In the above scene where Gilfoyle says he hacked Dinesh's SSH/TLS keys for his car this screen pops up. It might look like gobbledigook, but it's actually referencing a core component protecting these keys: The Discrete Log problem.
And what it says is horrifying.
And what it says is horrifying.
The Discrete Log Problem (DLP) is a mathematical problem that says it's computationally intractable to compute discrete logarithms - especially when using large prime numbers.
For an awesome lecture on DLP and its applications, check this out:
For an awesome lecture on DLP and its applications, check this out:
Crypto uses DLP to protect a number of different ciphers. In SSH it protects the key generation process for secure communication and typically is encompassed in two areas
1.) Ephemeral Diffie-Hellman
2.) Elliptic Curve Cryptography
1.) Ephemeral Diffie-Hellman
2.) Elliptic Curve Cryptography
Diffie-Hellman is an algorithm used to create a secure session key that allows to parties to exchange keys and have a one to one connection.
The benefits of Diffie-Hellman are that it's relatively easy to setup and usually pretty light on communication.
en.wikipedia.org/wiki/Diffie%E2…
The benefits of Diffie-Hellman are that it's relatively easy to setup and usually pretty light on communication.
en.wikipedia.org/wiki/Diffie%E2…
Drawbacks? Well if you there's no good mutual authentication and you can pretend you're someone else.
This is what we typically call a "Man in the Middle" attack.
Also worse if you do get this key, you can decrypt future conversations - something we call "replay attacks."
This is what we typically call a "Man in the Middle" attack.
Also worse if you do get this key, you can decrypt future conversations - something we call "replay attacks."
SSH uses a variant called Ephemeral Diffie-Hellman that helps protect against this "Man in the Middle." This helps you setup session keys such that you have diff keys every exchange, reducing the replay attack vector.
But we still have the ID problem...
tls.mbed.org/kb/cryptograph…
But we still have the ID problem...
tls.mbed.org/kb/cryptograph…
To identify parties we typically use Public Key Infrastructure (PKI) crypto, which means you can share parts of your keys for operations like identification of allowing others to encrypt data just for you.
For SSH/TLS, the common PKI used for identity is something called ECC
For SSH/TLS, the common PKI used for identity is something called ECC
ECC stands for "Elliptic Curve Cryptography." Basically its a suite of crypto that relies on geometry for PKI.
To oversimplify: think of drawing lines through a curve. You could share the curve publicly, but keep lines private. Get where they combine and you have the private key
To oversimplify: think of drawing lines through a curve. You could share the curve publicly, but keep lines private. Get where they combine and you have the private key
A type of ECC called ECDSA (Elliptic Curve Digital Signature Algorithm) is commonly used for identifying parties in SSH.
ECDSA is super popular: it protects how you know you're talking to Twitter under "https", protects bitcoin wallet sigs, etc.
ECDSA is super popular: it protects how you know you're talking to Twitter under "https", protects bitcoin wallet sigs, etc.
With ECDSA, your signature verifying your identity is a function of a few components: the curve you're using, the hashing algorithm, etc.
In order to fraud ECDSA you need to either go around the math protecting some of these parameters (i.e.: steal them) or go through them
In order to fraud ECDSA you need to either go around the math protecting some of these parameters (i.e.: steal them) or go through them
The math protecting ECDSA and most other ECC is actually *drum roll* the same Discrete Log problem.
I won't get into detail why, but short answer here is that efficiently solving for some of the above components basically requires you taking that pesky Discrete Logarithm
I won't get into detail why, but short answer here is that efficiently solving for some of the above components basically requires you taking that pesky Discrete Logarithm
ALLLLLRIIIIGHT so let's get back to Silicon Valley. Gilfoyle presents how he hacked Dinesh's Tesla using PiedPiper's AI that originally was designed for compression.
What the AI seems to be doing (and rendering elegantly in a beautiful GUI - inefficient but do u) is testing whether a number of different curves for ECDSA are secure.
Again these are the components used to identify you're talking to your bank when you login.
Again these are the components used to identify you're talking to your bank when you login.
