Comic Discussion > QUESTIONABLE CONTENT
WCDT Strips 3386 - 3390 (2nd - 6th January 2017)
Skewbrow:
--- Quote from: Morituri on 03 Jan 2017, 10:41 ---ObCrypto, People will find even more stuff by searching on "Side Channel Attack."
--- End quote ---
Conceding that!
--- Quote from: Morituri ---Did you know that when you're doing math on large numbers, most math libraries will use an algorithm that allows an observer who can time the operation to drastically narrow down their guesses as to what number it was? And one who can measure power consumption at the same time to narrow it down to within a few dozen guesses? Did you know that numbers particularly vulnerable to this used to be PREFERRED as the factors in key exchanges and RSA encryption, and that people have demonstrated the ability to pick up the needed timing/power information from recordings of bluetooth networks in the area when the operation was done? Did you know that a major linux distribution spent YEARS failing to initialize their random-number generator correctly, and people would get 256-bit keys (secure until the last star dies!) that had only 64-bit security (secure until about thursday afternoon)? Did you know that your smartphone can be used to covertly get a recording of you typing a password or key? And that given the recording, even if it's audio only, it's REALLY REALLY easy to get the password or key? Hell, if Bubbles *heard* CW typing the key or passphrase, and has recorded audio, it can be recovered.
--- End quote ---
I did not know about vulnerability via Bluetooth recordings but that makes perfect sense! When I learned about these they showed me timing data of a chip performing RSA primitive operations, and pics of how you disturb (with a carefully timed EM or laser pulse) a chip doing RSA aided with the Chinese remainder theorem in such a way that from the error you can easily recover the secret key. At that time the rage was to blind the true RSA decryption exponent by a random multiple of lcm(p-1,q-1) so that different runs used exponents blinded differently (making statistical analysis over several runs of square-and-multiply impossible). Same on ECC. But I'm not at all up to speed with what has happened in the last 10+ years. And, I don't know if e.g. the timing attacks are accurate enough that you could actually read the secret key bit-by-bit from data on a single run of the algorithm (rendering above blinding moot).
But, no, I didn't know about the other things you mentioned. Thanks for sharing.
Skewbrow:
--- Quote from: Case on 03 Jan 2017, 11:01 ---Had a quick look at elliptic curves: Fascinating subject, but it went quickly over my head -> I have the standard physicist training in analysis and (linear) algebra and am familiar with elliptic integrals, complex analysis and elliptic functions (to a degree), though my 'mathematical horizon' is pretty much Lie-groups/algebras (and my bag of 'what I picked up along the way' usual for physicist). :-\ Pretty much the "It's neither differentiable, nor combinatorics, so why bother?"-attitude to 'discrete stuff'. Guess that was a bit ... premature. :-P
--- End quote ---
Lie groups/algebras! Were you doing stuff on elementary particles, supersymmetry and the like? My own dissertation was on algebraic groups (= positive characteristic analogues of Lie groups) where the Lie-algebra side is the same (but won't give quite as conclusive results as in the boring characteristic zero case). We use algebraic geometry there as a subsititute for analysis. Thankfully you only need to believe in (the results of) algebraic geometry. Something I could do even though I never quite got the hang of AG (other than in the simple case of curves). Equally thankfully familiarity with curves allows you to have fun in EC crypto as well as in error-correcting-code side - the latter I have worked on more seriously.
--- Quote from: Case ---Seems rather close to Andrew Wiles famous work? And if I understand correctly, Shor's algorithm wouldn't help(?), so even if Station had quantum computational capacities, it wouldn't be able to brute-force elliptic curve crypto?
EDIT: Just saw that Shor also had a second algorithm for discrete logarithms?
--- End quote ---
Andew Wiles did study elliptic curves, but the machinery he used goes way over my head. I once had a colleague who wanted to work on Wiles' proof. He got to something like the half-way point (that's what he said), but then had to quit. The poor guy never finished his PhD. He took up teaching and running, and went on to win the 50+ class at Berlin Marathon!
Didn't know that Shor would have a quantum computer algorithm for discrete logs? God, I'm out of touch of what's going on. Years of teaching calculus to reluctant physics majors and bottles of fine single malts are taking their toll :-(
Storel:
--- Quote from: Case on 03 Jan 2017, 11:01 ---
--- Quote from: Storel on 03 Jan 2017, 07:16 ---
--- Quote from: Skewbrow on 03 Jan 2017, 06:25 ---Well. The PIN-code and the screenlock code (dunno what's it called in English) to my cell phone are 1416 and 26535 respectively. When I worked for Nokia, I was to select a PIN to operate the door at wee hours. I first asked for 3141 or 3142. Both were already taken :-)
--- End quote ---
Wasn't very secure for them to tell you they were already taken. Now if you ever wanted to pretend to be someone else using the door at wee hours, you had two other codes you could use.
--- End quote ---
Hmmmh, I'd rather suspect that, with Nokia being a geek-factory, somebody told building-security to disable 3141(2), play a well-known tune for 1701 and award style-points for 2718 :laugh:
--- End quote ---
Okay, I recognized 2.718 as e pretty quickly, but it took me a couple of minutes to figure out what "well-known tune" should go with 1701 -- I was trying to think of mathematical and physical constants, not pop culture references! :-D But yes, some geek absolutely would have chosen that one if it were available.
I would love to believe that Nokia's security was that geek-savvy -- I suppose it depends on how much of a geek the person in charge of their security was. One can hope.
gprimr1:
So I see two ways this could go:
1.) Corpse Witch is obv a very, very skilled tech as Bubbles admits the procedure she did was not easy. Her encryption could be very well done, and very hard to break.
2.) Corpse Witch's own arrogance could have resulted in her leaving a fatal error in that she would not consider a powerful AI working against her since she doesn't believe in AI/Human relationships.
Now, based on reading the comic, I would be disappointed if the comic goes in direction 2. Direction 2 has several flaws.
1.) Corpse Witch knows the police have AI crimes units, which are staffed by AIs.
2.) Corpse Witch has to know that when your working in the underworld, people and AIs can turn or be turned.
oeoek:
By the by, not sure if this has been mentioned before; Do we remember the management's awesome power of password? And might that management be Corps Witch? Station might have trouble solving a problem at that level...
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version