Re: gang uses crypto to hide identity theft databases
On Sun, Dec 24, 2006 at 11:10:40PM +, Rick van Rein wrote: > This is not =entirely= true. A key stored in the same (non-swappable) > location for a long time will burn into the memory. (I know that I am > reacting beside the point of your story, to which I agree.) Pimpin' Peters Papers: http://www.cypherpunks.to/~peter/usenix01.pdf -- A: No. Q: Should I include quotations after my reply? http://www.subspacefield.org/~travis/> -><- pgp8gThz9AZST.pgp Description: PGP signature
Re: gang uses crypto to hide identity theft databases
John wrote: > Once something is gone from RAM, it's really, really gone. The circuit > structure and the laws of thermodynamics ensure it. No power on earth > can do anything about that. This is not =entirely= true. A key stored in the same (non-swappable) location for a long time will burn into the memory. (I know that I am reacting beside the point of your story, to which I agree.) To understand this you have to know that semiconductor materials are filled with ions (stored particles) and that some of those also reside in the isolation layer between capacitor plates. These ions tend to be drawn towards the opposite charge. They actually move a little over time, especially if a system is hot -- this is normal degradation to which all silicon chips are subject. If the charge is consistently applied for a long time, as with long-term key storage, the ions will actually move slightly, thus altering the preferred state at switch-on ever so slightly. When the memory is switched on, this slight preference may be rounded to the bit of the key (or its opposite) because it has to round 0.4999 down or 0.5001 up to form a 0 or 1 bit out of the analog state at switch-on. A well-designed system would of course flip the key bits at regular intervals if they are stored in non-swappable memory for long periods. At least, that's what we have been doing for years :) Cheers, Rick van Rein OpenFortress - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: gang uses crypto to hide identity theft databases
On Fri, Dec 22, 2006 at 10:57:17AM -0800, Alex Alten wrote: > I'm curious as to why the cops didn't just pull the plugs right away. It > would probably > take a while (minutes, hours?) to encrypt any significant amount of > data. At the risk of stating the obvious, this is almost certainly a case of key zeroization rather than suddenly encrypting otherwise in-the-clear databases. What one does is ALWAYS encrypt all the data, but store only one single copy of the key(s) required to decrypt it and make provision for some kind of dead man switch that zeroizes the key store when pushed. Shutting off the power leaves almost all of the data intact and unaltered, but without the keys it is just random bits. Special switches and hardware assistance for key zeroization are a very standard feature of US government crypto gear and installations. The idea is that one zeros the key if one is expecting to be captured (or crash or sink) and then all the remaining data in non volatile storage is useless to your adversary if he is able to recover the media and attempt to read it. -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass 02493 "An empty zombie mind with a forlorn barely readable weatherbeaten 'For Rent' sign still vainly flapping outside on the weed encrusted pole - in celebration of what could have been, but wasn't and is not to be now either." - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: gang uses crypto to hide identity theft databases
On 12/22/2006 01:57 PM, Alex Alten wrote: > I'm curious as to why the cops didn't just pull the plugs right away. Because that would be a Bad Idea. In a halfway-well-designed system, cutting the power would just do the secret-keepers' job for them. > It would probably > take a while (minutes, hours?) to encrypt any significant amount of > data. That's why you don't do it that way. If you want it to work, you use an encrypting disk system so that everything on disk (including swap) is encrypted all the time, and gets decrypted "as needed" when it is read. > Not to > mention, where is the master key? It should be in volatile unswappable RAM. Cutting the power is one way (among many) to obliterate it. Overwriting it with randomness suffices if there is any chance that the RAM might be non-volatile. The time and cost of obliterating a key are negligible. > The guy couldn't have jumped up and typed > in a pass phrase to generate it in handcuffs? That's another reason why you don't do it that way. > Even if it got erased, > it's image could > be recovered from a disk or RAM. My understanding is that even > tamperproof cards > one can get keys from them with the right equipment from the right folks. Once something is gone from RAM, it's really, really gone. The circuit structure and the laws of thermodynamics ensure