Specifically PiperNet is actually looking (at least on this test) at whether or not each curve's ECDSA variant is secure up until the math protecting discrete log. This is computationally **insanely hard**, which means that PiperNet is a Skynet-level distributed supercomputer
Gilfoyle then notes that he was able to break that encryption and take control of Dinesh's car via the mobile app, which means that having finished its probe that PiperNet is able to efficiently solve the discrete log problem.
That's fucking terrifying.
That's fucking terrifying.
IRL we only know of one foolproof way to efficiently calculate a discrete logarithm: quantum computing.
There's an algorithm called Shor's Algorithm that Quantum Computers can run that allows them to calculate discrete logs orders of magnitudes faster than normal computers.
There's an algorithm called Shor's Algorithm that Quantum Computers can run that allows them to calculate discrete logs orders of magnitudes faster than normal computers.
Shor's is what you commonly hear referred to when people talk about quantum threats. Because it can be run to take discrete logs, it can guess ECDSA, EDH, and RSA keys in a "possible to compute" period of time.
For more on Shor's and other QC, see: hashicorp.com/blog/quantum-s…
For more on Shor's and other QC, see: hashicorp.com/blog/quantum-s…
We've seen nothing to imply PiperNet uses quantum computers. So instead, PiperNet has done one of two scifi things:
1.) It has so much computing power it sieved that key naturally (frightening)
2.) It has discovered advances in math for a classical discrete log (even scarier)
1.) It has so much computing power it sieved that key naturally (frightening)
2.) It has discovered advances in math for a classical discrete log (even scarier)
2 seems to be more accurate given that PiperNet isn't changing how computing works but rather is a radical advancement in AI.
It's also probably why Monica ends up working at the NSA in the end. An AI that discovers advances in math is worth its weight in antimatter for crypto.
It's also probably why Monica ends up working at the NSA in the end. An AI that discovers advances in math is worth its weight in antimatter for crypto.
SPEAKING OF THE NSA, whoever advised this episode included some very, VERY deep easter eggs for folks who work in cryptography.
Throughout the screens showing ECDSA curve variants, Gilfoyle and Pipernet both trash NIST-standard cryptography.
Throughout the screens showing ECDSA curve variants, Gilfoyle and Pipernet both trash NIST-standard cryptography.
NIST stands for the National Institute of Standards and Technology. Per the name, it focuses on a lot of standards - including the math used by cryptography and major #infosec standards like FIPS 140-2.
csrc.nist.gov/publications/d…
csrc.nist.gov/publications/d…
NIST has a number of vetted crypto algorithms that it ensures are secure. Some of them are ECDSA curve variant algorithms like ECDSA P-256.
But these algorithms seem to fail PiperNet's tests on security for some reason..
But these algorithms seem to fail PiperNet's tests on security for some reason..
Gilfoyle makes a presentation (that he doesn't present - typical) that goes into more detail on P-256's insecurity. According to him it's an outdated standard because it "is expected of having a NSA backdoor"
This is a real concern from the crypto community. TLDR the parameters of P-256 are questionable and some see this as a way of promoting insecure crypto so the government can spy on folks.
Hell of an in joke, Silicon Valley.
ogryb.blogspot.com/2014/11/why-i-…
Hell of an in joke, Silicon Valley.
ogryb.blogspot.com/2014/11/why-i-…
In real life, PiperNet's style of cryptanalysis doesn't really exist. But this episode does highlight a few key things important in real world crypto:
1.) Advances in other fields like AI have an impact on security
2.) The devil is in the details when it comes to securing crypto
1.) Advances in other fields like AI have an impact on security
2.) The devil is in the details when it comes to securing crypto
PS: this ep hit for me as the "compression vs. encryption" issue is how I got started in #Crypto
10 yrs ago I worked at NetApp on what became Volume Level Encryption (aka: encrypt data at rest and deduplicate/compress it).
Some memories in this epp.
docs.netapp.com/ontap-9/index.…
10 yrs ago I worked at NetApp on what became Volume Level Encryption (aka: encrypt data at rest and deduplicate/compress it).
Some memories in this epp.
docs.netapp.com/ontap-9/index.…
