On Thu, 2 Sep 2010 23:02:15 -0400, Ari Silverstein wrote:
> On Thu, 2 Sep 2010 19:29:09 -0400, Ari Silverstein wrote:
>
>> On Thu, 2 Sep 2010 15:57:50 -0700 (PDT), Pubkeybreaker wrote:
>>
>>> On Sep 2, 6:03*pm, Ari Silverstein <AriSilverst...@yahoo.com> wrote:
>>>
>>>> The best of all worlds is closed source development with entirely
>>>> competent, trusted individuals which is why the highest level of
>>>> cryptographic development for the USGov, DoD, DHS and the intertwined
>>>> military-intelligence Agencies happens behind closed doors. Among
>>>> their experts and their contracted experts.
>>>
>>> And what do you think it is that I do?
>>
>> Pick your nose?
>>
>> Why don't you tell us then we won't have to guess?
>
> Ok, I'll ask again. what is it you do?
Bob Silverman, a fellow Jew! I loved your music! Dylan admirer!
On Fri, 03 Sep 2010 07:13:01 GMT, nemo_outis wrote:
> Who
SWAT!
God that was fun. Acting like a nemo-child, takes some getting used to
though. lol
--
´Looking Above and Beyond the Ramp: A Study of Buffalo Students˙
Attitudes toward Alternative Modes of Transportation"
On Fri, 03 Sep 2010 07:13:01 GMT, nemo_outis wrote:
> Who
Nemo proclaimed to the World two days ago:
"...undoubtedly the path of wisdom. I have instead allowed my
fascination with morbid psychology to detain me too long with weird
old Ari. <sic> I agree to killfile him"
On Sep 3, 1:29*am, "Joseph Ashwood" <ashw...@msn.com> wrote:
> "Mark Murray" <w.h.o...@example.com> wrote in message
>
> This is from someone who has been at odds with him on multiple occassions.. I
> obviously have great respect for him, and more than once I have recommended
> him to my clients.
>
> He is absolutely worth $400 an hour.
> * * * * * * * * * * Joe
On Sep 3, 3:05*am, Ari Silverstein <AriSilverst...@yahoo.com> wrote:
> On Thu, 2 Sep 2010 22:29:02 -0700, Joseph Ashwood wrote:
> > "Mark Murray" <w.h.o...@example.com> wrote in message
> >news:4c7fcd1f$0$2516$db0fefd9@news.zen.co.uk...
> >> On 09/02/10 15:48, Pubkeybreaker wrote:
>
> >>> If you want your code vetted, *you can hire me at $400.00/hr. *And I
> >>> do have both the required software and crypto background.
>
> >> Based on the above RSA detail missed, are you really worth $400 an hour?
>
> > Yes, he really is. He is a world renowned, world recognised, undeniably
> > brilliant public key researcher with extensive experience in the research
> > department of RSA Security. If anything $400/hour is not enough for his
> > level of capability.
>
> > This is from someone who has been at odds with him on multiple occassions. I
> > obviously have great respect for him, and more than once I have recommended
> > him to my clients.
>
> > He is absolutely worth $400 an hour.
> > * * * * * * * * * * Joe
>
> Damn, Joe, he'd better get $400/hr to pay you for this extra-glorious
> endorsement. :)
>
> I kid.
>
> But you might give him a few lessons in following Usenet conversations
> (who replied to whom) and using a newsreader, dumping Google Groups.
And *YOU* might do something to reduce both your arrogance and your
ignorance.
Did it ever occur to you that I might have to work under certain
restrictions?
Did it ever occur to you that someone who works in information
security for
a DOD contractor might have such restrictions?
The answer is obvious: Of course it didn't occur to you.
I use google groups because it is what I am allowed to access from my
desk.
On Sep 3, 3:16*am, Mark Murray <w.h.o...@example.com> wrote:
> On 02/09/2010 22:26, Pubkeybreaker wrote:
>
> > I miised no detail. I quote what was written:
>
> > "PROV_RSA_AES"
>
> > This is a bunch of acronyms that have been run together and connected
> > by underscores. * It is not RSA, * I can read, *Apparently, you can't.
