mersenneforum.org  

Go Back   mersenneforum.org > Math Stuff > Tales From the Crypt(o)

Reply
 
Thread Tools
Old 2017-02-24, 04:54   #12
CRGreathouse
 
CRGreathouse's Avatar
 
Aug 2006

597910 Posts
Default

Very interesting! I was trying to ballpark how much this would cost on EC2 but it's not even clear which instance type to use...
CRGreathouse is offline   Reply With Quote
Old 2017-02-24, 07:37   #13
xilman
Bamboozled!
 
xilman's Avatar
 
"𒉺𒌌𒇷𒆷𒀭"
May 2003
Down not across

11×17×59 Posts
Default

Quote:
Originally Posted by ewmayer View Post
SHA-1 is officially unsafe - collaboration here was with CWI:

Google Online Security Blog: Announcing the first SHA1 collision

They could have just said "2^63 SHA1 computations in total", but nooo...

o And in other news, a major browser/website-security hole has been reported w.r.to sites which use CloudFlare, which are alas legion.

[Note my initial post incorrectly stated the Cloudflare issue was related to the SHA1 collision one.]
And here's a statement about the effect on Git, Mercurial, etc. from the Mercurial project.

If you're not already being extremely diligent about vetting your project's contributors and contributions, cryptography will provide very little defense.

Another one, by Roger Needham or Butler Lampson (each attributes it to the other) is that anyone who believes that security can be solved by the application of cryptography understands neither security nor cryptography.
xilman is offline   Reply With Quote
Old 2017-02-24, 20:41   #14
danaj
 
"Dana Jacobsen"
Feb 2011
Bangkok, TH

32×101 Posts
Default

Quote:
Originally Posted by CRGreathouse View Post
Very interesting! I was trying to ballpark how much this would cost on EC2 but it's not even clear which instance type to use...
From the paper, they indicate stage 2 uses p2.16xlarge EC2 instances. I haven't gone through math or current prices, but they state about $560k at normal prices or $110k "off-peak".

Stage 1 was a bit over 6500 core-years (~ Xeon E5-2650v3 cores). My numbers come out to about $1M using 3-year contract reserved, or roughly $300k if using optimal spot pricing. Or you could do what the headline reporters are doing and assume that Google will do all this work for you for free or that this part of the solution just drops in your lap.
danaj is offline   Reply With Quote
Old 2017-02-25, 03:56   #15
jwaltos
 
jwaltos's Avatar
 
Apr 2012
Gracie on alert.

19616 Posts
Default

Quote:
Originally Posted by xilman View Post
Another one, by Roger Needham or Butler Lampson (each attributes it to the other) is that anyone who believes that security can be solved by the application of cryptography understands neither security nor cryptography.
lol
jwaltos is offline   Reply With Quote
Old 2017-02-26, 01:16   #16
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

22×3×7×139 Posts
Default

More on the CloudFlare fubar:

Everything You Need To Know About Cloudbleed, The Latest Internet Security Disaster | Gizmodo Australia

Long story short: '==' in place of '>=' ==> buffer-overrun data-spewage badness. I pity the poor swdev-schlemiel who wrote that single wrong character, hard to say who is more at fault, the coder who committed said mistake or the folks whose QA-test infrastructure failed to catch such catastrophic data-leakage.
ewmayer is offline   Reply With Quote
Old 2017-02-26, 01:27   #17
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

189E16 Posts
Default

Quote:
Originally Posted by ewmayer View Post
Long story short: '==' in place of '>=' ==> buffer-overrun data-spewage badness.
Technically, yes. But we also have to blame the basic design strategy. Having all that sensitive data available in the clear without sanitisation after using it is a bad design strategy. Allowing the system to be so fragile that just a single comparison can make it fail is a bad design strategy. Not separating the memory regions between tasks is a bad design strategy.

I'm sure it was all done to save costs to enrich the CEOs bank account. But short-cuts lead to long delays. [RIP JRRT]
retina is online now   Reply With Quote
Old 2017-03-07, 23:19   #18
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

2D9C16 Posts
Default

Vault 7: CIA Hacking Tools Revealed | Wikileaks
Quote:
Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named “Vault 7” by WikiLeaks, it is the largest ever publication of confidential documents on the agency.

