Cryptography Expert Sounds Alarm At Possible Math Hack

netbuzz writes "First we learn from Bruce Schneier that the NSA may have left itself a secret back door in an officially sanctioned cryptographic random-number generator. Now Adi Shamir is warning that a math error unknown to a chip makers but discovered by a tech-savvy terrorist could lead to serious consequences, too. Remember the Intel blunder of 1996? 'Mr. Shamir wrote that if an intelligence organization discovered a math error in a widely used chip, then security software on a PC with that chip could be "trivially broken with a single chosen message." Executing the attack would require only knowledge of the math flaw and the ability to send a "poisoned" encrypted message to a protected computer, he wrote. It would then be possible to compute the value of the secret key used by the targeted system.'"

The NSA

[proudfoot]

The problem with backdoors, is that noone can guarantee who uses them. While it allows for (possibly) justified surveillance by our government, it also allows for it by others.

The United States, or the NSA, doesn't have all the world's best cryptographers. Russia, China, etc, other nations have excellent skill in these endeavors. Ironically, by trying to protect the nation, the NSA runs the risk of opening us up to foreign espionage.

Re:

[hax0r_this]

Which is why I, for one, doubt that the back door was intentional. The approval that NSA gives is primarily for use by the US government itself, and most of the obstacles that NSA faces in spying on our own government are bureaucratic ones, not technical ones.

NSA "Suite A" is the real problem.

[Kadin2048]

Which is why I, for one, doubt that the back door was intentional. The approval that NSA gives is primarily for use by the US government itself, and most of the obstacles that NSA faces in spying on our own government are bureaucratic ones, not technical ones.

I agree, for what it's worth (not much, but we're mostly all armchair generals here, why not join in the fun?).

The flaw seems too obvious to really have been something illicit. If it was an attempt at a backdoor, it was pretty stupid. And it was a weird/improbable way to create a backdoor -- it was PRNG, not really a cryptographic function per se, and while knowing its output could help you break a system, it wouldn't guarantee it. The people at the NSA had to know it would be combed over.

But the fact that it seems to be incompetence rather than malice doesn't make me feel a whole lot better. There are still a bunch of secret-algorithm ciphers [wikipedia.org] around and in use (and which the government, in its infinite wisdom, treats as more secure than the openly-reviewed ones), that the NSA is basically the only organization that has any access to. If they could miss such a trivial flaw in a PRNG that they knew was going to go out for public scrutiny, what could they have let slip by in a cryptographic function that was supposed to be a state secret?

NSA/GCHQ Private IS open review, practically

[igb]

There are still a bunch of secret-algorithm ciphers around and in use (and which the government, in its infinite wisdom, treats as more secure than the openly-reviewed ones),

The breadth and depth of cryptographic skill,. experience and knowledge behind the wire at Cheltenham and Fort Meade is orders of magnitude than that outside. The review process internally is actually far higher quality than that externally. This isn't like software, where even Microsoft doesn't employ a measurable fraction of the software engineers in the world. GCHQ plus NSA is the vast majority of the cryptographers, plus they have libraries and testcases and methodologies dating back fifty years that the rest don't have access it.

In that case, the benefit of open review (that, just possibly, someone in the small pool of non-spook cryptographers who know what they're doing might find a flaw) is far less than the downside (that your opponents get to see what a modern code system looks like). The lowdown on a modern close-world cipher system would reveal attacks they are defending against, give a good impression of their real capabilities and so on. Yes, in a real shooting war, the spooks have to allow for their crypto systems falling into the wrong hands. But in the current climate, the tactical stuff will be exposed, but the strategic stuff can be closed algorithms and closed keys: what's not to like?

This reminds us all of the S Box hoo-hah, where elaborate theories were put forward by open community `experts' about the `flaws' in the S Boxes in DES. It turned out, of course, that they were optimal against an attack that wasn't even public, and close to optimal against other attacks that (allegedly) weren't known to anyone. I'd take a cipher system that the NSA or GCHQ approves for government use over anything advocated outside the wire., simply because the chances of an intentional weakness in the former are far smaller than the chances of an accidental weakness in the latter.

We went through all this is the discussion about the S Boxes

Re:

[pthisis]

The breadth and depth of cryptographic skill,. experience and knowledge behind the wire at Cheltenham and Fort Meade is orders of magnitude than that outside. The review process internally is actually far higher quality than that externally. This isn't like software, where even Microsoft doesn't employ a measurable fraction of the software engineers in the world. GCHQ plus NSA is the vast majority of the cryptographers, plus they have libraries and testcases and methodologies dating back fifty years that th

Re:

[0xygen]

1) is a serious problem though. We can never PROVE it is backdoored unless someone steps forward with those numbers. We can NEVER prove it is NOT backdoored, as we cannot PROVE that no-one has the numbers, so are compelled to treat it as backdoored.

