1 00:00:00,000 --> 00:00:05,960 well looked like coolest one of the most things they needed a surname so I just 2 00:00:05,960 --> 00:00:14,489 in time to talk a lot actually stands for the arithmetic unit control so it's 3 00:00:14,490 --> 00:00:20,930 nice to be here and see all your ladies and gentlemen it's it's awesome to be on 4 00:00:20,930 --> 00:00:24,410 this conference and I want to just think those killers of trainings for 5 00:00:24,410 --> 00:00:28,779 organizing this great event it's a big honor to be here 6 00:00:28,779 --> 00:00:33,380 tributary we want to talk about pgp actually we don't want to talk about PHP 7 00:00:33,380 --> 00:00:41,710 and particular bunch more about what is broken publicly crypto this lecture goes 8 00:00:41,710 --> 00:00:47,250 and several parts so in the first part of the lecture I decided to make sure we 9 00:00:47,250 --> 00:00:53,469 all speak the same language so we have a little recap of what are so here's just 10 00:00:53,469 --> 00:00:55,600 a lot of stuff like this 11 00:00:55,600 --> 00:01:01,520 the second part we gonna talk about the fun stuff how to a tacit and in the 12 00:01:01,520 --> 00:01:04,470 third part we're going to talk about 13 00:01:04,470 --> 00:01:15,479 model of trust we live in the moment so and I tolerant of my job as break things 14 00:01:15,479 --> 00:01:22,780 so I'm hacker sure always terrible always drinking and still learning as 15 00:01:22,780 --> 00:01:29,220 all of us there are some little attention for the stalk don't worry it's 16 00:01:29,220 --> 00:01:34,460 not gonna be heavy on math but few formulas in the talk so we have to 17 00:01:34,460 --> 00:01:39,649 recognize notations which all of you know so explain to us why the ciphertext 18 00:01:39,650 --> 00:01:43,670 Easter encryption function digital equipment function and we have 2k the 19 00:01:43,670 --> 00:01:47,500 key and sure enough a case-based but I don't think we need to send this letter 20 00:01:47,500 --> 00:01:55,200 the questions while we do that well that's the reason why actually it's a 21 00:01:55,200 --> 00:02:00,320 funny pictures you know that as tus embassy in Berlin and actually project 22 00:02:00,320 --> 00:02:03,240 at on the embassy 23 00:02:03,240 --> 00:02:08,579 Yahoo last year actually order year before last year Mr Snowdon decided to 24 00:02:08,580 --> 00:02:13,420 have a little talk with the public and the public found out what we don't never 25 00:02:13,420 --> 00:02:21,170 knew that secret services doing Secret Service and spice are spying not just in 26 00:02:21,170 --> 00:02:27,000 the movie's producers because I get paid for it and you know who's gonna pay them 27 00:02:27,000 --> 00:02:34,200 us and so we now decide that's not cool and the question is what can we do 28 00:02:34,200 --> 00:02:39,619 against it and I always see rule to encrypt your message that secure so well 29 00:02:39,620 --> 00:02:47,080 we do and Krypton matches message and see how secure others who have you ever 30 00:02:47,080 --> 00:02:54,220 played for public key crypto and the rest of us on HTTPS site 31 00:02:54,220 --> 00:02:57,440 well 32 00:02:57,440 --> 00:03:04,799 founding paper public equipped was done by actually treat people shouldn't have 33 00:03:04,799 --> 00:03:10,549 to feel Helmand and Merkel they had two founding paper which was actually 34 00:03:10,549 --> 00:03:17,640 published 1976 and was probably the first scheme which was introduced of 35 00:03:17,640 --> 00:03:24,380 public-key cryptography so what we do is we have some public power made us we 36 00:03:24,380 --> 00:03:27,820 take a journey group I G 37 00:03:27,820 --> 00:03:35,760 we have some pictures which we might do some prime soil or whatever and then we 38 00:03:35,760 --> 00:03:44,048 have some generator of the group and what happens this we exchange keys Alice 39 00:03:44,049 --> 00:03:49,380 answer key or her message eg today a race to the g2 race neutral palette hey 40 00:03:49,380 --> 00:03:55,829 Mike P what does the same before he departs be than both of them gonna 41 00:03:55,829 --> 00:04:02,160 compute their private message and what kind of happiness we have two problem to 42 00:04:02,160 --> 00:04:10,489 compute G today be out of GTA and GDP from public information that is now 43 00:04:10,489 --> 00:04:15,700 since 1976 the case and we still have two underlying 44 00:04:15,700 --> 00:04:21,829 other ambitious discrete logarithm and we still think these problems heart we 45 00:04:21,829 --> 00:04:28,410 use our assay who have a used car sales you guys so you know how it works 46 00:04:28,410 --> 00:04:35,070 shared key public key and you have a private key and those kids are actually 47 00:04:35,070 --> 00:04:42,290 a product of a of a of a NES the multiplication of people like you more 48 00:04:42,290 --> 00:04:47,050 or less the encryption exponent all the decryption exponent so we exchange our 49 00:04:47,050 --> 00:04:52,710 keys to send a message and other one can decrypt to keep the stalkers not about 50 00:04:52,710 --> 00:04:59,888 how r say works as just a quick overview I expect you actually to no doubt so 51 00:04:59,889 --> 00:05:08,810 given that and see compute sold out so i computer attacks attacks to the rest of 52 00:05:08,810 --> 00:05:13,750 the politics opponent as the same like seem odd and is a problem which we think 53 00:05:13,750 --> 00:05:20,000 as heart if you have to find out of public information so we have a math 54 00:05:20,000 --> 00:05:26,410 program which caused sage who know sage such as awesome so we can do to sinn 55 00:05:26,410 --> 00:05:32,400 sage and that's actually how it looks like so we have