[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr / vt ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

Due to resource constraints, /g/ and /tg/ will no longer be archived or available. Other archivers continue to archive these boards.Become a Patron!

/g/ - Technology

View post   

[ Toggle deleted replies ]
File: 12 KB, 250x211, amd-vs-intel.jpg [View same] [iqdb] [saucenao] [google] [report]
35692727 No.35692727 [Reply] [Original] [archived.moe] [rbt]

Using encryption on Windows might be pointless according to Steve Blank


>> No.35692744

Jesus christ we knew this already

the NSA uses xkeyscore to detect computers of interest, and then uses the backdoors in the OS to get everything they want from the computer.

>> No.35692774 [DELETED] 
File: 117 KB, 640x480, rms-sign[1].jpg [View same] [iqdb] [saucenao] [google] [report]

Why didn't you listen?

>> No.35692817

via shilling

>> No.35692903

Gee, I really wonder what all those microcode updates are doing.

>> No.35692945

I always felt bad when using intels "specialised" AES chips. Time to go full stallman

>> No.35693028

Bitlocker encryption and Apple encryption are ones of the easiest things to break even without the NSA in there, cold boot on keys atack is what make them fall.

>> No.35693048

citation needed
Cold boot on bitlocker?

>> No.35693076

cold boot attacks are pretty much the death of any currently used encryption method

>> No.35693101

Not entirely "cold boot" but unless is a full disk encryption or you dont totally turn off the pc if you're not using it then yeah, this works for most encryptions protocols.

>> No.35693148

You need to have physical access to the computer to do a cold boot attack.
The 'Cold' in a cold boot attack literally refers to cooling down the ram so it retains the encryption keys for longer, and then booting up and doing a RAM dump before your 10 minutes is up.

Requirements for a cold boot attack:
1. You need to be in the same room as the computer
2. You need to be able to cool the ram down in less than a minute from shutdown
3. Need to have all the tools ready to begin

Cold boot attacks, while they can defeat any encryption (because what you're doing is just copying the contents of RAM, which contains all the encryption keys, also assuming that the user of the computer wasn't using a retarded program that left the keys in the RAM, which truecrypt doesn't when you unmount), it's not exactly an NSA tool.

Bitlocker and apple encryption have NSA backdoors so they don't need to do cold boot attacks.

>> No.35693162

ah, damn, I mistook cold boot for evil maid. Yeah, with physical access to your ram and a running machine, you're fucked. Ram-dump by firewire or similar is also a very real problem

>> No.35693203

Or an operating system with a back door can just write RAM to disk, and then have that ramdump downloaded by the NSA.

>> No.35693206

I've read somewhere that it is actually possible to store the encryption key in the CPU cache, minimizing the chance of cold boot attacks
Has anybody more information on that?

>> No.35693276

>mfw the only reason i'm safe is because i have a shitty connection that wouldn't be able to upload all 8GB of my RAM in anything less than multiple days

>> No.35693336

I think this was supposed to be implemented in linux a while ago, don't know if its already done.

>> No.35693359

They could just download the bit with the encryption keys in it.

>> No.35693425

even disregarding that this would require hardware level access to it AT RUNTIME and somehow doing it live across my shit connection without me noticing and pulling the plug, how are they doing to even figure out which sector of the memory it's even stored in, since it's all mapped at random?

>> No.35693482

>"Blank said intelligence agencies could use the same microcode updates to mess around with random number generators, which are vital to encryption. If they could seize them, intelligence agencies could decrypt heavily encrypted communication as fast as somebody could type."
Implying keys are not created with random numbers and user input. I call bullshit. There much simpler ways to do this than gimping processors.

>> No.35693494

Because, somehow your os, kernel and programs know where that memory is right?
You dont need to find the key per se, you find the pointers that led you to that key and that's all, no need to scan all the ram

>> No.35693502

>ssh [email protected]
>cat /dev/mem | grep lelcryptionkey

>> No.35693550

This is retarded. The AES-NI works just like software implementation. Truecrypt with AES-NI outputs the same as with software
Just as a precaution Truecrypt creates the masterkey without AES-NI. If AES-NI was back doored it would not work this way.

>> No.35693576

>CPU random number generator compromised

If thats the case, then NSA could very easily crack encryptions.

>> No.35693593

nice to know

>> No.35693604

>f thats the case, then NSA could very easily crack encryptions.
top encryption solutions rely on more then just random number generators

>> No.35693618

I bet Stallman is glad his computer is free as in freedom.

>> No.35693643

But AMD has AES acceleration too. It's even 100% compatible to Intels AES-NI, for example the Linux kernel uses the aesni_intel module to interface with an AMD processor's AES acceleration support.

>> No.35693747

I dont get this, if the integrated AES shit just encode all faster but it need a KEY to recover data actually encrypted, how could a backdoor work in this cases if that key is totally uknown?
No brute-forcing of course.

>> No.35693801

key could possibly be intercepted, the CPUs random number generator could also be compromised etc.

>> No.35693827

but what if user inputs random numbers from keyboard ?
example: in gnupg user must to enter random symbols to complete key generation

>> No.35693882

But, I mean if you already have a encrypted drive stored, how likely is for they to try to use the so-called "backdoors" to get the encryption key or un-encrypt the volume?

>> No.35693908

like previously stated the random keys are not only generated with a random number generator.
Furthermore the master key is also hashed 1000000 times like with dm-crypt/luks.

>> No.35693913

every time you enter the password.

it's a much lesser problem then

>> No.35693923

they can't, this whole thread is retarded

>> No.35693945

>every time you enter the password.
Let me clarify this for you.
I put like, over 9000 lolis images on a drive, encrypted it and store it somewhere else, random key not saved anywhere but your head and only used in this drive, you store that drive and never, ever use it again.
How would a backdoor could decrypt that?

>> No.35693971

>giving your secrets to the chinks instead through hardware backdoors in the mips cpu

>> No.35693974

the random key is not the same as the password.

>> No.35693975

>Steve Blank
For a second, I thought you omitted his last name

>> No.35693981

That don't answer the question.

>> No.35693990

No shit sherlock, and that doesn't answer the question at hand.

>> No.35694064

at least I get spied on by people that don't have jurisdiction over me...
I hate how much that joke is actually very close to a reasonable statement

>> No.35694125
File: 448 KB, 455x395, 1371245948907.png [View same] [iqdb] [saucenao] [google] [report]

Use a SED, no intel processor involved as all the encryption is done by the drive. But then the question is: do you trust the hardware random number generator from the vendor of the ssd?

Don;t buy intel ssd? who to trust, top lel

Name (leave empty)
Comment (leave empty)
Password [?]Password used for file deletion.