56 posts • joined 3 Mar 2011
I think it is worth pointing out that while 2.x does include blinding schemes to avoid side channel leakage, as of http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000337.html so does gpg 1.4.16, which was added following private contact by one of the researchers.
As for those wondering why it was left out, previously local LAN attacks allowed sidechannel leakage to exploit this but there was no other vector known until this paper. However gpg 1.x isn't designed for such purposes therefore it was left out. Doesn't mean someone did not deploy it incorrectly, but gpg has always been rather conservative.
Re: Pipe(lined?) dream
FGPA or ASIC hardware seems to be the best bet.
Re: Still a problem for non-techies
1) A perfect one-time pad gives perfect and unbreakable security.
2) Key sizes are ridiculously short for no reason. They should be in MB, not KB for anything important
3) PKI is badly broken, Key sizes are too small, algorithms are suspect, there are no trustworthy CAs, etc, etc.
4) The weakest link in even well designed systems is the entropy source used for the generation of keys, nonces, salts, etc. </blockquote>
1. OTP is the only perfect security. However, key management is an unsolvable problem as of yet. Once I've exhausted the one terabit key file I sent you, we need to re-exchange again, with no efficient way other than trusted courier. Furthermore, the benefit of asymmetric encryption is that I don't need to know you before hand: All I need to have is your public key. However, OTP (and any other pure symmetric encryption process) all fail the bootstrapping problem with respect to trust and key exchange. With respect to other symmetric options, we would need to exchange a password before we could ever communicate electronically.
2. MB (or Mb) sized keys would be ridiculously inefficient, and provide no improved security over the standard 256 bits of security we want now. Focusing first on asymmetric encryption: RSA's security to efficiency ratio peaks at 3072 bit key size, which is ~115 bits of security. After that, the gains are minimal compared to the massive increase in the size of the key. Elliptic curve cryptography is the next stop, with a much cleaner conversions between asymmetric key size and symmetric key security, 512 bit ECC = 256 bit symmetric.
SInce encryption strength is typically evaluated in terms of symmetric keys, we can now assume that all complexities are functions of symmetric bit size. Now we get into physical limits of the universe, and something called Landauer's principle (this is an excellent overview of the details: http://security.stackexchange.com/questions/6141/amount-of-simple-operations-that-is-safely-out-of-reach-for-all-humanity). Basically though, it states that 128 bits of security will be broken in 2040, which practically translates into 2050 being the year your key is broken, given that we consume the entire planet's energy resources, which was consumed in a decade, starting in 2040. There's some unrealistic assumptions in there that make this an unrealistic best guess with respect to the timeframe.
Now, the other concern to this is that there is an efficient algorithmic break that drastically reduces the key space to evaluate. Of course, if this is true, then any size key using the same algorithm, will be susceptible, and thus no gain.
4. Technically, salts do not need to be random, or even unique. They just are appended to existing passphrasses avoid rainbow table cracking. These are no longer an acceptable practice, thanks to GPU hashing. Much better would be to utilise something like bcrypt, scrypt or PBKDF2, which are not designed to be computationally cheap. That said, I agree that entropy is a failure point, and we need multiple independent sources, mixed together, to counteract suspicions like those about Intel's chip flaws.
He ended up in America, playing Gregory House. Also did "A bit of 'fry and laurie'" I believe.
Re: Tells us more
What you're largely referring to is clincal psychology, a field that doesn't have any claim to science, and which has a pretty active history of ignoring glaring flaws in favour of their ad hoc 'expertise'. Look up the 1954 book by Paul Meehl, or the 2000 meta-analysis which confirms that. Unlike the rest of the field, clinical psychology hasn't really moved on beyond Freud
<quote>"Associations were examined using χ2 tests of independence with φ and Cramer's V as effect size measures and eta or Pearson's correlation. Group differences were tested using analysis of covariance, with partial η2 as effect size measure. A priori contrasts were tested using α = 0.01 to correct for multiple testing; for all other tests we used α = 0.05, two tailed."</quote>
Effect size measures are the expected differences you would find, given the p values expressed. In other words, it's a projected value of what the 'effect' of the difference would be. Phi and Cramer's V are correlations between nominal/categorical values, since pearon's correlations doesn't work for things like categorical crosstabs. Without getting the paper, they did something like numbers of males/femals who have/haven't been admitted to a psychiatric ward, or any other form of group membership. ANCOVA(analysis of covariance) is just t tables for multiple groups, with some expected differences controlled for (removed). For example, there may be systemic differences between different genders at two different college campuses, and I want to pose the question: do women graduate more often then men do, regardless of family income levels. You control for SES (previously measured) and find out if there are still differences, or if the gender differences are actually the result of SES differences.