here a random crime 56 00:05:32,400 --> 00:05:40,349 which we have to keep our 512 the computer to raise the two actually most 57 00:05:40,350 --> 00:05:46,860 used exponent and the internet and we encrypt a message from Monday's equation 58 00:05:46,860 --> 00:05:55,900 is wrong what is it does anybody know what is the status bar say but what is 59 00:05:55,900 --> 00:06:04,159 wrong with it which is used it the way it is okay let's raise the to the power 60 00:06:04,160 --> 00:06:15,009 of 2024 which is used to waitress why not have no idea what 61 00:06:15,009 --> 00:06:29,310 why 62 00:06:29,310 --> 00:06:33,570 I'm not talking about us i'm talking about the bigger problem we have no 63 00:06:33,570 --> 00:06:41,480 padding and the seclusion don't want to do this and and and and real world there 64 00:06:41,480 --> 00:06:54,350 is no padding so what we do there as we factor actually are primes and reduces 65 00:06:54,350 --> 00:07:00,280 the attacks I i talked up may be reduced to factorization maybe not all factors 66 00:07:00,280 --> 00:07:04,049 should not be np-complete on unless something really strange happens and we 67 00:07:04,050 --> 00:07:11,070 just ran into it but now we got to the Real Talk the question is what is the 68 00:07:11,070 --> 00:07:17,659 attack types what do you think how we attacked us so we have a public key 69 00:07:17,660 --> 00:07:26,490 crypto and we supposed to be the attacker what could we do which social 70 00:07:26,490 --> 00:07:36,960 engineering yes this is all what else could we do what 71 00:07:36,960 --> 00:07:43,630 what is mine and the Middle how can you man in the middle of one day have 72 00:07:43,630 --> 00:07:50,139 encrypted channel you have to fast break down quickly before it can really man in 73 00:07:50,139 --> 00:07:55,800 the middle or you do an attack which are mentioned much later in this talk but 74 00:07:55,800 --> 00:08:00,860 what else do we have no more through theoretical models of attack what could 75 00:08:00,860 --> 00:08:15,590 we do he said social engineering very right I want one 76 00:08:15,590 --> 00:08:28,039 planning implementation we have to implementation floor and we have to 77 00:08:28,039 --> 00:08:34,098 social engineering is there anything else we could use we could start trying 78 00:08:34,099 --> 00:08:46,279 to steal the private key which social engineering if we still got that has 79 00:08:46,279 --> 00:08:50,279 actually social engineering because he go to his place and you attack the 80 00:08:50,279 --> 00:08:54,040 machine directly so you have to go to the machine try to go to my machine 81 00:08:54,040 --> 00:08:58,709 without my permission to have to sort in January according to your way to the 82 00:08:58,709 --> 00:09:05,060 machine down more attacks then we have proved false as an attack would you 83 00:09:05,060 --> 00:09:10,780 agree no yes no yes 84 00:09:10,780 --> 00:09:17,630 and we can do another think we can analyze as an attack so we just gather a 85 00:09:17,630 --> 00:09:23,780 lot of staff and we analyze what we find and that's actually what we're doing so 86 00:09:23,780 --> 00:09:27,560 I talked two types is proved false analyzing social engineering and using 87 00:09:27,560 --> 00:09:36,979 implementation floss right clinton metaxas very funny but the moment we're 88 00:09:36,980 --> 00:09:42,440 not as ready yet but we're getting there don't worry so which type of attack do 89 00:09:42,440 --> 00:09:49,350 we have for sure enough the most juice 22 attack are safe for example is 90 00:09:49,350 --> 00:09:55,980 factoring so there are different ways of factoring it so you have some some other 91 00:09:55,980 --> 00:10:02,090 reason which are used for specific cases you have some random Algeria so you know 92 00:10:02,090 --> 00:10:06,720 that our algorithm like Paula troll poverty minus one serving I think the 93 00:10:06,720 --> 00:10:13,650 most used in the moment as number fill serving papers published so we don't 94 00:10:13,650 --> 00:10:18,740 need to go into that that is what we in the moment currently used to brute force 95 00:10:18,740 --> 00:10:24,480 does things we use number field sieve into factor to find common factor which 96 00:10:24,480 --> 00:10:30,820 we maybe can divide to calculator computes the private key but there was a 97 00:10:30,820 --> 00:10:40,930 paper which came out I think 2013 from last page I think a computer too much 98 00:10:40,930 --> 00:10:47,739 does it cost to factor and if you could look at it like the 512 bits is quite 99 00:10:47,740 --> 00:10:54,370 easy going over 20 becomes more expensive but it still is still doable 100 00:10:54,370 --> 00:11:01,340 and here we go out thing tolerant on three-letter service is capable of doing 101 00:11:01,340 --> 00:11:07,330 so I think they get the money are under review time which means it's a 102 00:11:07,330 --> 00:11:13,410 non-muslim ranting on Amazon we don't talk about their own networks I mean if 103 00:11:13,410 --> 00:11:17,900 you look at Anastasia piles of computers are thinking of like hold stocks of all 104 00:11:17,900 --> 00:11:20,250 the computers so 105 00:11:20,250 --> 00:11:28,790 they they have enough power to compute that right but if we look at this maybe 106 00:11:28,790 --> 00:11:38,319 it's too much right yeah so that means we just use a large key and we say but 107 00:11:38,320 --> 00:11:47,570 sure we're safe so that takes out a brute-force attack but we still can 108 00:11:47,570 --> 00:11:54,460 analyze stuff to social engineering and juice implementation floss let's go for 109 00:11:54,460 --> 00:11:59,700 that task will look like in the Praxis what what we