Slashdot Mirror

← Back to Domains

Domain: yp.to

Stories and comments across the archive that link to yp.to.

Stories · 24

  1. Flaw Crippling Millions of Crypto Keys Is Worse Than First Disclosed (arstechnica.com)

    It · Encryption · · posted by BeauHD · from the cheaper-by-the-dozen dept. · 76 comments
    An anonymous reader quotes a report from Ars Technica: A crippling flaw affecting millions -- and possibly hundreds of millions -- of encryption keys used in some of the highest-stakes security settings is considerably easier to exploit than originally reported, cryptographers declared over the weekend. The assessment came as Estonia abruptly suspended 760,000 national ID cards used for voting, filing taxes, and encrypting sensitive documents. The critical weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. When researchers first disclosed the flaw three weeks ago, they estimated it would cost an attacker renting time on a commercial cloud service an average of $38 and 25 minutes to break a vulnerable 1024-bit key and $20,000 and nine days for a 2048-bit key. Organizations known to use keys vulnerable to ROCA—named for the Return of the Coppersmith Attack the factorization method is based on—have largely downplayed the severity of the weakness.

    On Sunday, researchers Daniel J. Bernstein and Tanja Lange reported they developed an attack that was 25 percent more efficient than the one created by original ROCA researchers. The new attack was solely the result of Bernstein and Lange based only on the public disclosure information from October 16, which at the time omitted specifics of the factorization attack in an attempt to increase the time hackers would need to carry out real-world attacks. After creating their more efficient attack, they submitted it to the original researchers. The release last week of the original attack may help to improve attacks further and to stoke additional improvements from other researchers as well.

  2. OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto

    Bsd · Encryption · · posted by Soulskill · from the those-signatures-will-be-worth-a-lot-of-money-some-day dept. · 232 comments
    ConstantineM writes "It's official: 'we are moving towards signed packages,' says Theo de Raadt on the misc@ mailing list. This is shortly after a new utility, signify, was committed into the base tree. The reason a new utility had to be written in the first place is that gnupg is too big to fit on the floppy discs, which are still a supported installation medium for OpenBSD. Signatures are based on the Ed25519 public-key signature system from D. J. Bernstein and co., and his public domain code once again appears in the base tree of OpenBSD, only a few weeks after some other DJB inventions made it into the nearby OpenSSH as well."

  3. OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein

    It · Encryption · · posted by Unknown · from the cha-cha-cha dept. · 140 comments
    First time accepted submitter ConstantineM writes "Inspired by a recent Google initiative to adopt ChaCha20 and Poly1305 for TLS, OpenSSH developer Damien Miller has added a similar protocol to ssh, chacha20-poly1305@openssh.com, which is based on D. J. Bernstein algorithms that are specifically optimised to provide the highest security at the lowest computational cost, and not require any special hardware at doing so. Some further details are in his blog, and at undeadly. The source code of the protocol is remarkably simple — less than 100 lines of code!"

  4. Are the NIST Standard Elliptic Curves Back-doored?

    It · Encryption · · posted by Unknown · from the nsa-versus-nist dept. · 366 comments
    IamTheRealMike writes "In the wake of Bruce Schneier's statements that he no longer trusts the constants selected for elliptic curve cryptography, people have started trying to reproduce the process that led to those constants being selected ... and found it cannot be done. As background, the most basic standard elliptic curves used for digital signatures and other cryptography are called the SEC random curves (SEC is 'Standards for Efficient Cryptography'), a good example being secp256r1. The random numbers in these curve parameters were supposed to be selected via a "verifiably random" process (output of SHA1 on some seed), which is a reasonable way to obtain a nothing up my sleeve number if the input to the hash function is trustworthy, like a small counter or the digits of PI. Unfortunately it turns out the actual inputs used were opaque 256 bit numbers, chosen ad-hoc with no justifications provided. Worse, the curve parameters for SEC were generated by head of elliptic curve research at the NSA — opening the possibility that they were found via a brute force search for a publicly unknown class of weak curves. Although no attack against the selected values are currently known, it's common practice to never use unexplainable magic numbers in cryptography standards, especially when those numbers are being chosen by intelligence agencies. Now that the world received strong confirmation that the much more obscure and less widely used standard Dual_EC_DRBG was in fact an NSA undercover operation, NIST re-opened the confirmed-bad standards for public comment. Unless NIST/the NSA can explain why the random curve seed values are trustworthy, it might be time to re-evaluate all NIST based elliptic curve crypto in general."