The alpha level choice is a bit weird, because the language seems to indicate that they chose it regardless of the tests they ran, but it would have been much easier to use either the Bonferroni or Sidak methods of correcting. Essentially, when you do multiple group testing, you can accidentally deflate the p values, and receive significant differences where non exist.
Two tailed just means they looked at confidence intervals around the top and bottom of the distribution, rather than assigning the CI to one side or the other; standard practice, since the distribution is assumed to be gaussian. Oh, and the partial bit just means the correlations after controlling for differences.
/research psychologist, although one who doesn't find this area of research to be anything useful.
Re: What do they know?
You would need 1024 qubits to factor a 2**1024 coprime integer. I thought D-Wave was only a handful. If there was a security compromise do you really think d wave would still be on business to anyone other than the NSA?
K-9 and APG to provide gpg signing and encryption
Textsecure for encrypted texting records and messaging, although why doctors need to discuss patients over texting is not something I understand.
Gibberbot for jabber/gmail encrypted chat comms.
Redphone for voice.
And android built in encryption. I'm not going to claim android is better than IOS for full disk encryption, but if that's your threat model the game is already over, because you shouldn't have copies of secured docs sitting on your phone.
Re: Was excited because I misread the headline...
Thats the lawyer gom jabbor test. If they file the patent for the device, they fail the self preservation test.
Actually, would filing it prevent cheap knock offs, actually reducing the supply available to the public?
Re: The point is not always to kill
Robocop actually has a heavily modified Beretta 93R (with a 50 round clip :P). The character played by Kurtwood Smith though had numerous versions of the Desert Eagle.
From my interpretation of this, as well as another colleague's, this is really a problem with not having proper public key pinning. This isn't limited to Android, it's just that the researchers chose to focus on Android.
sudo apt-get remove unity-lens-shopping. Sorted, though I haven't decided to take the plunge to Ubuntu 12.10
Re: In other news
Please, that's nothing. Oxygem is no addictive that going cold turkey kills you in minutes.
Re: re. multiple user profiles
You know, the average bodice ripper has the equivalent of a us 3rd grade reading level of difficulty.So actually, the profile is more accurate than you'd think.
Look up social proof and the woether effect (aka copycat suicide). I'm not advocating censorship, but there is a huge correlation between media coverage and suicide rate upticks. In the context of social proof, people identify with other people and are then more likely to copy their behaviour (no shit right?). Anyway, what group is more likely to be identified with than the PR managed image of celebrities, who are designed to resonate with target demos. One offs themselves and a huge chain of fans follow. This deserves better, but I'm typing on a phone, so I'll call it an end. Again, not calling for censorship, but a little less media sensationalism.
I find it a drop in replacement, ymmv. Better choice would be dualboot and just mount the ntfs partition and run everything. Worse case you have to delete the partition afterwards.
Hulu already implemented this exact premise with that DS puzzle game, Dr something or other. There was an interactive ad where you had to finish the maze in x seconds or wait 30 or 45 seconds for it to finish.
Observations instead of data?
Since when are observations not data then? If "data" needs to be replaced, then you're not observing the right data.
Re: They're shite.
The reminds me of an economics study published back in the spring. It looked at the Oprah Book Club sales and found some interesting conclusions. First and foremost, significantly less books were sold because of Oprah. It turns out that those who watch Oprah read at an average level of 3rd grade, coincidentally what the craze of bodice rippers have been for the last forever or so. It also turned out that the Oprah books were significantly longer than the usual tripe and three grade levels harder (6th). So what they ended up with was longer and harder (COMPARATIVELY mind you. I agree 6th grade reading isn't exactly something worth breaking out the OED over) books that consequently meant less books were read. Worth a read,
Paris....well because the parent's comments on boring sex and thin are fitting.
Misread that as French, not foreign. That was no hell of a double take.
Re: May be a dumb question but
The amount of security you gain by increasing the key size decreases rather quickly, especially when performance is factored in. Or at least that's the traditional model/assumption. There was an interesting thread on the openGPG mailing list last month, subject ="Some people say longer keys are silly. I think they should be supported by gpg."
The OP was a nut, but it did result in some useful chatter. The main issue though is that under powered(mobile) hardware can't handle huge keysizes without creating an equally huge latency. That said, I run 4096 RSA keys on my phone without an depreciable lag, but many of the older OpenGPG members disagree.
However, NSA current guidelines establish that once you go beyond 4096 bit security (actually I think it's 3072 bit) a better option is to switch to Elliptic Curve Crypto. That is far more efficient in terms of size. Normally security is scaled in X bits of symmetric cipher, and ECC 512 bit is = to 256 bit security; ECC-256 is 128 bit security. On the other hand, RSA 4096 is somewhat like 142 bits. Doubling that to RSA 8192 only ups the security to 194 bits. That's a huge increase in keysize (overhead) for very little security. So it's half that nobody will ever need more than 64 kb of ram, and the rest is that you cannot predict a break in a cipher system that means your security is not worthwhile, and the lag you introduced may present timing attacks, and useless overhead.
Something like TWIRL cuts off 11 bits of security off of anything involving number factoring, and obviously quantum computers would shred through any RSA cipher.
Re: Don't panic!
Thank you, saved me a rant. However, symmetric key sizes are effectively halved, so that 2**256 retains the effective strength of 2**128. Also, ECC is vulnerable to an adapted version of shor's algorithm. There are several QC secure algorithms, with homomorphic encryption being first off my mind.
Re: Flying pigs next?
Hey, Swine Flu
What with all this talk of ladies and miss's hands, I shan't think this is a geek website anymore. Now, back to your basements! The DM is getting lonely.
Eh, so anyone try to figure out whose satellites it's going to smack into? It's 16,000 miles out from the center of the earth. I declare Mardi Gras all week just in case it hits something important, like a black budget viral storage lab that lands earth side a la Andromeda Strain.
Couple of things
There is, admittedly, a smidge of alcohol behind this overview, but anyway:
1. Yes,the percentages make no sense whatsoever.
2. I desperately wish to look at the indivudual data for the latency between discovery of phone and access attempt. x_bar=10.2 but the median is 59 minutes? Who waited forever? Stnd. deviation would be far more useful.
3. Point number two leads into this one: the data supposedly dropped off for all but a few after seven days.....which smartphone lasted for 7 freakin days? Seriously. I can get maybe 20 hours if I'm good on my phone. I guess they could have installed extended batteries, but still. 7 days with continuous or near continuous gps fixes?
4. Again, on that note, did any of the phones die before being accessed? At least two of them disappeared completely. Another 5% (again with the weird percentages) were moved but not accessed.
Wouldn't a more interesting study be leaving 50 phones with some sort of pin code enabled, and then look at people do with those. After all, what IT policy would allow a phone to not be secured and encrypted. Look at how many people are actually interested in getting into these devices when the bar is set a little higher. As opposed to empiracle evidence that human curiousity is a bad thing for secrets. Pandora's Box, Garden of Eden parables anyone?
Interesting though, the project head's original research was in looking at the same concept, dealing with usb sticks. Stuxnet anyone? Or the blinkin obvious.
Heyhey! Maybe the annoying percentages are due to the fact that 47 devices were reported upon in some cases, not 50. No, guess not.
And what is this about "Note that on most smartphones, there is not an easily accessible file system as there is on personal computers. So, document type files less commonly appear on the home screens of most smartphones. Therefore, the majority of the icons on the devices leveraged for this study represented apps that initiate a program on the device"
Each version of android I've played with has had a file manager, and it's not like it's difficult to access adobe and have it pull up accessed files. Who honestly thinks someone keeps HR-UBERSECRET.pdf on their homescreen.
Recommendations: Do not lose your phone....NO SHIT Sherlock.
Salting is good, but where would you keep the salt? Either it would be encrypted on the phone (and thus either having the decryption key on the phone, or the person keys it in which would make it easier to just have a longer password.) A network connection is tricky because losing a connection leaves you out, plus it's rather roundabout. And you're screwed if the server dies.
Thank God we still have homosexuality on the books too. Wouldn't want those queers feeling normal. Why can't they handle the truth too.
Course, I'm still waiting for when the pedophiles march into the schools like the pied piper because we let the gays marry. Seems like MAYBE just because something is illegal doesn't necessarily imply it's immoral.
Apparently there's more than we thought!
Clearly a (E)UNIX guy.
For those on the right side of the pond's persuasion I apologize.
I can proudly (alright somewhat proudly) say that I prefer listening to nyan cat more than I prefer listening to several other types of music, especially those that refer to tractors and god with equal importance and frequency. I don't care how religious you are, or how proud you are of your damn green tractor. NO ONE thinks it is sexy.
/rant from years of pent up childhood misery
As for the title of the post, I've warned you. There be mental demons there, and Tim the Enchanter help me if you look.
What 9 letter word?
You can't mean a can opener. That's two words.
What are you on about?
Looks like I'm out of a job
Anyone looking to employ an ex USG scientist who's working on a space probe destroying radar system?
I think you'll find it's closer to 9% than 15%. 10% percent at the outside. I'd link to wikipedia but people keep telling me there is something wrong with the internet when I do.
Technically, the Israelis designed that weapons system. Point taken though.
The key word there is reduce. Your response is the equivalent of saying "I'm going to reduce my caloric intake," and then never eating again.
You send us to Revelations for clarification AND information? For shame. Next you'll send us to baptists for advice on breweries.
How is it supposed to be entertaining? It can't even pr0.....I mean flash video.
Must have been an interesting night.
scene: Mark Shuttleworth comes to the office late one night. Knocks on Assay's door and enters.
S: Mark! I've got some gre.........................MATT, WHAT THE HELL ARE YOU DOING WITH ONE OF THOSE.
A: Oh, ummm. ahhh..........market.......research?
S: You're not USING IT, are you?
scene fades, while it takes Richard Stallman time to travel to Canonical to take part in The Shunning Ritual.
On a side note: Has there been a single article written about Steve Jobs that did not directly quote, or at least reference, his Stanford speach?
Is that what it said? Retroactive continuity! They make it much clearer now.
Not a new word but technically the term is cracking, but we rarely make that distinction these days. As for the level of skill involved (or lack thereof)? An exploit is an exploit. If everyone actually used perfect password security, rainbow tables and dictionary attacks would be useless, and nothing would ever be compromised without a zero day exploit gone unpatched......in theory.
How else do you think people used to advance in leaps and bounds if not for people having not yet invented gravity?
That's what she said
Not to be morbid or anything, but how long have you had this one ready?
And more importantly, can I proof the copies of Linus' and Bill's? Or even Ballmer's?!
Edited for being rejected:Seriously, it's perfectly acceptable to have had this written in advance, considering his health complications, you wouldn't be performing due diligence if you didn't. Doesn't mean I can't poke the angry bear from time to time. I would still love to have Ballmer's reg edited biopic though.
Just installed no script again, after leaving it for some arbitrary reason I've long forgotten. Firefox literally flies. (and useless exposition is a joy)
So as long as it doesn't sound threatening, it can't be used to track you? By that logic, the Manhattan Project was somehow about Manhattan. Urban renewals or something I guess.
Would Al Gore saying, "the new iphone is amazing" have sparked an article claiming that apple was only going to make one, and that it must cost $100 billion to cover R&D, advertising, and maintain APPL profits?
Seriously, they must intend to make more than one iphone.
"The new DROID 2s are amazing!!!!!!!!!!!"
If it helps, the chicken is supposed to be vertical, with the beak facing down in that picture. Essentially go get a laptop, bring the image up, and turn it to the right. Or rotate the screen if you want to be difficult. Dunno what kind of LSD these people were on to get this right off.
>since individual malware vendors will be tweaking the software for their own handsets when they >are ready.
Nice. You almost don't notice it. Probably cause it feels right.
Whenever I watched it, it looked like he moved out of the way. How he moved out from a laser's path I was never sure about. I just assumed han solo was a ninja as well.
Tried this once
3 years ago. Ended up with a gigantic Bayesian tree with only a hundred or so diseases simply because you don't always present with the same symptoms, which screwed over our false negative rate for a lot of the early work. Also why we got rid of psych disorders, too many possibilities to code for without more research than a idle side project could be afforded. Great fun while it lasted though. Wonder what the false positive rate will be when compared to doctors before Med tests are administered.