Recent Comments


Note: new comments may take a few minutes to appear on this page.

October 16, 2019 9:19 AM

Bill T. on Supply-Chain Security and Trust:

One of the ironies of Sue Gordon's comment about having to assume a dirty network is that this is effectively an argument for end-to-end encryption and authentication. Obviously, this isn't a panacea (Can you really trust all the components in the endpoint? What about the certificate infrastructure used to secure the communication?), it does at least limit the damage that the network can do.

October 16, 2019 7:20 AM

Bob Paddock on Friday Squid Blogging: Apple Fixes Squid Emoji:

@Jon

Perhaps he was a fan of the 1982 move Blade Runner, where reflections in the eye first came up (to my knowledge), to provide useful information.

October 16, 2019 5:11 AM

A on Will Keccak = SHA-3?:

A huge problem with trading off security for performance is this: computing performance is constantly increasing, and compromising a standard that is intended to be a long-term solution, in the name of current performance standards, is just unacceptable in this day and age.

In 5 years time, running Keccak-512 will be easy as pie, because CPUs and technology will catch up and be able to run things like this. It's idiotic to radically change the recommended parameters just in the name of performance.

Eventually CPUs will come with hashing functions when they become so...

Read More →

October 16, 2019 4:11 AM

Sed Contra on Cracking the Passwords of Early Internet Pioneers:

Your password only has four characters?
I also like to live dangerously.
— Austin Danger Powers

Some password checkers rate things like

1111111111111111 ... lots of 1s

as extremely safe.

October 16, 2019 3:51 AM

Anders on Cracking the Passwords of Early Internet Pioneers:

@John Smith

On what system spaces don't work?

Sorry, on year 2019 i don't know any system, that won't allow
you to use spaces in the password or don't allow to use passwords
at least 15 units long.

October 16, 2019 3:33 AM

Togel Online on TrueCrypt WTF:

JokoTogel merupakan Bandar Togel online dan agen togel terpercaya di Indonesia dengan pasaran Togel Sgp, Sdy, HK.
Official Website: Jokotogel

October 16, 2019 3:27 AM

Travis Peters on Eavesdropping Through a Wall:

NM Laser Products, Inc. has been introducing advancements in laser shutter technology since 1987. The company engineers and manufactures the world’s safest and most reliable electromechanical laser shutters and accessories by meeting the production and integration challenges of OEMs and researchers in a continually growing number of broad and niche markets worldwide.

October 16, 2019 2:00 AM

Gerard van Vooren on Cracking the Passwords of Early Internet Pioneers:

I don't remember my old passwords as well and I got into this when my company started to complain about password policy that annoyed me a lot. Personally I still like the XKCD password scheme of a lot of words but without any special characters and without capitals [1]. I also still have a small book in where I write down passwords. I hate password mangers [2].

[1] https://www.xkcd.com/936/
[2] https://www.xkcd.com/538/

October 16, 2019 12:57 AM

Rodney Van Meter on Factoring 2048-bit Numbers Using 20 Million Qubits:

@Clive excellent question.

The earliest superconducting and quantum dot systems required about a 19" rack full of gear to control each qubit, using very general-purpose AWGs (arbitrary waveform generators, like an oscilloscope or digital signal analyzer in reverse). Nowadays, you can do it with a single FPGA plus a little analog hardware and filtering, about one 1U unit per qubit, and still improving.

October 16, 2019 12:25 AM

Clive Robinson on Cracking the Passwords of Early Internet Pioneers:

@ Tatütata,

"Barclay's Bank"

+1 :-)

For reasons to complicated to relate, I acted as middle man to my sister getting a very large ginger tom I'd named "wart"[1]

He was an odd but very likable cat, he had as far as I know never miowed but did squeak if he was upset, and had a purr so deep it was like a distant earthquake. He weighed in at a little over 18lb or 8.4Kg, but he was not fat. Far from it he was a lean mean fighting machine when it came to the local dogs, even the local child scaring guard dog was petrified by the sight of Wart...

Read More →

October 15, 2019 11:42 PM

Tatütata on Cracking the Passwords of Early Internet Pioneers:

In a perfect world, where everyone coded in PL/I instead of C, buffer overflow attacks might be rare.

If you coded in PL/I on a saurian IBM machine, most of the universe (eg: early scanned photos!) fitted exactly in fixed 80-column wide records (Image processing on card images! Yeah!), so buffer overflow war kein Problem. You would rarely read streams of bytes like you would do in VMS or Unix or MS/DOS or whatever.

In Fortran 66, the most efficient data type for carting text data about was a REAL*8 vector, which you equivalenced to a 1-byte wide type. (Word...

Read More →

October 15, 2019 11:02 PM

Clive Robinson on New Reductor Nation-State Malware Compromises TLS:

@ me,

there is no need to use some complex method like rowhammer, windows gives you the functions to edit memory.

Not with Microsoft[1], but for some other OS's you do.

