On Fri, May 25, 2001 at 09:34:20AM +0800, Enzo Michelangeli wrote:
> On another mailing list, someone posted an interesting question: how to
> ascertain that a tamperproof device (e.g., a smartcard) contains no hidden
> backdoors?
The question is not precise enough to be answered.
The term "tamp
On Fri, May 25, 2001 at 09:34:20AM +0800, Enzo Michelangeli wrote:
> On another mailing list, someone posted an interesting question: how to
> ascertain that a tamperproof device (e.g., a smartcard) contains no hidden
> backdoors?
What about this:
Don't use a tamperproof _device_.
Use a devi
On Sat, Sep 01, 2001 at 09:13:32PM +0100, Ben Laurie wrote:
> Just thought I should point out that recycling an old idea allows
> researchers to publish stuff anonymously that could be illegal under
> DMCA (or other ridiculous legislation) and still get the credit when the
> world comes to its sen
On Sat, Sep 01, 2001 at 11:14:56PM -0500, Frank Tobin wrote:
>
> Simple. The original author should use a trusted time-stamping service to
> indicate a trusted 'true' time for the first signature.
> Alternatively,
Sure, but this was not part of the proposal.
And I don't know of any existing ti
On Sat, Sep 08, 2001 at 10:45:14PM -0400, John Kelsey wrote:
>
> where the encryption preserves length (e.g., RC4 encryption). Suppose
> someone is sending a secret S in these messages, and the attacker gets
> to choose some prefix or suffix to send, e.g.
>
> X[0] = S+suffix[0]
> X[1] = S+suffi
A german TV news magazine (ZDF spezial) just mentioned that
the terrorists prepared and coordinated
also by using the internet, but no details were told.
Does anyone know more about this?
Hadmut
[Moderator: I've listened to virtually all the news conferences made
so far. The FBI has yet to mak
On Fri, Sep 14, 2001 at 08:34:09PM -0700, Jim McCoy wrote:
>
> Incorrect. You will weaken the absolute security of many, but the few who
> choose to use strong (non-GAK) crypto will be easily distinguished from
> those who comply with the rules.
No. It cannot be easily distinguished. That's t
As far as I heard from the news (who knows how
much news meet reality...) the CIA and NSA could
not find a real correlation between the terrorists
and Bin Laden (or at least they couldn't within the
first days after).
German news magazine DER SPIEGEL (current issue, p. 27)
reports, that the germa
On Sun, Sep 16, 2001 at 10:00:21AM +0300, Amir Herzberg wrote:
>
> Suppose by law, everybody can use GAK encryption alg, say `GEEK`. Attacker
> wishes to use non-GAK algorithm, say `TRICK`. GEEK has a distinguisher
> module available to NSA which outputs GEEK or SUSPECT for encrypted data
> (usin
On Sun, Sep 16, 2001 at 02:12:40PM -0700, Carl Ellison wrote:
>
> I think it is ironic that Congress passed a law a while ago that
> discourages crypto researchers from studying and publishing how to
> detect and defeat stego systems.
>
:-O
What the hell is the purpose of such a law?
I could n
On Fri, Sep 14, 2001 at 01:57:37PM -0400, Jim Windle wrote:
>
> Yes and by the logic of your argument jet airliners, telephones,
> hotel romms and rental cars also allow terrorists to commit there acts.
>
Depends on which kind of logic you apply.
Technical logic: Yes, you're right.
Policital
On Mon, Sep 17, 2001 at 09:10:48AM -0500, Matt Crawford wrote:
>
> The only details I've heard are that the terrorists have "elaborate
> web sites" to "recruit and solicit donations." Far short of
> operational use of the internet.
>
They had two websites in Germany, one for recruiting people
> [Moderator's note: Everyone who's got a copy of Netscape or IE has
> cryptographic software in their hands, and most of them have used it. --Perry]
That's a technical view. I was talking about a political view.
In a political discussion there's no point in technical arguments,
if less than 3%
On Tue, Sep 18, 2001 at 01:08:39AM -0400, R. A. Hettinga wrote:
>
> Also note that 72 percent of those surveyed said anti-encryption laws would
> be "somewhat" or "very" helpful in preventing similar terrorist attacks.
>
An emotional anti-crypto-campaign seems to have started.
Yesterday I saw
If storage on CD-R: Is there a standard/good practice for
encrypting CDROMs? Maybe iso9660 through block device encryption?
Hadmut
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PR
On Fri, Oct 05, 2001 at 01:22:31PM -0500, Joseph Ashwood wrote:
>
> [ Greate description of M$ ... ]
> I am unaware of anything microsoft has ever written
> that could be considered secure and there is evidence that they plan
Outlook once offered me the choice between "no encryption" and
a so ca
> The BBC article stated that it was a particular model of 4-rotor
> enigma, of which there are only three known.
There are many versions and variatons of the Enigma,
e.g.
Crypto-variations:
- three or four wheels
- number of wheels coming with the enigma
(wheels could be changed, normally t
On Thu, Sep 27, 2001 at 10:37:23AM -0400, Pat Farrell wrote:
>
> Does anyone know if there is a legal collector's market for Enigma
> machines?
>
Some years ago, when I was at the university, the institute
had one enigma, which was bought at an auction. If I remember
well, it had cost about DM
On Wed, Sep 26, 2001 at 01:58:07PM -0400, Steven M. Bellovin wrote:
> In message <[EMAIL PROTECTED]
> m>, "Trei, Peter" writes:
> >> Axel H Horns[SMTP:[EMAIL PROTECTED]]
> >>
> >> The machine was one of only three in the world An antiques dealer has
> >> admitted handling a stolen code-breakin
On Thu, Sep 27, 2001 at 10:39:55AM +0200, Hadmut Danisch wrote:
>
> There are many versions and variatons of the Enigma,
> e.g.
