mersenneforum.org  

Go Back   mersenneforum.org > Math Stuff > Tales From the Crypt(o)

Reply
 
Thread Tools
Old 2017-11-06, 14:43   #34
Dr Sardonicus
 
Dr Sardonicus's Avatar
 
Feb 2017
Nowhere

137D16 Posts
Default

Quote:
Originally Posted by retina View Post
Padding schemes have existed for a long time to cover this case (and others). Don't simply use RSA without a bit of back reading.
Er, ah, I wasn't being entirely serious there (the emoticon should have been a clue). Of course, the same issue exists with the keys currently in use. Still, requiring the plaintext to be padded out to well in excess of 8000 bytes was enough to get my attention.

Quote:
But a modulus of 2^43 bits requires two primes of ~2^21.5 bits, those are not so easy to find.
Hmm. I better reread. My recollection is, they were talking about keys with a lot of prime factors, each of some substantial size (4096 bits? 4096 bytes?), all congruent to 2 (mod 3), assuming the exponent e = 3. You'd need millions of them, of course.
Dr Sardonicus is online now   Reply With Quote
Old 2017-11-06, 15:09   #35
CRGreathouse
 
CRGreathouse's Avatar
 
Aug 2006

3×1,993 Posts
Default

Quote:
Originally Posted by Dr Sardonicus View Post
Quote:
Originally Posted by retina View Post
Padding schemes have existed for a long time to cover this case (and others). Don't simply use RSA without a bit of back reading.
Er, ah, I wasn't being entirely serious there (the emoticon should have been a clue). Of course, the same issue exists with the keys currently in use. Still, requiring the plaintext to be padded out to well in excess of 8000 bytes was enough to get my attention.
I think that was a reasonable point to raise. Of course it can be handled by standard technique(s).

Quote:
Originally Posted by Dr Sardonicus View Post
Hmm. I better reread. My recollection is, they were talking about keys with a lot of prime factors, each of some substantial size (4096 bits? 4096 bytes?), all congruent to 2 (mod 3), assuming the exponent e = 3. You'd need millions of them, of course.
Exactly -- in this case, two billion 4096-bit primes.
CRGreathouse is offline   Reply With Quote
Old 2017-11-07, 02:30   #36
CRGreathouse
 
CRGreathouse's Avatar
 
Aug 2006

3·1,993 Posts
Question

Quote:
Originally Posted by ewmayer View Post
But note the apparently highly supralinear scaling between key length and #qubits needed, as detailed here:

Google Plans to Demonstrate the Supremacy of Quantum Computing - IEEE Spectrum
Can anyone figure out how they get a number that big? The ultimate source seems to be the recent Nature piece "Commercialize early quantum technologies", which says only:
For example, factorizing a 2,000-bit number in one day, a task believed to be intractable using classical computers, would take 100 million qubits, even if individual quantum operations failed just once in every 10,000 operations.
What kind of operation counts are they assuming, and what kind of quantum error correction? Calderbank, Rains, Shor, & Sloane get (seemingly) quite good error correction without spending too many qubits, and the threshold theorem should let us patch things together... but the Martinis group are the real experts here, so if this is what they say there are good reasons for it.
CRGreathouse is offline   Reply With Quote
Old 2019-05-17, 15:54   #37
Nick
 
Nick's Avatar
 
Dec 2012
The Netherlands

22×19×23 Posts
Default Security Engineering

Ross Anderson has started a new version of his book, with early versions of chapters available free online:
https://www.cl.cam.ac.uk/~rja14/book.html
Nick is online now   Reply With Quote
Old 2019-12-22, 11:41   #38
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

22×1,571 Posts
Default Snake oil?

Perfect secrecy cryptography via mixing of chaotic waves in irreversible time-varying silicon chips
Quote:
Here we show a perfect secrecy cryptography in classical optical channels. The system exploits correlated chaotic wavepackets, which are mixed in inexpensive and CMOS compatible silicon chips. The chips can generate 0.1 Tbit of different keys for every mm of length of the input channel, and require the transmission of an amount of data that can be as small as 1/1000 of the message’s length. We discuss the security of this protocol for an attacker with unlimited technological power, and who can access the system copying any of its part, including the chips. The second law of thermodynamics and the exponential sensitivity of chaos unconditionally protect this scheme against any possible attack.
It appears to be only valid for point-to-point optical channels. Any repeater or router will destroy the data. That is assuming it isn't just snake oil.
retina is online now   Reply With Quote
Old 2019-12-23, 22:17   #39
jwaltos
 
jwaltos's Avatar
 
Apr 2012
Gracie on alert.

