At toorcon this year there will be a talk on quantum cryptography along
with a demonstration of some experimental quantum crypto hardware on
loan from a company in switzerland. Also, there's going to be a really
good keynote talk by Bruce Schneier of Counterpane and quite a few
others that
Actually, patenting the method isn't nearly as silly as it sounds.
Produced in quantity, a device to break GSM using this attack is not going
to cost much more than a cellphone (without subsidies). Patenting the
attack prevents the production of the radio shack (tm) gsm scanner, so
that it at
You propose to put a key into a physical device and give it
to the public, and expect that they will never recover
the key from it? Seems unwise.
You think the public can crack FIPS devices? This is mass-market, not
govt-level attackers.
Second, if the key's in hardware you *know* it's been
Rich Salz [EMAIL PROTECTED] writes:
Second, if the key's in hardware you *know* it's been stolen. You don't know
that for software.
Only for some definitions of stolen. A key held in a smart card that does
absolutely everything the untrusted PC it's connected to tells it to is only
marginally
There are roughly 1B GSM/3GPP/3GPP2
SIMs in daily use and the number of
keys extracted from them is diminishingly
small.
-Original Message-
From: bear [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 11, 2003 3:43 AM
To: Sean Smith
Cc: [EMAIL PROTECTED]
Subject: Re: fyi:
Thus spake Rich Salz ([EMAIL PROTECTED]) [11/09/03 08:51]:
You propose to put a key into a physical device and give it
to the public, and expect that they will never recover
the key from it? Seems unwise.
You think the public can crack FIPS devices? This is mass-market, not
govt-level
Just to clarify...
I'm NOT saying that any particular piece of secure hardware can never be
broken. Steve Weingart (the hw security guy for the 4758) used to insist that
there was no such thing as tamper-proof. On the HW level, all you can do is
talk about what defenses you tried, what
And 'the public' doesn't include people like government level attackers?
People like cryptography experts? People who like to play with things like
this?
No it doesn't. *It's not in the threat model.*
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology
http://lists.netsys.com/pipermail/full-disclosure/2003-September/009856.html
[Full-Disclosure] A precis of the new attacks against GSM encryption (fwd)
Lukasz Luzar [EMAIL PROTECTED]
Thu, 11 Sep 2003 10:21:33 +0200 (CEST)
Previous message: [Full-Disclosure] PTms03039.zip
Next message:
--- begin forwarded text
Status: U
From: Patrick [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Lucrative-L] ponderance of the day
Date: Thu, 11 Sep 2003 20:22:17 -0600
Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Question: What kind of filter do you use in your Java pot?
10 matches
Mail list logo
