Lee Parkes wrote:
Hi,
I'm working on a project that requires a benchmark against which to judge
various suppliers. The closest that has similar requirements is the ATM
industry. To this end I'm looking for any papers, specifications or published
attacks against ATM machines and their
My complaint is against the parroting of patently absurd claims by
manufacturers (or governments, for that matter) under the guide of
journalism.
If you need the reason to be concrete, here's one: I might buy this
magic water and apply it to some of my stuff, figuring I don't have to
http://theory.csail.mit.edu/~yiqun/shanote.pdf
No real details, just collisions for 80 round SHA-0 (which I
just confirmed)
and 58 round SHA-1 (which I haven't bothered with), plus the
now famous work
factor estimate of 2^69 for full SHA-1.
As usual, Technical details will be
On Feb 22, 2005, at 10:57, Dan Kaminsky wrote:
The point is that the thief should think anything expensive is
protected, by which I mean it's too traceable to fence.
That would be the thinking of a thief who read the article and took it
at face value. A more clever thief would realize that the
On Feb 18, 2005, at 19:47, R.A. Hettinga wrote:
It does continue to be something of a puzzle as to how they get this
stuff
back to home base, said John Pike, a military expert at
GlobalSecurity.org.
I should think that in many cases, they can simply lease a fiber in the
same cable. What could
(As I've said many times, security breaches reported at
conferences full of security people don't count as a
predictor of what's out in the real world as a threat.
But, it makes for interesting reading and establishes
some metric on the ease of the attack. iang)
I also recommend the brief
http://www.theregister.co.uk/2005/02/21/crypto_wireless/print.html
The Register
Biting the hand that feeds IT
The Register » Security » Identity »
Original URL: http://www.theregister.co.uk/2005/02/21/crypto_wireless/
I'll show you mine if you show me, er, mine
By Lucy Sherriff
Hi,
I'm working on a project that requires a benchmark against which to judge
various suppliers. The closest that has similar requirements is the ATM
industry. To this end I'm looking for any papers, specifications or
published attacks against ATM machines and their infrastructure. I'm also
--
On 24 Feb 2005 at 2:29, Peter Gutmann wrote:
Isn't this a Crypto 101 mutual authentication mechanism (or
at least a somewhat broken reinvention of such)? If the
exchange to prove knowledge of the PW has already been
performed, why does A need to send the PW to B in the last
step? You
--- begin forwarded text
To: [EMAIL PROTECTED]
Subject: Re: I'll show you mine if you show me, er, mine
Date: Wed, 23 Feb 2005 12:14:04 -0800 (PST)
From: [EMAIL PROTECTED] (Hal Finney)
Sender: [EMAIL PROTECTED]
Markus Jakobsson is a really smart guy who's done some cool stuff, so I
think this
* Jack Lloyd:
http://theory.csail.mit.edu/~yiqun/shanote.pdf
Thanks for the pointer.
No real details, just collisions for 80 round SHA-0 (which I just confirmed)
and 58 round SHA-1 (which I haven't bothered with), plus the now famous work
factor estimate of 2^69 for full SHA-1.
As usual,
Burt Kaliski posted the following to Dave Farber's IP list. I was
about to post something similar myself.
Beyond that, it is now clear that the industry needs an open evaluation
process -- like the Advanced Encryption Standard competition -- to establish
a new hash function standard for the
Full disclosure: Burt Kaliski and I share an employer.
Peter Trei
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf
Of David Farber
Sent: Wednesday, February 23, 2005 7:48 PM
To: Ip
Subject: [IP] One cryptographer's perspective on the SHA-1 result
From:
--- begin forwarded text
Date: Thu, 24 Feb 2005 12:25:10 -0800
To: [EMAIL PROTECTED]
From: John Young [EMAIL PROTECTED]
Subject: Chatter Punks
Sender: [EMAIL PROTECTED]
Maybe it's been mentioned here but the book, Chatter: Dispatches
from the Secret World of Global Eavesdropping, by Patrick
http://www.wired.com/news/print/0,1294,66686,00.html
Wired News
No Encryption for E-Passports
By Ryan Singel?
