Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment Re:So you think RSA is broken? (Score 1) 179

Oh, you actually want to read them? I thought you just wanted me to prove my cred.

I didn't doubt you went to school, or were completing a graduate level program on cryptography.

I doubted your competence, because you missed something I thought was obvious, and I am not a cryptographer.

That said, you mentioned you were working on identity systems, and I am interested in that. I want to say I do not seriously assume that your lack of experience with a particular kind of vulnerability assessment translates to a lack of competence in other things, and I apologize for my statement to the contrary on that subject.

I look forward to reading these papers after the holidays...

Comment Re:So you think RSA is broken? (Score 1) 179

Of course. It's just that this is 6-7 orders of magnitude easier than breaking RSA, even against a relatively hard target.

No. It's however hard breaking RSA is plus 6-7 orders of magnitude easier because you still need to break RSA.

Signings shouldn't help the attacker unless your hash is broken... it probably takes a worse break than the current ones against MD5 and SHA1, as well.

That's not true. doi:10.1016/S1007-0214(05)70121-8 for example on weak-key attacks against digital signature systems.

they [the banks] can upgrade much more easily than DNSSEC if RSA-1024 falls.

Sort-of. SSLv2 has been considered obsolete for a long time, but it took new PCI-compliance procedures to really shake it out of a lot of organizations I've worked with.

Upgrading is hard. Saying upgrading HTTPS's RSA-1024 is "easier" than upgrading DNSSEC is patently meaningless: We're not really talking about upgrading, we're talking about replacement.

There are still sites without MX records and still new FTP clients being made. I consider the proponents of DNSSEC and IPV6 similarly incompetent largely because they have spent so little time exploring how to replace our existing crap.

DNSCurve is primarily an exercise in supplanting the existing system; that's what the entire system is built on, *how do we get security*, not how do we build the most secure system, or the best system by any technical measure.

You probably want to avoid them anyway... I'm a grad student so I don't design very practical stuff

Implementations are uninteresting. Where are these identity schemes published?

Comment Re:So you think RSA is broken? (Score 1) 179

What the hell are you blathering on about?

As is common for crypto protocols, if the RSA key in HTTPS is broken, a man in the middle can mess with the protocol in real time.

No it can't. You still need a way to get the packets to the man in the middle, and a way to get the packets where they don't belong.

DNS, using UDP, offers no such protection.

Secondly, DNSSEC uses the RSA key for a long time, and clients can get lots of signings to launch offline attacks. This attack doesn't work on HTTPS, which uses RSA to only sign/encrypt a session key. It doesn't work on DNSCurve either.

All other things being equal, that answers mmell's question: Why is RSA safer for bank transactions than for DNSSEC?

How the hell can anyone be as fucking numb as you are to these two very simple things and still "be a cryptographer"?

I call shenanigans! If you're actually paid to design cryptosystems, let me know which ones so I can avoid them.

Comment Re:So you think RSA is broken? (Score 1) 179

And I'm not sure what you mean by "breaking TCP"...

Breaking TCP presently requires guessing sequence numbers reliably or a MITM attack. Both are extremely uncommon outside of LANs.

This isn't true... the best known attacks against RSA are just to factor the modulus.

What isn't true? Breaking RSA is easier than breaking RSA and TCP? (note "also" in my original phrasing)

255-bit ECC is probably slower than 1024-bit RSA for verifies, however.

Not just probably, definitely. That's probably why dnscurve uses Curve25519 (very very fast DH), which is significantly faster than RSA at similar key-strengths.

They can get new ciphers rolled out to browsers, and degrade to RSA for browsers that haven't implemented them. These problems are considerably worse for DNS servers and routers.

On the other hand, with DNSSEC, we're talking about using RSA in a new standard; its performance and size are already problematic at the current strength, and will get cubically worse at greater strengths.

Agreed. We already have excellent information about how long it takes to roll out a new protocol (and stop supporting the old protocol): A-fallback for MX records, Path-MTU discovery problems, ECN, and SSLv2 are things that we still have to deal with today, and MX records were introduced over twenty years ago.

It's evident that new protocols need to be carefully designed to be compatible with existing systems, and that the existing systems will be around for a long time. DNSSEC simply isn't compatible with DNS.

So saying "These problems are considerably worse for DNS servers and routers", I believe is woefully understated. These problems are the most important factor here, on a live, moving, Internet.


Submission + - Cisco says FTP feature in IOS is a hacker backdoor

dark_15 writes: "'Cisco says a flaw in the FTP server utility in its IOS router/switch software could be used as a backdoor by attackers. IOS FTP, which comes disabled by default in IOS, is used to upload IOS software images and other software to routers and switches remotely. However, Cisco says attackers could exploit a vulnerability in the FTP server to gain access to the file system of an IOS-based router or switch and affect configuration settings.'

More details on this advisory can be found here"

Submission + - Hybrid Cars to Get More Realistic Mileage Ratings

Skidge writes: "Wired is running a piece showing the drastically reduced mileage ratings for hybrids after the upcoming changes in gas mileage calculations by the EPA. While the cars themselves aren't changing, plugging these new numbers in to the equation makes a hybrid much less cost effective: "The two top-selling hybrid vehicles, the Prius and Honda's Civic Hybrid, will lose 12 and 11 miles per gallon respectively from their city driving estimates." The new values come from more realistic testing; the old, over-inflated ratings were higher in part because the cars idled a lot, allowing the hybrids to completely turn off their engines. The new ratings should be more in line with what hybrid drivers are actually seeing."

Teachers Fake Gunman Attack 863

Anti_Climax writes "Staff members of an elementary school staged a fictitious gun attack on students during a class trip, telling them it was not a drill as the children cried and hid under tables. It'll be interesting to see what happens to these teachers after the charges brought against students in recent months."

Submission + - Norway Moves Towards Mandatory use of ODF and PDF

Andy Updegrove writes: "Norway has become the latest European country to move closer to mandatory government use of ODF (and PDF). According to a press release provided in translation to me by an authoritative source, Norway now joins Belgium, Finland, and France (among other nations) in moving towards a final decision to require such use. The Norwegian recommendation was revealed by Minister of Renewal Heidi Grande Roys, on behalf of the Cabinet-appointed Norwegian Standards Council.If adopted, it would require all government agencies and services to use these two formats, and would permit other formats (such as OOXML) to be used only in a redundant capacity.Reflecting a pragmatic approach to the continuing consideration of OOXML by ISO/IEC JTC 1, the recommendation calls for Norway to "promote the convergence of the ODF and OOXML, in order to avoid having two standards covering the same usage."According to the press release, the recommendation will be the subject of open hearings, with opinions to be rendered to the Cabinet before August 20 this summer.The Cabinet would then make its own (and in this case binding) recommendation to the Norwegian government. e.php?story=20070513180219689"

Submission + - Where do you get your IT news?

whiggy writes: I am a network admin in a small company with predominantly MS systems and some Linux. I am attempting to organize myself in order to be more productive. One of the things on my list is to keep up with the latest technology trends, of course. I have several sites in my bookmarks that I visit daily but I am just curious what other good resources are out there. We are a MS shop with some Linux. What are your favorite sites (or other resources) you get your morning news from? Which ones are the "must haves" (other than /.)?

Slashdot Top Deals

Things are not as simple as they seems at first. - Edward Thorp