The system is vulnerable to a simple chosen plaintext attack as soon as you
extract a workable scheme from the vague description in the paper (see appendix
A for the closest thing to an actual specification of an encryption scheme).
It should be an embarrassment to both Phys Rev X and the Unive
On 10 April 2014 01:17, wrote:
> http://threatpost.com/crypto-model-based-on-human-cardiorespiratory-coupling/105284
>
> This is nonsense, right? Unbounded in the sense of relying on secrecy of the
> unbounded number of algorithms?
Also not novel. I don't have a reference to hand, but I was al
i did not read the paper, but, if their model is a variant of OTP, with
a running stream cipher, it is possible, that it is "non-decryptable by
method" or semantically secure, or has no algorithmic decryption, only
brute force. however, as protein signalling (bio-informatics) is based
on a limi
On 10/04/14 00:41, Stephen Farrell wrote:
> Well, the RFC [1] (end of p5) does say :
>
> If the payload_length of a received HeartbeatMessage is too large,
> the received HeartbeatMessage MUST be discarded silently.
>
> I guess that doesn't say "longer than actual payload" though so
> it d
Does heartbleed allow one to read (discarded, freed) physical memory containing
data from the OS and/or other processes in linux?
A friend and I were discussing this. If the memory management is "lazy"
(doesn't clear on page allocation/free), and if processes don't clear their own
memory, I won
On Thu, Apr 10, 2014 at 10:09:10AM -0700, Scott G. Kelly wrote:
> Does heartbleed allow one to read (discarded, freed) physical memory
> containing data from the OS and/or other processes in linux?
Yes. It doesn't clear memory when it is freed, so you may end up
allocating memory that has old co
On Thu, 10 Apr 2014 10:09:10 -0700 (PDT), "Scott G. Kelly"
wrote:
> My friend thinks "modern" operating systems clear memory to
> prevent inter-process data leakage. Of course, I agree that this is
> security goodness, but I wonder if, in the name of performance, this
> is "optional".
I think ev
I believe that the Linux kernel allocates a zero-page in the page table when a
first-use (read) page fault occurs, and the zero-page is in fact zeroed out.
Since Linux is copy-on-write, when a write occurs to an address that maps
somewhere in that zero-page, a new page is allocated, the zero-page i
On Thu, Apr 10, 2014 at 06:26:48PM +0100, Rob Kendrick wrote:
| On Thu, Apr 10, 2014 at 10:09:10AM -0700, Scott G. Kelly wrote:
| > Does heartbleed allow one to read (discarded, freed) physical memory
containing data from the OS and/or other processes in linux?
|
| Yes. It doesn't clear memory w
On Thu, Apr 10, 2014 at 11:48:15AM -0600, sch...@subverted.org wrote:
> On Thu, Apr 10, 2014 at 06:26:48PM +0100, Rob Kendrick wrote:
> | On Thu, Apr 10, 2014 at 10:09:10AM -0700, Scott G. Kelly wrote:
> | > Does heartbleed allow one to read (discarded, freed) physical memory
> containing data fro
In article <20140410172648.gj8...@platypus.pepperfish.net> you write:
>On Thu, Apr 10, 2014 at 10:09:10AM -0700, Scott G. Kelly wrote:
>> Does heartbleed allow one to read (discarded, freed) physical memory
>> containing data from the OS and/or other processes in linux?
>
>Yes. It doesn't clear m
At 10:09 AM 4/10/2014, Scott G. Kelly wrote:
>Does heartbleed allow one to read (discarded, freed) physical memory
>containing data from the OS and/or other processes in linux?
>
>A friend and I were discussing this. If the memory management is "lazy"
>(doesn't clear on page allocation/free), and
> Well, the operating system clears memory when it is allocated to a new
> process,
>but that doesn't matter. The residue containing memory sits around until it's
>needed. And quite possibly during that time before it is re-allocated it is
>subject to disclosure via heartbleed.
Heartbleed is a
On Thu, Apr 10, 2014 at 10:31 PM, John Levine wrote:
>> Well, the operating system clears memory when it is allocated to a new
>> process,
> That's plenty bad, of course.
Yeah, too bad none of that memory can be made executable :)
___
cryptography ma
On Thu, Apr 10, 2014 at 1:09 PM, Scott G. Kelly wrote:
> A friend and I were discussing this. If the memory management is "lazy"
> (doesn't clear on page allocation/free), and if processes don't clear their
> own memory, I wondered if heartbleed would expose anything. My friend thinks
> "modern" o
> -Original Message-
> From: cryptography [mailto:cryptography-boun...@randombit.net] On Behalf
> Of Kevin W. Wall
> Sent: Friday, April 11, 2014 00:20
> To: Scott G. Kelly
> Cc: Crypto discussion list
> Subject: Re: [cryptography] question about heartbleed on Linux
>
> On Thu, Apr 10, 201
https://www.eff.org/deeplinks/2014/04/wild-heart-were-intelligence-agencies-using-heartbleed-november-2013
Yesterday afternoon, Ars Technica published a story reporting two
possible logs of Heartbleed attacks occurring in the wild, months
before Monday's public disclosure of the vulnerability. It
17 matches
Mail list logo