gonna have what we find on 110 00:11:59,700 --> 00:12:04,380 the wild to be really find the perfect round the last we will find everything 111 00:12:04,380 --> 00:12:11,900 perfect and place we have find a lot of random generation plus we find repeat 112 00:12:11,900 --> 00:12:16,870 his keys and key collisions we find or actually the we don't find but we have a 113 00:12:16,870 --> 00:12:26,839 very funny trust model so we do trust people we do not know for any reason our 114 00:12:26,839 --> 00:12:36,050 secret keys so random number generation flaws what can we do we can collect a 115 00:12:36,050 --> 00:12:41,979 lot of taters which you find on the internet you find keys you find Cyprus 116 00:12:41,980 --> 00:12:46,500 you find websites with their search to find all kinds of stuff on the internet 117 00:12:46,500 --> 00:12:55,870 and if you want to shop for it we just go to her and find everything want to 118 00:12:55,870 --> 00:13:02,970 sign and cook two sessions signs we try to cyber loss that's a password is not 119 00:13:02,970 --> 00:13:06,970 cool site in my conference when you say site where you have to drink as you get 120 00:13:06,970 --> 00:13:08,230 my stuff 121 00:13:08,230 --> 00:13:15,790 so i'm good for twins rings already so you can stop what you find everywhere 122 00:13:15,790 --> 00:13:21,650 for the question is how do we do that we can actually go back to projects that 123 00:13:21,650 --> 00:13:27,650 did it already so if we don't wanna work we can be lazy and we can use the eff 124 00:13:27,650 --> 00:13:34,819 you can download these boxes but the results are not new I think the results 125 00:13:34,820 --> 00:13:40,340 of the 2010-12 something like this but most of the service still use the same 126 00:13:40,340 --> 00:13:46,370 key so that's not really a big problem we could sure enough to get us 23 ec2 127 00:13:46,370 --> 00:13:52,550 instances and run them through and not the internet that takes a while we can 128 00:13:52,550 --> 00:14:01,680 use disposable internet study in 2008 but I think that's kind of all too soon 129 00:14:01,680 --> 00:14:05,489 after hackers of you can use a botnet you just wait till dollar and important 130 00:14:05,490 --> 00:14:10,930 attacks are not working take it over and use this for and we're eating what we 131 00:14:10,930 --> 00:14:15,359 can do in the US much faster as anybody played with you from you guys played 132 00:14:15,360 --> 00:14:22,770 this season I already did you like it they have some flaws in the beginning I 133 00:14:22,770 --> 00:14:23,480 mean 134 00:14:23,480 --> 00:14:28,170 attempt to crush always feel session widened and the moment implementation I 135 00:14:28,170 --> 00:14:34,170 worked quite well so I tried to some you don't like it 136 00:14:34,170 --> 00:14:41,269 that's all that's awesome I mean I use it alot the last time i used i didnt 137 00:14:41,269 --> 00:14:46,339 juicy tomato internet but I was I try to sleep it wasn't talking in a hotel I try 138 00:14:46,339 --> 00:14:49,970 to sleep in there was a lady on the floor and she was skyping all the time 139 00:14:49,970 --> 00:15:01,990 and I could not sleep so what I did was to us like instantly amazing thing about 140 00:15:01,990 --> 00:15:07,300 it even in the plaza hotel in 10 hours I had like the whole internet so I told 141 00:15:07,300 --> 00:15:12,910 goal of us like I think twenty to go back to port 443 to make sure I can 142 00:15:12,910 --> 00:15:14,790 sleep 143 00:15:14,790 --> 00:15:21,810 the question is what do we find one we when we play a round over 200 + find 144 00:15:21,810 --> 00:15:28,138 like 30 million open ports I didn't 2013 maybe we need to update the numbers 145 00:15:28,139 --> 00:15:34,389 right so just numbers are a little bit older we have had like a six million or 146 00:15:34,389 --> 00:15:45,350 say Keyes you'll find about 6,000 to use a 10 and two hundred kids are you as you 147 00:15:45,350 --> 00:15:47,339 know I know you need to know 148 00:15:47,339 --> 00:15:57,279 Russian Standard why we are on Russian Standard vodka that's my problem I'm my 149 00:15:57,279 --> 00:16:01,370 most favorite brand of Russian Standard yes it's a russian standards do you know 150 00:16:01,370 --> 00:16:10,420 when they introduced it no I mean when they introduced it actually it was 151 00:16:10,420 --> 00:16:14,189 introduced and that's funny because I'm voting numbers of its John McCarthy 152 00:16:14,190 --> 00:16:23,730 always like this was introduced on May 20 30 1994 so we have a 323 as you could 153 00:16:23,730 --> 00:16:26,970 see before I that's why I always too much computation study have a 154 00:16:26,970 --> 00:16:28,870 twenty-three in there 155 00:16:28,870 --> 00:16:55,740 yes yes sure what do we find we find SSH keys we find PGP GPG stuff if I get 156 00:16:55,740 --> 00:17:08,069 caught and there are some national issue documents as a result of yourself what 157 00:17:08,069 --> 00:17:11,230 you can do it on white year because they were questioned that walk when everybody 158 00:17:11,230 --> 00:17:15,750 try to do that maybe you want to do with the university or at home a few other 159 00:17:15,750 --> 00:17:20,900 bigger lying 1 gigabit line it should be done in a few hours so that's that's ok 160 00:17:20,900 --> 00:17:26,959 so what you find on as ages before we had to say now we have to as a church we 161 00:17:26,959 --> 00:17:32,980 have 25 million open ports which we fall million hace keys to us numbers you can 162 00:17:32,980 --> 00:17:40,200 read it by yourself that's not really important for the talk so the question 163 00:17:40,200 --> 00:17:48,920 is how do we find we want to