RE: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Olle Mulmo
DCMA comes to mind: it could potentially make it a little harder to get your hands on any mass market eavesdropping tool. If you are terribly concerned about this, there are end-to-end encryption phones on the market that are used by military and others already today. Such systems come with a

GSM Association downplays mobile security concerns

2003-09-08 Thread R. A. Hettinga
http://www.commsdesign.com/printableArticle?doc_id=OEG20030903S0013 š GSM Association downplays mobile security concerns By John Walko, CommsDesign.com Sep 3, 2003 (5:41 AM) URL: http://www.commsdesign.com/story/OEG20030903S0013 LONDON ± The GSM Association is playing down concerns raised by a

Re: Is cryptography where security took the wrong branch?

2003-09-08 Thread Ben Laurie
Eric Rescorla wrote: Ben Laurie [EMAIL PROTECTED] writes: Eric Rescorla wrote: Incidentally, when designing SHTTP we envisioned that credit transactions would be done with signatures. I would say that the Netscape guys were right in believing that confidentiality for the CC number was good

Re: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Greg Rose
At 05:18 PM 9/7/2003 -0700, David Honig wrote: A copy of the research was sent to GSM authorities in order to correct the problem, and the method is being patented so that in future it can be used by the law enforcement agencies. Laughing my ass off. Since when do governments care about patents?

Re: OpenSSL *source* to get FIPS 140-2 Level 1 certification

2003-09-08 Thread Tolga Acar
On a second thought, that there is no key management algorithm certified, how would one set up a SSL connection in FIPS mode? It seems to me that, it is not possible to have a FIPS 140 certified SSL/TLS session using the OpenSSL's certification. - Tolga

Re: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Greg Rose
At 11:43 AM 9/8/2003 -0400, Anton Stiglic wrote: I think this is different however. The recent attack focused on the A5/3 encryption algorithm, while the work of Lucky, Briceno, Goldberg, Wagner, Biryukov, Shamir (and others?) was on A5/1 and A5/2 (and other crypto algorithms of GSM, such as

The Pure Crypto Project is released into the public domain

2003-09-08 Thread Ralf Senderek
-BEGIN PURE-CRYPTO SIGNED MESSAGE- The development of the Pure Crypto Project has now finished and the source code is finally released into the public domain. http://senderek.de/pcp/release There is a detailed explanation of the security mechanisms and the background of PCP in

Re: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Steve Schear
At 02:37 AM 9/9/2003 +1000, Greg Rose wrote: At 05:18 PM 9/7/2003 -0700, David Honig wrote: A copy of the research was sent to GSM authorities in order to correct the problem, and the method is being patented so that in future it can be used by the law enforcement agencies. Laughing my ass off.

Re: OpenSSL *source* to get FIPS 140-2 Level 1 certification

2003-09-08 Thread Thor Lancelot Simon
On Mon, Sep 08, 2003 at 10:49:02AM -0600, Tolga Acar wrote: On a second thought, that there is no key management algorithm certified, how would one set up a SSL connection in FIPS mode? It seems to me that, it is not possible to have a FIPS 140 certified SSL/TLS session using the OpenSSL's

RE: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Trei, Peter
David Honig[SMTP:[EMAIL PROTECTED] wrote: At 02:37 AM 9/9/03 +1000, Greg Rose wrote: At 05:18 PM 9/7/2003 -0700, David Honig wrote: Laughing my ass off. Since when do governments care about patents? How would this help/harm them from exploiting it? Not that high-end LEOs haven't already

Re: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Ian Grigg
Trei, Peter wrote: Why the heck would a government agency have to break the GSM encryption at all? Once upon a time, it used to be the favourite sport of spy agencies to listen in on the activities of other countries. In that case, access to the radio waves was much more juicy than access to

Re: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Bill Stewart
Trei, Peter wrote: Why the heck would a government agency have to break the GSM encryption at all? The encryption is only on the airlink, and all GSM calls travel through the POTS land line system in the clear, where they are subject to warranted wiretaps. Breaking GSM is only of useful if you

