Shared posts

08 Nov 22:30

Vamos ser amigos

by leonardovaz

não

:c

29 Oct 00:02

The keys to the keydom

by Brian Hayes

Your security and privacy on the Internet (to the extent that such quaint notions still have meaning) depend on the difficulty of factoring certain large numbers. For example, take this 1,024-bit integer:

X = 123784517654557044204572030015647643260197571566202790882488143432336664289
53013160757127360381500856200680250007894557646372684708763884626821078230649
285613963510276802208436872101227718450860737080502115462982139570265498874808
3875440199841915223400907734192655713097895866822706517949507993107455319103401

The number printed above in squinty type is the product of two 512-bit prime factors. If you set out to find those factors, the project might well keep you busy for many megayears. But I can make the job much easier by giving you a second number of the same size:

Y = 139752806258570179719657334941265463008205415047073349942370461270597321020
717639292879992151626413610247750429267916230424010955054750502833517070395986
2897242371124108160005581486237854115688455171463034213840635250918248983182261
75234193815950597041627518140906384889218054867887058429444934835873139133193

Factoring both X and Y would appear to be twice as much work, but in fact you can do it lickety-split. On my laptop it took roughly 200 microseconds. From millions of years to millionths of a second—that’s quite a speedup!

There’s a trick, of course. Both X and Y are products of two large primes, but it so happens that one of the primes is a shared factor of both numbers. For finding that shared factor, we can rely on a very old, very famous, very simple and very efficient algorithm: Euclid’s algorithm for the greatest common divisor. In Python it looks like this:

def gcd(a, b):
    if b == 0:
        return a
    else:
        return gcd(b, a % b)

(The ‘%’ in line 5 is Python’s modulo or remainder operator.) When this function is applied to X and Y, the recursion is invoked 297 times before returning the common factor:

F = 1070467931937606706425630145948715022696962191248959648262850980092208031819
9635726117009340189103336170841315900354200725312700639146605265442630619090531

You don’t have to take my word for it that F divides both X and Y. Do the division: In that way you will also learn the co-factors of X and Y.

If X and Y were components of public keys in the RSA cryptosystem, their shared factor would create a huge hole in the security fence. And the problem is particularly insidious in that each of the two keys, when examined in isolation, looks perfectly sound; the weakness only becomes apparent when you have both members of the pair.

This potential vulnerability of factoring-based encryption methods has been known for decades, but it seemed there was no reason to worry because coincidentally shared factors are so utterly unlikely. A couple of weeks ago I heard an eye-opening talk by Nadia Heninger, a member of a group that has searched for such unlikely coincidences in the wild. They found 64,000 of them. Reason to worry.


Heninger and her colleagues polled every public IPv4 address in the known universe, requesting a connection on the ports commonly used for two secure communication protocols, TLS and SSH. For every address that responded to queries on those ports, they collected the server’s public encryption key, then closed the connection. Here I am going to discuss only the TLS servers with RSA keys; there were vulnerabilities in other cryptosystems as well, but the issues are slightly different.

Before telling the rest of this story, I have to pause here. For those of you in the born-digital generation, pinging every address on the Internet may sound like a routine walk around the block on a sunny afternoon, but I confess that I never would have dared to try anything so audacious. It’s like knocking on every door in America, or calling every possible telephone number—a task that’s not feasible for individuals of ordinary means, and that also seems unforgiveably rude. But standards of feasibility and rudeness are different in the world of machine-to-machine communication. Computers don’t care if you make four billion hangup calls (although some system administrators might frown on the practice). And, after all, the encryption keys being collected are by definition public.

Back to Heninger’s story. They ran their scan of IP addresses from Amazon’s Elastic Compute Cloud service, where the data-collection phase of the project took a few days. Out of \(2^{32} \approx 4\) billion addresses (less a few special-purpose or reserved areas) they found about 29 million servers accepting connections on the standard port for TLS, but only 12.8 million of those servers supplied public keys. Some 60 percent of the keys retrieved were not unique. Presumably, most of the duplicates are accounted for by organizations that have multiple servers all operating with the same cryptographic credentials, but there were also instances of apparently unaffiliated individuals sharing a key. This is rather like discovering that your house key also opens your neighbor’s front door. (And vice versa.)

After eliminating the duplicates, some 5.8 million distinct RSA keys needed to be tested for common factors. Even though Euclid’s GCD algorithm is highly efficient, running it on all possible pairings of keys would be a strain. There’s an ingenious shortcut, based on the observation that if \(Y\) is relatively prime to each of \(X_1, X_2, \ldots, X_n\), then it also has no factor in common with the product \(X_1 \times X_2 \times \dots \times X_n\). Thus it’s possible to detect the presence of shared factors with just \(n\) GCD operations, instead of \(n^2\). A drawback of this approach is that the product of millions of RSA keys is a huge number, and intermediate results have to be swapped out to disk. Nevertheless, the processing was completed in an hour and a half on the Amazon cloud at a cost of $5.

