Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Encryption Security

QNX Crypt Cracked 167

The Crypt algorithm for the QNX operating system was just cracked. QNX runs on banks computers, ATM's, Medical Equipment, and the almighty i-opener. Source code is there if you're interested.
This discussion has been archived. No new comments can be posted.

QNX Crypt Cracked

Comments Filter:
  • could they have used the unix passwd without there being a copyright violation?

    as in, while still remaining closed source and propriatery?

    legally anyways :)

  • "Quick, Lawyerboy, to the Lawsuitmobile! There's motions to be filed!"

    Man--given how heated DeCSS has gotten, I cringe at the thought of how, uh, unhappy some huge organizations are going to be with this one.

    Bah, on second though, we're only talking about ATM machines, no big deal.
    --

  • I hate it when people stary from the norm... and use their own stuff. It kinda has a microsoft like mentality to it. :-) Now if only I could think of the "neat" uses of this new found info. :-) Peace out.
  • by xavii ( 92017 )
    Well, which big pocketed corporation is going to file the first lawsuit? In lew of the "code is free speech" are these cases going to be harder to attack the coders?

    I can't wait for all the legal follow up articles to this.

    xavii aka bob
  • Is there more information available?
    What are the implications of this?
  • First, copyrights only apply to implementations, not to algorythms. That's why Solaris, *BSD, and Linux can all use the same algorythm.

    But, if the QNX people were really lazy, they could have just grabbed crypt function from one of the BSD source trees and used it. (remember, the BSD license doesn't not dissallow the use of their code in a closed-source system like the GPL does.)

  • Surely it would have been nicer to have let the QNX people know first so that they could let their customers know the problem.
  • by z4ce ( 67861 ) on Sunday April 16, 2000 @08:33AM (#1129251)
    Kuro5hin has a write-up on this here [kuro5hin.org] and Advogato has one here. [advogato.org] They've had these articles for most of today they have some interesting posts already.
  • I don't see how it is fair to punish anyone about this. I mean, it just keeps the bussinesses on their toes... so now it is bad to outsmart a company?
  • by TeknoDragon ( 17295 ) on Sunday April 16, 2000 @08:34AM (#1129253) Journal
    It's even got a modest execution time... (largest loop -- while (rot--){...} -- rot is max 127 -- rot=(...)%128;) nothin too complex there...

    Why not blowfish or some other BSD licensed stuff???
  • by pb ( 1020 ) on Sunday April 16, 2000 @08:34AM (#1129254)
    Don't encrypt passwords, hash them! Make sure there's enough information to identify a correct password, but not enough to reproduce it!

    That having been said, I don't know enough to write a secure crypto algorithm without following in someone else's footsteps. (I know the basics of public-key cryptography, I could probably code that) But you know what? I wouldn't try to reinvent the wheel here, not unless I proved it mathematically first. :)

    ...and if that decryption algorithm works, this'll be really embarrassing for them. (because it's *so* computationally simple, it should run in no time at all. I just don't have any random QNX "encrypted" data lying around to try it with...)
    ---
    pb Reply or e-mail; don't vaguely moderate [152.7.41.11].
  • by vsync64 ( 155958 ) <vsync@quadium.net> on Sunday April 16, 2000 @08:34AM (#1129255) Homepage
    Just think... Now we can turn every appliance in the world into a node in our giant Beowulf cluster...

    • The Unaware ATM Beowulf Cluster...
    • The Unaware iOpener SETI@home Team...
    • The distributed.net Wristwatch Team...

    The possibilities are truly endless.

  • Before there are a ton of "If only they had used open source, this wouldn't have happened" posts, I'd like to post a counterpoint. Certainly, using open source has security benefits, and this is one of its strong points. But couldn't they at least have used a hash algorithm of respected difficulty by the mathematical community at large? That really has nothing to do with open or closed source, it just sounds like a competency issue to me.

    There are tons of good algorithms they could have used. For example, they could have simply hashed all passwords with "Competing open source realtime operating systems are for weenies!!"
  • The real question right now is how long each company will take to resecure their servers. Will they do it at all, since the average consumer won't even be aware of this? Knowing which companies are secure would be very valuable knowledge for those of us who understand this type of thing.

    -----------------------

  • by CmndrKrypto ( 175418 ) on Sunday April 16, 2000 @08:36AM (#1129258)
    Yet again a company thinks that Jim the guy down the hall who "knows some crypto" can design a critical algorithm. After all, it looked kinda mashed up in testing, so how could anyone break that? :) Really, people, there are enough freely available one-way hash algorithms, which you can, and always could, export... Good crypto is hard to do, so if somebody has already done the work for you, take advantage of it! Don't waste time making up your own. You'll get shot in the foot later, like the QNX people did here.
  • by |guillaume| ( 151395 ) on Sunday April 16, 2000 @08:37AM (#1129259)
    It seems theres a secret obfuscated message in the binary when you compile the code...

    seineew era sreenigne XNQ

    ---
    guillaume

  • by Signal 11 ( 7608 ) on Sunday April 16, 2000 @08:38AM (#1129260)
    DON'T PANIC.

    Okay, with that out of the way, even if you stole an ATM and decrypted everything in it, here's what you'd find: Nothing.

    The network is specifically designed to avoid silly things like that - the ATM stores no persistent information beyond who used it, some accounting information, and when it was used. *that* information *may* be compromised, but a) it wouldn't do you any good and b) it's unlikely they're using anything less than 3DES. Give these people some credit, ok?

    Now, if somebody was able to do realtime decoding of the ATM network itself... that would do several things a) panic people who normally don't panic, b) increase the local population drastically after the influx of federal agents, c) make international headlines and d) would not be submitted by an anonymous coward.

    Guys.. I know people who work/have worked for financial institutions. I'd estimate the security to be B2 or above (if it was government certified). Unlike the DoD's "NIPR" net which was /supposed/ to be physically disconnected from any/every other network, the financial institutions just plain don't transfer important info over networks. The data is too valuable.

    For example, credit bureaus will not accept an update to anybody's credit report electronically - it is done by hand with tape drives. Makes the movie "Hackers" seem more than alittle unrealistic. =) In short, DON'T PANIC. This crack means nothing to the financial industry. Now, if you want to be worried... you should note some of them run Windows 95..................

