From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <029701c385b0$686b32e0$b9844051@insultant.net> From: "boyd, rounin" To: <9fans@cse.psu.edu> References: <20030928101050.J27821@cackle.proxima.alt.za> <020001c3859e$d209f220$b9844051@insultant.net> <20030928114226.L27821@cackle.proxima.alt.za> Subject: Re: [9fans] spam rejection after reception does have limits MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Date: Sun, 28 Sep 2003 13:05:19 +0200 Topicbox-Message-UUID: 52ba7e54-eacc-11e9-9e20-41e7f4b1d025 > Between you and Choate, you're getting irritating: "You don't > understand..." Maybe you can explain, if you're so fucking clever! you need a root CA or some other CA you trust. this depends on the DNS, which can be spoofed, hence possiblty giving you a false public key. key revocation never worked. TLS/SSL is so complex that the bugs kept turning up. someone at the labs even had a theoretical [impractical, but possible] an attack on it. that's why we don't use 2DES, 'cos there is theoretical attack where you meet in the the middle. sure, it's costly, but the solution is to go to 3DES. DES 'died' back in the early '90s (unless you were the NSA, where it probably died well before that). once you had encrypted the 'crack' dictionary [~50k 'words'] with all the 4096 salts busting a password file with a shell script and took seconds. generating the dictionary back then took a month. i did this once, as an experiment and to test internal security. on that point i'm NDA'd on any further discussion. # 248 622