2) is about specific cases where particular categories of mathematical failures actually lead to the compromising of the private key, which is significantly more dangerous. It is not about utilitising typical exploits like buffer overflows to take over and kind

Re:

[Anonymous Coward]

Exactly, which is sort of the best proof against the NSA trying to do something like this. If anything they aren't that stupid and they seem to take their mission pretty seriously. Don't forget that half of their goal is to protect US signals.

I'm not sure, maybe it's election season and so some of these guys are tying to raise the specters again. The Intel bug was with floating point operations and the vast majority of cryptography doesn't use any of that. Of course it's possible that there could be o

Re:

[Workaphobia]

Just as I can't believe this article itself made it to the front page. Why the hell did someone think it was newsworthy to state that vulnerabilities are bad and flaws can be exploited? This just in: The NSA keeps secrets, Schneier fears the government, and bugs in hardware platforms can theoretically hurt their users.

Re:

[account_deleted]

Comment removed based on user account deletion

So...

[teh moges]

So, if a security bug is present an exploit could happen...?

Original article

[sk19842]

TFA is just a summary of an article yesterday in the NYT: http://www.nytimes.com/2007/11/17/technology/17code.html?ref=technology [nytimes.com]

Re:

[RuBLed]

Yup and TFA really had nothing much to do or even related with NSA's officially sanction random number generator. Mr. Shamir is talking about math error in our processor's ever increasing complexities, much like what happened in Intel back then.

There are no terrorist mentioned!! Sensationalist networkworld...

how many encryption schemes us floating point?

[Kuciwalker]

It seems to me that the most likely source of a math error is in the floating point unit, since floating point math is far more complex than integer math. I've always understood that most crypto is based on integer math, both because it's based on number theory and because floating point math isn't exact. Doesn't that make this sort of exploit extremely unlikely?

Re:

[Traa]

Compared to cryptographic algorithms, floating point math isn't that much more complex then integer math. Also, floating point math is exact since floating points representations (like IEEE 754) are eventually all calculations and representations in bits which are always exactly reproducible.

Re:

[Kuciwalker]

Compared to cryptographic algorithms, floating point math isn't that much more complex then integer math.

Yet the claim is that an actual error in the implementation of elementary amthematical operations on the processor could weaken a cryptographic algorithm run on that processor, even if the algorithm itself is implemented flawlessly in source. Therefore the relevant question remains "where are processor bugs most likely to occur?"

Also, floating point math is exact since floating points representatio

Re:

[gweihir]

Actually IEEE 754 does not describe what algorithms have to be used. It does, however, require that calculations have to be exact in every result bit and recommends to use longer numbers internally and well-conditioned algorithms. Sometimes implementers screw up, though.

Re:how many encryption schemes us floating point?

[evanbd]

In the past there have existed implementations of integer math that used the floating point unit. The only one I know of off hand is the Prime95 Mersenne prime search program. I imagine there are others, though. The reason for this is simply that the floating point units were faster -- more bits per operation. The x87 FPU instructions operate on 80 bit floating point numbers, compared to 32 bit integers (the floating point numbers can't use the exponent bits, but it's still more than 32 by a lot). If your code is sufficiently parallel, and you put forth the effort, there was a performance gain to be had. I don't know if this is still the case in modern CPUs (especially 64 bit ones), but it's entirely possible to do high-performance integer math on the floating point unit.

Re:

[EvanED]

What?

The point the OP was trying to say was that if the error is in the FPU, that isn't used for integer calculations at all, and so wouldn't be exercised by security code. I don't know if this is true, but for instance RSA in theory is all integers.

Re:how many encryption schemes us floating point?

[gweihir]

The point the OP was trying to say was that if the error is in the FPU, that isn't used for integer calculations at all, and so wouldn't be exercised by security code. I don't know if this is true, but for instance RSA in theory is all integers.

The FPU can be used for integer math. IEEE 754 states that all results from Integer calculations that can be exact, need to be. The exponent gets denormalized for this case. So DOUBLE, for example, can be used as 54 bit unsigned Integer plus sign bit. I have used this occasionally in languages with no 64 bit integers, wne 32 bit were not enough.

Re:

[stephentyrone]

[pedantic]53 bits, actually. Double precision has an explicit 52 bit significand with one implicit bit for normal numbers. So all integers that can be represented in 53 bits are exactly representable in double, but half of the 54 bit integers are not -- those with the least significant bit set.