  • by retep ( 108840 ) on Sunday April 16, 2000 @08:40AM (#1129261)

    This isn't as serious as you might think. Sure the "encryption" of crypt on QNX was cracked. But good security assumes that the crypt function returns the plain text anyway. All crypt is used for is to encrypt the passwords in /etc/passwd This was all fine and dandy 20 years ago when it took lots of time to decrypt passwords. But these days you can break through the passwords with brute force in a week or less. Good systems use shadow passwords. So the real passwords go in /etc/shadow, which is unreadable by anyone but root and anyone but root can't even look at the encrypted passwords.

  • From the source code of reverse.c:

    I'd like to thank the morons at QNX for writing their own crypt function, and thus making this program possible.

    There are plenty of good crypt implementations available. I can imagine wanting to write your own, but I don't understand why they wanted/chose/allowed a reversable encryption method?

    When the source is out there, reversable is doomed: anyone can find the algorithm and apply it backwards, which is the reason why fetchmail uses plain text password storage (encrypting them would not at all improve security).

    But even without source reversable encryption is doomed: there are very neat decompilers that explain the complete bit and byte shifting stuff that's going on. And probably there are plenty more methods of cracking the code, hence this article.

  • Given the simplicity of the decryption code, they should have known from the start. Besides, it's not like they are posting the passwords to any sites -- you need access to the password file (or equiv) to crack anything.

    Note an important thing about the code: it doesn't do any "try this, then see if it worked" type tests like an irreversable hash would. It's not a encryption, it's just a reversible transformation.

    Maybe next time they should higher a cryptographer.

    --Kevin
  • The Crypt algorithm for the QNX operating system was just cracked. QNX runs on banks computers, ATM's, Medical Equipment, and the almighty i-opener. Source code is there if you're interested.
    Bank Computers, ATMS & Medical Equipment? I would like to think that all the customers affected by an insecurity have been contacted and have had the opportunity to fix the code, or install a more secure version of crypt, but I doubt it.
    The crack was posted 4 days ago and I doubt any hospitals that might be running QNX will have updated their systems.
    A webserver security hole might be something we can all laugh about, and write ponderous essays if we feel that way inclined, but to post an exploit that potentially threatens lives is irresponsible to say the least.
    If that link wasn't posted, perhaps the Hospital I.T. department could have ensured that the dialysis machine wouldn't have been rooted.

  • What do you expect from big corporation idiots who don't know shit about security? -"Hey, let's make up a new encryption algorithm using Rot 13 and Shamir 3 pass... The name... well QNX sounds cool. Let's call it that."

    Instead of hiring competent people who KNOW that there are free algorithms & free sourcecode at sites, they hire these schmucks and everyone "marvels" at their security expertise, which is shot down to the ground when Joe Hacker, 3 years old breaks it using the calculator on his wrist watch!

    SECURITY IS AN ARTFORM.

    HIRE COMPETENT PEOPLE, PEOPLE!

  • Is the /etc/passwd (or equivalent) file world-readable in QNX? (While i'm at it, what exactly is QNX and why is it so special?)

    Sander
  • Just about as ethical as it was for QNX to put a non-secure encryption algorithm into their products.

    And don't even bother giving me crap about "Well, what if they didn't know??" - that doesn't matter, because there are straightforward ways of knowing - hello, if you don't have the expertise on staff, hire an expert, make sure they're a certified engineer so that if they're either an idiot or lie to you about the security of the algorithm, you can sue them for malpractice.

    And what makes you sooooooo sure that QNX WOULD have told their customers about the breach??

    Besides. They know about it *now*....and if someone has a business that depends on the security of a particular piece of encryption, they're STU-STU-STOOPID if they don't monitor cryptography journals/newletters/news/bug sites for up-to-the-nanosecond info on it.

    Oy.

  • by Anonymous Coward on Sunday April 16, 2000 @08:49AM (#1129268)
    Anyone remember the first try Microsoft had at passwords in WinCE? IIRC, they just did a XOR of the password with the work "pegasus" spelled backwords! The original Win95 password hash was equally silly but I don't remember the algorithm right now. I guess some people never learn.
  • It will be very interesting to see how (if at all) this development is addressed at the QNX Conference 2000 in May (14-17). It would be great in a Vancouver Open Crypto advocate could hand out some flyers letting those in attendence who hadn't heard know about the crack.
  • Sorry, but I can't stand it...

    The word you want is "lieu". The phrase "in lieu of" means "instead of". People use the former to make them sound smarter.

    I think the phrase you really wanted might be "in light of". As it stands, your post says the opposite of what I think you meant.

    Ok, I have no life.
    --
    Patrick Doyle
  • that I can break into an ATM's software and take all the bank's money?

    Cool.

  • QNX 4.25 uses shadow passwords. The crack still works on the shadow passwords, but at least it's one step removed from the world-readable /etc/passwd file.
  • uhm... well see... last time i checked, medical machines did not spontaneously shut down with the all permeating knowledge that some crazy unused crypto algo within them had been cracked.

    last time i checked there werent any major conspiracies to "hack the life support"

    and last time i ran around a hospital and wreaked havoc i didnt really have to root any machines to say oh... turn them off or any thing....

    then again... i havent done much looting, rampaging and killing lately... hmm...

    anybody else with recent experience? (sarcasm)
  • more like Score:2, Informative

    i hate moderators who don't read the details
  • We don't know whether or not QNX will fight this! Mirror this now! If we start early enough, this will be more intractably entrenched in the net than DeCSS or CPHack!
    --
  • The QNX operating system crypt algorithm was cracked a while ago in order to get the root password for the I-opener. This is certainly nothing new. You can grab the program and the source here [i-opener-linux.net].

  • by Anonymous Coward
    /* I'd like to thank the morons at QNX for writing their own crypt
    function,
    and thus making this program possible.