>
> I googled the documentation of that service.
>
> <quote>
> The PROV_RSA_AES provider type supports both digital signatures and data
> encryption. It is considered a general purpose cryptographic service
> provider (CSP). The RSA public key algorithm is used for all public key
> operations.
> </quote>
>
> What am I missing?
Almost everything. The quote you give is so vague as to be almost
meaningless.
(1) A provider type is not an algorithm.
(2) The prior post gave a single key length as if "PROV_RSA_AES" **
were ** a
single algorithm. And allow me to point out (pedantically) that a
provider type is not
an algorithm and the question was about algorithms. And YES. Such
distinctions
do matter when doing engineering code/documentation reviews. Giving
the name
of a software object that is unique to a particular implementation is
not the same as
specifying an algorithm. "The map is not the territory"
(3) Saying "supports signatures and encryption" is so vague as to be
meaningless.
What kind of signatures? With appendix? Without appendix? Is it
PKCS-1 compliant?
Does it use PSS or OAEP? Does it use ASN-1 syntax? etc. etc. etc.
ad nauseum.
Do you have any idea as to the degree of pedantry that is required to
fully vet someone
else's software?
On 09/03/10 13:02, Pubkeybreaker wrote:
> Do you have any idea as to the degree of pedantry that is required to
> fully vet someone else's software?
Somewhat.
But I see that this debate has got so far into the splitting hairs
domain that I suspect we are going to see quarks soon.
The question "What algorithms do you use?" has been answered by the
OP (VERY BADLY, I agree) as "RSA for keys and AES for the message",
without giving any other useful detail.
On 2010-09-03, Pubkeybreaker <pubkeybreaker@aol.com> wrote:
> On Sep 3, 3:05?am, Ari Silverstein <AriSilverst...@yahoo.com> wrote:
>> On Thu, 2 Sep 2010 22:29:02 -0700, Joseph Ashwood wrote:
>> > "Mark Murray" <w.h.o...@example.com> wrote in message
>> >news:4c7fcd1f$0$2516$db0fefd9@news.zen.co.uk...
>> >> On 09/02/10 15:48, Pubkeybreaker wrote:
>>
>> >>> If you want your code vetted, ?you can hire me at $400.00/hr. ?And I
>> >>> do have both the required software and crypto background.
>>
>> >> Based on the above RSA detail missed, are you really worth $400 an hour?
>>
>> > Yes, he really is. He is a world renowned, world recognised, undeniably
>> > brilliant public key researcher with extensive experience in the research
>> > department of RSA Security. If anything $400/hour is not enough for his
>> > level of capability.
>>
>> > This is from someone who has been at odds with him on multiple occassions. I
>> > obviously have great respect for him, and more than once I have recommended
>> > him to my clients.
>>
>> > He is absolutely worth $400 an hour.
>> > ? ? ? ? ? ? ? ? ? ? Joe
>>
>> Damn, Joe, he'd better get $400/hr to pay you for this extra-glorious
>> endorsement. :)
>>
>> I kid.
>>
>> But you might give him a few lessons in following Usenet conversations
>> (who replied to whom) and using a newsreader, dumping Google Groups.
>
> And *YOU* might do something to reduce both your arrogance and your
> ignorance.
>
> Did it ever occur to you that I might have to work under certain
> restrictions?
>
> Did it ever occur to you that someone who works in information
> security for
> a DOD contractor might have such restrictions?
>
I suppose that is possible which would be totally bizare. Googlegroups
is pretty insecure, so how in the world can they allow you to go through
them? Besides google has assured us that they data mine the stuff going
through them. So your contractors do not mind?
> The answer is obvious: Of course it didn't occur to you.
>
> I use google groups because it is what I am allowed to access from my
> desk.
