«
Expand/Collapse
59 items tagged "cryptography"
Related tags:
usa [+],
darknet [+],
video [+],
audio [+],
vault [+],
true random number [+],
transmission rates [+],
tool [+],
thompson mathew monroe tags [+],
security [+],
sean m. bodmer [+],
rsa [+],
random number generator [+],
oracle database [+],
oracle [+],
mathew [+],
library [+],
joshua bienfang [+],
hacking [+],
forensic [+],
file [+],
esteban martnez [+],
encryption [+],
cryptography algorithms [+],
black hat [+],
bienfang [+],
advanced [+],
world [+],
tool 1 [+],
slides [+],
securid [+],
robert helling [+],
risk [+],
real security [+],
quantum information theory [+],
python programmers [+],
python [+],
pycryptopp [+],
private safe [+],
power fluctuations [+],
phone [+],
philippe oechslin [+],
open source library [+],
network [+],
multiobfuscator [+],
martin hacked [+],
lockheed martin [+],
liu sebastien sauge [+],
jean philippe aumasson [+],
internet cryptography [+],
internet authors [+],
internet [+],
information [+],
google [+],
failure scenarios [+],
eve [+],
engineering [+],
elliptic curves [+],
elliptic curve [+],
daniel j. bernstein [+],
curve [+],
cryptography tool [+],
cryptographic primitives [+],
cryptographic [+],
crypto library [+],
crypto algorithms [+],
crypto [+],
cryptanalysis [+],
commodity hardware [+],
chaos communication camp [+],
card [+],
car immobilisers [+],
busting [+],
bridge theory [+],
bob [+],
avalanche photodiodes [+],
attack [+],
approach [+],
alice [+],
abu dhabi [+],
wpa [+],
wi fi [+],
wep cracking tools [+],
wep [+],
website [+],
weak [+],
way [+],
wallet [+],
vulnerability [+],
virus detection [+],
vague letter [+],
unlocking the iphone [+],
united states [+],
u.s. i [+],
u.s. [+],
trusted [+],
traffic [+],
tpm [+],
tor event [+],
tor [+],
tgz [+],
system [+],
surfing experience [+],
storage mechanisms [+],
storage mechanism [+],
sslsnoop [+],
ssl key [+],
ssl [+],
spread [+],
sneakers [+],
silent [+],
session keys [+],
session [+],
sequence [+],
securid tokens [+],
script kiddy [+],
researchers [+],
record [+],
ransomware [+],
publimark [+],
protecting [+],
proposes way [+],
port [+],
php files [+],
php [+],
openssl [+],
onion routers [+],
nfc [+],
mobile payment solution [+],
messaging [+],
mediggo [+],
malaysian government [+],
malaysia government [+],
malaysia [+],
lockheed [+],
letter [+],
legacy [+],
leaks [+],
language samples [+],
knocking [+],
kleptography [+],
iphone [+],
introduction [+],
interactive traffic [+],
import [+],
immobilisers [+],
ian goldberg [+],
happy new year [+],
handshake [+],
hacks [+],
hacker [+],
hack mobile [+],
hack [+],
gustav rydstedt [+],
gsm [+],
graphical tools [+],
government [+],
goldberg [+],
geohot [+],
fwd [+],
free [+],
filevault [+],
export limits [+],
export [+],
eric filiol [+],
encryption schemes [+],
encryption algorithm [+],
encoder [+],
drop packets [+],
design [+],
decade [+],
david worth [+],
dan boneh [+],
cyber attack [+],
crytography [+],
cryptovirology [+],
cryptosystem [+],
cryptographic mechanisms [+],
cryptographic code [+],
cryptographic algorithm [+],
cryptanalysis techniques [+],
crack [+],
conclusive answer [+],
command line tool [+],
command [+],
collin jackson [+],
cipher strength [+],
ciat [+],
christopher tarnovsky [+],
certificate [+],
carbylamine [+],
car [+],
capable phones [+],
c programming language [+],
bugtraq [+],
bryan sullivan [+],
breach [+],
boffins [+],
black box test [+],
big kerfuffle [+],
baptiste gourdin [+],
auto complete [+],
authors [+],
attacker [+],
apple legacy [+],
analysis toolkit [+],
analysis [+],
algorithm [+],
alexa [+],
admits [+],
adam young [+],
General [+],
Discussion [+],
read [+],
quantum cryptography [+],
quantum [+],
chaos communication congress [+]
-
-
![Permalink for '[Video] Strong encryption of credit card information'](/themes/lilina/web//media/mark_off.gif)
15:22
»
SecDocs
Authors:
Torbjörn Lofterud Tags:
credit card PCI DSS compliance Event:
Chaos Communication Camp 2011 Abstract: The PCI DSS standard require strong cryptography or secure hashing as ways to protect cardholder information. But one important factor is missing; detailed instructions for how to correctly apply cryptography to credit card numbers. The primary objective of the Payment Card Industry Data Protection Standard (PCI DSS) is to safeguard cardholder information such as the Primary Account Number (PAN) and the sensitive authentication data (CVV2, Track 1 and 2). Chapter 3.4 deals with the details regarding encryption and key management. > 3.4 Render PAN unreadable anywhere it is stored (including on portable digital media, > backup media, and in logs) by using any of the following approaches: > * One-way hashes based on strong cryptography > * Truncation > * Index tokens and pads > * Strong cryptography with associated key-management processes and procedures What constitutes strong cryptography is further detailed in the glossary and in the PCI SSC FAQ documents as well as in periodic communication to security assessors. But one important factor is missing from the communication; the modes of operation for the cryptographic primitives. The PCI DSS glossary specifically mentions AES, 3DES, RSA, ECC, Elgamal and SHA1 as “industry-tested and accepted standards and algorithms for encryption” but fails to address important issues such as RSA padding and cipher block chaining for 3DES and AES. The requirements are quite clear on the fact that encryption and hashing needs to be implemented properly, but gives little guidance to developers or assessors as to what strong cryptography actually means. There are at least three different scenarios where cardholder information appears to be protected in compliance with the standard but remains vulnerable if disclosed. This presentation describes attacks for common failure scenarios when encrypting credit card information.
-
15:04
»
SecDocs
Authors:
Torbjörn Lofterud Tags:
credit card PCI DSS compliance Event:
Chaos Communication Camp 2011 Abstract: The PCI DSS standard require strong cryptography or secure hashing as ways to protect cardholder information. But one important factor is missing; detailed instructions for how to correctly apply cryptography to credit card numbers. The primary objective of the Payment Card Industry Data Protection Standard (PCI DSS) is to safeguard cardholder information such as the Primary Account Number (PAN) and the sensitive authentication data (CVV2, Track 1 and 2). Chapter 3.4 deals with the details regarding encryption and key management. > 3.4 Render PAN unreadable anywhere it is stored (including on portable digital media, > backup media, and in logs) by using any of the following approaches: > * One-way hashes based on strong cryptography > * Truncation > * Index tokens and pads > * Strong cryptography with associated key-management processes and procedures What constitutes strong cryptography is further detailed in the glossary and in the PCI SSC FAQ documents as well as in periodic communication to security assessors. But one important factor is missing from the communication; the modes of operation for the cryptographic primitives. The PCI DSS glossary specifically mentions AES, 3DES, RSA, ECC, Elgamal and SHA1 as “industry-tested and accepted standards and algorithms for encryption” but fails to address important issues such as RSA padding and cipher block chaining for 3DES and AES. The requirements are quite clear on the fact that encryption and hashing needs to be implemented properly, but gives little guidance to developers or assessors as to what strong cryptography actually means. There are at least three different scenarios where cardholder information appears to be protected in compliance with the standard but remains vulnerable if disclosed. This presentation describes attacks for common failure scenarios when encrypting credit card information.
-
-
21:38
»
SecDocs
Authors:
Daniel J. Bernstein Tags:
cryptography Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Are you writing a program that sends data through the Internet? Are you sending the data through HTTP, or SMTP, or simply TCP, leaving it vulnerable to espionage, corruption, and sabotage by anyone who owns a machine connected to the same network? You can use SSH and IPsec to protect communication with your own machines, but how do you talk to the rest of the Internet? You can use TCPcrypt to protect yourself against attackers too lazy to forge packets, but how do you protect yourself against serious attackers? You can use HTTPS for low-frequency communication, but how do you handle heavy network traffic, and how do you protect yourself against the security flaws in HTTPS? Today's Internet cryptography is slow, untrustworthy, hard to use, and remarkably unsuccessful as a competitor to good old unprotected TCP. This talk will present a different approach to high-security Internet cryptography. This approach is easy for users, easy for system administrators, and, perhaps most importantly, easy for programmers. The main reason that the approach has not been tried before is that it seems to involve very slow cryptographic operations; this talk will show that the approach is extremely fast when it is done right.
