[Cryptography] cryptography Digest, Vol 36, Issue 29
Tom Mitchell
mitch at niftyegg.com
Mon Jun 6 00:06:52 EDT 2016
On Sun, May 1, 2016 at 11:12 AM, Grant Schultz <gschultz at kc.rr.com> wrote:
>
> Subject: [Cryptography] More speculation on cryptographic breakthroughs.
> ON 4/30, Ray Dillinger <bear at sonic.net> wrote
>
> >The "major crypto breakthrough" that we keep hearing about, may
> >be just a giant database of audio recordings of people typing
> >passwords.
>
> Few question for thought:
>
> - With most cell phones in pockets, is the audio quality good enough for
> this kind of attack?
>
Yes... but training the system is a task.
The comments that a computer gathering basic driver actions being able to
identify the specific driver in a short time 9 of 10 and with longer
training
99%...
> - Would an effective countermeasure be to enter passwords via less audible
> means, such as touchscreens or mice, and picking out buttons on the screen?
>
Effective? Anything that breaks with training might be effective.
A pocket size keyboard -- plug in and only use for limited actions.
> - What if we simply press the keys more slowly to where they don't reach
> their maximum stroke and cause much audible output?
>
> - I've wondered about the following: If the NSA/FBI/etc. capabilities are
> as far-reaching as we fear, wouldn't they (FBI in particular) have the
> ability to conquer organized crime by now?
>
The deal is that in short order these exploits would be closed or made
worthless by
organized and disorganized crime.
The FBI may be hobbled by national secrets as much as anyone.
Any lead that exits the US becomes the purview of other agencies.
The interesting thing is nothing interesting has apparently been found on
the iPhone:
http://www.cbsnews.com/news/source-nothing-significant-found-on-san-bernardino-iphone/
Now the paranoid might ask: are the secrets on the phone real but to
disclose them would
risk a disclosure of extra legal sanctions on international targets... or
hobble those
sanctions.
It is foolish to think that any exploit known to any US agency is unknown to
foreign nationals and criminals.
Lawmakers need to grock that phones and computers barely qualify
as trustworthy platforms for banking and other private property "gateways"
and management tools..
Phones unlock cars, homes, bank accounts, manage digital rights to
books, music, video and other content. Corporate secrets and banks are at
risk
to the tune of amounts equal to many nations total productivity.
"Too big to fail" has an additional context the game. "Too big to be
hacked."
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160605/d2ca1917/attachment.html>
More information about the cryptography
mailing list