[wellylug] Interesting security paper from University of Auckland

Ch'Gans chgans at gna.org
Mon May 19 00:20:43 NZST 2014


Hi,

I thought it might of interest to some of you, in case you didn't heard 
of it. Plus it's by a guy from the University of Auckland.
This article explains why attacking crypto (the algorithm) is 
uninteresting, better off attacking the implementation (the human factor).
It reminded me the old days where "pirating" a BIOS was as easy as 
replacing the one assembler instruction that tested the end result of 
the flash integrity algorithm by another assembler instruction that 
simply said "yes" unconditionally.

Crypto won't save you either
Peter Gutmann
University of Auckland
http://regmedia.co.uk/2014/05/16/0955_peter_gutmann.pdf

Original article, from "The Register":
http://www.theregister.co.uk/2014/05/16/kiwi_prof_calls_bunk_on_nsaproof_tech_says_crypto_is_enough/

Chris

-- 
QtCreator/qmakeparser.cpp:42
////////// Parser ///////////
#define fL1S(s) QString::fromLatin1(s)
namespace { // MSVC2010 doesn't seem to know the semantics of "static" ...



More information about the wellylug mailing list