GSM Association downplays mobile security concerns
http://www.commsdesign.com/printableArticle?doc_id=OEG20030903S0013 GSM Association downplays mobile security concerns By John Walko, CommsDesign.com Sep 3, 2003 (5:41 AM) URL: http://www.commsdesign.com/story/OEG20030903S0013 LONDON ± The GSM Association is playing down concerns raised by a team of Israeli scientists about the security of GSM mobile calls. The researchers, from the Technion Institute of Technology in Haifa, revealed they had discovered a basic flaw in the encryption system of the GSM (Global System for Mobile)specification, allowing them to crack its encoding system. The GSM Association, which represents vendors who sell the world's largest mobile system, confirmed the security hole but said it would be expensive and complicated to exploit. Eli Biham, a professor at the Technion Institute, said he was shocked when doctoral student Elad Barkan told him he had found a fundamental error in the GSM code, according to a Reuters report on Wednesday (Sept. 3). The results of the research were presented at a recent international conference on cryptology. We can listen in to a call while it is still at the ringing stage, and within a fraction of a second know everything about the user, Biham told the news agency. Then we can listen in to the call. Using a special device it's possible to steal calls and impersonate callers in the middle of a call as it's happening, he added. GSM code writers made a mistake in giving high priority to call quality, correcting for noise and interference and only then encrypting, Biham said. The GSM Association said the security holes in the GSM system can be traced to its development in the late 1980s when computing power was still limited. It said the particular gap could only be exploited with complex and expensive technology and that it would take a long time to target individual callers. This [technique] goes further than previous academic papers, [but] it is nothing new or surprising to the GSM community. The GSM Association believes that the practical implications of the paper are limited, the group said in a statement. The association said an upgrade had been made available in July 2002 to patch the vulnerability in the A5/2 encryption algorithm. It said any attack would require the attacker to transmit distinctive data over the air to masquerade as a GSM base station. An attacker would also have to physically stand between the caller and the base station to intercept the call. The researchers claimed they also managed to overcome the new encryption system put in place as a response to previous attacks. Copyright ' 2003 CMP Media, LLC |Privacy Statement -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Code breakers crack GSM cellphone encryption
At 05:18 PM 9/7/2003 -0700, David Honig wrote: A copy of the research was sent to GSM authorities in order to correct the problem, and the method is being patented so that in future it can be used by the law enforcement agencies. Laughing my ass off. Since when do governments care about patents? How would this help/harm them from exploiting it? Not that high-end LEOs haven't already had this capacity ---Biham et al are only the first *open* researchers to reveal this. Actually, patenting the method isn't nearly as silly as it sounds. Produced in quantity, a device to break GSM using this attack is not going to cost much more than a cellphone (without subsidies). Patenting the attack prevents the production of the radio shack (tm) gsm scanner, so that it at least requires serious attackers, not idle retirees or jealous teenagers. Greg. Greg Rose INTERNET: [EMAIL PROTECTED] Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199 Level 3, 230 Victoria Road,http://people.qualcomm.com/ggr/ Gladesville NSW 2111232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Code breakers crack GSM cellphone encryption
At 11:43 AM 9/8/2003 -0400, Anton Stiglic wrote: I think this is different however. The recent attack focused on the A5/3 encryption algorithm, while the work of Lucky, Briceno, Goldberg, Wagner, Biryukov, Shamir (and others?) was on A5/1 and A5/2 (and other crypto algorithms of GSM, such as COMP128, ...). No, that's not right. The attack *avoids* A5/3, by making the terminal end of the call fall back to A5/2, solving for the key in real time, then continuing to use the same key with A5/3. A5/3 (based on Kasumi, and essentially the same as the WCDMA algorithm UEA1) is not in any way compromised by this attack. Greg. Greg Rose INTERNET: [EMAIL PROTECTED] Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199 Level 3, 230 Victoria Road,http://people.qualcomm.com/ggr/ Gladesville NSW 2111232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
The Pure Crypto Project is released into the public domain
-BEGIN PURE-CRYPTO SIGNED MESSAGE- The development of the Pure Crypto Project has now finished and the source code is finally released into the public domain. http://senderek.de/pcp/release There is a detailed explanation of the security mechanisms and the background of PCP in http://senderek.de/security/pcp-protection.html I'd like to thank everyone who had supported the development with constructive criticism and helpful hints. Ralf Senderek -BEGIN PURE-CRYPTO SIGNATURE- Hash: SDLH *** based on modular exponentiation and RSA alone *** Ralf Senderek, Wassenberg PCP signingkey 2003 [EMAIL PROTECTED] 25958032129854687932657359023881789067615223206769084549252083817701673635916478066451442739272409695432768892327091119955449106519210830940788017364200647426776939035963437924650466140653374164639095531127457251096969368134246401229854317278214790952108232304719334951046143931853036507848781896094422733831171511446825977175759419953334942627329020239718812579256503089309028102255938929278430717387498628586439358045328606841270655376672619190792218866509905138949190124291282590808234947292681044889977767097191953045774717004560559416349715717406817521786793391297428420236953949886297123601451 -END PURE-CRYPTO SIGNATURE- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Code breakers crack GSM cellphone encryption
