All times are UTC-06:00




Post new topic  Reply to topic  [ 13 posts ] 
Author Message
 Post subject: Chryptography useless ?
PostPosted: Sat Nov 18, 2006 3:37 pm 
Offline

Joined: Tue Aug 15, 2006 5:08 am
Posts: 50
Location: France
Does anyone here have heard about Jean-Pierre Seifert (universités d'Haïfa and d'Innsbruck) study about vulnerability of processsors againts attack towrd private/public key used in chryptographic algorythms ?

It seems to spy calculation time and branch prediction to "guess" a 512bits key in a few milliseconds...

a article in "Le Monde (France)" often speaks about Intel to be desparate since this news has been publicly available...

Are all cpu architectures vulnerables ?


Top
   
 Post subject:
PostPosted: Sat Nov 18, 2006 5:33 pm 
Offline
Genesi

Joined: Mon Jan 30, 2006 2:28 am
Posts: 409
Location: Finland
Hi.

I wouldn't start a panic. This attack is only viable if both attacker and victim are on the same machine, so it isn't going to affect e.g., SSL.
Besides, it targets the RSA implementation, not the algorithm itself.

It is only effective on Pentium 4 CPU's, POWER etc. are unaffected. (BTB cache on Pentium IV makes this work).

Important lesson from this however, is that untrusting parties should not share the same computing resources, which is just common sense to me.

One more thing, this attack is nothing new - it has been known for several months. This is just an optimised version.


Best regards,
Johan

_________________
Johan Dams, Genesi USA Inc.
Director, Software Engineering

Yep, I have a blog... PurpleAlienPlanet


Top
   
 Post subject:
PostPosted: Sun Nov 19, 2006 1:45 am 
About encryption, there is also a big problem with Wifi's WEP encryption (and also WPA-PSK ?) as it can now be cracked easily.
Anyone having the adequate software and card can crack his neighbour wifi connexion and use it for surfing for free, and maybe do more "horrible" things as it uses the MAC address of the attacked computer, so it's recognized as a computer of the local network.
It seems that you can also watch what is inside the emails (not sure of that)...

So I think that the rule is the following : if you have sensisive files, never use a wifi connexion while the HD containing those files is connected and accessible at the same time !


Top
   
 Post subject:
PostPosted: Sun Nov 19, 2006 5:01 am 
Offline

Joined: Sun May 08, 2005 8:46 pm
Posts: 559
Location: Paris
i don't use WEP or WPA, i give access to my wifi connection for my computers only (mac addresses registered).

Let's not get paranoid. Ususally people concerned by security (i'm not talking about professionals) have nothing to secure ! I don't care if someone gets into my network, and watch my family pictures, read my personal email and all that stuff. I have nothing to hide. No forbidden porn and i'm not cheating on my wife !


Top
   
 Post subject:
PostPosted: Sun Nov 19, 2006 10:59 am 
Offline

Joined: Tue Aug 15, 2006 5:08 am
Posts: 50
Location: France
I didn't want to starting a panic.

But, I think there's a big problem if x86 machine cannot store encrypted data if they are unable to keep a private key private...


Top
   
 Post subject:
PostPosted: Mon Nov 20, 2006 3:37 pm 
Offline

Joined: Fri Sep 24, 2004 1:39 am
Posts: 429
Location: Secure Networks / Sweden
SoundSquare:
So you never transfer anything privately over the Internet?
No online banking? No online shopping? No personal data that
can be sold to spammers?

Not encryptiing WiFi is pretty damn stupid. Anyone who wants
can decrypt WPA but it's less likely than all those who read
what you transfer unencrypted.

My teacher once told me that there is a higher probability that
more people read your personal e-mails than who reads that
classified you put up at your local grocery store..


Top
   
 Post subject:
PostPosted: Tue Dec 12, 2006 9:53 am 
Offline

Joined: Tue Feb 07, 2006 8:01 pm
Posts: 4
Quote:
i don't use WEP or WPA, i give access to my wifi connection for my computers only (mac addresses registered).
It is so easy to spoof a mac adress......


