Peter Lebbing pe...@digitalbrains.com wrote:
On 05/12/13 13:20, Paul R. Ramer wrote:
On that note, why assume that the manufacturer would not do the
opposite:
feign helping the spy agency by giving them a compromised ROM and
then
substituting a secure one on the real product. In either case, we
On Sat, 7 Dec 2013 11:29, ein...@pvv.org said:
AFAIK, the US has no import restrictions on cryptography, and the RSA patent
ran out years ago, so e.g. shop.kernelconcepts.de should be able to ship it to
you.
IIRC, Petra of kernelconcepts told me that there is no problem for them
to ship to
Il 08/12/2013 14:15, Mark Schneider ha scritto:
A little security is not real security. There always can be backdoors in
the firmware (BIOS, closed source drivers etc).
Why is everyone thinking 'BIOS' as backdoorable piece of sw? Why not the
hard disk?
http://spritesmods.com/?art=hddhack
Just
Am 08.12.2013 19:13, schrieb NdK:
Why is everyone thinking 'BIOS' as backdoorable piece of sw? Why not the
hard disk?
http://spritesmods.com/?art=hddhack
Just another piece to think of when building a secure system...
Excellent article! Thank you.
Writing firmware I meant every piece of code
On 08/12/13 21:13, Mark Schneider wrote:
BTW: there is no video at:
http://achtbaan.nikhef.nl/events/OHM/video/d2-t1-13-20130801-2300-hard_disks_more_than_just_block_devices-sprite_tm.m4v
You can find it at:
On Fri, Dec 06, 2013 at 06:41:31PM +, Bob (Robert) Cavanaugh wrote:
If it is not violating any agreements or policies, can somebody on this
thread please point to a source in the US for these products?
AFAIK, the US has no import restrictions on cryptography, and the RSA patent
ran out
On Thu, 5 Dec 2013 21:14, ein...@pvv.org said:
Gemalto SIM USB adapter seems to be sort of the same thing as the Crypto
Stick.
However, it is a bit more hassle to get a USB adapter and a smart card, cut
the
card to fit etc.
That is not a problem. You can buy pre-punched standard OpenPGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Le 06/12/2013 09:51, Werner Koch a écrit :
On Thu, 5 Dec 2013 21:14, ein...@pvv.org said:
Gemalto SIM USB adapter seems to be sort of the same thing as the Crypto
Stick.
However, it is a bit more hassle to get a USB adapter and a smart card,
, 2013 12:51 AM
To: Einar Ryeng
Cc: gnupg-users@gnupg.org
Subject: Re: Any future for the Crypto Stick?
On Thu, 5 Dec 2013 21:14, ein...@pvv.org said:
Gemalto SIM USB adapter seems to be sort of the same thing as the Crypto
Stick.
However, it is a bit more hassle to get a USB adapter
Peter Lebbing pe...@digitalbrains.com wrote:
On 02/12/13 20:37, Andreas Schwier (ML) wrote:
Wait a second - you can not simply hide a backdoor in a Common
Criteria
evaluated operating system. There are too many entities that would
need
to be involved in the process
Why couldn't the
On 05/12/13 13:20, Paul R. Ramer wrote:
On that note, why assume that the manufacturer would not do the opposite:
feign helping the spy agency by giving them a compromised ROM and then
substituting a secure one on the real product. In either case, we are
assuming the company would try to
On 05/12/13 13:20, Paul R. Ramer wrote:
On that note, why assume that the manufacturer would not do the opposite:
feign helping the spy agency
By the way, there's a big difference. In the scenario that they install a
backdoor but don't show it to the certification entities and such, they do
On Thu, Dec 05, 2013 at 04:20:42AM -0800, Paul R. Ramer wrote:
Peter Lebbing pe...@digitalbrains.com wrote:
On 02/12/13 20:37, Andreas Schwier (ML) wrote:
Wait a second - you can not simply hide a backdoor in a Common
Criteria
evaluated operating system. There are too many entities that
On Sun, Dec 01, 2013 at 01:21:56PM +0100, arne renkema-padmos wrote:
On 12/01/2013 12:45 PM, Einar Ryeng wrote:
Any news on the crypto stick (or similar initiatives) would be appreciated.