On Fri, 3 Sep 2010 04:52:07 -0700 (PDT), Pubkeybreaker wrote:
> On Sep 3, 3:05*am, Ari Silverstein <AriSilverst...@yahoo.com> wrote:
>> On Thu, 2 Sep 2010 22:29:02 -0700, Joseph Ashwood wrote:
>>> "Mark Murray" <w.h.o...@example.com> wrote in message
>>>news:4c7fcd1f$0$2516$db0fefd9@news.zen.co.uk...
>>>> On 09/02/10 15:48, Pubkeybreaker wrote:
>>
>>>>> If you want your code vetted, *you can hire me at $400.00/hr. *And I
>>>>> do have both the required software and crypto background.
>>
>>>> Based on the above RSA detail missed, are you really worth $400 an hour?
>>
>>> Yes, he really is. He is a world renowned, world recognised, undeniably
>>> brilliant public key researcher with extensive experience in the research
>>> department of RSA Security. If anything $400/hour is not enough for his
>>> level of capability.
>>
>>> This is from someone who has been at odds with him on multiple occassions. I
>>> obviously have great respect for him, and more than once I have recommended
>>> him to my clients.
>>
>>> He is absolutely worth $400 an hour.
>>> * * * * * * * * * * Joe
>>
>> Damn, Joe, he'd better get $400/hr to pay you for this extra-glorious
>> endorsement. :)
>>
>> I kid.
>>
>> But you might give him a few lessons in following Usenet conversations
>> (who replied to whom) and using a newsreader, dumping Google Groups.
>
> And *YOU* might do something to reduce both your arrogance and your
> ignorance.
I did. I just deleted your post.
*LOL
--
´Looking Above and Beyond the Ramp: A Study of Buffalo Students˙
Attitudes toward Alternative Modes of Transportation"
> On 2010-09-03, Pubkeybreaker <pubkeybreaker@aol.com> wrote:
>> On Sep 3, 3:05?am, Ari Silverstein <AriSilverst...@yahoo.com> wrote:
>>> On Thu, 2 Sep 2010 22:29:02 -0700, Joseph Ashwood wrote:
>>> > "Mark Murray" <w.h.o...@example.com> wrote in message
>>> >news:4c7fcd1f$0$2516$db0fefd9@news.zen.co.uk...
>>> >> On 09/02/10 15:48, Pubkeybreaker wrote:
>>>
>>> >>> If you want your code vetted, ?you can hire me at $400.00/hr. ?And I
>>> >>> do have both the required software and crypto background.
>>>
>>> >> Based on the above RSA detail missed, are you really worth $400 an hour?
>>>
>>> > Yes, he really is. He is a world renowned, world recognised, undeniably
>>> > brilliant public key researcher with extensive experience in the research
>>> > department of RSA Security. If anything $400/hour is not enough for his
>>> > level of capability.
>>>
>>> > This is from someone who has been at odds with him on multiple occassions. I
>>> > obviously have great respect for him, and more than once I have recommended
>>> > him to my clients.
>>>
>>> > He is absolutely worth $400 an hour.
>>> > ? ? ? ? ? ? ? ? ? ? Joe
>>>
>>> Damn, Joe, he'd better get $400/hr to pay you for this extra-glorious
>>> endorsement. :)
>>>
>>> I kid.
>>>
>>> But you might give him a few lessons in following Usenet conversations
>>> (who replied to whom) and using a newsreader, dumping Google Groups.
>>
>> And *YOU* might do something to reduce both your arrogance and your
>> ignorance.
>>
>> Did it ever occur to you that I might have to work under certain
>> restrictions?
>>
>> Did it ever occur to you that someone who works in information
>> security for
>> a DOD contractor might have such restrictions?
>>
>
> I suppose that is possible which would be totally bizare. Googlegroups
> is pretty insecure, so how in the world can they allow you to go through
> them? Besides google has assured us that they data mine the stuff going
> through them. So your contractors do not mind?
And surely Bob does this accessing on his own time. At $400/hr, if I
found him ****ing around on Usenet leaving my corporate machine's
tracks all over GGroups, on his time or not, I'd drop him with his
termination papers at the nearest bus stop.
But that just me. The DoD I am sure is pleased with his outbound
efforts.