we want we want to play with PGP and we sat as as 164 00:17:48,920 --> 00:17:54,530 an attack type analytics would be ok then we say so so how do we analyze the 165 00:17:54,530 --> 00:18:03,290 PGP what's about doing your own case over that's nadia is not so you start 166 00:18:03,290 --> 00:18:08,139 your own ski service just analyze what's on it to start your case over you just 167 00:18:08,140 --> 00:18:14,670 downloaded and then you can look into it what you find in this case over numbers 168 00:18:14,670 --> 00:18:21,410 are down here at such a place over 2013 last two years were too busy to to play 169 00:18:21,410 --> 00:18:27,230 that we had a talk about Bitcoin ten o'clock today I think there was two 170 00:18:27,230 --> 00:18:29,799 awesome people talking about Bitcoin right 171 00:18:29,799 --> 00:18:39,369 so it can uses electric elliptical to feel at ease while she is a kind of 172 00:18:39,369 --> 00:18:43,539 security and you have a good ass but if you notice fucked up you're not really 173 00:18:43,539 --> 00:18:49,350 secure and trust me the gnosis really fucked up the most people since taking 174 00:18:49,350 --> 00:18:56,830 some snake also produces so if you want to get a stick on change you just open 175 00:18:56,830 --> 00:19:00,110 yourself a pic on account and you download to change the locks changed 176 00:19:00,110 --> 00:19:06,330 there and then we can start on player but you will have a download which is 177 00:19:06,330 --> 00:19:18,989 found about 76 and that gives you one million 870,000 keys roundabout about 24 178 00:19:18,989 --> 00:19:29,019 million transactions there was to research from the guise of Palestine and 179 00:19:29,019 --> 00:19:33,749 a few other guys and they actually made a paper and what it did 180 00:19:33,749 --> 00:19:39,799 taiwan they had some government issued ID cards and you could do transactions 181 00:19:39,799 --> 00:19:44,619 with them and they had a trip on them and they actually brokered to find the 182 00:19:44,619 --> 00:19:50,820 paper we found the paper right that's awesome paper in his readers are you 183 00:19:50,820 --> 00:19:54,029 guys should read this paper that's awesome 184 00:19:54,029 --> 00:19:58,059 flights will be online soon you just copy pasted all of the slights and you 185 00:19:58,059 --> 00:20:03,940 can download it interpreted it as they actually took over identities they could 186 00:20:03,940 --> 00:20:08,419 do transactions so we really need to think about what we doing because that 187 00:20:08,419 --> 00:20:14,379 now goes into our private sector and into our entire families when we have 188 00:20:14,379 --> 00:20:23,918 IDs installing what we look for sure enough we look for repeated case we look 189 00:20:23,919 --> 00:20:30,259 on public which are not really got well made and we look for a four-shot factors 190 00:20:30,259 --> 00:20:35,309 so sharp factors the formula would say would look like this 191 00:20:35,309 --> 00:20:40,269 because those guys who have shared factors use the same product key so 192 00:20:40,269 --> 00:20:42,620 that's what we're looking for 193 00:20:42,620 --> 00:20:50,389 so what can we do whatever we could either fraud are instances and trial 194 00:20:50,389 --> 00:20:58,370 number for cheering serving on it if the key 768 bet he would take 2.5 calendar 195 00:20:58,370 --> 00:21:08,518 years on ec2 units which use but if you used to achieve city but if we take the 196 00:21:08,519 --> 00:21:23,200 same key almost 50 90 seconds I talk talk about all around them laptop so ok 197 00:21:23,200 --> 00:21:31,289 that's ok I'm choosing to you say anyway fact that we paid off of DSA not really 198 00:21:31,289 --> 00:21:38,440 so if we look at it and yes I is too long skirts known the private key is 199 00:21:38,440 --> 00:21:45,129 computable so in the beginning on the same like on the beginning of a few case 200 00:21:45,129 --> 00:21:50,389 you need something to be done and and he has ever started in on sunday scapes 201 00:21:50,389 --> 00:21:52,060 known 202 00:21:52,060 --> 00:21:56,740 we can compute its over if you find two years the same as such that the same 203 00:21:56,740 --> 00:22:07,010 Lance case easy to compute but case unknown right if we have to 204 00:22:07,010 --> 00:22:12,870 message to actually who share the same los que que Cambie computers from the 205 00:22:12,870 --> 00:22:17,110 signature of those two messages so one way to reduce with obstructive 206 00:22:17,110 --> 00:22:24,290 signatures South K and worse because that's all you ok can be computed 207 00:22:24,290 --> 00:22:36,510 private keys then who knows about the paradox are right for us who don't know 208 00:22:36,510 --> 00:22:40,470 about the paradox of osteoporosis protect my which says if you want to 209 00:22:40,470 --> 00:22:47,260 compute if we have 23 people in a room the chances are fifty 50 that we have a 210 00:22:47,260 --> 00:22:54,740 coalition right we have we have a higher chance of 99.2% as people have a 211 00:22:54,740 --> 00:23:00,610 different birthday but we have already a 50% collision chance that means that we 212 00:23:00,610 --> 00:23:05,250 have a coalition that's actually what we're looking for in the end 213 00:23:05,250 --> 00:23:10,200 crypto crypto if you too crypto analyze the script analysis of most of the time 214 00:23:10,200 --> 00:23:15,500 it's guessing looking for collisions looking for repetition so that we find 215 00:23:15,500 --> 00:23:22,020 repeated cason stuff that's the way you which are probably due to sinn sage if 216 00:23:22,020 --> 00:23:31,800 you wanna play but so why do we talk about it because the randomness we maybe 