In the university rules, the anything done with the username is considered to be the liability of the user. I don't know if this is enforceable, but for the purposes of discussion, it's enough.
Oh, sorry, I realize now that you were referring to the part of my post which had to do with open networks and network equipment blocking duplicate MACs.
Yes, it would be a problem which would require much more thought. Since 802.11(abgn) is a fairly chatty protocol, you could probably manage by having a fairly short timeout. With a minimal period of time during which a spoofer could act, you'd eliminate a lot of problems. Further, wireless networking cards can be profiled and identified, so you could add to the tuple the manufacturer, and in some cases, the driver version. Relative location would also be useful (if someone manages to hop from one end of the building to another instantaneously, there's something fishy going on.)
I believe that WPA has a similar concept to sessions, which won't be hijackable unless the sniffer has managed to crack the session key. I'd have to go back and read through some of the literature again to refresh my memory, though. It's entirely possible that I'm misremembering that.
When I was in school, our university tied MACS to IPs, and usernames to MACS. Spoofing a mac on a different network would mean that the tuple didn't match, meaning there is no false accusation. Spoofing a MAC prior to registering doesn't help because you provided a username/password at the time of the registration.
Maybe I've been around mostly more technical universities? I can only think of one where student access was as easy as you're describing.
I do think that ease of communication is inherently necessary to the educational process, but I don't think that anonymous communication necessarily is.
First of all, they may not have paid for the content. It's quite likely that they uploaded the content that they themselves downloaded.
Second, while I dislike the comparison of copyright infringement to thievery, it is nonetheless illegal. It is likely less immoral, but that's not a judgement call that the government should be making.
Official wireless is probably a completely different beast. Lots of universities use WPA, for which spoofing will be irrelevant. If they're using an open network, I'd think that they'd be open to complaints and possible lawsuits if they gave up the names or otherwise tried to claim that a specific student was tied to a specific IP/MAC address. Then again, most students wouldn't know that spoofing was possible or likely.
It may be that high-end networking equipment can disable wireless connections originating from a duplicate MAC during a session--I just don't know enough about the capabilities of this equipment.
Nonetheless, universities tend to want to know who's sitting at the other end of the connection. It's disingenuous to suggest that they could take action themselves based upon spurious data, but that that same data isn't good enough to hand back when faced with a subpoena. If the university decides to abandon tracking of students, then more power to them. But I doubt that it's the case that most universities are willing to do this.
There's a chain of evidence which is used to get a person in many universities. It's the same way any ISP would track usage down to a specific user.
Users are typically registered. Usually in universities, this is accomplished through a captive portal which records the MAC and username (authenticated with a password.) This ties the MAC to the user. From there, it's trivial to tie the packets to the MAC--spoofing IP addresses is trivial on most networking equipment in use by universities (i.e. we're not talking crappy Linksys routers, here.) MAC spoofing is rare, but also quite easy to block on the switch, long before any damning traffic occurred. Even if it isn't explicitly blocked, it would be a special case that would need to be handled when trying to identify the student, but it is by no means a dealbreaker.
Of course, if the student is running a wireless access point, you run into problems. This is why some universities don't allow wireless access points to be connected to the network (they can't outright ban them due to FCC regulations) and the university agreements almost universally state that traffic originating from the student's port is considered to be the student's liability.
ISPs (including universities) have valid reasons for wanting to be able to track people down. It's unfortunate that the ability to track people down means that they can give up their information when the RIAA comes subpoenaing.
There is at least one other advantage--the entire disk can be encrypted. In theory, this is OS independent, which is another advantage.
Saving a few cycles can be significant. Even more significant may be the power savings. Since encryption on hard drives is probably most useful on portable devices (things which run on batteries), if you can save power by using a dedicated chip (which should consume less power than the equivalent CPU cycles required to decrypt), then there's another advantage.
Assuming the hardware is done right, you have the advantage that it's idiot-proof. You can give people an encrypted partition, but that doesn't mean that they'll use it. Even if they do, temporary files may be store data outside of the encrypted partition.
So there are a few good things about this device, assuming it's implemented correctly. Unfortunately, due to companies being highly secretive, we'll probably never know for sure whether or not it's implemented correctly.
A 128-bit key will still fall before a 256-bit key when dealing with quantum computers trying to crack it. The speedup in cracking is not exponential, as it is with asymmetric encryption, though it is still significant enough to become a concern.
Which is an interesting way of handling it. The press release also says that there is a key stored on the drive (they change this key to implement secure erase.) Here's how I envision this.
Each drive has a 128-bit key, and with a special command, can change the key to something random. This command is invoked when the Secure Erase function is requested.
The drive key is used as a salt to the ATA-password generated key. Normally, the ATA password just locks the drive, preventing it from being accessed. In this case, the drive probably has logic to create a 128-bit hash value from the ATA password. The 128-bit hash value would then be concatenated with the drive key to form the 256-bit AES key.
