Hi,
made two pictures of the padlock with the backdoor:
http://www.danisch.de/tmp/pict0951x.jpg
shows the TSA keywhole: Just a very simple standard
key cylinder, pretty easy to produce a general key from any lock.
But that's waste of time. The lock suffers from the same weakness
almost all l
On Mon, Feb 26, 2007 at 10:36:22PM -0600, Taral wrote:
>
> I'm just waiting for someone with access to photograph said keys and
> post it all over the internet.
It does not need access to the keys.
Do you know that car Volkswagen Golf? As far as I know also sold in
the USA.
In the eighties
On Tue, Feb 27, 2007 at 01:09:00AM -0500, David Chessler wrote:
>
> This is why I don't bother with padlocks until I get to the hotel
> room. It is a good idea to slow down the petty thief, but a "twist
> tie" from a plastic bag will work. I use the nylon straps used to
> hold cable bunches in p
Hi Allen,
On Mon, Feb 26, 2007 at 09:23:30PM -0800, Allen wrote:
> Hi Hadmut,
>
> combination lock brands in the $30 to $45 USD range where you can
> set the combination to whatever you want. Guess what? They all
> seemed to use the same key to enable setting the combination.
Why make it tha
On Mon, Feb 26, 2007 at 10:36:22PM -0600, Taral wrote:
>
> I'm just waiting for someone with access to photograph said keys and
> post it all over the internet.
There's nothing spectacular about it.
That's the one I have bought:
http://www.pac-safe.com/www/index.php?_room=3&_action=detail&id
Hi,
has this been mentioned here before?
I just had my crypto mightmare experience.
I was in a (german!) outdoor shop to complete my equipment
for my next trip, when I came to the rack with luggage padlocks
(used to lock the zippers).
While the german brand locks were as usual, all the US
On Fri, Sep 08, 2006 at 11:31:28AM -0700, Lance James wrote:
> SecurID should not be the only concept for dependence.
Yeah, however, it is a smart device which provides a reasonable level
of security in a very simple and almost foolproof way (I know a case
where the users complained that it did
Hi Lance,
On Fri, Sep 08, 2006 at 10:26:45AM -0700, Lance James wrote:
>
> Another problem from what I see with Malware that steals data is the
> formgrabbing and "on event" logging of data. Malware can detect if
> SecureID is being used based on targeted events, example: Say HSBC
> (Hypothetical
Hi,
I recently tested an RSA SecurID SID800 Token
http://www.rsasecurity.com/products/securid/datasheets/SID800_DS_0205.pdf
The token is bundled with some windows software designed to make
user's life easier. Interestingly, this software provides a function
which directly copies the current toke
On Wed, Apr 26, 2006 at 10:41:12PM -0400, Steven M. Bellovin wrote:
>
> Ah -- corporate key escrow. An overt back door for Little Brother, rather
> than a covert one for Big Brother
You should check the list of recipient keys in PGP messages from time
to time anyway. I recently found a bug
Hi,
On Wed, Apr 26, 2006 at 03:18:40PM -0400, Sean W. Smith wrote:
> I like the definition in Kaufman-Perlman-Speciner:
>
> "A completely generic term used by the security community to include
> both people and computer systems. Coined because it is more
> dignified than 'thingy' and becau
Hi,
is anyone aware of a general and precise definition of the term
'principal' (as a noun) in the context of security?
I need to solve a dispute. Someone claims, that 'principal' is an
established 'concept' introduced by Roger Needhams, but could not give
any citation. Someone else confirms th
" When designing
measures against spam, we should take this into consideration.
Maybe in near future the advantages of that noise produced by millions
of bots will outweigh the disadvantages?
Comments are welcome.
Hadmut Danisch
On Fri, Nov 04, 2005 at 09:16:16AM +, Nick Owen wrote:
>
> No, this is not it. It is this attack and similar:
>
> http://tinyurl.com/a3b89
>
> The phishers are not using valid certificates, but users are so immune
> to warnings about certificates that they don't pay attention to them.
> It
When I came to Washington DC last november, my portrait and
fingerprints were taken for the first time. I was the last one in the
queue and the immigration officer was a nice guy, so I asked him how
this should protect against terrorists. As far as I read in the
newspapers, the 911 attackers just c
Hi,
you most probably have heard about the court case where the presence
of encryption software on a computer was viewed as evidence of
criminal intent.
http://www.lawlibrary.state.mn.us/archive/ctappub/0505/opa040381-0503.htm
http://news.com.com/Minnesota+court+takes+dim+view+of+encryption/2100-
On Sat, Jan 29, 2005 at 01:09:32PM -0500, Steven M. Bellovin wrote:
> This chip is used in anti-theft
> automobile immobilizers and in the ExxonMobil SpeedPass.
If I recall correctly, there are two different electronic
functions in key cars. One is the theft protection where the chip
needs to a
Dean, James wrote:
>> The order of the wheels can't be changed.
> So this encryption device doesn't use any key?
Only the most trivial; you choose the row to transmit.
From what I've seen on the web not even that:
Unlike the original Jefferson wheel these toys are not
intended to choose any row,
Dean, James wrote:
The order of the wheels can't be changed.
