Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 22 Jul 2014, 05:36
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Surreptitiously Tampering with Computer Chips
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [9 Posts]  
Author Message
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 10926
Location: Arizona USA

PostPosted: Fri 18 Oct 2013, 22:15    Post subject:  Surreptitiously Tampering with Computer Chips
Subject description: Pwned by the NSA
 

https://www.schneier.com/crypto-gram-1310.html#15
https://plus.google.com/117091380454742934025/posts/SDcoemc9V3J /dev/random does not use Intel's RDRAND instruction.
http://cm.bell-labs.com/who/ken/trust.html You can't trust code you didn't write? Say it isn't so!
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Sat 19 Oct 2013, 03:11    Post subject:  

Flash thanks for letting us know.

It shows how utterly careful one have to be
if one have something to hide. Fortunately
I only have such secrets as being a total noob
and very naive and too talkative and verbose
but that is only a secret to me and obvious to
everybody else. Still integrity is important due to
the identity theft allowing people to buy things
in your name if they know enough about you.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
RetroTechGuy


Joined: 15 Dec 2009
Posts: 2666
Location: USA

PostPosted: Sun 20 Oct 2013, 15:23    Post subject: Re: Surreptitiously Tampering with Computer Chips
Subject description: Pwned by the NSA
 

Flash wrote:
https://www.schneier.com/crypto-gram-1310.html#15
https://plus.google.com/117091380454742934025/posts/SDcoemc9V3J /dev/random does not use Intel's RDRAND instruction.
http://cm.bell-labs.com/who/ken/trust.html You can't trust code you didn't write? Say it isn't so!


But, would this hardware tampering "break" software driven PRNGs? (e.g. Schneier's Yarrow).

_________________
Add swapfile
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 10926
Location: Arizona USA

PostPosted: Sun 20 Oct 2013, 21:25    Post subject:  

I don't think so. I can see that it would be extremely time-consuming to determine just how "random" the numbers generated by a RNG really are. So anyone using a RNG just assumes the numbers are truly "random." But if the NSA know that an encryption program uses "random" numbers that are far less random than everyone assumes, it may make their job of breaking the encryption easier. Of course, it would make any snoop's job easier, and it would impact algorithms that have nothing to do with encryption or security but depend on the random number generator.
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3399
Location: West Lothian, Scotland, UK

PostPosted: Mon 21 Oct 2013, 03:56    Post subject:  

QUOTE...
From 3rd link in 1st post:
"The act of breaking into a computer system has to have the same social stigma as breaking into a neighbor's house.
It should not matter that the neighbor's door is unlocked.
"
It's my understanding that...
Under English and Scottish law...
You do not [cannot be accused of] breaking into an UNLOCKED premises/house.
e.g. If a stranger walks into to your unlocked house.
You can ask them to leave, and they MUST leave when asked, or...
You can use minimum force [and escalate if necessary] to get them out.
But they have committed no offense by entering.

Is it the same with computers?
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 10926
Location: Arizona USA

PostPosted: Mon 21 Oct 2013, 09:13    Post subject:  

I don't know anything about English or Scottish law, but if you can't be accused of breaking and entering an unlocked house, surely you can be accused of trespassing. Any cop can find a law to suit the occasion.
Back to top
View user's profile Send private message 
Jasper


Joined: 25 Apr 2010
Posts: 1087
Location: England

PostPosted: Mon 21 Oct 2013, 09:50    Post subject:  

Unchecked, from memory of exams well over 50 years ago - under English law "trespass" is a tort (of which the simple definition is "a civil wrong other than breach of contract", but it's far from simple).
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3399
Location: West Lothian, Scotland, UK

PostPosted: Mon 21 Oct 2013, 15:42    Post subject:  

Trespass Scottish
QUOTE:
"Section 3 of the Act makes it an offence for any person to lodge in any premises, or occupy or encamp on any land, being private property, without the consent of the owner or legal occupier. While the the use of the words lodge, occupy and encamp could be taken to imply a degree of permanency on the part of the trespasser, their scope could possibly be construed to apply to loitering by a determined lawyer if one did anything other than access, or cross over such property for example."

This is a whole different ball game from simply entering/accessing without breaking in, or tampering with a lock, or using something other than the "true key".
Back to top
View user's profile Send private message 
RetroTechGuy


Joined: 15 Dec 2009
Posts: 2666
Location: USA

PostPosted: Mon 21 Oct 2013, 16:12    Post subject:  

Flash wrote:
I don't think so.


That's what I thought. If you rely on hardware encoding, you have a hardware "password" that can be cracked. If you rely entirely on software, that can be customized for every use (generate their own random number/keyring).

Depending on implementation, that may not prevent a targeted attack against an individual, but it would limit the ability to perform widespread snooping.

Quote:
I can see that it would be extremely time-consuming to determine just how "random" the numbers generated by a RNG really are. So anyone using a RNG just assumes the numbers are truly "random." But if the NSA know that an encryption program uses "random" numbers that are far less random than everyone assumes, it may make their job of breaking the encryption easier. Of course, it would make any snoop's job easier, and it would impact algorithms that have nothing to do with encryption or security but depend on the random number generator.


Well, they numbers have to be pseudorandom, otherwise you can't ever reproduce the string. A true random "seed" is a good idea.

Schneier knows enough to avoid the main pitfalls -- that's how he broke the MS "secure server" that they touted as unbreakable. He broke their old/dated PRNG, which allowed him rapid access.

"Why Cryptography Is Harder Than It Looks"

https://www.schneier.com/essay-037.html

_________________
Add swapfile
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [9 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0849s ][ Queries: 11 (0.0247s) ][ GZIP on ]