4t HIT Mail Privacy LITE 1.01
- tanstaafl
- Moderator
- Posts: 49647
- Joined: July 30th, 2003, 5:06 pm
The fact that they don't identify the 128 bit encryption implies its probably fairly weak - possibly RC4 (because its quick to encrypt). I noticed they don't tell you anything about the carrying capacity, let you control the hiding rate, or mention whether you lose part of your message if you use a lossy format such as JPEG.
You might want to browse the list of steganographic windows software at http://www.jjtc.com/stegoarchive/stego/software.html
Hide4PGP at http://www.heinz-repp.onlinehome.de/Hide4PGP.htm looked interesting.
You might want to browse the list of steganographic windows software at http://www.jjtc.com/stegoarchive/stego/software.html
Hide4PGP at http://www.heinz-repp.onlinehome.de/Hide4PGP.htm looked interesting.
-
- Guest
- tanstaafl
- Moderator
- Posts: 49647
- Joined: July 30th, 2003, 5:06 pm
What do you mean by anti-sniffing? I've used a sniffer (including a Network General Sniffer) so I'm familiar with that phrase, but I want to be certain I understand what problem you're trying to solve since its a bit of a leap from steganography.
If you use a secure connection (SSL or TLS) the traffic is encrypted, so an easedropper has to do more than just capture the packets. Though a better solution might be to use www.hushmail.com.
If you use a secure connection (SSL or TLS) the traffic is encrypted, so an easedropper has to do more than just capture the packets. Though a better solution might be to use www.hushmail.com.
-
- Guest
meant non-promisc mode for win98se or more so.
i am thinking about non-promisc LAN-card.
1. i will use it, only when everyone on my country using it[include ISP-people ],
2. java itself have many security holes. 2400+ bugs fixed..
JMM(Java Memory Model) is unstable. java 1.5? i can't.
3. see JAP or privoxy or silcnet or.., every approach is server side solution, these methods are concerned me! none of infrastructure exist!
try "anonymous" or "secure surfing" in http://sf.net
--
when ipv6? gov loves company? metallica(justice for all)?
i am thinking about non-promisc LAN-card.
www.adcom.com.tw/tech/Sw3-faq1.html wrote:non-promiscuous interfaces
* ibm token-ring network pc adapter
* ibm token-ring network pc adapter ii (short card)
* ibm token-ring network pc adapter ii (long card)
* ibm token-ring network 16/4 adapter
* ibm token-ring network pc adapter/a
* ibm token-ring network 16/4 adapter/a
* ibm token-ring network 16/4 busmaster server adapter/a
* microdyne (excelan) exos 205 ? microdyne (excelan) exos 205t
* microdyne (excelan) exos 205t/16
* hewlett-packard 27250a ethertwist pc lan adapter card/8
* hewlett-packard 27245a ethertwist pc lan adapter card/8
* hewlett-packard 27247a ethertwist pc lan adapter card/16
* hewlett-packard 27248a ethertwist eisa pc lan adapter card/32
* hp 27247b ethertwist adapter card/16 tp plus
* hp 27252a ethertwist adapter card/16 tp plus
* hp j2405a ethertwist pc lan adapter nc/16 tp
* adapters based upon the tropic chipset generally do not support promiscuous mode.
tanstaafl wrote:Though a better solution might be to use www.hushmail.com.
1. i will use it, only when everyone on my country using it[include ISP-people ],
2. java itself have many security holes. 2400+ bugs fixed..
JMM(Java Memory Model) is unstable. java 1.5? i can't.
3. see JAP or privoxy or silcnet or.., every approach is server side solution, these methods are concerned me! none of infrastructure exist!
try "anonymous" or "secure surfing" in http://sf.net
--
when ipv6? gov loves company? metallica(justice for all)?
- tanstaafl
- Moderator
- Posts: 49647
- Joined: July 30th, 2003, 5:06 pm
Trying to prevent somebody from sniffing your traffic is usually a lost cause, especially if you're sending to somebody outside of your controlled environment. I don't understand why you want to buy a non-promiscious card since it adds no value. The risk is that any other node could put its network card into promiscious mode to capture all traffic, not what you use.
What approach you should take depends upon who you're trying to prevent from examining what you send, and whats the downside if you fail. SSL/TLS easily meets my needs. Hushmail uses only a fraction of Java's many class libraries with its applets and would be a good next step up.
You also want to keep things in perspective, given how easy it can be to atttach a small keystroke logger that most people would never notice or look for.
You might find this site interesting reading. http://www.schneier.com/crypto-gram.html
What approach you should take depends upon who you're trying to prevent from examining what you send, and whats the downside if you fail. SSL/TLS easily meets my needs. Hushmail uses only a fraction of Java's many class libraries with its applets and would be a good next step up.