Now the ATA specification allows for 32-byte passwords, so realistically, they could allow for the user password to fully compose the 256-bit AES key (in other words, no hashing needed.) However this, in and of itself, does not allow for the extra key used in the secure-erase function. I'd be curious to know where that key is really coming from, and how it integrates into the encryption algorithm.
I wouldn't use public key in places where it isn't necessary. They could effectively get the same results by using a salt, and changing that when secure-erase is chosen. If this is the case, then their wording was poor, but pretty close to accurate.
One concern I'd have in either scenario is what happens when you need to change the password?
You only asked for non-lab examples. There have been multiple, independantly run tests of the technology and how it can be fooled. As I said in my reply, that it hasn't been done in the field is not pertinent.
But thanks for playing. You won't be hearing from me again.
I'm not aware of any cases of break-ins involving fingerprint biometrics, if that's what you're asking for. But just because it hasn't happened (or been reported on) does not mean that they are secure.
Well, that's not an option for many of the systems to which I have logins. Also, fingerprint biometrics are so easily defeated that we aren't adding much security here. I haven't read much on other forms of biometrics, but I do know enough to know that revocation in the event of compromise is pretty harsh.
I guess that goes to show us that security is one problem you can't just throw money at and make it go away. Well, it will be a long time before anyone figures out how to make security problems go away. Microsoft has really increased the security of their systems over the past couple of years, so while throwing money at it isn't making the problem go away, it has certainly seemed to help a bit.
Oh wait, I'm sorry, I forgot what site I'm on. Ignore the facts above--MICROSOFT SUCKS!
Writing passwords on post-it notes isn't a bad idea. Leaving the post-it notes with passwords outside of your control is what's bad.
I write passwords on post-it notes all the time (I use post-its only because of the stigma--I could just as easily use index cards.) You know what I do with them? I put them in my wallet. I've had a couple of decades of training on keeping tabs on my wallet, so I'm not concerned about it. And if someone is going to rob me, or break into my house in order to get passwords, the battle is honestly probably lost--they could just as easily put a gun to my head and demand the password.
Slashdot Mirror
You can pre-calculate the responses, though.
$ opiekey -n 20 79 aja2810
(assuming you're down to 79 and your seed is aja2810.)
In the university rules, the anything done with the username is considered to be the liability of the user. I don't know if this is enforceable, but for the purposes of discussion, it's enough.
That's pretty surprising. What's the purpose of allowing access through that proxy server, but not full blown access?
Oh, sorry, I realize now that you were referring to the part of my post which had to do with open networks and network equipment blocking duplicate MACs.
Yes, it would be a problem which would require much more thought. Since 802.11(abgn) is a fairly chatty protocol, you could probably manage by having a fairly short timeout. With a minimal period of time during which a spoofer could act, you'd eliminate a lot of problems. Further, wireless networking cards can be profiled and identified, so you could add to the tuple the manufacturer, and in some cases, the driver version. Relative location would also be useful (if someone manages to hop from one end of the building to another instantaneously, there's something fishy going on.)
I believe that WPA has a similar concept to sessions, which won't be hijackable unless the sniffer has managed to crack the session key. I'd have to go back and read through some of the literature again to refresh my memory, though. It's entirely possible that I'm misremembering that.
That's a pretty big stretch from what I said.
I wasn't proposing it as a solution, just as how it might be implemented. I'm well aware of the implications on key space :)
When I was in school, our university tied MACS to IPs, and usernames to MACS. Spoofing a mac on a different network would mean that the tuple didn't match, meaning there is no false accusation. Spoofing a MAC prior to registering doesn't help because you provided a username/password at the time of the registration.
Maybe I've been around mostly more technical universities? I can only think of one where student access was as easy as you're describing.
I do think that ease of communication is inherently necessary to the educational process, but I don't think that anonymous communication necessarily is.
First of all, they may not have paid for the content. It's quite likely that they uploaded the content that they themselves downloaded.
Second, while I dislike the comparison of copyright infringement to thievery, it is nonetheless illegal. It is likely less immoral, but that's not a judgement call that the government should be making.
It gives the magistrate a political out, particularly if the RIAA lawyers were acting as officers of the court when they made that declaration.
Official wireless is probably a completely different beast. Lots of universities use WPA, for which spoofing will be irrelevant. If they're using an open network, I'd think that they'd be open to complaints and possible lawsuits if they gave up the names or otherwise tried to claim that a specific student was tied to a specific IP/MAC address. Then again, most students wouldn't know that spoofing was possible or likely.
It may be that high-end networking equipment can disable wireless connections originating from a duplicate MAC during a session--I just don't know enough about the capabilities of this equipment.
Nonetheless, universities tend to want to know who's sitting at the other end of the connection. It's disingenuous to suggest that they could take action themselves based upon spurious data, but that that same data isn't good enough to hand back when faced with a subpoena. If the university decides to abandon tracking of students, then more power to them. But I doubt that it's the case that most universities are willing to do this.
There's a chain of evidence which is used to get a person in many universities. It's the same way any ISP would track usage down to a specific user.
Users are typically registered. Usually in universities, this is accomplished through a captive portal which records the MAC and username (authenticated with a password.) This ties the MAC to the user. From there, it's trivial to tie the packets to the MAC--spoofing IP addresses is trivial on most networking equipment in use by universities (i.e. we're not talking crappy Linksys routers, here.) MAC spoofing is rare, but also quite easy to block on the switch, long before any damning traffic occurred. Even if it isn't explicitly blocked, it would be a special case that would need to be handled when trying to identify the student, but it is by no means a dealbreaker.
Of course, if the student is running a wireless access point, you run into problems. This is why some universities don't allow wireless access points to be connected to the network (they can't outright ban them due to FCC regulations) and the university agreements almost universally state that traffic originating from the student's port is considered to be the student's liability.
ISPs (including universities) have valid reasons for wanting to be able to track people down. It's unfortunate that the ability to track people down means that they can give up their information when the RIAA comes subpoenaing.
Oh to have "funny" mod points to award you. Though it did take reading twice to get the joke :)
There is at least one other advantage--the entire disk can be encrypted. In theory, this is OS independent, which is another advantage.
Saving a few cycles can be significant. Even more significant may be the power savings. Since encryption on hard drives is probably most useful on portable devices (things which run on batteries), if you can save power by using a dedicated chip (which should consume less power than the equivalent CPU cycles required to decrypt), then there's another advantage.
Assuming the hardware is done right, you have the advantage that it's idiot-proof. You can give people an encrypted partition, but that doesn't mean that they'll use it. Even if they do, temporary files may be store data outside of the encrypted partition.
So there are a few good things about this device, assuming it's implemented correctly. Unfortunately, due to companies being highly secretive, we'll probably never know for sure whether or not it's implemented correctly.
A 128-bit key will still fall before a 256-bit key when dealing with quantum computers trying to crack it. The speedup in cracking is not exponential, as it is with asymmetric encryption, though it is still significant enough to become a concern.
Are you kidding? If they did that, people might actually try to secure their computers more.
Nope, losing customer data is business as usual and just a risk of doing said business.
Which is an interesting way of handling it. The press release also says that there is a key stored on the drive (they change this key to implement secure erase.) Here's how I envision this.
Each drive has a 128-bit key, and with a special command, can change the key to something random. This command is invoked when the Secure Erase function is requested.
The drive key is used as a salt to the ATA-password generated key. Normally, the ATA password just locks the drive, preventing it from being accessed. In this case, the drive probably has logic to create a 128-bit hash value from the ATA password. The 128-bit hash value would then be concatenated with the drive key to form the 256-bit AES key.
Now the ATA specification allows for 32-byte passwords, so realistically, they could allow for the user password to fully compose the 256-bit AES key (in other words, no hashing needed.) However this, in and of itself, does not allow for the extra key used in the secure-erase function. I'd be curious to know where that key is really coming from, and how it integrates into the encryption algorithm.
I wouldn't use public key in places where it isn't necessary. They could effectively get the same results by using a salt, and changing that when secure-erase is chosen. If this is the case, then their wording was poor, but pretty close to accurate.
One concern I'd have in either scenario is what happens when you need to change the password?
You seem to be a classic example of a troll.
You only asked for non-lab examples. There have been multiple, independantly run tests of the technology and how it can be fooled. As I said in my reply, that it hasn't been done in the field is not pertinent.
But thanks for playing. You won't be hearing from me again.
I'm not aware of any cases of break-ins involving fingerprint biometrics, if that's what you're asking for. But just because it hasn't happened (or been reported on) does not mean that they are secure.
I like the new comments. Among other things, it means that my subscriber page views go a lot farther.
Well, that's not an option for many of the systems to which I have logins. Also, fingerprint biometrics are so easily defeated that we aren't adding much security here. I haven't read much on other forms of biometrics, but I do know enough to know that revocation in the event of compromise is pretty harsh.
Oh wait, I'm sorry, I forgot what site I'm on. Ignore the facts above--MICROSOFT SUCKS!
Writing passwords on post-it notes isn't a bad idea. Leaving the post-it notes with passwords outside of your control is what's bad.
I write passwords on post-it notes all the time (I use post-its only because of the stigma--I could just as easily use index cards.) You know what I do with them? I put them in my wallet. I've had a couple of decades of training on keeping tabs on my wallet, so I'm not concerned about it. And if someone is going to rob me, or break into my house in order to get passwords, the battle is honestly probably lost--they could just as easily put a gun to my head and demand the password.