EFF Warns Texas Instruments to Stop Harassing Calculator Hobbyists (for cracking public keys)

2009-10-14 Thread John Gilmore
FYI. As I understand it, TI calculator boot ROMs use a 512 bit RSA public key to check the signature of the software they're loading. When hobbyists who wanted to run their own alternative OS software on their calculator calculated the corresponding private key and were thus able to sign their

Possibly questionable security decisions in DNS root management

2009-10-14 Thread Perry E. Metzger
Ekr has a very good blog posting on what seems like a bad security decision being made by Verisign on management of the DNS root key. http://www.educatedguesswork.org/2009/10/on_the_security_of_zsk_rollove.html In summary, a decision is being made to use a short lived 1024 bit key for the

Re: Possibly questionable security decisions in DNS root management

2009-10-14 Thread bmanning
On Wed, Oct 14, 2009 at 06:24:06PM -0400, Perry E. Metzger wrote: Ekr has a very good blog posting on what seems like a bad security decision being made by Verisign on management of the DNS root key. http://www.educatedguesswork.org/2009/10/on_the_security_of_zsk_rollove.html In summary,

Re: Possibly questionable security decisions in DNS root management

2009-10-14 Thread Perry E. Metzger
bmann...@vacation.karoshi.com writes: On Wed, Oct 14, 2009 at 06:24:06PM -0400, Perry E. Metzger wrote: Ekr has a very good blog posting on what seems like a bad security decision being made by Verisign on management of the DNS root key.

Re: Possibly questionable security decisions in DNS root management

2009-10-14 Thread bmanning
On Wed, Oct 14, 2009 at 07:22:27PM -0400, Perry E. Metzger wrote: bmann...@vacation.karoshi.com writes: On Wed, Oct 14, 2009 at 06:24:06PM -0400, Perry E. Metzger wrote: Ekr has a very good blog posting on what seems like a bad security decision being made by Verisign on management of the

Re: Possibly questionable security decisions in DNS root management

2009-10-14 Thread Perry E. Metzger
bmann...@vacation.karoshi.com writes: er... there is the root key and there is the ROOT KEY. the zsk only has a 90 day validity period. ... meets the spec and -ought- to be good enough. that said, it is currently a -proposal- and if credible arguments can be made to modify the proposal,

Re: Possibly questionable security decisions in DNS root management

2009-10-14 Thread Paul Hoffman
At 7:54 PM -0400 10/14/09, Perry E. Metzger wrote: There are enough people here with the right expertise. I'd be interested in hearing what people think could be done with a fully custom hardware design and a budget in the hundreds of millions of dollars or more. What part of owning a temporary

Re: Possibly questionable security decisions in DNS root management

2009-10-14 Thread Jerry Leichter
On Oct 14, 2009, at 7:54 PM, Perry E. Metzger wrote: ...We should also recognize that in cryptography, a small integer safety margin isn't good enough. If one estimates that a powerful opponent could attack a 1024 bit RSA key in, say, two years, that's not even a factor of 10 over 90 days, and