Allen <[EMAIL PROTECTED]> writes:
>> There are well-attended conferences, papers published online and in many
>> journals, etcetera. So it's not so difficult for people who don't know
>> anything about security and crypto to eventually figure out who does, in
>> the process also learning who else
Ed Gerck <[EMAIL PROTECTED]> writes:
> [EMAIL PROTECTED] wrote:
>> So I hold the PIN constant and vary the bank account number.
>
> This is, indeed, a possible attack considering that the same IP may be
> legitimately used by different users behind NAT firewalls and/or with
> dynamic IPs. However,
"James A. Donald" <[EMAIL PROTECTED]> writes:
> Arshad Noor wrote:
>> While programmers or business=people could be ill-informed, Allen,
>> I think the greater danger is that IT auditors do not know enough
>> about cryptography, and consequently pass unsafe business processes
>> and/or software as
Allen wrote:
During the transmission from an ATM machine 4 numeric characters are
probably safe because the machines use dedicated dry pair phone lines
for the most part, as I understand the system. This, combined with
triple DES, makes it very difficult to compromise or do a MIM attack
becaus
On Mon, Jun 30, 2008 at 11:47:54AM -0700, Allen wrote:
> Nicolas Williams wrote:
> >On Mon, Jun 30, 2008 at 07:16:17AM -0700, Allen wrote:
> >>Given this, the real question is, /"Quis custodiet ipsos custodes?"/
> >
> >Putting aside the fact that cryptographers aren't custodians of
> >anything, it
Nicolas Williams wrote:
On Mon, Jun 30, 2008 at 07:16:17AM -0700, Allen wrote:
Given this, the real question is, /"Quis custodiet ipsos custodes?"/
Putting aside the fact that cryptographers aren't custodians of
anything, it's all about social institutions.
Well, I wouldn't say they aren't
[EMAIL PROTECTED] wrote:
Ed Gerck writes:
-+--
| ...
| Not so fast. Bank PINs are usually just 4 numeric characters long and
| yet they are considered /safe/ even for web access to the account
| (where a physical card is not required).
|
| Why? Because after 4 tries the acces
Ed Gerck wrote:
Allen wrote:
Very. The (I hate to use this term for something so pathetic) password
for the file is 6 (yes, six) numeric characters!
My 6 year old K6-II can crack this in less than one minute as there
are only 1.11*10^6 possible.
Not so fast. Bank PINs are usually just 4 n
Ed Gerck writes:
-+--
| ...
| Not so fast. Bank PINs are usually just 4 numeric characters long and
| yet they are considered /safe/ even for web access to the account
| (where a physical card is not required).
|
| Why? Because after 4 tries the access is blocked for your IP n
On Mon, Jun 30, 2008 at 07:16:17AM -0700, Allen wrote:
> Given this, the real question is, /"Quis custodiet ipsos custodes?"/
Putting aside the fact that cryptographers aren't custodians of
anything, it's all about social institutions.
There are well-attended conferences, papers published online
James A. Donald wrote:
Committees of experts regularly get cryptography wrong - consider, for
example the Wifi debacle. Each wifi release contains classic and
infamous errors - for example WPA-Personal is subject to offline
dictionary attack.
One would have thought that after the first disas
Arshad Noor wrote:
While programmers or business=people could be ill-informed, Allen,
I think the greater danger is that IT auditors do not know enough
about cryptography, and consequently pass unsafe business processes
and/or software as being secure.
This is the reason why we in the OASIS En
On Fri, Jun 27, 2008 at 12:19:04PM -0700, zooko wrote:
> and probably other commodity products). Likewise newfangled ciphers like
> Salsa20 and EnRUPT will be considered by me to be faster than AES (because
> they are faster in software) rather than slower (because AES might be built
> into the
Arshad Noor wrote:
While programmers or business=people could be ill-informed, Allen,
I think the greater danger is that IT auditors do not know enough
about cryptography, and consequently pass unsafe business processes
and/or software as being secure.
Committees of experts regularly get crypto
Allen wrote:
Very. The (I hate to use this term for something so pathetic) password
for the file is 6 (yes, six) numeric characters!
My 6 year old K6-II can crack this in less than one minute as there are
only 1.11*10^6 possible.
Not so fast. Bank PINs are usually just 4 numeric characters l
15 matches
Mail list logo
