headers
Perry E. Metzger | 11 Aug 02:17

ADMIN: sending from a second account to the list

Several people have complained to me that they get their email for
the list sent from a different address than the one they send from
and that their mail has bounced as a result.

To take care of this, on your own, just add a second account using
the web interface and click the "no mail" option. You will then be
able to mail to the list from that address but you won't get mail to
it.

For those that asked, this isn't a normal Mailman feature -- I hacked
it in with a Postfix policy daemon so it happens at the MTA
dialog. It is necessary because the list gets hundreds and sometimes
thousands of spam attempts a day and I didn't want to deal with the
mail queues being clogged with thousands of bounce messages that
would never be delivered

Perry
--

-- 
Perry E. Metzger		perry <at> piermont.com
_______________________________________________
The cryptography mailing list
cryptography <at> metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
Permalink | Reply | 0 comments |
headers
Perry E. Metzger | 10 Aug 18:19

Re: Crypto being blamed in the London riots.

On Wed, 10 Aug 2011 11:59:53 -0400 John Ioannidis <ji <at> tla.org> wrote:
> On Tue, Aug 9, 2011 at 8:02 PM, Sampo Syreeni <decoy <at> iki.fi> wrote:
> >
> > Thus, why not turn the Trusted Computing idea on its head? Simply
> > make P2P public key cryptography available to your customers, and
> > then bind your hands behind your back in an Odysseian fasion,
> > using hardware means? Simply make it impossible for even yourself
> > to circumvent the best cryptographic protocol you can invent,
> > which you embed in your device before ever unveiling it, and then
> > just live with it?
> >
> 
> "Customers"? There is no profit in any manufacturer or provider to
> build that kind of functionality.

Blackberry already more or less has that functionality, which
disproves your hypothesis.

Perry
--

-- 
Perry E. Metzger		perry <at> piermont.com
_______________________________________________
The cryptography mailing list
cryptography <at> metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
Permalink | Reply | 1 comment |
headers
Perry E. Metzger | 10 Aug 18:13

Re: Crypto being blamed in the London riots.

On Wed, 10 Aug 2011 11:53:11 -0400 Ken Buchanan
<ken.buchanan <at> gmail.com> wrote:
> On Tue, Aug 9, 2011 at 8:02 PM, Sampo Syreeni <decoy <at> iki.fi> wrote:
> > Thus, why not turn the Trusted Computing idea on its head? Simply
> > make P2P public key cryptography available to your customers, and
> > then bind your hands behind your back in an Odysseian fasion,
> > using hardware means? Simply make it impossible for even yourself
> > to circumvent the best cryptographic protocol you can invent,
> > which you embed in your device before ever unveiling it, and then
> > just live with it?
> >
> 
> Why not, indeed...
> 
> Because no regulatory regime in the world would allow this.

Funny, that, since Sampo's proposal is more or less how Blackberry
chat actually works. (Various previous posters had the details wrong.)
Also all blackberry corporate services work without RIM having any
access to the content -- they only get access to email for individual
users for whom they terminate the encrypted tunnel.

Perry
--

-- 
Perry E. Metzger		perry <at> piermont.com
_______________________________________________
The cryptography mailing list
cryptography <at> metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
(Continue reading)

Permalink | Reply | 0 comments |
headers
Matt Blaze | 10 Aug 18:06

Vulnerabilities (in theory and in practice) in P25 two-way radios

Our (Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu and me) Usenix Security
paper on vulnerabilities in the P25 two-way radio system (used by public safety agencies in the US and
elsewhere) is out today.

See

   http://www.crypto.com/papers/p25sec.pdf

for the paper (pdf format) and

   http://www.crypto.com/p25

for a summary of mitigations.

-matt

_______________________________________________
The cryptography mailing list
cryptography <at> metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
Permalink | Reply | 0 comments |
headers
Perry E. Metzger | 10 Aug 16:12

Today's XKCD is on password strength.

Today's XKCD is on password strength. The advice it gives is pretty
good in principle...

http://xkcd.com/936/

--

-- 
Perry E. Metzger		perry <at> piermont.com
_______________________________________________
The cryptography mailing list
cryptography <at> metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
Permalink | Reply | 4 comments |
headers
Perry E. Metzger | 9 Aug 20:20

"India wants special monitoring access for Twitter, Facebook"

http://www.cio.com.au/article/396417/

Quoting. Crypto starts being mentioned in the fourth paragraph:

  India's communications ministry has been asked by the home ministry
  to monitor social networking websites such as Twitter and Facebook
  amid fears that the services are being used by terrorists to plan
  attacks.

  The request suggests that the Indian government is trying to broaden
  the scope of its online surveillance for national security.