217 00:23:31,800 --> 00:23:37,040 have a floor some random this there was this paper fact about natural strict 218 00:23:37,040 --> 00:23:45,310 about that so you're in the crypto and you definitely can tell so that you can 219 00:23:45,310 --> 00:23:51,070 find all kinds of stuff and Bernstein again he had actually this little theory 220 00:23:51,070 --> 00:23:59,770 where he say we stopped and ate our same module and 1924 5 and so on 221 00:23:59,770 --> 00:24:05,730 and computer product of this module loss on a binary tree and we model the 222 00:24:05,730 --> 00:24:12,860 product by the Square after containing box containing notes and then our goal 223 00:24:12,860 --> 00:24:19,780 is to go and 12 13 14 March and to the power to about and want to power to and 224 00:24:19,780 --> 00:24:26,730 so on and divider to fire find purchase city some non-trivial devised advisers 225 00:24:26,730 --> 00:24:31,890 that's what we want to find out if you find some non-trivial devices by using 226 00:24:31,890 --> 00:24:37,740 the GCT if you go by the results we found you'll find out that you have to 227 00:24:37,740 --> 00:24:43,580 stay city maybe in ten hours if you walk this way undermine Eritrea it's it's 228 00:24:43,580 --> 00:24:48,240 well written on the website did you find it while you're looking on at all anyway 229 00:24:48,240 --> 00:24:50,760 did you find this article from him 230 00:24:50,760 --> 00:24:57,570 you should check our chats about the binary tree sits very awesome because 231 00:24:57,570 --> 00:25:04,530 what we do right now is more statistics 10 attack type b2 analyst we analyze and 232 00:25:04,530 --> 00:25:09,149 what we do here is a statistic way of analyzing our factoring case instead of 233 00:25:09,150 --> 00:25:17,990 doing the hard way and you should be using our cities so if you look at our 234 00:25:17,990 --> 00:25:24,330 results will find about and now we're talking about private case we talk about 235 00:25:24,330 --> 00:25:31,629 privacy case from 64,000 HP servers so we talking about here 236 00:25:31,630 --> 00:25:36,780 private case once you have privately assured of can decrypt stuff but you 237 00:25:36,780 --> 00:25:42,580 also can look for their secrets and the key because of what I found was that guy 238 00:25:42,580 --> 00:25:46,050 who had a really weak private key 239 00:25:46,050 --> 00:25:51,560 US passports and and that of a day his new key is very strong but the same 240 00:25:51,560 --> 00:26:04,310 password they don't help the same dose of the arse des annonces you have to do 241 00:26:04,310 --> 00:26:12,260 you have a lot of the HD's a service who has a coalition announces a profound 158 242 00:26:12,260 --> 00:26:20,300 conferences which too much about money so why is that with the TSA you have to 243 00:26:20,300 --> 00:26:29,050 remember if a key is not well created most of the machines have both so you 244 00:26:29,050 --> 00:26:33,820 can figure if the US is fucked up the ass fucked up to 245 00:26:33,820 --> 00:26:41,790 so we have some repeated caisson as they chose so why do we have repeatedly sure 246 00:26:41,790 --> 00:26:47,010 enough to companies who issue 1 keep all their websites and you have like virtual 247 00:26:47,010 --> 00:26:51,970 hosting all kinds of stuff corporate so its default device with the fall case 248 00:26:51,970 --> 00:26:59,370 but well 249 00:26:59,370 --> 00:27:08,520 where do we have to most problems the most problems so called industrial grade 250 00:27:08,520 --> 00:27:15,860 firewalls we're talking about the stuff from Cisco John apart from Sophos 251 00:27:15,860 --> 00:27:22,179 machines stuff like this all we do have actually a problem are embedded devices 252 00:27:22,180 --> 00:27:28,300 I did the research with heavy and pittsburgh has anybody knows this box 253 00:27:28,300 --> 00:27:32,840 it's very very common in Germany and that's a little router which connected 254 00:27:32,840 --> 00:27:34,760 to the Internet 255 00:27:34,760 --> 00:27:42,309 they really suck so we have to pay issues you know how the centerpiece 256 00:27:42,309 --> 00:27:47,960 generator who doesn't know everybody know how to answer beyond your limits 257 00:27:47,960 --> 00:27:55,250 devices generated right at least you think you don't know how right you know 258 00:27:55,250 --> 00:27:59,670 at least you think you know because there's some surprises normally it 259 00:27:59,670 --> 00:28:04,210 should be like this you have two tough random and that takes some key what time 260 00:28:04,210 --> 00:28:09,420 in mouse movement network traffic whatever rights and we have to touch you 261 00:28:09,420 --> 00:28:16,120 random one is a good website another number generator one is a good one do 262 00:28:16,120 --> 00:28:28,309 you want us one is that actually that you want to have that thing yet but 263 00:28:28,309 --> 00:28:32,250 there's actually a real world application would I say it have to be 264 00:28:32,250 --> 00:28:37,970 there for security I'm not talking about for not security i'm talking bout for 265 00:28:37,970 --> 00:28:41,610 security and real world application where we need to absolute number 266 00:28:41,610 --> 00:28:44,240 generator for security 267 00:28:44,240 --> 00:28:49,460 do you think you know which one is this what could it be 268 00:28:49,460 --> 00:28:58,500 what for passing what else padding for what else could we use it 269 00:28:58,500 --> 00:29:06,539 everybody's of you guys using a telephone to use of one part time and 270 00:29:06,539 --> 00:29:13,899 what it do you go i play now you go from your little cell phone to at our cat 271 00:29:13,899 --> 00:29:19,449 decrypt