LogJam Attack - Computerphile
Вставка
- Опубліковано 22 тра 2024
- An oldie but a goodie, Dr Mike Pound revisits the Log-Jam attack.
Original Log Jam paper: bit.ly/C_LogJamPaper
Thanks to David Domminney Fowler for his help with the woeful framerate of the second camera footage.
/ computerphile
/ computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: bit.ly/nottscomputer
Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharan.com
That's some serious powerpoint at the paper drawing scenes.
I enjoyed the little side-plot at the bottom
@@rhoharane 2:59
@@rhoharane 6:04
Nothing like a new Mike Computerphile video :D
Even in 2.5 FPS!
Yes the FPS were kind of creepy....
…talking about cryptography ❤
Yeah...I got interested in cryptography because of this guy
Didn't know Mike had changed his last name, that's some serious dedication!
FPS comments, for people like me who can't read quite that quickly (I think this is all of them):
oops, 2.5 fps - sorry!
strong cct vibes
frame-rate mismatches are painful huh
maybe you're wondering how this happened?
because 2.5fps is rather an unusual framerate
this camera was used for a different piece of work
sean (the fool) forgot to check the settings
normally this camera (a canon xa50)
stays in the bag for computerphile shoots
but, having used it to timelapse something
it was set to 4k 25fps but on a 10x settings
maybe an ai frame interpolator can help...
or make mike look like 'the flash'
better, or worse? i kinda like it...
Thanks for this :) -Sean
Lol I saw the first one, but didn't even notice I was missing any others
Reminds me times when as a teenager I attempted to load the latest games on an outdated PC. Humbling experience ;)
Thank you for this! I now just need to block out the bottom half of my screen, so they do not distract me anymore. -- Edit: @Computerphile I don't mind reading the explanation, but please, not like this. The short, almost subliminal-like messages making your 2.5 FPS excuses at the bottom of the screen were very distracting from the lecture itself. Had to constantly pause/rewind. Basically, I forced myself to watch a sup bar video twice.
Somehow, I kind of like the 2.5fps, but maybe the explanation is better at the very end.
2.5fps with that smooth transition is absolutely trippy and satisfactory. Especially when writting, the text just pops up into existence randomly, amazing
Funnily enough I was maxing my CPU at 100% compiling software inside docker containers and I thought I had glitched something, even though my browser was "niced". I niced the container and pressed back to watch it again, it was funny.
@@monad_tcp Haha
Actually I was starting to think this was AI generated :P
For me it kinda looks like writing in cheap animations, where the hand just slides in the writing direction, bobbing up and down a little randomly and the text just appears behind it.
Magic marker :)
The idea of pre-computing a large part of the decryption for each prime number is similar to how GSM and later mobile phone encryption systems were broken - we called the pre-computed data ‘Rainbow Tables’
Rainbow tables exist in a lot of contexts and are quite an old concept.
The tables containing precomputed hashes (for password cracking) are also referred to as Rainbow tables.
@@iammeok yes, they are often called that way, but the term is misused in that case imo. Those are simply hash tables, while rainbow tables use a mechanism of chaining reduction functions, as described in Oechslin‘s paper from 2003.
The real problem with mobile phone encryption (at least back in the GSM days) was that it was made deliberately weak due to pressure from spy agencies.
7:03 due to the accidental low framerate, it looks like Mike writes "mod" by drawing a straight line
The man in the middle managed to corrupt the paper and pen scenes 😂
Fry: Not sure if B-roll footage is 2.5fps, or…
…my heart is just THAT excited to see another Dr. Poundtown cryptography/attack video on Computerphile.
Glad i want the only one seeing that.
It says so on the video
@@santiagog UA-cam mobile makes it really dumb to read the descriptions beyond about 4 words.
@@AndrewFrink It's literally on screen 1:00
Some footage is being downgraded to 2.5 FPS by a malicious actor ;)
3:26 You wasted a golden opportunity for "It's an older code, sir, but it checks out."
The 2.5fps subtitles could have referenced a møøse
A møøse once bit my sister...
If you're wondering how pi was used to get a prime, there should be rounding down (floor) brackets in there. From RFC 2409:
"The prime is 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
Its hexadecimal value is
FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1
29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD
EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245
E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED
EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381
FFFFFFFF FFFFFFFF"
Thank you, I was wondering how a transcendental number could possibly be part of a prime.
What calculation was used to prove that it is a prime number?
how do we know [ ] means round to the nearest and not round downwards? This could introduce an off by one error.