  5. Preparing To Migrate Off of SHA-1 In OpenPGP

    Linux · Debian · · posted by kdawson · from the orderly-fashion dept. · 152 comments
    jamie found a note on debian-administration.org, the first in a promised series on migrating off of SHA-1 in OpenPGP. "Last week at eurocrypt, a small group of researchers announced a fairly serious attack against the SHA-1 digest algorithm, which is used in many cryptosystems, including OpenPGP. The general consensus is that we should be 'moving in an orderly fashion toward the theater exits,' deprecating SHA-1 where possible with an eye toward abandoning it soon (one point of reference: US govt. federal agencies have been directed to cease all reliance on SHA-1 by the end of 2010, and this directive was issued before the latest results). ... So what can you do to help facilitate the move away from SHA-1? I'll outline three steps that current gpg users can do today, and then I'll walk through how to do each one..."

  6. DJB Releases All Source to Public Domain

    Tech · Software · · posted by Zonk · from the play-freebird dept. · 330 comments
    A Sage Developer writes "During a recent conference, Sage Days 6, Dan Bernstein (who has recently come under attack for his licensing policy) was among the invited speakers. During a panel discussion on the future of open source mathematics software, Bernstein declared that all of his past and future code would be released to the public domain. This includes qmail, primegen, and a number of other projects. Given the headache that incompatibility between GPLv3 and GPLv2 is causing developers, will we see more of this?"

  7. New NSA-Approved Encryption Standard May Contain Backdoor

    It · Security · · posted by Zonk · from the find-out-by-knocking dept. · 322 comments
    Hugh Pickens writes "Bruce Schneier has a story on Wired about the new official standard for random-number generators the NIST released this year that will likely be followed by software and hardware developers around the world. There are four different approved techniques (pdf), called DRBGs, or 'Deterministic Random Bit Generators' based on existing cryptographic primitives. One is based on hash functions, one on HMAC, one on block ciphers and one on elliptic curves. The generator based on elliptic curves called Dual_EC_DRBG has been championed by the NSA and contains a weakness that can only be described as a backdoor. In a presentation at the CRYPTO 2007 conference (pdf) in August, Dan Shumow and Niels Ferguson showed that there are constants in the standard used to define the algorithm's elliptic curve that have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG."

  8. Qmail At 10 Years — Reflections On Security

    Developers · Security · · posted by kdawson · from the eliminating-code dept. · 304 comments
    os2man writes "Qmail is one of the most widely used MTAs on the Net and has a solid reputation for its level of security. In 'Some thoughts on security after ten years of qmail 1.0' (PDF), Daniel J. Bernstein, reviews the history and security-relevant architecture of qmail; articulates partitioning standards that qmail fails to meet; analyzes the engineering that has allowed qmail to survive this failure; and draws various conclusions regarding the future of secure programming. A good read for anyone involved in secure development."

  9. DJB Announces 44 Security Holes In *nix Software

    It · Security · · posted by timothy · from the extra-credit dept. · 983 comments
    generationxyu writes "D. J. Bernstein, better known as DJB, has announced the discovery of 44 security holes that were found by students in his course MCS 494: Unix Security Holes this fall at the University of Illinois at Chicago. Vulnerable programs of note include: CUPS, NASM, mpg123, MPlayer, xine-lib, and numerous others. Copies of the notification emails are here. The homework for the course was to find and exploit 10 previously undiscovered security holes in currently deployed Unix software. In a class of 25, 44 security holes seems a bit low. Most of the class failed. I was credited with bsb2ppm (actually libbsb) and jpegtoavi. After 300 hours of work and an A average on the exams, I expect to fail the course."

