Re: Simson Garfinkel analyses Skype - Open Society Institute
From: Adam Shostack [EMAIL PROTECTED] Sent: Jan 29, 2005 12:45 PM To: Mark Allen Earnest [EMAIL PROTECTED] Cc: cryptography@metzdowd.com Subject: Re: Simson Garfinkel analyses Skype - Open Society Institute But, given what people talk about on their cell phones and cordless phones, and what they send via unencrypted email, they are acting like they think their communications are secure in the absence of any encryption. So I don't think adding some 'cryptographic mumbo jumbo' is going to change their sense of security in the wrong direction. One thing most people seem to miss about this, though, is that cellphones and cordless phones are *great* for privacy from other humans who live in your house or work in your office. When you don't want your children to hear a conversation, you can go take the call in the bathroom or in the car while you're driving alone. Everybody seems to miss this--cellphones and cordless phones don't diminish privacy, they just move it around. Sophisticated eavesdroppers can violate more of your privacy, but nosy family members, roommates, and office mates can violate a lot less. I thnk most people correctly evaluate which of these groups is more likely to do something unpleasant with what they learn by eavesdropping. It seems to me that VOIP pushes this in a somewhat different direction, because it's probably easy for your high-speed internet access (maybe a wireless hop to a router that talks to a cable modem) to be eavesdropped by moderately technically savvy nosy neighbors, and because there are a lot of criminals who are using more technology, and will surely target VOIP if they think they can make any money off it. Adam --John Kelsey - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cryptanalytic attack on an RFID chip
On Sat, Jan 29, 2005 at 01:09:32PM -0500, Steven M. Bellovin wrote: This chip is used in anti-theft automobile immobilizers and in the ExxonMobil SpeedPass. If I recall correctly, there are two different electronic functions in key cars. One is the theft protection where the chip needs to authenticate when starting the engine (in Europe e.g. Ford introduced this some years ago, the keys had a red, and the car came with a fully red master key (yes, both a mechanical and cryptographical key) which allowed to teach the car to accept additional keys). The other function is the remote control to open the doors by pressing a button at the key. Does this attack compromise the theft protection only or the door opener as well? regards Hadmut - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Simson Garfinkel analyses Skype - Open Society Institute
On Sun, Jan 30, 2005 at 11:12:05AM -0500, John Kelsey wrote: | From: Adam Shostack [EMAIL PROTECTED] | Sent: Jan 29, 2005 12:45 PM | To: Mark Allen Earnest [EMAIL PROTECTED] | Cc: cryptography@metzdowd.com | Subject: Re: Simson Garfinkel analyses Skype - Open Society Institute | | But, given what people talk about on their cell phones and cordless | phones, and what they send via unencrypted email, they are acting like | they think their communications are secure in the absence of any | encryption. So I don't think adding some 'cryptographic mumbo jumbo' | is going to change their sense of security in the wrong direction. | | One thing most people seem to miss about this, though, is that cellphones and cordless phones are *great* for privacy from other humans who live in your house or work in your office. When you don't want your children to hear a conversation, you can go take the call in the bathroom or in the car while you're driving alone. Everybody seems to miss this--cellphones and cordless phones don't diminish privacy, they just move it around. Sophisticated eavesdroppers can violate more of your privacy, but nosy family members, roommates, and office mates can violate a lot less. I thnk most people correctly evaluate which of these groups is more likely to do something unpleasant with what they learn by eavesdropping. | | It seems to me that VOIP pushes this in a somewhat different direction, because it's probably easy for your high-speed internet access (maybe a wireless hop to a router that talks to a cable modem) to be eavesdropped by moderately technically savvy nosy neighbors, and because there are a lot of criminals who are using more technology, and will surely target VOIP if they think they can make any money off it. Hi John, That's a very interesting point. There are clearly times when it's the case. I suspect, with no data to back me up, that a form of hyperbolic discounting occurs here: The family member who is clearly present ends up dominating consideration, and the less likely/understood eavesdropping threat disappears. (As does the 'yell for attention, pick up another extension attack,' but that's another story.) Adam - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]