You also want to keep things in perspective, given how easy it can be to atttach a small keystroke logger that most people would never notice or look for.
You might find this site interesting reading. http://www.schneier.com/crypto-gram.html
-
- Guest
tanstaafl wrote:Hushmail uses only a fraction of Java's many class libraries with its applets and would be a good next step up.
but it require jre 1.4 or higher. i had a bad experience using it.
mozilla, za crash.. i don't trust java, java applet.
--
some book which i don't remember wrote:you can't write perfect software, or you will waste time and energy to chase impossible dream.
i did
- tanstaafl
- Moderator
- Posts: 49647
- Joined: July 30th, 2003, 5:06 pm
JRE 1.4.x has been much more troublesome than prior versions. Sometimes you have to experiment with a couple of different versions to find one that works well with your browser. Once you find one that works, there is little incentive to upgrade when a new version is released if you're only using java for applets.
I'm using java 1.4.2_01 with Firefox.
Since Hushmail works with the Microsoft JVM which is equivalent to Suns JRE 1.1, I suspect you could get away with using a Sun 1.3 JRE. They even support the ancient Netscape JVM if you run Netscape 4.7.x. The text I read stated that the examples below used 1.4.1_02 or later, NOT that it required that version.
I'm using java 1.4.2_01 with Firefox.
Since Hushmail works with the Microsoft JVM which is equivalent to Suns JRE 1.1, I suspect you could get away with using a Sun 1.3 JRE. They even support the ancient Netscape JVM if you run Netscape 4.7.x. The text I read stated that the examples below used 1.4.1_02 or later, NOT that it required that version.
-
- Guest
As i said previously, nobody using it. moreover it doen't support my country language.
how can i use it?
(secure mail) -> (sniffing enabled) -> (normal mail)
(secure mail) -> (sniffing unabled) -> (securel mail)
--
1.sorry, i remembered that case i had tried. even someone said early-java (ver 1.0?) more solid, i didn't believe it. i was right.
2.i will trust future-classpath+mono+gcc+"fasm".
http://www.gnu.org/software/classpath/classpath.html
--
thanks to firefox team, for the addressbar+google-bandit
how can i use it?
(secure mail) -> (sniffing enabled) -> (normal mail)
(secure mail) -> (sniffing unabled) -> (securel mail)
--
tanstaafl wrote:I suspect you could get away with using a Sun 1.3 JRE.
1.sorry, i remembered that case i had tried. even someone said early-java (ver 1.0?) more solid, i didn't believe it. i was right.
2.i will trust future-classpath+mono+gcc+"fasm".
http://www.gnu.org/software/classpath/classpath.html
--
thanks to firefox team, for the addressbar+google-bandit
- tanstaafl
- Moderator
- Posts: 49647
- Joined: July 30th, 2003, 5:06 pm
Hushmail is usefull when you want to send email to other Hushmail users. That provides a secure connection end to end. If you don't use it to send email to another Hushmail user its basicly just another email provider, yawn.
When you send email to a non-Hushmail user you have a secure channel to Hushmails servers, but then it will send it in plaintext (unsecure) with a digital signature. In that scenario its no different from using thunderbird with SSL/TLS and the enigmail extension.
Since its webmail I don't understand how language support is an issue.
I wouldn't touch gnu's classpath with a ten foot pole. Developing the class libraries is the hard part, not the JVM.
When you send email to a non-Hushmail user you have a secure channel to Hushmails servers, but then it will send it in plaintext (unsecure) with a digital signature. In that scenario its no different from using thunderbird with SSL/TLS and the enigmail extension.
Since its webmail I don't understand how language support is an issue.
I wouldn't touch gnu's classpath with a ten foot pole. Developing the class libraries is the hard part, not the JVM.
-
- Guest
-
- Guest
considering switched ethernet or switch,
And about password generator
Is there something more better than password generator 2003(4)?
http://www.geocrawler.com/archives/3/86/1997/9/0/191043/ wrote: > Hello...
>
> Does anyone know of a manufacturer/model number for
> non-promiscuous mode 100Mbit NICs? I need a couple for both intel and
> alpha boards. I usually use 3com 509 and 905 cards, but a call to them
> determined that they don`t make them.
>
> I would prefer cards that use the digital whatever chip since I can`t
> use 3com. Any sugestions?
>
> (non promiscuous mode = no packet sniffing )
At this point, you`re probably better off buying a switch than spending
time looking for cards, especially since unless the non-promiscuous
cards don`t let someone set their MAC address, they can always get the
data off the wire by spoofing the local gateway or server`s MAC address
and opening the raw interface. If you`re not too concerned, you could
rip that code out of the driver. If you`re way concerned, switches are
better anyway, since they stop the "bring in a plamtop" crowd as well.
Cisco`s just dropped the price of the Cat-1900 FWIW.
And about password generator
Is there something more better than password generator 2003(4)?