I'm not sure what you mean by "the exponent gets denormalized for this case." Denormal, when used to talk about floating-point, refers to numbers with the smallest exponent, for which there is no implicit leading b

Re:

[gweihir]

Ah, did not look into my copy of IEEE 754. Could be 52 bits.

As to denormalized, if I remember correctly the matisse part of an IEEE754 number should be between 0.5 and 1.

Re:

[ajs318]

That is done so that the mantissa begins with a one. You don't actually need to denormalise at all. You only lose accuracy if there are more digits in the answer than will fit in your chosen representation. Obviously, a recurring fraction won't fit into any representation (example: 0.1 in decimal is 0.0001100110011 ... 0011 ... in binary). Note that if you isolate the recurring part, the ratio between it and the same number of ones is the exact fraction. i.e. 0011 / 1111 = 3 / 15. But there is one

Re:

[gweihir]

[pedantic]53 bits, actually. Double precision has an explicit 52 bit significand with one implicit bit for normal numbers. So all integers that can be represented in 53 bits are exactly representable in double, but half of the 54 bit integers are not -- those with the least significant bit set.

Hehe, no! It is 52 bits plus a sign. A 2s complement 53 bit number can represent one number more, namely the negativemost integer. But IEEE754 has both a negative and a positive zero, while 2s complement has only one.

Re:

[tgd]

Okay, fess up. You hit submit and your first thought was "D'OH!" and you wished, as we all have, that Slashdot let you edit posts...

Re:

[Ann Coulter]

Maybe the FPU shares circuitry with the integer instruction circuitry.

Re:

[lpontiac]

Maybe the FPU shares circuitry with the integer instruction circuitry.

I'm guessing the people modding you +1 funny don't realise that earlier (pre-Prescott) Pentium 4 processors implemented integer multiplication instructions using the floating point unit [chip-architect.com].

WTF "terrorist"

[Timothy Brownawell]

Wouldn't pulling off something like this require a level of knowledge and togetherness more in line with a government agency, rather than a "terrorist" group? The results would also be more in line with what a government agency would want ("we have your secrets, ha!"), rather than what a terrorist would want ("Maybe I can't blow up a bridge / poison your water supply / whatever. But then maybe I can. So while you're deciding whether to go do things or hide under your bed all day, I have a question for you: do you feel lucky?").

Re:WTF "terrorist"

[the eric conspiracy]

While government agencies surely have the upper hand here, there is always the possibility that a mole in the NSA gets their hands on the backdoor information, or a lone genius working in say Russia finds a mathematical flaw in the system.

As far as poisoning your water supply etc. lookie here:

http://sandia.gov/scada/home.htm [sandia.gov]

Hardware errors are a potential problem, but they are #3 on the list after human and software problems. Why search for hardware problems when the first two are far more likely to bear fruit?

Re:

[gnasher719]

Wouldn't pulling off something like this require a level of knowledge and togetherness more in line with a government agency, rather than a "terrorist" group?

Not necessarily. If you have a fault in a processor that will get a certain calculation always wrong in a predictable way, and the source code for a decryption engine available, then this _may_ be enough for a talented hacker with lots of time, with the help of a good mathematician, to crack the system. Depends on what the fault is.

Terrorists?

[Anonymous Coward]

Why does everything have to come back to terrorists? They kill a small number of people and people go nuts about them. Hunger, disease, motor cars, lightning, ... All these things have killed far more people than terrorists and they don't get brought up at every *FUCKING* opportunity. Yeah. I'm pissed off. If the terrorism obsessed turned on their brains for a picosecond they might realise that they have caused far more damage than any terrorist has.

Re:

[LaughingCoder]

Hunger, disease, motor cars, lightning, ... All these things have killed far more people than terrorists

It's about the derivative. Terrorism deaths are growing geometrically. The other causes of death you mention are essentially steady-state. Think about it. In the 70s terrorism acts killed in the single digits (Munich). In the 80s, individual acts of terror killed in the 100s (Lockerbie). In the 90s/00's they have upped the ante to 1000's. And if they get their hands on a dirty bomb or chemical weapon, t

Re:

[gweihir]

Terrorists will not kill millions. Far too bad press for them. They are not waging a physical war, but one of the mind. As long as uou US sheep keep being afraid, they may not even consider serious new killings. After all they do want terror, not real damage. 9/11 was a bit excessive on the damage side, but, to misquite a Geman banke, 9/11 was "peanuts" in the greater sheme of things. The reaction to 9/11 was not, unfortunately. The reaction may by now have caused a damage multiplication by 1000 or even mor

Re:

[synthespian]

It's about the derivative. Terrorism deaths are growing geometrically. The other causes of death you mention are essentially steady-state.

