Schneier on A5/1 crack

2008-02-22 Thread Perry E. Metzger
Bruce Schneier has a good blog post on the latest A5/1 attack. http://www.schneier.com/blog/archives/2008/02/cryptanalysis_o_1.html -- Perry E. Metzger[EMAIL PROTECTED] - The Cryptography Mailing List Unsubscr

Re: cold boot attacks on disk encryption

2008-02-22 Thread Leichter, Jerry
| Their key recovery technique gets a lot of mileage from using the | computed key schedule for each round of AES or DES to provide | redundant copies of the bits of the key. If the computer cleared | the key schedule storage, while keeping the key itself when the | system is in sleep mode, or whe

Re: cold boot attacks on disk encryption

2008-02-22 Thread Leichter, Jerry
| ...I imagine this will eventually have a big impact on the way organizations | respond to stolen mobile device incidents. With the current technology, if a | laptop or mobile device is on when it's stolen, companies will need to assume | that the data is gone, regardless of whether or not encrypt

Re: cold boot attacks on disk encryption

2008-02-22 Thread Jon Callas
So, is anyone else as amused as I am that Apple can release an EFI firmware update to zeroize MacBook Air memory at boot-time, turning the heretofore widely-decried inability to upgrade that laptop's RAM -- due to the chips being soldered to the motherboard -- into an advantage, and making

Re: cold boot attacks on disk encryption

2008-02-22 Thread Ivan Krstić
On Feb 21, 2008, at 6:40 PM, Ali, Saqib wrote: i think in most cases tamper-resistant is sufficient Er, what do TPMs have to do with this at all? TPMs are not tamper- proof hardware FDE devices. They're somewhat tamper-proof (in practice, I wouldn't depend on it) non-volatile storage for sm

Re: cold boot attacks on disk encryption

2008-02-22 Thread Jacob Appelbaum
Jon Callas wrote: > > On Feb 21, 2008, at 12:14 PM, Ali, Saqib wrote: > >> However, the hardware based encryption solutions like (Seagate FDE) >> would easily deter this type of attacks, because in a Seagate FDE >> drive the decryption key never gets to the DRAM. The keys always >> remain in the

Re: USB drive manufacturer encrypts data with XOR

2008-02-22 Thread Peter Gutmann
Rui Paulo <[EMAIL PROTECTED]> writes: >"The specifications of the 2.5in. Easy Nova Data Box PRO-25UE RFID hard drive >case by German vendor Drecom sound promising: hardware data encryption with >128-bit AES, access control via an RFID chip compact enough to carry around >on your key ring and optio

Re: Fixing SSL (was Re: Dutch Transport Card Broken)

2008-02-22 Thread Peter Gutmann
Thierry Moreau <[EMAIL PROTECTED]> writes: >At first, it seems neat. But then, looking at how it works in practice: the >client receives an e-mail notification soliciting him to click on a HTML link >and then enroll for a security certificate, the client is solicited exactly >like a phishing crimi