search for: pgut001

There were a few notes in this thread that may indicate open areas for development. I forward merely as FYI. http://www.metzdowd.com/pipermail/cryptography/2015-January/024231.html ---------- Forwarded message ---------- From: Peter Gutmann <pgut001 at cs.auckland.ac.nz> Date: Sun, Jan 4, 2015 at 9:29 PM Subject: Re: [Cryptography] Why aren?t we using SSH for everything? To: calestyo at scientia.net, pgut001 at cs.auckland.ac.nz Cc: cryptography at metzdowd.com Christoph Anton Mitterer <calestyo at scientia.net> writes: >On Sun, 2...

Hello, I just read this document, especially the section about Tinc : http://www.cs.auckland.ac.nz/~pgut001/pubs/linux_vpn.txt It's an old one, but i would like to know the state of the Tinc security level for now. I don't scared about possible security weakness of Tinc because i only use it over our internal operator network (MPLS), but maybe one day will come the need to connect a remote node...

...mp wrote: > There were a few notes in this thread that may indicate open areas for > development. I forward merely as FYI. > > http://www.metzdowd.com/pipermail/cryptography/2015-January/024231.htm > l > > ---------- Forwarded message ---------- > From: Peter Gutmann <pgut001 at cs.auckland.ac.nz> > Date: Sun, Jan 4, 2015 at 9:29 PM > Subject: Re: [Cryptography] Why aren?t we using SSH for everything? > To: calestyo at scientia.net, pgut001 at cs.auckland.ac.nz > Cc: cryptography at metzdowd.com > > Christoph Anton Mitterer <calestyo at scientia...

...e, Nov 13, 2012 at 5:04 PM, Sam Flint <harmonicnm7h at gmail.com> wrote: > > Does anyone have experience with tinc vpn? > > It was not looked on particularly favorably in a comparison some years > ago by well known cryptographer Peter Gutmann: > http://www.cs.auckland.ac.nz/~pgut001/pubs/linux_vpn.txt > > Admittedly, that review was from 2003. However, one of the things > that post discusses in length, and does a great job of illustrating, > is that security software like VPNs are difficult to get right, and > very easy to get wrong. > > OpenVPN seems to...

On 01/11/2016 06:50 AM, Always Learning wrote: > Why not, on start-up, create a 'ram disk' and do your sensitive work in > volatile RAM or is this what 'tmpfs' implies ? I think that's what OP expected tmpfs to be, but it should be noted that tmpfs *can* be swapped to disk, so it should not be used for data that you don't want to ever hit non-volatile storage

Richard Atterer wrote: >On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote: > > >>You might want to check tinc (http://tinc.nl.linux.org) >> >> > >I strongly recommend *not* to use tinc. ><http://www.securityfocus.com/archive/1/249142> illustrates that the >authors didn't have enough expertise to build a secure tool 2 years ago.

...not erase data in remapped sectors. > > the only truly safe way to destroy data on magnetic media is to grind > the media up into filings or melt it down in a furnace. Without any intent to contradict... This article I found to be very instructive reading: https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html As far as hard drives are concerned, it changed my mind about magnetic media (hard drives): from "you never will be able to securely destroy data" to "one pass of writing zeroes is sufficient for modern drives. Bringing platters over 1000 times deep into hystere...

What is so fundamentally different about drivers in Linux and Windows? Specifically, video card drivers have always frustrated my understanding of what's going on under the hood. Say I have a nice video card from ATI. I need to install some cool drivers from ATI in order to make the card work at its best and in order to do any cool things like dual monitors. I download these drivers

DBAN is obsolete. NIST 800-88 for some time now says to use secure erase or enhanced security erase or crypto erase if supported. Other options do not erase data in remapped sectors. Chris Murphy

Darren Tucker <dtucker at zip.com.au> writes: >That's a vendor-modified version of OpenSSH. Assuming it corresponds to >what's in FreeBSD head, there's about a thousand lines of changes. Ugh. >Can you reproduce the problem with an unmodified version from openssh.com? >Failing that, can you get the server-side debug output from a failing >connection (ie