    -sean

    See LICENSE for licensing information...yes..its gpl
    */

    #include
    #include

    static ascii2bin(short x)
    {
    if (x>='0' && x='A' && x='Z')
    return (x-'A')+9;
    return (x-'a')+26+9;
    }
    char bits[77];
    char *quncrypt(char *pw)
    {
    static char newpw[14];
    int i;
    int j,rot;
    int bit,ofs;
    char salt[2];
    int temp;

    salt[0]=*pw++;
    salt[1]=*pw++;
    for (i=0;i72;i++)
    bits[i]=0;
    for (i=0;i12;i++)
    newpw[i]=ascii2bin(pw[i]);
    newpw[13]=0;
    rot=(salt[1]*4-salt[0])%128;

    for (i=0;i12;i++)
    {
    for (j=0;j6;j++)
    {
    bit=newpw[i]&(1j);
    bits[i*6+j]=bit?1:0;
    }
    }
    bits[66]=1;
    bits[67]=0;

    while (rot--)
    {
    bits[66]=bits[0];
    for (i=0;i=65;i++)
    bits[i]=bits[i+1];
    }

    for (i=0;i8;i++)
    {
    newpw[i]=0;
    for (j=0;j7;j++)
    {
    bit=bits[i+j*8];
    newpw[i]|=(bitj);
    }
    }
    newpw[8]=0;
    return newpw;
    }

    int main(int argc, char *argv[])
    {
    char *cr;

    if (argc!=2)
    {
    printf("QNX Crypt Defeater.. by Sean\n");
    printf("reverse [hashcode]\n");
    exit(0);
    }
    printf("Uncrypting...booya!\n");
    cr=quncrypt(argv[1]);
    printf("Cleartext:%s\n",cr);
    }

  • Over here in the UK, the banks have been getting hugely bad press recently for charging for use of ATM's. Back in the good old days, i.e. last year, it used to be virtually free, and the customer benefited hugely. However, this wasn't making even more money for the enormously wealthy banks, so they slap a charge of typically UK1.50 on any cash transaction if you don't use their cash machine.
    The transaction actually costs the banks roughly UK0.30 to process, which leaves 1.20 unaccounted for.

    The question is, when are the banks going to start charging more because 'our encryption algorithm is better than their encryption algorythm'. (It wouldn't suprise me at all to find that my bank account security is worth about 30p)
  • It's even got a modest execution time... (largest loop -- while (rot--){...} -- rot is max 127 -- rot=(...)%128;) nothin too complex there...
    Of course, {...} includes a loop that iterates 65 times, which ups the running time somewhat. You're right, though, it does look quite simple.

    I still don't quite get what it does, though, and I accidentally hit "refresh" after the site was /.ed, so I won't get to look at it again for a while now.

    Is decoding password hashes really a big deal? I never thought they were supposed to be that airtight.
  • If that link wasn't posted, perhaps the Hospital I.T. department could have ensured that the dialysis machine wouldn't have been rooted.


    What, do you think EVERYONE wants to know the concentration of uric acid in your blood?

    I do hope you are joking :P

    Said device should not even be accessible by anyone who would root it. In fact, they probably don't even run QNX. Probably 160k of code on some EEPROM inside the thing.
  • Perhaps it is more like a cracker to crack the QNX crypt function... but let me take the counterpoint.

    If this one person was able to crack the QNX crypt function, publicizing the information is unfortunately probably the right thing to do. It would only be honorable to alert the QNX people before releasing the information, but if one person cracked it, who's to say it hasn't been cracked yet.

    Humans have a tendency to ignore things they don't want to deal with, companies much more so; it sometimes takes a bit of unpleasant shock to wake us up to our faults. I suppose I consider these things somewhat like chemotherapy: sure it's very, very bad for you, but the alternative (leaving the bad code alone) could cause significantly more damage.

    So, in my humble opinion, I personally believe that these exploits should be announced, but with the stipulation that common courtesy requires you to tell the company and let them fix the bug and announce the bad news themselves before you release it independantly.
  • The Military's NIPRnet is not supposed to be disconnected from every other network. That's the job of the SIPRnet. the NIPRnet is for normal unclassified, not sensitive traffic. Even running crypto over the NIPRnet isn't considered secure enough. Heck, they run crypto over the SIPRnet for some forms of communication. DoD came up with the idea of the airgap for security, and believe me, they still follow it.
  • by Anonymous Coward
    Why don't companies just get used to the fact that everything is going to be cracked, copied, reverse engineered, and stop all the goofy lawsuits? The corporate world would be much better off learning to adapt to this environment as quickly as possible, and respond to compromised code with new and better code instead of litigation. As a bonus, it's really in the public interest for software security flaws to published far and wide, and in detail. It's a good incentive for the publisher of the piece to jump on the problem and solve it quickly, rather than leave the problem be and try to cover it up. Business is obsessed with the sanctity of economic competition but totally against the kind of evolutionary competition that makes software stronger.
  • You can get the source code and binaries here [i-opener-linux.net].

  • I'd don't know positively why QNX used such a terrible algorithm for the passwd file, but I have a pretty good guess. QNX is a small company, with superb engineers. They aren't idiots. They certainly know about *BSD and friends, and from the looks of it have certainly reused code from many other places. It probably would be less work to take the DES encryption from BSD, or wherever, than to come up with ones own.

    The reason, I suspect, that they didn't use DES is that they were afraid of legal issues - I'm sure that QNX is sold all over the world, and they didn't want to make a diferent non-DES release for idiotic contries (France, US) with restrictive crypto laws. Even if an expensive legal effort would determine what's exportable where, laws change all the time. This way, there is no "export controlled" code that they need to worry about.

  • by Anonymous Coward on Sunday April 16, 2000 @09:14AM (#1129286)
    [slashcode parser sucks ass. what part of "plain text" don't you understand?]