But the point I was making is that there is no way you can actually stop someone with even limited access escalating their privileges due to failings well below the ISA level in the computing stack, due to hardware failings.

These hardware failings have been around for maybe a third of a century one way or another, and it's realy only recently people have got around to...

Read More →

October 15, 2019 10:59 PM

Tatütata on Cracking the Passwords of Early Internet Pioneers:

As he puts it "She got the house, but I got the cat" with a slightly fierce emphasis on the last half.

I inherited my late mother's cat, which has a number of nicknames (the cat, not my mother). Her "official" one is a very cute name in French I won't betray here. Otherwise, her proportions often inspire me to call her "Botero" or "Barclay's Bank". Sometimes I will designate her "AN/FSO-9000g", as in "ANimal: Feline, Striped, Overweight;...

Read More →

October 15, 2019 10:36 PM

name.withheld.for.obvious.reasons on Cracking the Passwords of Early Internet Pioneers:

One feature to use on a local windows OS is to add extended characters to the password string. Hold the ALT key down and enter the decimal value of the character map from the number pad, then release the ALT key. So hold down ALT, entering 7, and release which is CNTRL G (bell).

October 15, 2019 10:27 PM

Dewauno on TrueCrypt WTF:

Dewauno merupakan situs portal berita indonesia dan internasional yang menyuguhkan informasi-informasi terbaru dan terupdate setiap harinya

Poker Online

October 15, 2019 10:24 PM

Clive Robinson on Cracking the Passwords of Early Internet Pioneers:

@ Tatütata,

And do goldfish have names?

Yes they do ;-)

Sad but true story told to me by Steve Crook, who also gave me my first Unix account which was on a PDP 11-70 (the password I picked was "pawns", which got "shoulder surfed" by one of the Profs, who aluded to it with chess moves even after I changed it[0]).

Apparently his sister moved and gave Steve two goldfish in a tank. Being a thoughtful person he asked his sister what their names were, and was told "puddle glumms" which were some kind of cartoon charecters.

Well Steve...

Read More →

October 15, 2019 9:29 PM

stormwyrm on More Cryptanalysis of Solitaire:

@Lee: That misses the whole point of Solitaire. If you don't have time to read Cryptonomicon and at least reach the part where Randy Waterhouse sits in a Philippine jail cell exchanging secret messages with Enoch Root using the algorithm and a deck of cards (sadly that's near the end of the book), you can read Bruce's own description here, including notes on the motivation for it:

https://www.schneier.com/academic/solitaire/

"...I designed it to allow field agents to communicate securely without having to...

Read More →

October 15, 2019 9:17 PM

Clive Robinson on Factoring 2048-bit Numbers Using 20 Million Qubits:

@ Rodney Van Meter,

Time to pop up to your wheel house and ask a practical question.

A couple of decades ago I used to frequent a select part of UCL where a Quantum Computing group was setting it's self up.

Back then they were talking about getting the support mechanisms for Qbits occupying a little under a square centimetre of real estate.

Obviously time has moved on but the question of just how much real estate 20million Qbits and all their support mechanisms would occupy still remains. So what would be a fair estimate these days?

Are we still...

Read More →

October 15, 2019 9:13 PM

stormwyrm on Cracking the Passwords of Early Internet Pioneers:

Apparently Ken Thompson's old password was much, much better than any of those. It turned out to be "p/q2-q4!". It's a common chess opening in descriptive notation, and it resisted all attempts at cracking until very recently. Thompson contributed to the development of computer chess and that password would have been easy for him to remember. Good one for the author of "Reflections on Trusting Trust".

October 15, 2019 9:09 PM

x2bike4u on Cracking the Passwords of Early Internet Pioneers:

Back in the day, toor was the root password we assigned to our customers’ Unix systems.

There were a couple of DG Nova clones that didn’t use passwords at all, just user ids. Not sure if this was how the DG systems themselves worked.

October 15, 2019 8:21 PM

Clive Robinson on Factoring 2048-bit Numbers Using 20 Million Qubits:

@ Bruce and others,

... so it's possible that public-key cryptography will simply not be possible in the long run. That's not terrible...

Hmmm... I'm not certain on that, it kind of depends on not just your point of view but in which direction you are looking...

There are three directions that are relevant "Past, Present, and Future". I would suggest from your slightly optimistic prognosis it is because you are looking into the "future", which leaves the issues of "past" and "present".

The old saying of "What is past is past", nolonger...

Read More →

October 15, 2019 8:21 PM

John Smith on Cracking the Passwords of Early Internet Pioneers:

from Anders:

"My advice - use sentences with spaces between the words for the password"

My experience has been that spaces in passwords will prevent remote logins on some systems - a local login at a machine will work, but a login from across the local network to that some machine won't.

Confirm it works locally and remotely before relying on it.

October 15, 2019 7:47 PM

shelby on Cracking the Passwords of Early Internet Pioneers:

Dave Aronson, "axolotl" could also be a reference to the axolotl tanks from the 1969 science-fiction novel "Dune Messiah", which are used to clone human beings.

