On 09/20/2008 12:09 AM, IanG wrote:
> Does anyone know of a cheap USB random number source?
Is $7.59 cheap enough?
http://www.geeks.com/details.asp?invtid=HE-280B&cat=GDT
For that you get a USB audio adapter with mike jack, and
then you can run turbid(tm) to produce high-quality randomness.
Does anyone know of a cheap USB random number source?
As a meandering comment, it would be extremely good for us if we had
cheap pocket random number sources of arguable quality [1].
I've often thought that if we had an open source hardware design of
a USB random number generator ... that cost
On Thu, 18 Sep 2008 17:18:00 +1200
[EMAIL PROTECTED] (Peter Gutmann) wrote:
> - Use TLS-PSK, which performs mutual auth of client and server
> without ever communicating the password. This vastly complicated
> phishing since the phisher has to prove advance knowledge of your
> credentials in orde
> "IanG" == IanG <[EMAIL PROTECTED]> writes:
IanG> I've often thought that if we had an open source hardware design
IanG> of a USB random number generator
It should be doable as just a RNG device for a BOM of a few tens of USD.
There are at least of couple of SoCs on the market which advert
One attack on services, which use personal questions as a backup
form of user verification, works well for high-profile users of
these systems. The attack is very simple. Go into the password
recovery page, and use Google to look up the answers to the
personal questions asked. There is enough Googl
On Sat, Sep 20, 2008 at 3:09 PM, IanG <[EMAIL PROTECTED]> wrote:
> Does anyone know of a cheap USB random number source?
>
> ...
>
> I've often thought that if we had an open source hardware design of
> a USB random number generator ... that cost a few pennies to add
> onto any other USB toy ... t
> "IanG" == IanG <[EMAIL PROTECTED]> writes:
IanG> Nope, sorry, didn't follow it. What is BOM, SoC, A plug, gerber?
Bill Of Materials -- cost of the raw hardware
System on (a) Chip -- microchip with CPU, RAM, FLASH, etc
USB A Plug -- physical flat-four interface; think USB key driv
At Sat, 20 Sep 2008 15:55:12 -0400,
Steven M. Bellovin wrote:
>
> On Thu, 18 Sep 2008 17:18:00 +1200
> [EMAIL PROTECTED] (Peter Gutmann) wrote:
>
> > - Use TLS-PSK, which performs mutual auth of client and server
> > without ever communicating the password. This vastly complicated
> > phishing s