• všechny e-ziny od 9/1999
  • celou databázi NEWS
  • soutěže 2000-2011
  • další články a BONUSY

Security - News


Crypto - News | Security - News

02 / 2005
Vybrali pro vás: TR - Tomáš Rosa, JP - Jaroslav Pinkava, PV - Pavel Vondruška, VK - Vlastimil Klíma

Bruce Schneier - Ciphire e-mail encryption system - analýza

Summary. Protecting against attacks from insiders is an incredibly daunting, if not impossible, task. Given such constraints, we believe that the Ciphire System still performs remarkably well. Our concerns with Trojan horses in Section 3 would be applicable regardless of what underlying cryptographic mechanisms Ciphire decided to employ. In practice, eventually our man-in-the-middle attacks in Section 4 will likely be detected by Ciphire users; this is in some sense the best that we can hope for, since preventing such attacks in the first place may be impossible. Our attacks in Sections 6 and 7 are byproducts of Ciphire’s ease-of-use, and thus cannot be fully addressed without compromising on Ciphire’s ease-of-use design goal. Addendum. We analyzed the version of the Ciphire System described in the documents. From recent communications with Ciphire, we understand that Ciphire Labs is planning to address or has addressed some of the issues that we raise. This review does not reflect those changes.
Zdroj: http://cryptome.org/ciphire-report.zip
Autor: JP

<<- novější - Mailman - objevena chyba, která umož?uje prozrazení hesel
Design: Webdesign