Re: New DoD encryption mandate
At 04:02 AM 8/17/2007 -0700, =?UTF-8?Q?Ivan_Krsti=C4=87?= wrote: On Aug 16, 2007, at 8:30 AM, Ali, Saqib wrote: The other problem is that it lacks any centralized management. If you are letting TPM manage your Bitlocker keys you still need a TPM management suite with key backup/restore/transfer/migrate capabilities in case your computer goes bad. How so? If your computer goes bad, you need a *backup*. That's entirely orthogonal to the drive encryption problem. Bitlocker uses the TPM to provide assurance that your drive -- really, volume -- is locked to your computer, and that the early boot environment hasn't been messed with. When either check fails, you use the BitLocker recovery password (either on a USB stick or entered manually) to recover your data. This holds in the event that you take your drive out and stick it in a different machine. In other words, the TPM is not a single point of failure, so I don't understand why you think you care about TPM backup/restore/transfer. It depends on your requirements. For a large numbers of computers owned by a corporation/organization centralized key management makes a lot of sense. For a single user with a privately purchased computer then the recovery password makes more sense. The third problem is that it is software based encryption, which uses the main CPU to perform the encryption. Security is never free, but in 2007, we can afford the cycles. What's a better use for them? Drawing semi-transparent stained glass window borders? Agreed, for most requirements. Sometimes one may need to keep keys in trusted hardware only. The only real fly-in-the-ointment is that current hash algorithms (SHA-1, SHA-2, etc.) don't scale across multiple CPU cores (assuming you need integrity along with your privacy). - Alex -- Alex Alten [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Skype new IT protection measure
Ed Gerck writes: | We've heard it so many times: "There's nothing to worry about." | Now, Skype adds a new IT protection measure -- "love": | | "The Skype system has not crashed or been victim of a cyber | attack. We love our customers too much to let that happen." | -- Forwarded message -- From: Valery Marchuk <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Fri, 17 Aug 2007 10:30:50 +0300 Subject: [Full-disclosure] Skype Network Remote DoS Exploit Hi all! On SecurityLab.ru forum an exploit code was published by an anonymous user. Reportedly it must have caused Skype massive disconnections today. The PoC uses standard Skype client to call to a specific number. This call causes denial of service of current Skype server and forces Skype to reconnect to another server. The new server also "freezes" and so on ... the entire network. Liks: http://www.securitylab.ru/news/301422.php PoC: http://en.securitylab.ru/poc/301420.php Best regards, Valery Marchuk www.SecurityLab.ru ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Skype new IT protection measure
Ed Gerck wrote: > BTW, one may wonder what is really happening. Any other reports? > The NYT today had this article: http://www.nytimes.com/2007/08/17/business/17ebay.html Wren begin:vcard fn:J. Wren Hunt n:Hunt;J. Wren adr;dom:;;;Cambridge;MA;02138 email;internet:[EMAIL PROTECTED] title:Sr. Engineer tel;fax:1-270-897-0159 x-mozilla-html:FALSE url:http://wrenhunt.com version:2.1 end:vcard smime.p7s Description: S/MIME Cryptographic Signature
Re: New DoD encryption mandate
On Aug 16, 2007, at 8:30 AM, Ali, Saqib wrote: The other problem is that it lacks any centralized management. If you are letting TPM manage your Bitlocker keys you still need a TPM management suite with key backup/restore/transfer/migrate capabilities in case your computer goes bad. How so? If your computer goes bad, you need a *backup*. That's entirely orthogonal to the drive encryption problem. Bitlocker uses the TPM to provide assurance that your drive -- really, volume -- is locked to your computer, and that the early boot environment hasn't been messed with. When either check fails, you use the BitLocker recovery password (either on a USB stick or entered manually) to recover your data. This holds in the event that you take your drive out and stick it in a different machine. In other words, the TPM is not a single point of failure, so I don't understand why you think you care about TPM backup/restore/transfer. The third problem is that it is software based encryption, which uses the main CPU to perform the encryption. Security is never free, but in 2007, we can afford the cycles. What's a better use for them? Drawing semi-transparent stained glass window borders? -- Ivan Krstić <[EMAIL PROTECTED]> | http://radian.org - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Skype new IT protection measure
We've heard it so many times: "There's nothing to worry about." Now, Skype adds a new IT protection measure -- "love": "The Skype system has not crashed or been victim of a cyber attack. We love our customers too much to let that happen." Of course, these two phrases are a non sequitur. No amount of a company's "love" for customers will prevent their IT system from crashing or hackers from attacking and being successful. At the very least, Skype is making users uneasy with such statements. What's happening, and that's why Skype wrote about "love", is that Skype users worldwide cannot call or hear voicemail for many hours now. The visible error is that users cannot login -- hence can't call, etc. While this could understandable, what is not understandable is Skype's love declaration. BTW, one may wonder what is really happening. Any other reports? Cheers, Ed Gerck - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]