LogJam Attack - Computerphile
ฝัง
- เผยแพร่เมื่อ 2 พ.ค. 2024
- An oldie but a goodie, Dr Mike Pound revisits the Log-Jam attack.
Original Log Jam paper: bit.ly/C_LogJamPaper
Thanks to David Domminney Fowler for his help with the woeful framerate of the second camera footage.
/ computerphile
/ computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: bit.ly/nottscomputer
Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharan.com
That's some serious powerpoint at the paper drawing scenes.
I enjoyed the little side-plot at the bottom
@@rhoharane 2:59
@@rhoharane 6:04
Nothing like a new Mike Computerphile video :D
Even in 2.5 FPS!
Yes the FPS were kind of creepy....
…talking about cryptography ❤
Yeah...I got interested in cryptography because of this guy
Didn't know Mike had changed his last name, that's some serious dedication!
FPS comments, for people like me who can't read quite that quickly (I think this is all of them):
oops, 2.5 fps - sorry!
strong cct vibes
frame-rate mismatches are painful huh
maybe you're wondering how this happened?
because 2.5fps is rather an unusual framerate
this camera was used for a different piece of work
sean (the fool) forgot to check the settings
normally this camera (a canon xa50)
stays in the bag for computerphile shoots
but, having used it to timelapse something
it was set to 4k 25fps but on a 10x settings
maybe an ai frame interpolator can help...
or make mike look like 'the flash'
better, or worse? i kinda like it...
Thanks for this :) -Sean
Lol I saw the first one, but didn't even notice I was missing any others
Reminds me times when as a teenager I attempted to load the latest games on an outdated PC. Humbling experience ;)
Thank you for this! I now just need to block out the bottom half of my screen, so they do not distract me anymore. -- Edit: @Computerphile I don't mind reading the explanation, but please, not like this. The short, almost subliminal-like messages making your 2.5 FPS excuses at the bottom of the screen were very distracting from the lecture itself. Had to constantly pause/rewind. Basically, I forced myself to watch a sup bar video twice.
Somehow, I kind of like the 2.5fps, but maybe the explanation is better at the very end.
2.5fps with that smooth transition is absolutely trippy and satisfactory. Especially when writting, the text just pops up into existence randomly, amazing
Funnily enough I was maxing my CPU at 100% compiling software inside docker containers and I thought I had glitched something, even though my browser was "niced". I niced the container and pressed back to watch it again, it was funny.
@@monad_tcp Haha
Actually I was starting to think this was AI generated :P
For me it kinda looks like writing in cheap animations, where the hand just slides in the writing direction, bobbing up and down a little randomly and the text just appears behind it.
Magic marker :)
The idea of pre-computing a large part of the decryption for each prime number is similar to how GSM and later mobile phone encryption systems were broken - we called the pre-computed data ‘Rainbow Tables’
Rainbow tables exist in a lot of contexts and are quite an old concept.
The tables containing precomputed hashes (for password cracking) are also referred to as Rainbow tables.
@@iammeok yes, they are often called that way, but the term is misused in that case imo. Those are simply hash tables, while rainbow tables use a mechanism of chaining reduction functions, as described in Oechslin‘s paper from 2003.
The real problem with mobile phone encryption (at least back in the GSM days) was that it was made deliberately weak due to pressure from spy agencies.
7:03 due to the accidental low framerate, it looks like Mike writes "mod" by drawing a straight line
If you're wondering how pi was used to get a prime, there should be rounding down (floor) brackets in there. From RFC 2409:
"The prime is 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
Its hexadecimal value is
FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1
29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD
EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245
E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED
EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381
FFFFFFFF FFFFFFFF"
Thank you, I was wondering how a transcendental number could possibly be part of a prime.
What calculation was used to prove that it is a prime number?
how do we know [ ] means round to the nearest and not round downwards? This could introduce an off by one error.
@@charlieangkor8649 Square brackets only mean round down. I've edited my comment to clear that up.
@@threeMetreJim RFCs are technical documents used for things like internet protocol definitions. I'd start by looking at RFC 2409. If not, I believe there's at least one method to verify whether a number is prime. They shouldn't be hard to find.
