On Dec 26, 2008, at 2:39 AM, Peter Gutmann wrote:
d...@geer.org writes:
I'm hoping this is just a single instance but it makes you remember
that the
browser pre-trusted certificate authorities really needs to be
cleaned up.
Given the more or less complete failure of commercial PKI for
Just one minor observation:
On Dec 22, 2008, at 5:18 AM, Peter Gutmann wrote:
This leads to a scary rule of thumb for defenders:
1. The attackers have more CPU power than any legitimate user will
ever have,
and it costs them nothing to apply it. Any defence based on
resource
On Dec 17, 2008, at 3:18 PM, Perry E. Metzger wrote:
I'd like to expand on a point I made a little while ago about the
just throw everything at it, and hope the good sources drown out the
bad ones entropy collection strategy.
The biggest problem in security systems isn't whether you're using
On Dec 16, 2008, at 12:10 PM, Simon Josefsson wrote:
...I agree with your recommendation to write an AES key to devices at
manufacturing time. However it always comes with costs, including:
1) The cost of improving the manufacture process sufficiently well to
make it unlikely that compromised
On Dec 16, 2008, at 4:22 PM, Charles Jackson wrote:
I probably should not be commenting, not being a real device guy.
But,
variations in temperature and time could be expected to change SSD
timing.
Temperature changes will probably change the power supply voltages
and shift
some of the
On Dec 15, 2008, at 2:28 PM, Joachim Strömbergson wrote:
...One could probably do a similar comparison to the increasingly
popular
idea of building virtual LANs to connect your virtualized server
running
on the same physical host. Ethernet frame reception time variance as
well as other real
On Dec 15, 2008, at 2:09 PM, Perry E. Metzger wrote:
Bill Frantz fra...@pwpconsult.com writes:
I find myself in this situation with a design I'm working on. I
have an ARM chip, where each chip has two unique numbers burned
into the chip for a total of 160 bits. I don't think I can really
depend
I've previously mentioned Flylogic as a company that does cool attacks
on chip-level hardware protection. In http://www.flylogic.net/blog/?p=18
, they talk about attacking the ST16601 Smartcard - described by the
vendor as offering Very high security features including EEPROM flash
erase
On Dec 7, 2008, at 4:10 AM, Alexander Klimov wrote:
http://www.heise-online.co.uk/security/Encrypting-hard-disk-housing-cracked--/news/112141
:
With its Digittrade Security hard disk, the German vendor
Digittrade has launched another hard disk housing based on the
unsafe IM7206 controller by
The Lava Lamp Random Number generator (at http://www.lavarnd.org/)
generates true random numbers from the images of a couple of lava
lamps. Of course, as a source of randomness for cryptographic
purposes, it's useless because it's visible to everyone (though I
suppose it might be used for
201 - 210 of 210 matches
Mail list logo