    <DJ-Pyro> JESUS CHRIST
    <DJ-Pyro> im getting dos'd
    <DJ-Pyro> ddos'd
    <DJ-Pyro> like from all over the world
    <lfilipoz> DJ-Pyro: wow... you can still IRC, tho?
    <DJ-Pyro> not me
    <DJ-Pyro> my server
    <DJ-Pyro> colo at digitalNATION
    <lfilipoz> is it just your box or all of digitalNation?
    <DJ-Pyro> my box
    <lfilipoz> and what's the url, so i can try to ping :)
    <DJ-Pyro> we just shutdown apache
    <DJ-Pyro> and now all of the clients are doing a CLOSE on tcp
    <DJ-Pyro> netstat > netstat made a 30k log file
    <DJ-Pyro> DAMN
    <DJ-Pyro> they are back!
    * jeff looks at DJ-Pyro
    <DJ-Pyro> this is bigger than last time
    <jeff> DJ-Pyro, you don't by chance host i-opener-linux.net, do you?
    <lfilipoz> last time?
    <DJ-Pyro> yes :)
    <DJ-Pyro> why?
    <lfilipoz> slashdot post
    <DJ-Pyro> SHIT!
    * lfilipoz already posted to that story and got the source code
    <lfilipoz> bwahahaha
    * jeff laughs
    <jeff> source is here: http://slashdot.org/comments.pl?sid=00/04/16/13242 33&cid=56
    <DJ-Pyro> oh jesus fscking christ!
  • by Anonymous Coward
    But the computer on-board the ATM is what controls all of those little motors and things that spit out the cash.

    Granted, it's still totally illegal and immoral in more ways than one to do so.

    Also, I have no idea how to even get to a login prompt on an ATM in the first place (or if it's even possible without physically opening the machine.)
  • QNX (www.qnx.com) is an operating system, not a security toolkit. It's designed for embedded systems and such. As long as you're not sharing your password file (or giving others access to it), this shouldn't even matter much.

    I'm a bit surprised that they weren't using something out of the BSD codebase, but they'll probably be changing that, shortly.
  • You mean "Hackers" wasn't real? I'll be damned...
  • Kinda like red hat eh :)
  • by Anonymous Coward
    QNX and Netpliance both recieved emails from me the day I finished the crack. Whether or not I should've given them a week before releasing the source is open to debate.
  • Shakespeare didn't write code....
  • by Anonymous Coward

    If I'd written a piss poor encryption scheme, I wouldn't post the source http://www.qnx.com/ cgi-bin/dir_find.cgi?/usr/free/qnx4/os/libs/ [qnx.com]

    security through obscurity would do me nicely.

  • The UK banks aren't the only ones who are charging fees for using ATMs owned by banks that you don't bank with. That practice has been going on here in the US for a few years now. The charge can run anywhere from $1.00 - $3.00 USD here.

    Very frustrating.
  • Posting source to slashdot is not redundant. The linked web page is probably going to be shut down within a week, whereas the source will remain in an easily accessible form on slashdot. Beats looking for mirrors.
  • It's been like that here in the States for as long as I can remember. In hindsight, I find it just a bit curious that I actually chose which bank to open my primary checking account in purely on the basis that they had one of their own ATMs that I don't get charged for on my college's campus and virtually everywhere else I'd care to go. The bigger the bank, the more free ATMs... which one would you choose? Not like I had a choice anyway, since my new bank took over the bank that took over my old bank that I would have stuck with if it weren't for ATM charges...
  • oh it's worse in the us.
    let's say you have a savings acount at bank foo, and you use bank bar's atm machine. bar will charge you anywhere from $.50 to $3.00 for letting you use their atm, kindof like they do to you, appearantly. then, your _own_ bank foo will charge you _again_, making a total of up to six bucks every time you use an atm. aren't they sweet?
  • by Anonymous Coward
    "For example, credit bureaus will not accept an update to anybody's credit report electronically - it is done by hand with tape drives"
    Having worked for one of the largest credit reporting agencies (the middleman between the bureaus and banks/brokers) in the US I have to say that the above statement is no longer true and has not been for some time.
    In most cases every month data from all financial institutions is sent electronically to the credit bureaus. They track you account balances late history, credit limit and maximum spent."
    They use this and other info to establish credit scores.
    At one time these scores where only used for quick credit checks - such as credit cards and in store loans. Now they are the basis for everything up to home and car loans.
    These scores are dynamically updated every time you do just about anything (job change, move, new credit card etc.)
    Every time you fill out a credit card application for the free crap they give you your score is knocked down a few points.
    Of course by law you are allowed a free credit report each year from the big three bureaus.
    However, the score will not be on there. They do not have to show the score to you and if the find out any affiliate agency is they will cut them off.
    I know that is a little bit off topic but it is a pet peeve.
    One last note- the security to get a direct connection to one of the big three may be difficult, but to get to one of the outside agencies would be extremely easy.
    That is all.
  • For anyone who actually knows the details of some of the systems mentioned: how much of a security compromise is this. For medical equipment, I suppose this might allow you to break into it and compromise it, causing it to operate in fatal ways. That would make tampering with over-the-counter medication look like the work of amateurs (wait, it was). However, since none of the systems mentioned are known for being on the Net, any tampering would require physical access. It would likely be an inside job.
  • by KiboMaster ( 129566 ) on Sunday April 16, 2000 @09:31AM (#1129300) Homepage
    Actually win95 stored passwords in Reg as plaintext. No encryption if you want to call XOR'ing encryption. 98 solved that problem by XOR'ing by a different string... I don't remember what it was, but it's not to difficult to set a password and reverse XOR it to get the orignal string back.

    As far as the ATM/bank computer encryption goes... I figured they'd be running 2048 Bit RSA. You're right some people will just never learn.

  • Why? So they can sit on it and sweep it under the rug for another month or so? Have a good look at bugtraq for awhile. You'll see this is exactly what companies do when they're babied. Surely, they deserve whatever is coming to them putting a rinky-dink crypto algorithm in cash machines.
  • "lew" is not a word.

    If it were, it wouldn't mean what it would have to mean to make sense in that sentence.
  • by Anonymous Coward
    Several posts here say something along the lines of:

    Don't encrypt passwords, hash them! Make sure there's enough information to identify a correct password, but not enough to reproduce it!

    Why are hashes inherently more secure?

    A hash is a non-injective function, so it is by definition not invertible, but a weak hash function can still be cracked. The reverse algorithm may not return the original password, but isn't one that yields the same hash just as powerful as the original?

    Is it simply that when you lift the requirement of injectivity (and thus invertibility) it becomes easier to write a more crack resistant algorithm?

