Posts by JeffyPoooh

Re: I know a few people who put in their orders.

"A plane might be a better option..."

The crossover point, considering door-to-door, is actually about a 6-hour drive.

There have been quite a few tests, demonstrations, races, etc. to document this finding.

YMMV, and there's a distribution of variation on this rough figure. Smaller airports at each end might be faster than huge huge airports. Taxi cab saves time compared to rental. Many variables.

And of course, if you're using an electric car, forget it. Unless there are optimally-located fast chargers along the route. Charging time makes six into five.

Re: Bizarre

xj650t "...around 100... ...200+... ...making longer journeys a realistic possibility."

I'm not sure I follow...

Are you claiming that longer range equates to "the possibility" of longer journeys?

That claim seems astounding. I never realized that 200+ was greater than 100.

;-)

Re: This:

cornz1 has a point.

If you live in a highly-polluted city, then don't blame the modern petrol/gasoline burning cars. Their exhaust can easily be cleaner than ambient. Which kinda proves they're not to blame; they're helping, leave 'em running overnight.

Hardly anyone seems to be aware that the auto industry, with mandates from enlightened governments, has made vast progress since the 1970s. It's really unfair. The media shares the blame. Their reporters talk about 'cars' causing air pollution, and then they show a close up of a heavy diesel exhaust, probably an old DetroitDiesel 2-stroke diesel powered bus. It's very misleading, leading to demands for the wrong policies.

Cynic_999 "...60 years...."

You're falling into the same mental trap. 60 years is a time scale that indicates that you're thinking about keys, key length, brute forcing, etc.

The actual time scale is as follows: from introduction, weeks or months until someone is interested or motivated; then just days or weeks until they find the weakness or attack; then minutes or hours to crack their way into any device in their possession.

Re: Where are all the Noobies now?

@John H Woods

I once wrote "It would be extraordinary that the iPhone 5C just happens to represent the first uncrackable encryption system. So many have claimed that, all have failed so far."

You responded (quoting me) in a manner that indicated your faith in the security, "So far AES256 has resisted attacks fairly well." In the context, it appears that you had faith in the purported security of the device.

I was confident that the iPhone in question could be and would be cracked.

Many posted points that indicated that they believed it was quite secure.

As it turns out, I was right. Others were wrong.

Me being right is hardly worth noting. That others can be so oblivious to the endlessly repeating cycles of history (security claims, later being shown false) is the issue.

As a species, we're losing the ability to invoke healthy skepticism. Perhaps we really are descended from telephone sanitizers and hairdressers (ref. D. Adams).

Cheers.

Re: And now this is the worst

'The History of Cryptography in CCC?'

The CCC presentations are what would be called 'Modern History'. They're often making the history, famously cracking the 'uncrackable'. Several that I've watched included a review of older history for context. Plenty of excellent books on my bookshelf, several feet on this topic (not all read yet).

The repeating patterns in this area are crystal clear:

10: Claims of 'Strong' security.

20: Later shown to be utterly false, daft, naïve, hubris.

30: Vulnerabilities. Side Channels. Clever hardware cracking.

40: NOT brute force of huge keyspace.

50: GOTO 10

This endless loop has played out endless times.

It's happened again just now with this FBI 5C instance. Noobies thought it was secure.

It's just started again at Line 10 with the next generation of iPhones. Noobies post, "Yeah, but the iPhone 6 really is uncrackable." Here we go again... Sigh...

Re: And now this is the worst

SD3: "This was an iPhone 5c and running iOS 8. We wait for someone to do the same hack on iOS9 running on an 6S."

That's pretty lame... 1st gen - cracked. 3G - cracked. 3GS - cracked. 4 - cracked. 4S - cracked. 5 - cracked. 5C - cracked. ... Are you seeing a trend?

As for iOS, look at the list of vulnerabilities being fixed with iOS 9.3. About a dozen. You think that's the last such update? When people keep finding a dozen needles in the haystack every time they walk past, then you can bet that the haystack is laced with ten thousand more needles. Not even including the new ones that they're pouring in the top (new features, fresh vulnerabilities).

Any rational analysis clearly hints that we're at least a decade or more away from anyone actually implementing an actually uncrackable device. It's naïvite and/or hubris to believe otherwise.

Re: A Kick in the Nuts

"...a good secure enclave will self-destruct when it is opened."

That's why they practice on a dozen disposable examples to learn about the booby traps, and learn how to avoid or bypass them. Only after it's down to a repeatable exercise would they put the process into 'production'.

Your use of the word 'opened' leads to muddled thinking. The chip doesn't have a door. How does it know that it's been opened? Don't forget, the power is off. There's a half-dozen techniques, but perhaps only one or two new inventions (at most).

Re: Where are all the Noobies now?

Three Noobs have confessed so far. There's gotta be more than that.

Re: And now this is the worst

@Adam 1

Side Channel attacks don't have to be "SNAFUs". Sometimes they are such blatant design implementation errors (e.g. failing to keep code branches equal clock cycles), but as those are slowly eliminated from newer implementations, there still remains an endless well of subtle design implementation characteristics which can be exploited.

The point here is that even clever and careful designers cannot make an uncrackable device. It'll be decades before the 'Handbook of Side Channel Prevention' is even thought to be complete.

Much of your post is still too focused on key length ("...GDP ...Sun ...hard ...power consumption..."), which COMPLETELY misses the entire point. Nothing in this entire story has anything to do with brute forcing anything. It's a huge mistake to focus on that too-obvious red herring.

Re: Working on Newer Devices?

AC "Seeing videos isn't the same as understanding what goes on in them, though."

The CCC.de Media presentations are made for the purpose of communicating what's going on. They're highly intelligible, except the ones in German...

The advice is directed to those interested, especially anyone that can't yet drag their thought processes away from the key-length; as someone up a bit has done again ("...GDP....Sun...").

"I see Apple suing over this."

Who? Their staff, their designers?

Crypto designers carry too much hubris. The hubris seems to survive even lessons like this one.

Eventually there will exist an ACTUALLY uncrackable device. I expect we're still decades away from that point. Perhaps if the crypto designers were to adjust their confidence/competence ratio below unity, they might learn faster and cut the horizon to only 10-15 years.

Re: Wait for it...

JB77 "...develop and employ stronger encryption."

They didn't 'brute force' anything. They went AROUND the encryption.

Building a taller wall makes no difference when there are other ways in.

Next time maybe it'll take eight weeks, instead of five weeks.

This should be a lesson to all, but apparently some are catching on...

Re: Working on Newer Devices?

Hacking into hardware isn't impossible.

Please browse the educational videos on CCC.de Media.

Conclusion: If someone claims that 'X' is perfectly secure, they're either lying or stupid.

Re: And now this is the worst

BtC "Every government on the planet now knows that iPhones can be hacked, every cracker knows iPhones can be broken into..."

Only the utterly naïve didn't see this coming...

Seriously, did you really think that the iPhone 5C was the very first uncrackable device in history?

Or have you been ignoring The History of Cryptography?

Re: Do as we ask...

"...imply there's an exploitable flaw in your devices..."

There's ALWAYS an exploitable flaw in your device.

ALWAYS.

It'll be decades before the first 'perfectly secure' device *actually* exists.

False claims will continue, but you'd have to be pretty naïve to actually believe it.

Re: authority vs liberty

AC" "...'social justice' warriors as coming from the left, but they are nothing of the sort. They are right wing authoritarians..."

The political spectrum makes much more sense once you zoom out and can see that it's curved into a circle.

The extremist nutters coming from the extreme left and the extremist nutters coming from the extreme right merge and are perfectly indistinguishable on the far side of the circle. They ragingly overlap in the same frothing puddle of angry spittle. Not even a tiny quanta of difference between them.

Through this larger view, revealing the additional axis of moderation-to-extremism, an improved worldview emerges. It's a much more informative model.

Re: The first mistake

"On the Internet, nobody knows you're a..."

'Dog?'

"...bot."

Re: For those with short memories saying just format the drive:

'Lost all faith...' has pointed out a key topic. (More upvotes for Laf please.)

Headline = "Could a flash drive’s firmware be hiding undetectable malware?"

Not the flash memory, but the firmware hidden in the ARM processor that's acting as the USB controller.

It's hopeless.

Handcuff suspect to a chair, aim light into face. Demand, "Are you clean?" Suspect answers, "Yes, I'm squeaky clean." Turn around and yell, "He's okay. He told me that he's clean."

That's exactly how IT Security works these days.

Even A. Turing knew that this wasn't going to end well.