Story location: http://www.wired.com/news/privacy/0,1848,66686,00.html
02:00 AM Feb. 24, 2005 PT
Despite widespread criticism from security experts that a proposed
high-tech upgrade
http://dailykos.com/story/2005/2/26/204031/168
Daily Kos ::
Political Analysis and other daily rants on the state of the nation.
Senators Boxer, Clinton Unveil Count Every Vote Act of 2005
by Hunter
Sat Feb 26th, 2005 at 17:40:31 PST
The email alerts on this were sent out last week. In
http://www.msnbc.msn.com/id/7037720/site/newsweek/print/1/displaymode/1098/
MSNBC.com
No Secrets: Eyes on the CIA
Newsweek
March 7 issue - Aviation obsessives with cameras and Internet connections
have become a threat to cover stories established by the CIA to mask its
undercover operations
Mr-Rogers Now, boys and girls, try not to laugh *too* hard, and be sure
you swallow your Wheaties before you read this... /M-R
Cheers,
RAH
---
http://www.edri.org/edrigram/number3.4/wiretap
| EDRI
EDRI-gram » EDRI-gram - Number 3.4, 24 February 2005
Italian GSM provider warns: too many
--
On 27 Feb 2005 at 18:53, R.A. Hettinga wrote:
March 7 issue - Aviation obsessives with cameras and Internet
connections have become a threat to cover stories established
by the CIA to mask its undercover operations and personnel
overseas. U.S. intel sources complain that plane
Hi all,
We announce the construction of two different valid X.509 certificates
that have identical signatures. This is based on MD5 collisions.
One could e.g. construct the to-be-signed parts of the certificates,
and get the one certificate signed by a CA. Then a valid signature for
the other
Cute. I expect we'll see more of this kind of thing.
http://eprint.iacr.org/2005/067
Executive summary: calculate chaining values (called IV in the paper) of
first part of the CERT, find a colliding block for those chaining
values, generate an RSA key that has the collision as the first part of
Ben,
Semantic gap, and I do apologize if I didn't make this clear. Wang
adapts to any initial state, so you can create arbitrary content to
prepend your collision set with, adapt to its output, and then append
whatever you like. The temporal ordering is indeed important though;
you can't
Dan Kaminsky wrote:
The x.509 cert collision is a necessary consequence of the earlier
discussed prime/not-prime collision. Take the previous concept, make
both prime, and surround with the frame of an x.509 cert, and you get
the new paper.
Actually, not - an RSA public key is not prime.
Ben Laurie wrote:
Dan Kaminsky wrote:
The x.509 cert collision is a necessary consequence of the earlier
discussed prime/not-prime collision. Take the previous concept, make
both prime, and surround with the frame of an x.509 cert, and you get
the new paper.
Actually, not - an RSA
--- begin forwarded text
Date: Wed, 2 Mar 2005 23:20:58 -0600 (CST)
From: Andrew Odlyzko [EMAIL PROTECTED]
To: Andrew Odlyzko [EMAIL PROTECTED]
Subject: FYI: paper about Metcalfe's Law
Dear Colleagues,
Sorry for the spam, but I thought you might be interested in the
paper described below.
In message [EMAIL PROTECTED], Thor Lancelot Simon writes:
On Thu, Mar 03, 2005 at 05:31:34PM +0100, Poul-Henning Kamp wrote:
In message [EMAIL PROTECTED], ALeine writes:
Not necessarily, if one were to implement the ideas I proposed
I believe the performance could be kept at the same level as
Reading the description from http://www.stealth-attacks.info/, it
seems that Peter might be right. I think this is just a re-hash of
already well established ideas.
In the case of a sending the password back to B, its a very similar
scenario to scene III where Athena suggests to Euripides that
On Thu, Feb 24, 2005 at 02:24:38AM +1100, Chris Trott wrote:
My Apologies to the original poster here, but does this seem like a little
human engineering to anyone else?
No problem. As it happens the project I'm working on isn't for ATMs but for
a system that shares some similarities:
*
28 matches
Mail list logo
