33C3: How Can You Trust Your Random Numbers?

One of the standout talks at the 33rd Chaos Communications Congress concerned pseudo-random-number generators (PRNGs). [Vladimir Klebanov] (right) and [Felix Dörre] (left) provided a framework for making sure that PRNGs are doing what they should. Along the way, they discovered a flaw in Libgcrypt/GNUPG, which they got fixed. Woot.

mpv-shot0012-zoomCryptographically secure random numbers actually matter, a lot. If you’re old enough to remember the Debian OpenSSL debacle of 2008, essentially every Internet service was backdoorable due to bad random numbers. So they matter. [Vladimir] makes the case that writing good random number generators is very, very hard. Consequently, it’s very important that their output be tested very, very well.

So how can we test them? [Vladimir] warns against our first instinct, running a statistical test suite like DIEHARD. He points out (correctly) that running any algorithm through a good enough hash function will pass statistical tests, but that doesn’t mean it’s good for cryptography.
Continue reading “33C3: How Can You Trust Your Random Numbers?”

33C3: Chris Gerlinsky Cracks Pay TV

People who have incredible competence in a wide range of fields are rare, and it can appear deceptively simple when they present their work. [Chris Gerlinksy]’s talk on breaking the encryption used on satellite and cable pay TV set-top boxes was like that. (Download the slides, as PDF.) The end result of his work is that he gets to watch anything on pay TV, but getting to watch free wrestling matches is hardly the point of an epic hack like this.

The talk spans hardware reverse engineering of the set-top box itself, chip decapping, visual ROM recovery, software reverse analysis, chip glitching, creation of custom glitching hardware, several levels of crypto, and a lot of very educated guessing. Along the way, you’ll learn everything there is to know about how broadcast streams are encrypted and delivered. Watch this talk now.

Some of the coolest bits:

  • Reading out the masked ROM from looking at it with a microscope never fails to amaze us.
  • A custom chip-glitcher rig was built, and is shown in a few iterations, finally ending up in a “fancy” project box. But it’s the kind of thing you could build at home: a microcontroller controlling a switch on a breadboard.
  • The encoder chip stores its memory in RAM: [Chris] uses a beautiful home-brew method of desoldering the power pins, connecting them up to a battery, and desoldering the chip from the board for further analysis.
  • The chip runs entirely in RAM, forcing [Chris] to re-glitch the chip and insert his payload code every time it resets. And it resets a lot, because the designers added reset vectors between the bytes of the desired keys. Very sneaky.
  • All of this was done by sacrificing only one truckload of set-top boxes.

Our jaw dropped repeatedly during this presentation. Go watch it now.

Prime Numbers are Stranger than You Thought

If you’ve spent any time around prime numbers, you know they’re a pretty odd bunch. (Get it?) But it turns out that they’re even stranger than we knew — until recently. According to this very readable writeup of brand-new research by [Kannan Soundararajan] and [Robert Lemkein], the final digits of prime numbers repel each other.

More straightforwardly stated, if you pick any given prime number, the last digit of the next-largest prime number is disproportionately unlikely to match the final digit of your prime. Even stranger, they seem to have preferences. For instance, if your prime ends in 3, it’s more likely that the next prime will end in 9 than in 1 or 7. Whoah!

Even spookier? The finding holds up in many different bases. It was actually first noticed in base-three. The original paper is up on Arxiv, so go check it out.

This is a brand-new finding that’s been hiding under people’s noses essentially forever. The going assumption was that primes were distributed essentially randomly, and now we have empirical evidence that it’s not true. What this means for cryptology or mathematics? Nobody knows, yet. Anyone up for wild speculation? That’s what the comments section is for.

(Headline photo of researchers Kannan Soundararajan and Robert Lemke: Waheeda Khalfan)

Shmoocon 2016: Computing In A Post Quantum World

There’s nothing more dangerous, so the cryptoheads say, than quantum computing. Instead of using the state of a transistor to hold the value of a bit as in traditional computers, quantum computers use qubits, or quantum information like the polarization of a photon. According to people who know nothing about quantum computers, they are the beginning of the end, the breaking of all cryptography, and the Rise of the Machines. Lucky for us, [Jean-Philippe Aumasson] actually knows a thing or two about quantum computers and was able to teach us a few things at his Shmoocon talk this weekend, “Crypto and Quantum and Post Quantum”

This talk is the continuation of [Jean-Philippe]’s DEF CON 23 talk that covered the basics of quantum computing (PDF) In short, quantum computers are not fast – they’re just coprocessors for very, very specialized algorithms. Quantum computers do not say P=NP, and can not be used on NP-hard problems, anyway. The only thing quantum computers have going for them is the ability to completely destroy public key cryptography. Any form of cryptography that uses RSA, Diffie-Hellman, Elliptic curves is completely and totally broken. With quantum computers, we’re doomed. That’s okay, according to the DEF CON talk – true quantum computers may never be built.

