Berkeley CSUA MOTD:Entry 37424
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/05/24 [General] UID:1000 Activity:popular
5/24    

2005/4/29-5/1 [Computer/SW/Security] UID:37424 Activity:moderate
4/29    How does data cracking work?  I guess someone intercepts some encoded
        data, and then try to apply many different conversions on the data to
        find the right conversion that yields the original data.  But then how
        does he know which conversion is the right one when he doesn't even
        know what the original data is?  -- newbie
        \_ Related question:  What were the problem(s) with SSH1?
           -- not-so-newbie
           \_ iirc, SSHv1 used the same dh key for both encryption and
              hmac w/o deriving separate keys for each.
        \_ Depends on application--some apps use poor randomness, insufficient
           keylength, static keys, re-used keys, etc.  Cracking can be done
           a couple of ways, including pattern analysis and just plain brute
           forcing--you're pretty unlikely to get, say, two different clear
           text tcp streams that both look "right".  Very often you're also
           not "cracking" anything, but rather relying on a buffer overflow or
           similar (as with the SSH CRC32 exploit.)  -John
        \_ What John said. Also, the TLA agencies do things like pattern
           and traffic analysis to try and look for information in the
           bitstream. A surprising amount of information can be figured
           just by looking at things like the frequency of certain
           sequences.
           \- hola, i do not know what "data cracking" means however, based
              on the followup comments, you may want to look at I GOLDBERG's
              [UCB] PhD thesis on the design of the "anonymized IP wormhole"
              which 1. presents a useful framework to think about "the problem
              space" 2. has an interesting discussion on confounding "generic
              traffic analysis". it may be more than you are looking for but
              isnt that long ... i image there is a shorter version of the
              "freedom" project [IG gaves some talks], but i dont know if
              there is something downloadable. --psb
              \- I note in passing IG uses the example of "you would never
                 expect the us govt and the libyan govt to collude!" which
                 is sort of funny given that MQ is now our good buddy.
                 is sort of funny given that MQ is now our good friend.
                 better add the north korean and syrian govts. the probabilty
                 of north korea becoming our friend = how many bits of crypto
                 strength? --psb
2025/05/24 [General] UID:1000 Activity:popular
5/24    

You may also be interested in these entries...
2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil
6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
	...
2010/3/9-30 [Computer/HW/CPU, Computer/SW] UID:53748 Activity:nil
3/9     http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele
        I failed to see why you must starve the CPU of electricity. Why
        can't you just simulate that in software?
        \_ And if you can simulate that in software, why not just single-
           stepping the simulated CPU and get the key out?
	...
2009/12/29-2010/1/19 [Computer/SW/Security] UID:53607 Activity:nil
12/29   Sounds like the GSM encryption key has been recovered via a
        brute force attack:
        http://www.nytimes.com/2009/12/29/technology/29hack.html
	...
2009/3/19-23 [Computer/HW/Drives] UID:52735 Activity:low
3/19    Pres. Obama's gift of DVDs doesn't even play in England
        http://www.telegraph.co.uk/news/newstopics/mandrake/5011941/Gordon-Brown-is-frustrated-by-Psycho-in-No-10.html
        \_ maybe it's a crypto-protest against region'd DVDs
	...
2009/2/23-26 [Computer/SW/Languages/C_Cplusplus] UID:52622 Activity:low
2/23    Has anyone read Anathem yet? How good (or bad) is it in comparison
        to Cryptonomicon?
        \_ Depends: what did you like/dislike about Cryptonomicon?
           \_ I started to dislike the overlapping WW2 and present day stories
              by the 1/2 half of the book.  And it seemed like a lot of the
              technical details were thrown in to prove how smart Stephenson
	...
2008/8/5-10 [Computer/HW/Laptop] UID:50783 Activity:nil
8/5     Laptop with names of 33K people in the 'Clear' program stolen.  Data
        was (of course) unencrypted.
        http://www.schneier.com/blog/archives/2008/08/laptop_with_tru.html
        \_ http://news.yahoo.com/s/nm/20080805/bs_nm/tjx_theft_charges_dc
           When are people going to learn to encrypt sensitive data?
           \_ When encryption becomes transparent enough that noone has
	...
2008/6/25-7/14 [Computer/SW/Security] UID:50380 Activity:nil
6/25    some XCF or CSUA person had a web page about a project they were
        working on where I set up a machine, and you set up a machine
        somewhere, and they both passively back each other, i believe with
        an encryption key so i can't read your backups.  when your disk
        catches on fire, i just give you a copy of your data.  anyone remember
        the name of this?
	...
2008/6/9-12 [Computer/SW/Languages/C_Cplusplus, Computer/SW/Security] UID:50194 Activity:nil
6/8     CSUA code guru please help. I need to see my random number
        generator with a good seed (I just need random 18 bit
        identifiers). The usual time(NULL) is OK, except my program
        might be invoked faster than once a second, and seeding using
        time() produced the same result. I tried clock() but it seems
        to return 0. My program needs to be run in Linux/DOS (Watcom
	...