  Telecommunications service providers in India provide facilities for
  lawful interception and monitoring of communications on their
  network, including communications from social networking websites
  such as Facebook and Twitter, in accordance with their license
  agreements,[...]

  But there are certain communications which are encrypted, Deora said
  Friday.

  The government did not provide details of what encrypted data they
  would like to have access to. A spokesman for the home ministry said
  on Monday that additional information can only be provided in
  Parliament while it is in session.

Perry
--

-- 
Perry E. Metzger		perry <at> piermont.com
_______________________________________________
(Continue reading)

Permalink | Reply | 0 comments |
headers
Perry E. Metzger | 9 Aug 20:06

ADMIN: Please don't top post.

The list has been alive again only for a couple of days, but it
appears that I need to post this oldie again.

------------

A3: Please.
Q3: Should I avoid top posting on this mailing list?

A2: Because, by reversing the order of a conversation, it leaves the
    reader without much context, and makes them read a message in an
    unnatural order.
Q2: Why is top posting irritating?

A1: It is the practice of putting your reply to a message before the
    quoted message, instead of after the (trimmed) message.
Q1: What is top posting?

Top Posting FAQ:

--

-- 
Perry E. Metzger		perry <at> piermont.com
_______________________________________________
The cryptography mailing list
cryptography <at> metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
Permalink | Reply | 0 comments |
headers
Perry E. Metzger | 9 Aug 19:18

Crypto being blamed in the London riots.

Quoting from the New York Times:

  David Lammy, Britain's intellectual property minister, also called
  for a suspension of Blackberry's encrypted instant message service.
  Many rioters, exploiting that service, had been able to organize mobs
  and outrun the police, who were ill-equipped to monitor it. "It is
  unfortunate, but for the very short term, London can't have a night
  like the last," Mr. Lammy said in a Twitter post.

  Officials at Research in Motion, the corporate parent of Blackberry,
  declined to comment on whether the service would be suspended. But
  the company, based in Waterloo, Ontario, issued a statement saying:
  "We feel for those impacted by recent days' riots in London. We have
  engaged with the authorities to assist in any way we can."

http://www.nytimes.com/2011/08/10/world/europe/10britain.html

--

-- 
Perry E. Metzger		perry <at> piermont.com
_______________________________________________
The cryptography mailing list
cryptography <at> metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
Permalink | Reply | 2 comments |
headers
Eugen Leitl | 9 Aug 13:52

[cryptography] OT: RSA's Pwnie Award

----- Forwarded message from Jeffrey Walton <noloader <at> gmail.com> -----

From: Jeffrey Walton <noloader <at> gmail.com>
Date: Mon, 8 Aug 2011 20:00:56 -0400
To: Randombit List <cryptography <at> randombit.net>
Subject: [cryptography] OT: RSA's Pwnie Award
Reply-To: noloader <at> gmail.com,
	Crypto discussion list <cryptography <at> randombit.net>

In case anyone is interested, RSA won a Pwnie for lamest vendor
response for its RSA SecurID token compromise:
http://pwnies.com/winners/
_______________________________________________
cryptography mailing list
cryptography <at> randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----
--

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
_______________________________________________
The cryptography mailing list
cryptography <at> metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
Permalink | Reply | 0 comments |
headers
Ali, Saqib | 8 Aug 21:37
Picon
Gravatar

Homomorphic encryption prototype by microsoft

Two years after Dr. Craig Gentry of IBM published the proof for fully
homomorphic encryption, Microsoft has come up with a prototype that
utilizes the technique:
http://www.technologyreview.com/computing/38239/page1/

saqib
http://redscarfvestpink.appspot.com/
_______________________________________________
The cryptography mailing list
cryptography <at> metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
Permalink | Reply | 1 comment |
headers
Perry E. Metzger | 8 Aug 03:59

Re: The Cryptography and Security mailing list has been resurrected.

On Mon, 8 Aug 2011 03:31:00 +0200 "R. Hirschfeld" <ray <at> unipay.nl>
wrote:
> > 4) We now have archives back to early 2001 online. They may be a
> > bit mangled -- let me know if you catch any problems. Also, if
> > you have archives dating back before that, let me know -- I'd
> > like to slurp them in.
> 
> I joined the list in mid-1999 and have messages dating back to then,
> which I can send to you if you want.  They're in babyl format, which
> might be a bit of a pain for you to deal with, but you can use emacs
> rmail-output to write them out to your system inbox format, or I can
> do that before sending them, to unix mbox format.

If you had the stuff in mbox format it would be great -- that's what
Mailman slurps in for old archives. Is it a complete archive though?

Perry
--

-- 
Perry E. Metzger		perry <at> piermont.com
_______________________________________________
The cryptography mailing list
cryptography <at> metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
Permalink | Reply | 0 comments |

Gmane