Re: Code breakers crack GSM cellphone encryption

2003-09-08 Thread David Wagner
John Doe Number Two wrote: It's nice to see someone 'discovering' what Lucky Green already figured-out years ago. I wonder if they'll cut him a check. No, no, no! This is new work, novel and different from what was previously known. In my opinion, it is an outstanding piece of research.

fyi: bear/enforcer open-source TCPA project

2003-09-08 Thread Sean Smith
The Bear/Enforcer Project Dartmouth College http://enforcer.sourceforge.net http://www.cs.dartmouth.edu/~sws/abstracts/msmw03.shtml How can you verify that a remote computer is the real thing, doing the right thing? High-end secure coprocessors are expensive and computationally limited;

Re: Code breakers crack GSM cellphone encryption

2003-09-08 Thread David Wagner
Trei, Peter wrote: Why the heck would a government agency have to break the GSM encryption at all? Well, one reason might be if that government agency didn't have lawful authorization from the country where the call takes place. (say, SIGINT on GSM calls made in Libya) Another might be if the

RE: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Steve Schear
At 05:04 PM 9/8/2003 -0400, Trei, Peter wrote: David Honig[SMTP:[EMAIL PROTECTED] wrote: At 02:37 AM 9/9/03 +1000, Greg Rose wrote: much more than a cellphone (without subsidies). Patenting the attack prevents the production of the radio shack (tm) gsm scanner, so that it at least requires

Re: Is cryptography where security took the wrong branch?

2003-09-08 Thread Joseph Ashwood
- Original Message - From: Ian Grigg [EMAIL PROTECTED] Sent: Sunday, September 07, 2003 12:01 AM Subject: Re: Is cryptography where security took the wrong branch? That's easy to see, in that if SSL was oriented to credit cards, why did they do SET? (And, SHTTP seems much closer to

RE: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Vin McLellan
At 05:04 PM 9/8/03 , Trei, Peter wrote: Why the heck would a government agency have to break the GSM encryption at all? The encryption is only on the airlink, and all GSM calls travel through the POTS land line system in the clear, where they are subject to warranted wiretaps. A government

RE: Code breakers crack GSM cellphone encryption

2003-09-08 Thread David Honig
At 05:04 PM 9/8/03 -0400, Trei, Peter wrote: Why the heck would a government agency have to break the GSM encryption at all? The encryption is only on the airlink, and all GSM calls travel through the POTS land line system in the clear, where they are subject to warranted wiretaps. Breaking GSM

Re: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Dave Emery
On Mon, Sep 08, 2003 at 09:55:41PM +, David Wagner wrote: Trei, Peter wrote: Why the heck would a government agency have to break the GSM encryption at all? Well, one reason might be if that government agency didn't have lawful authorization from the country where the call takes place.

Re: Digital cash and campaign finance reform

2003-09-08 Thread Joseph Ashwood
- Original Message - From: Steve Schear [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] [anonymous funding of politicians] Comments? Simple attack: Bob talks to soon to be bought politician. Tomorrow you'll recieve a donation of $50k, you'll know where it came from. Next day,

Re: Digital cash and campaign finance reform

2003-09-08 Thread Michael Froomkin - U.Miami School of Law
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=60331 http://papers.ssrn.com/sol3/papers.cfm?abstract_id=272787 http://www.cfp2000.org/papers/franklin.pdf http://www.yale.edu/yup/books/092628.htm On Mon, 8 Sep 2003, Steve Schear wrote: Everyone knows that money is the life blood of

Re: Digital cash and campaign finance reform

2003-09-08 Thread Ian Grigg
Steve Schear wrote: By combining a mandated digital cash system for contributions, a cap on the size of each individual contribution (perhaps as small as $100), randomized delays (perhaps up to a few weeks) in the posting of each transaction to the account of the counter party, it could