Oliver Welter wrote:
> We made a concept for a secure media player and now try to attack it -
> the openssl related question is:
>
> We use openssl to en/decrypt data with 3des - is it possible to retrieve
> the used key while running a de/encryption via a memory debugger or
> something similar ?
> As I am new here I frist want to introduce myself - I am a scientific
> employee at Technische Universitaet Muenchen and we do some research on
> DRM related security mechanisms.
The short answer is that you cannot reliably both grant and deny access to
the same entity.
> We made a con
On July 23, 2004 02:42 am, Oliver Welter wrote:
> We use openssl to en/decrypt data with 3des - is it possible to
> retrieve the used key while running a de/encryption via a memory
> debugger or something similar ? Are there any preventions against such
> attacks or has noone ever thought about suc
Roberto López Navarro wrote:
I think I read something that may help you in the article "Playing hide and
seek with stored keys" by Adi Shamir and Nicko van Someren. The abstract:
"In this paper we consider the problem of efficiently locating
cryptographic keys hidden in gigabytes of data, such a
I think I read something that may help you in the article "Playing hide and
seek with stored keys" by Adi Shamir and Nicko van Someren. The abstract:
"In this paper we consider the problem of efficiently locating
cryptographic keys hidden in gigabytes of data, such as the
complete file system o
In message <[EMAIL PROTECTED]> on Fri, 23 Jul 2004 09:53:08 +0200, Oliver Welter
<[EMAIL PROTECTED]> said:
mail> One Idea is, not to store the full key but the derived chunks
mail> and produce some "noise" around the parts - so you are unable to
mail> read the whole key. Using your "approach" to
hi Lev,
[stuff deleted]
this is very trivial. the key is contained clear-text in the memory image
of a process (/dev/mem, or whatever). To try to decrypt the data with
the key,
the simplest case is a brute-force: fetch a memory region at location X,
treat it as a key, and try to decrypt an encrypt
Lev Walkin wrote:
Oliver Welter wrote:
Hello Lev,
thx for the quick answer
We use openssl to en/decrypt data with 3des - is it possible to
retrieve the used key while running a de/encryption via a memory
debugger or something similar ?
[skip]
plan for building the system for which the cost of st
Oliver Welter wrote:
Hello Lev,
thx for the quick answer
We use openssl to en/decrypt data with 3des - is it possible to
retrieve the used key while running a de/encryption via a memory
debugger or something similar ?
[skip]
plan for building the system for which the cost of stealing the key
wou
Hello Lev,
thx for the quick answer
We use openssl to en/decrypt data with 3des - is it possible to
retrieve the used key while running a de/encryption via a memory
debugger or something similar ?
yes.
Are there any preventions against such attacks or has noone ever
thought about such an attack
Oliver Welter wrote:
Hello List,
As I am new here I frist want to introduce myself - I am a scientific
employee at Technische Universitaet Muenchen and we do some research on
DRM related security mechanisms.
We made a concept for a secure media player and now try to attack it -
the openssl rela
11 matches
Mail list logo