[cryptography] Preserve us from poorly described/implemented crypto

Ian G iang at iang.org
Tue Jun 7 08:18:14 EDT 2011


On 6/06/11 2:53 PM, Marsh Ray wrote:

> Come on. There are people in tall glass buildings that will be using
> this keyboard to enter passwords that manage accounts containing
> millions of dollars on a regular basis. And there's a very high
> practical limit on the gain of the antenna that could be aimed directly
> at them from an office on the same floor across the street.


People in tall glass buildings should learn not to throw electronic 
stones then....  It's easy, just use a laptop w/ethernet.  No wireless, 
no keyboard loggers.  Corporates know how to issue laptops.

> On the defense side, the agencies that are experienced at looking at
> signals also have the mission of protecting the US government itself.
> Surely they realize it's impractical to keep every off-the-shelf
> keyboard out of every marginally sensitive location.

Then, the rest of society has to pay for their incompetence?

Anyone know what the price of a DoD-secured keyboard is :)

> Check this out:
> http://www.spi.dod.mil/liposeFAQ.htm
> Someone please tell them they ought to require HTTPS for this kind of
> download.

"To access any of our SSL-protected web pages, you will need to 
authorize your browser to trust either our certificate, or (better 
choice) the US Government's DoD Root CA-2 (which vouches for the root of 
our certificate chain)."

iang



More information about the cryptography mailing list