They are? I don't know about that, have you read the recent numbers on hemorrhagic Dengue fever in Brazil, for instance? Did you consider the recent Bangladesh cyclone? I'd like to see how you treated the 1970 one that killed 500,000 people.

LOL :-)

Anyways, didn't the US military say terrorist attacks in Iraq were going down?

Where the hell do you get your facts from?

Re:

[LaughingCoder]

extrapolating way off into the future and treating it as fact.

Where did I treat it as fact? I cited facts. The trend is undeniable. True, the trend could stop, or reverse. But so far, it hasn't. Ignore trends at your own peril.

Re:

[KevinIsOwn]

As an AC pointed out, you absolutely did not cite facts. You mentioned events, but even so, some years have had more acts of terrorism than others, and you are selecting events to try to fit into a trend you just thought up. If you find an actual study that takes into account all acts of terrorism and can find a geometric relationship, I'd be extremely surprised.

(Even your suggestion of terrorism killing people in the single digits is wrong)- The RAF group is just one quick mention of a group that was ac

Re:

[at_slashdot]

You have a point but I would rather talk about wars not about terrorism because wars killed million of people. As for lightning there's not much we can't do about it, unless you prefer to walk in Faraday cages for the rest of your life -- btw, I assume that caged terrorists cannot be hit by lighting...

Re:

[bigberk]

I agree, and I'd say the bigger threat in the context of this article is organized crime. Take for example the botnets/zombie networks, which are an advanced network technology made possible through software exploits. These technology attacks are leveraged for spamming, marketing, denial of service and other forms of extortion.

As far as threats to the nation, the spam and popups are just the "tip of the iceberg".

Obviously, the criminals use some pretty smart minds to seek and exploit software weaknesses. I

Risk evaluation

[mcrbids]

People generally evaluate risk on largely emotional terms. For this reason, we frequently make gross errors in risk assessment.

1) When we think there's somebody out to get us, we evaluate that risk very highly, even when there are more immediate but "random" risks clearly at hand. For example, a "terrorist" is a bogey-man, it's somebody out to get you. But hunger has no bad guy, and neither do disease, auto accidents, and lightning.

2) We evaluate as "risky" situations where we are not in immediate control,

Re:

[jimicus]

A very good friend of mine unwittingly gave me an insight which I think explains it very nicely.

As far as I can tell, his source of news is "whatever the headlines in the mainstream media are this week". When the corrections come out much more quietly six months later, buried underneath an advert for a home course in Swahili, he misses them entirely.

As far as he's concerned, Osama bin Laden is from Afghanistan (and is probably still living in a cave there), Saddam Hussein had weapons of mass destruction an

Re:

[djmurdoch]

Bruce Schneier is brilliant, no question about it, but the man has terrorists on his brain, and ever since 9/11 they have been the perpetual example in Crypto-Gram.

Are there two Bruce Schneiers? The man you are describing is nothing like the one I read (other than being pretty smart, I guess). This [schneier.com] is a typical recent example. His main message about terrorists has been to put the terrorist threat in perspective and not to overreact to it. (He was mentioned in the summary because another theme he pursues

don't understand

[TheSHAD0W]

I'm not sure how Mr. Shamir envisions a simple "math error" causing a problem. A buffer overflow exploit, perhaps, but not a math error... A user on a flawed but protected computer receives a "poisoned" encrypted message, opens it... And what happens? The math error, say, elicits some aspects of the user's private key in the decoded message; but how does the attacker then obtain that information without already having access to the machine? Further outgoing messages wouldn't have any usable information, no modern cryptosystem allows a received message from affecting any such message; a code exploit might affect the system's PRNG, but a math error shouldn't feed back to the PRNG unless it was horribly implemented. Without something affecting the user's machine's code execution, I can't see any way for an attacker to utilize a math error in a decryption function.

Re:don't understand

[SiliconEntity]

I can't see any way for an attacker to utilize a math error in a decryption function

Actually this is a common attack scenario in security protocol analysis. While it does not always happen in real life there are ways it can occur. For example, you try to decrypt the message and get garbage. So what do you do? You send the garbage back to the guy, saying, I couldn't read your message, all I got was this junk. Now you have been tricked into acting as what is called an "oracle" for the decryption function. This opens up a number of attacks which is why the best cryptosystems are immune to such problems.

