Re: ATM machine security

2005-03-03 Thread Anne Lynn Wheeler
Lee Parkes wrote: Hi, I'm working on a project that requires a benchmark against which to judge various suppliers. The closest that has similar requirements is the ATM industry. To this end I'm looking for any papers, specifications or published attacks against ATM machines and their

Re: Digital Water Marks Thieves

2005-03-03 Thread Dan Kaminsky
My complaint is against the parroting of patently absurd claims by manufacturers (or governments, for that matter) under the guide of journalism. If you need the reason to be concrete, here's one: I might buy this magic water and apply it to some of my stuff, figuring I don't have to

RE: SHA-1 results available

2005-03-03 Thread Whyte, William
http://theory.csail.mit.edu/~yiqun/shanote.pdf No real details, just collisions for 80 round SHA-0 (which I just confirmed) and 58 round SHA-1 (which I haven't bothered with), plus the now famous work factor estimate of 2^69 for full SHA-1. As usual, Technical details will be

Re: Digital Water Marks Thieves

2005-03-03 Thread Matt Crawford
On Feb 22, 2005, at 10:57, Dan Kaminsky wrote: The point is that the thief should think anything expensive is protected, by which I mean it's too traceable to fence. That would be the thinking of a thief who read the article and took it at face value. A more clever thief would realize that the

Re: Code name Killer Rabbit: New Sub Can Tap Undersea Cables

2005-03-03 Thread Matt Crawford
On Feb 18, 2005, at 19:47, R.A. Hettinga wrote: It does continue to be something of a puzzle as to how they get this stuff back to home base, said John Pike, a military expert at GlobalSecurity.org. I should think that in many cases, they can simply lease a fiber in the same cable. What could

Re: Many Wireless Security Breaches Reported At (RSA) Security Conference

2005-03-03 Thread Stefan Kelm
(As I've said many times, security breaches reported at conferences full of security people don't count as a predictor of what's out in the real world as a threat. But, it makes for interesting reading and establishes some metric on the ease of the attack. iang) I also recommend the brief

I'll show you mine if you show me, er, mine

2005-03-03 Thread R.A. Hettinga
http://www.theregister.co.uk/2005/02/21/crypto_wireless/print.html The Register Biting the hand that feeds IT The Register » Security » Identity » Original URL: http://www.theregister.co.uk/2005/02/21/crypto_wireless/ I'll show you mine if you show me, er, mine By Lucy Sherriff

FW: ATM machine security

2005-03-03 Thread Chris Trott
Hi, I'm working on a project that requires a benchmark against which to judge various suppliers. The closest that has similar requirements is the ATM industry. To this end I'm looking for any papers, specifications or published attacks against ATM machines and their infrastructure. I'm also

Re: I'll show you mine if you show me, er, mine

2005-03-03 Thread James A. Donald
-- On 24 Feb 2005 at 2:29, Peter Gutmann wrote: Isn't this a Crypto 101 mutual authentication mechanism (or at least a somewhat broken reinvention of such)? If the exchange to prove knowledge of the PW has already been performed, why does A need to send the PW to B in the last step? You

Re: I'll show you mine if you show me, er, mine

2005-03-03 Thread R.A. Hettinga
--- begin forwarded text To: [EMAIL PROTECTED] Subject: Re: I'll show you mine if you show me, er, mine Date: Wed, 23 Feb 2005 12:14:04 -0800 (PST) From: [EMAIL PROTECTED] (Hal Finney) Sender: [EMAIL PROTECTED] Markus Jakobsson is a really smart guy who's done some cool stuff, so I think this

Re: SHA-1 results available

2005-03-03 Thread Florian Weimer
* Jack Lloyd: http://theory.csail.mit.edu/~yiqun/shanote.pdf Thanks for the pointer. No real details, just collisions for 80 round SHA-0 (which I just confirmed) and 58 round SHA-1 (which I haven't bothered with), plus the now famous work factor estimate of 2^69 for full SHA-1. As usual,

Re: [IP] One cryptographer's perspective on the SHA-1 result

2005-03-03 Thread Steven M. Bellovin
Burt Kaliski posted the following to Dave Farber's IP list. I was about to post something similar myself. Beyond that, it is now clear that the industry needs an open evaluation process -- like the Advanced Encryption Standard competition -- to establish a new hash function standard for the

FW: [IP] One cryptographer's perspective on the SHA-1 result

2005-03-03 Thread Trei, Peter
Full disclosure: Burt Kaliski and I share an employer. Peter Trei -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David Farber Sent: Wednesday, February 23, 2005 7:48 PM To: Ip Subject: [IP] One cryptographer's perspective on the SHA-1 result From:

Chatter Punks

2005-03-03 Thread R.A. Hettinga
--- begin forwarded text Date: Thu, 24 Feb 2005 12:25:10 -0800 To: [EMAIL PROTECTED] From: John Young [EMAIL PROTECTED] Subject: Chatter Punks Sender: [EMAIL PROTECTED] Maybe it's been mentioned here but the book, Chatter: Dispatches from the Secret World of Global Eavesdropping, by Patrick

No Encryption for E-Passports

2005-03-03 Thread R.A. Hettinga
http://www.wired.com/news/print/0,1294,66686,00.html Wired News No Encryption for E-Passports By Ryan Singel? Story location: http://www.wired.com/news/privacy/0,1848,66686,00.html 02:00 AM Feb. 24, 2005 PT Despite widespread criticism from security experts that a proposed high-tech upgrade

