Wednesday

Wednesday 23/07/2003The greatest fun in cryptography are the lateral thinking attacks: using huge banks of LEDs and looking for patterns of light to scan keyspaces, gradually heating up a smartcard until bits start to fail and then analysing the mistakes it makes, turning keystreams into audio and using music analysis software to check for periodicity. All things you suspect the original designers never even considered, because they're so far out from normal mathematical activities.

Wednesday 23/07/2003
The greatest fun in cryptography are the lateral thinking attacks: using huge banks of LEDs and looking for patterns of light to scan keyspaces, gradually heating up a smartcard until bits start to fail and then analysing the mistakes it makes, turning keystreams into audio and using music analysis software to check for periodicity. All things you suspect the original designers never even considered, because they're so far out from normal mathematical activities. The latest Windows password crack from Switzerland isn't quite like that, but it's close. Everyone knows that you can reduce the time taken to perform some mathematical password analysis by pre-computing sets of possible answers and then scanning quickly through them during the attack. But it takes a certain freedom of thought to notice that these days we have gigabytes of memory on PCs and can thus pre-calculate some truly enormous tables of cooked data. Using this approach, say the cryptographers, "Using 1.4GB of data (two CD-ROMs) we can crack 99.9 percent of all alphanumerical passwords hashes in 13.6 seconds whereas it takes 101 seconds with the current approach using distinguished points" Which means that given access to a Windows computer, and armed with a fairly modest laptop, you can be guaranteed to get the password in less time than it takes to copy a file off a floppy. When will Microsoft fix this? Don't hold your breath: according to the news this week they're too busy counting their fifty-billion-dollar cash mountain while reporting major security flaws with Server 2003. Business as usual.