-
21:38
»
SecDocs
Authors:
Daniel J. Bernstein Tags:
cryptography Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Are you writing a program that sends data through the Internet? Are you sending the data through HTTP, or SMTP, or simply TCP, leaving it vulnerable to espionage, corruption, and sabotage by anyone who owns a machine connected to the same network? You can use SSH and IPsec to protect communication with your own machines, but how do you talk to the rest of the Internet? You can use TCPcrypt to protect yourself against attackers too lazy to forge packets, but how do you protect yourself against serious attackers? You can use HTTPS for low-frequency communication, but how do you handle heavy network traffic, and how do you protect yourself against the security flaws in HTTPS? Today's Internet cryptography is slow, untrustworthy, hard to use, and remarkably unsuccessful as a competitor to good old unprotected TCP. This talk will present a different approach to high-security Internet cryptography. This approach is easy for users, easy for system administrators, and, perhaps most importantly, easy for programmers. The main reason that the approach has not been tried before is that it seems to involve very slow cryptographic operations; this talk will show that the approach is extremely fast when it is done right.
-
-
21:46
»
SecDocs
Authors:
Robert Helling Tags:
science quantum cryptography Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Quantum systems can have very different properties from their classical analogues which allows them to have states that are not only correlated but entangled. This allows for quantum computers running algorithms more powerful than those on classical computers (represented by Turing machines) and for quantum cryptography whose safety is (in principle) guaranteed by the laws of nature. I will explain key facts of quantum information theory from a physics perspective. In particular, I will focus on the fundamental difference between the quantum world and the classical world of everyday experience that in particular makes it provable impossible to simulate a quantum world by a classical world. This will then be applied to information processing tasks like quantum computing, quantum cryptography and possibly the human brain. No background in theoretical physics is necessary but some familiarity with basic complexity theory and linear algebra (what is a vector? what is a matrix?) could be helpful.
-
-
21:49
»
SecDocs
Authors:
Robert Helling Tags:
science quantum cryptography Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Quantum systems can have very different properties from their classical analogues which allows them to have states that are not only correlated but entangled. This allows for quantum computers running algorithms more powerful than those on classical computers (represented by Turing machines) and for quantum cryptography whose safety is (in principle) guaranteed by the laws of nature. I will explain key facts of quantum information theory from a physics perspective. In particular, I will focus on the fundamental difference between the quantum world and the classical world of everyday experience that in particular makes it provable impossible to simulate a quantum world by a classical world. This will then be applied to information processing tasks like quantum computing, quantum cryptography and possibly the human brain. No background in theoretical physics is necessary but some familiarity with basic complexity theory and linear algebra (what is a vector? what is a matrix?) could be helpful.
-
-
22:44
»
SecDocs
Authors:
Eric Filiol Seun Omosowon Tags:
Tor Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: This talk deals with weaknesses identified in the TOR network protocol and cryptography implementation. We manage to take control over users using this network and to access all your information and data exchanged despite cryptography. The TOR network is one of the most famous way to use Internet in a anonymous and secure way at least supposedly. Tor client software routes Internet traffic through a worldwide volunteer network of servers in order to conceal a user's location or usage from someone conducting network surveillance or traffic analysis. Aside protocol-oriented aspects, TOR security relies heavily on cryptography. The aim of this talk is to explain how it is possible to take over a significant part of the TOR network not to say over the whole network. We have identified two classes of weaknesses in the way Onion routers (Ors) are managed: a first class of weaknesses relates to the way the routes among Ors. It is possible to influence and to force users to use arbitrary Ors and hence control which route they take. A second class of weaknesses relates to the way cryptography is implemented. Bu using malware-based attacks and the concept of dynamic cryptographic backdoors we have succeeded to circumvent the cryptography in place without removing it. We present different possible attack scenarii which are malware-based or not (depending on the scenario considered) that have been experimented and validated on a TOR simulation network of 50 nodes and partially on the real TOR network (as far as it was possible regarding existing laws). We show that it is indeed possible to gain a lot of sensitive information thus bypassing and managing existing cryptographic mechanisms in a very efficient way and to take the effective control over a significant part of the TOR network. The attack is fully dynamic and can be replayed on request. We present an open source library that enable to automate the identification of hidden relay bridges. We propose some modification in the TOR source and protocol in order to prevent those attacks. Demos will be presented to expose the two class of vulnerabilities we exploit. An Internet access is required to make part of the demos on the real TOR network.
