Nothing terribly new here -- short interview with someone who bought
an RFID credit card reader on ebay for $8 and demonstrates getting
people's credit card information at short distances using it. Still,
it is interesting to see how trivial it is to do.
Hagai Bar-El wrote on 18 March 2008 10:17:
All they
need to do is make sure (through a user-controlled but default-on
feature) that when the workstation is locked, new Firewire or PCMCIA
devices cannot be introduced. That hard?
Yes it is, without redesigning the PCI bus. A bus-mastering
Steven M. Bellovin wrote:
http://www.gcn.com/online/vol1_no1/45946-1.html
http://www.gdc4s.com/documents/D-SMEPED-6-1007_p21.pdf
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
Steven M. Bellovin wrote:
http://www.gcn.com/online/vol1_no1/45946-1.html
http://www.afcea.org/signal/articles/templates/Signal_Article_Template.asp?articleid=1346zoneid=210
-
The Cryptography Mailing List
Unsubscribe by
I've been thinking about similar issues. It seems to me that just
destroying the key schedule is a big help -- enough bits will change in
the key that data recovery using just the damaged key is hard, per
comments in the paper itself.
On Wed, Mar 19, 2008 at 02:25:36PM -0400, Leichter, Jerry wrote:
[This has been thrashed out on other lists.]
Just how would that help? As I understand it, Firewire and PCMCIA
provide a way for a device to access memory directly. The OS doesn't
have to do anything - in fact, it *can't* do
On Tue, Mar 18, 2008 at 09:46:45AM -0700, Jon Callas wrote:
What operates like a block cipher on a large chunk?
Tweakable modes like EME.
Or as a non-patented alternative one could use the Bear/Lion
constructions [1], which can encrypt arbitrary size blocks at
reasonably good speeds (depending
(This is an ASCII rendering of https://zooko.com/
convergent_encryption_reconsidered.html .)
Convergent Encryption Reconsidered
Written by Zooko Wilcox-O'Hearn, documenting ideas due to Drew
Perttula, Brian Warner, and Zooko Wilcox-O'Hearn, 2008-03-20.
Abstract
From time to time I hear that DNSSEC is working fine, and on examining
the matter I find it is working fine except that
Seems to me that if DNSSEC is actually working fine, I should be able to
provide an authoritative public key for any domain name I control, and
should be able to obtain
Dear Perry Metzger:
Jim McCoy asked me to forward this, as he is not subscribed to
cryptography@metzdowd.com, so his posting bounced.
Regards,
Zooko
Begin forwarded message:
From: Jim McCoy [EMAIL PROTECTED]
Date: March 20, 2008 10:56:58 PM MDT
To: theory and practice of decentralized
Professor Christopher Andrew to present Schorreck Memorial Lecture, April 7,
2008 at 2:00 PM, Laurel, MD
The Center for Cryptologic History at the National Security Agency is
pleased to announce a lecture by Professor Christopher Andrew of Cambridge
University, author of numerous books on
On Mar 19, 2008, at 6:56 PM, Steven M. Bellovin wrote:
I've been thinking about similar issues. It seems to me that just
destroying the key schedule is a big help -- enough bits will change
in
the key that data recovery using just the damaged key is hard, per
comments in the paper itself.
|...Convergent encryption renders user files vulnerable to a
|confirmation-of-a-file attack. We already knew that. It also
|renders user files vulnerable to a learn-partial-information
|attack in subtle ways. We didn't think of this until now. My
|search of the literature
On Fri, Mar 21, 2008 at 08:52:07AM +1000, James A. Donald wrote:
From time to time I hear that DNSSEC is working fine, and on examining
the matter I find it is working fine except that
Seems to me that if DNSSEC is actually working fine, I should be able to
provide an authoritative
14 matches
Mail list logo