Re: $100,000 reward

Lucky Green (shamrock@netcom.com)
Sat, 20 Jun 1998 12:40:57 -0700

• Next message: boo: "the export of RC6"
• Previous message: Ben Laurie: "Re: $100,000 reward"
• In reply to: Bill Frantz: "Re: $100,000 reward"
• Next in thread: Ben Laurie: "Re: $100,000 reward"

At 08:40 98/06/20 -0500, Bruce Schneier wrote:
>At 10:42 PM 6/19/98 -0700, Lucky Green wrote:
>>At 07:31 98/06/19 -0500, Bruce Schneier wrote:
>>The new RSA Mondex cards and the six non-COMP128 GSM providers come to mind.
>
>Get me specs.

As with all potential snake oil, there aren't any specs available. In fact,
it is frequently the lack of publicly available specs that makes a crypto
system a candidate for snake oil. Whenever I hear "trust us, the system is
secure" an alarm bell goes off in my head. Discovering what ciphers are
used in systems that use non-public designs is the hard part. The
cryptanalysis tends to be the easy part.

The recent GSM break is a good example: it took some 8 years before the
cipher used was discovered. The cryptanalysis required all of two hours.

-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred

   "I do believe that where there is a choice only between cowardice and
    violence, I would advise violence." Mahatma Gandhi

• Next message: boo: "the export of RC6"
• Previous message: Ben Laurie: "Re: $100,000 reward"
• In reply to: Bill Frantz: "Re: $100,000 reward"
• Next in thread: Ben Laurie: "Re: $100,000 reward"