> Are the specific results of the various tests a available to review?
Not to my knowledge. Generally, the only thing that is public is a binary
"yes/no" on the test results, and some (often detailed) description of the
product's features that were tested. For examples of the latter, see the F
Are the specific results of the various tests a available to review?
I honestly haven't given the test results much thought other than the CEX
cards were certified. The barrier to entry for hacking a cell phone is
pretty low from an acquisition standpoint. Getting a mainframe with a CEX
card is
For things like FIPS 140, IBM does its own testing before we send anything to
the independent lab for them to test. Then, the lab does their own testing for
the formal certification.
--
For IBM-MAIN subscribe / signoff / archiv
Actually on the one of the entries I saw on the FIPS 140 testing, that the
individual test were very important
Rob
On Thu, Aug 30, 2018, 1:33 PM R.S. wrote:
> Actually FIPS rating tells you it was tested and evaluated.
> How? When? By whom? IMHO it's less important.
>
> --
> Radoslaw Skorupka
Actually FIPS rating tells you it was tested and evaluated.
How? When? By whom? IMHO it's less important.
--
Radoslaw Skorupka
Lodz, Poland
W dniu 2018-08-30 o 15:28, Rob Schramm pisze:
Tom,
When the Crypto Express cards are tested for side channel attacks... Does
IBM do testing or is it s
Tom,
When the Crypto Express cards are tested for side channel attacks... Does
IBM do testing or is it submitted to a lab for testing?
And are the results of the individual tests available?
Rob Schramm
On Thu, Aug 30, 2018, 9:16 AM Todd Arnold wrote:
> High-end crypto devices like the Crypto
High-end crypto devices like the Crypto Express cards already have a lot of
what you'd think of as Tempest protection. In fact, the FIPS 140 Level 4
evaluation (which all Crypto Express cards pass) includes verification that
those kinds of side-channel attacks are prevented.
--
On Wed, Aug 29, 2018 at 02:00:39PM +0200, R.S. wrote:
[...]
>
> Note: the effort paid for the attack depends on expected value. And
> attacker usually choose the weakest link in the chain, usually
> people.
Bingo.
--
Regards,
Tomasz Rola
--
** A C programmer asked whether computer had Buddha's
IMHO this is another example of hypothetically possible attack method,
but it will be never used in real world.
There are several "attacks" which are quite popular in terms people talk
about them, airline magazines write about it, but there is no evidence
any of them was ever successfully used.
On Sun, 26 Aug 2018 01:24:05 -0400, zMan wrote:
>Heh. I've never believed that story, simply because I disbelieve that 1403s
>were consistent enough. But maybe they were also SLOW enough that the
>jitter didn't matter, I dunno.
>
It's marginally plausible. The precision lay not in the 1403 but i
Heh. I've never believed that story, simply because I disbelieve that 1403s
were consistent enough. But maybe they were also SLOW enough that the
jitter didn't matter, I dunno.
On Sat, Aug 25, 2018 at 6:08 PM Paul Gilmartin <
000433f07816-dmarc-requ...@listserv.ua.edu> wrote:
> On Wed, 22 Aug
On Wed, 22 Aug 2018 18:09:26 -0400, Rob Schramm wrote:
>While the keys that are processed in the Crypto Express cards should be
>safe.. I am less sure about anything else.
>
>https://www.bleepingcomputer.com/news/security/new-attack-recovers-rsa-encryption-keys-from-em-waves-within-seconds/
>
Som
As JC Ewing notes, this requires pretty well complete control, including being
able to force an operation and knowing when that happens. Just having the phone
isn't going to do you any good. Remember that these wee devices are doing a lot
all the time-I'd be unsurprised to learn that you also ne
On Fri, Aug 24, 2018 at 03:40:35PM -0400, Mark Regan wrote:
> I wonder if tempest shielding <
> https://en.wikipedia.org/wiki/Tempest_(codename)> will now become a
> necessity?
For a so called normal user? No way, I guess. It would have increased
price. Besides, certain types of hardware are proba
I wonder if tempest shielding <
https://en.wikipedia.org/wiki/Tempest_(codename)> will now become a
necessity?
On Fri, Aug 24, 2018 at 2:23 PM Tomasz Rola wrote:
> On Thu, Aug 23, 2018 at 11:25:53AM -0500, Joel C. Ewing wrote:
> > On 08/22/2018 05:09 PM, Rob Schramm wrote:
> > > While the keys
On Thu, Aug 23, 2018 at 11:25:53AM -0500, Joel C. Ewing wrote:
> On 08/22/2018 05:09 PM, Rob Schramm wrote:
> > While the keys that are processed in the Crypto Express cards should be
> > safe.. I am less sure about anything else.
> >
> > https://www.bleepingcomputer.com/news/security/new-attack-re
On 08/22/2018 05:09 PM, Rob Schramm wrote:
> While the keys that are processed in the Crypto Express cards should be
> safe.. I am less sure about anything else.
>
> https://www.bleepingcomputer.com/news/security/new-attack-recovers-rsa-encryption-keys-from-em-waves-within-seconds/
>
> Rob Schramm
While the keys that are processed in the Crypto Express cards should be
safe.. I am less sure about anything else.
https://www.bleepingcomputer.com/news/security/new-attack-recovers-rsa-encryption-keys-from-em-waves-within-seconds/
Rob Schramm
--
Rob Schramm
---
18 matches
Mail list logo