it get an encrypted to the other tower and get back and put it in other 272 00:29:19,450 --> 00:29:24,890 cell phone and what happens on this encryption has to sort out using a 273 00:29:24,890 --> 00:29:28,179 one-time pad and they have a pseudorandom generator because they need 274 00:29:28,179 --> 00:29:32,750 to generate the same number on both sides understanding of receiving such if 275 00:29:32,750 --> 00:29:38,210 you have a true random generator that that would be paying so that's that's a 276 00:29:38,210 --> 00:29:42,580 useful way of using absolute are now running on generator but for everything 277 00:29:42,580 --> 00:29:44,610 else we might not want to do it 278 00:29:44,610 --> 00:29:50,178 the problem of the random generator is blocking behavior so just figure you 279 00:29:50,179 --> 00:29:57,710 have dollar and a little rude approved device and the three wise wanna boot up 280 00:29:57,710 --> 00:30:01,399 or not boot up because it doesn't have a random generator because i dont have 281 00:30:01,399 --> 00:30:08,580 entropy so want to put up so to generator to need some software like 282 00:30:08,580 --> 00:30:15,629 OpenSSL liberals or whatever you prefer to use right but the problem is not a 283 00:30:15,630 --> 00:30:20,059 set of the random last saw your device don't have anything to seat randomness 284 00:30:20,059 --> 00:30:25,379 in the use the default an open-access which is who knows it 285 00:30:25,380 --> 00:30:33,029 what is a smart people in in actually implement their to use our instead of 286 00:30:33,029 --> 00:30:41,789 having like real seat what to use the time which is awesome so this is 287 00:30:41,789 --> 00:30:47,279 actually a coat here for some people who wear doesn't boot up and the little the 288 00:30:47,279 --> 00:30:54,759 router devices so we used to time while the time timing problem 289 00:30:54,759 --> 00:31:02,749 you know which time they use a lot of time Unix time so what about we have a 290 00:31:02,749 --> 00:31:07,419 lot of little fits boxes using all unix time are we switching on the same time 291 00:31:07,419 --> 00:31:18,229 so if you remember we have we created our psyche if we have too little for its 292 00:31:18,229 --> 00:31:25,570 boxers and we switch among all the same time we can compute all possible seats 293 00:31:25,570 --> 00:31:30,658 of the pseudo random generation I do to us 294 00:31:30,659 --> 00:31:42,299 works so little girl goes back to brute-force actually she broke into 295 00:31:42,299 --> 00:31:52,289 massage my mother so just that we have run on the dollar and the device which 296 00:31:52,289 --> 00:32:09,039 boots up and unix time and that's just so let's talk about private trust who 297 00:32:09,039 --> 00:32:12,769 have you guys know how many actually artists little the little talk with 298 00:32:12,769 --> 00:32:17,440 secure person he said I should ask this question to ask the question if you are 299 00:32:17,440 --> 00:32:20,839 the browser and the default install process and all around them 300 00:32:20,839 --> 00:32:32,869 operation system how many seats do you trust was a boy opinions 100 but I trust 301 00:32:32,869 --> 00:32:42,860 what a couple dozen 100 couple dozens what if I think 302 00:32:42,860 --> 00:32:48,840 300 alright so we go to hundreds of first- second- and 300 cattle 303 00:32:48,840 --> 00:32:53,389 well it's not probably not accept 300 but we have a few hundred and probably 304 00:32:53,390 --> 00:33:00,100 to us we trust a few hundred so you trust a few hundred companies you never 305 00:33:00,100 --> 00:33:07,209 had a business both i mean you trust like a few hundred dollar and Rudy pool 306 00:33:07,210 --> 00:33:12,510 companies you don't know which country they are which lost due to have a good 307 00:33:12,510 --> 00:33:17,379 data protection law and you go far enough for many people go far enough to 308 00:33:17,380 --> 00:33:21,900 say oh well I need a start for my website so I go to it all around on that 309 00:33:21,900 --> 00:33:29,179 and I create my private key and even better 310 00:33:29,179 --> 00:33:34,380 going back to implementation plus there was before they had engine x10 think 311 00:33:34,380 --> 00:33:41,070 what's called a paci remember back in the days and they like I don't put up 312 00:33:41,070 --> 00:33:48,870 you have a password so if you look up to in the internet you'll find alternative 313 00:33:48,870 --> 00:33:52,189 forms where people find out how to remove the password of your search 314 00:33:52,190 --> 00:33:56,570 because otherwise I put someone's . check it out i mean that's awesome 315 00:33:56,570 --> 00:34:06,250 that's the best Nicole you can get so why not trust well who's using talk to 316 00:34:06,250 --> 00:34:15,270 you guys who are not well-known network right cool why do you store just to 317 00:34:15,270 --> 00:34:16,159 check it out 318 00:34:16,159 --> 00:34:24,149 other opinions why do you store 319 00:34:24,149 --> 00:34:30,239 ok so often pawn 320 00:34:30,239 --> 00:34:34,799 or something real pong 321 00:34:34,800 --> 00:34:43,520 what else could use your store for ya buying drugs but kind since I'm not a 322 00:34:43,520 --> 00:34:52,210 couple bomb I'm not going to tell you it was something good I'm sorry ok next 323 00:34:52,210 --> 00:34:55,740 question what makes you trust people and machines you don't know if you don't 324 00:34:55,739 --> 00:35:01,669 have control off I mean since your store you trust foreign people you never met 325 00:35:01,670 --> 00:35:14,680 and you don't have control of the machines so what makes a trusting guy 326 00:35:14,680 --> 00:35:27,180 right did you know that about 