--
´Looking Above and Beyond the Ramp: A Study of Buffalo Students˙
Attitudes toward Alternative Modes of Transportation"
On Fri, 3 Sep 2010 03:27:39 -0700 (PDT), Pubkeybreaker wrote:
> On Sep 3, 1:29*am, "Joseph Ashwood" <ashw...@msn.com> wrote:
>> "Mark Murray" <w.h.o...@example.com> wrote in message
>>
>
>> This is from someone who has been at odds with him on multiple occassions. I
>> obviously have great respect for him, and more than once I have recommended
>> him to my clients.
>>
>> He is absolutely worth $400 an hour.
>> * * * * * * * * * * Joe
>
> Thanks for the kind words.
>
> BTW:
>
> A typical big city lawyer charges this.
So does a NYC hooker, and more, and your point is....?
--
´Looking Above and Beyond the Ramp: A Study of Buffalo Students˙
Attitudes toward Alternative Modes of Transportation"
On Sep 3, 3:38*pm, unruh <un...@wormhole.physics.ubc.ca> wrote:
> On 2010-09-03, Pubkeybreaker <pubkeybrea...@aol.com> wrote:
> > Did it ever occur to you that someone who works in information
> > security for
> > a DOD contractor might have such restrictions?
>
> I suppose that is possible which would be totally bizare. Googlegroups
> is pretty insecure, so how in the world can they allow you to go through
> them? Besides google has assured us that they data mine the stuff going
> through them. So your contractors do not mind?
How insecure? All what he posts there including his username is public
anyway, his email is easy to find out, and everybody knows it. What
remains is his googlegroups password, which (I hope:D) is not the same
as his password for the DoD. He uses a web browser, so what's the
risk?
On Sep 3, 5:55*pm, David Eather <eat...@tpg.com.au> wrote:
> Hey Trulymail is using the crypto library provided by Microsoft. Do you
> *really* trust a company that can't sort out how to add 2 unsigned
> 64-bit numbers even after 3 years of trying.
Could you please elaborate on this? A pointer would be nice.
On Wed, 01 Sep 2010 17:54:42 GMT, nemo_outis wrote:
> Ari Silverstein <AriSilverstein@yahoo.com> wrote in
> news:8e7g7nF2fvU1@mid.individual.net:
>
> Ari the puppetmaster defends his puppet. How long before the
> puppet chimes in to defend the puppetmaster?
You blithering on, still, about Steve Terry being a sock? *LOL*
"Ari Silverstein" <AriSilverstein@yahoo.com> wrote in message
news:8edcfsFofmU1@mid.individual.net...
> On Wed, 01 Sep 2010 17:54:42 GMT, nemo_outis wrote:
>
>> Ari Silverstein <AriSilverstein@yahoo.com> wrote in
>> news:8e7g7nF2fvU1@mid.individual.net:
>>
>> Ari the puppetmaster defends his puppet. How long before the
>> puppet chimes in to defend the puppetmaster?
>
> You blithering on, still, about Steve Terry being a sock? *LOL*
>
> Take time to use G-o-o-g-l-e yet Old Man?
>
>
Google?!
He still has to get his mother to switch his PC on for him
I'm hard to find, i only have about 5000 usenet postings archived
since 1995
Steve Terry
--
"I would like to plead for my right to investigate natural phenomena
without having guns pointed at me.
I also ask for the right to be wrong without being hanged for it."
- Wilhelm Reich, November 1947
"Ari Silverstein" <AriSilverstein@yahoo.com> wrote in message
news:8eblt6Ffv4U1@mid.individual.net...
> Joe, I wouldn't expect a response from Trulymail, maybe I will be
> wrong. If Trulymail responds, there are only two outcomes. More
> self-inflicted ruination and heaping amounts of self-inflicted
> ruination.
I'm not expecting much either, it ticks too many checkboxes for snake-oil to
not have major mistakes.
Joe
"Mark Murray" <w.h.oami@example.com> wrote in message
news:4c80eaef$0$12164$fa0fcedb@news.zen.co.uk...
