mersenneforum.org Crypto News
 Register FAQ Search Today's Posts Mark Forums Read

 2017-02-24, 04:54 #12 CRGreathouse     Aug 2006 597910 Posts Very interesting! I was trying to ballpark how much this would cost on EC2 but it's not even clear which instance type to use...
2017-02-24, 07:37   #13
xilman
Bamboozled!

"𒉺𒌌𒇷𒆷𒀭"
May 2003
Down not across

1095610 Posts

Quote:
 Originally Posted by ewmayer SHA-1 is officially unsafe - collaboration here was with CWI: Google Online Security Blog: Announcing the first SHA1 collision They could have just said "2^63 SHA1 computations in total", but nooo... o And in other news, a major browser/website-security hole has been reported w.r.to sites which use CloudFlare, which are alas legion. [Note my initial post incorrectly stated the Cloudflare issue was related to the SHA1 collision one.]
And here's a statement about the effect on Git, Mercurial, etc. from the Mercurial project.

If you're not already being extremely diligent about vetting your project's contributors and contributions, cryptography will provide very little defense.

Another one, by Roger Needham or Butler Lampson (each attributes it to the other) is that anyone who believes that security can be solved by the application of cryptography understands neither security nor cryptography.

2017-02-24, 20:41   #14
danaj

"Dana Jacobsen"
Feb 2011
Bangkok, TH

11100011012 Posts

Quote:
 Originally Posted by CRGreathouse Very interesting! I was trying to ballpark how much this would cost on EC2 but it's not even clear which instance type to use...
From the paper, they indicate stage 2 uses p2.16xlarge EC2 instances. I haven't gone through math or current prices, but they state about $560k at normal prices or$110k "off-peak".

Stage 1 was a bit over 6500 core-years (~ Xeon E5-2650v3 cores). My numbers come out to about $1M using 3-year contract reserved, or roughly$300k if using optimal spot pricing. Or you could do what the headline reporters are doing and assume that Google will do all this work for you for free or that this part of the solution just drops in your lap.

2017-02-25, 03:56   #15
jwaltos

Apr 2012

24·52 Posts

Quote:
 Originally Posted by xilman Another one, by Roger Needham or Butler Lampson (each attributes it to the other) is that anyone who believes that security can be solved by the application of cryptography understands neither security nor cryptography.
lol

 2017-02-26, 01:16 #16 ewmayer ∂2ω=0     Sep 2002 República de California 266128 Posts More on the CloudFlare fubar: Everything You Need To Know About Cloudbleed, The Latest Internet Security Disaster | Gizmodo Australia Long story short: '==' in place of '>=' ==> buffer-overrun data-spewage badness. I pity the poor swdev-schlemiel who wrote that single wrong character, hard to say who is more at fault, the coder who committed said mistake or the folks whose QA-test infrastructure failed to catch such catastrophic data-leakage.
2017-02-26, 01:27   #17
retina
Undefined

"The unspeakable one"
Jun 2006
My evil lair

142148 Posts

Quote:
 Originally Posted by ewmayer Long story short: '==' in place of '>=' ==> buffer-overrun data-spewage badness.
Technically, yes. But we also have to blame the basic design strategy. Having all that sensitive data available in the clear without sanitisation after using it is a bad design strategy. Allowing the system to be so fragile that just a single comparison can make it fail is a bad design strategy. Not separating the memory regions between tasks is a bad design strategy.

I'm sure it was all done to save costs to enrich the CEOs bank account. But short-cuts lead to long delays. [RIP JRRT]

2017-03-07, 23:19   #18
ewmayer
2ω=0

Sep 2002
República de California

2×3×29×67 Posts

Vault 7: CIA Hacking Tools Revealed | Wikileaks
Quote:
 Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named “Vault 7” by WikiLeaks, it is the largest ever publication of confidential documents on the agency. The first full part of the series, “Year Zero”, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election. Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive. “Year Zero” introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of “zero day” weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones. Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force — its own substantial fleet of hackers. The agency’s hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA’s hacking capacities. By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware. Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its “own NSA” with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified. In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons. Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.
The NYT piece on the story predictably has a top reader comment which blames everything on the Evil Rooskies, and said article arguably buries the most important point deep down in paragraph 15:

“Another program described in the documents, named Umbrage, is a voluminous library of cyberattack techniques that the C.I.A. has collected from malware produced by other countries, including Russia. According to the WikiLeaks release, the large number of techniques allows the C.I.A. to mask the origin of some of its cyberattacks and confuse forensic investigators.”

Last fiddled with by ewmayer on 2017-03-12 at 04:14 Reason: sad -> said

2017-03-08, 00:57   #19
bgbeuning

Dec 2014

3×5×17 Posts

Quote:
 Originally Posted by ewmayer Flaw in Intel chips could make malware attacks more potent | Ars Technica Specific side-channel exploit that was demoed used the Haswell branch predictor.
ASLR slows down buffer overflow attacks where hackers load code on the stack and then the function return jumps to the hacker code. New CPU have a memory management unit (MMU) bit that makes data pages non-executable (hardware calls it NX bit, Windows calls it DEP) and helps to block buffer overflow attacks by making thread stacks read-writable but non-executable pages. Older MMU only had read-only vs. read-write page protection.

 2017-03-23, 13:23 #20 Nick     Dec 2012 The Netherlands 22·19·23 Posts For anyone interested in lattice-based crypto, the slides of the Spring School at the Oxford Maths Institute are now publicly available: https://www.maths.ox.ac.uk/groups/cr...d-cryptography (scroll down to "Programme")
2017-05-17, 00:47   #21
ewmayer
2ω=0

Sep 2002
República de California

2×3×29×67 Posts

Apologies if this has been previously linked elsewhere on the forum:

A kilobit hidden SNFS discrete logarithm computation | Joshua Fried and Pierrick Gaudry and Nadia Heninger and Emmanuel Thomé
Quote:
 Abstract: We perform a special number field sieve discrete logarithm computation in a 1024-bit prime field. To our knowledge, this is the first kilobit-sized discrete logarithm computation ever reported for prime fields. This computation took a little over two months of calendar time on an academic cluster using the open-source CADO-NFS software. Our chosen prime $p$ looks random, and $p-1$ has a 160-bit prime factor, in line with recommended parameters for the Digital Signature Algorithm. However, our $p$ has been trapdoored in such a way that the special number field sieve can be used to compute discrete logarithms in $\mathbb{F}_p^*$, yet detecting that $p$ has this trapdoor seems out of reach. Twenty-five years ago, there was considerable controversy around the possibility of backdoored parameters for DSA. Our computations show that trapdoored primes are entirely feasible with current computing technology. We also describe special number field sieve discrete log computations carried out for multiple weak primes found in use in the wild.

2017-05-18, 05:29   #22
Dubslow

"Bunslow the Bold"
Jun 2011
40<A<43 -89<O<-88

3×29×83 Posts

Quote:
 We also describe special number field sieve discrete log computations carried out for multiple weak primes found in use in the wild.
Yikes. Confirming that backdooring is possible is just as bad too.

 Similar Threads Thread Thread Starter Forum Replies Last Post ElChapo Math 9 2017-06-10 03:26 plandon Lounge 0 2009-06-16 13:55 NBtarheel_33 Hardware 17 2009-05-04 15:52 R.D. Silverman Lounge 2 2007-08-08 20:24 MrHappy Lounge 0 2005-01-19 16:27

All times are UTC. The time now is 14:37.

Fri Oct 22 14:37:53 UTC 2021 up 91 days, 9:06, 1 user, load averages: 1.07, 1.35, 1.34

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.