58 percent of all the tour notes are vulnerable to 327 00:35:27,180 --> 00:35:31,319 the timing attack which is heavily used by our friends in Great Britain United 328 00:35:31,320 --> 00:35:40,890 States on everybody else was playing perfect timing attacks no yes yes that's 329 00:35:40,890 --> 00:35:48,980 a paper which is came out a few days ago and I figure it's well we have a problem 330 00:35:48,980 --> 00:35:56,430 of timing attacks a serious one and set up my cat week water softener to our 331 00:35:56,430 --> 00:36:00,759 network is monitor what about the timing attack what does anybody know how the 332 00:36:00,760 --> 00:36:06,500 timing attack works well 333 00:36:06,500 --> 00:36:13,029 timing attack the attacker just need to take control of an accident we note 334 00:36:13,029 --> 00:36:21,939 help you can do some statistical analysis and find where you from the 335 00:36:21,939 --> 00:36:27,519 matter of minutes there's a new there's a new paper out which cost measuring and 336 00:36:27,519 --> 00:36:29,158 migrating 337 00:36:29,159 --> 00:36:36,239 advertise what advisories I can store and others former University I will put 338 00:36:36,239 --> 00:36:40,119 us under the notes when I when I upload just because it's quite fresh the paper 339 00:36:40,119 --> 00:36:50,339 will put a link up and actually created by some people from United States which 340 00:36:50,339 --> 00:36:56,880 reduces the problem 25.8% but the way to us mates you will not be safe against 341 00:36:56,880 --> 00:37:03,179 timing attacks which moves even though it's reduced to 5% of 6% you still 342 00:37:03,179 --> 00:37:07,880 vulnerable again tight timing attacks that's just what what it is so if you 343 00:37:07,880 --> 00:37:09,909 want to hide your identity 344 00:37:09,909 --> 00:37:14,819 maybe twice not anymore what you want to use maybe you just want some service in 345 00:37:14,819 --> 00:37:18,569 China maybe maybe you're just a stroll down for iOS four intolerant of my 346 00:37:18,569 --> 00:37:25,290 country and 347 00:37:25,290 --> 00:38:07,000 later actually incorporated into the problem always after while we don't know 348 00:38:07,000 --> 00:39:02,400 the whole problem child she's so if you look at my location it's not in revoking 349 00:39:02,400 --> 00:39:11,780 that was that was so the idea is actually two first verify the Trust's 350 00:39:11,780 --> 00:39:16,620 before we start exchanging keys we should probably a first barry five-word 351 00:39:16,620 --> 00:39:25,040 is what ideas why that is maybe the question and 352 00:39:25,040 --> 00:39:31,870 stake so there are so few people from Germany they have a little company right 353 00:39:31,870 --> 00:39:34,440 now packing ideas 354 00:39:34,440 --> 00:39:38,810 mainly for my facts they work on actually on new model where you can 355 00:39:38,810 --> 00:39:47,350 verify before you trust me i'm not i'm not entitled to speak about it yet 356 00:39:47,350 --> 00:39:52,150 because they cannot deliver but there will be some in the pipe we all should 357 00:39:52,150 --> 00:39:58,430 ask yourself about the trust we all should ask yourself do you really trust 358 00:39:58,430 --> 00:40:02,890 us instant we really trust us over even though the service run by a friend of 359 00:40:02,890 --> 00:40:08,779 you the question is does he maintains the stuff right does he have a good seat 360 00:40:08,780 --> 00:40:15,660 does he generates two keys properly all these questions on stake of it starts 361 00:40:15,660 --> 00:40:22,799 with trust so I think this very moment are crypto leaks a lot on implementation 362 00:40:22,800 --> 00:40:29,160 floss be computers with analyzing and the trust model we should definitely 363 00:40:29,160 --> 00:40:33,069 working out west model to make things better 364 00:40:33,070 --> 00:40:43,960 have to say trust me i'm open for questions 365 00:40:43,960 --> 00:41:01,089 no questions there yes if you have a trustworthy notes that would help the 366 00:41:01,089 --> 00:41:01,599 problem 367 00:41:01,599 --> 00:41:07,980 timing attack I think it's like 58 percent of the notes belong to the rest 368 00:41:07,980 --> 00:41:20,510 of the Chinese government so it's just a question you trust more yeah that's 369 00:41:20,510 --> 00:41:26,670 right that's actually what a new client is doing I guess but you need to read 370 00:41:26,670 --> 00:41:31,690 the paper first I think ago answer your question I was put up the paperwork also 371 00:41:31,690 --> 00:41:36,859 some my research I should be more careful to talk about it 372 00:41:36,859 --> 00:41:41,819 about research other people that so I think if you read the paper will answer 373 00:41:41,820 --> 00:41:51,780 your question I will put up the link on the question how many serious do you 374 00:41:51,780 --> 00:41:53,320 trust in your browser 375 00:41:53,320 --> 00:42:03,030 me actually revoked a lot of kicked out a lot of serious because you cannot 376 00:42:03,030 --> 00:42:07,550 really trust them it's a but it's all about always a hassle with links to to 377 00:42:07,550 --> 00:42:10,260 do it anyway 378 00:42:10,260 --> 00:42:18,730 GPS is always a hassle understand your last name is an evil bomb but still 379 00:42:18,730 --> 00:42:24,660 wouldn't artificial delays help fight that I'm attacked think that's what I 380 00:42:24,660 --> 00:42:29,920 try to do I'm not totally sure what it is right now cause I just read the paper 381 00:42:29,920 --> 00:42:32,510 yesterday 382 00:42:32,510 --> 00:42:37,430 but before I before I make comments about this paper I prefer to read a 383 00:42:37,430 --> 00:42:42,740 twenty times and fully understand what the