Cryptography Expert Sounds Alarm At Possible Math Hack 236
netbuzz writes "First we learn from Bruce Schneier that the NSA may have left itself a secret back door in an officially sanctioned cryptographic random-number generator. Now Adi Shamir is warning that a math error unknown to a chip makers but discovered by a tech-savvy terrorist could lead to serious consequences, too. Remember the Intel blunder of 1996? 'Mr. Shamir wrote that if an intelligence organization discovered a math error in a widely used chip, then security software on a PC with that chip could be "trivially broken with a single chosen message." Executing the attack would require only knowledge of the math flaw and the ability to send a "poisoned" encrypted message to a protected computer, he wrote. It would then be possible to compute the value of the secret key used by the targeted system.'"
The NSA (Score:5, Insightful)
The United States, or the NSA, doesn't have all the world's best cryptographers. Russia, China, etc, other nations have excellent skill in these endeavors. Ironically, by trying to protect the nation, the NSA runs the risk of opening us up to foreign espionage.
So... (Score:3, Insightful)
WTF "terrorist" (Score:5, Insightful)
Terrorists? (Score:4, Insightful)
Re:First Post? (Score:5, Insightful)
Of course, if you were refering to China or someone else then that might be a different story (but again, the wording sounded like someone regurgitating the drivel that gets thrown out by politicians and pundits in the mainstream media).
No. (Score:5, Insightful)
They don't give a flying f--- about "our freedoms" except where they think that shows we are "morally corrupt." Islamic militants are under no illusions that they're going to change our culture any time soon, though. They've got bigger fish to fry back home trying to establish a power block.
How we govern ourselves beyond our foreign policy is utterly unimportant to their larger goals.
Re:don't understand (Score:5, Insightful)
Actually this is a common attack scenario in security protocol analysis. While it does not always happen in real life there are ways it can occur. For example, you try to decrypt the message and get garbage. So what do you do? You send the garbage back to the guy, saying, I couldn't read your message, all I got was this junk. Now you have been tricked into acting as what is called an "oracle" for the decryption function. This opens up a number of attacks which is why the best cryptosystems are immune to such problems.
Re:The NSA (Score:2, Insightful)
Re:don't understand (Score:3, Insightful)
I mean, I could understand it if it was solicited communications, but what are the odds you'll happen to start into an encrypted conversation with someone who just wants your key?
Re:don't understand (Score:3, Insightful)
In the same way you aren't the "S" in RSA. Give him some credit, will you?
Re:Terrorists? (Score:2, Insightful)
Terrorist & government symbiosis. (Score:5, Insightful)
Want the citizens to give up some freedom/pay some new tax/whatever? Easy! Play the terrorism trump card.
Without some Evil Empire force (that the US plays so well), it is very hard for terrorists to get the emotions going either. Terrorists & empire building governments need each other.
Re:No. (Score:5, Insightful)
Stop pissing people off and the nut-jobs who do want us removed will have lost their primary recruitment method.
Re:First Post? (Score:2, Insightful)
There is strong indication that the main goal of 9/11 was actually against individual freedoms, which this particular brand of "Islam" (they could be fundamentalists of any other religion) does not like. In fact they do not like if people have their own opinions. And they did manage to shiff the US massively in their own direction of thinking. In the end, it seems one fundamentalist is far closer ro another, than to people that are open-minded and tolerant. As an atheist, I believe the main danger of religion is that it can be used as a booster-package for fundamentalists. Many people manage to have religion and still respect others, but a significant number can be coerced into thinking that everybody should subscribe to their particular (and usually bizarre) world-view.
Re:The NSA (Score:1, Insightful)
The problem with backdoors, is that noone can guarantee who uses them.
I can't believe you got modded up to 5, Informative for pointing out something utterly, trivially obvious to this audience.
Re:No. (Score:5, Insightful)
Yeah, but al-Qaeda doesn't care about our democracy. And seeing us turn into a secular or Christian dictatorship in no way helps further their goals. The more crazy fascist our government becomes, ironically, the less accepting of Islamic fundamentalism it becomes even as it becomes equally repressive. If anything, it's against their long term goals to see us harder ourselves against them.
Next time, educate yourself about our sworn western enemies before justifying their cause. Bluntly put, I don't give a damn about their cause. These people need to die like the parasites they are on humanity.
What does explaining their motivations have to do with justifying them? You seem to be the sort of reactionary type that associates any attempt to understand your enemy with accepting them and capitulating to them.
Geez, it's no wonder you people are losing the War on Terrorism for us.
Comment removed (Score:5, Insightful)
Re:Terrorists? (Score:3, Insightful)
As far as threats to the nation, the spam and popups are just the "tip of the iceberg".
Obviously, the criminals use some pretty smart minds to seek and exploit software weaknesses. I think it's totally feasible that such a criminal group could be involved in more serious attacks that could compromise economic systems, national infrastructure, financial systems, etc.
Risk evaluation (Score:3, Insightful)
1) When we think there's somebody out to get us, we evaluate that risk very highly, even when there are more immediate but "random" risks clearly at hand. For example, a "terrorist" is a bogey-man, it's somebody out to get you. But hunger has no bad guy, and neither do disease, auto accidents, and lightning.
2) We evaluate as "risky" situations where we are not in immediate control, even if they are carefully situated to protect us. For example, riding a horse is far more risky than flying, even in the most dangerous category of flying, single-engine piston planes. Yet people routinely are more concerned about the "motor stalling" in a carefully watched and maintained airplane than they are about their kids riding around without protection on a champion racing horse.
3) Because of our intense pattern-matching, our ability to relate to other people, and our social nature, we routinely underrate risks that are impersonal - the flip-side of #1 above. For example, auto accidents are seen as a "way of life" and "can't be changed" by most, but freak out when the local high-school is held up for a few hours when some teenie gets involved in a love triangle and holds a SINGLE person "hostage" with a pocket knife. Look at the dichotomy - people who don't attend school drive right by a smashed up car on the way to work, tisking as they go, but sit glued to the telly when something happens at the High School.
It's reality. Get used to it. And no, it doesn't make sense.
Re:The NSA (Score:3, Insightful)
Comment removed (Score:3, Insightful)
Re:No. (Score:3, Insightful)