The next time someone tells you "no one" would do something...
Mon, 01 Dec 2008 19:41:00 +0000
Summary: shops in Vietnam removing the baseband chip on iPhonemotherboards to reprogram and unlock them.http://news.cnet.com/8301-17938_105-10107580-1.html?part=rss&tag=feed&subj=CraveThe next time someone tells you "no one" would do such a thing tobreak the security of a device, or at least that it would be unlikelythat anyone would make such a thing routine, remember that with enoughmotivation, .. .. read more..
Re: CPRNGs are still an issue.
Mon, 01 Dec 2008 18:26:00 +0000
On 1227894567 seconds since the Beginning of the UNIX epoch"Perry E. Metzger" wrote:>>As it turns out, cryptographic pseudorandom number generators continue>to be a good place to look for security vulnerabilities -- see the>enclosed FreeBSD security advisory.>>The more things change, the more they stay the same...They failed to also mention that GBDE uses arc4random(9) to generatethe keys which .. .. read more..
Re: e-gold and e-go1d
Sat, 29 Nov 2008 20:51:00 +0000
On Nov 29, 2008, at 9:18 AM, James A. Donald wrote:> The algorithm is to map all lookalike glyphs to> canonical glyphsThe definition of lookalike glyphs depends on the choice of font and variant, and Unicode wraps the whole problem in a lovely layer of hell. If I had to do this, I'd investigate rendering both strings in the (same) target font and then quantifying the amount of overlap in the .. .. read more..
e-gold and e-go1d
Sat, 29 Nov 2008 08:18:00 +0000
To implement Zooko's triangle, one has to detect namesthat may look alike, for example e-gold and e-go1dThis is a lot of code. Has someone already written sucha collision detector that I could swipe?The algorithm is to map all lookalike glyphs tocanonical glyphs - thus l and 1 are mapped to l, O and 0are mapped to O, lower case o and the Greek omicron aremapped to lower case o, and so on and so .. .. read more..
[FDE] OT: District Court Halts Sales of Keylogger Software
Sat, 29 Nov 2008 03:07:00 +0000
FTC v. CyberSpy Software:http://jolt.law.harvard.edu/digest/software/ftc-v-cyberspy-software_______________________________________________FDE mailing listFDE@www.xml-dev.comhttp://www.xml-dev.com/mailman/listinfo/fde .. .. read more..
CPRNGs are still an issue.
Fri, 28 Nov 2008 17:49:00 +0000
As it turns out, cryptographic pseudorandom number generators continueto be a good place to look for security vulnerabilities -- see theenclosed FreeBSD security advisory.The more things change, the more they stay the same...PerryBegin forwarded message:From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: [ .. .. read more..
old codes in life magazine archive
Fri, 28 Nov 2008 16:57:00 +0000
Photos of an old paper-and-pencil espionage cipher.http://www.slugsite.com/archives/957(Hat Tip: Bruce Schneier)-- Perry E. Metzger perry@piermont.com---------------------------------------------------------------------The Cryptography Mailing ListUnsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com .. .. read more..
Re: Certificates turn 30, X.509 turns 20, no-one notices
Thu, 27 Nov 2008 16:18:00 +0000
On 11/27/08 05:13, Nicholas Bohm wrote:> I've never been quite sure whether "Public" qualifies "Key" or> "Infrastructure" - this may make a difference to what you count as a PKI.>> SWIFT (interbank messaging), BOLERO (bills of lading) and CREST (dealing> in dematerialised stocks and shares) all use public key cryptography, I> believe, and have all been reasonably successful; but they are all> .. .. read more..
Re: Certificates turn 30, X.509 turns 20, no-one notices
Thu, 27 Nov 2008 10:13:00 +0000
Peter Gutmann wrote:> This doesn't seem to have garnered much attention, but this year marks two> milestones in PKI: Loren Kohnfelder's thesis was published 30 years ago, and> X.509v1 was published 20 years ago.>> As a sign of PKI's successful penetration of the marketplace, the premier get-> together for PKI folks, the IDtrust Symposium (formerly the PKI Workshop and> now in its eighth year) .. .. read more..
HavenCo and Sealand
Wed, 26 Nov 2008 18:34:00 +0000
Slightly off-topic, but a cause celebre on cypherpunks some years ago-- but HavenCo, which ran a datacenter on the "nation" of Sealand, isno longer operating there:http://www.theregister.co.uk/2008/11/25/havenco/ (pointer via Spaf'sblog). --Steve Bellovin, http://www.cs.columbia.edu/~smb---------------------------------------------------------------------The Cryptography Mailing ListUnsubscribe .. .. read more..
Re: Certificates turn 30, X.509 turns 20, no-one notices
Wed, 26 Nov 2008 01:47:00 +0000
On Nov 24, 2008, at 8:54 PM, Peter Gutmann wrote:> This doesn't seem to have garnered much attention, but this year > marks two> milestones in PKI: Loren Kohnfelder's thesis was published 30 years > ago, and> X.509v1 was published 20 years ago.>> As a sign of PKI's successful penetration of the marketplace, the > premier get-> together for PKI folks, the IDtrust Symposium (formerly the PKI > .. .. read more..
Certificates turn 30, X.509 turns 20, no-one notices
Tue, 25 Nov 2008 04:54:00 +0000
This doesn't seem to have garnered much attention, but this year marks twomilestones in PKI: Loren Kohnfelder's thesis was published 30 years ago, andX.509v1 was published 20 years ago.As a sign of PKI's successful penetration of the marketplace, the premier get-together for PKI folks, the IDtrust Symposium (formerly the PKI Workshop andnow in its eighth year) authenticates participants with... .. .. read more..
Re: [FDE] MacBooks & FDE
Mon, 24 Nov 2008 22:38:00 +0000
WinMagic's SecureDoc for Mac supports hardware based encryption using Seagate's FDE drive on the Mac. For more information please check http://www.winmagic.com/apple/. Garry McCracken WinMagic From: fde-bounces@www.xml-dev.com [mailto:fde-bounces@www.xml-dev.com] On Behalf Of Timothy Johnson Sent: Sunday, November 16, 2008 6:21 PM To: fde@www.xml-dev.com Subject: [FDE] .. .. read more..
Re: Raw RSA binary string and public key 'detection'
Sat, 22 Nov 2008 13:29:00 +0000
* Dirk-Willem van Gulik:> Been looking at the Telnic (dev.telnic.org) effort.>> In essence; NAPTR dns records which contain private details such as a> phone number. These are encrypted against the public keys of your> friends (so if you have 20 friends and 3 phone numbers visible to all> friends - you need 20 subdomains x 3 NAPTR entries under your> master').>> Aside from the practicality of this .. .. read more..
Raw RSA binary string and public key 'detection'
Thu, 20 Nov 2008 09:14:00 +0000
Been looking at the Telnic (dev.telnic.org) effort.In essence; NAPTR dns records which contain private details such as a phone number. These are encrypted against the public keys of your friends (so if you have 20 friends and 3 phone numbers visible to all friends - you need 20 subdomains x 3 NAPTR entries under your 'master').Aside from the practicality of this - given a raw RSA encrypted .. .. read more..
Hybrid cipher paper
Wed, 19 Nov 2008 00:18:00 +0000
A paper of mine just went up on http://eprint.iacr.org/ It has some ideasthat I hope are new, I think are good, and I know are unorthodox. I'm wellaware of the usual fate of such innovations, especially from amateurs.If anyone would like a break from looking at new hashes, perhaps theycould have a look.Number 2008/473Title Exploring Cipherspace: Combining stream ciphers and block .. .. read more..
Re: [FDE] OT: Administration seeks dismissal of RFID 'Mark of the Beast' Lawsuit
Tue, 18 Nov 2008 02:59:00 +0000
"Ali, Saqib" writes:-+------------------ | The Amish farmers claim (.pdf) Michigan regulations requiring them to | use radio frequency identification devices on their cattle | "constitutes some form of a 'mark of the beast' and/or represents an | infringement of their 'dominion over cattle and all living things' in | violation of their fundamental religious beliefs," according to the | farmers' .. .. read more..
Re: Bitcoin P2P e-cash paper
Tue, 18 Nov 2008 01:26:00 +0000
Nicolas Williams wrote: > How do identities help? It's supposed to be anonymous > cash, right?Actually no. It is however supposed to be pseudonymous,so dinging someone's reputation still does not helpmuch. > And say you identify a double spender after the fact, > then what? Perhaps you're looking at a disposable ID. > Or perhaps you can't chase them down. >> Double spend detection needs to be .. .. read more..
Re: Bitcoin P2P e-cash paper
Mon, 17 Nov 2008 23:57:00 +0000
Ray Dillinger wrote: > Okay.... I'm going to summarize this protocol as I > understand it. >> I'm filling in some operational details that aren't in > the paper by supplementing what you wrote with what my > own "design sense" tells me are critical missing bits > or "obvious" methodologies for use.There are a number of significantly different ways thiscould be implemented. I have been working .. .. read more..
[FDE] OT: Administration seeks dismissal of RFID 'Mark of the Beast' Lawsuit
Mon, 17 Nov 2008 22:39:00 +0000
The Amish farmers claim (.pdf) Michigan regulations requiring them touse radio frequency identification devices on their cattle"constitutes some form of a 'mark of the beast' and/or represents aninfringement of their 'dominion over cattle and all living things' inviolation of their fundamental religious beliefs," according to thefarmers' lawsuit filed in September in U.S. District Court for .. .. read more..
Re: Bitcoin P2P e-cash paper
Mon, 17 Nov 2008 21:54:00 +0000
On Fri, Nov 14, 2008 at 11:04:21PM -0800, Ray Dillinger wrote:> On Sat, 2008-11-15 at 12:43 +0800, Satoshi Nakamoto wrote:>>> If someone double spends, then the transaction record >>> can be unblinded revealing the identity of the cheater. >>>> Identities are not used, and there's no reliance on recourse. It's all prevention.>> Okay, that's surprising. If you're not using buyer/seller > .. .. read more..
ADMIN: end of bitcoin discussion for now
Mon, 17 Nov 2008 21:43:00 +0000
I'd like to call an end to the bitcoin e-cash discussion for now -- alot of discussion is happening that would be better accomplished bypeople writing papers at the moment rather than rehashing things backand forth. Maybe later on when Satoshi (or someone else) writessomething detailed up and posts it we could have another round of this.Perry-- Perry E. Metzger perry@piermont.com---------------- .. .. read more..
Re: Bitcoin P2P e-cash paper
Mon, 17 Nov 2008 17:24:00 +0000
James A. Donald wrote:>> Fortunately, it's only necessary to keep a>> pending-transaction pool for the current best branch.>> This requires that we know, that is to say an honest> well behaved peer whose communications and data storage> is working well knows, what the current best branch is -I mean a node only needs the pending-tx pool for the best branch ithas. The branch that it currently .. .. read more..
RE: unintended?
Sun, 16 Nov 2008 23:25:00 +0000
[Moderator's note: Top posting is considered untasteful. --Perry]It doesn't need to be malicious. It depends on the situation.For example, lots of corporations do SSL session inspection usingproducts like Bluecoat. The Bluecoat does a MiTM attack to expose theplaintext for analysis, and expects that corporate users trust thecertificate it provides (and have pushed it out to all .. .. read more..
[FDE] MacBooks & FDE
Sun, 16 Nov 2008 23:20:00 +0000
A question was asked over on StorageEffect.com if the FDE drive (aka SED for Self Encrypting Drive) can be installed into a MacBook Pro. Does anyone know the answer? http://tinyurl.com/56lv48 What are the system requirements for these drives? Can I slap one into my MacBook Pro? Or is it BIOS and Windows only? Or perhaps it needs a special BIOS? .. .. read more..