The output was a list of 64,081 compromised keys for TLS hosts, about 0.5 percent of all such keys collected. For obvious reasons, Heninger et al. are not publishing that list; they tried to contact the owners of vulnerable machines, and they offer a web lookup service where you can check to see if your key is on the list.

The good news is that none of the weak keys are guarding access to major web servers hosting bank accounts or medical records or stock markets or military installations. Most of them are found in embedded networked devices, such as routers and firewalls. That’s also the bad news. A programmer with malicious intent who can gain control of a well-placed router can make a lot of mischief.


Could the prevalence of common factors in RSA keys be explained as a product of pure bad luck? To answer this question we need to solve a birthday problem. The original version of this problem asks how many people you need to bring together before there’s a good chance that two or more of them will have the same birthday (assuming birthdays are distributed randomly over the 365 days of the year). An order-of-magnitude approximation is \(\sqrt{365}\), or about 19. (The actual number is 23.) For the RSA variant of the problem, we ask how many 512-bit primes you need to generate—assuming you select them uniformly at random from the set of all such primes—before you have a good chance of seeing at least one prime twice. In this case we replace 365 with the number of 512-bit primes, which is in the neighborhood of \(10^{150}\). Thus there’s scarcely any chance of a collision until the number of randomly generated primes approaches \(10^{75}\). We’re only at \(10^{7}\) so far. As Heninger said in her talk, we have enough 512-bit primes to assign a public encryption key to every atom in the universe, with little worry over possible duplicates.

According to this line of reasoning, it would be a colossal fluke to see even one duplicated RSA prime, and finding 64,000 of them is clear evidence that those primes are not being chosen uniformly at random. The blame apparently lies with pseudorandom number generators. It’s not that the algorithms are defective. In many cases, cryptographic keys are being generated immediately after a machine is booted, when it just can’t scrape together enough entropy to make a passable pseudorandom number.


Sources:

Heninger gave her talk at a birthday-party for Microsoft Research New England on October 9. Eventually, video may be available.

The paper describing the project is “Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices,” by Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman, presented at the 2012 USENIX Security Symposium. Preprint.

At the Microsoft symposium Heninger also discussed at later study of other cryptographic weaknesses in certain smart cards. See “Factoring RSA keys from certified smart cards: Coppersmith in the wild,” by Daniel J. Bernstein, Yun-An Chang, Chen-Mou Cheng, Li-Ping Chou, Nadia Heninger, Tanja Lange, and Nicko van Someren. Preprint.

Arjen Lenstra and his colleagues have independently discovered and reported similar vulnerabilities. See “Ron was wrong, Whit is right,” by Arjen K. Lenstra, James P. Hughes, Maxime Augier, Joppe W. Bos, Thorsten Kleinjung, and Christophe Wachter. Preprint.

Open-source software developed by Zakir Durumeric, Eric Wustrow, and J. Alex Halderman at the University of Michigan for scanning large blocks of the public IP address space: ZMap. A descriptive paper from the 2013 USENIX Security Symposium.

The Michigan group’s web service for checking public keys against the collection of known factorable keys: factorable.net.

24 Oct 01:43

Ellen Page Nua Pelada Sem Roupa e — você já clicou, né?

by Carlos Cardoso
Léo Vailati

"Querer tirar uma foto da Internet é como tentar tirar mijo de uma piscina usando um copo de requeijão."

Em meus escritos espalhados pelas Interwebs nos últimos anos alertei para uma inevitabilidade: o momento em que perderíamos controle sobre nossas imagens.

ellenpage

Previ que isso aconteceria primeiro com celebridades, como era demonstrado pela imensa quantidade de fotos fakes.

Antigamente a preocupação era com os paparazzi.

Hoje um adolescente e uma cópia pirata do Photoshop criam cenas cabeludas envolvendo a Katy Perry e vegetais variados (não google!).

Eu previ que o primeiro a se aproveitar das novas tecnologias seria a indústria pornô, a mola-mestra de toda grande invenção.

Com a evolução dos gráficos 3D, em um futuro a médio prazo (3 ou 4 anos) teremos modelos fotorrealistas de celebridades, usados em animações ou substituindo rostos de atrizes, no melhor estilo Avatar. Muitas dessas não serão autorizadas. Quem não gostaria de um pornô com Marilyn Monroe, Salma Hayek, Jennifer Lawrence e Scarlett Johansson? Há toneladas de fotos delas, a Autodesk tem aplicações que convertem imagens em modelos 3D. é só questão de tempo.

Só que nem todo mundo tem paciência de esperar, e isso está dando dor de cabeça pra Sony. Um camarada muito do sacana conseguiu uma cópia de debug do (excelente, dizem) jogos Beyond: Two Souls, e mudou a câmera em uma cena onde a personagem da Ellen Page toma banho, assista:

A cena acima, claro, não mostra nada, mas nas imagens liberadas pelo usuário do Reddit DJMockingJay, dá para ver a nudez digital da atriz em toda sua glória. Não, não vou colocar link pras imagens, considere uma espécie de informação privilegiada acessível somente a quem sabe usar o Google.

