[wellylug] Interesting security paper from University of Auckland
Ch'Gans
chgans at gna.org
Mon May 19 00:20:43 NZST 2014
Hi,
I thought it might of interest to some of you, in case you didn't heard
of it. Plus it's by a guy from the University of Auckland.
This article explains why attacking crypto (the algorithm) is
uninteresting, better off attacking the implementation (the human factor).
It reminded me the old days where "pirating" a BIOS was as easy as
replacing the one assembler instruction that tested the end result of
the flash integrity algorithm by another assembler instruction that
simply said "yes" unconditionally.
Crypto won't save you either
Peter Gutmann
University of Auckland
http://regmedia.co.uk/2014/05/16/0955_peter_gutmann.pdf
Original article, from "The Register":
http://www.theregister.co.uk/2014/05/16/kiwi_prof_calls_bunk_on_nsaproof_tech_says_crypto_is_enough/
Chris
--
QtCreator/qmakeparser.cpp:42
////////// Parser ///////////
#define fL1S(s) QString::fromLatin1(s)
namespace { // MSVC2010 doesn't seem to know the semantics of "static" ...
More information about the wellylug
mailing list