Berkeley CSUA MOTD:Entry 27668
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/05/25 [General] UID:1000 Activity:popular
5/25    

2003/3/12-13 [Computer/SW/Security] UID:27668 Activity:very high
3/12    Call me paranoid.  How likely is it for someone to decode traffic
        sent to/from an ssh connection?  The encryption is done end-to-end,
        so if the govt is getting a copy of every packet between two boxes
        is it possible for them to crack it?  I'm not a technical guy BTW,
        I just know the high level functionality of these things.
        \_ If they really REALLY care and are willing to wait a couple of
           weeks before the traffic is decoded and have some insane amount
           of computer power... pretty unlikely.  There is a reason this stuff
           scares the shit out of the powers that be.
           \_ It is much easier for them to attack at the unencrypted endpoints
        \_ If the government wants to see your shit, they can get a tap for
           your keyboard or put a van outside your home/office and read your
           monitor.  You're only fooling yourself thinking ssh will really
           keep the United States' Federal Government from reading your shit.
           I suggest you find a good defense lawyer and send good-bye notes to
           your family and friends.
                \_ any URLS with stories from people this has happened to?
                   \_ http://www.you.com.au/news/1009.htm
        \_ If you are using SSHv1 there is a possibility that someone could
           read your traffic. If you are using SSHv2 (AES128-HMAC SHA1) your
           traffic will be unbreakable for the next several billion years
           assuming that (1) the RSA factoring problem is impossibly hard,
           (2) the Discrete Log problem is impossibly hard, (3) SHA1 is a
           true 1 way hash and can't be inverted in less than 2^80 tries,
           and (4) there are no weaknesses in the AES S-BOX.
           There is a further concern among some about the way that HMAC
           is performed in the SSH protocol, iirc SSH does E(K,P) HMAC(K,P)
           rather than the more secure IPSEC method E(K1,P) HMAC(K2,E(P)).
           I'll look this up in my notes and post later on.
           \_ It might take decades, or even centuries, but the quantum
              computers are coming.
           \- we've broken ssh session keys when we were "really really
              interested". ok tnx.
                \_ what size session keys and did you break them using
                   brute force or via some other method?
                   \- "we measure computing power in acres"
                        \_ how much ct did you need?
                \_ who's 'we'?
                        \_ "ok tnx" is the hallmark of PSB, and PSB works
                           at LLBL, so he could have "acres of computing power"
                           Was that you, PSB?
2025/05/25 [General] UID:1000 Activity:popular
5/25    

You may also be interested in these entries...
2010/8/9-19 [Computer/SW/Security] UID:53917 Activity:nil
8/9     I got two files, one is size 522190848 and the other is size
        521648128.  Both sha256 to the same number.  (and sha1 too).
        I don't think this is supposed to happen, right? (least not with
        sha256).
        \_ how are you checking?
           \_ I burned one file to cd, so i mounted /cdrom and
	...
2010/3/9-30 [Computer/HW/CPU, Computer/SW] UID:53748 Activity:nil
3/9     http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele
        I failed to see why you must starve the CPU of electricity. Why
        can't you just simulate that in software?
        \_ And if you can simulate that in software, why not just single-
           stepping the simulated CPU and get the key out?
	...
2009/12/29-2010/1/19 [Computer/SW/Security] UID:53607 Activity:nil
12/29   Sounds like the GSM encryption key has been recovered via a
        brute force attack:
        http://www.nytimes.com/2009/12/29/technology/29hack.html
	...
2008/8/5-10 [Computer/HW/Laptop] UID:50783 Activity:nil
8/5     Laptop with names of 33K people in the 'Clear' program stolen.  Data
        was (of course) unencrypted.
        http://www.schneier.com/blog/archives/2008/08/laptop_with_tru.html
        \_ http://news.yahoo.com/s/nm/20080805/bs_nm/tjx_theft_charges_dc
           When are people going to learn to encrypt sensitive data?
           \_ When encryption becomes transparent enough that noone has
	...
2008/6/25-7/14 [Computer/SW/Security] UID:50380 Activity:nil
6/25    some XCF or CSUA person had a web page about a project they were
        working on where I set up a machine, and you set up a machine
        somewhere, and they both passively back each other, i believe with
        an encryption key so i can't read your backups.  when your disk
        catches on fire, i just give you a copy of your data.  anyone remember
        the name of this?
	...
2008/6/9-12 [Computer/SW/Languages/C_Cplusplus, Computer/SW/Security] UID:50194 Activity:nil
6/8     CSUA code guru please help. I need to see my random number
        generator with a good seed (I just need random 18 bit
        identifiers). The usual time(NULL) is OK, except my program
        might be invoked faster than once a second, and seeding using
        time() produced the same result. I tried clock() but it seems
        to return 0. My program needs to be run in Linux/DOS (Watcom
	...
2008/4/21-5/2 [Computer/SW/Security] UID:49787 Activity:nil
4/21    Yahoo Instant Messenger is not encrypted. Are there chat programs
        that are a bit more secure than YIM?
        \_ what OS are you using?
        \_ What are your goals? Corporate security, or preventing your wife
           from eavesdropping on you? If you're using IM for internal company
           communication, you shouldn't be using anything where you don't
	...
2008/2/21-25 [Computer/HW/Memory, Computer/SW/Security] UID:49208 Activity:nil
2/21    Cold Boot Attacks Against Disk Encryption:
        http://www.schneier.com/blog/archives/2008/02/cold_boot_attac.html
        http://citp.princeton.edu/memory
	...
2006/10/27-30 [Computer/SW/Security] UID:45013 Activity:low
10/27   Anybody tried the "PDF decryptor" or "PDF password delete" type of
        software?  I have a PDF form file that won't let me save.  I'm
        considering getting one of those type of software to unlock the
        file.  I really don't want to pay to try it out though.  Are there
        free open source PDF unlock programs?  Thanks.
        \_ I've used Elcomsoft's (of "Free Dmitry Sklyarov!" fame) PDF
	...
2006/8/22-23 [Computer/SW/Security] UID:44096 Activity:high
8/22    In Windoze XP, how can I make my service start automatically when it
        boots up in Safe Mode?  I searched MSDN site and didn't see anything.
        Thanks.
        \_ I don't know how to do that in Windoze XP but it isn't that hard in
           Windows XP.
           \_ And that would be how?  Thx.
	...
Cache (1225 bytes)
www.you.com.au/news/1009.htm
Cinema 10 Markets Mafia Boss Jailed in FBI Keyboard Bugging Case A New Jersey federal court has sentenced Nicodemo Scarfo to 33 months in prison at the end of a case that tested the legality of law enforcement surveillance techniques. Government agents placed a keystroke-logging device on Scarfo's computer and a key point in the case was reached when US District Court Judge Joel Pisano ruled in December that evidence from the device was admissible. Two months later Scarfo, the son of the jailed former boss of the Philadelphia mob, changed his plea and admitted his role in an illegal gambling operation. FBI investigators entered Scarfo's office in January 1999, but were initially foiled by his use of PGP to protect documents they believed would provide evidence of his crimes. They returned after obtaining a search warrant that allowed them to place a keyboard-logging device on his PC, enabling them to obtain his password. Scarfo used to work for a Florida software firm and is considered something of a geek in Wise Guy circles. Defence lawyers unsuccessfully argued that the authorities needed to obtain a wiretap warrant - which is more difficult to obtain than a search warrant - prior to planting the device.