Re: Uncrackable beams of light

2003-09-11 Thread h1kari
At toorcon this year there will be a talk on quantum cryptography along with a demonstration of some experimental quantum crypto hardware on loan from a company in switzerland. Also, there's going to be a really good keynote talk by Bruce Schneier of Counterpane and quite a few others that

Re: Code breakers crack GSM cellphone encryption/GNU Radio

2003-09-11 Thread Barry Wels
Actually, patenting the method isn't nearly as silly as it sounds. Produced in quantity, a device to break GSM using this attack is not going to cost much more than a cellphone (without subsidies). Patenting the attack prevents the production of the radio shack (tm) gsm scanner, so that it at

Re: fyi: bear/enforcer open-source TCPA project

2003-09-11 Thread Rich Salz
You propose to put a key into a physical device and give it to the public, and expect that they will never recover the key from it? Seems unwise. You think the public can crack FIPS devices? This is mass-market, not govt-level attackers. Second, if the key's in hardware you *know* it's been

Re: fyi: bear/enforcer open-source TCPA project

2003-09-11 Thread Peter Gutmann
Rich Salz [EMAIL PROTECTED] writes: Second, if the key's in hardware you *know* it's been stolen. You don't know that for software. Only for some definitions of stolen. A key held in a smart card that does absolutely everything the untrusted PC it's connected to tells it to is only marginally

RE: fyi: bear/enforcer open-source TCPA project

2003-09-11 Thread Scott Guthery
There are roughly 1B GSM/3GPP/3GPP2 SIMs in daily use and the number of keys extracted from them is diminishingly small. -Original Message- From: bear [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2003 3:43 AM To: Sean Smith Cc: [EMAIL PROTECTED] Subject: Re: fyi:

Re: fyi: bear/enforcer open-source TCPA project

2003-09-11 Thread Damian Gerow
Thus spake Rich Salz ([EMAIL PROTECTED]) [11/09/03 08:51]: You propose to put a key into a physical device and give it to the public, and expect that they will never recover the key from it? Seems unwise. You think the public can crack FIPS devices? This is mass-market, not govt-level

is secure hardware worth it? (Was: Re: fyi: bear/enforcer open-source TCPA project)

2003-09-11 Thread Sean Smith
Just to clarify... I'm NOT saying that any particular piece of secure hardware can never be broken. Steve Weingart (the hw security guy for the 4758) used to insist that there was no such thing as tamper-proof. On the HW level, all you can do is talk about what defenses you tried, what

Re: fyi: bear/enforcer open-source TCPA project

2003-09-11 Thread Rich Salz
And 'the public' doesn't include people like government level attackers? People like cryptography experts? People who like to play with things like this? No it doesn't. *It's not in the threat model.* /r$ -- Rich Salz, Chief Security Architect DataPower Technology

A precis of the new attacks against GSM encryption

2003-09-11 Thread R. A. Hettinga
http://lists.netsys.com/pipermail/full-disclosure/2003-September/009856.html [Full-Disclosure] A precis of the new attacks against GSM encryption (fwd) Lukasz Luzar [EMAIL PROTECTED] Thu, 11 Sep 2003 10:21:33 +0200 (CEST) Previous message: [Full-Disclosure] PTms03039.zip Next message:

[Lucrative-L] ponderance of the day

2003-09-11 Thread R. A. Hettinga
--- begin forwarded text Status: U From: Patrick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Lucrative-L] ponderance of the day Date: Thu, 11 Sep 2003 20:22:17 -0600 Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Question: What kind of filter do you use in your Java pot?