Domain: cryptonomicon.net
Stories and comments across the archive that link to cryptonomicon.net.
Comments · 23
-
With Tags
Is it really so hard to use tags?
Software radio or SDR - an intresting subject where mathematical formulas become radio.
See for a high level overview.
Good reading is Understanding digital Signal processing by Richard G. Lyons. Prentice Hall, 1st ed: ISBN 0201634678 (amazon.com, search). 2nd ed: ISBN 0-13-108989-7 (amazon.com, search)
VanuBose 's company Vanu Technology demonstrated a software radio based on an iPAQ with a digital radio "backpack", in May 2003. Here are some links:
Slashdot article
Linuxdevices.com
Vanu.com
Vanu.com
Here's a note on the future of software defined radio
Several relevant pointers available here -
News
It's now all over online news..
http://www.infoworld.com/article/04/02/12/HNmicrol eak_1.html
http://www.ebcvg.com/news.php?id=1903
http://arstechnica.com/news/posts/1076628412.html
http://www.internetnews.com/ent-news/article.php/3 312451
http://www.sunherald.com/mld/sunherald/business/79 41292.htm
http://www.wvec.com/sharedcontent/nationworld/nati onprint/021204cccanatmicrosoft.149f2b31.html
http://www.komotv.com/stories/29778.htm
http://www.cryptonomicon.net/modules.php?name=News &file=article&sid=671
http://www.dvhardware.net/article2423.html
http://searchwin2000.techtarget.com/originalConten t/0,289142,sid1_gci950346,00.html -
What about all the Trusted Platform Stuff?
A worry about Prescott is that it's supporting all the Trusted Platform felgercarb that's been in the news recently. Cryptonomicon.Net has a few links to related web sites and opinions in the article: Intel Debuts Prescott.
-
EFF Hits Another Unlikely Swapper
-
Over before it started?
Their claim is that this startling finding has harmed their reputation, is that right?
According to this story, Nathaniel Brown, spokesperson for Bertlesmann Musig Group (BMG), the publisher of Hamilton's latest CD, admits that the MediaMax protections are little more than a "speed bump," but the company hopes that this minor inconvenience will deter casual copiers. "It's not going to stop a hacker or someone who wants to mass copy," says Brown and add that the technology was selected not for it's protection abilities, but because it affords a "new level of playability."
By publishing a "work around" for the CD copy protections, Halderman might have exposed himself to risk of procecution under the Digital Millenium Copyright Act (DMCA.) SunComm president Peter Jacobs reports that they have no plans to pursue such a case, however, saying "this isn't one of the weighty issues of the world."
How can SunComm's reputation be hurt when their paying customer knew the technology was practically worthless before hand?
I also find CEO Peter Jacobs complete change of opinion interesting, he went from practically dismissing the incident a few days ago to now saying, "No matter what their credentials or rationale, it is wrong to use one's knowledge and the cover of academia to facilitate piracy and theft of digital property."
Hmm... -
about faceinteresting quote from this article
By publishing a "work around" for the CD copy protections, Halderman might have exposed himself to risk of procecution under the Digital Millenium Copyright Act (DMCA.) SunComm president Peter Jacobs reports that they have no plans to pursue such a case, however, saying "this isn't one of the weighty issues of the world
amazing how the position has changed so rapidly (the above article was from 10ish EDT on the 8th) -
What if I have an 802.11 Net at home?
Cryptonomicon.Net is running a story RIAA Sues Wrong Person and asks the question... "What if I have an insecured Wi-Fi network in my house?" How will the RIAA prove that it wasn't a roving war-driver who connected to my network explictly for the purpose of downloading music? Will they have to? What if they get a forensics guy out to the house with a copy of AirSnort and find that they guy next door has a WiFi network, but his client attaches to my network half the time? Would they then sue everyone on the block?
-
What if I have an 802.11 Net at home?
Cryptonomicon.Net is running a story RIAA Sues Wrong Person and asks the question... "What if I have an insecured Wi-Fi network in my house?" How will the RIAA prove that it wasn't a roving war-driver who connected to my network explictly for the purpose of downloading music? Will they have to? What if they get a forensics guy out to the house with a copy of AirSnort and find that they guy next door has a WiFi network, but his client attaches to my network half the time? Would they then sue everyone on the block?
-
Creating an Encrypted Disk Image no MacOS X
Readers interested in MacOS X security may want to check out this recent article at Cryptonomicon.Net: Creating an Encrypted Disk Image no MacOS X.
-
How did the attack work?
Cryptonomicon.Net has this story that proposes a mode of attack...
-
Nothing new
"We fear, however, that the titles of these articles are a little sensational. While it is true that the LANMAN and NTHash windows password techniques have issues, the paper that kicked off this whole hub-bub [PDF] describes a refinement of an existing attack, not a new attack. We wanted to remind our readers that adequate password security is a good idea, whether your windows systems are being attacked with an adversary with an old copy of L0phtCrack, or with Philippe Oechslin's new system."
Read it all here -
Nothing new
"We fear, however, that the titles of these articles are a little sensational. While it is true that the LANMAN and NTHash windows password techniques have issues, the paper that kicked off this whole hub-bub [PDF] describes a refinement of an existing attack, not a new attack. We wanted to remind our readers that adequate password security is a good idea, whether your windows systems are being attacked with an adversary with an old copy of L0phtCrack, or with Philippe Oechslin's new system."
