MistahDarcy has quit [Remote host closed the connection]
diarything has quit [Ping timeout: 244 seconds]
diarything has joined #qi-hardware
sb0 has quit [Quit: Leaving]
sb0 has joined #qi-hardware
sb0 has quit [Quit: Leaving]
wpwrak has quit [Ping timeout: 260 seconds]
Shikadi has quit [Ping timeout: 248 seconds]
jwhitmore has joined #qi-hardware
jwhitmore has quit [Ping timeout: 244 seconds]
kyak has quit [Quit: Lost terminal]
kyak has joined #qi-hardware
jwhitmore has joined #qi-hardware
jwhitmore has quit [Ping timeout: 256 seconds]
<whitequark>
DocScrutinizer: apparently DIN VDE V 0831-200 is being rolled out now and it uses MD4 for message integrity
<whitequark>
which you can find collisions in in under two MD4 operations
<DocScrutinizer>
context?
<whitequark>
german railways are going to use that instead of TCP
<DocScrutinizer>
ooh
jwhitmore has joined #qi-hardware
jwhitmore has quit [Ping timeout: 244 seconds]
sb0 has joined #qi-hardware
<kyak>
whitequark: you should distinguish between safety and security. DIN VDE V 0831-200 seems to be derivative from CENELEC - EN 50159, where it says explicitely that "This European Standard does not cover general IT security issues and in particular it does not cover IT security issues concerning: - ensuring confidentiality of safety-related information, - preventing overloading of the transmission system."
<kyak>
industries (especially aviations, but also automotive/industrial automation/railway/medical/nuclear) are doing quite well in terms of safety. There are well established standards for that. But they all suck bad in terms of security, without a doubt
<mth>
if it's easy for an attacker to breach security, can you call a system safe then?