|
Dex posted:distributed denial of society
|
#
?
Nov 9, 2016 15:32
|
|
|
|
| # ? Jun 3, 2024 17:14 |
|
|
Jabor posted:im the 3840 bits of entropy in the negotiated key that they just throw away immediately not much choice there, all schemes based on classic DH have to do something like that. it's just typically done in a way more careful fashion than just "sha256 I guess lol". zrtp for example generates the key (and salt/iv!) like this: srtpkeyi = KDF(s0, "Initiator SRTP master key", KDF_Context, negotiated AES key length) srtpsalti = KDF(s0, "Initiator SRTP master salt", KDF_Context, 112) srtpkeyr = KDF(s0, "Responder SRTP master key", KDF_Context, negotiated AES key length) srtpsaltr = KDF(s0, "Responder SRTP master salt", KDF_Context, 112) (upstream and downstream use separate keys) where the KDF function is: KDF(KI, Label, Context, L) = HMAC(KI, i || Label || 0x00 || Context || L) (you can see a lovely halfassed attempt at a similar KDF in that diagram) and s0 (the shared secret) and kdf_context (the nonce) are: s0 = hash(0x01 || DHResult || "ZRTP-HMAC-KDF" || ZIDi || ZIDr || total_hash || ...) KDF_Context = (ZIDi || ZIDr || total_hash) where dhresult is the shared secret negotiated through diffie-hellman, zidi and zidr are the unique identifiers of the two peers, and total_hash is a hash of the concatenation of all key agreement protocol messages exchanged (which includes the diffie-hellman challenges and tons of other things). I omitted the auxiliary secrets that can be mixed in the calculation of s0, but yes even more stuff could go in there all of these are nist and fips constructions, nothing was improvised or just made up
|
|
#
?
Nov 9, 2016 15:34
|
|
|
Dex posted:distributed denial of society moooooooooooooooooooooooooooooooooooooooooooooods
|
|
#
?
Nov 9, 2016 16:32
|
|
|
Dex posted:distributed denial of society
|
|
#
?
Nov 9, 2016 18:33
|
|
|
Dex posted:distributed denial of society
|
|
#
?
Nov 9, 2016 18:57
|
|
|
so i just found a scrap of paper with someone's username/password on it in the stairwell of the parking garage it's on investment bank letterhead
|
|
#
?
Nov 9, 2016 19:50
|
|
|
Strongly consider not touching the poop
|
|
#
?
Nov 9, 2016 19:52
|
|
|
shred it
|
|
#
?
Nov 9, 2016 19:55
|
|
|
ate all the Oreos posted:so i just found a scrap of paper with someone's username/password on it in the stairwell of the parking garage take a scan and tweet it at the bank
|
|
#
?
Nov 9, 2016 19:56
|
|
|
Volmarias posted:Strongly consider not touching the poop yeah to be clear i'm not going to do anything with this at all, i think i know where this thing came from (it's in my building) so I'm gonna run down there and go "hey uh you might want this maybe keep better track of that stuff next time," otherwise I'll just drop it in the shredder just postin' bout it cuz lol banks
|
|
#
?
Nov 9, 2016 19:56
|
|
|
nice read on some internal nsa whistleblowing over the security of ecdh in 2010: https://www.schneier.com/blog/archives/2016/11/whistleblower_i.html gotta go to the comments for a link to the actual report
|
|
#
?
Nov 9, 2016 20:12
|
|
|
Wiggly Wayne DDS posted:nice read on some internal nsa whistleblowing over the security of ecdh in 2010: https://www.schneier.com/blog/archives/2016/11/whistleblower_i.html lol @ the redacted chunk, followed by " To ensure Suite B's integrity, ECDH would never be employed alone. ln order to provide the necessary level of information assurance, ECDH must be incorporated with the other Suite B component algorithms and approved implementation protocols"
|
|
#
?
Nov 9, 2016 20:51
|
|
|
yeah there's a weird amount of telling leftovers amidst the redacted parts
|
|
#
?
Nov 9, 2016 20:53
|
|
|
Dex posted:distributed denial of society
|
|
#
?
Nov 9, 2016 21:01
|
|
|
"smart" devices actually dumb as gently caress, redux: http://www.theregister.co.uk/2016/11/09/finns_chilling_as_ddos_knocks_out_building_control_system/
|
|
#
?
Nov 9, 2016 22:38
|
|
|
hackbunny posted:"smart" devices actually dumb as gently caress, redux: quote:That sent the remote systems into an endless cycle of rebooting in an attempt to reconnect, leaving the residents with no central heating and cold showers. guess everything froze up
|
|
#
?
Nov 9, 2016 22:53
|
|
|
sophos is able to identify that a batch file and a shortcut are "virus/malware" but is not smart enough to determine how these files are able to reappear after sophos quarantines/deletes them. thanks sophos
|
|
#
?