When paying with plastic, why swipe? Just wave

2005-03-03 Thread R.A. Hettinga
http://news.zdnet.com/2102-9588_22-5589512.html?tag=printthis ZDNet News By Alorie Gilbert URL: http://news.zdnet.com/2100-9588_22-5589512.html Tired of having to swipe and sign every time you use a credit card? Visa is hoping to simplify the process of paying with plastic with a new

Senators Boxer, Clinton Unveil Count Every Vote Act of 2005

2005-03-03 Thread R.A. Hettinga
http://dailykos.com/story/2005/2/26/204031/168 Daily Kos :: Political Analysis and other daily rants on the state of the nation. Senators Boxer, Clinton Unveil Count Every Vote Act of 2005 by Hunter Sat Feb 26th, 2005 at 17:40:31 PST The email alerts on this were sent out last week. In

SpookAir, redux: No Secrets -- Eyes on the CIA

2005-03-03 Thread R.A. Hettinga
http://www.msnbc.msn.com/id/7037720/site/newsweek/print/1/displaymode/1098/ MSNBC.com No Secrets: Eyes on the CIA Newsweek March 7 issue - Aviation obsessives with cameras and Internet connections have become a threat to cover stories established by the CIA to mask its undercover operations

Italian GSM provider warns: too many wiretaps

2005-03-03 Thread R.A. Hettinga
Mr-Rogers Now, boys and girls, try not to laugh *too* hard, and be sure you swallow your Wheaties before you read this... /M-R Cheers, RAH --- http://www.edri.org/edrigram/number3.4/wiretap | EDRI EDRI-gram » EDRI-gram - Number 3.4, 24 February 2005 Italian GSM provider warns: too many

SpookAir, redux: No Secrets -- Eyes on the CIA

2005-03-03 Thread James A. Donald
-- On 27 Feb 2005 at 18:53, R.A. Hettinga wrote: March 7 issue - Aviation obsessives with cameras and Internet connections have become a threat to cover stories established by the CIA to mask its undercover operations and personnel overseas. U.S. intel sources complain that plane

Colliding X.509 Certificates

2005-03-03 Thread Weger, B.M.M. de
Hi all, We announce the construction of two different valid X.509 certificates that have identical signatures. This is based on MD5 collisions. One could e.g. construct the to-be-signed parts of the certificates, and get the one certificate signed by a CA. Then a valid signature for the other

MD5 collision in X509 certificates

2005-03-03 Thread Ben Laurie
Cute. I expect we'll see more of this kind of thing. http://eprint.iacr.org/2005/067 Executive summary: calculate chaining values (called IV in the paper) of first part of the CERT, find a colliding block for those chaining values, generate an RSA key that has the collision as the first part of

Re: MD5 collision in X509 certificates

2005-03-03 Thread Dan Kaminsky
Ben, Semantic gap, and I do apologize if I didn't make this clear. Wang adapts to any initial state, so you can create arbitrary content to prepend your collision set with, adapt to its output, and then append whatever you like. The temporal ordering is indeed important though; you can't

Re: MD5 collision in X509 certificates

2005-03-03 Thread Ben Laurie
Dan Kaminsky wrote: The x.509 cert collision is a necessary consequence of the earlier discussed prime/not-prime collision. Take the previous concept, make both prime, and surround with the frame of an x.509 cert, and you get the new paper. Actually, not - an RSA public key is not prime.

Re: MD5 collision in X509 certificates

2005-03-03 Thread Dan Kaminsky
Ben Laurie wrote: Dan Kaminsky wrote: The x.509 cert collision is a necessary consequence of the earlier discussed prime/not-prime collision. Take the previous concept, make both prime, and surround with the frame of an x.509 cert, and you get the new paper. Actually, not - an RSA

FYI: paper about Metcalfe's Law

2005-03-03 Thread R.A. Hettinga
--- begin forwarded text Date: Wed, 2 Mar 2005 23:20:58 -0600 (CST) From: Andrew Odlyzko [EMAIL PROTECTED] To: Andrew Odlyzko [EMAIL PROTECTED] Subject: FYI: paper about Metcalfe's Law Dear Colleagues, Sorry for the spam, but I thought you might be interested in the paper described below.

Re: FUD about CGD and GBDE

2005-03-03 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Thor Lancelot Simon writes: On Thu, Mar 03, 2005 at 05:31:34PM +0100, Poul-Henning Kamp wrote: In message [EMAIL PROTECTED], ALeine writes: Not necessarily, if one were to implement the ideas I proposed I believe the performance could be kept at the same level as

Re: I'll show you mine if you show me, er, mine

2005-03-03 Thread Arash Partow
Reading the description from http://www.stealth-attacks.info/, it seems that Peter might be right. I think this is just a re-hash of already well established ideas. In the case of a sending the password back to B, its a very similar scenario to scene III where Athena suggests to Euripides that

Re: FW: ATM machine security

2005-03-03 Thread Lee Parkes
On Thu, Feb 24, 2005 at 02:24:38AM +1100, Chris Trott wrote: My Apologies to the original poster here, but does this seem like a little human engineering to anyone else? No problem. As it happens the project I'm working on isn't for ATMs but for a system that shares some similarities: *