Re: Digital cash and campaign finance reform

At 04:51 PM 9/8/2003 -0700, Joseph Ashwood wrote: - Original Message - From: "Steve Schear" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> [anonymous funding of politicians] > Comments? Simple attack: Bob talks to soon to be bought politician. "Tomorrow you'll recieve a do

Re: Who needs secure wireless / tappable wireless infrastructure

> And this says nothing at all about the need for tactical > military wiretaps on GSM systems under battlefield conditions when > soldiers lives may depend on determining what the enemy is saying over > cellphones used to direct attacks against friendly forces. Or when innocent civilians nee

Re: Code breakers crack GSM cellphone encryption

> See their paper at CRYPTO 2003 for more details. I am disappointed that > you seem to be criticizing their work before even reading their paper. > I encourage you to read the paper -- it really is interesting. OK, then, where is it? I looked on: www.iacr.org under Crypto 2003 -- no papers t

Re: OpenSSL *source* to get FIPS 140-2 Level 1 certification

Rich Salz <[EMAIL PROTECTED]> writes: >Sure, that's why it's *the first.* They have never done this before, and it >is very different to how they (or their Ft Meade experts) have done things >before. I suppose one could argue that they're doing this for Level 1 to >increase the industry demand f

Re: fyi: bear/enforcer open-source TCPA project

> > >How can you verify that a remote computer is the "real thing, doing > >the right thing?" > > You cannot. Using a high-end secure coprocessor (such as the 4758, but not with a flawed application) will raise the threshold for the adversary significantly. No, there are no absolutes. But ther

Re: Is cryptography where security took the wrong branch?

At 04:25 PM 9/8/2003 -0700, Joseph Ashwood wrote: Actually they do target very different aspects. SET, 3D-Secure, and any other similar have a different target then SSL. To understand this it is important to realize that instead of the usual view of two-party transactions, credit card transactions

X9.59 where is it?

On Tue, 9 Sep 2003, Anne & Lynn Wheeler wrote: > http://www.garlic.com/~lynn/index.html#x959 > One of the things addressed by X9.59 was not the elimination of the ability > to harvest the merchant transaction file ... but to make the account > numbers in the merchant transaction file useless for f

Re: Code breakers crack GSM cellphone encryption

Vin McLellan wrote: >A5/2 was the equivalent of 40-bit DES, presumed to be relatively weak and >developed as an export standard. Yeah. Except it would be more accurate to place A5/2's strength as roughly equivalent to 17-bit DES. A5/1's strength is roughly equivalent to that of 40-bit DES. Of

x9.59

Anne & Lynn Wheeler wrote: > > The result is X9.59 which addresses all the major > exploits at both POS as well as internet (and not just credit, but debit, > stored-value, ACH, etc ... as well). > http://www.garlic.com/~lynn/index.html#x959 Lynn, Whatever happened to x9.59? Also, is there a

OT: Swiss ATM Bancomat 5.0 BM5.0

The September/October 2003 edition of the German magazine "Objektspektrum" contains an article about the development of an ATM system to be used in Switzerland. (Alexander Rietsch: "Die Neuentwicklung des Raiffeisen-Bankomaten", p.30-34. In passing it mentions that they use Windows 2000, an MS Acce

Re: x9.59

At 01:44 PM 9/9/2003 -0400, Ian Grigg wrote: Anne & Lynn Wheeler wrote: > > The result is X9.59 which addresses all the major > exploits at both POS as well as internet (and not just credit, but debit, > stored-value, ACH, etc ... as well). > http://www.garlic.com/~lynn/index.html#x959 Lynn, What

Re: Code breakers crack GSM cellphone encryption

David Wagner wrote: > > Vin McLellan wrote: > >A5/2 was the equivalent of 40-bit DES, presumed to be relatively weak and > >developed as an export standard. > > Yeah. Except it would be more accurate to place A5/2's strength as > roughly equivalent to 17-bit DES. A5/1's strength is roughly equ

Re: Code breakers crack GSM cellphone encryption

One point your analysis misses is that there are public policy implications to deploying a phone system that enemy countries can routinely intercept. Not all attacks are financially motivated. Is it a good thing for our infrastructure to be so insecure? Do we want other countries listening to our

Re: Code breakers crack GSM cellphone encryption

Ian Grigg wrote: >What's not clear is whether the GSM group can pull this >trick off next time. They may have to put in real security >into the G3, to counter the third threat. Or, maybe not, >as now, there is the additional weapon of the law on their >side, which might be enough to keep the thi

Re: Is cryptography where security took the wrong branch?

At 05:19 PM 9/7/2003 -0600, Anne & Lynn Wheeler wrote: Out of all this, there is somewhat a request from the CA/PKI industry that a public key be registered as part of domain name registration (no certificate, just a public key registration). Then SSL domain name certificate requests coming into

Police smash UK's biggest credit card fraud ring

here is example of downloading the database ... but not (necessarily) over the internet ... and not involving internet transactions. not in general there is some amount of counterfeit cards going on from skimming. There are even reports in the UK press ... of counterfeit EMV (chip) "yes cards"

Re: OpenSSL *source* to get FIPS 140-2 Level 1 certification

Tolga Acar wrote: > Well, that is sort of my point. > SHA1 is not a signature algorithm, sha1-with-rsa is, and that RSA is not > a certified algorithm in OpenSSL's FIPS 140 certification, > sha1-with-rsa isn't, either. > Perhaps, my understanding of the OpenSSL FIPS 140 certification is not > enti

Re: Is cryptography where security took the wrong branch?

Now that the waters have been muddied (by several of us). My point was that 3D-Secure (and SET and whatever else comes along) covers a different position in the system than SSL does (or can). As such they do have a purpose, even though they may be horribly bloated and nearly non-functional. Visa at

GSM Crack Paper

"Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communications," by Elad Barkan, Eli Biham, Nathan Keller http://cryptome.org/gsm-crack-bbk.pdf (18 Pages, 234KB) Abstract. In this paper we present a very practical cipher-text only cryptanalysis of GSM encrypted communications, and vari

Re: Digital cash and campaign finance reform

- Original Message - From: "Steve Schear" <[EMAIL PROTECTED]> Subject: Re: Digital cash and campaign finance reform > At 04:51 PM 9/8/2003 -0700, Joseph Ashwood wrote: > >- Original Message - > >From: "Steve Schear" <[EMAIL PROTECTED]> > >To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTE

Re: Digital cash and campaign finance reform

Steve suggested (see below) that anonymous cash may be useful to hide the identities of contributors from the party/candidate they contribute to. I'm afraid this won't work: e-cash protocols are not trying to prevent a `covert channel` between the payer and payee, e.g. via the choice of random

Re: Is cryptography where security took the wrong branch?

At 05:07 PM 9/9/2003 -0700, Joseph Ashwood wrote: Now that the waters have been muddied (by several of us). My point was that 3D-Secure (and SET and whatever else comes along) covers a different position in the system than SSL does (or can). As such they do have a purpose, even though they may be h

Uncrackable beams of light

The Economist MONITOR Uncrackable beams of light Sep 4th 2003 >From The Economist print edition Quantum cryptography±hailed by theoreticians as the ultimate of uncrackable codes±is finally going commercial IN THE