Embora Ellen Page tenha sido escaneada em 3D para criação do Avatar, é quase certo que ela não estava peladinha, nem deixou que os animadores tirassem centenas de fotos em alta resolução de suas vergonhas, mesmo nem tão altas e cerradinhas assim. Portanto o que estamos vendo é fruto da imaginação do animador.

Mesmo assim é a personagem da Ellen Page pelada, o que causa problemas. Primeiro, a dúvida, se achamos a imagem sexy ou não. Os gráficos de PS3 não ajudam, mas mesmo assim a imagem está bem no meio do Vale da Estranheza, aquele conceito onde um robô ou representação humana desperta familiaridade mas não o bastante para identificarmos como humano, então sentimos desconforto. Por isso os personagens humanos da Pixar nunca não são humanos demais.

A Sony, compreensivelmente, está put-digo, razoavelmente irritada. Estão enviando pedidos, entregues em mãos por ninjas, para que sites removam as imagens da nudez da atriz. Até aí tudo bem, mas foram além. Estão pedindo que sites removam os artigos falando do caso, mesmo que não tenham imagens.

Ei, Sony, está querendo lançar a Biografia Autorizada da Ellen Page? Querer tirar uma foto da Internet é como tentar tirar mijo de uma piscina usando um copo de requeijão.

No momento eu tendo a achar que o que o tal usuário fez não é mais canalhice do que criar fotos fakes. Ou seja: é canalhice mas qualquer um com bom-senso sabe que a Sandra Bullock não faria fotos em um ângulo ginecológico, cutucando as orelhas com os dedões dos pés. Em 3 ou 4 anos, talvez não seja tão simples.

Do mesmo jeito que é impossível ou incrivelmente trabalhoso achar o autor de um upload, se ele quiser ser anônimo, quando isso se popularizar e tivermos apps, serão tantas imagens, tantos vídeos constrangedores que não será possível acompanhar e remover todos.

E enquanto você está imaginando todas as atrizes famosas que irá “dirigir” em seus filminhos, gostaria de lembrar que não somos só usuários, não somos só espectadores. Na Internet somos todos atores também, e querendo ou não VOCÊ irá aparecer no filminho pornô não-autorizado de alguém.

Bem-vindo ao futuro.

Fonte: CB.

The post Ellen Page Nua Pelada Sem Roupa e — você já clicou, né? appeared first on Meio Bit.








03 Sep 22:11

Alto-falante de gel transparente pode revolucionar mercado de dispositivos de áudio

by Ronaldo Gogoni
Léo Vailati

Adoro viver no futuro

transparent-gel-speaker

Acredite se quiser, isso aí que os pós-doutorados de Harvard Harward Jeong-Yun Sun e Christoph Keplinger estão esticando é um alto-falante completamente funcional. Para quem é fanático por música e fica horas ajustando seus sistemas em busca do ponto de equalização perfeita, a novidade pode agradar e muito, já que os novos acessórios possuem um sistema ativo de cancelamento de som externo, além de serem capazes de produzir um som com muito mais clareza que os falantes atuais.

O alto-falante consiste de duas camadas de um gel transparente à base de água salgada que envolvem uma lâmina de borracha. Os sons são emitidos quando um corrente elétrica forte o suficiente é conduzida pelo gel, fazendo a borracha se contrair e vibrar. A membrana é capaz de reproduzir sons em todo o espectro audível pelo ouvido humano, de 20 Hz a 20 kHz.

transparent-gel-speaker-001

A qualidade da reprodução se dá devido à condução iônica, onde os íons da corrente elétrica  se movem livremente pela estrutura ao contrário do que acontece nos condutores normais de cobre, onde os átomos permanecem fixos. Isso significa que o alto-falante pode ser esticado que a condutividade não é comprometida, o que é excelente. Isso pode permitir dispositivos flexíveis no futuro, e a borracha ajudou a resolver o problema da reação dos íons à alta tensão. A técnica pode ser muito útil combinada com as telas flexíveis que LG e Samsung estão desenvolvendo.

A pesquisa completa foi publicada na Science.

Fonte: The Verge.








01 Nov 16:18

November 01, 2012


Today's comic is based on a twitter conversation I had with Joel Watson of Hijinks Ensue

AND OH shnap! The new adventure-of-your-own-choosing novel is in our store now.


28 Oct 17:23

Nem todo mundo é curioso.

by Zanfa

Você tem que aprender a lidar com isso.

Poxa Batman, custava prestar atenção na história do joquer?

Tweet

21 Oct 17:38

Comic for October 21, 2012

Léo Vailati

"We don't care what smart people think, there aren't that many of them"