On Wed, Feb 06, 2002 at 10:06:46AM +1100, Greg Rose wrote:
At this point I am detecting a pattern... So, I'm afraid it isn't true that
it will pick up even these simple linear sequences. (An LFSR of length 12
only generates 4095 bits, repeated about 5 times!) I find this less
surprising,
|At 07:59 PM 1/26/2002 -0500, Scott Guthery wrote:
|(A test GSM authentication algorithm, COMP128, was attacked
|but it is not used in any large GSM networks. And it
|was the algorithm not the SIM that was attacked.)
|
|and at Sun, 27 Jan 2002 13:56:13 EST. Greg Rose
In the article they repeat the recommendation that you never
use/register the same shared-secret in different domains ... for
every environment you are involved with ... you have to choose a
different shared-secret. One of the issues of biometrics as a
shared-secret password
On Tue, Feb 05, 2002 at 06:18:35PM -0500, Ryan McBride wrote:
Having the manufacturer provide the random data changes the burden of
proof drastically - there is no way for to _prove_ that they did not
retain a copy of the random data, while it can be proved that they did
not try to cheat
Jaap-Henk Hoepman [EMAIL PROTECTED] writes:
It's worse: it's even accepted practice among certain security specialists.
One of them involved in the development of a CA service once told me that they
intended the CA to generate the key pair. After regaining consciousness I
asked him why he
Greg Rose [EMAIL PROTECTED] writes:
The scariest thing, though... at first I put in an unkeyed RC4 generator for
the self-test data, but accidentally ran the FIPS test on a straight counter
output... and it passed (even version 1)! I'd always assumed that something in
the regularity of a counter
Eric Rescola [ER] replied to Eugene Leitl [EL]:
...
EL:
Personally, I no longer trust RSA for long term security.
This is public-key crypto, not symmetric, so a break of your RSA key
means that all your encrypted traffic becomes readable rather than
just one message. E.g., if a few
