|
|
 Up |
|
|
  |
Author: Antony ClementsAntony Clements
Date: Nov 15, 2006 21:38
> Since you are on Microsoft, then the CSRNG in the CryptoAPI might be a
> possible entropy source. There are issues with it as Microsoft have
> not released all the details, but it is probably OK as a source of
> entropy provided you do not rely solely on it.
i don't trust icrosoft for security as far as i can throw it, i just use
some microsoft products because they are default standards
|
| |
|
| |
no comments
|
|
|
Author: Antony ClementsAntony Clements
Date: Nov 15, 2006 21:37
> Why not look at how Linux and BSD gather entropy?
i have a an old linux build laying around, i didnt think it would be worth
anything
|
| |
|
| |
no comments
|
|
|
Author: Guy FawkesGuy Fawkes
Date: Nov 15, 2006 21:24
I'm looking for a nice, easy to use yet comprehensive C/C++ Crypto library
which has symmetric, asymmetric and hashing (preferably RSA, AES and
Whirlpool).
Apart from libTomCrypt and Crypto++ which others are out there and
recommended?
|
| |
|
7 Comments |
|
|
Author: Anne & Lynn WheelerAnne & Lynn Wheeler
Date: Nov 15, 2006 19:13
"Joseph Ashwood" msn.com> writes:> B) Slap $100 worth of equipment onto random ATM machine, harvest data via
> Wi-fi so you never have to touch it again.
from today's news (made off with 200,000 pounds so far):
ATMs hacked using MP3 player
http://news.com.com/2061-10789_3-6135905.html
from above:
The gang targeted freestanding cash dispensers and would tap the phone
line between the ATM and a wall socket by placing a two-way adaptor on
it and connecting an MP3 player, according to the newspaper.
... snip ...
|
| |
|
4 Comments |
|
|
Author: uriuri
Date: Nov 15, 2006 18:55
Joseph Ashwood wrote:
> So basically you've got:
> A) An inside job where they'd have to gain access to the secured network,
> where security is often extremely tight.
> B) Slap $100 worth of equipment onto random ATM machine, harvest data via
> Wi-fi so you never have to touch it again.
>
> hmmmm, if I were to mount this attack, I'd take option B; lower risk, lower
> time cost, same reward.
> Joe
I agree that plan B may be easier for some, and that the overall
security of the system is only as strong as the weakest link. However,
with plan B you may be limited in the number of ATMs you can put your
hands on, and physical changes on a large number of public ATMs may be
harder to conceal.
|
| Show full article (1.20Kb) |
|
no comments
|
|
|
Author: Joseph AshwoodJoseph Ashwood
Date: Nov 15, 2006 17:09
> JR wrote:
>
> This paper describes crypto attacks on the protocols and standards for
> financial ATM PIN processing.
>
> The results show an inherent flaw with the way ATM PINs are encrypted
> and conveyed on the international financial networks.
> One of the most disturbing results is that instead of just having to
> trust that your own issuer bank has good control over insider fraud,
> every other financial institution in the network must be trusted as
> well - an insider at another bank can crypto-crack your ATM PIN if you
> withdraw money from any of their ATMs.
|
| Show full article (1.74Kb) |
|
no comments
|
|
|
|
|
|
Author: Anne & Lynn WheelerAnne & Lynn Wheeler
Date: Nov 15, 2006 07:31
Sebastian Gottschalk writes:
> No. PINs represent something you know. A smartcard with a PINs add a
> something you have.
re:
http://www.garlic.com/~lynn/2006u.html#40 New attacks on the financial PIN processing
sorry finger slip ... hopefully was evident in subsequent discussion
about pin being something you know
|
| |
|
no comments
|
|
|
Author: ChokksChokks
Date: Nov 15, 2006 06:33
Hi,
I'm Chokks, working in the area of Information Systems Audit/Security
(not much into network security but others) for the past 5 years.Please
note I hold only MBA,CISA and not a mathematics guy as such.
I'm much interested in getting into Cryptography as a career (working
as a researcher in Corporate research labs is one of my objectives).
Based on this group's suggestions earlier, I have bought Applied
Cryptography of Bruce Schneier and in the process of studying (I didnot
find much difficulty).
Since I'm working currently and cannot attend any college for doing
Ph.d degree, could any one suggest how I can move into this area and
achieve my one of the objectives of working for a lab.
Should i need a Ph.d degree for getting into this area?
Where to start since I'm carrying out self study?
Should I be thorough in many of the areas of mathematics before I get
into this area? Although I have bought some books on cryptography
wherein mathematics is limitless and I'm lost.
Although many have commented about getting into cryptography path, I
require a personalised suggestion from you people. Please help me.
|
| Show full article (1.24Kb) |
|
6 Comments |
|
|
|
|
|
Author: Anne & Lynn WheelerAnne & Lynn Wheeler
Date: Nov 15, 2006 06:25
> JR wrote:
>
> This paper describes crypto attacks on the protocols and standards for
> financial ATM PIN processing.
>
> The results show an inherent flaw with the way ATM PINs are encrypted
> and conveyed on the international financial networks.
> One of the most disturbing results is that instead of just having to
> trust that your own issuer bank has good control over insider fraud,
> every other financial institution in the network must be trusted as
> well - an insider at another bank can crypto-crack your ATM PIN if you
> withdraw money from any of their ATMs.
for quite some time, the conventional wisdom has been that insiders
are the greatest source of fraud, data breaches, identity theft, etc.
supposedly PINs represent two-factor authentication ... from 3-factor
authentication model
http://www.garlic.com/~lynn/subintegrity.html#3factor
|
| Show full article (3.35Kb) |
|
1 Comment |
|
|
|
|
|
|
