DoS attack on The Million Dollar Homepage
I found the enclosed of some interest.. From: http://milliondollarhomepage.com/blog.php, The Million Dollar Blog, Tuesday 17th January 2006: Site downtime, DDoS attack I can confirm that MillionDollarHomepage.com has been subjected to a Distributed Denial of Service (DDoS) attack by malicious hackers who have caused the site to be extremely slow loading or completely unavailable since last Thursday, 12th January 2006. I can also confirm that a demand for a substantial amount of money was made which makes this a criminal act of extorsion. The FBI are investigating and I'm currently working closely with my hosting company, Sitelutions, to bring the site back online as soon as possible. More news soon. -- Best regards, Amir Herzberg Associate Professor Department of Computer Science Bar Ilan University http://AmirHerzberg.com Try TrustBar - improved browser security UI: http://AmirHerzberg.com/TrustBar Visit my Hall Of Shame of Unprotected Login pages: http://AmirHerzberg.com/shame - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: quantum chip built
| >> From what I understand simple quantum computers can easily brute-force | >> attack RSA keys or other | >> types of PK keys. | > | > My understanding is that quantum computers cannot "easily" do anything. | > | | Au contraire, quantum computers can easily perform prime factoring or | perform discrete logarithms - this is Shor's algorithm and has been | known for more than a decade. The difficulty is in making a QC. | | > | >> Is ECC at risk too? And are we at risk in 10, 20 or 30 years from now? | > | | ECC is also at risk because it relies on the difficulty of discrete | logarithms which are victim to a quantum attack. Are we at risk in 10, | 20 or 30 years? Well, as John said, it's hard to say. The first | working 2 qbit computers were demonstrated in 1998, then 3 qbits in the | same year. 7 qbits were demonstrated in 2000. 8 in December 2005. As | you can see, adding a qbit is pretty hard. In order to factor a 1024 | bit modulus you'd need a 1024 bit QC. Perhaps if there were some sudden | breakthrough it'd be a danger in a decade - but this is the same as the | risk of a sudden classical breakthrough: low. There is little basis for any real estimates here. First off, you should probably think of current qbit construction techniques as analogous to transistors. If you looked at "number of transistors in a computer" and didn't know that IC's were on the way, you would make much smaller estimates as to the sizes of practical machines in 1980, much less 2006. But more fundamentally, qbits don't necessarily scale linearly. Yes, current algorithms may need some number of qbits to deal with a key of n bits, but the tradeoff between time and "q-space" is not known. (Then again, the tradeoff between time and space for *conventional* computation isn't known, except for some particular algorithms.) I believe there's a result that if any of some broad class of quantum computations can be done using n qbits, it can also be done with just one (plus conventional bits). | My assessment: nothing to worry about for now or in the immediate | future. A key valid for 20 years will face much greater dangers from | expanding classical computer power, weak implementations, social | engineering etc. The "quantum chip" is just a new housing, not anything | that puts RSA or ECC at risk. I'm not sure I would be tHat confident. There are too many unknowns - and quantum computation has gone from "neat theoretical idea, but there's no possible way it could actually be done because of " to "well, yes, it can be done for a small number of bits but they can't really scale it" in a very short period of time. -- Jerry | Regards, | | Michael Cordover | -- | http://mine.mjec.net/ | | - | The Cryptography Mailing List | Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] | - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: long-term GPG signing key
| >>>Even though triple-DES is still considered to have avoided that
| >>>trap, its relatively small block size means you can now put the
| >>>entire decrypt table on a dvd (or somesuch, I forget the maths).
| >>
| >>
| >> This would need 8 x 2^{64} bytes of storage which is approximately
| >> 2,000,000,000 DVD's (~ 4 x 2^{32} bytes on each).
| >>
| >> Probably, you are referring to the fact that during encryption of a
| >> whole DVD, say, in CBC mode two blocks are likely to be the same
| >> since there are an order of 2^{32} x 2^{32} pairs.
| >
| >Thanks for the correction, yes, so obviously I
| >muffed that one. I saw it mentioned on this list
| >about a year ago, but didn't pay enough attention
| >to recall the precise difficulty that the small
| >block size of 8 bytes now has.
|
| The difficulty with 3DES's small blocksize is the 2^32 block limit when
| using CBC -- you start getting collisions, allowing the attacker to
| start building up a code book. The amount of data is quite within
| reach at gigabit speeds, and gigabit Ethernet is all but standard
| equipment on new computers. Mandatory arithmetic: 2^32 bytes
But the collisions are after 2^32 *blocks*, not *bytes*. So the number to
start with is 2^35 bytes.
| is 2^38
So this correspondingly is 2^41.
| bits, or ~275 * 10^9. At 10^9 bits/sec, that's less than 5 minutes.
And this is about 10^10/40 minutes.
| Even at 100M bps -- and that speed *is* standard today -- it's less
| than an hour's worth of transmission. The conclusion is that if you're
8 hours.
| encrypting a LAN,
Realistically, rekeying every half an hour is probably acceptable. In fact,
even if an attacker built up a large fraction of a codebook, there is no
known way to leverage that into the actual key. So you could rekey using
some fixed procedure, breaking the codebook attack without requiring any
changes to the underlying protocols (i.e., no extra data to transfer).
Something like running the key through a round of SHA should do the trick.
If it's agreed that this is done after the 2^30 block is sent/received, on
a 1GB network you're doing this every 20 minutes, with essentially no chance
of a practical codebook attack.
(Not that replacing 3-DES with AES isn't a good idea anyway - but if you
have
a fielded system, this may be the most practical alternative.)
| you need AES or you need to rekey fairly often.
Perhaps I'm being a bit fuzzy this morning, but wouldn't using counter mode
avoid the problem? Now the collisions are known to be exactly 2^64 blocks
apart, regardless of the initial value for the counter. Even at
10GB/second,
that will take some time to become a problem. (Of course, that *would*
require redoing the protocol, at which point using AES might be more
reasonable.)
-- Jerry
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Echelon papers leaked
Two chapters are online here: http://www.fas.org/irp/eprint/sp/ -- "If I could remember the names of these particles, I would have been a botanist" -- Enrico Fermi -><- http://www.lightconsulting.com/~travis/ GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