  • Good systems use shadow passwords. So the real passwords go in /etc/shadow, which is unreadable by anyone but root and anyone but root can't even look at the encrypted passwords.

    Shadow passwords are only a small advance in security. A better hash function would work better. See The Srp Project [stanford.edu] for more details on this important consideration.

    Still, QNX looks pretty pathetic by todays standards.
  • "...the financial institutions just plain don't transfer important info over networks. The data is too valuable.

    I've worked at a bank. It was medium size (for it's market area, which I'm not going to reveal). They didn't know diddly about security. They fired the network admin assistant who was attempting to prove that anyone that could sniff the WAN (including all employees) could collect a LOT of passwords (including the main Admin password). We had a policy (largely unenforced and widely unknown, not to mention disregarded) about not sending customer/financial information via (internet) email.

    In response to the inevitable rebuttals: Yes, I know, I'm not talking about a CitiBank. But I am talking about an institution that is very representative of the many many banks it's size. Banks the size of the one I worked at (and smaller) form the a large percentage of the actual monetary system. It's like millionaires: Sure, they each have a lot of money. But the "middle class" together has a larger buying power.
    --
  • Oh you've probably forgotten this story from France:

    A guy from there has found a really serious security bug in the terminal which reads the card. He has done it in his spare time (he WAS a head developer for some financial company), and he went to the company responsible for this device.

    What did they do with him? They try to sue him! They made the police grep his house and take everything computer-looking with them, and they kept it!

    He had NO profit from this action. He could easily get THOUSANDS of FF.

    Bottom line: Don't trust the banks. They're ugly, fat and damn dumb.

  • Perhaps you are overlooking the possibility of someone being able to gain access to an ATM and issue some dispense commands to the cash dispenser. Sure, it is a remote possibility. Although, the "preferred" method here in LA may be more expedient: get a monster chain, wrap it around ATM and attach to your monster truck. Actuate throttle. Load ATM in truck. Urban legend? Who knows?
  • So do I read this right? The crypt() used in some libraries provided by QNX (which is analogous to unix crypt()?) is not a one-way hash?

    Oh.. btw....
    it would do really well for a lot of people to remember that just because people are using QNX as a kernel does not at all mean they are using these functions for anything. The embedded OS merely servers as a base for development. It's like they took the linux kernel ONLY and started development (okay.. maybe with libc too)
  • sean_k sent me new code that i never got around to posting. So i finally posted it. Check back to get it.

    ~Andy Brezinsky
    The freaked out DJ-Pyro watching his server suffer the effects of a good sunday afternoon slashdotting.
  • Well, the problem with DeCSS is that it was reverse engineered, which is prohibited by the various licenses on everything nowadays.
    QNX released the source to the crypt, so.. I can't see what they could charge anyone with...
    --
    David Taylor
    davidt-sd@xfiles.nildram.spam.co.uk
    [To e-mail me: s/\.spam//]
  • by howardjp ( 5458 ) on Sunday April 16, 2000 @09:53AM (#1129311) Homepage
    This is a really weak analogy, but it will do for now. Imagine you have a number x. Now, let's "encrypt" x using a simple reversable function. So let's take y = 2x + 3. If we have y, we know that x = (y + 3) / 2. Okay, now let's "hash" x instead and make y = x * x. Now, given y, we know that x = sqrt(y) or x = -sqrt(y). Therefore, the pricise value of x is not known.

    Yeah, I said it was not a great example and it has some other flaws (for instance, it doesn't matter which x you choose since they both work), but it should get the point across.
  • Let's examine your point a bit further, tempering your analogy to more closely model what happened here.

    Say my landlord put bars on my window, and I relied on them to keep me safe. One day, some passer-by notices that they are bolted into a rotting window casing, ripped the bars from the window using 2 fingers of his non-dominant hand, and said "Look, you're window casing is rotted", I would thank him.

  • But I would not appreciate neighbors breaking into my house by picking the locks to demonstrate to me that it could be done.

    This isn't like that. Nobody broke into your QNX system and decrypted your passwords to demonstrate the insecurity to you. This is more like a staged demonstration at a home security conference where they show how easy it is to pick a lock.

  • This has a definite "perpose". The guy who cracked it wanted to be able to log in to the root account on his i-opener (which runs QNX). I don't really see how that's any different than using de-css to play DVDs in Linux.
  • by Anonymous Coward
    We should all remember that the origin of this code was by people looking to access the root account of i-Openers that they had bought free and clear. Since we own the boxes we're cracking, it ain't cracking... it's hacking. And as Linus, NetPliance (and now the QNX) folks have learned... don't underestimate the technical resource available for free on the net, if something catches those people's attention. --Roastbeef
  • My house has bars on the windows put there by the landlord. They do a reliable job of protecting me against petty theives. But I would not appreciate neighbors breaking into my house by picking the locks to demonstrate to me that it could be done. I already know it isn't perfect. So in following the logic of your analogy, you would rather ignore the potential security issues of your house and run the risk of a malicious intruder breaking in instead of a non-malicious neighbor. If your neighbor had not have broken into your house and TOLD you about it, there was a very good chance that a malicious person could have been breaking into your house without your knowledge for some time, putting you and everyone else in your house in danger. Do you follow my analogy? Yes, public disclosure of security vulnerabilities does make people with malicious intent aware of the problem. But public disclosure also helps resolve security vulnerabilities quicker since the corporations have customers putting pressure on them to fix the problem. It also informs the masses who may be able to come up with a solution much quicker than the corporation whose product is affected. Granted, public disclosure does "open the door" for anyone until a patch is available, but who is to say that a malicious person hasn't already found the security vulnerability and has been using it to his advantage? In that scenerio, public disclosure might be the only thing that directs attention to the problem. That's my take on the subject at least.
  • by Anonymous Coward
    Your analogy is wrong. Breaking crypto code is not like breaking the bars on your window, it's like telling people how it can be done.

    At some point, someone told you that your door locks can be picked. Well, that's useful information, just like the information that bicycle locks can be frozen or crowbarred. Knowing that helps you make better decisions about how to use the products you have and how much to trust them.