At 02:37 AM 9/9/2003 +1000, Greg Rose wrote: At 05:18 PM 9/7/2003 -0700, David Honig wrote: A copy of the research was sent to GSM authorities in order to correct the problem, and the method is being patented so that in future it can be used by the law enforcement agencies. Laughing my ass off. Since when do governments care about patents? How would this help/harm them from exploiting it? Not that high-end LEOs haven't already had this capacity ---Biham et al are only the first *open* researchers to reveal this. Actually, patenting the method isn't nearly as silly as it sounds. Produced in quantity, a device to break GSM using this attack is not going to cost much more than a cellphone (without subsidies). Patenting the attack prevents the production of the radio shack (tm) gsm scanner, so that it at least requires serious attackers, not idle retirees or jealous teenagers. Not if they can type GNURadio into Google. steve A foolish Constitutional inconsistency is the hobgoblin of freedom, adored by judges and demagogue statesmen. - Steve Schear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: OpenSSL *source* to get FIPS 140-2 Level 1 certification
On Mon, Sep 08, 2003 at 10:49:02AM -0600, Tolga Acar wrote: On a second thought, that there is no key management algorithm certified, how would one set up a SSL connection in FIPS mode? It seems to me that, it is not possible to have a FIPS 140 certified SSL/TLS session using the OpenSSL's certification. SSL's not certifiable, period. TLS has been held to be certifiable, and products using TLS have been certified. However, it's necessary to disable any use of MD5 in the certificate validation path. When I had a version of OpenSSL certified for use in a product at my former employer, I had to whack the OpenSSL source to throw an error if in FIPS mode and any part of the certificate validation path called the MD5 functions. Perhaps this has been done in the version currently undergoing certification. You'll also need certificates that use SHA1 as the signing algorithm, which some public CAs cannot provide (though most can, and will if the certificate request itself uses SHA1 as the signing algorithm). The use of MD5 in the TLS protocol itself is okay, because it is always used in combination with SHA1 in the PRF. We got explicit guidance from NIST on this issue. Thor - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Code breakers crack GSM cellphone encryption
David Honig[SMTP:[EMAIL PROTECTED] wrote: At 02:37 AM 9/9/03 +1000, Greg Rose wrote: At 05:18 PM 9/7/2003 -0700, David Honig wrote: Laughing my ass off. Since when do governments care about patents? How would this help/harm them from exploiting it? Not that high-end LEOs haven't already had this capacity ---Biham et al are only the first *open* researchers to reveal this. Actually, patenting the method isn't nearly as silly as it sounds. Produced in quantity, a device to break GSM using this attack is not going to cost much more than a cellphone (without subsidies). Patenting the attack prevents the production of the radio shack (tm) gsm scanner, so that it at least requires serious attackers, not idle retirees or jealous teenagers. Why the heck would a government agency have to break the GSM encryption at all? The encryption is only on the airlink, and all GSM calls travel through the POTS land line system in the clear, where they are subject to warranted wiretaps. Breaking GSM is only of useful if you have no access to the landline portion of the system. Peter Trei - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Code breakers crack GSM cellphone encryption
Trei, Peter wrote: Why the heck would a government agency have to break the GSM encryption at all? Once upon a time, it used to be the favourite sport of spy agencies to listen in on the activities of other countries. In that case, access to the radio waves was much more juicy than access to the POTS. I've not heard anything explicitly on this, but I'd expect satellites to be able to pick up GSM calls. (One of the things I have heard is that the Chinese sold fibre networking to Iraq, and the Russians sold special phones with better crypto. Don't know how true any of that is.) Also, the patent issue will work very well in countries where there are laws against hacking and cracking and so forth. Rather than have such laws subject to challenge in the supreme court, a perp can be hit with both patent infringement and illegal digital entry. The chances that anyone can defeat both of those are slim. (OTOH, I wonder if it is possible to patent or licence something that depends on an illegal act?) iang - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Code breakers crack GSM cellphone encryption
Trei, Peter wrote: Why the heck would a government agency have to break the GSM encryption at all? The encryption is only on the airlink, and all GSM calls travel through the POTS land line system in the clear, where they are subject to warranted wiretaps. Breaking GSM is only of useful if you have no access to the landline portion of the system. Some governments are more concerned about using warrants than others are. Sometimes the ones that are concerned about them also have police agencies that like to avoid using them. Some phone companies are pickier about paperwork than others. Some phone companies are faster about responding than others. Having governments that are officially less concerned about warrants is often correlated with having monopoly phone companies, which is often correlated with slow bureaucratic response - they may be extremely happy to help out the police, but that doesn't mean it doesn't take 18 steps to accomplish it. Landline-based wiretaps work best if you know the phone number; over-the-air systems can be more flexible about picking up any phone nearby, so if you see your target pick up a phone, but don't know its phone number, they're more convenient. And in landline-tapping environments, clever law-evaders can usually acquire the equipment to keep switching phones. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Code breakers crack GSM cellphone encryption
