From: Sven Dietrich <[EMAIL PROTECTED]>
Subject: [fc-announce] Financial Cryptography 2007 Call for Papers
To: [EMAIL PROTECTED]
Date: Fri, 28 Jul 2006 11:41:39 -0400 (EDT)
Dear Colleague,
please find below the first Call for Papers for FC'07.
Best regards,
Sven Dietrich
- --
Dr. Sven Diet
* Steven M. Bellovin:
> I wonder how accurate this is. It's certainly true that some drives have
> vendor passwords to unlock them. It's hard to see how they could break
> through (good) software encryption,
A lot of software tends to create temporary files in random places.
If you don't encryp
On Sat, Jul 29, 2006 at 04:24:12PM -0400, Thor Lancelot Simon wrote:
> I cannot find any public, rigorous discussion of why such a design might
> be preferable to the semiconductor noise type of design -- but I have to
> assume the people designing the commercial sources have all converged on
> sim
I am working on a semi-experimental hardware RNG project. I note that
the publically available designs, e.g. http://willware.net:8080/hw-rng.html
or http://world.std.com/~reinhold/waynesrngcomp.gif or the others
listed at http://www.std.com/~reinhold/truenoise.html all use semiconductor
junction n
On Fri, 28 Jul 2006 10:16:23 -0400, [EMAIL PROTECTED] wrote:
>
> Encrption can be broken
> I was surprised to learn that Ontrack regularly recovers encrypted data
> on systems where the user has lost the key. "There's only a couple of
> technologies where we would run into a roadblock [such as] so
Thor Lancelot Simon wrote:
> As Perry said, chip fabs have plenty of diagnostic equipment that
> would extract an RSA private key every bit as easily as it would
> extract a private serial number, which means that the additional cost
> of 20-40 gates, plus IP licensing, plus... for a cryptographic
On Fri, Jul 28, 2006 at 06:46:54PM -0600, Anne & Lynn Wheeler wrote:
> Thor Lancelot Simon wrote:
> >The simple, cost-effective solution, then, would seem to be to generate
> >"static serial numbers" like cipher keys -- with sufficient randomness
> >and length that their sequence cannot be predicte
Thor Lancelot Simon wrote:
The simple, cost-effective solution, then, would seem to be to generate
"static serial numbers" like cipher keys -- with sufficient randomness
and length that their sequence cannot be predicted. I still do not see
the advantage (except to Certicom, who would doubtless
On Fri, Jul 28, 2006 at 03:52:55PM -0600, Anne & Lynn Wheeler wrote:
> Thor Lancelot Simon wrote:
> >I don't get it. How is there "no increase in vulnerability and threat"
> >if a manufacturer of counterfeit / copy chips can simply read the already
> >generated private key out of a legitimate chip
Thor Lancelot Simon wrote:
I don't get it. How is there "no increase in vulnerability and threat"
if a manufacturer of counterfeit / copy chips can simply read the already
generated private key out of a legitimate chip (because it's not protected
by a tamperproof module, and the "significant pos
List,
the Subject says it all. This might be of interest
here, for comments.
The answer is definitely NO even for the naive user,
just requiring the tech-savvy for set up. Several
examples are possible.
John Smith can set two passwords, one for normal use
and the other when
Thor Lancelot Simon wrote:
So, you sign the public key the chip generated, and inject the _signed_
key back into the chip, then package and ship it. This is how the SDK
for IBM's crypto processors determines that it is talking to the genuine
IBM product. It is a good idea, and it also leaves th
Thor Lancelot Simon wrote:
I don't get it. How is there "no increase in vulnerability and threat"
if a manufacturer of counterfeit / copy chips can simply read the already
generated private key out of a legitimate chip (because it's not protected
by a tamperproof module, and the "significant pos
On Thu, Jul 27, 2006 at 08:53:26PM -0600, Anne & Lynn Wheeler wrote:
>
> If you treat it as a real security chip (the kind that goes into
> smartcards and hardware token) ... it eliminates the significant
> post-fab security handling (prior to finished delivery), in part to
> assure that counte
>From a Computerworld blog.
--Jerry
When encryption doesn't work
By Robert L. Mitchell on Wed, 07/26/2006 - 12:00pm
In my interview with Ontrack Data Recovery this week (see
Recovery specialists bring data back from the dead:
http://www.c
Thor Lancelot Simon wrote:
So, you sign the public key the chip generated, and inject the _signed_
key back into the chip, then package and ship it. This is how the SDK
for IBM's crypto processors determines that it is talking to the genuine
IBM product. It is a good idea, and it also leaves th
16 matches
Mail list logo