Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Dailydave] How T-Mobil's network was compromised
From: Paul Wouters (paulxelerance.com)
Date: Thu Feb 17 2005 - 14:25:57 CST
On Thu, 17 Feb 2005, Richard Porter wrote:
> > Not sure I'd trust PGP running on carrier hardware. These are the same
But where do you end your paranioa? Do you trust RNG's on die? You cannot
really ever 'fully' trust crypto hardware that does not have an open spec.
Whatever happened to the people chasing down the time delays in Pentium-I
CPU's when executing onducmented (backdoor?) instructions to get to ring 0?
Didn't one of them die? :)
> That is a great point (And made me really think about it) but do you think
> it would be a back door into the PGP implementation?
If T-mobile wants to have your PGP messages, and they give you the PGP
application, they can easilly use a T-mobile "Additional Decryption Key" (ADK)
to ensure they can read all your messages. If you would be using a real pgp
implementation on the other end, it would ask you if you want to encrypt to
the ADK as well. If you'd hit another t-mobile PGP handset, this could then
ofcourse happen without any notice.
Blackbox cryptography is just always wrong.
Dailydave mailing list