Top
   
 Post subject:
PostPosted: Tue Dec 12, 2006 10:21 am 
Offline

Joined: Sun May 08, 2005 8:46 pm
Posts: 559
Location: Paris
Quote:
My teacher once told me that there is a higher probability that
more people read your personal e-mails than who reads that
classified you put up at your local grocery store..
i do agree, and as everything can be cracked i don't really see the point in saying that the way i do is more stupid than using wep or wpa, both easily crackable.


Top
   
 Post subject:
PostPosted: Tue Dec 12, 2006 10:25 am 
Offline
Genesi

Joined: Mon Jan 30, 2006 2:28 am
Posts: 409
Location: Finland
Hi.

WEP, WPA and Mac Address filtering makes it a little more difficult.
After that, just tunnel all your data through ssh for good security, especially banking etc.


Best regards,
Johan

_________________
Johan Dams, Genesi USA Inc.
Director, Software Engineering

Yep, I have a blog... PurpleAlienPlanet


Top
   
 Post subject:
PostPosted: Tue Dec 12, 2006 10:51 am 
Offline

Joined: Mon Feb 27, 2006 4:51 pm
Posts: 11
WEP is hacked/cracked/broken. Don't use it anymore!

WPA is still be considered very secure and no successful attacks are known to my knowledge. This is only true if you use a strong password of course.

WPA2 is even more secure than WPA thanks to a complete implementation of IEEE 802.11i (see wikipedia for details)
Use AES rather than TKIP as encryption algorithm when you have the choice. It's faster and more secure than TKIP afaik.

MAC address filters are security through obscurity. It's very easy to actuall spoof a MAC address.

Personally I think the most secure way would be WPA2 encrypted WLAN with 802.1x/RADIUS based authentification.


Top
   
 Post subject:
PostPosted: Tue Dec 12, 2006 11:07 am 
Offline
Genesi

Joined: Mon Jan 30, 2006 2:28 am
Posts: 409
Location: Finland
Quote:
WEP is hacked/cracked/broken. Don't use it anymore!

WPA is still be considered very secure and no successful attacks are known to my knowledge. This is only true if you use a strong password of course.

WPA2 is even more secure than WPA thanks to a complete implementation of IEEE 802.11i (see wikipedia for details)
Use AES rather than TKIP as encryption algorithm when you have the choice. It's faster and more secure than TKIP afaik.

MAC address filters are security through obscurity. It's very easy to actuall spoof a MAC address.

Personally I think the most secure way would be WPA2 encrypted WLAN with 802.1x/RADIUS based authentification.
Of course, thats what one would do. However, that might not be an option for home users...


Best regards,
Johan

_________________
Johan Dams, Genesi USA Inc.
Director, Software Engineering

Yep, I have a blog... PurpleAlienPlanet


Top
   
 Post subject:
PostPosted: Tue Dec 12, 2006 2:20 pm 
Offline

Joined: Mon Jan 30, 2006 1:30 am
Posts: 43
Quote:
Quote:
[...]
Personally I think the most secure way would be WPA2 encrypted WLAN with 802.1x/RADIUS based authentification.
Of course, thats what one would do. However, that might not be an option for home users...


Best regards,
Johan
Why not use IPsec between WiFi enabled nodes then? Any problem with IPsec security?

Karel


Top
   
 Post subject:
PostPosted: Tue Dec 12, 2006 3:18 pm 
Offline

Joined: Mon Feb 27, 2006 4:51 pm
Posts: 11
Better use something like openvpn. Much easier to setup than ipsec stuff.

It's still my opinion that theres no need to add another layer if wpa is used in a wlan.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 13 posts ] 

All times are UTC-06:00


Who is online

Users browsing this forum: No registered users and 26 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron
PowerDeveloper.org: Copyright © 2004-2012, Genesi USA, Inc. The Power Architecture and Power.org wordmarks and the Power and Power.org logos and related marks are trademarks and service marks licensed by Power.org.
All other names and trademarks used are property of their respective owners. Privacy Policy
Powered by phpBB® Forum Software © phpBB Group