Security Now 181
|Hosts: Leo Laporte and Steve Gibson|
Topic: Crypto Recap
Recorded: January 28, 2009
Published: January 29, 2009
Steve and Leo recap on all of the cryptographic theories they have covered in the last three years in preparation for future discussions on SSL and keyed message authentication code.
- Future topic: keyed message authentication code
News and Errata
- Apple Quicktime version 7.6 has seven critical exploits which have been fixed in an update for the program on both Windows and Mac.
- Pirated versions of Apple iWork '09 have been appearing on file sharing sites with a trojan that will deeply infect your Mac with a bot net.
- The computers at hospitals in Sheffield, UK which were infected by a worm have auto update disabled due to critical life support systems restarting during surgery. So ensure you pick the updating option which suits your situation best and keep up to date.
- The limited size of the Yubikey, static password was discussed last week and a GRC newsgroup member with the handle "ferrix" has been working with it for a long time at a low level and believes it is possible for it to generate a longer static password.
- Steve was given the trademark for "Cryptolink" and has purchased the domain name http://www.cryptolink.com.
- Trojan horses have been posted on the http://My.BarackObama.com forum.
3.5 year review of all the security pieces that have been talked about.
Threat model - what is it we can do? what are we trying to do?
For example, we assume the endpoints are secure while we try to secure the communication between the two endpoints - keystroke logger, for example, we can't secure against - if someone gets physical access, we're insecure.
We assume non-infinite computational power because all of the crypto is subject to brute force attack, no matter how long the key is.
"Perfect" security? yes, one-time pad - still isn't secure if someone has physical access.
Much crypto depends on this fact: it is very easy to multiply two big prime numbers together, not easy to factor the result into those two original primes.
Taking something to a power is easy, taking the log is hard - also a fundamental assumption of security at present.
You want there not to be a single point of failure, even if single communications is cracked, all the rest of the communications should still be secure - a single shared key is a bad idea for this reason.
Assume endpoints secure, path inbetween (the internet) are totally insecure.
What do we mean by security? In this context where we're protecting traffic between two endpoints, we want 3 things:
- Confidentiality, interceptor in the middle cannot read the messages
- Integrity of message, guard against message being modified
- Authenticate the endpoints, are we really talking who we think we are?
Encryption gives confidentiality, symmetric (same key at both ends used to encrypt and decrypt), asymmetric (two different keys used, one to encrypt a random symmetric key that's used to encrypt the message, the other to decrypt that symmetric key), key agreement.
Message integrity, using hashes to create a signature (md5, sha1, etc), a hash is a digest of a much-larger communication, a fingerprint - any change to the original message will change that fingerprint - not computationally feasible to make a change to the original message and deliberately produce the same signature - md5 has been broken in this respect.
- In a couple of weeks we'll talk about keyed digest, giving an authenticated signature, which we don't have now.
Endpoint authentication, certificates and chain of trust anchored to a root authority.
Ad Time: 0:33-0:44 and 24:22-28:42
Ad Time: 0:44-0:58 and 04:00-06:49 http://GoToMeeting.com/securitynow
- Recorded Date: January 28, 2009
- Release Date: January 29, 2009
- Duration: 1:05:53
- Log line:
- Edited by: Tony
- Notes: NA
|This area is for use by TWiT staff only. Please do not add or edit any content within this section|