October 15, 2019 7:01 PM

Jon on Friday Squid Blogging: Apple Fixes Squid Emoji:

Waittaminute here. Isn't the only evidence that the stalker found her "by looking at reflections in her eyes" the statement of the stalker himself?

And "predicted her actual apartment by sun angle"?

What's more likely, that, or that he just spotted her on the street a few times, followed her around, broke into her building, &c, things he would rather not admit because he's not an ordinary stalker but a l33t h4x0r?

Really, guys. Here's a dose o' salt for you.

Jon

October 15, 2019 6:02 PM

Anon Y. Mouse on Cracking the Passwords of Early Internet Pioneers:

@Anders

It's even worse than that. When passwords are *required* to have
at least one character from a small set -- i.e., digits, punctuation --
then the number of allowable passwords is greatly reduced, even when
you account for the possibility there is more than one character from
the special set. Additional requirements -- such as a punctuation
character *and* a digit -- further reduce the number of potential
passwords.

October 15, 2019 5:43 PM

Chris Drake on New Reductor Nation-State Malware Compromises TLS:

Is this a hoax? TLS does not work that way.

a) Both sides participate in the session key creation - a compromise at just one side doesn't break that.

b) The client verifies the certificate - a server making changes to that is still going to need to do those in a way that doesn't trip the client warnings (e.g. site matching, valid signature from a legit CA, etc)

October 15, 2019 5:31 PM

Magnus on Cracking the Passwords of Early Internet Pioneers:

>> "I would love to learn what Donald E. Knuth's passwords used to look like."

> Knuth just closes his eyes and concentrates and the computer logs him in.

The computer needs a password to log in to Knuth.

October 15, 2019 5:28 PM

Thunderbird on Cracking the Passwords of Early Internet Pioneers:

In a perfect world, where everyone coded in PL/I instead of C, buffer overflow attacks might be rare. Until they weren't... The problem (as I see it) is malformed data and interfaces that trust input from callers, whether it is a length-prefixed string or something with a dope vector or whatever. Any sufficiently low-level language will allow you to cobble up something ill-formed in some way that can lead to embarrassing results. Either that, or you implement some kind of high-level data structures right in the architecture which loses a lot of efficiency over a low-level scheme...

Read More →

October 15, 2019 5:28 PM

SpaceLifeForm on Factoring 2048-bit Numbers Using 20 Million Qubits:

@Marcos

"Public keys allows one to receive secure communication from random strangers, and to create N-to-N communication channels. Those are much harder to create with secret keys alone."

Very true.

But ask yourself, why should one trust a random leaker?

They may be legit, or they may be dumping misinformation.

And, N-to-N is not secure because metadata will reveal connections.


October 15, 2019 5:14 PM

Czerno on Friday Squid Blogging: Apple Fixes Squid Emoji:

@Clive : With regards, re. French words, security vs. safety : you - maybe others too - keep repeating that in French, both words translate to the same hence the notions would be easily conflated, but that is NOT true !

Security -> sécurité. Safety -> sûreté.

Disclaimer : native French speaker here :=)

October 15, 2019 4:07 PM

Weather on Factoring 2048-bit Numbers Using 20 Million Qubits:

X+Y
X*52
Y*2
X-Y
Y+88
X/2
Y+Z
X*Z
Z-33
X-Z
X+Y
Out=X

Start
Tx=7f80
Ty=7f80
Tz=7f80
Tx+X
Tx+Y
Tx+(7f80*52)
Ty+(7f80*2)
Tx-Ty
Ty+88
Tx-(7f80*2)
Ty+Tz
Tx*Tz
Tz-33
Tx-Tz
Tx+Ty

Out=Tx
Select byte to check 41
7f80-41. A
(7F80-41)*52. B
(7f80-41)*2. C
(7f80-41)*2. D

A+B+C+D=E
Out-E
If you start with 41 for X it will give the answer Out

Sorry for the spam

October 15, 2019 4:07 PM

Tatütata on Cracking the Passwords of Early Internet Pioneers:

What Dennis Ritchie has invented is the buffer overflow attack, if you believe this article in Slate: "Future Tense, The Lines of Code That Changed Everything -- Apollo 11, the JPEG, the first pop-up ad, and 33 other bits of software that have transformed our world., 14 October 2019

The Null-Terminated String Date: 1972 The most catastrophic design bug in the history of computing

In 1972, Dennis Ritchie made a fateful decision: to represent text in his new language...

Read More →

October 15, 2019 3:59 PM

SpaceLifeForm on Factoring 2048-bit Numbers Using 20 Million Qubits:

@Clive

Sorry. I mis-parsed your point.

I realize you meant web or net of trust.

And I understand key-signing parties.

I was just trying to point out that we do not want any central authority.

Ex: PGP/GPG still rely upon DNS and CA's.

Both allegedly de-centralized.

But DNS and CAs, neither trustable.

So, even via key-signing, the users are still using untrustable network components.

I want zero dependency on DNS or CAs.


October 15, 2019 3:53 PM

Wael on Friday Squid Blogging: Did Super-Intelligent Giant Squid Steal an Underwater Research Station?:

@Sanchi_P,

Once “they” have exchanged my phone during x-ray at the border

That's an OpSec thing. You shouldn't have taken your phone along. You take a generic phone that provides enough functionality for the trip. Other confidential material should be accessible over the internet, if needed, in which case the attack surface is still limited to protocol.

So we have to assume attackers have physical access to phone, laptop and scrambler, especially when transported in the suitcase.

Right! Avoid being a target;...

Read More →

October 15, 2019 3:47 PM

Steve Friedl on Cracking the Passwords of Early Internet Pioneers:

> BSD co-inventor Dennis Ritchie..."

I thought he was a co-inventor of Unix? I think he was a east coast Yankee...

I believe this is mistaken. UNIX of course was invented at Bell Labs, but the VM stuff was added at Berkeley not long after Ken Thompson (not DMR) was visiting on sabbatical.

October 15, 2019 3:19 PM

Jeff on Cracking the Passwords of Early Internet Pioneers:

My answers to challenge questions go like this:
Q: "What is your favorite color?" A: "what"
Q: "Where were you born?" A: "where"
Q: "Who is your favorite actor?" A: "who"
I never forget my answers. That works fine unless there are multiple who/what/where questions and the system prevents duplicate answers.

October 15, 2019 3:15 PM

Anders on Cracking the Passwords of Early Internet Pioneers:

Making password longer by 1 unit is more effective than
widening character base by 1 character.

Simple example. Let's say we have password length 8 units
and character base is 26 characters (uppercase A..Z)

Then to broke that password we have to go through

26^8= 208 827 064 576 possibilities.

If we add one special character to the character base, now we
need to go through

27^8= 282 429 536 481 possibilities

There's difference, but a small one.

However, if we just make password longer by 1 unit and
character...

Read More →

October 15, 2019 3:14 PM

MarkH on Factoring 2048-bit Numbers Using 20 Million Qubits:

@Dave C:

Yes, a perfect quantum computer -- fully entangled, with long-term stable coherence and a negligible error rate -- would need only 4096 qubits, and less than an hour.

Despite years of "gee whiz" techno-optimism about progress in quantum computing, the best public results are still orders of magnitude short of this lofty goal.

The point of the paper cited in Bruce's post is, since nobody knows how to build the kind of quantum computer people have been fantasizing about, what might be possible with a really miserable crap quantum computer, which is perhaps...

Read More →

October 15, 2019 3:10 PM

Dave C. on Factoring 2048-bit Numbers Using 20 Million Qubits:

A quick look at Shor's algorithm (1995) suggests only thousands of qubits are needed to factor a 2048 bit number. This is deduced as follows:

We need to perform a Quantum Fourier Transform (QFT) of size Q where Q is a 4096 or 4097 bit number . This QFT requires the calculation of a special function x^a mod N. So we need about 4097 qubits + some ancillary qubits to help with the function calculations. As Peter S. indicated earlier this assumes all qubits are fully entangled and there is no noise. So this suggests only thousands of qubits are needed, not millions, on a perfect...

Read More →

October 15, 2019 3:08 PM

Sancho_P on Friday Squid Blogging: Did Super-Intelligent Giant Squid Steal an Underwater Research Station?:

@Wael re "Protocol Only Attack Surface"

Wouldn’t that shrink the surface too much for the traveling businessman?

Once “they” have exchanged my phone during x-ray at the border, I only realized when trying to unlock it an hour later (it had my bumper attached, but my microSD card was missing - very very bad!!!). I don’t know if it was done by their gov agency or a competitor (by bribing the customs officer), just a bad coincidence would have been very strange at that time.

So we have to assume attackers have physical access to phone, laptop and scrambler, especially...

Read More →

October 15, 2019 2:48 PM

Dave C. on Factoring 2048-bit Numbers Using 20 Million Qubits:

A quick look at Shor's algorithm (1995) suggests only thousands of qubits are needed to factor a 2048 bit number. This is deduced as follows:
Let N be a 2048 bit number, choose Q st N^2

October 15, 2019 1:31 PM

Patricia Ollie on Hiring Hackers:

I’m Patricia Ollie, lives in Florida. Let me take this time out to share a life changing story. After the death of my husband, I got myself into debts that ruined my business and also affected me emotionally. The lenders wouldn’t stop calling and I felt frustrated. Without knowing how to remedy these messy situation, on one of my searches online I came across a review on how debts were cleared by a hacker. It seemed unbelievable but considering my present financial predicament I had to contact the hacker(KENSTAR CYBER SERVICES) via phone and email: 5057387188/...

Read More →

October 15, 2019 1:11 PM

Tatütata on Cracking the Passwords of Early Internet Pioneers:

I now remember that "iefbr14" belonged to the set of my favourite passwords.

The notion of a do-nothing program that serves an crucial purpose profoundly appealed to me. It is theoretically a one-liner program ("BCR 15,14"), but I remember a paper explaining how many things you really need to add to it to get it to work.

Back in the days when my poor "brain" was perverted by the IBM universe, someone explained to me that those newfangled Acorn RISC processors everyone was talking about were really "a 360 in miniature", or...

Read More →

October 15, 2019 12:56 PM

Tatütata on Cracking the Passwords of Early Internet Pioneers:

I checked the historical passwords against a pwned password dataset, and I see that they are still represented:

dmac : 286 times
/.,/., : 158 times
wendy!!! : 17 times
bourne : 3031 times
axolotl : 1270 times

All repeated three-letter combinations from the keyboard seem to be represented. Worth looking into.

October 15, 2019 12:52 PM

Etienne on Cracking the Passwords of Early Internet Pioneers:

My password was "my3xbeer" for about 35 years. I finally changed it in 2017. Started out on PDP-11/73 running DSD 2.9 Unix.

Now I just use Google Chrome to generate and save my passwords.

October 15, 2019 12:50 PM

Alyer Babtu on Friday Squid Blogging: Apple Fixes Squid Emoji:

Re: parasitic hardware hacks and chips tomography

So what wavelengths would be required to tomographically detect the presence of hardware “adjustments”

There is the crude add a bulk chip type and the subtler add at gate level type. They seem to be 3D material changes so comparative tomography might find them.

October 15, 2019 12:37 PM

Tanica King on Hiring Hackers:

Most of these online agents are not real, I’ve been ripped off a couple times before i luckily got a reliable contact named Dennis Maron that works with utmost discretion. I initially had a SCORE of 495 with late payments and lingering debts that wouldn’t let me qualify for anything. After 2 weeks Dennis completed his working on my score and it amazingly became 802 with no more negative items and I’m free to apply for anything. So happy right now because it’s surprisingly amazing to ascertain such a result after several bad experience. Contact Him on ghostmaron47@gmail.com and you're...

Read More →

October 15, 2019 12:15 PM

CallMeLateForSupper on Cracking the Passwords of Early Internet Pioneers:

I didn't have a personal computer in 1980.

At work I had a terminal connected by coax to a distant mainframe. My original PW - assigned by the mainframe gods/gatekeepers - was "gcp47821"; I was told to change it ASAP, following printed rules and procedures. I think the prescription was essentially "Total of at least eight chars, consisting of letters and digits". So my very first PW was "ao660j971w".

Over the next 10 years I got two additional accounts on as many mainframes. Assigned PWs were "88awp" and (of the form) [1st-5-char-last-name + 1st-initial + 2nd-initial],...

Read More →

October 15, 2019 12:05 PM

Tatütata on Friday Squid Blogging: Apple Fixes Squid Emoji:

@Think,

I was using TDRs before I found out about the opposite sex. (How nerdy can you get?)

What you're proposing is neither feasible nor useful.

PCB traces are perhaps 10-20cm at the longest.

In free space propagation, 1ns=30cm. On a typical PCB that will be ~20cm, and on a round-trip basis, 10cm.

To resolve a fine feature on a trace (e.g. an extra chip), you will need pulses or rise-times in the picosecond range, which means a bandwidth of lotsa GHz. But the fine lines are not impedance controlled unless necessary.

An then you would have...

Read More →

October 15, 2019 11:57 AM

Chase on Cracking the Passwords of Early Internet Pioneers:

Do not give truthful answers to the security questions when you set those up.

Merchants keep this information and use it to help establish your age and ethnicity and cross-reference with other accounts to identity you.

Pick questions which would never apply to you, and use random words as answers. You'll need to keep a cheat sheet somewhere, but the notes field in LastPass, etc., serves just fine for this.

October 15, 2019 11:41 AM

Kevin on Cracking the Passwords of Early Internet Pioneers:

I used to use words I had trouble spelling. Great way to learn to spell a word by typing it numerous times a day. To this day I can spell "necessary" without fail.

October 15, 2019 11:39 AM

Petre Peter on Cracking the Passwords of Early Internet Pioneers:

They really thought they could limit the Internet to people they knew so this is not a huge surprise. On the topic of passwords, not sure why if I know my password and just wanna change it, I have to go through the security questions.

October 15, 2019 11:27 AM

Tatütata on Cracking the Passwords of Early Internet Pioneers:

Cute! At least most passwords seem publishable...

I would love to learn what Donald E. Knuth's passwords used to look like.

I created an account on some system which imposes a mixed-case password including at least one number and a non-alphanumeric character. I used a script that generates a string according to the requirement, e.g., z6E7~yiw0Rl'Yq.

Yesterday, hardly four months later the bl**dy site, warns me that the password must be renewed, and asks "security" questions, of which none maps squarely with my case. Mother's maiden name? In which alphabet?...

Read More →

October 15, 2019 10:55 AM

Thunderbird on Factoring 2048-bit Numbers Using 20 Million Qubits:

While a nice idea, making the encrypted plaintext "look unusual" will not be enough to prevent crackers from rapidly confirming that they have hit upon the right decryption solution.

To demonstrate, I can encrypt a kilobyte of CMB noise with — say — a small enough symmetric or assymetric cypher that you can crack it on today's hardware, and you'll know you got the right answer not because the output plaintext "looks like german troop movements", but because you can feed whatever you got into the inexpensive "encrypt" process to arrive at the exact same cyphertext that you...

Read More →

October 15, 2019 10:55 AM

Tatütata on Factoring 2048-bit Numbers Using 20 Million Qubits:

Van Meter:

when I click on the "subscribe to comments on this entry" button, I get raw XML. Is this a known bug, e.g. w/ Chrome?

Neither Chrome nor Opera can handle RSS feeds directly, or even just display nicely formatted XML. You need to take the RSS URL and shove it into an appropriate application (all of them are clunky, I use Liferea), or install a plugin.

Firefox used to be able to digest RSS feeds natively, but...

Read More →

October 15, 2019 9:18 AM

Marcos on Factoring 2048-bit Numbers Using 20 Million Qubits:

Can key management ever be "solved"? It is a huge set of problems, full of trade-offs, and on each context the least bad options look nothing like the ones from other contexts, it's more of a human than a mathematical problem... except for the fact that most viable solutions rely on public keys and it would be a huge loss on most contexts if it go away.

We are still starting to use cryptographic non-repudiation on legal systems, it would be a shame to lose that capacity now.

Non-repudiation is also very useful for distributing capabilities. I have never seen that put to...

Read More →

October 15, 2019 7:50 AM

Apple Eyes on Friday Squid Blogging: Apple Fixes Squid Emoji:

Apple Browser Defaults to Sending Your IP Address to Google and China

'But, Apple said, the internet or IP address of the person's browser may be shared with Google or Tencent. For people concerned about their privacy, the service can be turned off in Safari preferences on the iPhone or Mac.'

Apple marketing always emphasizes consumer privacy. But time and time again they only change after researches uncover their on-purpose leaks.
The cover story is Google pays Apple billion of dollars a year JUST for ‘search’. In reality, with the default settings (which most...

Read More →

October 15, 2019 7:31 AM

tds on Friday Squid Blogging: Apple Fixes Squid Emoji:

John Bolton is in the news

https://twitter.com/emptywheel/status/1183948657248423936

"Folks are missing several parts of the genius of [Fiona] Hill's testimony.

The headline quotes are her repeating Bolton.

So he will attract Trump's ire more than Hill. He will be forced to confirm or (if he's sure she doesn't have notes) deny. But he can't cower anymore.

[...]

Note: Bolton knows well how [Dick] Cheney violated the law. He made sure the lawyers were involved (cf John...

Read More →

October 15, 2019 7:27 AM

Cassandra on Factoring 2048-bit Numbers Using 20 Million Qubits:

I will chime in here and, as usual, support @Clive Robinson's thoughts. He nearly always writes things more clearly and concisely that I can.

As far as I am aware, Key Management is an unsolved problem, especially for the general user; which is to say, few in the general public have any idea about how public and private keys work and how they should be handled, and how collections of symmetric keys should be managed (or indeed, collections of private keys)

I am intrigued by Clive's aside about key signing parties and how a 'web of trust' almost worked. I would appreciate...

Read More →

October 15, 2019 6:11 AM

robotanks on Gas Pump Hack:

The reason the attendant didn't use the emergency stop initially is that the emergency stop shuts down the entire station. It isn't selective the way the soft controls are.

October 15, 2019 6:02 AM

me on New Reductor Nation-State Malware Compromises TLS:

@Clive Robinson @all
there is no need to use some complex method like rowhammer, windows gives you the functions to edit memory.
if someone is interested i could make a working proof of concept that patch random number generator used by minesweeper windows game so that mines are placed all up in line so you one click win.

October 15, 2019 5:51 AM

me on New Reductor Nation-State Malware Compromises TLS:

@Ismar
> The question I have is how is this possible/ allowed without having admin rights on the machine where the browser is running?

It's possible, perfectly normal and windows give you functions to do so, you need two steps:
1- first you call windows api "OpenProcess" (https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocess)

2- then you call "WritePRocessMemory" (https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-writeprocessmemory) to write what you want.

open process is kind of...

Read More →

October 15, 2019 5:48 AM

Who? on Factoring 2048-bit Numbers Using 20 Million Qubits:

@ TimH

But we are talking about RSA here, not hashes. There is only one factorisation for a given positive integer. So you do not really need to have an idea how the plain-text message looks.

October 15, 2019 5:25 AM

- on Factoring 2048-bit Numbers Using 20 Million Qubits:

@ Moderator,

"Joker123" is unsolicited link advertising for an illegal to use (in the US) betting service.

@ Weather,

You've fallen into a simple "Spamer-trap".

Whether that has anything to do with your "I'm called weather because I'm drunk" statment I'll leave to others to decide.

October 15, 2019 5:07 AM

Karsten on Factoring 2048-bit Numbers Using 20 Million Qubits:

"... so it's possible that public-key cryptography will simply not be possible in the long run. That's not terrible, though; we have a lot of good scalable secret-key systems that do much the same things."

"good scalable secret-key systems" What is that? I have never heard of any system using symmetric crypto that could replace public key cipher systems.
If exchanging data with others without having a secure channel is the task, how can we use symmetric ciphers for that (without exchanging session keys via public key crypto)

October 15, 2019 4:49 AM

Weather on Factoring 2048-bit Numbers Using 20 Million Qubits:

wrong ways around, these numbers don't reltate to the aes algo, are just examples of the parrellel logic.
Test
7f80 = 1 byte(0x00 || 0x01 || 0x02 || 0x03 || 0x04, as loop(0xff(x)(i=i+x))
4141 + 7f80 = C0C1
C0C1 - 5367 = 6D5A
6D5A - 8888 = FFFFFFFFFFFFE4D2
FFFFFFFFFFFFE4D2 *52 = FFFFFFFFFFF74B44
Apply filter, which shouldn't have one with basic maths functions, just sub
FFFFFFFFFFF74B44 - 7f80 = FFFFFFFFFFF6CBC4
FFFFFFFFFFF6CBC4 = 0x00 with all the maths above
FFFFFFFFFFF74B44 - 7f00 = FFFFFFFFFFF6CC44
FFFFFFFFFFF6CC44 =...

Read More →

October 15, 2019 4:48 AM

Weather on Factoring 2048-bit Numbers Using 20 Million Qubits:

as "
7fffffffffffffffffffffffffffffff80000000000000000000000000000000" = 16^256, but there might be some changes in the addon that could effect it.


Edit sorry wrong ways around, these numbers don't reltate to the aes algo, are just examples of the parrellel logic.
Test
7f80 = 1 byte(0x00 || 0x01 || 0x02 || 0x03 || 0x04, as loop(0xff(x)(i=i+x))
4141 + 7f80 = C0C1
C0C1 - 5367 = 6D5A
6D5A - 8888 = FFFFFFFFFFFFE4D2
FFFFFFFFFFFFE4D2 *52 = FFFFFFFFFFF74B44
Apply filter, which shouldn't have one with basic maths functions, just...

Read More →

October 15, 2019 4:47 AM

Weather on Factoring 2048-bit Numbers Using 20 Million Qubits:

accidentally listed AES as using a 256 bit block, this is not the case. AES uses a 128 bit block size.

Back to top

Andy
Mon Oct 13 2014, 04:21AM
Andy Registered Member #4266 Joined: Fri Dec 16 2011, 03:15AM
Location:
Posts: 874
Hi DaJJHman
Thanks for the good reply. The theory is based on one 128bit input for key and IV set to zero, the block, isn't revelent as, 7fff8000 is a array of 0x00-0xffff which is 256 array * 256byte chars per array cell(sorry might have to check if its 256*256*256, my bad), the ecb and cbc modes ,...

Read More →

October 15, 2019 4:36 AM

Weather on Factoring 2048-bit Numbers Using 20 Million Qubits:

@joker123
Its a filter, if you say 5=3a,then ..sorry lost what I was going to say.

No not all linkage,trying.. You have to have a mark to aim fore, if anything is the target... Back too, if you have four satellite you can get a accurate picture were you are, to be able to link that, you have contains and wires, it can be worked out with 7f but you need -+/* if statement are out of bounds, binary needs filters others can workout.
Sum it to the four, and the size byte you start with you can end Wit.
If I new the filter aes

I'm called weather because I'm drunk

October 15, 2019 2:06 AM

Weather on Factoring 2048-bit Numbers Using 20 Million Qubits:

@RVM
The D-wave ,what I understand from ars is you map out what you want, say 5+5 you then throw in random(by just checking and see unknown answer) ,then you pick ones that are 3+4 that the links between tunnels allow the code to come forward.
?is act having all parts interlinked the best idea?
?why call it quatom ,when any object close to another effects both?
?what coding obj are you using for d-wave?
?is quatom tunneling understood, like in fusion, which it is not?
?can it workout AA with the first A being 256 different volts, with the second A I've...

Read More →

October 15, 2019 1:47 AM

Weather on Supply-Chain Security and Trust:

As a PC technician resting CMOS I've you took out the battery or you put a joiner on two pins, I'm guessing that could be a way in, or at least because of frequency won't be too far away.

October 14, 2019 9:17 PM

Clive Robinson on Factoring 2048-bit Numbers Using 20 Million Qubits:

@ Rodney Van Meter,

but it's apparently not possible to edit posts

The software alows it, but as this site alows anyone to use what ever handle they please (appart from Admin accounts) that means an "edit function" after posting would in effect alow anyone to edit someone elses post. Which would be undesirable.