-
-
15:47
»
SecDocs
Authors:
Jean-Philippe Aumasson Tags:
cryptography Event:
Black Hat Abu Dhabi 2011 Abstract: It is commonplace to argue that academic cryptanalysis---whose "attacks" literally take billions of years to complete---has no relevance whatsoever to actual security, for real-world failures of crypto are most often due to: Side-channel leakage (padding oracle attacks, etc.) Attacks on the implementation (key extraction through fault attacks, etc.) Complete bypass (after theft of keys à la DigiNotar, etc.) Nevertheless, a number of new cryptanalytic attacks have appeared these last years with various degrees of sophistication and of objectives, from complex key-recovery attacks to efficient-yet-cryptical "distinguishingers". To better understand the risk (or absence thereof), this talk will go through technical subtleties of state-of-the-art cryptanalysis research, which we'll illustrate with concrete field examples. The topics discussed include related-key attacks, cube attacks, the real security of AES, the case of pay-TV encryption, or the risk of using SHA-1, SHA-2, or the future SHA-3. Finally, we will present a recent attempt to bridge theory and practice, with an introduction to leakage-resilient cryptography.
-
15:46
»
SecDocs
Authors:
Jean-Philippe Aumasson Tags:
cryptography Event:
Black Hat Abu Dhabi 2011 Abstract: It is commonplace to argue that academic cryptanalysis---whose "attacks" literally take billions of years to complete---has no relevance whatsoever to actual security, for real-world failures of crypto are most often due to: Side-channel leakage (padding oracle attacks, etc.) Attacks on the implementation (key extraction through fault attacks, etc.) Complete bypass (after theft of keys à la DigiNotar, etc.) Nevertheless, a number of new cryptanalytic attacks have appeared these last years with various degrees of sophistication and of objectives, from complex key-recovery attacks to efficient-yet-cryptical "distinguishingers". To better understand the risk (or absence thereof), this talk will go through technical subtleties of state-of-the-art cryptanalysis research, which we'll illustrate with concrete field examples. The topics discussed include related-key attacks, cube attacks, the real security of AES, the case of pay-TV encryption, or the risk of using SHA-1, SHA-2, or the future SHA-3. Finally, we will present a recent attempt to bridge theory and practice, with an introduction to leakage-resilient cryptography.
-
-
11:18
»
SecDocs
Authors:
Bryan Sullivan Tags:
cryptography Event:
Black Hat USA 2010 Abstract: In the movie Sneakers, a brilliant young mathematician invents a device that defeats a public-key encryption algorithm. An interesting fiction, but what if this happened in real life? All of your applications using that algorithm would need to be changed as quickly as possible. This session will show how to best accomplish this by implementing cryptography without hard-coding specific algorithms.
-
-
12:42
»
SecDocs
Authors:
Baptiste Gourdin Elie Bursztein Gustav Rydstedt Tags:
cryptography Event:
Black Hat USA 2010 Abstract: No matter which kind of cryptography you are using to defend your network, , sooner or later to make it work you will have to store somewhere a password, a key or a certificate. If the attacker is able to tamper with its storage mechanism then even the strongest encryption mechanism became irrelevant. In this talk we will show how to attack storage mechanisms to tampers with SSL session and break into Wifi network that use WPA encryption. For SSL we will show how to exploit warning inconsistency and caching mechanisms to trick the user into accepting a bad cert and gets his credential stolen. For Wifi network we will demonstrate how to use clickjacking, CSRF, and XSS to steal from routers the two piece of information that an attacker needs to geo-localize and break into it, namely the WPA key and the mac address. Finally we will discuss how to discuss what frame busting defense are used by the Alexa top 100 website and how we were able to break them using standard and not so standard tricks. This is a join work with Dan Boneh and Collin Jackson.
-
-
14:21
»
SecDocs
Authors:
Karsten Nohl Tags:
GSM phone Event:
Hashdays 2010 Abstract: The most popular phone technologies use decade-old proprietary cryptography. We show how to break these weak and outdated functions using commodity hardware.
