Oh, I hope you don't believe for a minute that *I* could do this. I know some of what's possible, but I am not a practitioner.
I feed my paranoia by reading lots of sec lists, and see discussions about this kind of stuff all the time. Kurt On Thu, Feb 10, 2011 at 13:27, Matthew W. Ross <[email protected]> wrote: > See, this is why people much smarter than I are into computer security. I > could just never keep up. > > > --Matt Ross > Ephrata School District > > > ----- Original Message ----- > From: Kurt Buff > [mailto:[email protected]] > To: NT System Admin Issues > [mailto:[email protected]] > Sent: Thu, 10 Feb 2011 > 13:23:45 -0800 > Subject: Re: Crypto Theory -- Was: IPhone attack reveals > passwords in six minutes > > >> On Thu, Feb 10, 2011 at 10:41, Matthew W. Ross <[email protected]> >> wrote: >> >> A truly random 256-bit symmetric key could theoretically be cracked >> >> given enough time, but time to brute-force (given known technology) is >> >> generally given in billions of years. >> > >> > Awesome. >> > >> > Okay, here's a crypto theory question for ya... Could this be possible: >> > >> > A encrypted blob has the data required, and requires a key to unlock. If >> you have the key, it unlocks correctly and you have the data. Straight >> forward, I would think... >> > >> > But the blob is created in such a way that two keys work... one which is >> easy (or easier) to crack, perhaps with some dictionary-derived key, and >> another which is much harder to crack. >> > >> > This special blob will appear to be successfully cracked with the easier >> key... which the hacker then uses to try and pull data from whatever server >> they think they just compromised. >> > >> > The server knows both keys and uses the fact that the easier key (a >> 'honeypot key'?) was used to assume the key is in the process of being >> cracked... and then takes appropriate measures to prevent the account from >> being truly compromised... perhaps issuing a new key? >> > >> > Is this even possible? Perhaps this is already being done? >> >> This is possible, but unlikely to deter a determined attacker who is >> sufficiently wary and with sufficient resources, and I believe the >> resources needed probably won't be all that great. >> >> Why? >> >> Because the input has to follow a defined path through an executable, >> and single-stepping through that executable in a debugger will reveal >> that the code path for an invalid password is being followed. >> >> Kurt >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
