* Peter Fairbrother:
No, it isn't! A handwritten signature is far better, it gives post-facto
evidence about who authorised the transaction - it is hard to fake a
signature so well that later analysis can't detect the forgery,
Apparently, handwritten signatures can be repudiated, at least
Peter Fairbrother wrote:
Also there are several attacks on Chip n' PIN as deployed here in the UK,
starting with the fake reader attacks - for instance, a fake reader says you
are authorising a payment for $6.99 while in fact the card and PIN are being
used to authorise a transaction for
Ian G [EMAIL PROTECTED] writes:
Definitely. Maybe time for a BCP, not just for AES but for general block
ciphers?
What is a BCP? Best Coding Practices? Block Cipher Protocol?
Best Current Practice, a special-case type of RFC. Based on recent experience
with this style of collaborative
Peter Fairbrother [EMAIL PROTECTED] writes:
Steven M. Bellovin wrote:
Designing a system that deflects this sort of attack is challenging.
The right answer is smart cards that can digitally sign transactions
No, it isn't! A handwritten signature is far better, it gives post-facto
evidence about
Ian G [EMAIL PROTECTED] writes:
On Tuesday 21 June 2005 13:45, Peter Gutmann wrote:
Best Current Practice, a special-case type of RFC. Based on recent experience
with this style of collaborative document editing, I've set up a wiki at
http://blockcipher.pbwiki.com/, blank username, password
4055 Additional Algorithms and Identifiers for RSA Cryptography for use
in the Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile. J. Schaad, B. Kaliski, R.
Housley. June 2005. (Format: TXT=57479 bytes) (Updates RFC3279) (Status:
PROPOSED STANDARD)
| Uhh, that wasn't really what I was after, that's pretty much textbook stuff,
| what I wanted was specifically advice on how to use block ciphers in a way
| that avoids possibilities for side-channel (and similar) attacks. I have some
| initial notes that can be summarised as Don't let yourself
Ian Grigg [EMAIL PROTECTED] writes:
Alternatively, if one is in the unfortunate position of being an oracle for a
single block encryption then the packet could be augmented with a cleartext
random block to be xor'd with the key each request.
Moves you from being an encryption oracle to a