Fry: Not sure if B-roll footage is 2.5fps, or…
…my heart is just THAT excited to see another Dr. Poundtown cryptography/attack video on Computerphile.
Glad i want the only one seeing that.
It says so on the video
@@santiagog TH-cam mobile makes it really dumb to read the descriptions beyond about 4 words.
@@AndrewFrink It's literally on screen 1:00
Some footage is being downgraded to 2.5 FPS by a malicious actor ;)
"And it has a generator of 2" Such an unremarkable number for such a remarkable prime
It's not a property of the prime number itself. The key exchange requires the choice of two separate, publically-disclosable numbers: the giant prime that was mentioned, and a generator, which is allowed to be small
i was expecting him to add the whole "floor" or something since he put pi in the prime generation and that definitely can't be a whole number.
"Such an unremarkable number" 2 is the MOST interesting number out there. wdym?
How is it a prime if it's times by/added to pi in there? isn't pi transcendental?
@@isaaccunningham2042 probably floor to remove the decimal part
The man in the middle managed to corrupt the paper and pen scenes 😂
3:26 You wasted a golden opportunity for "It's an older code, sir, but it checks out."
The 2.5fps subtitles could have referenced a møøse
A møøse once bit my sister...
4:03 "the p looks a bit small"
heard that one before
13:37 Mike... Stop. Promising. Videos. you are a computerphile hydra at this point 😂
Hydra... 🤔🤔 They should do a video on hydra as well if they haven't
Well now we need a video on how number field sieve works!
I remember being tasked at the time with building a group policy for our windows servers to remove compromised cipher suites as available options. Its cool to finally understand what was really going on with that, since at the time all I understood was there was a downgrade attack that was possible.
I could listen to Mike all day 🎉🎉
Outstanding vid, it's great that people can get such an approachable insight into not only what goes on behind the scenes of something they do every day, but the to and fro of the conflict that is being carried out to break (and keep safe) their communications.
This is absolute gold. Many thanks Dr. Mike😊
Absolutely loved this, great to hear you speak about this subject
Mike's explanations are just the best everytime
Computerphile is amazing! I'm so grateful for new vids 😍
Love Computerphile videos. Keep up the good work.
You know it's a good day when Mike uploads a video
The Canon subplot was fun
Spot on and thoroughly entertaining - Thanks for putting this together!
Love this video and how it's explained even with the technical issues it was still really interesting and engaging
Thanks for the very clear presentation.
These guys are freaking awesome!
appreciate the unexpected bonus content about FPS issues :)
Mike, the hero of explaination.
I Remember this my university’s research team worked on this attack!
Fascinating! Thank you for this good story, nicely explained as always 👍
I love this channel. Fascinating stuff.
Love the step that's just called "Linear Algebra"
Geez that slow FPS made me replay those sections. Thanks for the comments, I was ready to diagnose my network.
Would love to see some videos around optimization, specifically LP/ MILP solvers, branch and bound, feasibility pump, etc.
With the 2.5fps storyline going on, this was like 2 videos in one!
I love this guy!
14:48 well that looked pretty magical! I wish I could write at 2 fps 😊
Very interesting and meaningful video. Good to know the Internet moved away from this potentially insecure versions. Thank you!
Mike delivered as always.
This video have amaizing "dreamy" vibe in it.
These always baffle me at least a bit, but I enjoy watching them all.
Finally Dr Mike Pound! Love the guy :)
Mike’s taught me more than all my professors combined
Brilliant 😊
Log Jammin is a highly underrated film by Jackie Treehorn
The big lebowski, I understood that reference!
The man in the middle turned out be an expert. Would someone please flush my brain?
So what you're saying is that Uplink was actually quite accurate!
A safe prime in RFC is "probably" broken.. and now elliptic curve is used, but, as far as I remember some defaults for elliptic curve are part of RFC and it was mentioned in an older Numberphile video that elliptic curve might be broken too..
NSA: Sorry Timmy. It's more important that we use that money to read your parent's emails rather than give you food and healthcare.