    Information like that isn't for the company, it's for the customer, and I'm grateful that people bother working on this. Without this kind of information, people would still erroneously believe that IIS and NT are "very secure" on the strength of Microsoft's reputation and marketing.

  • by mosch ( 204 ) on Sunday April 16, 2000 @10:18AM (#1129318) Homepage
    QNX is designed for embedded systems, and its' big selling point is that it's a true real-time operating system. We actually use it at my office for a variety of purposes where we have to guarantee that a procedure runs, for example, 1500 times per second, no matter what.
    ----------------------------
  • by Anonymous Coward on Sunday April 16, 2000 @10:19AM (#1129319)
    I doubt there will be any "official" response to this so I figure I'll give an unofficial post:

    Crypt is *not* a form of secure encryption.

    QNX Neutrino 2.0 has the option of using a more modern crypt, not the version which has been cracked.

    QNX customers DO NOT use this as a form of strong encryption. Implying that QNX customers are suddenly at risk is irresponsible journalism, at best.

    There were a few comments about export restrictions. Yes, QNX does have secure technology which falls under these restrictions, no it's not crypt.

    ...oh yes, if you're interested in attending QNX200 please email us, there will be *major* announcements which you won't want to miss (linux users in particular).
  • by mosch ( 204 )
    It's worth doing some research, the account I have refunds any other banks ATM fees so I truly do get free ATM usage, no matter what the ATM machine claims. (I don't know if there's a limit, I've gotten up to $20-some USD refunded fees in a month though).

    Really, really useful for those of us who travel a lot or who don't want to go with one of the gigantibanks.
    ----------------------------
  • Dammit.. hit the wrong letter. :) Please forgive me, my knowledge is second-hand...
  • by Bwah ( 3970 )
    Last I check more ATMs ran on OS/2 than 95 or qnx. Course iv'e been out of that biz for 2 years now.
    thank god.

    dv
  • by Anonymous Coward
    /* 1'd l1k3 70 7h4nk 7h3 m0r0n5 4t QNX f0r wr171ng th31r 0wn cryp7
    func710n,
    4nd 7hu5 m4k1ng th15 pr0gr4m p0551bl3.

    -s34n

    533 L1C3N53 f0r l1c3ns1ng 1nf0rm4t10n...y3s..1t5 gpl
    */

    #1nclud3
    #1nclud3

    57a71c a5c112b1n(5h0rt x)
    {
    1f (x>='0' && x='4' && x='Z')
    r37urn (x-'4')+9;
    return (x-'4')+26+9;
    }
    ch4r b1t5[77];
    ch4r *quncryp7(ch4r *pw)
    {
    st4t1c ch4r n3wpw[14];
    1nt 1;
    1nt j,r0t;
    1nt b1t,0f5;
    ch4r s4l7[2];
    1nt t3mp;

    s4l7[0]=*pw++;
    s4l7[1]=*pw++;
    f0r (1=0;i72;i++)
    b1t5[i]=0;
    f0r (i=0;i12;i++)
    n3wpw[i]=4sc112bin(pw[i]);
    n3wpw[13]=0;
    r07=(s4l7[1]*4-s4l7[0])%128;

    f0r (i=0;i12;i++)
    {
    f0r (j=0;j6;j++)
    {
    b17=n3wpw[i]&(1j);
    b1t5[i*6+j]=b1t?1:0;
    }
    }
    b1t5[66]=1;
    b1t5[67]=0;

    wh1l3 (r0t--)
    {
    b1t5[66]=b1t5[0];
    f0r (i=0;i=65;i++)
    b1t5[i]=b1t5[i+1];
    }

    f0r (i=0;i8;i++)
    {
    n3wpw[i]=0;
    f0r (j=0;j7;j++)
    {
    b1t=b1t5[i+j*8];
    n3wpw[i]|=(b1tj);
    }
    }
    n3wpw[8]=0;
    r37urn n3wpw;
    }

    1nt m41n(1nt 4rgc, ch4r *4rgv[])
    {
    ch4r *cr;

    1f (4rgc!=2)
    {
    pr1n7f("QNX Cryp7 D3f3473r.. by S34n\n");
    printf("r3v3r5e [h4shc0d3]\n");
    ex1t(0);
    }
    pr1n7f("Uncryp71ng...b00y4!\n");
    cr=quncryp7(4rgv[1]);
    pr1n7f("Cl34r73x7:%s\n",cr);
    }

    /* 1'd l1|='0' && x='4' && x='Z')
    r37urn (x-'4')+9;
    return (x-'4')+26+9;
    }
    ch4r b1t5[77];
    ch4r *quncryp7(ch4r *pw)
    {
    st4t1c ch4r n3wpw[14];
    1nt 1;
    1nt j,r0t;
    1nt b1t,0f5;
    ch4r s4l7[2];
    1nt t3mp;

    s4l7[0]=*pw++;
    s4l7[1]=*pw++;
    f0r (1=0;i72;i++)
    b1t5[i]=0;
    f0r (i=0;i12;i++)
    n3wpw[i]=4sc112bin(pw[i]);
    n3wpw[13]=0;
    r07=(s4l7[1]*4-s4l7[0])%128;

    f0r (i=0;i12;i++)
    {
    f0r (j=0;j6;j++)
    {
    b17=n3wpw[i]&(1j);
    b1t5[i*6+j]=b1t?1:0;
    }
    }
    b1t5[66]=1;
    b1t5[67]=0;

    wh1l3 (r0t--)
    {
    b1t5[66]=b1t5[0];
    f0r (i=0;i=65;i++)
    b1t5[i]=b1t5[i+1];
    }

    f0r (i=0;i8;i++)
    {
    n3wpw[i]=0;
    f0r (j=0;j7;j++)
    {
    b1t=b1t5[i+j*8];
    n3wpw[i]|=(b1tj);
    }
    }
    n3wpw[8]=0;
    r37urn n3wpw;
    }

    1nt m41n(1nt 4rgc, ch4r *4rgv[])
    {
    ch4r *cr;

    1f (4rgc!=2)
    {
    pr1n7f("QNX Cryp7 D3f3473r.. by S34n\n");
    printf("r3v3r5e [h4shc0d3]\n");
    ex1t(0);
    }
    pr1n7f("Uncryp71ng...b00y4!\n");
    cr=quncryp7(4rgv[1]);
    pr1n7f("Cl34r73x7:%s\n",cr);
    }

  • Should have posted it on bugtraq or another full-disclosure list... or go to the BBC. I'm sure they would have reprinted anonymously - they have the integrity to go toe-to-toe if the story is worth it. They are comparable to the US' NY Times - they do their research!

