At 08:17 AM 06/03/2003 -0700, bear wrote:
what he said was "with cryptanalysis alone."
Rubber-hose methods are not cryptanalysis, and
neither is password guessing.
Eh? Password guessing certainly is.
>I'm not aware of a PGP port to the Psion, but at least the
>Psion 3/3a/3c generation were 8086-l
At 11:18 AM 6/1/03 -0400, Ian Grigg wrote:
...
This sounds workable in theory, but in practice,
one has to work with the skills base of the users
and the stress of the work.
Terrorists are generally not adept at technical
work. They are not really chosen for their
skills; more their loyalty, thei
At 11:38 AM 05/30/2003 -0700, John Young wrote:
If the FBI cannot crack PGP that does not mean other
agencies with greater prowess cannot. It is unlikely that
the capability to crack PGP would be publicly revealed
for that would close an invaluable source of information.
.
Still, it is impressi
John Kelsey wrote:
> At 01:22 PM 5/29/03 -0400, Ian Grigg wrote:
>
>> The following appears to be a bone fide case of a
>> threat model in action against the PGP program.
>
>
> ...
>
> Two comments:
>
> a. It sure seems like it would be a pain to enter a long passphrase on
> one of these thin
I had the source code).
Jill
-Original Message-
From: Dean, James [mailto:[EMAIL PROTECTED]
Sent: Friday, May 30, 2003 2:30 PM
To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
Subject: RE: "PGP Encryption Proves Powerful"
The article hedges on whether or not PGP was used on the Psion
John Kelsey wrote:
>
> At 10:29 AM 5/30/03 -0400, Anton Stiglic wrote:
>
> >So what happened to passphrase guessing? That's got to be
> >one of the weakest links. Unless their private key wasn't
> >stored on the device?
>
> One thought: How hard would it be to write a Palm app to use the
> in
At 10:29 AM 5/30/03 -0400, Anton Stiglic wrote:
So what happened to passphrase guessing? That's got to be
one of the weakest links. Unless their private key wasn't
stored on the device?
One thought: How hard would it be to write a Palm app to use the
interaction between several devices to deri
At 01:22 PM 5/29/03 -0400, Ian Grigg wrote:
The following appears to be a bone fide case of a
threat model in action against the PGP program.
...
Two comments:
a. It sure seems like it would be a pain to enter a long passphrase on one
of these things, so that seems like the most plausible attac
- Original Message -
From: "Ian Grigg" <[EMAIL PROTECTED]>
Subject: "PGP Encryption Proves Powerful"
> http://www.pcworld.com/news/article/0,aid,110841,00.asp
The article appears to use PGP simply as the most prominent example, and is
clearly undereducated in the realities of cryptograp
At 1:22 PM -0400 5/29/03, Ian Grigg wrote:
The following appears to be a bone fide case of a
threat model in action against the PGP program.
Leaving aside commentary on the pros and cons
within this example, there is a desparate lack of
real experience in how crypto systems are attacked.
IMHO, this
If the FBI cannot crack PGP that does not mean other
agencies with greater prowess cannot. It is unlikely that
the capability to crack PGP would be publicly revealed
for that would close an invaluable source of information.
Intel crackers hardly ever reveal their most essential
tools, though there
Aside from the whole governments-and-people-and-terrorists thing,
I will say that there was an event last year at my former employers'
that made us very glad we were using PGP.
An engineer's laptop got stolen. With the entire source tree of an
enterprise application that licensed for $25K a seat
At 01:22 PM 5/29/03 -0400, Ian Grigg wrote:
>The following appears to be a bone fide case of a
>threat model in action against the PGP program.
>
>Leaving aside commentary on the pros and cons
>within this example, there is a desparate lack of
>real experience in how crypto systems are attacked.
T
So what happened to passphrase guessing? That's got to be
one of the weakest links. Unless their private key wasn't
stored on the device?
--Anton
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography
hi
( 03.05.29 13:22 -0400 ) Ian Grigg:
> Does anyone know of a repository for real life
> attacks on crypto systems?
bugtraq archives?
perhaps due to the sensitive nature of encrypted data, many attacks may
not be reported. and even if so, the reports may be incomplete, or
misleading.
--
\js
The article hedges on whether or not PGP was used on the Psion mentioned.
The Psion might have been using one of the other programs listed at
http://www.ericlindsay.com/epoc/sicrypt5.htm.
-
The Cryptography Mailing List
Unsubscri
16 matches
Mail list logo