Re: Motorist wins case after maths whizzes break speed camera code

2005-08-11 Thread Victor Duchovni 
On Wed, Aug 10, 2005 at 02:29:38PM -0400, [EMAIL PROTECTED] wrote:

 The facts are very scrambled but I like it.
 The brief TV reports from lawyers were more factual.
 
 Motorist wins case after maths whizzes break speed camera code
 

http://www.faqs.org/qa/rfcc-1420.html

Possibly related:

http://www.redflex.com.au/traffic/pdfs/RedflexSpeed2V2.pdf

-- 

 /\ ASCII RIBBON  NOTICE: If received in error,
 \ / CAMPAIGN Victor Duchovni  please destroy and notify
  X AGAINST   IT Security, sender. Sender does not waive
 / \ HTML MAILMorgan Stanley   confidentiality or privilege,
   and use is prohibited.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Motorist wins case after maths whizzes break speed camera code

2005-08-11 Thread Aram Perez 

On Aug 10, 2005, at 7:01 PM, Victor Duchovni wrote:


On Wed, Aug 10, 2005 at 02:29:38PM -0400, [EMAIL PROTECTED] wrote:


The facts are very scrambled but I like it.
The brief TV reports from lawyers were more factual.

Motorist wins case after maths whizzes break speed camera code


http://www.faqs.org/qa/rfcc-1420.html

Possibly related:

http://www.redflex.com.au/traffic/pdfs/RedflexSpeed2V2.pdf


From the brochure: Security/Encryption: all enforcement information  
is public key authenticated using MD5 encryption to ensure  
information is authentic and tamper free. So, of course, it must be  
very secure, no marketing enhancements here.


On the other hand, it seems that the prosecutor didn't use/hire the  
proper expert witness. Putting aside the inaccuracies of the article  
I'm trying to interpret correctly what the article stated. The record  
being protected by MD5 consists of the  time, date, place,  
numberplate and speed. Assuming that only the speed was in question,  
then it should be possible to calculate all the MD5's for all  
possible speed values and see if you get a collision (actually, just  
the speed values above the speed limit).


Just my 2 centavos,
Aram Perez

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Motorist wins case after maths whizzes break speed camera code

2005-08-10 Thread brucee 
The facts are very scrambled but I like it.
The brief TV reports from lawyers were more factual.

Motorist wins case after maths whizzes break speed camera code

Sydney Morning Herald
By Andrew Clark
August 11, 2005

A team of Chinese maths enthusiasts have thrown NSW's speed cameras
system into disarray by cracking the technology used to store data
about errant motorists.

The NRMA has called for a full audit of the way the state's 110
enforcement cameras are used after a motorist escaped a conviction by
claiming that data was vulnerable to hackers.

A Sydney magistrate, Laurence Lawson, threw out the case because the
Roads and Traffic Authority failed to find an expert to testify that
its speed camera images were secure.

The motorist's defence lawyer, Denis Mirabilis, argued successfully
that an algorithm known as MD5, which is used to store the time, date,
place, numberplate and speed of cars caught on camera, was a
discredited piece of technology.

Mr Mirabilis yesterday said he had received more than 100 inquiries
from motorists anxious to use the same defence. People have shown it
[the algorithm] has been hacked and it's open to viruses.

Designed in the early 1990s by an American academic, MD5 safeguards
against tampering by turning information into a 128-bit sequence of
digits. However, researchers from China's Shandong University have
proved it is possible to store conflicting pieces of information as
the same MD5 sequence.

Nick Ellsmore, an encryption expert at the consultancy SIFT, said this
theoretically meant the RTA could change the speed at which a car was
recorded and retain the same code.

Since the research came out, we've been recommending that clients
move away from MD5 and we've certainly recommended that people don't
use it for new applications, he said.

The NRMA said it was crucial the public had confidence in convictions.
Its policy specialist, Lisa McGill, said: We want a full audit and a
review of the system to ensure that it is working appropriately.

The RTA's spokesman, Paul Willoughby, rejected the decision as a
one-off: No one, in relation to court cases, can be a hundred per
cent sure they're going to win a hundred per cent of the time.

NSW's weekly take from the cameras is more than $1 million.

Meanwhile, the RTA denied reports that cameras catching toll evaders
in the Harbour Tunnel are routinely turned off.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]