> On 09/03/10 13:02, Pubkeybreaker wrote:
>> Do you have any idea as to the degree of pedantry that is required to
>> fully vet someone else's software?
>
> Somewhat.
>
> But I see that this debate has got so far into the splitting hairs
> domain that I suspect we are going to see quarks soon.
>
> The question "What algorithms do you use?" has been answered by the
> OP (VERY BADLY, I agree) as "RSA for keys and AES for the message",
> without giving any other useful detail.
There's far, far, far more to the algorithms question than RSA and AES, what
algorithm selects the primes for N? What algorithm protects the private key?
What chaining mode? What algorithm selects the symmetric keys? What
algorithm is used to pad the RSA plaintext? What signature method is used?
Is there a MAC? How is the MAC key determined? There are dozens of more
question. Beyond this the answer was far from clear, the 4096-bit key almost
certainly refers to RSA, but I have not seen a reasonable statement that
clearly states which symmetric algorithm (PROV_RSA_AES has RC2, RC4, and
AES).
Saying it uses PROV_RSA_AES does not answer any question.
Joe
> a wrote:
>> **** off, Ari. You're just trolling John for the sake of being
>> difficult. Hundreds of apps exist where you don't know the makers and
>> their history.
>
> Ari's arguments might not have been expressed in the best of ways (to
> put it mildly) but he is
<snip>
Thing is... Sliverdick doesn't have clue one what it's babbling on about.
It's only parroting things it heard to see itself post, just like the way
the poor, pathetic, lying git does wholesale cut and paste of others'
posts whe even IT gets bored with the threadbare "lol" inanity and lies
about being significant that are Sliverdick's A game.
> On Fri, 3 Sep 2010 04:52:07 -0700 (PDT), Pubkeybreaker wrote:
>> And *YOU* might do something to reduce both your arrogance and your
>> ignorance.
>
> I did. I just deleted your post.
>
> *LOL
ROTFL!
Your wannabe Sliverdick ass just got mega-spanked by someone who IS the
expert your loser self lies about being, so you ran away like a mangina
with the very best you could muster in retaliation being the same old
boring "lol" inanity you fall back on as a last resort when all your
other inanities leave you cold.
On Sep 17, 4:42*am, Anonymous <cri...@ecn.org> wrote:
> Paulo Marques wrote:
> > a wrote:
> >> **** off, Ari. You're just trolling John for the sake of being
> >> difficult. Hundreds of apps exist where you don't know the makers and
> >> their history.
>
> > Ari's arguments might not have been expressed in the best of ways (to
> > put it mildly) but he is
>
> <snip>
>
> Thing is... Sliverdick doesn't have clue one what it's babbling on about.
(1) Belittling an adversary by perverting his/her name shows that you
have
nothing relevant to say except childish name-calling. I don't agree
with Ari,
but I will carry on a civilized debate with him. Your name-calling
simply shows you
to be an immature jerk.
(2) Regardless of the merits of his discussion, at least he has the
courage to
post under his own name. He stands by what he says. You, on the
other
hand, are a COWARD.
On Fri, 17 Sep 2010 10:42:15 +0200 (CEST), Anonymous wrote:
> Paulo Marques wrote:
>
>> a wrote:
>>> **** off, Ari. You're just trolling John for the sake of being
>>> difficult. Hundreds of apps exist where you don't know the makers and
>>> their history.
>>
>> Ari's arguments might not have been expressed in the best of ways (to
>> put it mildly) but he is
>
> <snip>
>
> Thing is... Sliverdick doesn't have clue one what it's babbling on about.
Outside of being over *two weeks* from the post of mine this threads,
the only troll here is you, Mr. Anonymousie. Certainly you took the
time to read the majority of this thread and to think all you have to
enjoin is I'm a Sliverdick?
Why don't you get a pair of nuts and post using your own name? Isn't
that a novel idea, accountability.
Btw, if you need work I have a few toilets with **** splattered all
over them.
Posting Permissions
Reply With Quote
Bookmarks