Agreed on both points!!! I have found something interesting while researching this issue http://reflextor.com/trac/a51.
Finally as an appsec adviser of banking group I can say (may be it is early) it's a challenge for our next generation banking technology i.e. "mobile banking". Regards Suman -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Wednesday, December 30, 2009 5:33 PM To: SUMAN SOURAV; [email protected]; [email protected] Subject: Re: [Owasp-delhi] Cellphone Encryption Code Is Divulged Am sure when the algo was devised it was known mathematically that a break would exist. The issue goes beyond technology; since commercially there are millions of phones with pre programmed chips and micro controllers perhaps that won't be compatible with any new algo. I think that's the main reason why that algo still exists and with continue to exist for a while. So the change may take a while to phase in. Also, given what you know how many can exploit it? Infact the more interesting logical question is "how do u exploit it?" Arjun Sent from BlackBerry(r) on Airtel -----Original Message----- From: SUMAN SOURAV <[email protected]> Date: Wed, 30 Dec 2009 11:50:52 To: [email protected]<[email protected]> Subject: Re: [Owasp-delhi] Cellphone Encryption Code Is Divulged _______________________________________________ Owasp-delhi mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-delhi Le e-mail provenienti dalla Sella Synergy India Private Ltd sono trasmesse in buona fede e non comportano alcun vincolo ne' creano obblighi per la Sella Synergy India Private Ltd stessa, salvo che cio' non sia espressamente previsto da un precedente accordo. Questa e-mail e' confidenziale. Qualora l'avesse ricevuta per errore, La preghiamo di comunicarne via e-mail la ricezione al mittente e di distruggerne il contenuto. La informiamo inoltre che l'utilizzo non autorizzato del messaggio o dei suoi allegati potrebbe costituire reato. Grazie per la collaborazione. E-mails from Sella Synergy India Private Ltd are sent in good faith but they are neither binding on the Sella Synergy India Private Ltd nor to be understood as creating any obligation on its part except where provided for an agreement. This e-mail is confidential. If you have received it by mistake, please inform the sender by reply e-mail and delete it from your system. Please also note that the unauthorized disclosure or use of the message or any attachments could be an offence. Thank you for your cooperation.
_______________________________________________ Owasp-delhi mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-delhi
