![]() The fact that any such an endeavor would inevitably be incomplete and require updates should go without saying. One might expect that people should want to gather and organize important details like that. That sounds like an incentive to collaborate to me. If you stop running, someone will eventually catch up to you. In other words, you have to keep running as hard as you can just to avoid falling behind. I mean, you were telling me several months ago on HN how hypervisor secured game consoles were one of the few places where we see high-end security in the consumer space and that we can't just assume that the hackers will always win.īut the way I see it, there aren't any magic bullets in the security world. If you're that guy, why bother?Įven those $500/hr experts miss horrible faults from what I can see. > The primary contributor to such a wiki is inevitably going to miss horrible faults. Incidentally, I'm hoping that I'm wrong and there really is such a thing out there, somewhere. Or that if you don't verify that this padding is right, people can forge messages. Or telling you that if a person has these numbers, they can do X, Y & Z. a page on each technique or algorithm telling you which numbers must be random, unpredictable, never repeated, etc. I'm surprised that I've never heard of a cryptography wiki somewhere where people try to list all the requirements for using each algorithm or technique securely in simple terms. So just knowing that something is dangerous isn't the same as having everything you need to deal with the danger. And even those of us who have math degrees may not realize every single one of the assumptions or requirements that go into each operation (especially if they change due to new attacks being discovered). Part of the problem is that most people who have to use it aren't mathematicians. > And people still think crypto isn't dangerous? Are you sure you want to pay for it?" Because if you do implement custom crypto, you (or your users) will pay for it one way or another. This includes external review, not just internal. So if you spend a week and $10,000 developing it, spend 10 weeks and $100,000 to review/improve it. But budget 10x for review as for design/implementation. If none of the above works, develop custom crypto protocol. GPG is a great example of a bundle of crypto primitives with a well-understood protocol for encryption, integrity protection, and key management. If using crypto, use something high-level. Doing this correctly is orders of magnitude easier than developing crypto protocols.Ģ. So the design approach to security problems should be roughly:ġ. One point I have not said recently is that crypto review is very expensive in terms of time and money. It's much harder to review a high-assurance system and be sure you've anticipated all possible ways something might fail years down the road. It's definitely easier to look for known flaws, such as obvious spec violations like this ECDSA signing flaw. However, a software flaw in the way it generated the signatures was effectively painting the private key on the side of every signed code module released.Īnd people still think crypto isn't dangerous? It (probably) only exists at some locked down code-signing center. The cool thing about this flaw is that the private key is not present in the PS3 anywhere. Apparently Sony doesn't read our blog because we discussed this flaw before:Īnd before that, we discussed a variant of this attack when the Debian PRNG was broken: Two (or more) ECDSA signatures were generated with the same secret nonce. They were able to do this because (surprise), there was a crypto mistake in the implementation. ![]() They can sign any hypervisor they want, which leads to running any code you want. This is like discovering Verisign's private key - you can now issue any SSL cert you want. A team comprised of Wii hackers has discovered Sony's main boot-signing private key. The more interesting hack was announced at 27c3. The main focus of the linked article at is a key which is used to HMAC-authenticate the service mode dongle. The two exploits in the subject line are two completely separate things. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |