Following up on the PS3 break, it looks like the PSP has been compromised as well, by having its authentication key stored in the PS3 (!!). From deciphering the IRC log at http://dukio.com/gadget/mathieulh-psp-master-keys-ps3.html:
- The PSP keys are stored in the PS3, allowing them to be recovered from a compromised PS3. - The "signature" algorithm used is HMAC-MD5. - Encryption is AES-CTR (someone at Sony really likes their fashion-statement cryptography. OTOH why use HMAC-MD5 then?). (If anyone else has alternative interpretations of the conversation, please post them). Ross or Bruce, if you're on this list, send Sony a copy of "Security Engineering"/"Practical Cryptography" to read before they do the PS4 :-). Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