  10. DJB Announces 44 Security Holes In *nix Software

    It · Security · · posted by timothy · from the extra-credit dept. · 983 comments
    generationxyu writes "D. J. Bernstein, better known as DJB, has announced the discovery of 44 security holes that were found by students in his course MCS 494: Unix Security Holes this fall at the University of Illinois at Chicago. Vulnerable programs of note include: CUPS, NASM, mpg123, MPlayer, xine-lib, and numerous others. Copies of the notification emails are here. The homework for the course was to find and exploit 10 previously undiscovered security holes in currently deployed Unix software. In a class of 25, 44 security holes seems a bit low. Most of the class failed. I was credited with bsb2ppm (actually libbsb) and jpegtoavi. After 300 hours of work and an A average on the exams, I expect to fail the course."

  11. BIND Is Most Popular DNS Server

    Internet · · posted by ryuzaki0 · from the who'd-a-thunk-it? dept. · 452 comments
    bleachboy writes "Last week I completed a new DNS server survey, since D. J. Bernstein's hasn't been updated for years. Not surprisingly, BIND wins. Why is it so hard for alternate DNS servers to gain favor, especially when BIND can be so frustrating sometimes? And yes, I'm shilling."

  12. BIND Is Most Popular DNS Server

    Internet · · posted by ryuzaki0 · from the who'd-a-thunk-it? dept. · 452 comments
    bleachboy writes "Last week I completed a new DNS server survey, since D. J. Bernstein's hasn't been updated for years. Not surprisingly, BIND wins. Why is it so hard for alternate DNS servers to gain favor, especially when BIND can be so frustrating sometimes? And yes, I'm shilling."

  13. When Spammers Attack?

    Ask · Spam · · posted by Cliff · from the find-your-closest-flame-thrower dept. · 16 comments
    Gothmolly asks: "After reading the recent spate of spam and anti-spam articles here on Slashdot, I decided to beef up the anti-spam security on my own domain. I run my own domain and mail server, running Qmail, along with rblsmptd. Mail that passes this gets hit with Spamassassin However, one particular spamhaus, Clickformail has particularly nasty servers, they try at least 2 SMTP connects/second, and I suspect that's only limited by my 384k DSL pipe. The impact on my box was non-zero, to say the least. I ended up putting a packet filter on their class C netblock to stop the barrage of log messages and increase in load (from 0.05 normal to 0.15). Has anyone else experienced such determined spammers, and what is the best way around it?"

  14. When Spammers Attack?

    Ask · Spam · · posted by Cliff · from the find-your-closest-flame-thrower dept. · 16 comments
    Gothmolly asks: "After reading the recent spate of spam and anti-spam articles here on Slashdot, I decided to beef up the anti-spam security on my own domain. I run my own domain and mail server, running Qmail, along with rblsmptd. Mail that passes this gets hit with Spamassassin However, one particular spamhaus, Clickformail has particularly nasty servers, they try at least 2 SMTP connects/second, and I suspect that's only limited by my 384k DSL pipe. The impact on my box was non-zero, to say the least. I ended up putting a packet filter on their class C netblock to stop the barrage of log messages and increase in load (from 0.05 normal to 0.15). Has anyone else experienced such determined spammers, and what is the best way around it?"

  15. Bind 4 and 8 Vulnerabilities

    Developers · Security · · posted by michael · from the who-uses-BIND4-anymore dept. · 402 comments
    eecue writes "The world's most popular DNS package is once again vulnerable. Even the advisory says it's only a matter of time before worms are written.... just like a couple years ago. I guess this is why i run tinydns."

  16. Bernstein's Continued Progress in Crypto Suit

    Yro · Encryption · · posted by michael · from the fighting-the-Man dept. · 9 comments
    corz writes "On October 18 Daniel J. Bernstein went back to court in his battle with the government over cryptography regulations. From his post to the export mailing list: 'Department of Justice attorney Tony Coppolino told the court that the government would not enforce the regulations against cryptographers working together at conferences. He also told the court that the government would treat "assembly language" as source code.' What does this mean for us? Wired News has more."

