Forgot your password?
typodupeerror

+ - OpenSSH has a new cipher, chacha20-poly1305, from D.J. Bernstein!

Submitted by ConstantineM
ConstantineM (965345) writes "Inspired by a recent Google initiative to adopt ChaCha20 and Poly1305 for TLS, OpenSSH developer Damien Miller has added a similar protocol to ssh, chacha20-poly1305@openssh.com, which is based on D. J. Bernstein algorithms that are specifically optimised to provide the highest security at the lowest computational cost, and not require any special hardware at doing so. Some further details are in his blog, and at undeadly. The source code of the protocol is remarkably simple — less than 100 lines of code!"

Comment: Re:Applause (Score 1) 771

by Phil Karn (#44517953) Attached to: Encrypted Email Provider Lavabit Shuts Down, Blames US Gov't
Are you sure about this? Would it in fact be possible to gain access to all past stored emails by logging a future user session? Or was it only possible to gain access to future emails by recording a copy of the incoming plaintext before encrypting them with the user's public key? This is an honest question; I hadn't even heard of Lavabit until today (I would have been a customer if I had) so I only know what I've read. Even before today, the past several months have proved what we've all long suspected: a security model that requires the users to trust a commercial service provider is simply not workable. Even (especially) in the United States. Ideally, a security model shouldn't require you to trust anyone in the middle at all. If that's not possible (and for many services, it's not) it should rely on a large volunteer group, at least some of whom are honest. Something like TOR, though it has its own problems.

Comment: Re:Applause (Score 1) 771

by Phil Karn (#44517905) Attached to: Encrypted Email Provider Lavabit Shuts Down, Blames US Gov't
I think you have it basically right. As I understand Lavabit, they encrypted incoming email with a public key for which only the user had the private key. They could not provide plaintext of existing email to a government demand. So the government probably ordered them to keep plaintext copies of all future email, which would be technically possible. The only way to avoid it was to shut down the service altogether. There'd be no reason to shut down the service if the demand was only for existing data as that would not relieve them of the requirement to fork it over. At the moment their MX server is not accepting incoming SMTP connections, which lends weight to my theory. The government could still seize the domain name and set up their own inbound SMTP server, but hopefully the publicity has warned everyone away. Right now there are two MX records for lavabit.com: mx.lavabit.com and lavabit.com, both of which resolve to IPv4 address 72.249.41.52. imap.lavabit.com also resolves to the same IPv4 address. Let's see if those records change...

+ - Keep smiling, waste spammers' time with OpenBSD tools->

Submitted by badger.foo
badger.foo (447981) writes "When you're in the business of building the networks people need and the services they need to run on them, you may also be running a mail service. If you do, you will sooner or later need to deal with spam. This article is about how to waste spammers' time and have a good time while doing it, using the free tools OpenBSD offers to do your greylisting and greytrapping before any content filtering. It's fun and easy."
Link to Original Source

Comment: Re:Having the internet connection isn't the issue (Score 1) 540

by Temporal (#40305069) Attached to: <em>Diablo 3</em> Banhammer Dropped Just Before RMAH Goes Live

its having to connect to their servers to play the game single player and worse, you can lose access to your game which you are in no way playing with other people should their authentication servers have an issue or be down for maintenance.

Oh the horror! You might have to do something else for a little while.

Jesus Christ, get over it.

they could have very easily made it so you had characters on their service and characters not on the service with no chance for either to interact. They chose not to. They chose that because they wanted to increase their revenue stream by any method they could envision.

I think it's pretty obvious that they chose this because it makes piracy effectively impossible. And to be perfectly honest, I like it a lot better than any other DRM I've ever encountered.

Comment: Re:The problem is chicken little (Score 2, Informative) 1181

by Bush Pig (#39690941) Attached to: Losing the Public Debate On Global Warming

Actually, there are hardly any scientists who disagree with AGW, and those few have been discredited. Also, Hadley didn't falsify any data, AFAIK Hansen isn't associated associated with Hadley, Hadley can't release the data because it isn't theirs to release, and Hansen (among others) does support nuclear power.

So, five wrong statements so far. Want to try for six?

This is the theory that Jack built. This is the flaw that lay in the theory that Jack built. This is the palpable verbal haze that hid the flaw that lay in...

Working...