Re:

[Jarjarthejedi]

Wow...and I thought I knew the extend of user stupidity, sending back an unsolicited message because you couldn't decrypt it (since it's fairly obvious these people wouldn't be simply sitting around waiting for people to ask them to send an encrypted message) seems to me to be quite absurd, sending it back partially decrypted even more so.

I mean, I could understand it if it was solicited communications, but what are the odds you'll happen to start into an encrypted conversation with someone who just wants y

Re:

[PitaBred]

On the other hand, if you had taken control of someone's account, then you'd be masquerading as the intended recipient. Seems perfectly reasonable to work with someone who they'd think should be getting the message.

There's more to it that email exchanges

[apankrat]

Consider low-level handshake protocols. There is, for example, an attack on SSL that allows recovering private RSA key by measuring response delays of a victim. These responses are mandated by a protocol, so they are (in a way) solicited.

Re:

[yabos]

Can you post a reference for that? If that's true how come people aren't breaking SSL all the time?

Re:

[drfireman]

You send the garbage back to the guy, saying, I couldn't read your message, all I got was this junk.

While this could certainly happen, the brief reports I've seen suggest that the math error is in itself sufficient, you don't also need the targeted user to be incredibly stupid.

I take that back

[TheSHAD0W]

Sorry, I was looking at this the wrong way. The "math error" Mr. Shamir must be talking about, with regard to "chips", must be an error in the logic system in an arithmetic logic unit. An error that might, for instance, cause one or more bits in a register to stick in one state or another, would indeed affect future messages, disrupting PRNG (both encryption algorithms and one-way) and public-key computations. I doubt a system so badly affected could continue to operate for very long, but an attacker who

Re:

[garompeta]

>I can't see any way for an attacker to utilize a math error in a decryption function.

In the same way you aren't the "S" in RSA. Give him some credit, will you?

Re:

[eli pabst]

In the same way you aren't the "S" in RSA.

He's also the same 'S' in the FMS attack that first cracked the WEP encryption protocol. Like Schneier, I'd trust his opinion until it's proven otherwise.

Re:

[drfireman]

From the brief report, it sounds like any bug whatsoever would be sufficient to compromise any system. In the slightly more detailed version to which someone posted a link, you see that the vulnerability requires knowing of a pair of integers whose product is computed incorrectly. It also requires some more minor assumptions.

Alas, Shamir's post didn't clarify, at least to my undereducated ears, how the targeted machines are coerced into producing a reply. Do most machines have ports open that will engage

Re:

[TheSHAD0W]

But the point I was trying to make was, how would the attacker retrieve that information?

That's the way you'd do it

[slashdotmsiriv]

Step 1: The attacker an SSL session with a web server

Step 2: Generate the "poisoned" SSL session shared key K1, and encrypt it with the server's public RSA key

Step 3: The server decrypts the poisoned SSL session shared key K1 with its private key and obtains a value K2, which is
different than the original poisoned shared key K1. If the shared key K1 was not poisoned, K2 would be equal to K1,
but the attacker is exploiting an error in the CPU implementation that causes K2 != K1.

Step 4: All the AES-encrypted m

Re:

[TheSHAD0W]

Okay, I understand the attack now, but I don't see how an attacker can utilize this bug without access to the output of the decryption of the "poisoned" message. Given such access, the attacker doesn't need to use such an exploit, he already knows what is on the target's computer.

Re:

[dgatwood]

I think the issue is that an incorrect value in a certain critical operation in the construction of the private and public keys creates a mathematical relationship between the public and private keys that otherwise would not exist, and therefore you can then determine enough information about the private key to significantly weaken it, if not extract it outright, merely by encrypting a particular message using the public key. That said. I only skimmed the article, so I could be way off.

Ron Harris did some thing like this with slots

[Joe The Dragon]

Is this chip / software used in any slot / video poker games?

In other words...

[3seas]

how to cause the blue screen of death to happen simultaneously across all computers...

Any Error == Broken SSL and HTTPS

[flyingfsck]

In my experience, the slightest error will render the whole cypher text unreadable, so it won't take long for people to complain that all HTTPS shopping sites don't work with a specific computer system and then that system will end up in land fills really quickly.

I was wondering about that as well

[IvyKing]

About the only way for the attack to work without all of the SSL and HTTPS implementations breaking is if the bug affected less than say 10E-9 of normal HTTPS/SSL sessions, and the attacker knows exactly which operands produce a broken result. The attack also depends on the broken hardware being either very common or the attacker knows that his/her target is using the broken hardware. This is a great agument against a hardware monoculture.

I'd think it more likely that a bug in a popular encryption relate

Pentium FDIV Bug

[rubicon7]

Remember the Intel blunder of 1996?