  17. Bernstein's Continued Progress in Crypto Suit

    Yro · Encryption · · posted by michael · from the fighting-the-Man dept. · 9 comments
    corz writes "On October 18 Daniel J. Bernstein went back to court in his battle with the government over cryptography regulations. From his post to the export mailing list: 'Department of Justice attorney Tony Coppolino told the court that the government would not enforce the regulations against cryptographers working together at conferences. He also told the court that the government would treat "assembly language" as source code.' What does this mean for us? Wired News has more."

  18. Bernstein's Continued Progress in Crypto Suit

    Yro · Encryption · · posted by michael · from the fighting-the-Man dept. · 9 comments
    corz writes "On October 18 Daniel J. Bernstein went back to court in his battle with the government over cryptography regulations. From his post to the export mailing list: 'Department of Justice attorney Tony Coppolino told the court that the government would not enforce the regulations against cryptographers working together at conferences. He also told the court that the government would treat "assembly language" as source code.' What does this mean for us? Wired News has more."

  19. More on Bernstein's Number Field Sieve

    It · Encryption · · posted by michael · from the winnow-him-out-'twixt-star-and-star dept. · 151 comments
    Russ Nelson writes "Dan Bernstein has a response to Bernstein's NFS analyzed by Lenstra and Shamir, entitled Circuits for integer factorization. He notes that the issue of the cost of factorization is still open, and that it may in fact be inexpensive to factor 1024-bit keys. We don't know, and that's what his research is intended to explore."

  20. 1024-bit RSA keys In Danger Of Compromise?

    It · Encryption · · posted by Hemos · from the well-of-course-they-are dept. · 363 comments
    antiher0 writes "According to an email from Lucky Green that came across bugtraq yesterday, 1024-bit encryption should no longer be considered pristine. Bernstein released a proposal that outlines the creation of a machine capable of breaking 1024-bit crypto on the order of minutes or even seconds for the measly cost of ~$1B USD. For a more thorough discussion, check out the original email." Update: 03/26 03:16 GMT by T : And don't forget to revisit Bruce Schneier's analysis of Bernstein's claims, which cast doubt on the practicality of breaking such large keys anytime soon.

  21. Factoring Breakthrough?

    It · Encryption · · posted by michael · from the for-as-long-as-men-are-capable-of-evil dept. · 489 comments
    An anonymous reader sent in: "In this post to the Cryptography Mailing List, someone who knows more about math than I do claimed "effectively all PGP RSA keys shorter than 2k bits are insecure, and the 2kbit keys are not nearly as secure as we thought they were." Apparently Dan Bernstein of qmail fame figured out how to factor integers faster on the same cost hardware. Should we be revoking our keys and creating larger ones? Is this "the biggest news in crypto in the last decade," as the original poster claims, or only ginger-scale big?"

  22. How Unix-like is MacOS X?

    Ask · Apple · · posted by Cliff · from the discussing-the-core-of-the-latest-apple dept. · 128 comments
    prospective_user asks: "I am a heavy user of Unix, spend most of my time running Linux and am considering getting myself an iBook, after seeing a considerable amount of exposure Macs/Apple have in both Slashdot and the O'Reilly Network. Given that MacOS X is based on FreeBSD/Mach, I suppose that the usual Unix libraries and environments (like ncurses and tcl/tk) are available in MacOS X (which I hope is true, for text-based applications). In fact, I'm concerned about the Unix side of MacOS X and also plan on running Debian/PPC on it, but I plan to primarily use MacOS X. So, before having an (uncertain) investment in a new platform, it would be reasonable to have a bit more of background on it and thus, the questions: how well does MacOS X support traditional Unix applications? For instance, how do the following applications run under MacOS X (which I use the most): teTeX, GNU Emacs, mutt and fetchmail?" Note that the submittor isn't asking if OSX is or is not a Unix; we've fielded that question already. No, the question here is where does OSX differ from the other unicies.

