Re: Physical security rather than crypto---but perhaps of interest
Charles Jackson wrote: http://news.bbc.co.uk/2/hi/technology/8147534.stm Chuck [Moderator's note: It is helpful, when posting a link, to give enough information that people can know whether they want to go and read the article. In this case, the title and first few sentences are: Snooping through the power socket When I first read the article title I assumed it was going to be about Ethernet over Powerlines and how they had weak or non existent crypto. Power sockets can be used to eavesdrop on what people type on a computer. Security researchers found that poor shielding on some keyboard cables means useful data can be leaked about each character typed. By analysing the information leaking onto power circuits, the researchers could see what a target was typing. The attack has been demonstrated to work at a distance of up to 15m, but refinement may mean it could work over much longer distances. When I read this and my first thought was: "exactly how is this new research or news ?" This is exactly the type of threat that TEMPEST protection is intended to provide risk reduction for. So yeah not new or news to some people but certainly scary for the masses. Now to bring it back to crypto this shows the danger of assuming that local "links" don't need to be encrypted and that cables are "more secure" than wireless links (eg Bluetooth, WiFi etc). -- Darren J Moffat - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: 112-bit prime ECDLP solved
Tanja Lange wrote: So with about 1 000 000 USD and a full year you would get 122 bits already now and agencies have a bit more budget than this! Furthermore, the algorithm parallelizes extremely well and can handle a batch of 100 targets at only 10 times the cost. No it cannot handle a bunch of a hundred targets at only ten times the cost. It is already parallelized. A hundred targets is a hundred times the cost. But let us not think small. Suppose the president says "Break James Donald's key. I don't care how much it costs. The sky is the limit" and they devote the entire US gross national product for a year to breaking James Donald's key in a year. Then they can break a 170 bit key. But I rather doubt that they will. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
spyware on Blackberries
http://feeds.wired.com/~r/wired27b/~3/CFV8MEwH_rM/ A BlackBerry update that a United Arab Emirates service provider pushed out to its customers contains U.S.-made spyware that would allow the company or others to siphon and read their e-mail and text messages, according to a researcher who examined it. The update was billed as a “performance enhancement patch” by the UAE-based phone and internet service provider Etisalat, which issued the patch for its 100,000 subscribers. ... --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com