|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Booke, Raymond (Raymond.Booke@AVNET.COM)
Date: Mon Feb 26 2001 - 08:24:27 CST
I read this article and a couple things i see as flaws are the fact that
unless you had 1 host machine grabbing the random generated keys and
distributing them to the clients, it's basically impossible for two machines
to grab the exact same set of randomly generated numbers at exactly the same
time. Especially when the numbers are moving at the rate they said of 10
million million a second. This would be a major flaw because anyone tapping
the line to one of the clients would then have the random key as well as the
message.
Raymond Booke MCSE CCNA NET+ A+
Global Data Security Group
Perimeter Security Analyst
Avnet INC
Raymond.Booke@avnet.com
-----Original Message-----
From: Dan Houser [mailto:houserd1@NATIONWIDE.COM]
Sent: Tuesday, February 20, 2001 12:53 PM
To: CISSPSTUDY@SECURITYFOCUS.COM
Subject: [CISSPSTUDY] [CISSPStudy_1]x:[CISSPSTUDY@SECURITYFOCUS] This
should start up a discussion....
OK CISSP holders & hopefuls... time to put on your thinking cap for fun
discussion of random stream one-time pad encryption:
"[Dr. Michael Rabin, noted cryptographer and] computer science professor at
Harvard says he has found a way to send coded messages that cannot be
deciphered, even by an all-powerful adversary with unlimited computing
power. And, he says, he can prove it."
I thought of 2 big implementation flaws with statements in the article
about implementing this encryption technology, besides Bruce Schneier's
enlightened "encryption is a pole in your front yard you hope people will
run into instead of around" statement (which is also true). Show me yours,
and I'll show you mine... :^)
For full article: http://www.nytimes.com/2001/02/20/science/20CODE.html
(You will need to register to get this article from the NY Times, well
worth the trouble.... their daily technology update is superb)
ddh, cissp, etc.
+--------------------------------------------+
| You have received this email because you |
| subscribed to the CISSPSTUDY mailing list. |
| -- To unsubscribe, send an email to -- |
| listserv@securityfocus.com |
| with a message body of: |
| UNSUBSCRIBE CISSPSTUDY |
+--------------------------------------------+
+--------------------------------------------+
| You have received this email because you |
| subscribed to the CISSPSTUDY mailing list. |
| -- To unsubscribe, send an email to -- |
| listserv@securityfocus.com |
| with a message body of: |
| UNSUBSCRIBE CISSPSTUDY |
+--------------------------------------------+
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]