Article

2008-02-22 Science

Archived material is restricted to Rantburg regulars and members. If you need access email fred.pruitt=at=gmail.com with your nick to be added to the members list. There is no charge to join Rantburg as a member.

Posted by gorb 2008-02-22 03:58|| || Front Page|| [16 views ] Top

#1 Folks this has ALWAYS been the weak point of any system - if it has to be loaded to and kept in RAM, then its vulnerable.

However, there are differently designed systems out there which use a hardware key and circuit (think smart card) through which all the decryption is done, thus the key only exists in the card, and is only present when the hardware is attached. The method in this article cannot break a system that works that way.

If you have a DirecTV, then you have such a system. I know people on the cryptosystem implementation team back in 92-3 (don't ask), and Adi Shamir, the 'S' in RSA, did the cryptosystem, which uses hardware for private key. Irish hackers resorted to using a scanning electron microscope to do key recovery on the initial wave of smart cards.

Posted by OldSpook 2008-02-22 08:50|| 2008-02-22 08:50|| Front Page Top

#2 Um... duh.

Any system can be cracked, therefore is not "secure". The only "secure" computer is one that is turned off, encased in concrete, buried 1000 feet in the earth and guarded by a heavy armored division and patriot missiles.

Even smart cards have risks, since they are used by people.

The whole idea of the concept is to make it so difficult to breach a system is that it makes 99% of the potential attackers not worth trying or the risks are much greater than the reward. That way you can keep the other 1%, which is usually foreign agents, under constant scrutiny.

Posted by DarthVader">DarthVader 2008-02-22 09:53|| 2008-02-22 09:53|| Front Page Top

#3 Watched the video -- it would be a concern were I trying to protect state secrets from James Bond. I'd be just as happy if idiot Connecticut state workers would simply encrypt my tax form on their laptop when they decide to leave it at a local tavern. In Connecticut this has happened twice in one friggin' year, and nothing has happened -- no firings no recriminations... I know I am ranting, but this is the right burg, no?

Posted by regular joe 2008-02-22 18:08|| 2008-02-22 18:08|| Front Page Top

#4 Wouldn't a temp file dump and over-wright before going into standby or hibernate cure the problem for the cost of adding a few lines of code to the machine?

Posted by bigjim-ky 2008-02-22 18:26|| 2008-02-22 18:26|| Front Page Top

#5 Nope. They are talking about grabbing it out of warm RAM in a coldstart. That yields the keys. Meaning you pwn the disk after that.

Posted by OldSpook 2008-02-22 22:26|| 2008-02-22 22:26|| Front Page Top

23:56 trailing wife
23:54 trailing wife
23:52 JosephMendiola
23:46 JosephMendiola
23:46 trailing wife
23:43 JosephMendiola
23:40 Abdominal Snowman
23:38 JosephMendiola
23:36 Blinky Omereth6252
23:35 JosephMendiola
23:29 OldSpook
23:28 JosephMendiola
23:27 trailing wife
23:20 Iblis
23:09 regular joe
23:07 RD
23:04 regular joe
22:58 regular joe
22:49 regular joe
22:44 Muslims Against Sharia
22:42 regular joe
22:41 Eric Jablow
22:26 OldSpook
22:16 JosephMendiola