Re: quantum hype
martin f krafft wrote: So MagiQ and others claim that the technology is theoretically unbreakable. How so? If I have 20 bytes of data to send, and someone reads the photon stream before the recipient, that someone will have access to the 20 bytes before the recipient can look at the 20 bytes, decide they have been tampered with, and alert the sender. This is not relevant when the technology is correctly used for Q key transmission because the sender would not be in the dark (sorry for the double pun) for so long. So I use symmetric encryption and quantum cryptography for the key exchange... the same situation here. Maybe the recipient will be able to tell the sender about the junk it receives, but Mallory already has read some of the text being ciphered. This should not happen in a well-designed system. The sender sends the random key in the Q channel in such a way that compromises in key transmission are detected before the key is used. That said, Q cryptography is something else and should not be confused with Q key distribution. Cheers, Ed Gerck - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: OT: Swiss ATM Bancomat 5.0 BM5.0
Words by Carsten Kuckuk [Tue, Sep 09, 2003 at 08:29:57PM +0200]: The September/October 2003 edition of the German magazine Objektspektrum contains an article about the development of an ATM system to be used in Switzerland. (Alexander Rietsch: Die Neuentwicklung des Raiffeisen-Bankomaten, p.30-34. In passing it mentions that they use Windows 2000, an MS Access database for resources, MSDE for money transfer data, MSVS remote debugging, C++ for speed reasons, COM, IE, and have everything connected via TCP/IP networks. Unfortunately the focus of the article is not on security, so all the obvious question are unanswered. Obviously. :) Is there place online we can get this? -- Jose Celestino | http://xpto.org/~japc/files/japc-pgpkey.asc Lately, the only thing keeping me from becoming a serial killer is my distaste for manual labor.-- Dilbert - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Announcing PGP Universal
--- begin forwarded text Status: U List-ID: enews-usa.listserv.pgp.com Reply-To: PGP Universal [EMAIL PROTECTED] Sender: PGP Universal [EMAIL PROTECTED] To: PGP Universal [EMAIL PROTECTED] From: [EMAIL PROTECTED] (PGP Corporation) Subject: Announcing PGP Universal Date: Mon, 15 Sep 2003 02:42:19 -0700 Dear PGP Customer: We are pleased to announce the shipment of PGP(r) Universal. Over the last year, we have met with customers around the world to help us design a new generation of security products. Our goal was to take trusted PGP technology and deploy it in a way that would allow customers to finally secure all their electronic assets. The result is PGP Universal, a new architecture and product family deploying proven PGP technology at the network level, making email security both automatic and requiring no user intervention. By combining a self-managing security architecture with the proxying of standard email protocols, PGP Universal enables customers to achieve measurable email security. In customer meetings it became clear PGP Universal must meet the needs of five groups: - Executives that want to comply with regulations and minimize risk - Business units that must communicate privately and securely with customers and partners - Security groups that must enforce and measure email security - IT organizations that don?t want to change their processes or integrate new technologies - Users who just want to do their jobs PGP Universal was built with these needs in mind. It offers: - Automatic key generation and life cycle management - Central and uniform security policy control - Policy enforcement on both inbound and outbound email messages - Automatic and transparent operation to users - Automatic and transparent operation to the network - Easy and incremental deployment - Practical and cost-effective to ?secure everything? - Full compatibility with existing PGP Desktop products PGP Universal is available immediately for purchase or customer evaluation. An FAQ and white paper with detailed information are available at www.pgp.com/universal. Information is also available at www.pgp.com, from your PGP sales representative, or a PGP Certified Solution Provider. You have received this email because at some point in the past you purchased a PGP product. If you would like to continue receiving information from PGP Corporation, please subscribe at [EMAIL PROTECTED] If you do not reply, you will be unsubscribed from this list. Thank you for your interest in PGP products. Sincerely, Andrew Krcik Vice President, Marketing and Products PGP Corporation --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: OpenSSL *source* to get FIPS 140-2 Level 1 certification
On Mon, Sep 15, 2003 at 12:57:55PM -0400, Wei Dai wrote: I think I may have found such a written guidance myself. It's guidance G.5, dated 8/6/2003, in the latest Implementation Guidance for FIPS 140-2 on NIST's web site: http://csrc.nist.gov/cryptval/140-1/FIPS1402IG.pdf. This section seems especially relevant: For level 1 Operational Environment, the software cryptographic module will remain compliant with the FIPS 140-2 validation when operating on any general purpose computer (GPC) provided that: a. the GPC uses the specified single user operating system/mode specified on the validation certificate, or another compatible single user operating system, and b. the source code of the software cryptographic module does not require modification prior to recompilation to allow porting to another compatible single user operating system. (end quote) The key word here must be recompilation. The language in an earlier Unfortunately, another key set of words is single user. This would seem to significantly limit the value of a software-only certification... - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Booksellers Fight Tech Slump
