RE: How the Greek cellphone network was tapped.

2007-07-09 Thread Ian Farquhar \(ifarquha\)
2. E2E crypto on mobiles would require cross-vendor support, which would mean that it would have to go into the standard. Unfortunately, standards in the mobile world are heavily influenced by governmnets, and the four horsemen of the apocalypse (drug dealers, paedophiles, spies, and

Re: How the Greek cellphone network was tapped.

2007-07-09 Thread Steven M. Bellovin
On Mon, 9 Jul 2007 17:52:38 +1000 Ian Farquhar \(ifarquha\) [EMAIL PROTECTED] wrote: And don't forget, some of the biggest markets are still crypto-phobic. Every time I enter China I have to tick a box on the entry form indicating that I am not carrying any communications security

Re: a fraud is a sale, Re: The bank fraud blame game

2007-07-09 Thread Anne Lynn Wheeler
re: http://www.garlic.com/~lynn/aadsm27.htm#39 a fraud is a sale, Re: The bank fraud blame game http://www.garlic.com/~lynn/aadsm27.htm#40 a fraud is a sale, Re: The bank fraud blame game recent item with the other side of the issue (as opposed to being able to profit when merchants have

Re: FIPS 140-2, PRNGs, and entropy sources

2007-07-09 Thread Darren Lasko
On 7/8/07, Joshua Hill [EMAIL PROTECTED] wrote: On Sat, Jul 07, 2007 at 10:53:17PM -0600, Darren Lasko wrote: 1) Can a product obtain FIPS 140-2 certification if it implements a PRNG from NIST SP 800-90 (and therefore is not listed in FIPS 140-2 Annex C)? If not, will Annex C be updated to

Re: How the Greek cellphone network was tapped.

2007-07-09 Thread Florian Weimer
* Ian Farquhar: Crypto has been an IP minefield for some years. With the expiry of certain patents, and the availability of other unencumbered crypto primitives (eg. AES), we may see this change. But John's other points are well made, and still valid. Downloadable MP3 ring tones are a