    "Also regarding the investment in a new platform and coming from the x86 world, I'm a bit interested about the PowerPC performance in comparison to what I could get with a x86 notebook. I've read some articles and pages that suggest that PowerPCs may not be fast (or, in fact, may be quite slower than their x86 counterparts):

    Some of the sources I've read are: these pages, from D. J. Bernsteins's website, and this article on processor performance from the GMP website.

    Also, as some later questions, can the portable Macs be plugged to non-mac monitors? And does MacOS X feature a packet filter like Linux or other BSDs do?

    Any comments and experiences with these machines are welcome. Thanks."

  23. How Unix-like is MacOS X?

    Ask · Apple · · posted by Cliff · from the discussing-the-core-of-the-latest-apple dept. · 128 comments
    prospective_user asks: "I am a heavy user of Unix, spend most of my time running Linux and am considering getting myself an iBook, after seeing a considerable amount of exposure Macs/Apple have in both Slashdot and the O'Reilly Network. Given that MacOS X is based on FreeBSD/Mach, I suppose that the usual Unix libraries and environments (like ncurses and tcl/tk) are available in MacOS X (which I hope is true, for text-based applications). In fact, I'm concerned about the Unix side of MacOS X and also plan on running Debian/PPC on it, but I plan to primarily use MacOS X. So, before having an (uncertain) investment in a new platform, it would be reasonable to have a bit more of background on it and thus, the questions: how well does MacOS X support traditional Unix applications? For instance, how do the following applications run under MacOS X (which I use the most): teTeX, GNU Emacs, mutt and fetchmail?" Note that the submittor isn't asking if OSX is or is not a Unix; we've fielded that question already. No, the question here is where does OSX differ from the other unicies.

    "Also regarding the investment in a new platform and coming from the x86 world, I'm a bit interested about the PowerPC performance in comparison to what I could get with a x86 notebook. I've read some articles and pages that suggest that PowerPCs may not be fast (or, in fact, may be quite slower than their x86 counterparts):

    Some of the sources I've read are: these pages, from D. J. Bernsteins's website, and this article on processor performance from the GMP website.

    Also, as some later questions, can the portable Macs be plugged to non-mac monitors? And does MacOS X feature a packet filter like Linux or other BSDs do?

    Any comments and experiences with these machines are welcome. Thanks."

  24. How Unix-like is MacOS X?

    Ask · Apple · · posted by Cliff · from the discussing-the-core-of-the-latest-apple dept. · 128 comments
    prospective_user asks: "I am a heavy user of Unix, spend most of my time running Linux and am considering getting myself an iBook, after seeing a considerable amount of exposure Macs/Apple have in both Slashdot and the O'Reilly Network. Given that MacOS X is based on FreeBSD/Mach, I suppose that the usual Unix libraries and environments (like ncurses and tcl/tk) are available in MacOS X (which I hope is true, for text-based applications). In fact, I'm concerned about the Unix side of MacOS X and also plan on running Debian/PPC on it, but I plan to primarily use MacOS X. So, before having an (uncertain) investment in a new platform, it would be reasonable to have a bit more of background on it and thus, the questions: how well does MacOS X support traditional Unix applications? For instance, how do the following applications run under MacOS X (which I use the most): teTeX, GNU Emacs, mutt and fetchmail?" Note that the submittor isn't asking if OSX is or is not a Unix; we've fielded that question already. No, the question here is where does OSX differ from the other unicies.

    "Also regarding the investment in a new platform and coming from the x86 world, I'm a bit interested about the PowerPC performance in comparison to what I could get with a x86 notebook. I've read some articles and pages that suggest that PowerPCs may not be fast (or, in fact, may be quite slower than their x86 counterparts):

    Some of the sources I've read are: these pages, from D. J. Bernsteins's website, and this article on processor performance from the GMP website.

    Also, as some later questions, can the portable Macs be plugged to non-mac monitors? And does MacOS X feature a packet filter like Linux or other BSDs do?

    Any comments and experiences with these machines are welcome. Thanks."