it. No power on earth can do anything about that. There are, however, some things the cats can do to improve their chance of success in this cat-and-mouse game. *) For starters, the cats must anticipate the possibility that the mice might try to secure their data. The early-adopter mice benefit from a certain amount of security-through-obscurity, insofar as the cats have not heretofore fully appreciated the possibilities. *) The mice have a dilemma: If they do not cache the passphrase somewhere, they will need to constantly re-enter it, which makes them vulnerable to shoulder-surfing, sophisticated key-loggers, unsophisticated rubber-hose methods, et cetera. Conversely, if the mice do cache the passphrase for long periods of time, there is the possibility that the cats will capture the whole system intact, passphrase and all, and will be able to make a permanent copy of the passphrase before the system realizes that a compromise has occurred. The cats can improve their chances by causing not-too-suspicious power failures and seeing how the mice handle the ensuing passphrase issues. The mice can improve their odds by ensuring good physical security, ensuring personnel reliability, providing easy-to-use panic buttons, rotating their passphrases, and so forth. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: gang uses crypto to hide identity theft databases
I'm curious as to why the cops didn't just pull the plugs right away. It would probably take a while (minutes, hours?) to encrypt any significant amount of data. Not to mention, where is the master key? The guy couldn't have jumped up and typed in a pass phrase to generate it in handcuffs? Even if it got erased, it's image could be recovered from a disk or RAM. My understanding is that even tamperproof cards one can get keys from them with the right equipment from the right folks. - Alex At 02:51 AM 12/23/2006 +1300, Peter Gutmann wrote: Jim Gellman <[EMAIL PROTECTED]> writes: >Well this just sucks if you ask me. >> According to the Crown Prosecution Service (CPS), which confirmed that >> Kostap had activated the encryption after being arrested, it would >> have taken 400 computers twelve years to crack the code. >Scales linearly, right? 4,800 computers'll get it in a year? I don't think you can even apply that much analysis to it. How exactly did they come up with such a figure in the first place? 400 *what* computers? TRS-80's? Cray XT4's? Does the encryption software come with a disclaimer saying "if you forget your password, it'll take 400 computers 12 years to recover your data"? With that level of CPU power it sounds like it'd something at the level of brute-forcing a 56-bit DES key (using a software- only approach), which sounds like an odd algorithm to use if it's current crypto software. It sounds more like a quote for the media (or, more likely, misreporting) than any real estimate of the effort involved. Peter. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] -- Alex Alten [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: gang uses crypto to hide identity theft databases
Jim Gellman <[EMAIL PROTECTED]> writes: >Well this just sucks if you ask me. >> According to the Crown Prosecution Service (CPS), which confirmed that >> Kostap had activated the encryption after being arrested, it would >> have taken 400 computers twelve years to crack the code. >Scales linearly, right? 4,800 computers'll get it in a year? I don't think you can even apply that much analysis to it. How exactly did they come up with such a figure in the first place? 400 *what* computers? TRS-80's? Cray XT4's? Does the encryption software come with a disclaimer saying "if you forget your password, it'll take 400 computers 12 years to recover your data"? With that level of CPU power it sounds like it'd something at the level of brute-forcing a 56-bit DES key (using a software- only approach), which sounds like an odd algorithm to use if it's current crypto software. It sounds more like a quote for the media (or, more likely, misreporting) than any real estimate of the effort involved. Peter. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: gang uses crypto to hide identity theft databases
Well this just sucks if you ask me. According to the Crown Prosecution Service (CPS), which confirmed that Kostap had activated the encryption after being arrested, it would have taken 400 computers twelve years to crack the code. Scales linearly, right? 4,800 computers'll get it in a year? How can one write a SETI-at-home-like screensaver that can attack the ciphertext without giving the underlying information to thousands of people? Barring that sort of grass-roots effort, I'm personally mad enough to donate a PC + shipping. -- jim Steven M. Bellovin wrote: http://www.zdnet.co.uk/misc/print/0%2C100169%2C39285188-39001093c%2C00.htm --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]