Full Disclosure mailing list archives
Re: how i stopped worrying and loved the backdoor
From: coderman <coderman () gmail com>
Date: Thu, 23 Dec 2010 22:57:32 -0800
On Thu, Dec 23, 2010 at 10:00 PM, Marsh Ray <marsh () extendedsubset com> wrote:
...how i stopped worrying and loved the backdoorNote that much of that is backed up by CVS history. ... For example, as he mentions in P2 the entropy pool extraction functions
intelligently constraining key space and / or leaking key bits is the Right Way (tm) to do a backdoor. it requires knowledge of the particulars to execute and provides more robustness than a class break / full key leak. i hear they've got clusters of key crackers for searching reasonable spaces ;) also, this may not be limited to entropy pool. it would make much sense to combine elements of hardware accelerated crypto drivers with entropy reduction or key leakage to target specific installations or further obfuscate effects, as mentioned in the thread so linked. (and you could be pretty precise with such key space degradation, if desired!)
I even pointed some of this out the other day on this thread: http://marc.info/?l=openbsd-tech&m=129298665720095&w=2 Perhaps the reaction speaks louder than words.
"good entropy is hard", is the theme of that thread. how do you measure entropy? a few bytes and i've turned terabytes of entropy into simple order. the debian openssl weak key debacle underscores just how difficult and obscure such technicalities are in the face of random human failures. a well funded adversary with specific targets and significant skill would enjoy plentiful opportunity and success. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- how i stopped worrying and loved the backdoor Григорий Братислава (Dec 23)
- Re: how i stopped worrying and loved the backdoor Marsh Ray (Dec 23)
- Re: how i stopped worrying and loved the backdoor coderman (Dec 23)
- Re: how i stopped worrying and loved the backdoor coderman (Dec 23)
- Re: how i stopped worrying and loved the backdoor Marsh Ray (Dec 24)
- Re: how i stopped worrying and loved the backdoor coderman (Dec 24)
- Re: how i stopped worrying and loved the backdoor BMF (Dec 24)
- Re: how i stopped worrying and loved the backdoor Dan Kaminsky (Dec 24)
- Re: how i stopped worrying and loved the backdoor Marsh Ray (Dec 24)
- Re: how i stopped worrying and loved the backdoor Marcio B. Jr. (Dec 24)
- Re: how i stopped worrying and loved the backdoor BMF (Dec 24)
- Re: how i stopped worrying and loved the backdoor cpolish (Dec 25)
- Re: how i stopped worrying and loved the backdoor BMF (Dec 25)
- Re: how i stopped worrying and loved the backdoor coderman (Dec 23)
- Re: how i stopped worrying and loved the backdoor Marsh Ray (Dec 23)