Don't you mean 1994 [wikipedia.org]?

Re:

[The New Andy]

Don't you mean 1994?

Don't you mean 1993.9999999999987

Re:

[Nullav]

Apparently the submitter is using the chip in question, as the article clearly says 1994. (Though 1996 did have the F00F bug.)

Random Numbers in .NET and in General

[randomErr]

Yeah know, I've noticed this problem on a series of processors at my college. I had to write a basic key based cryptography program in C#. Well I created the system with no problem. But if you ran the program in a certain lab where all the computer are identical (hardware and software) I could generate the same 4 key sets each time. My solution was just to use and external DLL with my own generator from another language.

My point for this example is that I don't believe its the processors fault. If the

Re:

[DrJokepu]

You are aware that computers can only generate pseudo-random numbers, right? The random number generator in C# actually doesn't generate random numbers but numbers that look random. These numbers are generated by a 'seed'. If you give the same seed to the computer, it will generate the same set of numbers. The C# implementation (if you don't supply a seed yourself) uses the system clock as seed, hence if you start your random-number-generation session in the same millisecond on same computers, they will gen

Re:

[evanbd]

It doesn't have to be a geiger counter. There is plenty of randomness to be had in the exact timing of key presses, exact behavior of rotating media, incoming network information, etc etc. It can be harder to make use of (poor or unknown distribution, patterns that you might not know about), and it might be insecure (especially if it came from the network card), but there are plenty of physically derived things a modern computer can measure and generate randomness from with enough processing of the raw da

Gieger Counters are too expensive...

[JetScootr]

Just use a lava lamp [wired.com] or a camera [hackaday.com] with the lens cap on.

Re:

[hhawk]

IHMO, a RNG is really a hard problem because if it isn't truly random you weaken the crypto. IHMO, you really need to use a physical source to generate the randomness and not some direct method as a chip, esp. a built in RNG function. A physical source might be radioactive decay but there are other things that could be sampled.

Mr. Potatohead

[Barkmullz]

The first thing that went through my head as I read the story was:

"Mr. Potatohead! Mr. Potatohead! Backdoors are not secrets!

I'd listen to him. He's the crypto supergenius.

[Qbertino]

If a guy like Shamir says this, I'd say it's full-red-alert for all those manufacturing this sort of chip. We are just doing asymetric crypto in Math 1 (Bachelor CompSci) and my brain goes into overload-error every 5 minutes or so as soon as the professor starts talking about it. Someone like Shamir (the "S" in "RSA" btw.) who can come up with this sort of thing should be considered 'God' in the field of cryptography and his call upon action should be noted duely.

Time to test your CPU

[AmiMoJo]

I'm sure Intel test their chips very carefully now, to avoid further embarrassment, but even for the average user it wouldn't be hard to do. A program that tests all mathematical functions of a CPU over the entire range of 8, 16, 32 and 64 bit numbers (both float and integer) for errors would be fairly easy to craft. Might take a while but would only need to be done once per revision of CPU.

maths == terrorism

[thomasa]

I have thought about this a lot. Perhaps mathematicians should be locked up as terrorists. They would not be able to get out unless the can factor rsa120 in their head. Clearly math is a subversive activity. It leads to all sorts of hack attacks on computers and computer communications. It leads to dangerous things like atomic bombs and bridges that collapse under heavy winds. It leads to wet naked men running down the street yelling Eureka. (A small city in California - how did he know about Eureka?

Re:

[WillRobinson]

So, how expensive do you think it would be to create a terrorist group, so you can preform these atrocities on the very people you are supposed to protect?

Re:

[ozmanjusri]

A little over a trillion dollars, so far.

Re:

[gweihir]

I think the terrorists have already won, because the whole point of terrorism is...terror, and there are very few *thinking* people who are not afraid of the Patriot Act.

There is strong indication that the main goal of 9/11 was actually against individual freedoms, which this particular brand of "Islam" (they could be fundamentalists of any other religion) does not like. In fact they do not like if people have their own opinions. And they did manage to shiff the US massively in their own direction of think

Re:

[piojo]

You wrote a bunch of counterexamples to show that the poster was wrong, and that his statement really just meant, "everyone that doesn't agree with me is an idiot." And then you called him an idiot. Good job.

Re:First Post?

[Anonymous Coward]

Um, no. "The terrorists" (a pretty vauge term but I'm assuming you mean those from middle eastern countries by the way you're wording your statement) don't give a rat's ass how we live, whether we have free elections or live with an oppressive government nor do they really care much about how we go about our daily lives, etc, etc. The terrorists wants the US and western countries to stop fucking around in their countries- supporting/installing dictatorships that happen to ally with our interests while bombing and invading countries that we don't like, setting up permanent military bases and just generally exerting our will on them. After a few generations of having western powers screw with their countries and lives it should be little wonder we're not well liked.

Of course, if you were refering to China or someone else then that might be a different story (but again, the wording sounded like someone regurgitating the drivel that gets thrown out by politicians and pundits in the mainstream media).

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[synthespian]

I'd like you to meet my close personal friend, Osama Bin Laden, a leading terrorist. He thinks we're all infidels, that this country is full of fornication, homosexuality, intoxicants, gambling, and usury.

Man, that sounds so...neo-con. LOL :-)

No.

[Valdrax]

Terrorists want us to stop screwing around in the Middle East and Central Asia -- specifically they want us to stop supporting Israel and to stop propping up various dictatorships in countries where there'd be a good chance of overthrowing the government and creating a theocracy.

They don't give a flying f--- about "our freedoms" except where they think that shows we are "morally corrupt." Islamic militants are under no illusions that they're going to change our culture any time soon, though. They've got bigger fish to fry back home trying to establish a power block.

How we govern ourselves beyond our foreign policy is utterly unimportant to their larger goals.

Re:

[ScrewMaster]

How we govern ourselves beyond our foreign policy is utterly unimportant to their larger goals.

Which, in some cases, involves the elimination of us infidels. So you can't say that we're relevant to them only in terms of foreign policy: we're relevant simply because we exist, and that fact is intolerable to some people.

Re:No.

[Anonymous Coward]

Those people are an absolutely tiny minority and can be dealt with sensibly. The majority of people would just like us to stop meddling.

Stop pissing people off and the nut-jobs who do want us removed will have lost their primary recruitment method.

Re:

[TheRaven64]

Nutcases who want to establish a world-wide caliphate under sharia law? The only "sensible" way to deal with them is bombs, and lots of them.

No, the sensible way of dealing with them is to lock them up somewhere where they can receive psychiatric help or, failing that, shoot them. Dropping lots of bombs just serves to cause otherwise rational people that they might have a point and that the world would be a better place without the people responsible for the death of their family.

Terrorist & government symbiosis.

[EmbeddedJanitor]

Of course there's all the stuff that terrorists want you to do, but governments need terrorists too.

Want the citizens to give up some freedom/pay some new tax/whatever? Easy! Play the terrorism trump card.

Without some Evil Empire force (that the US plays so well), it is very hard for terrorists to get the emotions going either. Terrorists & empire building governments need each other.

Re:

[funwithBSD]

Really? Then can you explain why they kill swiss and Japanese tourists?

http://news.bbc.co.uk/onthisday/hi/dates/stories/november/17/newsid_2519000/2519581.stm [bbc.co.uk]

The Swiss are not US allies, they are nobodies allies.

More importantly, why do they SAY they are concerned with our freedom and establishing a world caliphate if that is not what they want?

Oh, I know, reverse psycology.

The USA says they are not interested in world domination, so they must be.

Muslims say they are interested in world domination, so they

Way to surrender to violence, kaffir

[Anonymous Coward]

So, because they don't like US foreign policy, they think it's alright to kill, and it's the fault of the US?

What the flying fuck planet of twisted "logic" are you living on? You're blaming the victims of murder for the acts of the murderers.

If someone doesn't like people who paint their houses pink and purple and then goes and kills anyone living in such houses, the people who painted their houses in garish colors are not the ones at fault.

And it's not "US foreign policy" that's fueling terrorist rage.

It'

Re:

[Eli Gottlieb]

Let's just be frank: Islamism is nothing more or less than a religious twist on the old pan-Arabic-nationalism.

Islam can coexist with the rest of the world. The type of pan-Arabism that sees all land conquered by the Arab empires of old as rightly belonging to the Arabs of today, cannot, whether or not it drapes itself in a burqa to avoid the eyes of the West.

Your straw man's on fire.

[Valdrax]

So, because they don't like US foreign policy, they think it's alright to kill, and it's the fault of the US?

What the flying fuck planet of twisted "logic" are you living on? You're blaming the victims of murder for the acts of the murderers.

You're attacking a straw man. I never once said that in my post that the terrorists were justified by these beliefs and goals. I merely stated that "destroying our freedoms" is not anything close to what they actually care about. Big logical leap there.

Re:

[at_slashdot]

How about our freedom to meddle in Middle East if we consider that morally correct? Don't they hate that freedom?

Re:No.