John Doe Number Two wrote: It's nice to see someone 'discovering' what Lucky Green already figured-out years ago. I wonder if they'll cut him a check. No, no, no! This is new work, novel and different from what was previously known. In my opinion, it is an outstanding piece of research. Barkan, Biham, and Keller establish two major results: 1. A5/2 can be cracked in real-time using a passive ciphertext only attack, due to the use of error-correcting coding before encryption. 2. All other GSM calls (including those encoded using A5/1 and A5/3) can be cracked using an active attack. This attack exploits a protocol flaw: the session key derivation process does not depend on which encryption algorithm was selected, hence one can mount an attack on A5/2, learn the A5/2 key, and this will be the same key used for A5/1 or A5/3 calls. (they also make other relevant observations, but the above two are probably the most significant discoveries) Their attacks permit eavesdropping as well as billing fraud. See their paper at CRYPTO 2003 for more details. I am disappointed that you seem to be criticizing their work before even reading their paper. I encourage you to read the paper -- it really is interesting. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
fyi: bear/enforcer open-source TCPA project
The Bear/Enforcer Project Dartmouth College http://enforcer.sourceforge.net http://www.cs.dartmouth.edu/~sws/abstracts/msmw03.shtml How can you verify that a remote computer is the real thing, doing the right thing? High-end secure coprocessors are expensive and computationally limited; lower-end desktop enhancements like TCPA and the former Palladium have been mainly limited to Windows and proprietary development. In contrast, this code is part of our ongoing effort to use open source and TCPA to turn ordinary computers into virtual secure coprocessors---more powerful but less secure than their high-assurance cousins. Our current alpha release includes the Linux Enforcer Module, a TCPA enabled LILO, and a user-level TCPA library. All source is available from the SourceForge site. The Linux Enforcer Module is a Linux Security Module designed to help improve integrity of a computer running Linux. The Enforcer provides a subset of Tripwire-like functionality. It runs continuously and as each protected file is opened its SHA1 is calculated and compared to a previously stored value. The Enforcer is designed to integrate with TCPA hardware to provide a secure boot when booted with a TCPA enabled boot loader. TCPA hardware can protect secrets and other sensitive data (for example, the secrets for an encrypted loopback file system) and bind those secrets to specific software. When the Enforcer detects a modified file it can, on a per-file basis, do any combination of the following: deny access to that file, write an entry in the system log, panic the system, or lock the TCPA hardware. If the TCPA hardware is locked then a reboot with a un-hacked system is required to obtain access to the protected secret. We developed our own TCPA support library concurrently with, but independently from, IBM's recently announced TCPA library. Our library was an initial component of the Enforcer project. However, our in-kernel TCPA support and the enforcer-seal tool are derived from IBM's TCPA code because of its ease of adaptation for in-kernel use. We plan to use our more complete library for user-level applications. (IBM's TCPA code and documentation is available from http://www.research.ibm.com/gsal/tcpa/.) For more information on our project, see Dartmouth College Technical Report TR2003-471 available from http://www.cs.dartmouth.edu/~sws/abstracts/msmw03.shtml Or contact Omen Wild at the Dartmouth PKI Lab: Omen Wild [EMAIL PROTECTED] -- Sean W. Smith, Ph.D. [EMAIL PROTECTED] http://www.cs.dartmouth.edu/~sws/ (has ssl link to pgp key) Department of Computer Science, Dartmouth College, Hanover NH USA - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Code breakers crack GSM cellphone encryption
At 05:04 PM 9/8/2003 -0400, Trei, Peter wrote: David Honig[SMTP:[EMAIL PROTECTED] wrote: At 02:37 AM 9/9/03 +1000, Greg Rose wrote: much more than a cellphone (without subsidies). Patenting the attack prevents the production of the radio shack (tm) gsm scanner, so that it at least requires serious attackers, not idle retirees or jealous teenagers. Why the heck would a government agency have to break the GSM encryption at all? The encryption is only on the airlink, and all GSM calls travel through the POTS land line system in the clear, where they are subject to warranted wiretaps. Breaking GSM is only of useful if you have no access to the landline portion of the system. LE agencies have been known to eavesdrop on cellular communications over the air when a wiretap might cause trouble later. They are also thought to possess cellular spoofing equipment so targeted subscriber instruments can be captured by mobile rouge cell sites for fun stuff (I seem to recall Harris Communications made these). steve A foolish Constitutional inconsistency is the hobgoblin of freedom, adored by judges and demagogue statesmen. - Steve Schear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Is cryptography where security took the wrong branch?
