[cap-talk] Safety of Password Capabilities
Karp, Alan H
alan.karp at hp.com
Wed Mar 9 11:28:52 EST 2005
Valerio Bellizzomi wrote:
>
> This is a very serious concern. It is relevant with regard to
> privacy, AND
> to data integrity as it is possible by using the described
> technique to
> track and flood a physical device constantly every time it
> connects. In
> other words it is possible to render *unusable* a targeted device.
>
There are many ways to interfere with communications. My question
concerns the privacy and integrity of the messages that get through.
For this purpose, I'm not even worried about an attacker deleting a
subset of the messages, just whether the attacker can modify the
contents of the messages without being detected or learn the contents of
the messages.
As an aside, I've been reading that this tracking isn't as much of a
threat as some press stories have indicated. Part of the machine
signature is clock skew, which is easily spoofed. Further, the
resolution used allows picking a specific machine out of a hundred but
not out of a million.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 433 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20050309/894c71cc/KarpAlanH.vcf
More information about the cap-talk
mailing list