Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 25 Oct 2014, 04:07
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Surreptitiously Tampering with Computer Chips
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count  
Author Message
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11121
Location: Arizona USA

PostPosted: Fri 18 Oct 2013, 22:15    Post_subject:  Surreptitiously Tampering with Computer Chips
Sub_title: Pwned by the NSA
 

https://www.schneier.com/crypto-gram-1310.html#15
https://plus.google.com/117091380454742934025/posts/SDcoemc9V3J /dev/random does not use Intel's RDRAND instruction.
http://cm.bell-labs.com/who/ken/trust.html You can't trust code you didn't write? Say it isn't so!
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Sat 19 Oct 2013, 03:11    Post_subject:  

Flash thanks for letting us know.

It shows how utterly careful one have to be
if one have something to hide. Fortunately
I only have such secrets as being a total noob
and very naive and too talkative and verbose
but that is only a secret to me and obvious to
everybody else. Still integrity is important due to
the identity theft allowing people to buy things
in your name if they know enough about you.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
RetroTechGuy


Joined: 15 Dec 2009
Posts: 2668
Location: USA

PostPosted: Sun 20 Oct 2013, 15:23    Post_subject: Re: Surreptitiously Tampering with Computer Chips
Sub_title: Pwned by the NSA
 

Flash wrote:
https://www.schneier.com/crypto-gram-1310.html#15
https://plus.google.com/117091380454742934025/posts/SDcoemc9V3J /dev/random does not use Intel's RDRAND instruction.
http://cm.bell-labs.com/who/ken/trust.html You can't trust code you didn't write? Say it isn't so!


But, would this hardware tampering "break" software driven PRNGs? (e.g. Schneier's Yarrow).

_________________
Add swapfile
Back to top
View user's profile Send_private_message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11121
Location: Arizona USA

PostPosted: Sun 20 Oct 2013, 21:25    Post_subject:  

I don't think so. I can see that it would be extremely time-consuming to determine just how "random" the numbers generated by a RNG really are. So anyone using a RNG just assumes the numbers are truly "random." But if the NSA know that an encryption program uses "random" numbers that are far less random than everyone assumes, it may make their job of breaking the encryption easier. Of course, it would make any snoop's job easier, and it would impact algorithms that have nothing to do with encryption or security but depend on the random number generator.
Back to top
View user's profile Send_private_message 
Sylvander

Joined: 15 Dec 2008
Posts: 3462
Location: West Lothian, Scotland, UK

PostPosted: Mon 21 Oct 2013, 03:56    Post_subject:  

QUOTE...
From 3rd link in 1st post:
"The act of breaking into a computer system has to have the same social stigma as breaking into a neighbor's house.
It should not matter that the neighbor's door is unlocked.
"
It's my understanding that...
Under English and Scottish law...
You do not [cannot be accused of] breaking into an UNLOCKED premises/house.
e.g. If a stranger walks into to your unlocked house.
You can ask them to leave, and they MUST leave when asked, or...
You can use minimum force [and escalate if necessary] to get them out.
But they have committed no offense by entering.

Is it the same with computers?
Back to top
View user's profile Send_private_message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11121
Location: Arizona USA

PostPosted: Mon 21 Oct 2013, 09:13    Post_subject:  

I don't know anything about English or Scottish law, but if you can't be accused of breaking and entering an unlocked house, surely you can be accused of trespassing. Any cop can find a law to suit the occasion.
Back to top
View user's profile Send_private_message 
Jasper


Joined: 25 Apr 2010
Posts: 1144
Location: England

PostPosted: Mon 21 Oct 2013, 09:50    Post_subject:  

Unchecked, from memory of exams well over 50 years ago - under English law "trespass" is a tort (of which the simple definition is "a civil wrong other than breach of contract", but it's far from simple).
Back to top
View user's profile Send_private_message 
Sylvander

Joined: 15 Dec 2008
Posts: 3462
Location: West Lothian, Scotland, UK

PostPosted: Mon 21 Oct 2013, 15:42    Post_subject:  

Trespass Scottish
QUOTE:
"Section 3 of the Act makes it an offence for any person to lodge in any premises, or occupy or encamp on any land, being private property, without the consent of the owner or legal occupier. While the the use of the words lodge, occupy and encamp could be taken to imply a degree of permanency on the part of the trespasser, their scope could possibly be construed to apply to loitering by a determined lawyer if one did anything other than access, or cross over such property for example."

This is a whole different ball game from simply entering/accessing without breaking in, or tampering with a lock, or using something other than the "true key".
Back to top
View user's profile Send_private_message 
RetroTechGuy


Joined: 15 Dec 2009
Posts: 2668
Location: USA

PostPosted: Mon 21 Oct 2013, 16:12    Post_subject:  

Flash wrote:
I don't think so.


That's what I thought. If you rely on hardware encoding, you have a hardware "password" that can be cracked. If you rely entirely on software, that can be customized for every use (generate their own random number/keyring).

Depending on implementation, that may not prevent a targeted attack against an individual, but it would limit the ability to perform widespread snooping.

Quote:
I can see that it would be extremely time-consuming to determine just how "random" the numbers generated by a RNG really are. So anyone using a RNG just assumes the numbers are truly "random." But if the NSA know that an encryption program uses "random" numbers that are far less random than everyone assumes, it may make their job of breaking the encryption easier. Of course, it would make any snoop's job easier, and it would impact algorithms that have nothing to do with encryption or security but depend on the random number generator.


Well, they numbers have to be pseudorandom, otherwise you can't ever reproduce the string. A true random "seed" is a good idea.

Schneier knows enough to avoid the main pitfalls -- that's how he broke the MS "secure server" that they touted as unbreakable. He broke their old/dated PRNG, which allowed him rapid access.

"Why Cryptography Is Harder Than It Looks"

https://www.schneier.com/essay-037.html

_________________
Add swapfile
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0912s ][ Queries: 11 (0.0302s) ][ GZIP on ]