-
14:20
»
SecDocs
Authors:
Karsten Nohl Tags:
GSM phone Event:
Hashdays 2010 Abstract: The most popular phone technologies use decade-old proprietary cryptography. We show how to break these weak and outdated functions using commodity hardware.
-
-
6:55
»
Packet Storm Security Recent Files
MultiObfuscator is a professional cryptography tool that offers double encryption, csprng based scrambling, csprng based whitening, and more. Documentation provided.
-
6:55
»
Packet Storm Security Misc. Files
MultiObfuscator is a professional cryptography tool that offers double encryption, csprng based scrambling, csprng based whitening, and more. Documentation provided.
-
-
15:01
»
Packet Storm Security Recent Files
Libecc is a C++ elliptic curve cryptography library that supports fixed-size keys for maximum speed. The goal of this project is to become the first free Open Source library providing the means to generate safe elliptic curves, and to provide an important source of information for anyone with general interest in ECC.
-
15:01
»
Packet Storm Security Misc. Files
Libecc is a C++ elliptic curve cryptography library that supports fixed-size keys for maximum speed. The goal of this project is to become the first free Open Source library providing the means to generate safe elliptic curves, and to provide an important source of information for anyone with general interest in ECC.
-
-
10:22
»
Packet Storm Security Recent Files
pycryptopp provides a few useful cryptography algorithms for Python programmers, based on the excellent Crypto++ library (which is written in C++).
-
10:22
»
Packet Storm Security Misc. Files
pycryptopp provides a few useful cryptography algorithms for Python programmers, based on the excellent Crypto++ library (which is written in C++).
-
-
1:01
»
Packet Storm Security Tools
Publimark is a command line tool to secretly embed text in an audio file. Like cryptography, it uses a pair of keys: the public one can be shared, whereas the private one must be kept secret. Anybody can send a steganographic message, but only the private key owner will be able read it. Marked audio files are still playable.
-
-
10:25
»
Hack a Day
Trusted Platform Module based cryptography protects your secrets as well as your government’s secrets. Well, it used to. [Christopher Tarnovsky] figured out how to defeat the hardware by spying on its communications. This requires physical access so it’s not quite as bad as it sounds, but this does reach beyond TPM to many of the [...]
-
-
21:10
»
SecDocs
Authors:
Moti Yung Tags:
malware cryptography Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: In this talk I will survey some of the results (with Adam Young) on Cryptovirology (the art of employing public key cryptography maliciously as part of a malware attack, such as in ransomware) and the related Kleptography (the art of embedding cryptographic Trojans inside tamper-proof cryptosystems). I will discuss some of the results and their influence on the limitation of the notion of “trust” in systems, as well as changes to suggested practice of cryptography that followed this research’s findings (perhaps as a result of the findings?).
-
-
21:02
»
SecDocs
Authors:
Qin Liu Sebastien Sauge Tags:
cryptography quantum cryptography Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: This presentation will show the first experimental implementation of an eavesdropper for quantum cryptosystem. Although quantum cryptography has been proven unconditionally secure, by exploiting physical imperfections (detector vulnerability) we have successfully built an intercept-resend attack and demonstrated eavesdropping under realistic conditions on an installed quantum key distribution line. The actual eavesdropping hardware we have built will be shown during the conference. Quantum cryptography, as being based on the laws of physics, was claimed to be much more secure than all classical cryptography schemes.(Un)fortunately physical hardware is not beyond of an evil control: We present a successful attack of an existing quantum key distribution system exploiting a photon detector vulnerability which is probably present in all existing devices. Without Alice and Bob losing their faith in their secure communication, we recorded 100% of the supposedly secret key. Single photon detectors based on passively quenched avalanche photodiodes are used in a number of quantum key distribution experiments. A vulnerability has been found in which these detectors can be temporarily blinded and then forced to produce a click [1]. An attack exploiting this vulnerability against a free-space polarization based quantum cryptosystem [2,3] is feasible. By controlling the polarization of a bright beam the eavesdropper Eve can force any detector of her choice to fire in the legitimate receiver Bob, such that she gets a full control of it without introducing additional errors. This allows Eve to run an intercept-resend attack without getting caught, and obtain a full copy of the transmitted secret key. We have fully demonstrated this attack under realistic conditions on an installed fiber optic quantum key distribution system. The system uses polarization encoding over 290 m of optical fiber spanning four buildings. A complete eavesdropper has been built, inserted at a mid-way point in the fiber line, and 100% of the secret key information has been recorded. Under attack, no significant changes in the system operating parameters have been observed by the legitimate users, which have happily continued to generate their 'secret' key.
