There's a new book on the NSA, based largely on documents received via
Freedom of Information Act requests. Bamford's review is at http://www.nybooks.com/articles/23231
.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
FYI. As I understand it, TI calculator boot ROMs use a 512 bit RSA
public key to check the signature of the software they're loading.
When hobbyists who wanted to run their own alternative OS software on
their calculator calculated the corresponding private key and were
thus able to sign their
Ekr has a very good blog posting on what seems like a bad security
decision being made by Verisign on management of the DNS root key.
http://www.educatedguesswork.org/2009/10/on_the_security_of_zsk_rollove.html
In summary, a decision is being made to use a short lived 1024 bit key
for the
On Wed, Oct 14, 2009 at 06:24:06PM -0400, Perry E. Metzger wrote:
Ekr has a very good blog posting on what seems like a bad security
decision being made by Verisign on management of the DNS root key.
http://www.educatedguesswork.org/2009/10/on_the_security_of_zsk_rollove.html
In summary,
bmann...@vacation.karoshi.com writes:
On Wed, Oct 14, 2009 at 06:24:06PM -0400, Perry E. Metzger wrote:
Ekr has a very good blog posting on what seems like a bad security
decision being made by Verisign on management of the DNS root key.
On Wed, Oct 14, 2009 at 07:22:27PM -0400, Perry E. Metzger wrote:
bmann...@vacation.karoshi.com writes:
On Wed, Oct 14, 2009 at 06:24:06PM -0400, Perry E. Metzger wrote:
Ekr has a very good blog posting on what seems like a bad security
decision being made by Verisign on management of the
bmann...@vacation.karoshi.com writes:
er... there is the root key and there is the ROOT KEY.
the zsk only has a 90 day validity period. ... meets the
spec and -ought- to be good enough. that said, it is
currently a -proposal- and if credible arguments can be made
to modify the proposal,
At 7:54 PM -0400 10/14/09, Perry E. Metzger wrote:
There are enough people here with the right expertise. I'd be interested
in hearing what people think could be done with a fully custom hardware
design and a budget in the hundreds of millions of dollars or more.
What part of owning a temporary
On Oct 14, 2009, at 7:54 PM, Perry E. Metzger wrote:
...We should also recognize that in cryptography, a small integer
safety
margin isn't good enough. If one estimates that a powerful opponent
could attack a 1024 bit RSA key in, say, two years, that's not even a
factor of 10 over 90 days, and