The astute reader would question the fact that quantum computers may never be built. After all, D-Wave is selling quantum computers to Google, Lockheed, and NASA. These are not true quantum computers. Even if they’re 100 Million times faster than a PC, they’re only faster for one very specific algorithm. These computers cannot simulate a universal quantum computer. They cannot execute Shor’s algorithm, an algorithm that finds the prime factors of an integer. They are not scalable, they are not fault-tolerant, and they are not universal quantum computers.

As far as true quantum computers go, the largest that has every been manufactured only contain a handful of qubits. To crack RSA and the rest of cryptography, millions of qubits are needed. Some algorithms require quantum RAM, which nobody knows how to build. Why then is quantum computing so scary? RSA, ECC, Diffie-Hellman, PGP, SSH and Bitcoin would die overnight if quantum computers existed. That’s a far scarier proposition to someone hijacking your self-driving car or changing the display on a smart, Internet-connected thermostat from Fahrenheit to Celsius.

What is the verdict on quantum computers? Not too great, if you ask [Jean-Philippe]. In his opinion, it will be 100 years until we have a quantum computer. Until then, crypto is safe, and the NSA isn’t going to break your codez if you use a long-enough key.

Random Parcel Launches Steganographic Compulsion

A mysterious CD arrives in the mail with a weird handwritten code on it. What should you do? Put it in the computer and play the thing, of course!

Some might be screaming at their screens right now… this is how modern horror films start and before you know it the undead are lurking behind you waiting to strike. Seasonal thrills aside, this is turning into an involved community effort to solve the puzzle. [Johny] published the video and posted a thread on reddit.

We ran a similar augmented reality game to launch the 2014 Hackaday Prize solved by a dedicated group of hackers. It’s really hard to design puzzles that won’t be immediately solved but can eventually be solved with technology and a few mental leaps. When we come across one of these extremely clever puzzles, we take note.

This has all the hallmarks of a good time. The audio spectrogram shows hidden data embedded in the file — a technique known as steganography. There are some real contortions to make meaning from this. When you’re looking for a solution any little hit of a pattern feels like you’ve found something. But searching for the decrypted string yields a YouTube video with the same name; we wonder if they’ve tried to recover steganographic data from that source?

[Johny] mentions that this parcel was unsolicited and that people have suggested it’s a threat or something non-sensical in its entirety. We’re hoping it’s a publicity stunt and we’re all disappointed in the end, because solving the thing is the best part and publicity wouldn’t work if there was no solution.

The bright minds of the Hackaday community should be the ones who actually solve this. So get to work and let us know what you figure out!

Arduino’s Long-Awaited Improved WiFi Shield

Announced at the 2014 Maker Faire in New York, the latest Arduino WiFi shield is finally available. This shield replaces the old Arduino WiFi shield, while providing a few neat features that will come in very handy for the yet-to-be-developed Internet of Things.

While the WiFi Shield 101 was announced a year ago, the feature set was interesting. The new WiFi shield supports 802.11n, and thanks to a few of Atmel’s crypto chip offerings, this shield is the first official Arduino offering to support SSL.

The new Arduino WiFi Shield 101 features an Atmel ATWINC1500 module for 802.11 b/g/n WiFi connectivity. This module, like a dozen or so other WiFi modules, handles the heavy lifting of the WiFi protocol, including TCP and UDP protocols, leaving the rest of the Arduino free to do the actual work. While the addition of 802.11n  will be increasingly appreciated as these networks become more commonplace, the speed offered by ~n isn’t really applicable; you’re not going to be pushing bits out of an Arduino at 300 Mbps.

Also included on the WiFi shield is an ATECC508A CryptoAuthentication chip. This is perhaps the most interesting improvement over the old Arduino WiFi shield, and allows for greater security for the upcoming Internet of Things. WiFi modules already in the space have their own support for SSL, including TI’s CC3200 series of modules, Particle‘s Internet of Things modules, and some support for the ESP8266.

AES-CMAC on an ATtiny85

[Blancmange] built a custom door chime using an ATtiny85. Unlike most commercial products out there, this one actually tries to be secure, using AES-CMAC for message signing.

The hardware is pretty simple, and a protoboard layout is shown in the image above. It uses the ATtiny85 for control, with an LM380N audio amplifier, and a low cost 315 MHz receiver.

The more impressive part of the build is the firmware. Using AVR assembly, [Blancmange] managed to fit everything into the 8 Kbytes of flash on the ATtiny85. This includes an implementation of AES-CMAC, an AES cypher based message authentication code. The transmitting device signs the request with a key shared between both devices, and the receiver verifies that the message is from a trusted transmitter.

Fortunately, the assembly code is very well commented. If you’ve ever wanted to take a look into some complex ASM assembly, this is a great project to check out. The source code has been released into the public domain, so the rest of us can implement crypto on this cheap microcontroller with much less effort.