Read it all here -
For those who don't like to register:
Macworld UK says "WozNet is a lost cause"
Macworld has a pretty decent article
Cryptonomican bemoans the lack of information about security
Google has the goods
And there's even an article on Slashdot about it...
Last time I looked at it it was essentially a watch with both GPS and GSM (phone) built in so one could get the location of the watch at any time through their service. Sounds like a potentail DOS atack, though, if you obtain phone numbers or cell phone connection information (jamming signals, jamming GPS, etc)
Plus, since all the power is being used by the phone and GPS (chances are good the actual GPS processing is done elsewhere, like in the current E991 GPS services offered by phones) then it's unlikely that much encryption is being done at all.
-Adam -
What about HAC?
Applied Crypto is certainly a quality, wide-ranging tome on crypto. For years though, there have been a couple very good books with more implementation details. The Handbook of Applied Crypto from Menezes, et al comes immediately to mind. Either of the two books by Neal Koblitz are excellent. I also like to recommend Decrypted Secrets from Bauer. The Handbook of Applied Crypto is available as a free download from the author's site:
-
What about HAC?
Applied Crypto is certainly a quality, wide-ranging tome on crypto. For years though, there have been a couple very good books with more implementation details. The Handbook of Applied Crypto from Menezes, et al comes immediately to mind. Either of the two books by Neal Koblitz are excellent. I also like to recommend Decrypted Secrets from Bauer. The Handbook of Applied Crypto is available as a free download from the author's site:
-
What about HAC?
Applied Crypto is certainly a quality, wide-ranging tome on crypto. For years though, there have been a couple very good books with more implementation details. The Handbook of Applied Crypto from Menezes, et al comes immediately to mind. Either of the two books by Neal Koblitz are excellent. I also like to recommend Decrypted Secrets from Bauer. The Handbook of Applied Crypto is available as a free download from the author's site:
-
Is all this hubbub just sour grapes?
Larry Cohen over at Cryptonomicon.Net has published this story questioning the commonly accepted belief that Theo de Raadt had his DARPA funding pulled because of Anti-War comments. The story makes the interesting point that SELinux and TrustedBSD are home-grown projects, while OpenBSD (and de Raadt himself) are more international. Mr. Cohen also mentions that FreeBSD is "more mainstream," which I guess means that it has more mainstream users. I guess it's a good point that we haven't hear comment from DARPA or from Jonathan Smith at the University of Pennsylvania. This leads to the question, is all this anti-war / free-speech hubbub just sour grapes?
-
Is all this hubbub just sour grapes?
Larry Cohen over at Cryptonomicon.Net has published this story questioning the commonly accepted belief that Theo de Raadt had his DARPA funding pulled because of Anti-War comments. The story makes the interesting point that SELinux and TrustedBSD are home-grown projects, while OpenBSD (and de Raadt himself) are more international. Mr. Cohen also mentions that FreeBSD is "more mainstream," which I guess means that it has more mainstream users. I guess it's a good point that we haven't hear comment from DARPA or from Jonathan Smith at the University of Pennsylvania. This leads to the question, is all this anti-war / free-speech hubbub just sour grapes?
-
Is this the same as the "Super" DMCA
Cryptonomicon.Net is talking about "Super" DMCA. Is this the same thing?
-
Re:Why hasn't the simple fix reached OpenSSL?
Actually, if you look at the Cryptonomicon.Net article about this attack, you can see that, in fact, blinding has been added to the OpenSSL code. The issue is whether or not it is turned on by developers.
-
More info at Cryptonomicon.Net
There seems to be a discussion of this going on over at cryptonomicon.net as well...
-
Sounds like sour grapes...
The Cryptonomicon.Net BLOG seems to imply that Mr. Schneier is doing a disservice to the community by limiting his dissing of algorithms only to the ones that competed with TwoFish... The blog author goes on to say that existing weaknesses in RC4 are probably more important than weaknesses in AES and asks the question, why didn't Bruce jump up and down about exploitable weaknesses found in RC4 over the last couple of years... It does sound a little like sour grapes...
-
DMCA Violations Lead to Human Rights Violations
In related Unconstitutional-DMCA-violation news, www.boycottadobe.com has launched. We need to defend Dimitry Sklyarov as vigorously as Dr. Felten.
Here is some disturbing commentary:
This just in from Bill Scannell:
I just got off the telephone with Vladimir Katalov.
Katalov informs me that the Russian embassy has been denied access to Dmitry Sklyarov, a flagrant violation of international law. No Russian consular official has spoken to Sklyarov since his detention earlier this week.
In addition, Sklyarov's wife and two children have not heard from their husband and father since his arrest. They are understandably worried sick for his safety.
It is believed Dmitry Sklyarov is being held in solitary confinement.
As an American who honorably served in the armed forces, I am ashamed for the actions of my government. This cannot stand.
Telephone numbers:
US State Department: 1-202-647-6575
Russian Embassy: 1-202-298-5700
Russian Consul (SF) 1-415928-6878
Call. Get your friends to call. Call again.
Please disseminate this information as widely as possible.
-Bill