So this encryption device doesn't use any key?
regards
Hadmut
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Hi,
does anyone know where I can get a
Jefferson Wheel or a replica?
regards
Hadmut
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Anish wrote:
could you please translate atleast the abstract for the rest of us :-)
http://www.heise.de/tp/deutsch/inhalt/co/18371/1.html
Sure, some of the first paragraphs:
As a german codebreaker in World War II
Klaus Schmeh 23.9.2004
For the first time a witness reported, who was involved in br
On Thu, Sep 16, 2004 at 12:41:41AM +0100, Ian Grigg wrote:
>
> It occurs to me that a number of these ideas could
> be written up over time ... a wiki, anyone? I think
> it is high past time to start documenting crypto
> patterns.
Wikis are not that good for discussions, and I do believe
that th
On Wed, Sep 15, 2004 at 11:39:25AM -0700, Ed Gerck wrote:
>
> Yes, SSL and public-key encryption are and continue to be a success for web
> servers. However, the security model for protecting email with public-key
> cryptography seems to be backwards, technically and business wise.
Exactly. It i
Hi,
I have again one of these special, strange, freaky questions.
I'm still investigating some "unusual activities" in
science and cryptography.
There are some handwritten notes, they seem
to be some kind of transcript of slides from a talk
about cryptography. I need to find out when, where,
On Mon, Sep 13, 2004 at 02:41:21PM -0400, Sam Hartman wrote:
>
> >> No. opportunistic encryption means I have retrieved a key or
> >> cert for the other party, but do not know whether it is
> >> actually the right cert.
>
> Tim> If the key is retrieved from the other end of a TCP
On Mon, Sep 06, 2004 at 11:52:03AM -0600, R. A. Hettinga wrote:
>
> E-mail security company MX Logic Inc. will report this week that 10 percent
> of all spam includes such SPF records,
I have mentioned this problem more than a year ago in context of
my RMX draft (SPF, CallerID and SenderID are b
On Wed, Sep 01, 2004 at 04:02:02PM +1200, Peter Gutmann wrote:
>
> comp.compression FAQ, probably question #1 given the number of times this
> comes up in the newsgroup.
>
> (I've just checked, it's question #9 in part 1. Question #73 in part 2 may
> also be useful).
Thanks, that's a pretty g
On Tue, Aug 31, 2004 at 05:07:30PM -0500, Matt Crawford wrote:
>
> Plus a string of log(N) bits telling you how many times to apply the
> decompression function!
> Uh-oh, now goes over the judge's head ...
Yeah, I just posted a lengthy description why I think that this
counterexample is not a c
On Tue, Aug 31, 2004 at 04:56:25PM -0400, John Denker wrote:
> 4) Don't forget the _recursion_ argument. Take their favorite
> algorithm (call it XX). If their claims are correct, XX should
> be able to compress _anything_. That is, the output of XX
> should _always_ be at least one bit shor
Hi,
I need a literature reference for a simple problem of
encoding/compression theory:
It can be easily shown that there is no lossless
compression method which can effectively compress every possible
input. Proof is easy: In a first step, consider all
possible messages of length n bit, n>0.
Hi,
does anyone know good jokes about
cryptography, cryptographers, or security?
regards
Hadmut
[Moderator's note: I know of several security systems that are jokes
in and of themselves, but that doesn't seem to be what you meant. :)
--Perry]
-
On Mon, Apr 26, 2004 at 08:21:43PM +0100, Graeme Burnett wrote:
>
> Would anyone there have any good predictions on how
> cryptography is going to unfold in the next few years
> or so? I have my own ideas, but I would love
> to see what others see in the crystal ball.
My guess is that it is un
On Sat, Apr 03, 2004 at 11:49:15PM +0100, Dave Howe wrote:
>
> If you mean he gave a false assurance of the security of a product for a
> friend - why would he do that? I can't think of any of my friends who would
> want me to tell them sofware was secure if it wasn't.
...
> I suppose that depends
Hi,
this is not a technical question, but a rather
academic or abstract one:
Do Cryptographers burn?
Cryptography is a lot about math, information theory,
proofs, etc. But there's a certain level where all this
is too complicated and time-consuming to follow all those
theories and claims. At a
Hi,
Canon provides a so called Data Verification Kit
which allegedly allows to detect whether a digital
image has been tampered with since it has been taken
with a digital camera.
I found the announcement at
http://www.dpreview.com/news/0401/04012903canondvke2.asp
They say:
How it works
On Fri, Oct 03, 2003 at 05:55:25PM +0100, Jill Ramonsky wrote:
> Having been greatly encouraged by people on this list to go ahead with a
> new SSL implementation,
That's a pretty good idea, I also encourage you (and volunteer to
support).
> The main
> point of confusion/contention right now
On Sat, Sep 13, 2003 at 09:06:56PM +, David Wagner wrote:
>
> You're absolutely right. Quantum cryptography *assumes* that you
> have an authentic, untamperable channel between sender and receiver.
So as a result, Quantum cryptography depends on the known
methods to provide authenticity and
On Mon, Sep 01, 2003 at 12:23:28PM -0400, Ian Grigg wrote:
>
> The dream of PKI seems to revolve around these major areas:
>
> 1. invoicing, contracting - no known instances
> 2. authentication and authorisation - SSL client
> side certs deployed within organisations.
> 3. payments
Hi,
On Thu, Jul 17, 2003 at 04:27:52PM -0400, Ian Grigg wrote:
> Does anyone know any instances of invoicing and
> contracting systems that use PKI and digital orders?
>
> That is, purchasing departments and selling departments
> communicating with digitally signed contracts, purchase
> orders, d
39 matches
Mail list logo