DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
Old 7th January 2016
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,102
Default

Quote:
Originally Posted by e1-531g View Post
I understand that NSA employs a lot of mathematicians, so maybe they have it,
The whole field of cryptography relies on P vs NP hypothesis which is just that a hypothesis. It is not a theorem. Nobody has ever published a proof. If you have the proof let me know as I know some competent referees and you will get a Fields Medal if you are younger than 40 of course

Let me tell you in plain English what I just said. Any known crypto algorithm for all we know is computationally expensive because it involves some operations which we believe are computationally expensive operations like discrete log (that is a baby example use by Diffie Hellman) or factorization of numbers into prime factors. The key word here is believe . If that sounds more like a religion than mathematics you are right. It is a religion. Sometime new mathematics is discovered which enable us to do certain operations faster. For example about 5-6 ago two undergraduate students and their adviser in India (they ended up at Harvard) discovered prime factorization method which improved the speed by the order of magnitude. That basically meant that all crypto algorithms using prime factorization become order of magnitude weaker over the night. That is why relying on religion not on proved theorems is a futile business.

Long story short NSA does employ lots of mathematicians. However I would argue that the greatest ground braking results still come from academia and are essentially freely dissemination. I am having hard time to see any NSA mathematician who knows an order of magnitude more number theory than my colleagues (I do dynamical systems).

Last edited by Oko; 7th January 2016 at 01:57 PM.
Reply With Quote
Old 7th January 2016
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

Quote:
Originally Posted by jggimi View Post
they used bcrypt rather than AES for their cipher.
AES and bcrypt are both used in cryptography, but they have significantly different purpose. Worth to note is that commonly used nowadays symmetric keys algorithms are believed to be significantly stronger that commonly used nowadays asymmetric keys algorithms.
I think it is not good to even try to compare bcrypt and AES, because they are for different purposes.

Quote:
Originally Posted by jggimi View Post
they used bcrypt rather than AES for their cipher.

My point to all of this? I'm trying to support Bruce's thesis: ciphers can be mathematically inspected. Software has bugs. Our deployments can have mistakes.
I still think that Bruce's tried to say that software has bugs and conclusion is that it is easier to pwn computer system than to decrypt file encrypted using commonly used tools such as GnuPG. And pwning of computer system is easier, because there is a lot of bugs in their code. I also have read some slides from Snowden and sometimes I was reading some explanations of how works particular exploit and other presentations about that. This knowledge also made me to believe, that breaking to any publicly used (both commercial and FOSS) operating system is just a matter of time and resources.
Of course some systems are still relatively more secure (of less insecure) than others and this is one of the reasons I use OpenBSD.
I also think that users should pay more attention to security of theirs computers/operating systems. Some people deduce IMHO wrong conclusion that if NSA can break into any operating system connected to network used by somebody which they believe is high value target, they should pay no attention to security of their computer system. I really think it is stupid conclusion.
And I think that somebody who is good, professional administrator of network can still secure network not only from script kiddies, but also from usual, civilian groups of blackhats.

@Oko
AFAIK one-time pad (OTP) is proven to be secure. Problem is that it is not commonly used, because it requires really big key, bigger than data you want to encrypt.
Reply With Quote
Old 7th January 2016
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

Re: bcrypt

From https://en.wikipedia.org/wiki/Bcrypt:

Quote:
bcrypt is a key derivation function for passwords designed by Niels Provos and David Mazières, based on the Blowfish cipher, and presented at USENIX in 1999.[1] Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power.

The bcrypt function is the default password hash algorithm for BSD and other systems including some Linux distributions such as SUSE Linux.[2] The prefix "$2a$" or "$2b$" (or "$2y$") in a hash string in a shadow password file indicates that hash string is a bcrypt hash in modular crypt format.
BTW Niels Provos used to be an OpenBSD developer.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Old 17th January 2016
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

Quote:
Originally Posted by Head_on_a_Stick View Post
I take it you didn't hear about the malware propagated by sound waves then?
http://arstechnica.com/security/2013...jumps-airgaps/

Of particular interest from that article:

I hope the item is FUD but...
BadBIOS could be called "cryptocryptography". It is to cryptography what cryptozoology is to zoology. There are only the proverbial "shaky videos", and no credible reports. It's also highly unlikely. I would be considerably surprised if it wasn't hoax.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Old 18th January 2016
roddierod's Avatar
roddierod roddierod is offline
Real Name: Rod Person
VPN Cryptographer
 
Join Date: Apr 2008
Location: Pittsburgh, Pa
Posts: 437
Default

Quote:
Originally Posted by Carpetsmoker View Post
BadBIOS could be called "cryptocryptography". It is to cryptography what cryptozoology is to zoology. There are only the proverbial "shaky videos", and no credible reports. It's also highly unlikely. I would be considerably surprised if it wasn't hoax.
Best analogy ever!
__________________
"The basic tool for the manipulation of reality is the manipulation of words. If you can control the meaning of words, you can control the people who must use the words." -Philip K. Dick
Reply With Quote
Old 18th February 2016
jjstorm jjstorm is offline
Package Pilot
 
Join Date: Nov 2014
Location: Buenos Aires, AR
Posts: 144
Default

Quote:
Originally Posted by Oko View Post
I am somewhat familiar with those "additional air gapped" computers and I am 100% sure that neither you nor anyone else on this forum (or even people whom you ever meet) have any access to such technology.

Well maybe you should read the article below about a hack conducted by University of Tel Aviv researchers. It was published on February 15th 2016

The research steals data, encryption keys, to be specific, from an air gapped computer.

http://motherboard.vice.com/read/how...n-another-room

Last edited by jjstorm; 18th February 2016 at 02:37 AM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Generic TLDs Threaten Name Collisions, Information Leakage J65nko News 0 16th July 2013 08:23 AM
New Workstation hardware question. tedeumjorge OpenBSD Installation and Upgrading 7 16th November 2012 02:37 AM
NetBSD as a workstation OS laconic NetBSD General 16 3rd May 2010 09:54 PM
VMWare Workstation 7 with OpenBSD 4.6 i386 guest There0 Guides 5 16th February 2010 03:13 PM
Dual-head OpenBSD workstation? DraconianTimes OpenBSD General 6 7th October 2008 04:22 PM


All times are GMT. The time now is 06:30 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick