×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Cryptography Expert Sounds Alarm At Possible Math Hack

Zonk posted more than 6 years ago | from the using-numbers-for-evil dept.

Security 236

netbuzz writes "First we learn from Bruce Schneier that the NSA may have left itself a secret back door in an officially sanctioned cryptographic random-number generator. Now Adi Shamir is warning that a math error unknown to a chip makers but discovered by a tech-savvy terrorist could lead to serious consequences, too. Remember the Intel blunder of 1996? 'Mr. Shamir wrote that if an intelligence organization discovered a math error in a widely used chip, then security software on a PC with that chip could be "trivially broken with a single chosen message." Executing the attack would require only knowledge of the math flaw and the ability to send a "poisoned" encrypted message to a protected computer, he wrote. It would then be possible to compute the value of the secret key used by the targeted system.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

236 comments

first post. (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21402769)

first post.

first reply to first post (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21402827)

first reply to first post

Re:first post. TFA = WTF? (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21402873)

Usually I dislike these idiots but this thread really deserves a reply like this. What the fuck is the article all about? I read it, it's plain english but I have much trouble comprehending wtf it's all about. Someone wanna translate?

The NSA (5, Insightful)

proudfoot (1096177) | more than 6 years ago | (#21402787)

The problem with backdoors, is that noone can guarantee who uses them. While it allows for (possibly) justified surveillance by our government, it also allows for it by others.

The United States, or the NSA, doesn't have all the world's best cryptographers. Russia, China, etc, other nations have excellent skill in these endeavors. Ironically, by trying to protect the nation, the NSA runs the risk of opening us up to foreign espionage.

"Can't we all get along?" (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21402829)

All this cloak-and-dagger stuff begs the question: "Can't we all get along?" [diversityinc.com]

Re:"Can't we all get along?" (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21403173)

All this cloak-and-dagger stuff begs the question: "Can't we all get along?"

No it doesn't. Oh, I see you don't understand what "begs the question" [begthequestion.info] means but are just using it (incorrectly) to try to impress upon us that you are a sophisticated intellectual.

Re:The NSA (2, Insightful)

hax0r_this (1073148) | more than 6 years ago | (#21403081)

Which is why I, for one, doubt that the back door was intentional. The approval that NSA gives is primarily for use by the US government itself, and most of the obstacles that NSA faces in spying on our own government are bureaucratic ones, not technical ones.

NSA "Suite A" is the real problem. (5, Interesting)

Kadin2048 (468275) | more than 6 years ago | (#21403235)

Which is why I, for one, doubt that the back door was intentional. The approval that NSA gives is primarily for use by the US government itself, and most of the obstacles that NSA faces in spying on our own government are bureaucratic ones, not technical ones.
I agree, for what it's worth (not much, but we're mostly all armchair generals here, why not join in the fun?).

The flaw seems too obvious to really have been something illicit. If it was an attempt at a backdoor, it was pretty stupid. And it was a weird/improbable way to create a backdoor -- it was PRNG, not really a cryptographic function per se, and while knowing its output could help you break a system, it wouldn't guarantee it. The people at the NSA had to know it would be combed over.

But the fact that it seems to be incompetence rather than malice doesn't make me feel a whole lot better. There are still a bunch of secret-algorithm ciphers [wikipedia.org] around and in use (and which the government, in its infinite wisdom, treats as more secure than the openly-reviewed ones), that the NSA is basically the only organization that has any access to. If they could miss such a trivial flaw in a PRNG that they knew was going to go out for public scrutiny, what could they have let slip by in a cryptographic function that was supposed to be a state secret?

Re:The NSA (1)

Dramacrat (1052126) | more than 6 years ago | (#21403131)

There's no such things as 'justified' surveillance, especially when it's not transparent or in the open.

Re:The NSA (3, Interesting)

Anonymous Coward | more than 6 years ago | (#21403185)

Exactly, which is sort of the best proof against the NSA trying to do something like this. If anything they aren't that stupid and they seem to take their mission pretty seriously. Don't forget that half of their goal is to protect US signals.


I'm not sure, maybe it's election season and so some of these guys are tying to raise the specters again. The Intel bug was with floating point operations and the vast majority of cryptography doesn't use any of that. Of course it's possible that there could be other errors but the logic and integer units on chips are tested so much more thoroughly... it's possible I guess but unlikely if you ask me that they'd know of it and the commercial world wouldn't.

Also, such a bug generally would require a specific implementation to be affected. I guess they could some how exploit the windows crypto code, but even that runs on dozens of different chips so you'd need the same error to be present on all of them.


If you look back, the NSA tampered with DES, they did so to increase it's security. Don Coppersmith even wrote about it in the IBM Journal of Systems Research. I can't think of any example of there being an error or weakness that suggested their tampering. I'm all about not using some algorithm that is showing any types of weaknesses which is really what Bruce first suggested which is a fairly healthy paranoia, and we must maintain our vigilance, but it's a long way from a believable example of NSA rigging something which, if you ask me, is an unhealthy type of paranoia.

Re:The NSA (0, Flamebait)

gweihir (88907) | more than 6 years ago | (#21403317)

While it allows for (possibly) justified surveillance by our government, it also allows for it by others.

Also not everybody is a US citizen. This may help spying on my country, for example, by a close-to-rogue nation (US) in its disregards for international law and human rights. Some things the US administration does, would be cause for war, if they were not so powerful. Abducting citizens of other nations for example and then denying it has happened. And we are talking European citizens here.

While NIST is a US agency, these standardization efforts are international, not US domestic. Get over your US-Centrig POV. The majority in all things on this planet is non-US.

 

Re:The NSA (1, Insightful)

SuperBanana (662181) | more than 6 years ago | (#21403453)

The problem with backdoors, is that noone can guarantee who uses them.

I can't believe you got modded up to 5, Informative for pointing out something utterly, trivially obvious to this audience.

First Post? (0, Offtopic)

andruk (1132557) | more than 6 years ago | (#21402789)

Isn't this exactly what the terrorists want? Our own government to become to oppressive that our country changes into the government of 1984?

Re:First Post? (1)

WillRobinson (159226) | more than 6 years ago | (#21402805)

So, how expensive do you think it would be to create a terrorist group, so you can preform these atrocities on the very people you are supposed to protect?

Re:First Post? (1)

andruk (1132557) | more than 6 years ago | (#21402937)

How much money is spent in black ops? How much money is "wasted" by the government?

Probably about that much. ;-)

I think the terrorists have already won, because the whole point of terrorism is...terror, and there are very few *thinking* people who are not afraid of the Patriot Act. The way I see it, the number of people killed in these attacks is miniscule to the number of people affected, but it seems to me that the best/only thing we can do is keep being the land of the free, and try not to provoke other countries (looking at Iraq/Iran).

My 2c/pointless ramblings. Take them with a mound of salt.

Re:First Post? (0, Troll)

Planesdragon (210349) | more than 6 years ago | (#21403115)

and there are very few *thinking* people who are not afraid of the Patriot Act.
You, sir, are an idiot and a snob.

There are all kinds of intelligent people who are not afraid of the Patriot Act. There are lawyers who read it and don't see the same problems that the "blogosphere" (for lack of a better term) sees. There are US Attorneys -- smart people, by the nature of their job -- who wouldn't be afraid of it even if the blogosphere were correct. And, there are even people who are willing to let the FBI and the CIA and their local library all talk to each other, because they don't equate privacy with either security or liberty. Heck, there are even people who think the blogosphere is correct, and yet think there are far worse things in the world today, and so aren't all that afriad of it.

These people may all be entirely wrong. There are parts of the Patriot Act that are too far and need to be repealed. But that doesn't mean those who aren't they're not thinking, and you insult them and marginalize yourself when you claim so.

Re:First Post? (2, Funny)

piojo (995934) | more than 6 years ago | (#21403265)

You wrote a bunch of counterexamples to show that the poster was wrong, and that his statement really just meant, "everyone that doesn't agree with me is an idiot." And then you called him an idiot. Good job.

Re:First Post? (1, Insightful)

gweihir (88907) | more than 6 years ago | (#21403363)

I think the terrorists have already won, because the whole point of terrorism is...terror, and there are very few *thinking* people who are not afraid of the Patriot Act.

There is strong indication that the main goal of 9/11 was actually against individual freedoms, which this particular brand of "Islam" (they could be fundamentalists of any other religion) does not like. In fact they do not like if people have their own opinions. And they did manage to shiff the US massively in their own direction of thinking. In the end, it seems one fundamentalist is far closer ro another, than to people that are open-minded and tolerant. As an atheist, I believe the main danger of religion is that it can be used as a booster-package for fundamentalists. Many people manage to have religion and still respect others, but a significant number can be coerced into thinking that everybody should subscribe to their particular (and usually bizarre) world-view.

Re:First Post? (0)

Anonymous Coward | more than 6 years ago | (#21402877)

It's not their raison d'etre, only a serendipitous by-product of their actions.

Re:First Post? (5, Insightful)

Anonymous Coward | more than 6 years ago | (#21402929)

Um, no. "The terrorists" (a pretty vauge term but I'm assuming you mean those from middle eastern countries by the way you're wording your statement) don't give a rat's ass how we live, whether we have free elections or live with an oppressive government nor do they really care much about how we go about our daily lives, etc, etc. The terrorists wants the US and western countries to stop fucking around in their countries- supporting/installing dictatorships that happen to ally with our interests while bombing and invading countries that we don't like, setting up permanent military bases and just generally exerting our will on them. After a few generations of having western powers screw with their countries and lives it should be little wonder we're not well liked.

Of course, if you were refering to China or someone else then that might be a different story (but again, the wording sounded like someone regurgitating the drivel that gets thrown out by politicians and pundits in the mainstream media).

Re:First Post? (0)

Anonymous Coward | more than 6 years ago | (#21403279)

"The terrorists wants the US and western countries to stop fucking around in their countries- supporting/installing dictatorships that happen to ally with our interests while bombing and invading countries that we don't like, setting up permanent military bases and just generally exerting our will on them."

That's right. The terrorists want the US to stop all those things so that the terrorists can do those sorts of things themselves... effectively making the terrorists their own super power... and one in possession of nuclear weapons from those middle eastern countries that already have them. Which do you think is easier for OBL: wait for Iran to develop nuclear weapons, or politically take those that Pakistan already has?

Just wait until the Pakistani nukes fall into the hands of the islamic terrorists... American geeks will do a full turn about and fall in love with India, because it is India which can destroy Pakistan.

No. (5, Insightful)

Valdrax (32670) | more than 6 years ago | (#21402951)

Terrorists want us to stop screwing around in the Middle East and Central Asia -- specifically they want us to stop supporting Israel and to stop propping up various dictatorships in countries where there'd be a good chance of overthrowing the government and creating a theocracy.

They don't give a flying f--- about "our freedoms" except where they think that shows we are "morally corrupt." Islamic militants are under no illusions that they're going to change our culture any time soon, though. They've got bigger fish to fry back home trying to establish a power block.

How we govern ourselves beyond our foreign policy is utterly unimportant to their larger goals.

Re:No. (1, Interesting)

ScrewMaster (602015) | more than 6 years ago | (#21403135)

How we govern ourselves beyond our foreign policy is utterly unimportant to their larger goals.

Which, in some cases, involves the elimination of us infidels. So you can't say that we're relevant to them only in terms of foreign policy: we're relevant simply because we exist, and that fact is intolerable to some people.

Re:No. (5, Insightful)

Anonymous Coward | more than 6 years ago | (#21403335)

Those people are an absolutely tiny minority and can be dealt with sensibly. The majority of people would just like us to stop meddling.

Stop pissing people off and the nut-jobs who do want us removed will have lost their primary recruitment method.

Terrorist & government symbiosis. (4, Insightful)

EmbeddedJanitor (597831) | more than 6 years ago | (#21403153)

Of course there's all the stuff that terrorists want you to do, but governments need terrorists too.

Want the citizens to give up some freedom/pay some new tax/whatever? Easy! Play the terrorism trump card.

Without some Evil Empire force (that the US plays so well), it is very hard for terrorists to get the emotions going either. Terrorists & empire building governments need each other.

Re:No. (1)

funwithBSD (245349) | more than 6 years ago | (#21403435)

Really? Then can you explain why they kill swiss and Japanese tourists?

http://news.bbc.co.uk/onthisday/hi/dates/stories/november/17/newsid_2519000/2519581.stm [bbc.co.uk]

The Swiss are not US allies, they are nobodies allies.

More importantly, why do they SAY they are concerned with our freedom and establishing a world caliphate if that is not what they want?

Oh, I know, reverse psycology.

The USA says they are not interested in world domination, so they must be.

Muslims say they are interested in world domination, so they must not be.

Bizzaro world I guess.

Way to surrender to violence, kaffir (2, Interesting)

Anonymous Coward | more than 6 years ago | (#21403445)

So, because they don't like US foreign policy, they think it's alright to kill, and it's the fault of the US?

What the flying fuck planet of twisted "logic" are you living on? You're blaming the victims of murder for the acts of the murderers.

If someone doesn't like people who paint their houses pink and purple and then goes and kills anyone living in such houses, the people who painted their houses in garish colors are not the ones at fault.

And it's not "US foreign policy" that's fueling terrorist rage.

It's Islam. Plain and simple.

Specifically, the concepts of dar al-Harb and dar al-Islam. In the case of Israel, the utter insult it is to Islam to have that part of dar al-Islam revert back to dar al-Harb.

The mere existence of Israel is an affront to fundamentalist Islam.

And if the jihadis manage to "wipe Israel off the map" (gee, they wouldn't ever slip up and actually say that, now would they?), then those other areas of the world that were once part of dar al-Islam but reverted to dar al-Harb will be returned to the ummah. Say, like the Balkans, or Spain, er, I mean ar-Andalus.

And if any kaffirs get in the way, too bad. They're subhumans, anyway.

Maybe you'll get your head out of your ass before the jihadis lop it off - as their holy book directs...

Re:No. (1, Informative)

DigiShaman (671371) | more than 6 years ago | (#21403449)

Define Terrorists please. If you're talking about Al-Queda, you're wrong. This group hates democracy as it goes against Sharia law to the most extreme. Anything governed outside this religious foundation is seen as an act of Hubris and thus punishable by death in the eyes of Allah (Arabic word for God).

Next time, educate yourself about our sworn western enemies before justifying their cause. Bluntly put, I don't give a damn about their cause. These people need to die like the parasites they are on humanity.

Thank for America, and thank God for our men in uniform protecting the freedoms you take for granted!

"God bless america", "In God we trust" (1)

skynexus (778600) | more than 6 years ago | (#21403511)

Terrorists want us to stop screwing around in the Middle East and Central Asia -- specifically they want us to stop supporting Israel and to stop propping up various dictatorships in countries where there'd be a good chance of overthrowing the government and creating a theocracy.
And hopefully some other saviour country may apply your +5 insightful comment to the US and put in place a strong american dictatorship lest it slip into a theocracy...

Re:First Post? (1)

osopolar (826106) | more than 6 years ago | (#21403277)

No, "THE TERRORISTS" if you believe such a label do not want our government to become more powerful. THEY want to strive on understanding and hope. Governments strive on power alone. Now that that is out of the way we can focus on real matters. Who cares if someone knows the back door math equation to some intel chip or whatever it was. Have you seen the price of gold lately? Information is only good when it can help procure material wealth. No one cares about what happens to unwealthy nations no matter how much information we gather on them ... the main two points of my story - when you have everything then you have everything to loose and if you have nothing then you win because they can take nothing away from you. But we must always be mindful of THE TERRORISTS because we like to believe that their value system is some how the same as yours, shallow monetary and largely based on illusion.

Dupe (0)

kalayq (827594) | more than 6 years ago | (#21402791)

Re:Dupe (1)

sk19842 (841452) | more than 6 years ago | (#21402851)

Sorta, but not quite a dupe. This post also includes speculation about what would happen if there were math errors in chips. The reference to Schneier's discovery about elliptic curve PRNG's was just to whet our appetite. But deliberate backdoors and ones created by mistake are two different things.

Re:Dupe (1)

gweihir (88907) | more than 6 years ago | (#21403465)

But deliberate backdoors and ones created by mistake are two different things.

True. But a seemingly accidential backdoor may just have very good camouflage. Crypto also deals with making proof of intent impossible.

Original article (5, Informative)

sk19842 (841452) | more than 6 years ago | (#21402803)

TFA is just a summary of an article yesterday in the NYT: http://www.nytimes.com/2007/11/17/technology/17code.html?ref=technology [nytimes.com]

Re:Original article (2, Informative)

RuBLed (995686) | more than 6 years ago | (#21402977)

Yup and TFA really had nothing much to do or even related with NSA's officially sanction random number generator. Mr. Shamir is talking about math error in our processor's ever increasing complexities, much like what happened in Intel back then.

There are no terrorist mentioned!! Sensationalist networkworld...

So.. (2, Funny)

yoblin (692322) | more than 6 years ago | (#21402809)

Hey! What if terrorists were to discover TIME TRAVEL and went back to prevent us from getting our independence from England! I think I'll hold off on worrying about math-genius terrorists figuring out bugs in encryption hardware until there's some actual evidence of it, thank you.

how many encryption schemes us floating point? (5, Interesting)

Kuciwalker (891651) | more than 6 years ago | (#21402813)

It seems to me that the most likely source of a math error is in the floating point unit, since floating point math is far more complex than integer math. I've always understood that most crypto is based on integer math, both because it's based on number theory and because floating point math isn't exact. Doesn't that make this sort of exploit extremely unlikely?

Re:how many encryption schemes us floating point? (-1)

NOLFXceptMe (1013903) | more than 6 years ago | (#21402863)

No, it doesn't. The error might be in floating point math but still, since you have no estimate of the error, this would definitely creep into integer calculations.

Re:how many encryption schemes us floating point? (2, Informative)

EvanED (569694) | more than 6 years ago | (#21402903)

What?

The point the OP was trying to say was that if the error is in the FPU, that isn't used for integer calculations at all, and so wouldn't be exercised by security code. I don't know if this is true, but for instance RSA in theory is all integers.

Re:how many encryption schemes us floating point? (3, Interesting)

gweihir (88907) | more than 6 years ago | (#21403413)

The point the OP was trying to say was that if the error is in the FPU, that isn't used for integer calculations at all, and so wouldn't be exercised by security code. I don't know if this is true, but for instance RSA in theory is all integers.

The FPU can be used for integer math. IEEE 754 states that all results from Integer calculations that can be exact, need to be. The exponent gets denormalized for this case. So DOUBLE, for example, can be used as 54 bit unsigned Integer plus sign bit. I have used this occasionally in languages with no 64 bit integers, wne 32 bit were not enough.

Re:how many encryption schemes us floating point? (1)

larry bagina (561269) | more than 6 years ago | (#21402923)

what? Assume there is a fpu bug... how does that cause problems with integer math?

Re:how many encryption schemes us floating point? (2, Funny)

Ann Coulter (614889) | more than 6 years ago | (#21403243)

Maybe the FPU shares circuitry with the integer instruction circuitry.

Re:how many encryption schemes us floating point? (1)

JensenDied (1009293) | more than 6 years ago | (#21403439)

Thats like saying my car stereo doesn't work because my passenger side window is stuck up.

Re:how many encryption schemes us floating point? (1)

tgd (2822) | more than 6 years ago | (#21403007)

Okay, fess up. You hit submit and your first thought was "D'OH!" and you wished, as we all have, that Slashdot let you edit posts...

Re:how many encryption schemes us floating point? (1)

Traa (158207) | more than 6 years ago | (#21403249)

Compared to cryptographic algorithms, floating point math isn't that much more complex then integer math. Also, floating point math is exact since floating points representations (like IEEE 754) are eventually all calculations and representations in bits which are always exactly reproducible.

Re:how many encryption schemes us floating point? (2, Informative)

Kuciwalker (891651) | more than 6 years ago | (#21403341)

Compared to cryptographic algorithms, floating point math isn't that much more complex then integer math.

Yet the claim is that an actual error in the implementation of elementary amthematical operations on the processor could weaken a cryptographic algorithm run on that processor, even if the algorithm itself is implemented flawlessly in source. Therefore the relevant question remains "where are processor bugs most likely to occur?"

Also, floating point math is exact since floating points representations (like IEEE 754) are eventually all calculations and representations in bits which are always exactly reproducible. Also irrelevant - most applications of floating point rely on the fact that floating point numbers are sufficiently precise approximations of the reals, therefore they base their algorithms on real-number math (with hedges built in to protect against numerical instability) and are satisfied with inexact answers. Encryption algorithms depend the exact answers produced, and would therefore have to be based on the specific IEEE-specified behavior of a specific precision of floating point number. While such an encryption scheme is possible, it strikes me as unlikely and unnecessarily complex.

Re:how many encryption schemes us floating point? (1)

gweihir (88907) | more than 6 years ago | (#21403389)

Actually IEEE 754 does not describe what algorithms have to be used. It does, however, require that calculations have to be exact in every result bit and recommends to use longer numbers internally and well-conditioned algorithms. Sometimes implementers screw up, though.

Re:how many encryption schemes us floating point? (4, Informative)

evanbd (210358) | more than 6 years ago | (#21403347)

In the past there have existed implementations of integer math that used the floating point unit. The only one I know of off hand is the Prime95 Mersenne prime search program. I imagine there are others, though. The reason for this is simply that the floating point units were faster -- more bits per operation. The x87 FPU instructions operate on 80 bit floating point numbers, compared to 32 bit integers (the floating point numbers can't use the exponent bits, but it's still more than 32 by a lot). If your code is sufficiently parallel, and you put forth the effort, there was a performance gain to be had. I don't know if this is still the case in modern CPUs (especially 64 bit ones), but it's entirely possible to do high-performance integer math on the floating point unit.

WTF "terrorist" (4, Insightful)

Timothy Brownawell (627747) | more than 6 years ago | (#21402841)

Wouldn't pulling off something like this require a level of knowledge and togetherness more in line with a government agency, rather than a "terrorist" group? The results would also be more in line with what a government agency would want ("we have your secrets, ha!"), rather than what a terrorist would want ("Maybe I can't blow up a bridge / poison your water supply / whatever. But then maybe I can. So while you're deciding whether to go do things or hide under your bed all day, I have a question for you: do you feel lucky?").

Re:WTF "terrorist" (3, Interesting)

the eric conspiracy (20178) | more than 6 years ago | (#21403001)

While government agencies surely have the upper hand here, there is always the possibility that a mole in the NSA gets their hands on the backdoor information, or a lone genius working in say Russia finds a mathematical flaw in the system.

As far as poisoning your water supply etc. lookie here:

http://sandia.gov/scada/home.htm [sandia.gov]

Hardware errors are a potential problem, but they are #3 on the list after human and software problems. Why search for hardware problems when the first two are far more likely to bear fruit?

Terrorists? (4, Insightful)

Anonymous Coward | more than 6 years ago | (#21402845)

Why does everything have to come back to terrorists? They kill a small number of people and people go nuts about them. Hunger, disease, motor cars, lightning, ... All these things have killed far more people than terrorists and they don't get brought up at every *FUCKING* opportunity. Yeah. I'm pissed off. If the terrorism obsessed turned on their brains for a picosecond they might realise that they have caused far more damage than any terrorist has.

Re:Terrorists? (0)

Anonymous Coward | more than 6 years ago | (#21403017)

LOLS! So that terrorist lightning group could possibly cause a well planned electrical outage by striking at an easily determined weak point in the electrical grid. We should declare a war on lightning. Perhaps the chaser will do that! (www.abc.net.au/chaser)

Re:Terrorists? (1, Insightful)

LaughingCoder (914424) | more than 6 years ago | (#21403127)

Hunger, disease, motor cars, lightning, ... All these things have killed far more people than terrorists
It's about the derivative. Terrorism deaths are growing geometrically. The other causes of death you mention are essentially steady-state. Think about it. In the 70s terrorism acts killed in the single digits (Munich). In the 80s, individual acts of terror killed in the 100s (Lockerbie). In the 90s/00's they have upped the ante to 1000's. And if they get their hands on a dirty bomb or chemical weapon, they will kill 10s or 100s of thousands. This is called geometric growth, and it doesn't take more than a 7th grade math background to easily predict that deaths due to terrorism will eventually (within 10 years at current rates) eclipse all those examples you gave. This is why people are concerned.

Re:Terrorists? (0)

Anonymous Coward | more than 6 years ago | (#21403259)

This is called geometric growth, and it doesn't take more than a 7th grade math background to easily predict that deaths due to terrorism will eventually (within 10 years at current rates) eclipse all those examples you gave.
 
I'm guessing you missed the next lesson where you teacher explained about not extrapolating way off into the future and treating it as fact.

Also, is the growth still geometric as a proportion of the population? Huh, what's that? It's as rare as hen's teeth and always has been? What a surprise!

Re:Terrorists? (1)

LaughingCoder (914424) | more than 6 years ago | (#21403469)

extrapolating way off into the future and treating it as fact.
Where did I treat it as fact? I cited facts. The trend is undeniable. True, the trend could stop, or reverse. But so far, it hasn't. Ignore trends at your own peril.

Re:Terrorists? (0)

Anonymous Coward | more than 6 years ago | (#21403261)

And it would take 6th grade maths to show that your selection of dataset is completely biased towards the conclusion you want to arrive at.

Re:Terrorists?/ war profiteers (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21403397)

The US corporate military (that is all it is, the uniformed muscle wing of wallstreet, for profits) is and has been killing more people planet wide then all the so called terrorist groups combined, for decades now, going back to the thirties even down in central america. In addition, the US is directly responsible for setting up and supporting more dictators and tyrants than any other political regime out there for at least the last 3/4ths of a century. US corporate blackops "agents" are responsible for such atrocious nightmares as the Shah of Iran with his SAVAK torturers making it easy for Islamic fundamentalists to recruit, after being willing participants of the overthrow of an elected leader in Iran, supporting saddam hussein for years once we had to "fight" Iran again for their 'crime" of kicking their oppresor out and his US stooges, supporting manuel noriega in panama, pinochet in chile, the colonels in el salvador and honduras, the greek colonels, the argentinian colonels (colonel appears to be a popular starting point for dictators for some reason), manipulating the national elections in Australia and getting away with it,(in the US too judging by blackbox voting and the last three national elections, all apparently hacked) and so on. In short, the biggest pack of lying scumbag hypocrites out there. If you work for the US military, you work for the wallstreet blood profiteers, and that is it. They sell war for profit. It's hugely profitable, and easy enough to create "enemies", including via "false flag" attacks.

Research: "War is a Racket" by General Smedley Butler, highest ranking most decorated Marine,who finally realised what was going on with war and spoke out about the plain truth of it, in his words, he "was a gangster for wallstreet", it is online, read it. "Operation Northwoods", leaked document, how the highest ranking political/military/economic leaders think, what they think is acceptable geopolitical practice, what they have been prepared to do in the past. The "Downing Street Memo", how the Iraq war was planned out well in advance and how it mattered not about any "WMD".

That's enough for a start

Yes, people react to being invaded and killed in their own nations, or having dictators foisted on them..wouldn't you? Would that make you a terrorist if you fought back against the invaders and against any quisling traitorous collaborators? That's real perspective. yes, it is quite easy to creat "terrorists", kill some people inside a family, whomever is left over gets pretty pissed off at you. yes, that number could rise exponentially, given the pre existing "create a terrorist" invasion.

You've been conned by a classic dialectic propaganda manuever, it was sold to you by master madison avenue advertising techniques combined with natural cognizant dissonance that people have thinking that "their" government "wouldn't do that", brainwashed from birth that they are always the "good guys". Horse hockey, the planet is awash in badguys, all backed by the drive for massive corporate profit, nation to nation to nation, the US is no different, just it is done here on a huge scale.

BTW, your numbers and history are *severely* lacking, if you even do a surface level check on the dictators (I mentioned just a few) and state sponsored terrorism imposed by US backed tyrannical regimes in the 50s,60s,70s,80s,90s you will find it is a rather large number and probably exceeds 7 digits. Yes, there are much smaller and pretty violent groups of nutjobs out there who do some random attacks, but compared to state sponsored terror backed and endorsed and supplied by the US and various multinational blood profits corporations, it is quite a small number. Still nasty, but nothing like the other "corporate war" numbers.

The real large scale terrorists wear black suits and ties.

Re:Terrorists? (1)

gweihir (88907) | more than 6 years ago | (#21403451)

Terrorists will not kill millions. Far too bad press for them. They are not waging a physical war, but one of the mind. As long as uou US sheep keep being afraid, they may not even consider serious new killings. After all they do want terror, not real damage. 9/11 was a bit excessive on the damage side, but, to misquite a Geman banke, 9/11 was "peanuts" in the greater sheme of things. The reaction to 9/11 was not, unfortunately. The reaction may by now have caused a damage multiplication by 1000 or even more. And the reaction is mainly driven by a fundamental non-understanding how terrorism works.

The right reaction to terrorist action is to call them common criminals and set ordinary law enforcement on them, but otherwise mostly ignore them. Maybe a "This is the best you can do? We did not even suffer a serious scratch! See, a week later we are back to normel!". That would rob them of their triumph entirely. Effective, cheap and of immense deterrent value. Unfortunately this reaction needs a greatness that most politicians do not have today. I am certain that the backers of 9/11 did not gloat the most at the towers falling. They did gloat the most at the panic, fear and uncertainity in the years after. Because only then could they see that they had dealt a devastating blow.

I doubt it (0)

Anonymous Coward | more than 6 years ago | (#21403487)

I bet you are not counting the many acts of terrorism in Iraq and (depending on your political stance) Ceylon and Israel during the last few years.

Baring the use of a nuclear weapon, a well placed chemical weapon, or a good biological weapon with a poor response, I think it will be a long time before September 11th is topped.

Re:Terrorists? (1)

Wog (58146) | more than 6 years ago | (#21403257)

"All these things have killed far more people than terrorists and they don't get brought up at every *FUCKING* opportunity."

So it doesn't bother you, because such opportunities rarely present themselves. Right?

Re:Terrorists? (0)

Anonymous Coward | more than 6 years ago | (#21403429)

Why?

Adi Shamir, the "S" in the RSA algorithm, is Israeli.

In Israel, "terrorism" is as big a reality/scaremongering tactic as it is in post-9/11 USA.

Whether it is a reality of just scaremongering/powergrabbing depends on your bias/slant.

Unlikely (1, Interesting)

Anonymous Coward | more than 6 years ago | (#21402867)

The math errors tend to be in obscure and complex operations - store long double, divide double, etc.
Important cryptographic stuff tends to use extremely primitive operations, often just shifts, adds, xors, and indirection.

don't understand (3, Interesting)

TheSHAD0W (258774) | more than 6 years ago | (#21402869)

I'm not sure how Mr. Shamir envisions a simple "math error" causing a problem. A buffer overflow exploit, perhaps, but not a math error... A user on a flawed but protected computer receives a "poisoned" encrypted message, opens it... And what happens? The math error, say, elicits some aspects of the user's private key in the decoded message; but how does the attacker then obtain that information without already having access to the machine? Further outgoing messages wouldn't have any usable information, no modern cryptosystem allows a received message from affecting any such message; a code exploit might affect the system's PRNG, but a math error shouldn't feed back to the PRNG unless it was horribly implemented. Without something affecting the user's machine's code execution, I can't see any way for an attacker to utilize a math error in a decryption function.

Re:don't understand (0)

Anonymous Coward | more than 6 years ago | (#21402979)

A subtle-and-predictable error may mean you get something mathematically related to the secret key in a reversible way. O(2^keysize) becomes, say, O(keysize^2). A little math, and I've gotcha. Once I have your secret key, I have you by your bits *ahem* so to speak.

Re:don't understand (4, Insightful)

SiliconEntity (448450) | more than 6 years ago | (#21402985)

I can't see any way for an attacker to utilize a math error in a decryption function

Actually this is a common attack scenario in security protocol analysis. While it does not always happen in real life there are ways it can occur. For example, you try to decrypt the message and get garbage. So what do you do? You send the garbage back to the guy, saying, I couldn't read your message, all I got was this junk. Now you have been tricked into acting as what is called an "oracle" for the decryption function. This opens up a number of attacks which is why the best cryptosystems are immune to such problems.

Re:don't understand (2, Insightful)

Jarjarthejedi (996957) | more than 6 years ago | (#21403083)

Wow...and I thought I knew the extend of user stupidity, sending back an unsolicited message because you couldn't decrypt it (since it's fairly obvious these people wouldn't be simply sitting around waiting for people to ask them to send an encrypted message) seems to me to be quite absurd, sending it back partially decrypted even more so.

I mean, I could understand it if it was solicited communications, but what are the odds you'll happen to start into an encrypted conversation with someone who just wants your key?

Re:don't understand (1)

PitaBred (632671) | more than 6 years ago | (#21403337)

On the other hand, if you had taken control of someone's account, then you'd be masquerading as the intended recipient. Seems perfectly reasonable to work with someone who they'd think should be getting the message.

There's more to it that email exchanges (1)

apankrat (314147) | more than 6 years ago | (#21403501)

Consider low-level handshake protocols. There is, for example, an attack on SSL that allows recovering private RSA key by measuring response delays of a victim. These responses are mandated by a protocol, so they are (in a way) solicited.

Re:don't understand (1)

drfireman (101623) | more than 6 years ago | (#21403367)

You send the garbage back to the guy, saying, I couldn't read your message, all I got was this junk.
While this could certainly happen, the brief reports I've seen suggest that the math error is in itself sufficient, you don't also need the targeted user to be incredibly stupid.

I take that back (1)

TheSHAD0W (258774) | more than 6 years ago | (#21403019)

Sorry, I was looking at this the wrong way. The "math error" Mr. Shamir must be talking about, with regard to "chips", must be an error in the logic system in an arithmetic logic unit. An error that might, for instance, cause one or more bits in a register to stick in one state or another, would indeed affect future messages, disrupting PRNG (both encryption algorithms and one-way) and public-key computations. I doubt a system so badly affected could continue to operate for very long, but an attacker who monitors outgoing messages after sending that "poisoned" message to trigger such an error would learn valuable clues to the machine's cryptosystem and keys, perhaps enough to trivialize breaking its keys.

Depending on what sort of application the user's machine performs, I can think of a few ways, offhand, to help guard against this sort of attack. A simple self-test prior to encrypting each message might work but might be onerous with a heavily-utilized system. Reducing the number of registers used for encryption might help, surprisingly, because any error would tend to cascade more quickly, reducing the output to a complete mess rather than something analyzable. Also, where practical, decrypting part of the message after encryption would work as a fast check for this sort of corruption.

Re:don't understand (1)

iminplaya (723125) | more than 6 years ago | (#21403023)

I'm not sure how Mr. Shamir envisions a simple "math error" causing a problem.

From the horse's mouth [cryptome.org] Also note the update at the top of the page.

Re:don't understand (1)

TheSHAD0W (258774) | more than 6 years ago | (#21403079)

Okay, I understand the attack now, but I don't see how an attacker can utilize this bug without access to the output of the decryption of the "poisoned" message. Given such access, the attacker doesn't need to use such an exploit, he already knows what is on the target's computer.

Re:don't understand (3, Insightful)

garompeta (1068578) | more than 6 years ago | (#21403101)

>I can't see any way for an attacker to utilize a math error in a decryption function.

In the same way you aren't the "S" in RSA. Give him some credit, will you?

Re:don't understand (1)

eli pabst (948845) | more than 6 years ago | (#21403175)

In the same way you aren't the "S" in RSA.
He's also the same 'S' in the FMS attack that first cracked the WEP encryption protocol. Like Schneier, I'd trust his opinion until it's proven otherwise.

Re:don't understand (1)

drfireman (101623) | more than 6 years ago | (#21403477)

From the brief report, it sounds like any bug whatsoever would be sufficient to compromise any system. In the slightly more detailed version to which someone posted a link, you see that the vulnerability requires knowing of a pair of integers whose product is computed incorrectly. It also requires some more minor assumptions.

Alas, Shamir's post didn't clarify, at least to my undereducated ears, how the targeted machines are coerced into producing a reply. Do most machines have ports open that will engage in RSA-based dialogues?

In other words... (1)

3seas (184403) | more than 6 years ago | (#21402949)

how to cause the blue screen of death to happen simultaneously across all computers...

National Safety Administration? (1)

dohzer (867770) | more than 6 years ago | (#21402955)

the government - specifically, the terrorist-fighting National Safety Administration - may have left itself a secret back door
Who are the "National Safety Administration"?

Re:National Safety Administration? (4, Funny)

ScrewMaster (602015) | more than 6 years ago | (#21403161)

Who are the "National Safety Administration"?

They're the sister outfit to the "National Highway Traffic Security Administration".

Will the lemon factor of chips affect tis? (1)

FutureLuddite (1188685) | more than 6 years ago | (#21403003)

I had a computer arch prof who used to refer to self-tests in digital logic as the ability for circuits and chips to test for their own sanity. As the implementaiton gets smaller, the ability to test for sanity could get more difficult. For example, some of the experimenetal nano-media are prone to faults and its only in the massive redundncy, that they are usefull. I wonder about the ability of an attacker in the future to manipulate the fault level of digitial logic/memory, or the self-tests of digital logic. Could the attacker able to introduce this fault manipulate a higher order operation like a math op and therefore gain access to some variation of Shamir's attack.

Re:Will the lemon factor of chips affect tis? (1)

uofitorn (804157) | more than 6 years ago | (#21403199)

Either you're 10x smarter than the rest of us, or you're commenting on the wrong story. Either way, I'm afraid to use my mod points on you.

Super teen extraordinare. (1)

Xac (841406) | more than 6 years ago | (#21403031)

*scottish accent* NO! I warned em about tha' Pinnacle Chip! I told them it had a' flaw where if you logged onto the internet then entered in *@[=g3,8d]\&fbb=-q]/hk%fg it would suck you into the internets and make you some sort of a' freakazoid!

Has it been that long since the intel goof (1)

tie_guy_matt (176397) | more than 6 years ago | (#21403067)

Where has the time gone? Anyway as I recall that error only really affected the low megahertz pentiums and were fixed extremely early. I think that is probably because with millions of chips sooner or later someone is going to notice their code not executing correctly on brand X chip while working just fine on brand Y.

Let's say that this error does get out somehow though. Lets assume that the error only creeps in when a freakishly rare set of instructions is executed. It seems the companies upgrade their designs every couple of years. So I doubt that the problem would affect all intel super duo core whatever processors. Likely it would be all chips made between this date and that date and of this specific model.

So hackers would likely not know ahead of time which servers are affected so they would likely have to try to send the signal to as many servers as possible hoping that some would be affected.

Are you going to tell me that no one is going to notice that hackers are trying a specific exploit on so many machines?

And if there did exist such a problem in hardware how would it be that much worse or different than finding a big bug in software. In the end people would be forced to replace their chips or get a software patch. The company would get a big black eye and life would move on.

Yes there could be such exploits out there right now that we don't know about. But there are also many many more software exploits out there that we don't know about. How is the hardware problem worse or even much different?

Just wondering?

Any Error == Broken SSL and HTTPS (1)

flyingfsck (986395) | more than 6 years ago | (#21403089)

In my experience, the slightest error will render the whole cypher text unreadable, so it won't take long for people to complain that all HTTPS shopping sites don't work with a specific computer system and then that system will end up in land fills really quickly.

I was wondering about that as well (1)

IvyKing (732111) | more than 6 years ago | (#21403293)

About the only way for the attack to work without all of the SSL and HTTPS implementations breaking is if the bug affected less than say 10E-9 of normal HTTPS/SSL sessions, and the attacker knows exactly which operands produce a broken result. The attack also depends on the broken hardware being either very common or the attacker knows that his/her target is using the broken hardware. This is a great agument against a hardware monoculture.


I'd think it more likely that a bug in a popular encryption related software package/library would lead to more exploits than a hardware bug. My guess is this would be true for both open and closed source projects. While open source projects can have 'many eyes' looking for bugs, my guess is that more bugs are found when trying to port to multiple architectures than by people casually glancing at the core (the OpenBSD developers maintain ports to multiple architectures for precisely that reason).

Iyhgul nvbdhsjtre jklds (0)

Anonymous Coward | more than 6 years ago | (#21403255)

ao0o0o0f0d sgjfd ahgfd-00--000-0 gsdfa ghif hgfui9u808-00-0- gf0g fo tsrhksngfaj hgajkhH LH JKLhger hnm,mhm/t./m.tmm up90u9mp()U)U()MUhfd, shaskfsdtGFTFT eweqewf d hnjhHJHJHiuo 903u3u u90u3p1q u4r91p-4u932pu j;kds;aj;j;;j;j;je89i yi obvious obvious obvious

MOD PARENT UP! (0)

Anonymous Coward | more than 6 years ago | (#21403307)

I misuse like misuse cheese misuse,,,, mñññññññññññññ!

Random Numbers in .NET and in General (1, Interesting)

randomErr (172078) | more than 6 years ago | (#21403281)

Yeah know, I've noticed this problem on a series of processors at my college. I had to write a basic key based cryptography program in C#. Well I created the system with no problem. But if you ran the program in a certain lab where all the computer are identical (hardware and software) I could generate the same 4 key sets each time. My solution was just to use and external DLL with my own generator from another language.

My point for this example is that I don't believe its the processors fault. If the software engineer can't write a decent algorithm to generate random numbers then it the engineer at blame, not the processor. I wrote great random number generator back on the Apple IIe years ago. Why can't people do the same now?

Re:Random Numbers in .NET and in General (3, Informative)

DrJokepu (918326) | more than 6 years ago | (#21403405)

You are aware that computers can only generate pseudo-random numbers, right? The random number generator in C# actually doesn't generate random numbers but numbers that look random. These numbers are generated by a 'seed'. If you give the same seed to the computer, it will generate the same set of numbers. The C# implementation (if you don't supply a seed yourself) uses the system clock as seed, hence if you start your random-number-generation session in the same millisecond on same computers, they will generate the same numbers! The rest of the hardware & software is irrelevant here. If you need a REAL random number generator, you should connect your computer to something naturally random, e.g. a Geiger device, because your external DLL from an other language just uses a different model to generate the default seed but it is still predetermined.

Trust the government! (0)

Anonymous Coward | more than 6 years ago | (#21403375)

Trust em with our secrets, the lottery, property, health care, transportation, science, entertainment, trust em to tell us when its safe to go outside, who can have a radio station, a tv station, a gun, a drink, a smoke, trust them to watch us in traffic, out of traffic, on the internet, trust them to read our email, trust them to take our money, trust them and don't ask for proof, evidence, accountability, or transparency! That's something they can't trust us with!

I call bullshit. (0)

Anonymous Coward | more than 6 years ago | (#21403401)

So you have a myriad of operating systems, daemons, arrays "security software." And every single combination can be disabled by a single magic spell that lets someone take over the computer directly through a flaw the chip. Right.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...