However if you are ready to post but want to see how your post would be displayed hit the "preview button" and the site will refresh the page, in reverse time order with your post at the top followed by the entry window, followed by...

Read More →

October 14, 2019 8:15 PM

Think on Friday Squid Blogging: Apple Fixes Squid Emoji:

@Tatütata

Say you had tested a subset of determine pathways on your circuit board. With an electronic signal moving at a relatively constant speed. You run tests on your equipment and have signal values with a certain tolerance preprogrammed into a chip that tests certain pathways in your subject circuit board at pre determined intervals or at certain events or both. If deviations are found upon an integrity check any number of actions could be triggered. Any number of codes could be shared, warning or lights or sounds or even device failure. A simple but more costly...

Read More →

October 14, 2019 8:12 PM

Clive Robinson on Supply-Chain Security and Trust:

@ MarkH,

A museum applied a lot of tech: X rays, spectroscopic analysis of paint samples, etc.

There is a thought process that basically states "In the physical world only three numbers make sense, nothing, one and infinity".

That is what ever you can think up as a physical object, there can be no instances of it, unique instances of it, and an unknown number between one and what under normal human understanding would be the equivalent of an infinite number[1].

Few implicitly understand thst the difference between unique and infinite is...

Read More →

October 14, 2019 8:04 PM

Rodney Van Meter on Factoring 2048-bit Numbers Using 20 Million Qubits:

(Ugh, typos in my comment above. I hate that, but it's apparently not possible to edit posts?
s/original/originally/
s/wrong/wrong statements or emphasis/
)

October 14, 2019 7:57 PM

JonKnowsNothing on Supply-Chain Security and Trust:

@MarkH @Clive Robinson @All

The best trick, would be not ADDING a package, but rather REPLACING an existing chip

Some years ago...

When computer controlled systems first started appearing in US Muscle Cars one of their "improvements" was to "throttle" parts of the engine.

A very lucrative market emerged in replacement chips that "removed" the offending "throttle" and allowed it to be reset to a more Muscled value.

If you had to take your Muscle Car into the shop for something, you just replaced the original chip while it was being...

Read More →

October 14, 2019 7:50 PM

Rodney Van Meter on Factoring 2048-bit Numbers Using 20 Million Qubits:

Ah, you're in my wheelhouse here; design of a quantum multicomputer for factoring was my 2006 Ph.D. thesis. For more on the current state of quantum computer architecture, see my recent tweetstorm either here or in PDF here.
My background is original in computer systems -- architecture, OS, networks, and especially networked storage -- but about fifteen years ago I moved into quantum. But I...

Read More →

October 14, 2019 7:31 PM

Lawrence D’Oliveiro on Factoring 2048-bit Numbers Using 20 Million Qubits:

All practical “quantum”† computers so far have been analog computers. They have been handy for solving certain kinds of physical-simulation problems, but completely useless for anything number-theoretic (such as factoring large integers), like digital computers can do.

I have said before that there is something fundamentally wrong with the assumption behind quantum computing, anyway: getting an exponential increase in processing power for a linear increase in processing elements sounds too much like getting “something for nothing”. Which has never worked anywhere else in human...

Read More →

October 14, 2019 6:14 PM

MarkH on Supply-Chain Security and Trust:

@Clive:

I know an artisan who was trained to NASA standards, who does very fine-scale work not usually attempted by hand.

Probably she could replace a chip without differences in soldering being noticeable to me, which isn't to say that others wouldn't pick it up.

Your reference to "sexing chicks" might be understood in a different meaning by some readers ;)

I've heard that sexing hyenas -- young or adult -- is notoriously difficult, even to scientists who specialize in studying them ... though hyenas seem to figure it out.

I remember a documentary...

Read More →

October 14, 2019 6:06 PM

Sancho_P on Supply-Chain Security and Trust:

First, and most importantly, is: What should the modification achieve?

Second:
It depends what you’d call a HW “hack”.
To add a chip (better: replace an existing chip with an “improved” version, @MarkH: existing uC with the same type, other FW [1] ) is persistent = extremely dangerous. There are several chips where just the FW had to be improved, but if it could not be deleted on the fly = dangerous.

+ At soldered HW : You just can’t deliver in bulk, too precious.
One would have carefully to deliver the HW to the target, person or location, and to...

Read More →

October 14, 2019 5:49 PM

Clive Robinson on Factoring 2048-bit Numbers Using 20 Million Qubits:

@ SpaceLifeForm,

How about a distributed system with no root at all?

A root of trust is the equivalent in many ways as an indicator of who trusts you.

Back in the early PGP days we had "Key signing parties". In essence you turned up at a party with your passport and drivers licence and a public key. People would verify your documents and sign your key as well as adding it to their key ring.

It was an attempt at "distributed trust" and with a few changes it might well have worked.

The important point about it was the key could be...

Read More →

Sidebar photo of Bruce Schneier by Joe MacInnis.