Nov 9, 2016 23:10
|
|
|
anthonypants posted:[av vendor] is able to identify that [anything] are "virus/malware" but is not smart enough to determine how these files are able to reappear after [av vendor] quarantines/deletes them. thanks [av vendor]
|
|
#
?
Nov 9, 2016 23:12
|
|
|
Zamujasa posted:guess everything froze up *groan*
|
|
#
?
Nov 9, 2016 23:19
|
|
|
lame new thread title, i voted forDex posted:distributed denial of society
|
|
#
?
Nov 10, 2016 00:14
|
|
|
ate all the Oreos posted:lame new thread title, i voted for
|
|
#
?
Nov 10, 2016 00:14
|
|
|
ate all the Oreos posted:lame new thread title, i voted for a majority of people did in fact, but that's not how the voting is decided
|
|
#
?
Nov 10, 2016 01:24
|
|
|
ate all the Oreos posted:yeah to be clear i'm not going to do anything with this at all, i think i know where this thing came from (it's in my building) so I'm gonna run down there and go "hey uh you might want this maybe keep better track of that stuff next time," otherwise I'll just drop it in the shredder just destroy it. if you give it back to them you open yourself to having to prove you didn't log into it if there's any irregularities AT ALL in that account in the preceding six months plus however long it is before they change the password
|
|
#
?
Nov 10, 2016 01:27
|
|
|
Jabor posted:a majority of people did in fact, but that's not how the voting is decided And since it's never been decided popularly, this is a surprise, how?
|
|
#
?
Nov 10, 2016 01:55
|
|
|
flosofl posted:And since it's never been decided popularly, this is a surprise, how?
|
|
#
?
Nov 10, 2016 01:57
|
|
|
Zamujasa posted:guess everything froze up 
|
|
#
?
Nov 10, 2016 01:58
|
|
|
yes but this time it's happening to me, personally!
|
|
#
?
Nov 10, 2016 01:59
|
|
|
anthonypants posted:whoosh Jesus, I can't read.
|
|
#
?
Nov 10, 2016 02:00
|
|
|
minecraft.gov the official minecraft server of the department of cyber and cool tweens
|
|
#
?
Nov 10, 2016 04:36
|
|
|
hackbunny posted:"smart" devices actually dumb as gently caress, redux: "it was mirai" Yes, I'm sure it took a Tb/s attack to knock two apartment buildings of some rando management company off the Internet
|
|
#
?
Nov 10, 2016 07:33
|
|
|
Okay, so according to finnish communications regulatory authority it was not mirai, and somehow through a game of telephone it changed to "it was mirai"
|
|
#
?
Nov 10, 2016 10:06
|
|
|
Wheany posted:Okay, so according to finnish communications regulatory authority it was not mirai, and somehow through a game of telephone it changed to "it was mirai"
|
|
#
?
Nov 10, 2016 10:10
|
|
|
hackbunny posted:
counter mode is a good stream cipher, e.g. aes-gcm is counter mode + authentication the authentication is important though
|
|
#
?
Nov 10, 2016 10:11
|
|
|
https://twitter.com/jiveassbaloney/status/796082968087367680 https://twitter.com/jiveassbaloney/status/796086586748309504
|
|
#
?
Nov 10, 2016 10:15
|
|
|
suffix posted:counter mode is a good stream cipher, e.g. aes-gcm is counter mode + authentication yes, you're right, I misremembered
|
|
#
?
Nov 10, 2016 10:21
|
|
|
The http://blacknurse.dk/ thing mentioned a couple pages back has been revealed and is a ping flood
|
|
#
?
Nov 10, 2016 10:28
|
|
|
Truga posted:https://twitter.com/jiveassbaloney/status/796082968087367680 those voting machines must've had an int overflow
|
|
#
?
Nov 10, 2016 10:30
|
|
|
loving jackass should get a night in jail to learn to differentiate between a joke and wasting government resources and undermining (stupid, granted) peoples faith in the democratic process
|
|
#
?
Nov 10, 2016 10:34
|
|
|
that heating issue once again proves that internet of poo poo  smart devices should fall back to "dumb" mode and not shut down when they're offline.live tweeting the toasting progress of your bread should be a value add and not considered a critical function of the device.
|
|
#
?
Nov 10, 2016 10:47
|
|
|
|
| # ? Jun 3, 2024 17:14 |
|
|
Cybernetic Vermin posted:loving jackass should get a night in jail to learn to differentiate between a joke and wasting government resources and undermining (stupid, granted) peoples faith in the democratic process if the FBI can't understand bogus php code and usb sticks can't fukc with voting, they deserve everything they get
|
|
#
?
Nov 10, 2016 12:26
|
|