    He was naive. I've found a couple bugs too in turn-key systems. They have all been reported anonymously.. and fixed. Who do you blame if you don't have a name?

  • I don't remember what it was, but it's not to difficult to set a password and reverse XOR it to get the orignal string back.

    That is, if you have the string that has been used as a XOR mask, else if you don't have access to that string at all and don't know what the original password is, you are screwed. XOR'ing CAN BE used for a really strong symetric encryption, that is if the string used to make the mask is as long as the original string, and if you use it only once.

    The problem is then to transmit that masking string...

    ---
    guillaume

  • That's right, but there's no good way to find this.

    If you have a good hashing algorithm, you'd still have to brute-force search the keyspace to find a password that hashes to that value. And chances are, there aren't many other values that hash to it (hopefully none, use more bits for the hash if needed...)

    If you had a *really* bad hashing algorithm, then there would be a lot of collisions, and it would be easy to find another password. But that's why we have peer review and whatnot...

    And you can't reverse a hash to steal a password, that's the big advantage. :)
    ---
    pb Reply or e-mail; don't vaguely moderate [152.7.41.11].
  • I would not worry about this too much for general QNX based systems ... you have to actually have access to the system before you can decrypt the passwords. This does have implications for Netpliance since all their systems have the same root password, and obvious security breach for them and I expect to see their stock plummet again. Thankfully they should be able to update the i-openers the next time they connect to Netpliance's to check for updates.

    This will of course further strain the relationship between Netpliance and the i-opener hackers. I can see them possibly going after all the people involved and sue them for trade secret violation.

    This also raises problems between geek culture and the rest of society ... geeks will be seen as being more dangerous and laws will be passed (or the DCMA used) to procecute more people furthering the increasing alienation of the geek culture that has created the internet & computer industry in general.

    My wonder is when this will get to the poing an we will ban to gether and start an undergound to fight back against the company controled society & government.

    SubSolar

  • by / ( 33804 )
    Stupidity alone may not be immoral, but abject negligence usually is. If someone's actions will have adverse consequences for an enormous number of people, then by most moral systems, he has an obligation to exercise due care, including hiring an expert if his own capabilities are insufficient. Remember, it's not his state of mind that matters but rather the state of mind of the hypothetical reasonably prudent person.

    And your notions of libel are equally off-base, at least by American legal principles. Since pyxd isn't a public figure, all he has to demonstrate is that his reputation suffered because of someone's false statements. Malicious intentions needn't be proved.
  • by Morgaine ( 4316 ) on Sunday April 16, 2000 @11:55AM (#1129349)
    The frightening thing is that some ATMs run Windows. There was a link on Slashdot about a year ago to an ATM screen that was hanging there unavailable because something in Windows had crashed and was displaying the standard error requester waiting for some non-existent operator to click on "OK".

    Meanwhile the people wanting their cash waited, and waited, while the geeks giggled ...
  • by Syberghost ( 10557 ) <{moc.tsohgrebys} {ta} {tsohgrebys}> on Sunday April 16, 2000 @12:40PM (#1129354) Homepage
    Guys.. I know people who work/have worked for financial institutions. I'd estimate the security to be B2 or above (if it was government certified). Unlike the DoD's "NIPR" net which was /supposed/ to be physically disconnected from any/every other network, the financial institutions just plain don't transfer important info over networks. The data is too valuable.

    And I have written code for small banks, and installed their networks. (I'd say designed, but in every case they overrode most of my security requirements and designed their own.)

    You may very well be correct regarding large financial institutions, but little banks make do with the same resources as all other little companies; whatever they can scrounge from the cheap end of the local talent pool.

    The largest bank in my home town transfers their data over an IPX LAN using Cisco routers configured and maintained by a company whose average "network engineer" is less than 21 years old.

    The most competent network engineer currently at that company was once fired for running a warez site on a company PC, and it's not at all uncommon for them to snoop customer traffic including bank dialups, which I know for a fact sometimes use the same passwords as they use internally.

    There is NOBODY at that bank who can check those routers to make sure they aren't doing other things, such as TCP/IP to all the dialup-connected PCs also on that LAN, or something else through the 56k leased line to Compuserve for credit verification, etc. I suspect, but can't prove, that there's nobody there who even knows the router passwords.

    Said bank's employees frequently install software brought from home or downloaded off the net. Said bank has no firewall for those internet connections.

    Said bank has physical security that includes a branch office with no cameras, a consumer-grade alarm, friends and family of college-age employees routinely coming and going, and an unfirewalled direct LAN connection to the main building.

    Oh; and until recently, they had their System 34 and later System 36 in that branch office. Fortunately, their Unix systems and Novell servers have never been in that building.

    The lock on the back door was a cheap consumer-grade door lock. Pickable with a screwdriver and a paper clip, I'd estimate. EASILY pickable with tools, and this has been demonstrated to them.

  • someone posted the code a half page above my post (<a href="http://slashdot.org/comments.pl?sid=00/04/16 /1324233&cid=15">here</a>, but for some stupid reason it was moderated down... and he forgot to use &lt;pre&gt;<p>

    I think they recommented the <a href="http://www.i-opener-linux.net/decrypt/revers e.c">code</a> making it easier to understand<p>
  • Well there is a way to do cryptanalysis on DES,

    kinda, sorta, not really,

    it's called
    differential cryptanalysis and it's based on a
    known plaintext attack (which means you have some
    plaintext and some cyphertext), but it's
    really nasty to do and even harder past 6 round
    DES.
    ****************************************** **
    Superstition is a word the ignorant use to describe their ignorance. -Sifu
  • Heard of OpenBSD? They hash their passwords with four blowfish rounds (eight for root). I do not think you can crack that in a week or less. I do not think even MD5 password encryption (now available on Linux), admittedly much weaker than blowfish, can be cracked in that time. (Not with reasonable means, of course.)