[Valdrax]

Define Terrorists please. If you're talking about Al-Queda, you're wrong. This group hates democracy as it goes against Sharia law to the most extreme. Anything governed outside this religious foundation is seen as an act of Hubris and thus punishable by death in the eyes of Allah (Arabic word for God).

Yeah, but al-Qaeda doesn't care about our democracy. And seeing us turn into a secular or Christian dictatorship in no way helps further their goals. The more crazy fascist our government becomes, ironically, the less accepting of Islamic fundamentalism it becomes even as it becomes equally repressive. If anything, it's against their long term goals to see us harder ourselves against them.

Next time, educate yourself about our sworn western enemies before justifying their cause. Bluntly put, I don't give a damn about their cause. These people need to die like the parasites they are on humanity.

What does explaining their motivations have to do with justifying them? You seem to be the sort of reactionary type that associates any attempt to understand your enemy with accepting them and capitulating to them.

Geez, it's no wonder you people are losing the War on Terrorism for us.

Re:

[Bert64]

Pushed to it's ultimate ends, they could end up turning the west into a nazi style dictatorship, run by someone like Hitler who has decided that muslims are to blame for everything in the same way hitler blamed jews. I doubt al-qaeda would be very happy with this eventuality, with such a powerful well armed force aiming to exterminate them all.

Re:

[CmdrGravy]

There was an interesting article in the news last week about a woman in Saudia Arabia who had been gang raped by several men and was then sentanced to a few years in prison for the crime of consorting with men without permission. I don't think that sort of thing even happened in Iraq and yet, as you quite rightly say, they are a key ally of the west in the war on terror and inappropriate regimes.

Re:

[Fuzzums]

There are so many things I hate, but that doesn't give me any right to send in my army and kill everything that disagrees.

Re:

[blackest_k]

Next time, educate yourself about our sworn western enemies before justifying their cause. Bluntly put, I don't give a damn about their cause. These people need to die like the parasites they are on humanity.

That is an interesting line, because it could just as easily be said about Americans and Europeans.

We dehumanize these people who are living in poverty supplying the western world with its toys.
They see us getting fat from our gluttony, while people are starving and dieing around them.

I don't know what we can do about this, I would hope killing them is only a stop gap, perhaps it isn't, perhaps they think along similar lines about us.

Our governments seem to be readying for a terrorist war on our streets, o

Re:

[masterzora]

shotgun's laaaaaaaaaaaaaaaaaap

Re:National Safety Administration?

[ScrewMaster]

Who are the "National Safety Administration"?

They're the sister outfit to the "National Highway Traffic Security Administration".

Re:

[Cassius Corodes]

It was the winning submission for a new name for the NSA, just edged out ministry of love.

Re:

[gweihir]

But deliberate backdoors and ones created by mistake are two different things.

True. But a seemingly accidential backdoor may just have very good camouflage. Crypto also deals with making proof of intent impossible.

Re:

[NoTheory]

What are you talking about? How is this hard to understand? This is one of the grand daddies of practical encryption stating that a huge freaking security hole could be opened if encryption is performed on faulty hardware. If a piece of hardware with such a fault was in wide spread use, then a large number of people would be susceptible to exploits which would be able to defeat public key encryption (e.g. HTTPS, ssh, etc).

Re:first post. TFA = WTF?

[TheRaven64]

When you send someone an encrypted message, their software will typically try to decrypt it. This means that it will run a known algorithm (you typically identify the decryption algorithm along with the cyphertext).

Most chips have flaws of one kind or another. Most of these are trivial and can be worked around in microcode. The article mentions the Pentium floating point bug. This caused the original Pentium to return the wrong result for some calculations. In theory, it would be possible to produce a cyphertext that would generate this error if the key contained one of the two values that you needed to generate the error. This then lets you dramatically reduce the key search space.

Other CPU flaws are more serious. There are a few in the Core 2 which allow a process to violate the page protection mechanism, for example. If an attacker found one that caused the program counter to be modified as a side effect of an arithmetic operation then they could create a cyphertext which contained a program at the end and some data at the beginning that caused execution to jump into the exploit code. This is much easier for cypertexts than arbitrary data because the attacker has can make some good guesses about how a cyphertext will be processed.

It seems like this is a very theoretical category of vulnerability to use for anything more than a DoS. On the other hand, as Theo de Raadt says, the only difference between a bug and a vulnerability is the intelligence of your attacker.

Re:

[Artifakt]

I don't particularly see worrying about it, but the point is that a particular type of hardware based flaw, which we have seen at least a couple of times, could make it easy for people who aren't nearly math geniuses to do something that normally takes a grande el-supremo lot of computer science skills.