There's a new book on the NSA, based largely on documents received via
Freedom of Information Act requests. Bamford's review is at http://www.nybooks.com/articles/23231
.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
--
FYI. As I understand it, TI calculator boot ROMs use a 512 bit RSA
public key to check the signature of the software they're loading.
When hobbyists who wanted to run their own alternative OS software on
their calculator calculated the corresponding private key and were
thus able to sign their own
Ekr has a very good blog posting on what seems like a bad security
decision being made by Verisign on management of the DNS root key.
http://www.educatedguesswork.org/2009/10/on_the_security_of_zsk_rollove.html
In summary, a decision is being made to use a "short lived" 1024 bit key
for the sign
On Wed, Oct 14, 2009 at 06:24:06PM -0400, Perry E. Metzger wrote:
>
> Ekr has a very good blog posting on what seems like a bad security
> decision being made by Verisign on management of the DNS root key.
>
> http://www.educatedguesswork.org/2009/10/on_the_security_of_zsk_rollove.html
>
> In su
bmann...@vacation.karoshi.com writes:
> On Wed, Oct 14, 2009 at 06:24:06PM -0400, Perry E. Metzger wrote:
>> Ekr has a very good blog posting on what seems like a bad security
>> decision being made by Verisign on management of the DNS root key.
>>
>> http://www.educatedguesswork.org/2009/10/on_th
On Wed, Oct 14, 2009 at 07:22:27PM -0400, Perry E. Metzger wrote:
>
> bmann...@vacation.karoshi.com writes:
> > On Wed, Oct 14, 2009 at 06:24:06PM -0400, Perry E. Metzger wrote:
> >> Ekr has a very good blog posting on what seems like a bad security
> >> decision being made by Verisign on manageme
bmann...@vacation.karoshi.com writes:
> er... there is the root key and there is the ROOT KEY.
> the zsk only has a 90 day validity period. ... meets the
> "spec" and -ought- to be good enough. that said, it is
> currently a -proposal- and if credible arguments can be made
> to modify the propo
At 7:54 PM -0400 10/14/09, Perry E. Metzger wrote:
>There are enough people here with the right expertise. I'd be interested
>in hearing what people think could be done with a fully custom hardware
>design and a budget in the hundreds of millions of dollars or more.
What part of owning a temporary
On Oct 14, 2009, at 7:54 PM, Perry E. Metzger wrote:
...We should also recognize that in cryptography, a small integer
safety
margin isn't good enough. If one estimates that a powerful opponent
could attack a 1024 bit RSA key in, say, two years, that's not even a
factor of 10 over 90 days, and