- Original Message - From: Ian Grigg [EMAIL PROTECTED] Sent: Sunday, September 07, 2003 12:01 AM Subject: Re: Is cryptography where security took the wrong branch? That's easy to see, in that if SSL was oriented to credit cards, why did they do SET? (And, SHTTP seems much closer to that mission, on a quick reading, at least.) Actually they do target very different aspects. SET, 3D-Secure, and any other similar have a different target then SSL. To understand this it is important to realize that instead of the usual view of two-party transactions, credit card transactions actually take 3 parties; Issuer, Seller, and Buyer. SSL covers the Seller-Buyer communication, and can also be applied to the Seller-Issuer communication, but on a transaction basis it offers nothing for the Issuer-Buyer (the important one for minimizing costs for the Issuer). SET/3D-Secure/etc address this through various means but the end target is to create a pseudo-Buyer-Issuer link, through the Seller. This allows the Issuer to minimize costs (less chance of having to make a call) and because it is behind the scenes technology has no reason to be accompanied by a reduction in fees (and actually because of the reduced likelihood of buyer fraud, it may be possible to charge the seller _more_). In the end SSL and SET/3D-Secure/etc target entirely different portions of the problem (the former targets seller fraud against the buyer, latter seller against issuer). Both of these are important portions, of course the real upside of SET/3D-Secure/etc is that the seller doesn't have a choice, and the fees in accordance with the fraud-reduction may very well increase the costs to the seller, the buyer costs of course stay the same. End result: lower fraud, increased fees-higher profit margins. However, if it meets expectations, it is entirely possible that all legitimate parties (non-fraud entities) will see improved profits (seller has reduced fraud and charge-backs, buyer less likelihood of the $50 penalty, issuer higher fees). Will it meet those expectations? I have no idea. Joe Trust Laboratories Changing Software Development http://www.trustlaboratories.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Code breakers crack GSM cellphone encryption
At 05:04 PM 9/8/03 , Trei, Peter wrote: Why the heck would a government agency have to break the GSM encryption at all? The encryption is only on the airlink, and all GSM calls travel through the POTS land line system in the clear, where they are subject to warranted wiretaps. A government agency would be interested in breaking GSM crypto when it wants to target a phone call which is going through a switch and local wires that are under the control of another nation, or perhaps where it does not wish to go through whatever process might be required to gain legitimate or warranted access to the call's content. A5/2 was the equivalent of 40-bit DES, presumed to be relatively weak and developed as an export standard. I always thought that the important fact about the GSM secure crypto protocol, A5/1, was that it was reportedly chosen and adapted for this function by the (never identified) members of the GSM SAGE committee of European experts, a multi-national group of industrial and government representatives. I always presumed the SAGE group had a common interest in unwarranted access -- to (A5/1-secured) calls in Europe, as well as (A5/2) calls elsewhere -- which, for the various national security agencies involved, outweighed their individual interest in providing security to their respective citizenry. As I recall, COMP128 came from German sources, and A5/1 was adapted from a French naval cipher. Breaking GSM is only of useful if you have no access to the landline portion of the system. That's right, of course. Crypto aside, I was wondered if it might be somehow easier (legally, technically, procedurally) to attack the radio link of a roving GSM call -- even given the rapid pace of hand-off from one tower to another, as a mobile caller rapidly passes through several small microcell territories -- than would be to recover that call by tracking it through a large number of successive connections to the land-line telecom GSM switches. A friend was telling me that he switches from one microcell to another every couple hundred yards in some communities. Anyone know? Suerte, _Vin - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Code breakers crack GSM cellphone encryption
At 05:04 PM 9/8/03 -0400, Trei, Peter wrote: Why the heck would a government agency have to break the GSM encryption at all? The encryption is only on the airlink, and all GSM calls travel through the POTS land line system in the clear, where they are subject to warranted wiretaps. Breaking GSM is only of useful if you have no access to the landline portion of the system. You forget that some regimes want to listen to GSM calls in places that they don't control. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Code breakers crack GSM cellphone encryption
