Re: Elcomsoft trying to patent faster GPU-based password cracker
On Oct 24, 2007, at 1:21 PM, Steven M. Bellovin wrote: I hope they don't get the patent. The idea of using a GPU for cryptographic calculations isn't new; see, for example, Remotely Keyed Cryptographics: Secure Remote Display Access Using (Mostly) Untrusted Hardware (http://www1.cs.columbia.edu/~angelos/Papers/2005/ rkey_icics.pdf) Debra L. Cook, Ricardo Baratto, and Angelos D. Keromytis. In Proceedings of the 7th International Conference on Information and Communications Security (ICICS), pp. 363 - 375. December 2005, Beijing, China. An older version is available as Columbia University Computer Science Department Technical Report CUCS-050-04 (http://mice.cs.columbia.edu/getTechreport.php? techreportID=110format=pdf), December 2004. I agree completely. If the PTO does their job, they won't get it. This is like claiming that once we know that making daiquiris in a blender is possible, it's patentable to improve that by making pina coladas. If you're skilled in the art, you know that this is pretty obvious. Crypto extended to cryptanalysis is less of a stretch than strawberries extended to coconut and pineapple. Unfortunately, the PTO hands out patents for things like using a laser pointer as a cat toy. Jon - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
fyi: Report on Workshop on Next Steps for XML Signature and XML Encryption
of possible interest to some... Scott Cantor and I represented the perspective of xmldsig is broken/mess/complex from some non-trivial number of implementors' perspective, we spec'd 'just sign the blob' in a SAML binding spec recently because of this, perhaps if xmldsig is rev'd these sorts of concerns/approaches should be taken into account, to promote interoperability, and didn't get ignored, interestingly enough. Also, a few other participants explicitly mentioned the streaming use case, which is a key concern in Peter Gutmann's xmldsig critique: http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt. As the report described below indicates, there's an effort emerging to charter a W3C working group to rev the xmldsig spec, which might be of interest to various folk. =JeffH Original Message Subject: Report on Workshop on Next Steps for XML Signature and XML Encryption Date: Tue, 23 Oct 2007 19:40:41 +0200 From: Thomas Roessler [EMAIL PROTECTED] To: [EMAIL PROTECTED] On 25 and 26 September 2007, W3C held a Workshop on Next Steps for XML Signature and XML Encryption [1] in Mountain View, CA, USA, hosted by VeriSign. The group has published its summary report [2]. The Workshop report indicates strong interest in additional work on XML security and interest in a Working Group. Attendees identified the areas of highest interest: - Create a basic profile of XML Signature - Review and possibly update the referencing model using xml:id and other mechanisms - Update cryptographic algorithms - Revisit XML canonicalization - Update the transform model. Areas of ongoing and medium interest that were identified are scalable profiling, implementation guidance, key management issues, XKMS, XML 1.1, EXI, and interaction with other security organizations. The Workshop report will serve as input for the deliverable of the XML Security Specification Maintenance Working Group to propose a draft charter for possible follow-up work. To enable discussion among Workshop attendees, Working Group participants, and the broader community, this mailing list, [EMAIL PROTECTED] (public archive [3]), has been created. Participation in the mailing list is open to all interested parties. Current list subscribers include the members of the XML Security Specifications Maintenance Working Group, and workshop participants. If you want to be removed from the list, please let me know. [1] http://www.w3.org/2007/xmlsec/ws/cfp [2] http://www.w3.org/2007/xmlsec/ws/report [3] http://lists.w3.org/Archives/Public/public-xmlsec-discuss/2007Oct/ -- Thomas Roessler, W3C [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Elcomsoft trying to patent faster GPU-based password cracker
I was the person who originated the DES Challenges at RSA, and also helped set up and run them. I knew that there was a stealth effort underway at SGI, but didn't know any of the details. A good deal of cool stuff came out of the contests. Other prior art against this patent would include using the DSP chip in the Amiga graphics set for non-graphics purposes, which was often done back in the 80s. Peter Trei -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ian Farquhar (ifarquha) Sent: Wednesday, October 24, 2007 7:35 PM To: 'Cryptography' Subject: RE: Elcomsoft trying to patent faster GPU-based password cracker ROTFL. When SGI's stealth DES Challenge project was underway in 1997, it's main client ran on the host's (MIPS) CPU(s), implemented with a variant of Eli Biham's bit-slice DES implementation. The 64-bit 195MHz R1 could do 2.5M keys/sec. I was peripherally involved in the project. One of the things I was looking into was offloading the client into the VICE ASIC on the O2. The VICE ASIC was a compression offload engine, and combined with the MACE ASIC (which had the 3D rendering pipeline), provided graphics support on the O2. At the time, SGI put a workstation on everyone's desk in the company, so there were thousands of O2's around the company. The VICE itself had two CPU's in it, the MSP which was a R4000-derived core with a 128bit vector unit, and the BSP which was a custom little RISC core designed for efficiently slicing non-word-aligned multimedia bit streams. Biham's algorithm would have run beautifully on the VICE. I'd just gotten the devkit when the project came to an end with DESCHALL's successful keyfind. So I'm feeling a little bit of déjà vu about Elcomsoft's patent here. Offloading keyfinding algorithms to a programmable graphics accelerator. Wow, sounds *very* familiar. But alas, probably not sufficient for a prior art claim. Gotta also wonder if the mailing list traffic would still exist in SGI too. Mind you, if the patent system wasn't totally broken, this application would fail the obviousness test anyway. The GPU's mentioned below are basically just optimized little co-processors anyway. How much innovation is there in offloading crypto to a coprocessor? Ian. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 25 October 2007 3:25 AM To: Cryptography Subject: Elcomsoft trying to patent faster GPU-based password cracker From: http://www.elcomsoft.com/EDPR/gpu_en.pdf Moscow, Russia - October 22, 2007 - ElcomSoft Co. Ltd. has discovered and filed for a US patent...Using the brute force technique of recovering passwords, it was possible, though time-consuming, to recover passwords from popular applications. For example...Windows Vista uses NTLM hashing by default, so using a modern dual-core PC you could test up to 10,000,000 passwords per second, and perform a complete analysis in about two months. With ElcomSoft's new technology, the process would take only three to five days..Today's [GPU] chips can process fixed-point calculations. And with as much as 1.5 Gb of onboard video memory and up to 128 processing units, these powerful GPU chips are much more effective than CPUs in performing many of these calculations...Preliminary tests using Elcomsoft Distributed Password Recovery product to recover Windows NTLM logon passwords show that the recovery speed has increased by a factor of twenty, simply by hooking up with a $150 video card's onboard GPU. -Michael Heyman - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