Apparently the only thing selling is crypto and security... Cheers, RAH --- http://publishersweekly.reviewsnews.com/index.asp?layout=articlePrintarticleID=CA322983 Return to Main Page Publishers Weekly Booksellers Fight Tech Slump by James A. Martin -- 9/15/2003 With a few exceptions, computer book sales have gone south The economy is finally showing some signs of life again. Consumer spending on technology is inching up. And yet, with a few exceptions, overall sales in the computer/technology book category continue to slump or remain flat at best, according to buyers for booksellers across the U.S. Usually we start to see some sales improvements in August and early fall, says Jim Treitman, owner of Softpro Books, a computer/technical bookseller in Centennial, Colo. But so far, we've seen no improvement at all. If fact, things may have gotten a bit worse. At Stacey's, a general-interest bookstore in San Francisco, the computer/technical category has been hit the hardest by the recent, prolonged economic downturn, according to buyer Lauretta Cuadra. During the late 1990s, computer books accounted for 30% of Stacey's book sales, she says. Today, tech titles represent under 20% of store sales. One reason for the decline, explains Cuadra, is that the commercial real estate occupancy rates in downtown San Francisco, where Stacey's is located, have remained low. The lighter store traffic has, in turn, caused a noticeable dip in computer and other business-related book sales. This recession has hit us in the middle of the forehead, adds Bill Szabo, buyer and co-owner of Quantum Books, a technical bookstore in Cambridge, Mass. Many of the store's corporate buyers have fired large numbers of employees, Szabo says, thus reducing demand for its computer and technical books. What's more, government agencies-traditionally among Quantum's best customers-have seen their budgets slashed, additionally dampening the store's sales. Anyone who sells technical books will tell you the same thing, Szabo reports. We're all suffering. While computer book retailers are singing the blues, there are a few upbeat notes. Macintosh titles, particularly those relating to Macintosh OS X, such as Mac OS X: The Missing Manual (O'Reilly), and graphics-related books, such as those on Adobe Photoshop, Web publishing, digital photography and digital video, are selling well, buyers report. Sales in the latter area are up partly because the costs of digital cameras and CD/DVD burners have dropped significantly in the past year, notes Don Stahl, technical book buyer for Page One Books in Albuquerque, N.Mex. Ebay-related titles, interestingly, are enjoying consistently brisk sales. Of the top 10 titles for home computer users at Barnesandnoble.com in late August, seven had to do with selling on eBay. Other areas showing signs of life include books on Sun Microsystems' Java programming language and the Linux operating system, as well as computer security. Cryptography and security is our biggest selling section today, notes Natalie Elias, manager of Reiters, a scientific/professional bookstore in Washington, D.C. The recent rash of computer viruses has helped fuel sales in this niche, she adds. To stay afloat, booksellers-particularly independents-are not taking anything for granted these days. Before, we assumed everyone at M.I.T. knew about us, says Szabo of Quantum Books, which is near M.I.T. Now, we're reaching out to the community. We're being aggressive in our promotions. We're making sure they know about us. All told, it's important for booksellers to keep things in perspective. Though sales for computer books are noticeably down, the figures by themselves aren't terrible, says Stacey's Cuadra. The tech boom of the mid-late '90s was by all accounts a high point for computer booksellers. If we hadn't climbed that peak then, Cuadra adds, we wouldn't think we were in a valley now. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
'Unhackable' data will go far
http://www.electronicsnews.com.au/articles/a6/0c0196a6.asp Electronics News September 16, 2003 'Unhackable' data will go far By Andrew Woolls-King Long distance secure data transmission has moved a step closer with the transmission of quantum-encoded data over a distance of 100 km. Researchers claim that the breakthrough could make unbreakable secure data streams a reality within a few years. A team from Toshiba Research Europe, based in Cambridge, UK, has recently demonstrated a prototype system working over 100 km of fibre-optic cable. As far as we are aware, this is the first demonstration of quantum cryptography over fibres longer than 100 kilometres, says Dr Andrew Shields, who leads the Toshiba group developing the system. These developments mean that the technique could be deployed in commercial situations within three years. Early adopters include organizations that need to communicate highly sensitive data including banks, governments and legal firms. Yet with ever increasing numbers of companies falling foul to the malicious activities of hackers, it is likely that the market for viable quantum cryptography systems will be huge. Until now the biggest barrier to successfully using quantum cryptography has been reducing the amount of random noise picked up by the receiving detector (which can be positioned at either end of the fibre link) due to photon scattering out of the fibre. Indeed the rate of encrypted photons surviving the journey along long fibres was so low that they were masked by noise in the actual photon detector and the entire transmission process failed. But by developing an ultra low noise detector exploiting the latest semiconductor technology, the Toshiba team has managed to reduce this noise problem to a viable level for long distance transmission. Even if the 100-km distance can't be extended, some form of quantum repeater could be developed to enable totally secure communications over even longer distances. Quantum cryptography works by using the teleportation of quantum states from one place to another using photons as the communication medium. In practice, two users on a fibre-optic network form a shared security key. The secrecy of the key is guaranteed by exploiting the wave/particle duality of light meaning that the key does not exist in any detectable sense until the photons sent from the transmitter actually reach the receiver. Although a hacker could conceivably intercept the stream of photons en route between the sender and receiver, Heisenburg's uncertainty principle dictates that that it is physically impossible to read the datastream without disturbing its quantum states and thus destroying the message. Current encryption approaches rely on algorithm that, no matter how complex, could eventually be cracked. With quantum cryptography security instead becomes an impenetrable and intrinsic part of the data itself. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]