24·52 Posts
Default

Quote:
Originally Posted by Nick View Post
Ross Anderson has started a new version of his book, with early versions of chapters available free online
Thanks Nick!
jwaltos is offline   Reply With Quote
Old 2020-01-07, 17:35   #40
xilman
Bamboozled!
 
xilman's Avatar
 
"𒉺𒌌𒇷𒆷𒀭"
May 2003
Down not across

22×3×11×83 Posts
Default SHA-1 collision attacks implemented

https://sha-mbles.github.io/

Quote:
We have reduced the cost of a collision attack from 264.7 to 261.2, and the cost of a chosen-prefix collision attack from 267.1 to 263.4 (on a GTX 970 GPU).

We implemented the entire chosen-prefix collision attack with those improvements. This attack is extremely technical, contains many details, various steps, and requires a lot of engineering work. In order to perform this computation with a small academic budget, we rented cheap gaming or mining GPUs from GPUserversrental, rather that[sic] the datacenter-grade hardware used by big cloud providers. We have successfully run the computation during two months last summer, using 900 GPUs (Nvidia GTX 1060).

As a side result, this shows that it now costs less than 100k USD to break cryptography with a security level of 64 bits (i.e. to compute 264 operations of symmetric cryptography).

Last fiddled with by xilman on 2020-01-07 at 17:39 Reason: Improve (well, alter anyway) the formatting
xilman is offline   Reply With Quote
Old 2020-01-07, 21:37   #41
Nick
 
Nick's Avatar
 
Dec 2012
The Netherlands

22×19×23 Posts
Default

Quote:
Originally Posted by xilman View Post
It does make you wonder how much SHA-1 cracking occurred while it was still the main algorithm used.
Nick is online now   Reply With Quote
Old 2020-01-15, 22:38   #42
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

2·3·29·67 Posts
Default

Cryptic Rumblings Ahead of First 2020 Patch Tuesday | Krebs on Security
Quote:
Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.

According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles “certificate and cryptographic messaging functions in the CryptoAPI.” The Microsoft CryptoAPI provides services that enable developers to secure Windows-based applications using cryptography, and includes functionality for encrypting and decrypting data using digital certificates.

A critical vulnerability in this Windows component could have wide-ranging security implications for a number of important Windows functions, including authentication on Windows desktops and servers, the protection of sensitive data handled by Microsoft’s Internet Explorer/Edge browsers, as well as a number of third-party applications and tools.

Equally concerning, a flaw in crypt32.dll might also be abused to spoof the digital signature tied to a specific piece of software. Such a weakness could be exploited by attackers to make malware appear to be a benign program that was produced and signed by a legitimate software company.

This component was introduced into Windows more than 20 years ago — back in Windows NT 4.0. Consequently, all versions of Windows are likely affected (including Windows XP, which is no longer being supported with patches from Microsoft).

Microsoft has not yet responded to requests for comment. However, KrebsOnSecurity has heard rumblings from several sources over the past 48 hours that this Patch Tuesday (tomorrow) will include a doozy of an update that will need to be addressed immediately by all organizations running Windows
See article for multiple Updates.
ewmayer is offline   Reply With Quote
Old 2020-01-16, 10:21   #43
henryzz
Just call me Henry
 
henryzz's Avatar
 
"David"
Sep 2007
Cambridge (GMT/BST)

25×5×37 Posts
Default

I find it interesting how they held off on this until Windows 7 was no longer supported.
henryzz is offline   Reply With Quote
Old 2020-01-16, 10:37   #44
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

188C16 Posts
Default

Quote:
Originally Posted by henryzz View Post
I find it interesting how they held off on this until Windows 7 was no longer supported.
Apparently the final patch for 7 has a fix.

And also I read, the older versions of Windows don't support the ECC crypto so are not affected.

Last fiddled with by retina on 2020-01-16 at 10:38
retina is online now   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
ElGamal crypto without prime ElChapo Math 9 2017-06-10 03:26
SHA-1 Crypto Hash weakened plandon Lounge 0 2009-06-16 13:55
The news giveth, the news taketh away... NBtarheel_33 Hardware 17 2009-05-04 15:52
Crypto 2007 R.D. Silverman Lounge 2 2007-08-08 20:24
crypto game MrHappy Lounge 0 2005-01-19 16:27

All times are UTC. The time now is 13:11.


Fri Oct 22 13:11:06 UTC 2021 up 91 days, 7:40, 1 user, load averages: 1.65, 1.37, 1.29

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.