In a previous email, I commented on problems in the Triple-DES implementation in Schlumberger's Java Card (which is called the "Cyberflex Access Card"). Apparently Schlumberger has addressed some of these problems with a new version which has an ATS (answer to reset) with a hex string ending in "...811F". The previous version ended in "...810F". Following is a copy of email from Cyberflex Project Manger Neville Pattison. Orlin Grabbe http://www.aci.net/kalliste/homepage.html ********************************************* Hello Orlin, I have been made aware of your report on our Cyberflex Access card and it's crypto deficiencies. Can you let me know which Cyberflex Access you used for the tests. By the sound of it you used cards that the ATR ends with ...810F. This version of the card had several problems working with DES. Keys cast from byte arrays in Java. In Cards ending with ...811F we have attempted to fix most of these problems. I wrote CryptoTest as a simple example of using the new crypto commands. This was written for the revised Cyberflex Access cards with ATR ending in ...811F. I probably didn't make that clear. I would be glad to send you some revised cards if you don't have them at hand. I have some release notes too that describe the other areas that are known to be problematic etc. I'll enclose this with new cards. Where do you want me to send them? Regards Neville ****************************************************** Neville Pattinson Cyberflex Project Manager. http://www.cyberflex.slb.com Schlumberger Austin Product Center, P.O.Box 200015 Austin, Texas, 78720-0015 USA. Email: [EMAIL PROTECTED] Tel + 1 512 331 3297 Fax + 1 512 331 3059 ******************************************************
