Our (Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu
and me) Usenix Security paper on vulnerabilities in the P25 two-way radio
system (used by public safety agencies in the US and elsewhere) is out today.
See
http://www.crypto.com/papers/p25sec.pdf
for the paper (p
I don't know anything beyond this this news story, but interesting...
http://www.praguemonitor.com/2010/09/14/mfd-bis-offers-tax-free-money-encryption-system
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryp
On May 2, 2009, at 5:53, Peter Gutmann wrote:
"Perry E. Metzger" writes:
Greg Rose writes:
It already wasn't theoretical... if you know what I mean. The
writing
has been on the wall since Wang's attacks four years ago.
Sure, but this should light a fire under people for things like TLS
Like many people, I found last week's Newsweek cover
piece, revealing Thomas M. Tamm as the principal source
for James Risen and Eric Lichtblau's 2005 NY Times story
that broke the warrantless wiretap story, to be a riveting
read.
But I actually found a sidebar to the story even more
interesting.
On Aug 26, 2008, at 10:15, [EMAIL PROTECTED] wrote:
On Tue, Aug 26, 2008 at 9:24 AM, Perry E. Metzger
<[EMAIL PROTECTED]> wrote:
http://www.technologyreview.com/Infotech/21301/?a=f
From the article: "other toll systems, like E-Z Pass and I-Pass, need
to be looked at too"
A couple years ag
The EFF yesterday filed a letter from a number of academic security
researchers
urging the judge in the MIT "Charlie Card" case to reverse the
restraining
order. It can be found on the EFF's case page, at
http://www.eff.org/cases/mbta-v-anderson/
As a security researcher (and one of the s
One of the less-discussed risks of widespread surveillance is
not just the abuse or misuse of intercepted content and meta-
data by the government, but its accidental disclosure. As
more and more private data gets collected, and as it sits
around for longer and longer, it becomes inevitable that s
There was a terrific interdisciplinary workshop this week at MIT on
"security and human behavior". Organized by Ross Anderson and
Bruce Schneier, the idea was to bring together security researchers
from diverse fields who don't normally talk with each other: computing,
psychology, economics, crim
On May 8, 2008, at 19:08, Leichter, Jerry wrote:
An interesting datapoint I've always had on this question: Back in
1975
or so, a mathematician I knew (actually, he was a friend's PhD
advisor)
left academia to go work for the NSA. Obviously, he couldn't say
anything at all about what he wo
During the 1980's and 1990's "crypto wars", an occasional topic of
speculation was
just how much the NSA was ahead of the open/public/academic
cryptography research
community in cryptanalysis and cipher design. We wondered (and still
wonder)
whether the NSA was merely a strong center of expe
Nonsense. Total nonsense. A half-decent reverse engineer does not
need the source code and can easily determine the exact operation of
all the security-related components from the compiled executables,
extracted ROM/EPROM code or reversed FPGA/ASIC layout
I'm glad to know that you have managed t
So I recently re-read Lawrence Wright's controversial piece in the
New Yorker profiling Director of National Intelligence Mike McConnell.
(http://www.newyorker.com/reporting/2008/01/21/080121fa_fact_wright)
While the piece's glimpse into the administration's attitudes toward
torture
and warrant
I'm all for email encryption and signatures, but I don't see
how this would help against today's phishing attacks very much,
at least not without a much better trust management interface on
email clients (of a kind much better than currently exists
in web browsers).
Otherwise the phishers could j
On Jan 30, 2007, at 16:41, Steven M. Bellovin wrote:
On Tue, 30 Jan 2007 16:10:47 -0500 (EST)
"Leichter, Jerry" <[EMAIL PROTECTED]> wrote:
|
| ...There's an obvious cryptographic solution, of course: publish
the
| hash of any such documents. Practically speaking, it's useless.
| Apart
I was surprised to discover that one of James Randi's "million dollar
paranormal challenges" is protected by a surprisingly weak (dictionary-
based) commitment scheme that is easily reversed and that suffers from
collisions. For details, see my blog entry about it:
http://www.crypto.com/blog/ps
On Mar 26, 2006, at 22:07, Joseph Ashwood wrote:
- Original Message - From: "J. Bruce Fields"
<[EMAIL PROTECTED]>
Subject: Re: Creativity and security
On Fri, Mar 24, 2006 at 06:47:07PM -, Dave Korn wrote:
IOW, unless we're talking about a corrupt employee with a
photograph
Yes, it's not at all clear from these stories just what was
going on or how "high tech" the attack would have to be. What does
"diverting" to a prepaid mobile mean? Here's a possibility:
they "social engineered" or otherwise compromised the target account
to assigned it a new telephone number and
And for those who didn't catch this bit on the webcast (or in person):
The Bletchley park trust wants to sell off the building that houses the
Colossus rebuild and turn it in to housing.
Another group, the Bletchley Park Heritage (run by, among others,
the amazingly interesting Tony Sale) hopes
A group of computer scientists at Johns Hopkins and RSA Labs
is reporting practical attacks against the TI "Digital Signature
Transponder" RFID chip, which is used, among other things, to
secure many automotive "transponder" ignition keys and the
"SpeedPass" payment system. Their paper is availabl
I've been thinking for a while about the relationship between the
"human-scale" security systems used to protect the physical world
the cryptologic and software systems that protect the electronic
world. I'm increasingly convinced that these areas have far more
in common that we might initially th
On Jul 3, 2004, at 14:22, Dave Howe wrote:
Well if nothing else, it is impossible for my bank to send me anything
I would believe via email now
To take this even slightly more on-topic - does anyone here have a
bank capable of authenticating themselves to you when they ring you?
I have had f
I must admit I'm baffled, and rather appalled, to be seeing supposed
advocates of cryptography suggesting, in effect, that cryptologic
education somehow perpetuates a guild system or that deployed
security protocols need not be measured against the current state of
the art.
It might be debatable
Perry writes:
>
> Richard Schroeppel <[EMAIL PROTECTED]> writes:
> (Responding to the chorus of protocol professionals saying "please do
> not roll your own")
> > I imagine the Plumbers & Electricians Union must have used similar
> > arguments to enclose the business to themselves, and keep out u
> I imagine the Plumbers & Electricians Union must have used similar
> arguments to enclose the business to themselves, and keep out unlicensed
> newcomers. "No longer acceptable" indeed. Too much competition boys?
>
Rich,
Oh come on. Are you willfully misinterpreting what I wrote, or
did you
I wrote:
> For some recent relevant papers, see the ACM-CCS '02 paper my colleagues
> and I wrote on our JFK protocol (http://www.crypto.com/papers/jfk-ccs.ppt),
...
But of course I meant the url to be
http://www.crypto.com/papers/jfk-ccs.pdf
I don't know what I could have been thinking; I
EKR writes:
> I'm trying to figure out why you want to invent a new authentication
> protocol rather than just going back to the literature and ripping
> off one of the many skeletons that already exist (STS, JFK, IKE,
> SKEME, SIGMA, etc.). That would save people from the trouble
> of having to an
thors: 31 March 2004
Camera-Ready Papers Due: 18 May 2004
ORGANIZERS
Program Chair:
Matt Blaze, AT&T / University of Pennsylvania
Program Committee:
Bill Aiello, AT&T Labs - Research
Tina Bird, Stanford University
Drew Dean, SRI International
Carl Ellison, Microsoft
Eu-Jin Goh, Stanfo
27 matches
Mail list logo