Quantcast
[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr / vt ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

Due to resource constraints, /g/ and /tg/ will no longer be archived or available. Other archivers continue to archive these boards.Become a Patron!

/g/ - Technology


View post   

[ Toggle deleted replies ]
File: 12 KB, 250x211, amd-vs-intel.jpg [View same] [iqdb] [saucenao] [google] [report]
35692727 No.35692727 [Reply] [Original] [archived.moe] [rbt]

Using encryption on Windows might be pointless according to Steve Blank

http://www.fudzilla.com/home/item/32097-expert-claims-nsa-has-backdoors-in-intel-amd-processors

>> No.35692744

DUH
Jesus christ we knew this already

the NSA uses xkeyscore to detect computers of interest, and then uses the backdoors in the OS to get everything they want from the computer.

>> No.35692774 [DELETED] 
File: 117 KB, 640x480, rms-sign[1].jpg [View same] [iqdb] [saucenao] [google] [report]
35692774

Why didn't you listen?

>> No.35692817

via shilling

>> No.35692903

Gee, I really wonder what all those microcode updates are doing.

>> No.35692945

>>35692727
I always felt bad when using intels "specialised" AES chips. Time to go full stallman

>> No.35693028

>>35692727
Bitlocker encryption and Apple encryption are ones of the easiest things to break even without the NSA in there, cold boot on keys atack is what make them fall.

>> No.35693048

>>35693028
citation needed
Cold boot on bitlocker?

>> No.35693076

>>35693028
cold boot attacks are pretty much the death of any currently used encryption method

>> No.35693101

>>35693048
>>35693076
https://www.youtube.com/watch?v=JDaicPIgn9U
Not entirely "cold boot" but unless is a full disk encryption or you dont totally turn off the pc if you're not using it then yeah, this works for most encryptions protocols.

>> No.35693148

>>35693028
>>35693048
You need to have physical access to the computer to do a cold boot attack.
The 'Cold' in a cold boot attack literally refers to cooling down the ram so it retains the encryption keys for longer, and then booting up and doing a RAM dump before your 10 minutes is up.

Requirements for a cold boot attack:
1. You need to be in the same room as the computer
2. You need to be able to cool the ram down in less than a minute from shutdown
3. Need to have all the tools ready to begin

Cold boot attacks, while they can defeat any encryption (because what you're doing is just copying the contents of RAM, which contains all the encryption keys, also assuming that the user of the computer wasn't using a retarded program that left the keys in the RAM, which truecrypt doesn't when you unmount), it's not exactly an NSA tool.

Bitlocker and apple encryption have NSA backdoors so they don't need to do cold boot attacks.

>> No.35693162

>>35693076
>>35693101
ah, damn, I mistook cold boot for evil maid. Yeah, with physical access to your ram and a running machine, you're fucked. Ram-dump by firewire or similar is also a very real problem

>> No.35693203

>>35693162
Or an operating system with a back door can just write RAM to disk, and then have that ramdump downloaded by the NSA.

>> No.35693206

>>35693162
I've read somewhere that it is actually possible to store the encryption key in the CPU cache, minimizing the chance of cold boot attacks
Has anybody more information on that?

>> No.35693276

>>35693162
>mfw the only reason i'm safe is because i have a shitty connection that wouldn't be able to upload all 8GB of my RAM in anything less than multiple days

>> No.35693336

>>35693206
I think this was supposed to be implemented in linux a while ago, don't know if its already done.
http://en.wikipedia.org/wiki/TRESOR

>> No.35693359

>>35693276
They could just download the bit with the encryption keys in it.

>> No.35693425

>>35693359
even disregarding that this would require hardware level access to it AT RUNTIME and somehow doing it live across my shit connection without me noticing and pulling the plug, how are they doing to even figure out which sector of the memory it's even stored in, since it's all mapped at random?

>> No.35693482

>>35692727
>fudzilla
>"Blank said intelligence agencies could use the same microcode updates to mess around with random number generators, which are vital to encryption. If they could seize them, intelligence agencies could decrypt heavily encrypted communication as fast as somebody could type."
Implying keys are not created with random numbers and user input. I call bullshit. There much simpler ways to do this than gimping processors.

>> No.35693494

>>35693425
Because, somehow your os, kernel and programs know where that memory is right?
You dont need to find the key per se, you find the pointers that led you to that key and that's all, no need to scan all the ram

>> No.35693502

>>35693425
>ssh [email protected]
>cat /dev/mem | grep lelcryptionkey
>

>> No.35693550

>>35692945
This is retarded. The AES-NI works just like software implementation. Truecrypt with AES-NI outputs the same as with software
Just as a precaution Truecrypt creates the masterkey without AES-NI. If AES-NI was back doored it would not work this way.

>> No.35693576

>CPU random number generator compromised

If thats the case, then NSA could very easily crack encryptions.

>> No.35693593

>>35693550
nice to know

>> No.35693604

>>35693576
>f thats the case, then NSA could very easily crack encryptions.
top encryption solutions rely on more then just random number generators

>> No.35693618

I bet Stallman is glad his computer is free as in freedom.

>> No.35693643

>>35692945
But AMD has AES acceleration too. It's even 100% compatible to Intels AES-NI, for example the Linux kernel uses the aesni_intel module to interface with an AMD processor's AES acceleration support.

>> No.35693747

I dont get this, if the integrated AES shit just encode all faster but it need a KEY to recover data actually encrypted, how could a backdoor work in this cases if that key is totally uknown?
No brute-forcing of course.

>> No.35693801

>>35693747
key could possibly be intercepted, the CPUs random number generator could also be compromised etc.

>> No.35693827

>>35693801
but what if user inputs random numbers from keyboard ?
example: in gnupg user must to enter random symbols to complete key generation

>> No.35693882

>>35693801
But, I mean if you already have a encrypted drive stored, how likely is for they to try to use the so-called "backdoors" to get the encryption key or un-encrypt the volume?

>> No.35693908

>>35693801
like previously stated the random keys are not only generated with a random number generator.
Furthermore the master key is also hashed 1000000 times like with dm-crypt/luks.

>> No.35693913

>>35693882
every time you enter the password.

>>35693827
it's a much lesser problem then

>> No.35693923

>>35693882
they can't, this whole thread is retarded

>> No.35693945

>>35693913
>every time you enter the password.
Let me clarify this for you.
I put like, over 9000 lolis images on a drive, encrypted it and store it somewhere else, random key not saved anywhere but your head and only used in this drive, you store that drive and never, ever use it again.
How would a backdoor could decrypt that?

>> No.35693971

>>35692945
>giving your secrets to the chinks instead through hardware backdoors in the mips cpu

>> No.35693974

>>35693945
the random key is not the same as the password.

>> No.35693975

>Steve Blank
>Blank
For a second, I thought you omitted his last name

>> No.35693981

>>35693974
That don't answer the question.

>> No.35693990

>>35693974
No shit sherlock, and that doesn't answer the question at hand.

>> No.35694064

>>35693971
at least I get spied on by people that don't have jurisdiction over me...
I hate how much that joke is actually very close to a reasonable statement

>> No.35694125
File: 448 KB, 455x395, 1371245948907.png [View same] [iqdb] [saucenao] [google] [report]
35694125

>>35693945
Use a SED, no intel processor involved as all the encryption is done by the drive. But then the question is: do you trust the hardware random number generator from the vendor of the ssd?


Don;t buy intel ssd? who to trust, top lel

>>
Name (leave empty)
Comment (leave empty)
Name
E-mail
Subject
Comment
Password [?]Password used for file deletion.
Captcha
Action