Bruce Schneier has a good blog post on the latest A5/1 attack.
http://www.schneier.com/blog/archives/2008/02/cryptanalysis_o_1.html
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscr
| Their key recovery technique gets a lot of mileage from using the
| computed key schedule for each round of AES or DES to provide
| redundant copies of the bits of the key. If the computer cleared
| the key schedule storage, while keeping the key itself when the
| system is in sleep mode, or whe
| ...I imagine this will eventually have a big impact on the way organizations
| respond to stolen mobile device incidents. With the current technology, if a
| laptop or mobile device is on when it's stolen, companies will need to assume
| that the data is gone, regardless of whether or not encrypt
So, is anyone else as amused as I am that Apple can release an EFI
firmware update to zeroize MacBook Air memory at boot-time, turning
the heretofore widely-decried inability to upgrade that laptop's RAM
-- due to the chips being soldered to the motherboard -- into an
advantage, and making
On Feb 21, 2008, at 6:40 PM, Ali, Saqib wrote:
i think in most cases tamper-resistant is sufficient
Er, what do TPMs have to do with this at all? TPMs are not tamper-
proof hardware FDE devices. They're somewhat tamper-proof (in
practice, I wouldn't depend on it) non-volatile storage for sm
Jon Callas wrote:
>
> On Feb 21, 2008, at 12:14 PM, Ali, Saqib wrote:
>
>> However, the hardware based encryption solutions like (Seagate FDE)
>> would easily deter this type of attacks, because in a Seagate FDE
>> drive the decryption key never gets to the DRAM. The keys always
>> remain in the
Rui Paulo <[EMAIL PROTECTED]> writes:
>"The specifications of the 2.5in. Easy Nova Data Box PRO-25UE RFID hard drive
>case by German vendor Drecom sound promising: hardware data encryption with
>128-bit AES, access control via an RFID chip compact enough to carry around
>on your key ring and optio
Thierry Moreau <[EMAIL PROTECTED]> writes:
>At first, it seems neat. But then, looking at how it works in practice: the
>client receives an e-mail notification soliciting him to click on a HTML link
>and then enroll for a security certificate, the client is solicited exactly
>like a phishing crimi
