Hello,
Has anyone used Collin Jackson's plugin "SafeCache" http://www.safecache.com/
? Opinions? Is is OK to use in conjunction with TorButton?
-
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
--- "F. Fox" <[EMAIL PROTECTED]> wrote:
> The threat model we're talking about is
> hostile-server, in addition to
> our "old friend" man-in-the-middle, right?
Sure,
-Martin
Never miss a thing. Make Ya
--- "F. Fox" <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Martin Fick wrote:
> (snipped a litany of requirements, all of which
> talking about one-to-one
> communications)
>
> To me, it seems that it'd be better to try to
> modify something SMTP/POP-like for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Martin Fick wrote:
(snip)
>
> Well, I think that is exactly what you will get
> if you use pgp or gpg to send an encrypted email
> to multiple recipients.
>
(snip)
IIRC, a GPG message in encrypted only once - even if there's multiple
recipients
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Martin Fick wrote:
> --- "Jonathan D. Proulx" <[EMAIL PROTECTED]> wrote:
>
>> On Mon, Dec 17, 2007 at 09:25:13AM -0800, Martin
>> Fick wrote:
(snip)
>> HTTP is a publishing mechanisim in which you
>> usually want people to see it, or restrict
>> v
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Martin Fick wrote:
(snipped a litany of requirements, all of which talking about one-to-one
communications)
To me, it seems that it'd be better to try to modify something
SMTP/POP-like for this, than to modify HTTP for it. It sounds just like
what a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The threat model we're talking about is hostile-server, in addition to
our "old friend" man-in-the-middle, right?
(Just trying to get my brain straight...)
- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejourna
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Michael Holstein wrote:
(snip)
> I'm not a mathematician, but it can't be wise to store multiple copies
> of the same plaintext encrypted by the same cipher using different keys
> .. much crypto has historically been broken that way.
(snip)
Historic
Hello,
I've been using Tor for some time, but recently ran into problems when
I started running it on my Linksys NSLU2 (running Unslung
V2.3R63-uNSLUng-6.8-beta). I'm running version 0.1.2.17 of Tor, the
latest version for which there is a compiled ipkg package. (I'm
posting even though I know t
xiando <[EMAIL PROTECTED]>:
> > but maybe you just have to change your name, after they recognize
> > the TOR-Exit and the first contract is about to extend ;)
>
> This is a very bad idea.
http://en.wikipedia.org/wiki/Smiley
http://en.wikipedia.org/wiki/Emoticon
http://en.wikipedia.org/wiki/Jok
--- Martin Fick <[EMAIL PROTECTED]> wrote:
> --- Michael Holstein <[EMAIL PROTECTED]>
> wrote:
> >
> > My thought on Java was to be able to
> > automate the key scheme within the
> > browser, versus requiring them download
> > a .gz.gpg file and decrypt it on their
> > own. A (sort-of) working
--- "Jonathan D. Proulx" <[EMAIL PROTECTED]> wrote:
> On Mon, Dec 17, 2007 at 09:25:13AM -0800, Martin
> Fick wrote:
>
> :> It's an interesting threat model though :)
> :
> :Yes, but it really is a fairly simple one.
> :I am surprised that HTML does not seem
> :to have some extension to deal with
--- "Vlad \"SATtva\" Miller" <[EMAIL PROTECTED]> wrote:
> Have you looked at FireGPG Firefox extension?
> http://firegpg.tuxfamily.org/
--- "Alexander W. Janssen"
<[EMAIL PROTECTED]> wrote:
> Why not simply use the Firegpg-extension for
> Firefox?
I had not seen this, thank you, this would
cer
Martin Fick wrote on 17.12.2007 23:25:
> I am surprised that HTML does not seem
> to have some extension to deal with this
> already. It is not much different from
> encrypted email concepts, just that the
> browser needs the ability to do the
> decrypting instead of your mail program.
> The s
Michael Holstein wrote on 17.12.2007 23:01:
> I'm not a mathematician, but it can't be wise to store multiple copies
> of the same plaintext encrypted by the same cipher using different keys
> .. much crypto has historically been broken that way.
As a side note: In the context of OpenPGP you have
algenon flower schrieb:
Hello Everyone!
Been away for a little while, internet access lately has been a bit
spotty; access has been hotels with unsecured networks (thanks Best
Western),,& my laptop at the all niter next to campus. I am still
waiting for comcasts rates to go down so I can re-
--- Michael Holstein <[EMAIL PROTECTED]>
wrote:
>
> > Is there a mechanism to use HTTPS to
> > preencrypt web pages so that they
> > are encrypted on the server (and so the
> > server does not have the keys to decrypt
> > them!)
>
> Not using HTTPS per-se, but you can use SSL to
> encrypt f
It is now clear to me that I have been
unclear about the requirements. Let
me try to be more explicit.
1) I am looking for a "point2point",
"sender 2 receiver", secure encrypted
web page mechanism.
2) Senders are untrusted to recipients.
3) Web server is untrusted to recipients.
