And this says nothing at all about the need for tactical
military wiretaps on GSM systems under battlefield conditions when
soldiers lives may depend on determining what the enemy is saying over
cellphones used to direct attacks against friendly forces.
Or when innocent civilians need
See their paper at CRYPTO 2003 for more details. I am disappointed that
you seem to be criticizing their work before even reading their paper.
I encourage you to read the paper -- it really is interesting.
OK, then, where is it? I looked on:
www.iacr.org under Crypto 2003 -- no papers
Rich Salz [EMAIL PROTECTED] writes:
Sure, that's why it's *the first.* They have never done this before, and it
is very different to how they (or their Ft Meade experts) have done things
before. I suppose one could argue that they're doing this for Level 1 to
increase the industry demand for
How can you verify that a remote computer is the real thing, doing
the right thing?
You cannot.
Using a high-end secure coprocessor (such as the 4758, but not
with a flawed application) will raise the threshold for the adversary
significantly.
No, there are no absolutes. But there are
At 04:25 PM 9/8/2003 -0700, Joseph Ashwood wrote:
Actually they do target very different aspects. SET, 3D-Secure, and any
other similar have a different target then SSL. To understand this it is
important to realize that instead of the usual view of two-party
transactions, credit card transactions
On Tue, 9 Sep 2003, Anne Lynn Wheeler wrote:
http://www.garlic.com/~lynn/index.html#x959
One of the things addressed by X9.59 was not the elimination of the ability
to harvest the merchant transaction file ... but to make the account
numbers in the merchant transaction file useless for
Vin McLellan wrote:
A5/2 was the equivalent of 40-bit DES, presumed to be relatively weak and
developed as an export standard.
Yeah. Except it would be more accurate to place A5/2's strength as
roughly equivalent to 17-bit DES. A5/1's strength is roughly equivalent
to that of 40-bit DES.
Of
Anne Lynn Wheeler wrote:
The result is X9.59 which addresses all the major
exploits at both POS as well as internet (and not just credit, but debit,
stored-value, ACH, etc ... as well).
http://www.garlic.com/~lynn/index.html#x959
Lynn,
Whatever happened to x9.59?
Also, is there a
The September/October 2003 edition of the German magazine
Objektspektrum contains an article about the development of an ATM
system to be used in Switzerland. (Alexander Rietsch: Die
Neuentwicklung des Raiffeisen-Bankomaten, p.30-34. In passing
it mentions that they use Windows 2000, an MS Access
One point your analysis misses is that there are public policy
implications to deploying a phone system that enemy countries can
routinely intercept. Not all attacks are financially motivated.
Is it a good thing for our infrastructure to be so insecure?
Do we want other countries listening to
At 05:19 PM 9/7/2003 -0600, Anne Lynn Wheeler wrote:
Out of all this, there is somewhat a request from the CA/PKI industry that
a public key be registered as part of domain name registration (no
certificate, just a public key registration). Then SSL domain name
certificate requests coming into
Instant Ciphertext-Only Cryptanalysis of GSM Encrypted
Communications, by Elad Barkan, Eli Biham, Nathan Keller
http://cryptome.org/gsm-crack-bbk.pdf (18 Pages, 234KB)
Abstract. In this paper we present a very practical cipher-text only
cryptanalysis of GSM encrypted communications, and
- Original Message -
From: Steve Schear [EMAIL PROTECTED]
Subject: Re: Digital cash and campaign finance reform
At 04:51 PM 9/8/2003 -0700, Joseph Ashwood wrote:
- Original Message -
From: Steve Schear [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
[anonymous
At 05:07 PM 9/9/2003 -0700, Joseph Ashwood wrote:
Now that the waters have been muddied (by several of us). My point was that
3D-Secure (and SET and whatever else comes along) covers a different
position in the system than SSL does (or can). As such they do have a
purpose, even though they may be
14 matches
Mail list logo