personals doing good commander 384 00:42:42,740 --> 00:42:51,220 otherwise our first have to do with deep research before talk about it do you 385 00:42:51,220 --> 00:42:58,859 think they're really coming down the model of trust in the internet because 386 00:42:58,860 --> 00:43:06,530 everything in life you have to trust you trust that when he woke the pavement you 387 00:43:06,530 --> 00:43:13,660 want to get to ride bike bike are you trust Dr the hospital and so on and so 388 00:43:13,660 --> 00:43:20,299 on so on so life entirely realize somehow contrast to the people who don't 389 00:43:20,300 --> 00:43:26,270 know discussing the internet and was certificates is just one presentation of 390 00:43:26,270 --> 00:43:34,120 trust in real life you choose to talk to you go to that doesn't mean I mean let's 391 00:43:34,120 --> 00:43:39,569 say you're going to a dentist he has a very very good reputation which you take 392 00:43:39,570 --> 00:43:46,260 as a model of trust for yourself and there's another example doctor who has a 393 00:43:46,260 --> 00:43:51,400 really bad reputation because it always hurts right you would choose your model 394 00:43:51,400 --> 00:43:54,920 of trust and go to the good doctor but the good doctor at dr. they play 395 00:43:54,920 --> 00:43:58,710 together goals so we could talk to a trusted that doctor about dr. trust the 396 00:43:58,710 --> 00:44:03,700 good doctor by implication that means just because there's a trust in between 397 00:44:03,700 --> 00:44:07,609 those guys and it's an implemented into your chief you can go to both of them 398 00:44:07,610 --> 00:44:16,920 what I'm saying it's not not trusting I'm saying very fiber for trust and 399 00:44:16,920 --> 00:44:22,650 trust model in the moment was like this you trust all of these opportunities 400 00:44:22,650 --> 00:44:28,450 need to trust each other otherwise I wouldn't work and look at Apple's they 401 00:44:28,450 --> 00:44:33,000 like to keynote long did it take to take it out i three weeks or two weeks until 402 00:44:33,000 --> 00:44:38,640 he took it out of their trust chain I mean the shit out of it all look at look 403 00:44:38,640 --> 00:44:44,500 at Apple you know this is little devices you might hear them a call I think and 404 00:44:44,500 --> 00:44:51,730 they establish a connection to whatever server in the cloud and to some ass 405 00:44:51,730 --> 00:44:55,150 contralateral that the devices control you know who don't have control over 406 00:44:55,150 --> 00:45:01,860 device diluted with owner who paid for it that's not a model of trust me we 407 00:45:01,860 --> 00:45:09,820 should use we should verify or sources and maybe reduce or sources because they 408 00:45:09,820 --> 00:45:16,470 are countries they have something like a Patriot Act III some countries to do 409 00:45:16,470 --> 00:45:23,779 something like the US and by this I company may be entitled or even asked to 410 00:45:23,780 --> 00:45:29,080 publish private information because they are some people became guns and how to 411 00:45:29,080 --> 00:45:38,610 use them and and now we post about it so if you trust goes to a to a comment or 412 00:45:38,610 --> 00:45:42,500 two to a company who works in the government is pressed by the law to give 413 00:45:42,500 --> 00:45:49,590 out information is your trust company yes no no 414 00:45:49,590 --> 00:45:56,060 for the government yes but maybe not for you because I unclipped at all it 415 00:45:56,060 --> 00:46:12,000 doesn't mean it is not but anyway it has your life why do we want our equipment 416 00:46:12,000 --> 00:46:17,730 why do you want to encrypt there's another case so if you want to use your 417 00:46:17,730 --> 00:46:26,980 information to go out why not posting on twitter piston it's much easier but not 418 00:46:26,980 --> 00:46:34,490 but maybe you want to the final but other two but you see where I'm going to 419 00:46:34,490 --> 00:46:44,220 you need to verify who you trust more questions yes you have or maybe you know 420 00:46:44,220 --> 00:46:50,540 where we can find some advice on which says should not be trusted at all like 421 00:46:50,540 --> 00:46:54,440 those that are cheney's so that we don't have to do it by hand 422 00:46:54,440 --> 00:47:00,770 going through hundreds of CA's an hour I'll post some recommendations in the 423 00:47:00,770 --> 00:47:06,280 holes and the notes but also gonna be recommendations because of who I am that 424 00:47:06,280 --> 00:47:13,650 you trust me what I recommend you should actually stick with these guys for 425 00:47:13,650 --> 00:47:18,780 package and you should follow up report a doing a published maybe next year or 426 00:47:18,780 --> 00:47:26,250 so they say on it since 2013 I think he will do a lot of talks about it and you 427 00:47:26,250 --> 00:47:32,370 should stick with those guys on the community likes a community wanna make 428 00:47:32,370 --> 00:47:37,720 programs parenting 101 to the packy does wanna make security better so maybe we 429 00:47:37,720 --> 00:47:42,370 should just stick with those guys and find out what you gonna do question was 430 00:47:42,370 --> 00:47:49,200 a scalable and he said yes so maybe we should check this out I gotta post a 431 00:47:49,200 --> 00:47:54,640 list where smart people that you cannot trustees on thursday saw that and that's 432 00:47:54,640 --> 00:47:55,210 reason 433 00:47:55,210 --> 00:48:01,560 lots you're free to implement or don't implemented just how you feel more 434 00:48:01,560 --> 00:48:09,660 questions so that ladies and gentlemen that's a great audience I think you're 435 00:48:09,660 --> 00:48:12,359 firing me wish you a nice lunch