it should be stated for record that we have links with the security group at University of Cambridge as well as alumni but Scrambler was developed by a startup Smart Crib Ltd.
We would be interested in PHP or Python support for TPM! The TPM is a bit tricky to use in virtual machines - my guess is that 99% of online servers run in VM, am I far from truth?
I encourage to read the specs. HTTPS is your option if you have money, expertise and time to sort out proper certificates. Simply run the web service with HTTPS/SSL switched on. If you don't want to do that, the API provides end-to-end encryption of sensitive data.
You can't "always read the key from the dongle you're cloning". You can only do it at the initialisation phase = before the first scrambling command. You can print it, store in a strong box, split into components and put each into a different strong box . and only again use it when you need to create a clone of a dongle already in use.
Do it, publish it at crypto conferences, become famous:-) The key is 199 bits long. You can try to use collision attacks on SHA-1 but that would be again stuff securing life-long glory.
The password / key used for SHA1-HMAC is actually 32 characters long - up to about 199 bits of entropy with the character set used (a-zA-Z0-9+10 special chars)
Slashdot Mirror
it should be stated for record that we have links with the security group at University of Cambridge as well as alumni but Scrambler was developed by a startup Smart Crib Ltd.
We would be interested in PHP or Python support for TPM! The TPM is a bit tricky to use in virtual machines - my guess is that 99% of online servers run in VM, am I far from truth?
I encourage to read the specs. HTTPS is your option if you have money, expertise and time to sort out proper certificates. Simply run the web service with HTTPS/SSL switched on. If you don't want to do that, the API provides end-to-end encryption of sensitive data.
You can't "always read the key from the dongle you're cloning". You can only do it at the initialisation phase = before the first scrambling command. You can print it, store in a strong box, split into components and put each into a different strong box . and only again use it when you need to create a clone of a dongle already in use.
Do it, publish it at crypto conferences, become famous:-) The key is 199 bits long. You can try to use collision attacks on SHA-1 but that would be again stuff securing life-long glory.
cheap, easy to setup, runs Debian (almost) so our code (web service in Python) is likely to be portable.
76 characters.
Completely futile exercise as you have the length wrong as well as the size of character set. Try 32 character l permutation of
We did see quite a few Of those HSMs and cracked some of them.
The password / key used for SHA1-HMAC is actually 32 characters long - up to about 199 bits of entropy with the character set used (a-zA-Z0-9+10 special chars)