An OpenPGP card with something like a Gemalto SIM usb adapter would
seem to fit the bill.
Thanks for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 12/05/2013 08:08 PM, Peter Lebbing wrote:
On 05/12/13 13:20, Paul R. Ramer wrote:
On that note, why assume that the manufacturer would not do the
opposite: feign helping the spy agency by giving them a
compromised ROM and then substituting a
On Mon, Dec 02, 2013 at 07:33:22PM +0100, Peter Lebbing wrote:
[snip]
Since smartcards are primarily used for security purposes, I wouldn't be
surprised if it responded specially to a message signed by the NSA (or
encrypted
with a symmetric cipher with a specific key known to the NSA).
I
Il 03/12/2013 15:30, Mark H. Wood ha scritto:
I wonder how feasible that really is. The system surrounding the card
is not under control of the card's manufacturer or anyone who might
have corrupted him. All it takes is one knowledgable person watching
the data stream for interesting
Il 01/12/2013 20:09, Tristan Santore ha scritto:
You might want to check out the Yubikey guys. They make a yubikey with
an openpgp applet.
https://www.yubico.com/2012/12/yubikey-neo-openpgp/
Yubikeys would be interesting, if only it would be possible to develop
personal applets to load on 'em.
On Mon, Dec 2, 2013 at 9:24 AM, NdK ndk.cla...@gmail.com wrote:
Il 01/12/2013 20:09, Tristan Santore ha scritto:
You might want to check out the Yubikey guys. They make a yubikey with
an openpgp applet.
https://www.yubico.com/2012/12/yubikey-neo-openpgp/
Yubikeys would be interesting, if
On 02/12/13 15:24, NdK wrote:
Who can you really trust? If you don't trust NXP, then you can't use any
of their JCOP chips... What would stop 'em from adding an undocumented
command to the card manager that dumps the whole memory?
Exactly the point I was going to make when I read your mail up
Wait a second - you can not simply hide a backdoor in a Common Criteria
evaluated operating system. There are too many entities that would need
to be involved in the process: The manufacturer, the evaluator, the
certification body and possibly a national regulator (Here for example
NXP, TÜV-IT,
On 02/12/13 20:37, Andreas Schwier (ML) wrote:
Wait a second - you can not simply hide a backdoor in a Common Criteria
evaluated operating system. There are too many entities that would need
to be involved in the process
Why couldn't the manufacturer simply put a different, backdoored firmware
Hi.
The GPF Crypto Stick has been unavailable for months now, and I wondered if
anyone here has information on its future.
After the German Privacy Foundation apparently closed down this summer, I've
started getting worried that we've seen the end of what I consider the most
practical hardware
Einar Ryeng schrieb:
Hi.
The GPF Crypto Stick has been unavailable for months now, and I
wondered if
anyone here has information on its future.
Any news on the crypto stick (or similar initiatives) would be
appreciated.
I just use a OpenPGP Card in a small gemalto stick reader. AFAIK
On 01/12/13 17:01, Josef Schneider wrote:
Einar Ryeng schrieb:
Hi.
The GPF Crypto Stick has been unavailable for months now, and I
wondered if
anyone here has information on its future.
Any news on the crypto stick (or similar initiatives) would be
appreciated.
I just use a OpenPGP
Am 01.12.2013 18:01, schrieb Josef Schneider:
Einar Ryeng schrieb:
Hi.
The GPF Crypto Stick has been unavailable for months now, and I
wondered if
anyone here has information on its future.
Any news on the crypto stick (or similar initiatives) would be
appreciated.
I just use
On 12/01/2013 12:45 PM, Einar Ryeng wrote:
Hi.
The GPF Crypto Stick has been unavailable for months now, and I wondered if
anyone here has information on its future.
After the German Privacy Foundation apparently closed down this summer, I've
started getting worried that we've seen the end of
27 matches
Mail list logo