4) Send
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin Fick wrote:
> Yes, but it really is a fairly simple one. I am surprised that HTML
> does not seem to have some extension to deal with this already. It
> is not much different from encrypted email concepts, just that the
> browser needs the abi
On Mon, Dec 17, 2007 at 09:25:13AM -0800, Martin Fick wrote:
:> It's an interesting threat model though :)
:
:Yes, but it really is a fairly simple one.
:I am surprised that HTML does not seem
:to have some extension to deal with this
:already. It is not much different from
:encrypted email conc
--- Michael Holstein <[EMAIL PROTECTED]>
wrote:
>
> > Despite my bias, an embedded java app
> > would not work since it would be
> > controlled (provided) by the hostile
> > server right?
>
> You could sign the applet with a key
> provided to your clients, since you're
> using a distribution
On Mon, Dec 17, 2007 at 08:52:30AM -0800, Martin Fick wrote:
:> I may be missing something about the
:> implications of HTTPS, but you could
:> certainly key pgp public keys to x.509
:> identities if you wanted to keep static
:> data gpg encrypted on the server.
:
:I'm not sure that I understan
Is there a mechanism to use HTTPS to
preencrypt web pages so that they
are encrypted on the server (and so the
server does not have the keys to decrypt
them!)
Not using HTTPS per-se, but you can use SSL to encrypt files.
My initial constraints are that once the data
is put on the server
Despite my bias, an embedded java app
would not work since it would be
controlled (provided) by the hostile
server right?
You could sign the applet with a key provided to your clients, since
you're using a distribution model where you have known end-users (as you
need their keys to encr
--- "Jonathan D. Proulx" <[EMAIL PROTECTED]> wrote:
> On Sat, Dec 15, 2007 at 11:12:46PM +0600, Vlad
> SATtva Miller wrote:
...
> What about just HTTPS with user certificates? you
> get both proof of identity and a means of
> encrypting data to that identity, yes?
Is there a mechanism to use HT
Eugen Leitl schrieb:
> Log-free? If Tor doesn't log, your firewall'd better. You want
> to be your nodes not attributable to you, wait until 20090101,
> then go malware. I mean, if running Tor without logs after 20090101
> is illegal, then what else do you have to lose? You're a criminal
> already
--- Michael Holstein <[EMAIL PROTECTED]>
wrote:
>
> > I have what may perhaps seem like a strange
> > question. Is there any commonly used software for
> > encrypting and decrypting web pages?
> >
>
> > Let me explain that a little better:
> > imagine a web
> > site which has content dest
I have what may perhaps seem like a strange question.
Is there any commonly used software for encrypting and
decrypting web pages?
Yes, SSL .. and it's been around for quite a while.
Let me explain that a little better: imagine a web
site which has content destined for specific
individ
> but maybe you just have to change your name, after they recognize
> the TOR-Exit and the first contract is about to extend ;)
This is a very bad idea. Be perfectly honest with your ISP if you operate a
Tor exit node. The best thing you can do is to be honest up-front and explain
what Tor is an
On Sat, Dec 15, 2007 at 11:12:46PM +0600, Vlad SATtva Miller wrote:
:Considering the amount of bugs and weaknesses found regularly (and not
:found) in common browser software (open source or not), it's not a
:well-advised practice to trust a browser handling of sensitive private keys.
While I agr
On Mon, Dec 17, 2007 at 03:21:20PM +0100, TOR-Admin (gpfTOR1) wrote:
> Half a year ago, Roger D. wrotes here "software moves faster than
Your ISP sees your entire traffic. No software can hide that
fact. To some problems, there are no technical solutions.
No software can make a group of people fr
Olaf Selke schrieb:
> TOR-Admin (gpfTOR1) wrote:
>> But first I hope, we do not have to log!!!
>
> although I still believe data retention doesn't apply to tor operators, I
> would rather shut
> down my node than equipping it with lawful interception functionality.
Full ack! But at the moment I
TOR-Admin (gpfTOR1) wrote:
>
> But first I hope, we do not have to log!!!
although I still believe data retention doesn't apply to tor operators, I would
rather shut
down my node than equipping it with lawful interception functionality.
Olaf
anon ymous schrieb:
>> Server Traffic: 2.000 KB/s im Durchschnitt
>> Logdaten für eine Woche: 200 GByte
>> Logdaten nach Entfernung nicht benötigter Inhalte: 120 GByte
>> Logdaten komprimiert und verschlüsselt: 20 GByte
>> Logdaten für 26 Wochen: 500 GByte im Durchschnitt
>>
> I have some question
On 12/15/07, TOR-Admin (gpfTOR1) <[EMAIL PROTECTED]> wrote:
> Siehe
> http://blog.kairaven.de/archives/1428-We-are-fucked-individually!.html
>
> Server Traffic: 2.000 KB/s im Durchschnitt
> Logdaten für eine Woche: 200 GByte
> Logdaten nach Entfernung nicht benötigter Inhalte: 120 GByte
> Logdaten
35 matches
Mail list logo