On Mon, Sep 08, 2003 at 09:55:41PM +, David Wagner wrote: Trei, Peter wrote: Why the heck would a government agency have to break the GSM encryption at all? Well, one reason might be if that government agency didn't have lawful authorization from the country where the call takes place. (say, SIGINT on GSM calls made in Libya) Just to amplify this a bit, does anyone seriously think the NSA's satellite and embassy based cellphone interception capability is primarily targeted against - US - GSM calls ? Or that they can routinely get warrants to listen in using the wired tapping infrastructure in say Russia or France or Iran ? And for that matter would you want the US government to grant the Mossad or GCHQ or other allied spy agencies the right to ask for and use CALEA wiretaps within the US on targets of interest only to THEM who might well be law abiding US citizens minding their own business (at least more or less) and not subject to legal US wiretaps ? It is true that POLICE (eg law enforcement) wiretaps can be mostly done with CALEA gear (and should be to ensure they aren't done when not authorized by a suitable warrant), but national security and intelligence wiretaps are a completely different kettle of fish, particularly overseas. And this says nothing at all about the need for tactical military wiretaps on GSM systems under battlefield conditions when soldiers lives may depend on determining what the enemy is saying over cellphones used to direct attacks against friendly forces. -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass 02493 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Digital cash and campaign finance reform
- Original Message - From: Steve Schear [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] [anonymous funding of politicians] Comments? Simple attack: Bob talks to soon to be bought politician. Tomorrow you'll recieve a donation of $50k, you'll know where it came from. Next day, buyer makes 500 $100 donations (remember you can't link him to any transaction), 50k arrives through the mix. Politician knows where it came from, but no one can prove it. By implementing this we'll see a backwards trend. It will be harder to prove the buyout (actually impossible), but the involved parties will know exactly who did the paying. Right now you can actually see a similar usage in the Bustamante (spelling?) campaign in the California Recall Election, the Native Americans donated $2M to him in spite of a limit of ~22k by donating from several people. Same method only now we know who did the paying. Joe Trust Laboratories Changing Software Development http://www.trustlaboratories.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Digital cash and campaign finance reform
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=60331 http://papers.ssrn.com/sol3/papers.cfm?abstract_id=272787 http://www.cfp2000.org/papers/franklin.pdf http://www.yale.edu/yup/books/092628.htm On Mon, 8 Sep 2003, Steve Schear wrote: Everyone knows that money is the life blood of politics. The topic of campaign finance reform in the U.S. has been on and off the front burner of the major media, for decades. Although the ability of citizens and corporations to support the candidates and parties of their choice can be a positive political force, the ability of political contributors to buy access and influence legislation is probably the major source of governmental corruption. Despite some, apparently, honest efforts at limiting these legal payoffs there has been little real progress. The challenge is to encourage neutral campaign contributions. Perhaps technology could lend a hand. One of the features of Chaimian digital cash is unlinkability. Normally, this has been viewed from the perspective of the payer and payee not wishing to be linked to a transaction. But it also follows that that the payee can be prevented from learning the identity of the payee even if they wished. Since the final payee in politics is either the candidate or the party, this lack of knowledge could make it much more difficult for the money to be involved in influence peddling and quid pro quo back room deals. By combining a mandated digital cash system for contributions, a cap on the size of each individual contribution (perhaps as small as $100), randomized delays (perhaps up to a few weeks) in the posting of each transaction to the account of the counter party, it could create mix conditions which would thwart the ability of contributors to easily convince candidates and parties that they were the source of particular funds and therefore entitled to special treatment. Comments? steve A foolish Constitutional inconsistency is the hobgoblin of freedom, adored by judges and demagogue statesmen. - Steve Schear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] -- Please visit http://www.icannwatch.org A. Michael Froomkin |Professor of Law| [EMAIL PROTECTED] U. Miami School of Law, P.O. Box 248087, Coral Gables, FL 33124 USA +1 (305) 284-4285 | +1 (305) 284-6506 (fax) | http://www.law.tm --It's very hot here.-- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]