Re: gauging interest in forming an USA chapter of IISP

2007-12-14 Thread Alex Alten
Ali, Sorry for the misunderstanding. I'm not soliciting for new members. If there happens to be anyone on this list who is an IISP member and lives in the USA and would be interested in forming a chapter on this side of the Atlantic then I'd like to work with them to establish it. That's

Re: Flaws in OpenSSL FIPS Object Module

2007-12-14 Thread Thor Lancelot Simon
On Tue, Dec 11, 2007 at 04:00:42PM -0500, Leichter, Jerry wrote: | It is, of course, the height of irony that the bug was introduced in | the very process, and for the very purpose, of attaining FIPS | compliance! | | But also to be expected, because the feature in question is |

Re: More on in-memory zeroisation

2007-12-14 Thread Alan Barrett
On Tue, 11 Dec 2007, Leichter, Jerry wrote: You can almost, but not quite, get the desired effect for memory zero- ization with volatile. I thought that this was guaranteed to work: volatile char buf[SIZE]; /* ... do stuff with buf ... */ memset(buf, 0, sizeof(buf));

Re: More on in-memory zeroisation

2007-12-14 Thread Jack Lloyd
On Wed, Dec 12, 2007 at 05:27:38PM -0500, Thierry Moreau wrote: As a consequence of alleged consensus above, my understanding of the C standard would prevail and (memset)(?,0,?) would refer to an external linkage function, which would guarantee (to the sterngth of the above consensus)

Re: gauging interest in forming an USA chapter of IISP

2007-12-14 Thread Ali, Saqib
How will this be any different from being a member of ISC2 or ISACA? Why do we need to be a member of yet another organization? saqib http://www.quantumcrypto.de/dante/ On Dec 12, 2007 12:21 PM, Alex Alten [EMAIL PROTECTED] wrote: Would anyone on this list be interested in forming a USA

Re: PunchScan voting protocol

2007-12-14 Thread Taral
On 12/12/07, John Denker [EMAIL PROTECTED] wrote: Several important steps in the process must be carried out in secret, and if there is any leakage, there is unbounded potential for vote-buying and voter coercion. I've done quite a bit of work with this protocol. The protocol assumes the

Re: Intercepting Microsoft wireless keyboard communications

2007-12-14 Thread Peter Gutmann
James A. Donald [EMAIL PROTECTED] writes: At every block boundary, keyboard transmits a special signal in the clear that signifies block boundary. Any time that no key has been pressed for a while, then when a key is finally pressed, keyboard transmits a bunch of no- ops sufficient to ensure

Re: PlayStation 3 predicts next US president

2007-12-14 Thread John Levine
The financial industry has actually created its own system - I forget the name, some like a Gold Bond Certification - that it requires for certain high-importance transactions (e.g., a document asserting you own some stock for which you've lost the certificates). That's a medallion signature

RE: More on in-memory zeroisation

2007-12-14 Thread Dave Korn
I've been through the code. As far as I can see, there's nothing in expand_builtin_memset_args that treats any value differently, so there can't be anything special about memset(x, 0, y). Also as far as I can tell, gcc doesn't optimise out calls to memset, not even thoroughly dead ones: for

Re: More on in-memory zeroisation

2007-12-14 Thread Thierry Moreau
Jack: Thank you for pointing this. I must admit you point to an inescapable counter-example for my analysis. Maybe global optimization was not a significant factor in the 1980's when the C standard language was established -- it does refer to external linkage and genuine function. In the

RE: More on in-memory zeroisation

2007-12-14 Thread Leichter, Jerry
| I've been through the code. As far as I can see, there's nothing in | expand_builtin_memset_args that treats any value differently, so there | can't be anything special about memset(x, 0, y). Also as far as I can | tell, gcc doesn't optimise out calls to memset, not even thoroughly | dead

Re: Flaws in OpenSSL FIPS Object Module

2007-12-14 Thread Joshua Hill
On Thu, Dec 13, 2007 at 08:29:47PM -0500, Thor Lancelot Simon wrote: In fact, I was in the middle of a FIPS-140 certification at level 2 a number of years ago when the Known Answer Test for the X9.17 block cipher based PRNG was introduced. One unanticipated side effect of this test was to

Re: Flaws in OpenSSL FIPS Object Module

2007-12-14 Thread Thor Lancelot Simon
On Fri, Dec 14, 2007 at 08:33:16AM -0800, Joshua Hill wrote: You may be confusing the requirements for a KAT which is a power-up health check on all of the deterministic components of the PRNG (which is run on power-up and requires that you fix all the inputs to some specific known value and

Re: Flaws in OpenSSL FIPS Object Module

2007-12-14 Thread Joshua Hill
On Fri, Dec 14, 2007 at 01:27:57PM -0500, Thor Lancelot Simon wrote: The PRNG test which requires DT to be run as a monotonic counter is, in fact, a known-answer test. The variable seed test portion of CAVS testing specifies a DT of 0 in all cases and only one round is run for each seed, so

Re: More on in-memory zeroisation

2007-12-14 Thread Werner Koch
On Thu, 13 Dec 2007 21:11, [EMAIL PROTECTED] said: volatile char buf[SIZE]; /* ... do stuff with buf ... */ memset(buf, 0, sizeof(buf)); This has the little disadvantage that you need to check the attributes of BUF first and that you can't immediately see what the memset is