-
21:02
»
SecDocs
Authors:
Qin Liu Sebastien Sauge Tags:
cryptography quantum cryptography Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: This presentation will show the first experimental implementation of an eavesdropper for quantum cryptosystem. Although quantum cryptography has been proven unconditionally secure, by exploiting physical imperfections (detector vulnerability) we have successfully built an intercept-resend attack and demonstrated eavesdropping under realistic conditions on an installed quantum key distribution line. The actual eavesdropping hardware we have built will be shown during the conference. Quantum cryptography, as being based on the laws of physics, was claimed to be much more secure than all classical cryptography schemes.(Un)fortunately physical hardware is not beyond of an evil control: We present a successful attack of an existing quantum key distribution system exploiting a photon detector vulnerability which is probably present in all existing devices. Without Alice and Bob losing their faith in their secure communication, we recorded 100% of the supposedly secret key. Single photon detectors based on passively quenched avalanche photodiodes are used in a number of quantum key distribution experiments. A vulnerability has been found in which these detectors can be temporarily blinded and then forced to produce a click [1]. An attack exploiting this vulnerability against a free-space polarization based quantum cryptosystem [2,3] is feasible. By controlling the polarization of a bright beam the eavesdropper Eve can force any detector of her choice to fire in the legitimate receiver Bob, such that she gets a full control of it without introducing additional errors. This allows Eve to run an intercept-resend attack without getting caught, and obtain a full copy of the transmitted secret key. We have fully demonstrated this attack under realistic conditions on an installed fiber optic quantum key distribution system. The system uses polarization encoding over 290 m of optical fiber spanning four buildings. A complete eavesdropper has been built, inserted at a mid-way point in the fiber line, and 100% of the secret key information has been recorded. Under attack, no significant changes in the system operating parameters have been observed by the legitimate users, which have happily continued to generate their 'secret' key.
-
-
21:06
»
SecDocs
Authors:
Philippe Oechslin Tags:
reverse engineering cryptography Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: Breaking good crypto is hard. It takes a genius to find a flaw in AES or Blowfish. On the other hand, it is also difficult to program cryptography correctly. Thus the simpler way of breaking a cryptographic software is often to reverse engineer it and find the crypto errors that were made by the programmers. In this talk the simple errors will be demonstrated that were discovered when reverse engineering three products for evaluation or forensic purposes. In each case, a simple error gave access to information that was supposed to be protected by the best crypto algorithms. The demos will be the following: * the FIPS 142-3 level 2 certified MXI stealth USB key (before it got patched) * a version of the E-capsule private safe from EISST * Data Beckers now defunct Private Safe software
-
9:00
»
SecDocs
Authors:
Philippe Oechslin Tags:
reverse engineering cryptography Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: Breaking good crypto is hard. It takes a genius to find a flaw in AES or Blowfish. On the other hand, it is also difficult to program cryptography correctly. Thus the simpler way of breaking a cryptographic software is often to reverse engineer it and find the crypto errors that were made by the programmers. In this talk the simple errors will be demonstrated that were discovered when reverse engineering three products for evaluation or forensic purposes. In each case, a simple error gave access to information that was supposed to be protected by the best crypto algorithms. The demos will be the following: * the FIPS 142-3 level 2 certified MXI stealth USB key (before it got patched) * a version of the E-capsule private safe from EISST * Data Beckers now defunct Private Safe software
-
-
10:45
»
SecDocs
-
10:45
»
SecDocs
-
7:11
»
SecDocs
-
1:12
»
remote-exploit & backtrack
Hello,
I am currently doing research into cryptography export limits and have searched Google extensively but have not found a conclusive answer to my question.
A while back the United States relaxed it's import and export laws regarding encryption which is why software such as Firefox and Internet Explorer could provide 128-bit ciphers outside of the U.S. I have however heard that the same does not hold true for software that is not freely available. What if I were to use RSA encryption? Would I have to limit the cipher strength if I would want to communicate with the U.S.?
Thanks!
