Re: Ransomware

2008-06-12 Thread James Muir

Marcos el Ruptor wrote:

I've just looked at the virus.


Just curious -- where were you able to download the virus from?

-James

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Ransomware

2008-06-12 Thread Marcos el Ruptor

On 12 Jun 2008, at 03:05, James Muir wrote:


Just curious -- where were you able to download the virus from?



www.offensivecomputing.net

Just be careful. Do not run it. It does not spread itself, but it  
will encrypt all the sensitive files on all the drives and then self- 
destruct. If you want a disarmed harmless one to play with, I can e- 
mail you my decrypted and patched up variant.


Marcos el Ruptor
http://www.enrupt.com/ - Raising the bar.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Why doesn't Sun release the crypto module of the OpenSPARC? Crypto export restrictions

2008-06-12 Thread Richard Salz
I would expect hardware designs to be treated more like hardware than 
software.

/r$

--
STSM, DataPower Chief Programmer
WebSphere DataPower SOA Appliances
http://www.ibm.com/software/integration/datapower/

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Why doesn't Sun release the crypto module of the OpenSPARC? Crypto export restrictions

2008-06-12 Thread John Gilmore
 I would expect hardware designs to be treated more like hardware than 
 software.

A hardware design is not hardware.  Only a naive parsing of the
words would treat it so.  A software design is not treated like
software; you are free to write about how ATM machine crypto is
designed, even if you can't export ATM machine crypto software without
a license (because it's proprietary and not mass-market).

A hardware design is a lot like software.  It's human written and
human readable, it's trivial to reproduce, it's compiled automatically
into something that can execute, and if you write it into hardware,
then it does something.

The court case that EFF won against the export controls was won on
those grounds: the government can't suppress the publication of
human-written and human-readable text, on the grounds that somebody
somewhere might put it into a machine that does things the government
doesn't like.

Sun may be chicken on the point, and the government did a sneaky trick
to technically avoid having a Ninth Circuit precedent set on the
topic, but a similar precedent was set by Peter Junger's case in
another circuit.  I think Sun would be well within its rights to ship
VHDL or Verilog source code that implements crypto under an open
source license.  And I'd be happy to point them at good lawyers who'd
be happy to be paid to render a more definitive opinion.

John Gilmore


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Why doesn't Sun release the crypto module of the OpenSPARC? Crypto export restrictions

2008-06-12 Thread Richard Salz
If only to make sure that there's no confusion about where I stand:  I 
agree with you completely John.  I am not surprised that the feds or Sun 
see it otherwise.

/r$

--
STSM, DataPower Chief Programmer
WebSphere DataPower SOA Appliances
http://www.ibm.com/software/integration/datapower/

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Why doesn't Sun release the crypto module of the OpenSPARC? Crypto export restrictions

2008-06-12 Thread Thierry Moreau



Richard Salz wrote:

I would expect hardware designs to be treated more like hardware than 
software.




That's an interesting observation, raising the issue of what is speech 
 vs hardware.


When I looked into this issue, I found the Common Criteria 
certification methodology as evidence that speech covers everything 
from the most high level abstract design description to the most 
concrete representation of the hardware that you would look at, e.g. for 
security certification assurance that electronic gates are properly 
positioned by the Computer-Aided-Design tools. Hence, any information is 
speech, and if it's in the public domain, I would expect an export 
control exception would apply. Only the actual silicon, and non 
human-readable dies for the silicon, would be hardware.


Otherwise, I see no legal base to locate a cut-off point between 
speech and hardware in the process of design refinements leading to 
the actual processor.


Regards,

--

- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada   H2M 2A1

Tel.: (514)385-5691
Fax:  (514)385-5900

web site: http://www.connotech.com
e-mail: [EMAIL PROTECTED]

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Why doesn't Sun release the crypto module of the OpenSPARC? Competition?

2008-06-12 Thread David G. Koontz
Lawerence Spracklen's Blog:
http://blogs.sun.com/sprack/entry/detailed_t2_crypto_info

  Detailed T2 crypto info

  Very detailed info on the UltraSPARC T2 cryptographic accelerators can be
  found here on the OpenSPARC website (the pertinent info can be found in
  chapter-21 of the doc)

  Posted on: Sep 11, 2007

With a rebuttal that the Ch 21 in the document found there contained the PCI
Express Interface Unit:

  Unfortunately, it looks like the accelerator details have been removed :-(
  The SPU is not technically part of OpenSPARC

  Posted by Lawrence Spracklen on November 05, 2007 at 11:39 AM PST #

There's the aspect of competition.  The on core crypto gives one heck of a
competitive edge for networking applications, and performance figures found
on Dr. Spracklen's site show that the crypto stream processors across the
CMT can keep up with the 10G Ethernet ports.  I can't see them giving a
potential competitor everything needed to compete directly.  It'd be
reminiscent of IBM and Amdahl clones, captive markets and margins for
hardware threatened as easily as National's memory boards.  I'm sure Sun is
wiley enough to have some key patents, too.  A case of encouraging help to
enlarge the ecosystem, but not empowering direct competition.  They don't
mind if you develop more markets, after all Sun can play there, too.

I've also wondered if a reason they didn't release it is because they bought
the 'IP' from someone.  There are other instances - parts of the System on a
Chip.  In the OpenSPARC T2 System on a Chip Micro Architecture pdf there is
a disclaimer on page 3:

  Note ? OpenSPARC T2 currently does not include PCI-Express and 10Gigabit
  Ethernet design implementation due to current legal restrictions.
  Equivalent models may be available in the subsequent releases of OpenSPARC
  T2.

If the real reason is competition, it's always nice to have a good excuse,
too.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]