I’m struggling to understand how a 1-bit hash error can get irreversibly incorporated into CT, while all the blockchains of the world hum along happily. groups.google.com/a/chromium.org…
The problem here is not that a hash can be corrupted, because that happens. The problem is that somehow the totally “breaks” the CT log? Seems like an avoidable design error. But it’s early and I’m still drinking my coffee.
Anyway, it seems to me that every cryptographic system should be built with the assumption that something (memory, network, 56K phone modem) will introduce errors, and the system will detect those errors — but not by exploding.
I wonder if anyone calculated the mean-time-to-hash-error before deploying CT. Using conservative assumptions about deployment of ECC RAM, etc. Are we way outside the expected range now?
In any case: someone down in comments points out that log failure is supposed to happen, and that there are lots of logs so this is NBD. I’m open to that perspective — but I’ll be honest it still makes me nervous.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
I was going to laugh off this Kaspersky password manager bug, but it is *amazing*. In the sense that I’ve never seen so many broken things in one simple piece of code. donjon.ledger.com/kaspersky-pass…
Like seriously, WTF is even happening here. Why are they sampling *floats*? Why are they multiplying them together? Is this witchcraft?
And here, Kaspersky decided that instead of picking a random password, they should bias the password to be non-random and thus “less likely to be on a cracker list”. 🤦🏻♂️
This is an amazing paper. It implies (with strong statistical evidence) that the design of a major mobile-data encryption algorithm — used in GPRS data — was deliberately backdoored by its designer. eprint.iacr.org/2021/819
The GPRS standards were extensions to the GSM (2G/3G) mobile standard that allowed phones to use data over cellular networks. This was before LTE. For security, the standards included encryption to provide over-the-air security for your data. 2/
As is “normal” for telephony standards, the encryption was provided by two custom ciphers: GEA-1 and GEA-2. While there were strong export control regulations in place for crypto, there’s little overt indication that either of these ciphers was deliberately weakened. 3/
This is where we’re at. The responsibility for fighting surveillance abuse falls to tech companies, because nobody even pretends that the Federal government and courts are functional moral actors.
I have to assume that right now Apple and other tech companies are developing procedures to identify subpoenas that are aimed at Congress, on the assumption that the DoJ can’t be trusted to tell them.
“Well, we only handed over metadata, not content.”
You handed over a list that could contain every phone number House Intelligence Committee members ever spoke to or texted with, and you think that makes it ok?