The first full part of the series, “Year Zero”, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.

Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

“Year Zero” introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of “zero day” weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones.

Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force — its own substantial fleet of hackers. The agency’s hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA’s hacking capacities.

By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware. Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its “own NSA” with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.

In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.

Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.
The NYT piece on the story predictably has a top reader comment which blames everything on the Evil Rooskies, and said article arguably buries the most important point deep down in paragraph 15:

“Another program described in the documents, named Umbrage, is a voluminous library of cyberattack techniques that the C.I.A. has collected from malware produced by other countries, including Russia. According to the WikiLeaks release, the large number of techniques allows the C.I.A. to mask the origin of some of its cyberattacks and confuse forensic investigators.”

Last fiddled with by ewmayer on 2017-03-12 at 04:14 Reason: sad -> said
ewmayer is offline   Reply With Quote
Old 2017-03-08, 00:57   #19
bgbeuning
 
Dec 2014

3·5·17 Posts
Default

Quote:
Originally Posted by ewmayer View Post
Flaw in Intel chips could make malware attacks more potent | Ars Technica

Specific side-channel exploit that was demoed used the Haswell branch predictor.
ASLR slows down buffer overflow attacks where hackers load code on the stack and then the function return jumps to the hacker code. New CPU have a memory management unit (MMU) bit that makes data pages non-executable (hardware calls it NX bit, Windows calls it DEP) and helps to block buffer overflow attacks by making thread stacks read-writable but non-executable pages. Older MMU only had read-only vs. read-write page protection.
bgbeuning is offline   Reply With Quote
Old 2017-03-23, 13:23   #20
Nick
 
Nick's Avatar
 
Dec 2012
The Netherlands

33418 Posts
Default

For anyone interested in lattice-based crypto, the slides of the Spring School at the Oxford Maths Institute are now publicly available:
https://www.maths.ox.ac.uk/groups/cr...d-cryptography
(scroll down to "Programme")
Nick is offline   Reply With Quote
Old 2017-05-17, 00:47   #21
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

22·3·7·139 Posts
Default

Apologies if this has been previously linked elsewhere on the forum:

A kilobit hidden SNFS discrete logarithm computation | Joshua Fried and Pierrick Gaudry and Nadia Heninger and Emmanuel Thomé
Quote:
Abstract: We perform a special number field sieve discrete logarithm computation in a 1024-bit prime field. To our knowledge, this is the first kilobit-sized discrete logarithm computation ever reported for prime fields. This computation took a little over two months of calendar time on an academic cluster using the open-source CADO-NFS software.

Our chosen prime $p$ looks random, and $p-1$ has a 160-bit prime factor, in line with recommended parameters for the Digital Signature Algorithm. However, our $p$ has been trapdoored in such a way that the special number field sieve can be used to compute discrete logarithms in $\mathbb{F}_p^*$, yet detecting that $p$ has this trapdoor seems out of reach. Twenty-five years ago, there was considerable controversy around the possibility of backdoored parameters for DSA. Our computations show that trapdoored primes are entirely feasible with current computing technology. We also describe special number field sieve discrete log computations carried out for multiple weak primes found in use in the wild.
ewmayer is offline   Reply With Quote
Old 2017-05-18, 05:29   #22
Dubslow
Basketry That Evening!
 
Dubslow's Avatar
 
"Bunslow the Bold"
Jun 2011
40<A<43 -89<O<-88

3·29·83 Posts
Default

Quote:
We also describe special number field sieve discrete log computations carried out for multiple weak primes found in use in the wild.
Yikes. Confirming that backdooring is possible is just as bad too.
Dubslow is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
ElGamal crypto without prime ElChapo Math 9 2017-06-10 03:26
SHA-1 Crypto Hash weakened plandon Lounge 0 2009-06-16 13:55
The news giveth, the news taketh away... NBtarheel_33 Hardware 17 2009-05-04 15:52
Crypto 2007 R.D. Silverman Lounge 2 2007-08-08 20:24
crypto game MrHappy Lounge 0 2005-01-19 16:27

All times are UTC. The time now is 10:03.


Tue Dec 7 10:03:09 UTC 2021 up 137 days, 4:32, 0 users, load averages: 2.10, 1.52, 1.44

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.