Re: How the Greek cellphone network was tapped.

2007-07-16 Thread Leichter, Jerry
| Crypto has been an IP minefield for some years. With the expiry of | certain patents, and the availability of other unencumbered crypto | primitives (eg. AES), we may see this change. But John's other | points are well made, and still valid. Downloadable MP3 ring tones | are a selling

Historical one-way hash functions

2007-07-16 Thread Leichter, Jerry
So, you want to be able to prove in the future that you have some piece of information today - without revealing that piece of information. We all know how to do that: Widely publish today the one-way hash of the information. Well ... it turns out this idea is old. Very old. In the 17th

How the Chinese internet is tapped.

2007-07-16 Thread Jun-ichiro itojun Hagino
on a similar topic as Greek. i was in Shinsen and DongAng, mainland china (right next to HongKong). i was able to experience GSM/GPRS Internet as well as hotel wired Internet (both are IPv4, sigh). in both cases, TCP port 80 (http) was sucked into

Re: How the Greek cellphone network was tapped.

2007-07-16 Thread John Denker
On 07/10/2007 01:59 AM, Florian Weimer wrote: It's also an open question whether network operators subject to interception requirements can legally offer built-in E2E encryption capabilities without backdoors. I agree. It's a tricky question; see below JI responded: You probably meant

Re: FIPS 140-2, PRNGs, and entropy sources

2007-07-16 Thread lists
On 9 Jul 2007 16:08:33 -0600, Darren Lasko wrote: 2) Does FIPS 140-2 have any requirements regarding the quality of the entropy source that is used for seeding a PRNG? Yes. The requirement imposed by FIPS 140-2 (http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf) are in section

Re: How the Greek cellphone network was tapped.

2007-07-16 Thread Bill Stewart
At 10:59 PM 7/9/2007, Florian Weimer wrote: Uh-oh, no. The protocol characteristics don't change depending on who is selling you the device. Of course they do, at least in the US, where the mobile phones are generally carrier-specific, often locked, and generally don't have open designs. In

Re: How the Greek cellphone network was tapped.

2007-07-16 Thread Ken Buchanan
On 7/9/07, alan [EMAIL PROTECTED] wrote: Makes me wonder how this will effect the OpenMoko phone if someone builds an encryption layer for it. (OpenMoko is a totally open sourced phone.) Leigh Honeywell and Paul Wouters presented a 'crypto-phone' effort they have been working on at CCC in

Re: How the Greek cellphone network was tapped.

2007-07-16 Thread Eric Cronin
On Jul 6, 2007, at 6:20 PM, John Ioannidis wrote: Unfortunately, it's not so easy to roll your own on top of a 3G- enabled smartphone. The broadband channel does not have the tight jitter and throughput guarantees that voice needs, and some providers (Verizon in the USA for example)

ACM CCS Industry Track CFP

2007-07-16 Thread William Enck
My apologies if this is considered spam; however, it may be of interest to a number of list subscribers. We are soliciting proposals for presentations in the Industry track at the ACM Conference on Computer and Communications Security, which will be held October 29th to November 2nd in

improving ssh

2007-07-16 Thread Ed Gerck
List, SSH (OpenSSH) is routinely used in secure access for remote server maintenance. However, as I see it, SSH has a number of security issues that have not been addressed (as far I know), which create unnecessary vulnerabilities. Some issues could be minimized by turning off password