Re: Is 3DES Broken?

2005-02-04 Thread james hughes
On Feb 2, 2005, at 1:32 PM, bear wrote: On Mon, 31 Jan 2005, Steven M. Bellovin wrote: [Moderator's note: The quick answer is no. The person who claims otherwise is seriously misinformed. I'm sure others will chime in. --Perry] [snip] When using CBC mode, one should not encrypt more than 2^32 64-b

Using TCPA

2005-02-04 Thread Eric Murray
On Thu, Feb 03, 2005 at 11:51:57AM -0500, Trei, Peter wrote: > It could easily be leveraged to make motherboards > which will only run 'authorized' OSs, and OSs > which will run only 'authorized' software. [..] > If you 'take ownership' as you put it, the internal > keys and certs change, and a

RE: Dell to Add Security Chip to PCs

2005-02-04 Thread Peter Gutmann
Erwann ABALEA <[EMAIL PROTECTED]> writes: >I've read your objections. Maybe I wasn't clear. What's wrong in installing a >cryptographic device by default on PC motherboards? I work for a PKI 'vendor', >and for me, software private keys is a nonsense. A simple crypto device controlled by the same

Re: Dell to Add Security Chip to PCs

2005-02-04 Thread Dan Kaminsky
Uh, you *really* have no idea how much the black hat community is looking forward to TCPA. For example, Office is going to have core components running inside a protected environment totally immune to antivirus. How? TCPA is only a cryptographic device, and some BIOS code, nothing else. Does

Re: Can you help develop crypto anti-spoofing/phishing tool ?

2005-02-04 Thread Ed Gerck
Amir Herzberg wrote: We develop TrustBar, a simple extension to FireFox (& Mozilla), that displays the name and logo of SSL protected sites, as well as of the CA (so users can notice the use of untrusted CA). I think it is fair to say that this extension fixes some glitches in the deployment of

RE: Dell to Add Security Chip to PCs

2005-02-04 Thread Trei, Peter
Erwann ABALEA > On Wed, 2 Feb 2005, Trei, Peter wrote: > > > Seeing as it comes out of the TCG, this is almost certainly > > the enabling hardware for Palladium/NGSCB. Its a part of > > your computer which you may not have full control over. > > Please stop relaying FUD. You have full control >

Re: Can you help develop crypto anti-spoofing/phishing tool ?

2005-02-04 Thread Ian G
Michael H. Warfield wrote What Amir and Ahmad are looking at is showing the CA as part of the trust equation when the user hits a site. Some CAs will enter the user's consciousness via normal branding methods, and new ones will trigger care & caution. Which is what we want - if something strange

Re: Is 3DES Broken?

2005-02-04 Thread John Kelsey
>From: "Steven M. Bellovin" <[EMAIL PROTECTED]> >Sent: Feb 2, 2005 1:39 PM >To: bear <[EMAIL PROTECTED]> >Cc: Aram Perez <[EMAIL PROTECTED]>, Cryptography >Subject: Re: Is 3DES Broken? ... >>I think you meant ECB mode? >No, I meant CBC -- there's a birthday paradox attack to watch out for. Yep

Re: Can you help develop crypto anti-spoofing/phishing tool ?

2005-02-04 Thread Michael H. Warfield
On Thu, 2005-02-03 at 03:57 +, Ian G wrote: > Daniel Carosone wrote: > >On Wed, Feb 02, 2005 at 10:11:54PM +0200, Amir Herzberg wrote: > >>We develop TrustBar, a simple extension to FireFox (& Mozilla), that > >>displays the name and logo of SSL protected sites, as well as of the CA > >>(so

DIMACS Workshop on Theft in E-Commerce: Content, Identity, and Service

2005-02-04 Thread Linda Casals
CALL FOR PARTICIPATION** * DIMACS Workshop on Theft in E-Commerce: Content, Identity, and Service April 14 - 15, 2005 DIMACS Center, Rutgers University, Piscataway, NJ Organizers:

Re: Can you help develop crypto anti-spoofing/phishing tool ?

2005-02-04 Thread Amir Herzberg
Daniel Carosone responded to me: We develop TrustBar, a simple extension to FireFox (& Mozilla), that displays the name and logo of SSL protected sites, as well as of the CA (so users can notice the use of untrusted CA). Other merits of the idea aside, if the user knows the CA is untrusted, what

Re: Dell to Add Security Chip to PCs

2005-02-04 Thread Erwann ABALEA
On Wed, 2 Feb 2005, Dan Kaminsky wrote: > Uh, you *really* have no idea how much the black hat community is > looking forward to TCPA. For example, Office is going to have core > components running inside a protected environment totally immune to > antivirus. How? TCPA is only a cryptographic de

RE: Dell to Add Security Chip to PCs

2005-02-04 Thread Erwann ABALEA
On Thu, 3 Feb 2005, Jay Sulzberger wrote: > On Wed, 2 Feb 2005, Erwann ABALEA wrote: > > > On Wed, 2 Feb 2005, Trei, Peter wrote: > > > >> Seeing as it comes out of the TCG, this is almost certainly > >> the enabling hardware for Palladium/NGSCB. Its a part of > >> your computer which you may not

RE: Dell to Add Security Chip to PCs

2005-02-04 Thread Erwann ABALEA
Bonjour, On Wed, 2 Feb 2005, Erwann ABALEA wrote: > On Wed, 2 Feb 2005, Trei, Peter wrote: > > > Seeing as it comes out of the TCG, this is almost certainly > > the enabling hardware for Palladium/NGSCB. Its a part of > > your computer which you may not have full control over. > > Please stop rel

Re: Dell to Add Security Chip to PCs

2005-02-04 Thread Ed Reed
>>> Ian G <[EMAIL PROTECTED]> 2/2/2005 6:38:46 PM >>> > I'm just curious on this point. I haven't seen much > to indicate that Microsoft and others are ready > for a nymous, tradeable software assets world. No, and neither are corporate customers, to a large extent. Accountability is, in fact, a

Re: Dell to Add Security Chip to PCs

2005-02-04 Thread Eugen Leitl
On Wed, Feb 02, 2005 at 05:30:33PM +0100, Erwann ABALEA wrote: > Please stop relaying FUD. You have full control over your PC, even if this Please stop relaying pro-DRM pabulum. The only reason for Nagscab is restricting the user's rights to his own files. Of course there are other reasons for h

RE: Dell to Add Security Chip to PCs

2005-02-04 Thread Jay Sulzberger
On Wed, 2 Feb 2005, Erwann ABALEA wrote: On Wed, 2 Feb 2005, Trei, Peter wrote: Seeing as it comes out of the TCG, this is almost certainly the enabling hardware for Palladium/NGSCB. Its a part of your computer which you may not have full control over. Please stop relaying FUD. You have full contr

Re: Can you help develop crypto anti-spoofing/phishing tool ?

2005-02-04 Thread Daniel Carosone
On Thu, Feb 03, 2005 at 03:57:06AM +, Ian G wrote: > Daniel Carosone wrote: > > >Other merits of the idea aside, if the user knows the CA is untrusted, > >what's it doing in the browser's trust path? > > The user doesn't select the trust path, the browser manufacturer > does. > [..] > How do

RE: Dell to Add Security Chip to PCs

2005-02-04 Thread Peter Gutmann
"Tyler Durden" <[EMAIL PROTECTED]> writes: >That "chip"...is it likely to be an ASIC or is there already such a thing as >a security network processor? (ie, a cheaper network processor that only >handles security apps, etc...) > >Or could it be an FPGA? Neither. Currently they've typically bee