Slashdot Mirror

← Back to Domains

Domain: tu-darmstadt.de

Stories and comments across the archive that link to tu-darmstadt.de.

Stories · 6

  1. Researchers Discover 110 Snooping Tor Nodes (helpnetsecurity.com)

    It · Security · · posted by msmash · from the security-woes dept. · 45 comments
    Reader Orome1 writes: In a period spanning 72 days, two researchers from Northeastern University have discovered at least 110 "misbehaving" and potentially malicious hidden services directories (HSDirs) on the Tor anonymity network. "Tor's security and anonymity is based on the assumption that the large majority of its relays are honest and do not misbehave. Particularly the privacy of the hidden services is dependent on the honest operation of hidden services directories (HSDirs)," Professor Guevara Noubir and Ph.D. student Amirali Sanatinia explained. "Bad" HSDirs can be used for a variety of attacks on hidden services: from DoS attacks to snooping on them.

  2. Australian PLAID Crypto, ISO Conspiracies, and German Tanks

    It · Encryption · · posted by Soulskill · from the get-what-you-pay-for dept. · 62 comments
    New submitter Gaglia writes: PLAID, the Australian 'unbreakable' smart card identification protocol has been recently analyzed in this scientific paper (disclaimer: I am one of the authors, and this is a personal statement.)

    Technically, the protocol is a disaster. In addition to many questionable design choices, we found ways for tracing user identities and recover card access capabilities. The attacks are efficient (few seconds on 'home' hardware in some cases), and involve funny techniques such as RSA moduli fingerprinting and... German tanks. See this entry on Matt Green's crypto blog for a pleasant-to-read explanation.

    But the story behind PLAID's standardization is possibly even more disturbing. PLAID was pushed into ISO with a so-called "fast track" procedure. Technical loopholes made it possible to cut off from any discussion the ISO groups responsible for crypto and security analysis. Concerns from tech-savvy experts in the other national panels were dismissed or ignored. We contacted ISO and CERT Australia before going public with our paper, but all we got was a questionable and somewhat irate response (PDF) by PLAID's project editor (our reply here). Despite every possible evidence of bad design, PLAID is now approved as ISO standard, and is coming to you very soon inside security products which will advertise non-existing privacy capabilities.

    The detailed story of PLAID in the paper is worth a read, and casts many doubts on the efficacy of the most important standardizing body in the world. It is interesting to see how a "cryptography" product can be approved at ISO without undergoing any real security scrutiny.

    On a related note, the enthusiastic comments to PLAID's design made by a few readers in the old Slashdot story reminds us as a cautionary tale that you need cryptographers to assess the security of cryptography. Quoting Bruce Schneier: amateurs produce amateur cryptography.

  3. Pico Projector Adapts To New Surfaces, Uses Random Objects As Input Devices

    Hardware · Hardware · · posted by Soulskill · from the for-when-your-display-surfaces-keep-walking-away dept. · 22 comments
    jpwilliams writes "This tiny projector can use any surface you have on hand to project an image. Using a webcam, it adapts to the surface, not just by adjusting keystone, but also following that surface and displaying different amounts of information (in certain cases). The guy in the video also uses a coffee mug as an app changer."

  4. WEP Broken Even Worse

    Hardware · Security · · posted by kdawson · from the give-me-a-minute dept. · 393 comments
    collin.m writes in with news of results out of Darmstadt. Erik Tews and others there have demonstrated how to recover a 104-bit WEP key in under a minute, requiring the capture of fewer than 10% the number of packets the previous best method called for. The paper is here (PDF). Quoting: "We were able to extend Klein's attack and optimize it for usage against WEP. Using our version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets... for 85,000 data packets [the success probability is] about 95%... 40,000 packets can be captured in less than one minute under good condition. The actual computation takes about 3 seconds and 3 MB main memory on a Pentium-M 1.7 GHz..."

  5. Use of Math Languages and Packages in Research?

    · posted by ryuzaki0 · from the using-the-right-tools-for-the-job dept. · 454 comments
    CEHT asks: "As a research programmer at the university, I have encountered numerous times when I need to choose which language(s) or package(s) to use for different projects. Tradeoffs and performance issues have to be considered: results from one package may be more compatible with the data from other researchers, another package may find the solution faster and use less resources, and so forth. Maple, Matlab, Magma, and Mathematica are among the most well-known packages. Libraries such as IMSL is also popular. Of course, there are smaller (and mostly free) packages that tend to target specific types of problem, such as LiDIA, Singular, and LAPACK. The question is, how useful are these [and other] math packages? Do researchers use only one or two packages for most of their projects? Or do people like to mix things a little by pulling the strength of different packages together to solve a math problem? If not, do researchers write C/C++ programs and use GMP or Matpack to solve math problems?"

  6. Industry-Standard VOIP Phone Using All Free Software

    Tech · Technology · · posted by timothy · from the excellent-news dept. · 138 comments
    Ralf Ackermann writes: "Voice over IP on a HardPhone running Linux and just using Open Source software became real. We have sucessfully installed and tested (interoperability with Cisco 7960 as well as Pingtel xPressa in an environment with a partysip SIP registrar and proxy) the linphone SIP phone on a StrongARM based TuxScreen. Here is the link describing the steps for others to use the setup as well: TuxScreen running SIP. All the infos for setting up a comparable installation can be found on the URL, please also feel free to ask or drop opinions. Many thanks to the linphone developers as well as to my student Florian Winterstein (for working on a console linphonec version). The setup (on a StrongARM system) is well suited for PDA (iPAQ) or wearable environments as well."