@@charlieangkor8649 Square brackets only mean round down. I've edited my comment to clear that up.
@@threeMetreJim RFCs are technical documents used for things like internet protocol definitions. I'd start by looking at RFC 2409. If not, I believe there's at least one method to verify whether a number is prime. They shouldn't be hard to find.
13:37 Mike... Stop. Promising. Videos. you are a computerphile hydra at this point 😂
Hydra... 🤔🤔 They should do a video on hydra as well if they haven't
4:03 "the p looks a bit small"
heard that one before
"And it has a generator of 2" Such an unremarkable number for such a remarkable prime
It's not a property of the prime number itself. The key exchange requires the choice of two separate, publically-disclosable numbers: the giant prime that was mentioned, and a generator, which is allowed to be small
i was expecting him to add the whole "floor" or something since he put pi in the prime generation and that definitely can't be a whole number.
"Such an unremarkable number" 2 is the MOST interesting number out there. wdym?
How is it a prime if it's times by/added to pi in there? isn't pi transcendental?
@@isaaccunningham2042 probably floor to remove the decimal part
I remember being tasked at the time with building a group policy for our windows servers to remove compromised cipher suites as available options. Its cool to finally understand what was really going on with that, since at the time all I understood was there was a downgrade attack that was possible.
Well now we need a video on how number field sieve works!
Outstanding vid, it's great that people can get such an approachable insight into not only what goes on behind the scenes of something they do every day, but the to and fro of the conflict that is being carried out to break (and keep safe) their communications.
I could listen to Mike all day 🎉🎉
Mike's explanations are just the best everytime
Love Computerphile videos. Keep up the good work.
The Canon subplot was fun
You know it's a good day when Mike uploads a video
This is absolute gold. Many thanks Dr. Mike😊
Computerphile is amazing! I'm so grateful for new vids 😍
Absolutely loved this, great to hear you speak about this subject
14:48 well that looked pretty magical! I wish I could write at 2 fps 😊
appreciate the unexpected bonus content about FPS issues :)
Spot on and thoroughly entertaining - Thanks for putting this together!
I Remember this my university’s research team worked on this attack!
Love the step that's just called "Linear Algebra"
Geez that slow FPS made me replay those sections. Thanks for the comments, I was ready to diagnose my network.
These guys are freaking awesome!
Thanks for the very clear presentation.
Love this video and how it's explained even with the technical issues it was still really interesting and engaging
Mike, the hero of explaination.
Fascinating! Thank you for this good story, nicely explained as always 👍
I see the poundmiester, im watching it
Would love to see some videos around optimization, specifically LP/ MILP solvers, branch and bound, feasibility pump, etc.
I love this channel. Fascinating stuff.
These always baffle me at least a bit, but I enjoy watching them all.
NSA: Sorry Timmy. It's more important that we use that money to read your parent's emails rather than give you food and healthcare.
Mike’s taught me more than all my professors combined
There is nothing more devious than the malicious purple pen.
Very interesting and meaningful video. Good to know the Internet moved away from this potentially insecure versions. Thank you!
I love this guy!
A safe prime in RFC is "probably" broken.. and now elliptic curve is used, but, as far as I remember some defaults for elliptic curve are part of RFC and it was mentioned in an older Numberphile video that elliptic curve might be broken too..
Finally Dr Mike Pound! Love the guy :)
Is there a video on how these videos are edited and made? This is a really clear way to convey a topic..
This video have amaizing "dreamy" vibe in it.
Mike delivered as always.
Log Jammin is a highly underrated film by Jackie Treehorn
The big lebowski, I understood that reference!
The man in the middle turned out be an expert. Would someone please flush my brain?
Does this fall under the category of the law of unintended consequences, regarding the original decision to limit exporting of powerful encryption?
I'm really curious, what is the font used in the videos of Computerphiles? I think it really defines the style and I really like it :)
Imagine how pucker-inducing dropping a paper like this is for security professionals. 😄
whats the difference between preprepared sequences and rainbow tables?
With the 2.5fps storyline going on, this was like 2 videos in one!
good thing 99% of people can't see over 2.5 fps
I have a question. Back in 2015 when they used the 1024 bit security, couldnt they just use the 2000 one? Why go fir the lower?
Weird that the RFC specifies the base in a 1-digit number. Not necessary as far as I'm aware.
I wonder if there's been any studies on how many years it would take to break 2000 bit primes compared to processing power capabilities over the next 30 years.
Did you recreate the over the shoulder shot through perspective projection?!
You simply configure the server to not permit weak schemes. open vpn server actually allows to define a dhparam file. I use a 4096 bit one, it contains p and g, were p is the 4096 bit public prime and g is the generator. Just generating the prime took a few dozen minutes.
The 🐐 Dr. Mike Pound
Lol I love the little text explanations in the corner of the video about the atrocious 2.5 FPS issue 😂 make sure to give Sean two and a half smacks, one for each frame per second lmao
Seriously... why is there a Pi in the prime for Oakley Group 2? I think even 2Blue1Brown would have sleepless nights tracking down the hidden circle in that little nugget.
The formula doesn't even return an integer. Unless it assumes some finite precision of decimals?
The hard brackets notation around [2^894 * pi] indicates that it should be rounded to the nearest integer.
He uses round brackets in the video, not hard/square.
This is Computerphile, not Numberphile. They don't know that pi is an irrational number.
@@InappropriatePolarbear And if it's 1.50 what is the value of [1.50]? And [-1.50] ?
Hi Dr. Pound! Hi Sean!
with a name like logjam i thought you was talking about either a variant of log4j or overwhelming the server logs making it confusing to a security admin.
What would it take to break the 2048 bit DHE in 90 seconds?
Amazing
Brilliant 😊
Never thought Computerphile would be talking about Logjammin' :D
Linux Tech Tips recently got hacked via a session token attack, and I’m wondering why that is still possible, and if there are any ways to address it? I’m thinking maybe something involving the TPM so once a key is generated it’s never readable.
Please make a video on ring signatures and RingCT.
These things make me wonder if there are already similar attacks done and most importantly the threat of storing data to decrypt later.
I remember hearing that there is people (probably governments?) just stockpiling encrypted data in the hopes that they'll be able to use quantum computing to just decrypt all of it a few years from now.
Is it just me, or is the frame rate of the overhead camera much lower than the main camera?
2:22 If it hasnt been done already, I think a video about the Crypto Wars would be a really interesting topic to have on computerphile.
I wonder how Bot Nets compare to the clusters mentioned here. Can someone use them as efficient?
Was the over the shoulder camera footage generated by openai?
Please make a video about lattice-based cryptography...
You missed the opportunity to make "Log jammin'" jokes
So what you're saying is that Uplink was actually quite accurate!
I wonder what would be the memory requirement for the results of the 3 stages of the 1024 prime...
4:03 "they only noticed that the **p** is a bit small"
Logjam vulnerable DH handshakes evidently have a lot in common with my high school girlfriends
A bit small, but no worries? Can't work out why anyone would bother to bring that up.
Sounds like bit encryptions should be upgraded to say 16k bit encryptions for the foreseeable future and then later 128k bit encryptions, sure it sounds a bit ridiculous but on the other hand by the time the encryptions are broken the information would likely be no longer valuable.
Neat. And terrifying
Please make a video on how to recover deleted files from a usb device using cmd.
@4:04 "They just noticed the P looks a bit small. Eh"
- story of my life
13:21 "The prime is ... 2^894 times by pi"
How is the number prime, when one of its components is pi?
They’re missing a rounding bracket around the pi and the power of 2 that multiples it.
Damn my computer is not working good anymore. The video is stuttering and lagging.
I also knew Mike was a super hero. Never knew he was The Flash!
Computerphile is ahead of the elliptic curve
Can you talk about how elliptic curve df could be vulnerable? I don't trust the nsa choosinf a curve and all that
Not the malicious purple pen!
I mean, as a client, i always notice the small P
Can someone specify this latter prime? PI is irrational...
Man I feel nostalgic now 🙂
The artifacts in the paper scenes that are like 3fps make it looks like these sections are AI generated?
So if we assume nation starts are collecting data right now using 2000bit keys for encryption, given current processing power gains, when would a nation state sized bad actor be able to break these?
Can you build dedicated asics to do this even faster than using general purpose hardware?
Encryption grows at 2^n
2000 bit encryption wouldnt be broken
10:45 blew my mind... it's the same number every time?!
WHAT is safe prime, please?!?
Pi is not prime. How de funk is that a safe prime if it ain't 2 to the power of a prime then minus one? I saweded an extra 2, a ×, and a few extra -.
So when on Sept 10, 2001 they said they lost 2.3 Trillion dollars, i wonder how many heavy decryption machines were made?