be the solution here as well. It has a very
elegant way of handling this with its encrypted storage. But, in
this case, it's rather limited upgrade-wise.
In what sense?
Tails is wonderfuly ma
Not real familiar with fingerprint matching technology, but you might be
able to use shingling to get around the problem of not wanting to keep
raw data but also not have the divergence problem of hashing, no?
Jason
On 9/11/2013 12:04 PM, Matt Mackall wrote:
On Wed, 2013-09-11 at 08:42 -0700
Are there any reasons why fingerprint data couldn't be treated with the
same concern as passwords? That is, subject to a one-way hash before being
stored, transmitted in signed payloads, etc?
I'm not sure how securing this data would be different than passwords --
and given how much unique data ca
Hi,
Moon Jones wrote (11 Sep 2013 19:20:30 GMT) :
> Yes. I did the same upgrade and it worked in an instant. I was so happy
> everything
> was ok. If I recall well, only three upgrades can be done, than I'll have to
> migrate
> the data by hand.
This (or something similar) will be correct once
http://www.democracyjournal.org/30/the-tech-intellectuals.php?page=all
The Tech Intellectuals
The good, bad, and ugly among our new breed of cyber-critics, and the
economic imperatives that drive them.
Henry Farrell
A quarter of a century ago, Russell Jacoby lamented the demise of the
public in
Anything which potentially signaled your receipt of an NSL would be
grounds for prosecution under the gag-order. This is what the prosecutor
was alluding to when he signaled that Lavabit's shut down was tantamount
to a violation because his shut down essentially communicated the fact
that he wa
On Wed, Sep 11, 2013 at 2:52 PM, R. Jason Cronk
wrote:
> Anything which potentially signaled your receipt of an NSL would be grounds
> for prosecution under the gag-order. This is what the prosecutor was
> alluding to when he signaled that Lavabit's shut down was tantamount to a
> violation becau
http://motherboard.vice.com/blog/inside-the-effort-to-crowdfund-nsa-proof-email-and-chat-services
Back in 1999, Seattle-based activists formed the communication
collective Riseup.net. The site's email and chat services, among other
tools, soon offered dissidents a means of encrypted communication
Use a Live USB distro with LOK-IT encrypted flash drives. All crypto and
authentication is handed on the drive itself...therefor bootable and works
on any OS: http://www.lok-it.net
On Tue, Sep 10, 2013 at 5:41 AM, Moon Jones wrote:
> A portable distribution on an encrypted stick.
>
> In the end,
26 matches
Mail list logo
