Oh and http://en.wikipedia.org/wiki/Cycle_detection
On 19 September 2013 17:34, James Morris <jwm.art....@gmail.com> wrote: > > > > On 19 September 2013 16:52, Rob Myers <r...@robmyers.org> wrote: > >> On 18/09/13 11:07 PM, James Morris wrote: >> > On Sep 19, 2013 2:12 AM, "Rob Myers" <r...@robmyers.org >> > <mailto:r...@robmyers.org>> wrote: >> >> >> >> "Scientists have developed a technique to sabotage the cryptographic >> >> capabilities included in Intel's Ivy Bridge line of microprocessors. >> The >> >> technique works without being detected by built-in tests or physical >> >> inspection of the chip." - >> >> >> > >> http://arstechnica.com/security/2013/09/researchers-can-slip-an-undetectable-trojan-into-intels-ivy-bridge-cpus/ >> >> >> > >> > presented as scary stuff. but extremely easy top detect by software. >> > prng ffs! >> >> Just have it fail after a certain date or in response to a particular >> message, then. ;-) >> >> Well that would be an additive modification rather than subtractive - > quite a large leap from a reduction in bits which is what this is. But what > I'm getting at is what makes it useful to a hacker also allows it to be > detected: if keys can be extracted then we detect it ;-p > > > http://en.wikipedia.org/wiki/Random_number_generation#Practical_applications_and_uses > > >> Also: >> >> "In addition to the Ivy Bridge processor, the researchers applied the >> dopant technique to lodge a trojan in a chip prototype that was designed >> to withstand so-called side channel attacks. The result: cryptographic >> keys could be correctly extracted on the tampered device with a >> correlation close to 1. " >> >> Same again, if we can extract keys we detect it. > > The article fails to acknowledge the possibility of software detection in > order fear monger. As well as simulating attacks, unit testing would be > another possibility. I just don't think this is as undetectable as the > article tries to make out. http://en.wikipedia.org/wiki/Unit_testing > > But I don't really know. > > James. > > > > >
_______________________________________________ NetBehaviour mailing list NetBehaviour@netbehaviour.org http://www.netbehaviour.org/mailman/listinfo/netbehaviour