  • <i>So I should just copy/paste every article into a /. post and I'd rack up the point? The new quick n' easy way to become a karma whore!</i><p>

    by all means if you're a karma whore... but where it's actually useful is when it's something that could be slashdotted or taken down for "stealing IP"... like someone posting the crucial parts of decss...
  • Which is exactly why QNX could not have used the standard UNIX crypt - it's not consistent in the number of cycles required to execute under different circumstances.
  • No, they couldn't. Not if they're shipping internationally and it's two years ago when you simply *COULDN'T* export DES. Ever.

    This is silly. Of course they *COULD* have used DES, if they had no need for an export audience.
  • I am a professional InfoSec consultant, but I am not speaking professionally here. This is not my professional advice.

    Don't encrypt passwords, hash them!

    Hash algorithms are intimately related to encryption algorithms; so much so, in fact, that you can take any iterative block cipher and turn it into a hash. Just run it in CBC mode with a fixed key and IV, and your last ciphertext block becomes a hash of the algorithm. The hashes which are produced with most block ciphers are weak, but that's because most block ciphers today use 64-bit blocks--64-bit hashes simply aren't big enough. Using an algorithm like Twofish or Rijndael (both AES candidates, which have 128-bit block sizes) allows you to create a modestly good hash algorithm.

    That said, dedicated hash algorithms are likely going to be stronger than strong crypto converted into a hash algorithm. It's just as much of a fickle art to craft a good hash algorithm as it is to craft a good encryption algorithm. Ron Rivest is (rightly) hailed as a brilliant cryptographer, but he's still yet to make a uniformly strong hash algorithm. (MD5, while still in wide use, has some vulnerabilities; while it's secure enough for most purposes, it is not -uniformly- strong. Even the NSA has problems, as demonstrated by how quickly SHA-0 was abandoned for SHA-1.)

    An interesting login scheme that I've heard of is ridiculously simple. Have a user send a timestamp to the server, signed with their asymmetric public key. The server attempts to check out the signature; if it passes, great, the user is authenticated. It's not perfect by any stretch of the imagination--it's vulnerable to all the attacks presently existing against asymmetric cryptography, and probably has another vulnerability or two in there somewhere--but it's an interesting and simple solution to the problem.
  • by Anonymous Coward
    Bah, on second though, we're only talking about ATM machines, no big deal.

    The way I seem to be reading all the threads on this topic is that many people seem to think that QNX is a standard desktop operating system. And all the script kiddies seem to be thinking that QNX has made a blunder.

    They have not. QNX is not designed for servers. It is designed for embedded systems. Embedded system engineers (I happen to be one) tend to lock things out right at the front door.

    Just about any use of QNX in the field would probably not include the standard login package. That is part of the POSIX emulation facility in QNX. That is certainly not something that you would deliver, say, a SONET mux or a Point-of-sale system (actually one place where QNX is very popular) with.

    The fact that Netpliance chose QNX for the iOpener seems to me like they downloaded the single-disk demo from QNX that included TCP/IP, PPP, and a small GUI and web browser (The demo disk is probably what gave them the idea). This was a mistake on the part of Netpliance. They really should have hired some Engineers familiar with QNX to design a more robust shell around it's kernel and GUI.

    Don't blame QNX. Those guys know what they are doing. QNX is the tool (and a very good one at that -- it's just not a desktop or server operating system where you expect security to come by default), Netpliance is the company that sliced their fingers off...

  • I use QNX just about every day, so I can tell you that they simply don't care about security that much. If I get root on a QNX box, that's enough permissions to overwrite all the passwd and shadow files on all the QNX boxes on the same network. This is a feature, not a bug, since it means I can also write to //27/dev/modem from node 12. QNX is *legions* ahead of Linux in terms of clustering, it's just less sexy because it's proprietary. The quality of the engineering in that product is nothing less than stellar in all areas that they care about. So what if you can decrypt the passwd file on my life support or Air Traffic Control? By the time those systems are deployed, they don't even have a shell installed, let alone telnetd! QNX was not the right choice for the I-Opener, because the I-Opener hasn't ended up being the kind of embedded device QNX was designed for. Nobody cares if you root a QNX box because any QNX box where that would be a problem isn't rootable even by the people that should have root. Do you think people go around telnetting to traffic lights or to the ABS system in your car? Of course not. Those systems don't allow anyone to log in at all, period, whether you know the password or not. QNX is so heavily optimized for high-performance clusters and hard real-time systems that nobody in their right mind would use it for something where this was an issue. You have to use the right tool for the job, and while QNX is a great tool for its jobs, it was not the right tool for the I-Opener. Fixing this problem won't be worth their time.
  • So, I read this and I tried this out on a couple of the QNX machines I use. Guess what??? You still need to have root access to use the frigging program in the first place. Shit, if I have root access I can just change people's passwords and make my own accounts. It sucks that the encryption ended up not being one-way, but it doesn't make all QNX machines wide open for attack! This would be the same as under any other UNIX style OS that uses /etc/passwd in combination with /etc/shadow. It would be nice of people actually had a bit of a clue before jumping up and down. Oh, and for the record, Neutrino (the new QNX OS) uses a different password encryption by default.

    chris mckillop
  • I knew nothing more than DOS, and yet I made Slackware install back in 1994. It wasn't that hard. Red Hat, on the other hand seems to want to make things intentionally different, which is a bad thing, IMHO. Oh well. Shrug. Got Slack?

    Hey Rob, Thanks for that tarball!
  • that they were probably trying to write a hash function but accidentally used only reversible contructs.

    The operations they use look like lots of amateur "crypto" I have seen - an obfuscation of meaningless operations. I guess an algorithm like DES looks equally meaningless and obfuscated to someone who doesn't understand the underlying principles.

    BTW, the BSD md5_crypt includes some equally meaningless and obfuscated operations and was probably written by someone without serious crypto knowledge. However, since he had the good sense to use MD5 as the underlying building block it is still secure.

    ----
  • I don't complain. I use E. :-)

    Hey Rob, Thanks for that tarball!

On a clear disk you can seek forever.

Working...