Lately on both of these lists there has been quite some discussion about
TCPA and Palladium, the good, the bad, the ugly, and the anonymous. :)
However there is something that is very much worth noting, at least about
TCPA.
There is nothing stopping a virtualized version being created.
There is
[Paul has been tracking Dutch government requirements that ISPs
implement covert wiretaps against their customers -- and the technical
standards of the equipment that does it -- for a few years.
See www.opentap.org. --gnu]
From: Paul Wouters <[EMAIL PROTECTED]>
Update tapping in the Netherla
[Perry message forwarded a notice of a paper on an attack against PGP and
GnuPG]
A posting on bugtraq in response said, in part:
> From: "Werner Koch" <[EMAIL PROTECTED]>
[...]
> Countermeasures are defined in the OpenPGP drafts since October 2000.
>
> This MDC (Manipulation Detection Code) feat
actually it is possible to build chips that generate keys as part of
manufactoring power-on/test (while still in the wafer, and the private key
never, ever exists outside of the chip) ... and be at effectively the same
trust level as any other part of the chip (i.e. hard instruction ROM).
using
Brian LaMacchia writes:
> So the complexity isn't in how the keys get initialized on the SCP (hey, it
> could be some crazy little hobbit named Mel who runs around to every machine
> and puts them in with a magic wand). The complexity is in the keying
> infrastructure and the set of signed state
--- Begin Message ---
Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG
K. Jallad, J. Katz, and B. Schneier
We recently noted that PGP and other e-mail encryption protocols are, in
theory, highly vulnerable to chosen-ciphertext attacks in which the recipient
of the e-mail acts a
--
On 13 Aug 2002 at 0:05, AARG! Anonymous wrote:
> The point is that while this is a form of signed code, it's not
> something which gives the TPM control over what OS can boot.
> Instead, the VCs are used to report to third party challengers
> (on remote systems) what the system configura
--
On 12 Aug 2002 at 16:32, Tim Dierks wrote:
> I'm sure that the whole system is secure in theory, but I
> believe that it cannot be securely implemented in practice and
> that the implied constraints on use & usability will be
> unpalatable to consumers and vendors.
Or to say the same thing
On Mon, Aug 12, 2002 at 12:38:42AM -0700, Brian A. LaMacchia wrote:
|
| > I don't know for sure whether Microsoft is going to do this, or is
| > even capable of doing this. It would be a cool idea. It also isn't
| > sufficient to address all questions about deliberate malfeasance.
| > Back in t
Does anyone know where I can find P.G. Comba's paper "Exponentiation
Cryptosystems on the IBM PC", published in IBM Sys Journal vol 29? I have
looked everywhere and come up dry; a reference here and there, and that's
about it.
Was it republished somewhere under a different title, perhaps?
Thanks
10 matches
Mail list logo