lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 15 Jun 2010 00:02:37 +0000
From: "Thor (Hammer of God)" <Thor@...merofgod.com>
To: Michael Neal Vasquez <mnv@...mni.princeton.edu>
Cc: "full-disclosure@...ts.grok.org.uk\"" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Introducing TGP...

Hey Michael -

Great comments - The "send to a list" statements were just an example, but it illustrated a method by which one could abstract one's self from any "custodial" duties in regard to the data. You could send it anywhere.  Of course, you can also just keep it all local and treat the files as sensitive and ensure that all key files go through some key management process if you like.

I just like having choices.  I never said it was the ideal implementation - I just said it would be a secure, workable way of doing it.

t

From: mike.vasquez@...il.com [mailto:mike.vasquez@...il.com] On Behalf Of Michael Neal Vasquez
Sent: Monday, June 14, 2010 4:39 PM
To: Thor (Hammer of God)
Cc: full-disclosure@...ts.grok.org.uk"
Subject: Re: [Full-disclosure] Introducing TGP...

Why send it to a public form/blog/email list, etc. When you could email it to yourself, mitigating some of Stu's concerns, yet still making it available to yourself...

Additionally, you're adding less traffic (a tiny bit less, true, but less...)

Send it to multiple email accounts if you're worried about an outage.... (gmail. yahoo. hushmail. etc)

Why replicate it in all these different archives.  It's an interesting idea, but I'm not convinced it's the ideal implementation.

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