There were, btw, also different versions of the
reflector.
Hadmut
-
The Cryptograph
> WASHINGTON -- Computer hackers, once satisfied to test their skills on
> large companies, are turning their sights to home computers that are
> faster, more powerful and less secure than ever before.
On my private computer (DSL, dynamically assigned IP address), I
detect an increasing density
On Fri, Jan 04, 2002 at 11:42:27AM -0800, Jeff Simmons wrote:
>
> Unless I'm misunderstanding you, I find this hard to believe.
>
> On my computer (DSL, fixed IP), which is pretty heavily monitored, I'm
> detecting only a few, maybe up to a dozen, actual attacks a day. Most of
> them are from
One of the main properties of the TCPA/Palladium
architecture is the (asserted) ability to
limit information leaking to "untrusted" parties.
In what way does this affect the appearance of
computers as we know them today? It certainly
means more than that you can't simply forward
copyright protec
On Fri, Jul 05, 2002 at 09:14:27AM +0100, Matthew Byng-Maddick wrote:
> On Thu, Jul 04, 2002 at 10:54:11PM +0200, Hadmut Danisch wrote:
> [backdoored network cards]
> > I don't think so. As far as I understood, the
> > bus system (PCI,...) will be encrypted as well. You
On Thu, Jul 04, 2002 at 10:54:34PM -0700, Lucky Green wrote:
>
> Sure you can use shell scripts. Though I don't understand how a shell
> script will help you in obtaining a dump of the protected data since
> your script has insufficient privileges to read the data. Nor can you
> give the shell sc
Hi,
I just read the latest news in german news
magazine DER SPIEGEL
(http://www.spiegel.de/politik/ausland/0,1518,206079,00.html
for those who understand german)
about Bush's "Freedom Corps" and the "TIPS" starting
in August (Terrorism Information and Prevention System).
They also mentioned tha
On Fri, Aug 16, 2002 at 02:23:05AM +0100, Adam Back wrote:
> Other explanations?
Same effect here in Germany.
I'm under the impression that security was never really done
for security reasons, but as a kind of fashion. Do it because
everyone is doing it. It's a problem of the decision makers.
Hi,
I'm looking for a court decision about a case where
FBI agents fooled russian hackers in order to gain
their passwords and to intrude their computers.
Unfortunately (or better: fortunately) I'm unexperienced
with the american court system. Can anyone give me
a hint where/how I can get a co
On Fri, Sep 20, 2002 at 12:07:38PM -0400, Perry E. Metzger wrote:
>
> http://www.nature.com/nsu/020916/020916-15.html
>
> An idea from some folks at MIT apparently where a physical token
> consisting of a bunch of spheres embedded in epoxy is used as an
> access device by shining a laser through
On Fri, Sep 20, 2002 at 02:17:11PM -0400, Trei, Peter wrote:
> >
> It appears to have replay resistance *between* readers - ie, the data
> from reader A would be useless to spoof reader B, since the two readers
> will illuminate the device at different locations and angles.
Not really. Illumina
On Sat, Sep 21, 2002 at 12:11:17AM +, David Wagner wrote:
>
> I find the physical token a poor replacement for cryptography, when the
> goal is challenge-response authentication over a network. In practice,
> you never really want just challenge-response authentication; you
> want to set up
On Sun, Sep 22, 2002 at 11:46:06AM -0700, bear wrote:
>
> Here's a potential application: consider it as a door key.
Maybe not for normal doors due to mechanical instability, but
for Hotel room doors.
My suggestion: Use it for vouchers, flight tickets, entrance tickets,
money notes, passports
On Wed, Nov 06, 2002 at 02:24:18PM -0600, Steven Soroka wrote:
> Which prompts the question, what the hell for?
That's a pretty good question.
Police and Secret Services demanded wiretapping access
as absolutely necessary for catching criminals etc.
Some politicians agreed for some short time, t
Hi,
maybe someone can give me a hint to explain something:
Someone was writing an article in context of
communication and network security. The article
contained a chapter about the need to distinguish
between the payload and informations needed to
provide the service, such as addresses etc.
T
Hi,
a lovely anthology of concepts about human and
civil rights (american flavour) can be found at
http://www.darpa.mil/iao/
best regards
Hadmut
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
On Tue, Nov 19, 2002 at 05:52:22PM -0500, R. A. Hettinga wrote:
>
> We must be vigilant! Civil rights are only for innocents, not guilty
> persons.
>
It's even worse: I know some american court decisions which
limit the rights given in the american constitution to
american citizens only. E.g.
On Wed, Feb 12, 2003 at 06:10:56PM -0500, Matt Blaze wrote:
> If I were looking for a "winner" for this, I'd be especially interested
> in measures that end up reducing security rather than improving it.
One of the worst security measures I've ever personally seen:
Some years ago I was invited a
On Fri, Feb 14, 2003 at 01:33:26PM +0100, Stefan Kelm wrote:
> to take bags through the checkpoint. What happened was that I gave my bag
> to one of those officers, then went through the gate, then was given back
> my bag which was not being checked at all...
I had a similar experience:
When
On Fri, Feb 14, 2003 at 02:18:00AM -0800, alan wrote:
>
> The extra anal security guard can be fun to play with.
A little bit more about "guards":
In 1985/86 I did my compulsory army service in Koblenz, which
also included to be the guard of the barracks for several days.
When I was the guard
39 matches
Mail list logo