Re: [cryptography] crypto mdoel based on cardiorespiratory coupling

Am Donnerstag, 10. April 2014 schrieb travis+ml-rbcryptogra...@subspacefield.org: http://threatpost.com/crypto-model-based-on-human-cardiorespiratory-coupling/105284 This is nonsense, right? Unbounded in the sense of relying on secrecy of the unbounded number of algorithms? fundraising in

Re: [cryptography] crypto mdoel based on cardiorespiratory coupling

The system is vulnerable to a simple chosen plaintext attack as soon as you extract a workable scheme from the vague description in the paper (see appendix A for the closest thing to an actual specification of an encryption scheme). It should be an embarrassment to both Phys Rev X and the

Re: [cryptography] crypto mdoel based on cardiorespiratory coupling

On 10 April 2014 01:17, travis+ml-rbcryptogra...@subspacefield.org wrote: http://threatpost.com/crypto-model-based-on-human-cardiorespiratory-coupling/105284 This is nonsense, right? Unbounded in the sense of relying on secrecy of the unbounded number of algorithms? Also not novel. I don't

Re: [cryptography] crypto mdoel based on cardiorespiratory coupling

i did not read the paper, but, if their model is a variant of OTP, with a running stream cipher, it is possible, that it is non-decryptable by method or semantically secure, or has no algorithmic decryption, only brute force. however, as protein signalling (bio-informatics) is based on a

[cryptography] question about heartbleed on Linux

Does heartbleed allow one to read (discarded, freed) physical memory containing data from the OS and/or other processes in linux? A friend and I were discussing this. If the memory management is lazy (doesn't clear on page allocation/free), and if processes don't clear their own memory, I

Re: [cryptography] question about heartbleed on Linux

On Thu, Apr 10, 2014 at 10:09:10AM -0700, Scott G. Kelly wrote: Does heartbleed allow one to read (discarded, freed) physical memory containing data from the OS and/or other processes in linux? Yes. It doesn't clear memory when it is freed, so you may end up allocating memory that has old

Re: [cryptography] question about heartbleed on Linux

On Thu, 10 Apr 2014 10:09:10 -0700 (PDT), Scott G. Kelly sc...@hyperthought.com wrote: My friend thinks modern operating systems clear memory to prevent inter-process data leakage. Of course, I agree that this is security goodness, but I wonder if, in the name of performance, this is

Re: [cryptography] question about heartbleed on Linux

I believe that the Linux kernel allocates a zero-page in the page table when a first-use (read) page fault occurs, and the zero-page is in fact zeroed out. Since Linux is copy-on-write, when a write occurs to an address that maps somewhere in that zero-page, a new page is allocated, the zero-page

Re: [cryptography] question about heartbleed on Linux

On Thu, Apr 10, 2014 at 11:48:15AM -0600, sch...@subverted.org wrote: On Thu, Apr 10, 2014 at 06:26:48PM +0100, Rob Kendrick wrote: | On Thu, Apr 10, 2014 at 10:09:10AM -0700, Scott G. Kelly wrote: | Does heartbleed allow one to read (discarded, freed) physical memory containing data from

Re: [cryptography] question about heartbleed on Linux

In article 20140410172648.gj8...@platypus.pepperfish.net you write: On Thu, Apr 10, 2014 at 10:09:10AM -0700, Scott G. Kelly wrote: Does heartbleed allow one to read (discarded, freed) physical memory containing data from the OS and/or other processes in linux? Yes. It doesn't clear memory

Re: [cryptography] question about heartbleed on Linux

At 10:09 AM 4/10/2014, Scott G. Kelly wrote: Does heartbleed allow one to read (discarded, freed) physical memory containing data from the OS and/or other processes in linux? A friend and I were discussing this. If the memory management is lazy (doesn't clear on page allocation/free), and if

Re: [cryptography] question about heartbleed on Linux

On Thu, Apr 10, 2014 at 10:31 PM, John Levine jo...@iecc.com wrote: Well, the operating system clears memory when it is allocated to a new process, That's plenty bad, of course. Yeah, too bad none of that memory can be made executable :) ___

Re: [cryptography] question about heartbleed on Linux

On Thu, Apr 10, 2014 at 1:09 PM, Scott G. Kelly sc...@hyperthought.com wrote: A friend and I were discussing this. If the memory management is lazy (doesn't clear on page allocation/free), and if processes don't clear their own memory, I wondered if heartbleed would expose anything. My friend

Re: [cryptography] question about heartbleed on Linux

-Original Message- From: cryptography [mailto:cryptography-boun...@randombit.net] On Behalf Of Kevin W. Wall Sent: Friday, April 11, 2014 00:20 To: Scott G. Kelly Cc: Crypto discussion list Subject: Re: [cryptography] question about heartbleed on Linux On Thu, Apr 10, 2014 at

[cryptography] Wild at Heart: Were Intelligence Agencies Using Heartbleed in November 2013?

https://www.eff.org/deeplinks/2014/04/wild-heart-were-intelligence-agencies-using-heartbleed-november-2013 Yesterday afternoon, Ars Technica published a story reporting two possible logs of Heartbleed attacks occurring in the wild, months before Monday's public disclosure of the vulnerability. It