Re: google as password cracker

2007-11-21 Thread Allen
Perry E. Metzger wrote: Need to invert an MD5 hash? Try googling for the hash value: http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/ And you can also find some SHA-1 hashes as well as base 64 encoded MD5 & SHA-1 hashes googling for them and the results are locat

RE: Adi Shamir's microprocessor bug attack

2007-11-21 Thread Crawford Nathan-HMGT87
Some important things come to mind: 1.) It isn't necessary to try an exhaustive search to prove that the hardware multiplier works correctly. Hardware multipliers multiply by shifting and adding; the failure mode would be one of failure to shift, or failure to add. The code to test every bit in

State of the art in hardware reverse-engineering

2007-11-21 Thread Leichter, Jerry
Flylogic Engineering does some very interesting tampering with "tamper- resistant" parts. Most of those "secure USB sticks" you see around won't last more than a couple of minutes with these guys. See http://www.flylogic.net/blog -- Jerry

Re: fyi: Adi Shamir's microprocessor bug attack

2007-11-21 Thread James Muir
' =JeffH ' wrote: From: John Young <[EMAIL PROTECTED]> Subject: Adi Shamir's microprocessor bug attack To: [EMAIL PROTECTED] Date: Sat, 17 Nov 2007 09:50:31 -0500 (GMT-05:00) Adi Shamir's note on a microprocessor bug attack on public key cryptography featured in the NY Times today: http://cr

Re: fyi: Adi Shamir's microprocessor bug attack

2007-11-21 Thread Florian Weimer
Perhaps I'm missing something, but real-world RSA implementations are not vulnerable to this because they implement RSA blinding to prevent timing attacks (which prevents a magic a * b fault from being exploited deterministically) or verify the signature after creation (which protects against rando

Re: fyi: Adi Shamir's microprocessor bug attack

2007-11-21 Thread James A. Donald
' =JeffH ' wrote: > Adi Shamir Computer Science Department The Weizmann > Institute of Science Israel > > With the increasing word size and sophisticated > optimizations of multiplication units in modern > microprocessors, it becomes increasingly likely that > they contain some undetected bugs. Th

Wikileaks: NSA funding of academics

2007-11-21 Thread John Gilmore
https://secure.wikileaks.org/wiki/On_the_take_and_loving_it Grant code 'MDA904' - National Security Agency The NSA has pushed tens or hundreds of millions into the academy through research grants using one particular grant code. ... John

Re: fyi: Adi Shamir's microprocessor bug attack

2007-11-21 Thread Christian Paquin
' =JeffH ' wrote: From: John Young <[EMAIL PROTECTED]> [...] Research Announcement: Microprocessor Bugs Can Be Security Disasters [...] A similar attack can be applied to any security scheme based on discrete logs modulo a prime, and to any security scheme based on elliptic curves (in which we ca

Ross Anderson: Searching For Evil

2007-11-21 Thread ' =JeffH '
Of possible interest... =JeffH Ross Anderson: Searching For Evil http://youtube.com/watch?v=7WlHhZUayUw Google Tech Talks August 23, 2007 ABSTRACT Computer security has recently imported a lot of ideas from economics, psychology and sociology, leading to fresh insights and new tools. I will