Of possible interest...
=JeffH
Ross Anderson: Searching For Evil
http://youtube.com/watch?v=7WlHhZUayUw
Google Tech Talks
August 23, 2007
ABSTRACT
Computer security has recently imported a lot of ideas from economics,
psychology and sociology, leading to fresh insights and new tools. I will
' =JeffH ' wrote:
From: John Young <[EMAIL PROTECTED]>
[...]
Research Announcement: Microprocessor Bugs Can Be Security Disasters
[...]
A similar attack can be applied to any security scheme based on
discrete logs modulo a prime, and to any security scheme based on
elliptic curves (in which we ca
https://secure.wikileaks.org/wiki/On_the_take_and_loving_it
Grant code 'MDA904' - National Security Agency
The NSA has pushed tens or hundreds of millions into the academy
through research grants using one particular grant code. ...
John
' =JeffH ' wrote:
> Adi Shamir Computer Science Department The Weizmann
> Institute of Science Israel
>
> With the increasing word size and sophisticated
> optimizations of multiplication units in modern
> microprocessors, it becomes increasingly likely that
> they contain some undetected bugs. Th
Perhaps I'm missing something, but real-world RSA implementations are
not vulnerable to this because they implement RSA blinding to prevent
timing attacks (which prevents a magic a * b fault from being exploited
deterministically) or verify the signature after creation (which
protects against rando
' =JeffH ' wrote:
From: John Young <[EMAIL PROTECTED]>
Subject: Adi Shamir's microprocessor bug attack
To: [EMAIL PROTECTED]
Date: Sat, 17 Nov 2007 09:50:31 -0500 (GMT-05:00)
Adi Shamir's note on a microprocessor bug attack on public key cryptography
featured in the NY Times today:
http://cr
Flylogic Engineering does some very interesting tampering with "tamper-
resistant" parts. Most of those "secure USB sticks" you see around won't
last more than a couple of minutes with these guys.
See http://www.flylogic.net/blog
-- Jerry
Some important things come to mind:
1.) It isn't necessary to try an exhaustive search to prove that the
hardware multiplier works correctly. Hardware multipliers multiply by
shifting and adding; the failure mode would be one of failure to shift,
or failure to add. The code to test every bit in
Perry E. Metzger wrote:
Need to invert an MD5 hash? Try googling for the hash value:
http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/
And you can also find some SHA-1 hashes as well as base 64
encoded MD5 & SHA-1 hashes googling for them and the results are
locat