IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Any bankers? Speaking of 3DES security
The Reg points out YAN impending self-destruct. It seems we are in a self-destruct mode on lots of scales, now.

[link|http://www.cl.cam.ac.uk/~rnc1/descrack/|All your (bank's) bases...]


{sigh}

Well it's hardly a Smash n'Grab, and lots of toys are required and 25-37 hours (at home) to do some brute-force crunching.. but with all those account numbers, PINs and the rest:

All it takes is the ethics of a certain large Corp + one Banker with just nominal access to the gadget (~20 min) and rest of weekend for final 2-part key. Why.. it's better than a .com and a senile Venture Capitalist!

(PS they tried to tell IBM about their companion s/ware problem ~a year ago, but apparently it was like Putin trying to get US to pay attention to bin-L a while back..)

Bon appetit!
New Fascinating! Thanks, Ashton.
I bet the CCA design "hole" will be closed, post haste. Not knowing the exact implementation, I wonder if a recall is needed or simply an firmware upgrade. Until then, physical security of the crypto card is all that's left.

Back in the 80's, I was a developer on the IBM 4700 systems. These systems, with a link to big iron, were used to control bank branch teller terminals, administrative terminals, and, at some banks, ATMs. During a "migration" from 16-bit to 32-bit processors, I, "in my spare time", re-implemented the DES functions. The processor clock was 30% faster, but by changing the software design, I got almost 7 times the performance for encrypting/decrypting long messages. Transactions are typically short messages. The hardest part was thorough testing because the code was committed to silicon and it was $40K to re-release the ROM part. Yep, silicon being a metal, this was coding on bare metal, and I managed to do it right the first time.

Anyway, if you used IBM ATMs in the 80's, and your bank used a 4700 system to control them, you tickled my code. Teller transactions may or may not have used crypto functions. Banks wrote these applications, so crypto was an available option.

Alex

Men never do evil so completely and cheerfully as when they do it from religious conviction. -- Blaise Pascal (1623-1662)
New Interesting.
I have to rememeber to read it when I have more time than now.

However, from working with cryptographic key management wrt ATM hardware, I know that filching the keys is probably as best an interesting theoretical exercise. If you have the access required to crack the processor, there are lots of easier ways to avail yourself of the bank's cash.

Wade.

"All around me are nothing but fakes
Come with me on the biggest fake of all!"

     Any bankers? Speaking of 3DES security - (Ashton) - (2)
         Fascinating! Thanks, Ashton. - (a6l6e6x)
         Interesting. - (static)

LI_
51 ms