The 🐐 Dr. Mike Pound
Amazing
I see the poundmiester, im watching it
Is there a video on how these videos are edited and made? This is a really clear way to convey a topic..
There is nothing more devious than the malicious purple pen.
Does this fall under the category of the law of unintended consequences, regarding the original decision to limit exporting of powerful encryption?
Imagine how pucker-inducing dropping a paper like this is for security professionals. 😄
Neat. And terrifying
Lol I love the little text explanations in the corner of the video about the atrocious 2.5 FPS issue 😂 make sure to give Sean two and a half smacks, one for each frame per second lmao
Hi Dr. Pound! Hi Sean!
Please make a video on ring signatures and RingCT.
2:22 If it hasnt been done already, I think a video about the Crypto Wars would be a really interesting topic to have on computerphile.
I'm really curious, what is the font used in the videos of Computerphiles? I think it really defines the style and I really like it :)
You simply configure the server to not permit weak schemes. open vpn server actually allows to define a dhparam file. I use a 4096 bit one, it contains p and g, were p is the 4096 bit public prime and g is the generator. Just generating the prime took a few dozen minutes.
Seriously... why is there a Pi in the prime for Oakley Group 2? I think even 2Blue1Brown would have sleepless nights tracking down the hidden circle in that little nugget.
The formula doesn't even return an integer. Unless it assumes some finite precision of decimals?
The hard brackets notation around [2^894 * pi] indicates that it should be rounded to the nearest integer.
He uses round brackets in the video, not hard/square.
This is Computerphile, not Numberphile. They don't know that pi is an irrational number.
@@InappropriatePolarbear And if it's 1.50 what is the value of [1.50]? And [-1.50] ?
Man I feel nostalgic now 🙂
4:03 "they only noticed that the **p** is a bit small"
Logjam vulnerable DH handshakes evidently have a lot in common with my high school girlfriends
A bit small, but no worries? Can't work out why anyone would bother to bring that up.
Never thought Computerphile would be talking about Logjammin' :D
I have a question. Back in 2015 when they used the 1024 bit security, couldnt they just use the 2000 one? Why go fir the lower?
whats the difference between preprepared sequences and rainbow tables?
Sounds like bit encryptions should be upgraded to say 16k bit encryptions for the foreseeable future and then later 128k bit encryptions, sure it sounds a bit ridiculous but on the other hand by the time the encryptions are broken the information would likely be no longer valuable.
Please make a video about lattice-based cryptography...
Sweet
10:45 blew my mind... it's the same number every time?!
I wonder how Bot Nets compare to the clusters mentioned here. Can someone use them as efficient?
@4:04 "They just noticed the P looks a bit small. Eh"
- story of my life
Weird that the RFC specifies the base in a 1-digit number. Not necessary as far as I'm aware.
I wonder if there's been any studies on how many years it would take to break 2000 bit primes compared to processing power capabilities over the next 30 years.
Did you recreate the over the shoulder shot through perspective projection?!
These things make me wonder if there are already similar attacks done and most importantly the threat of storing data to decrypt later.
I remember hearing that there is people (probably governments?) just stockpiling encrypted data in the hopes that they'll be able to use quantum computing to just decrypt all of it a few years from now.
The frame rate is slow but the image is very sharp, I think is better than the usual
hahaah I had just seen that interview a week ago, how lucky
with a name like logjam i thought you was talking about either a variant of log4j or overwhelming the server logs making it confusing to a security admin.
I wonder what would be the memory requirement for the results of the 3 stages of the 1024 prime...
Safe primes video pls
I also knew Mike was a super hero. Never knew he was The Flash!
One would hope that in 2023 servers would be smart and simply refuse to use known-weak ciphers. Although I suspect many servers still have to support weaker ciphers because they have to support ancient clients that themselves only support weaker ciphers (e.g. people stuck with ancient smartphones that don't support the latest stuff or people stuck on things like Windows XP for some reason)
What would it take to break the 2048 bit DHE in 90 seconds?
4:03 I like this phrase taken out of the context😂
So if we assume nation starts are collecting data right now using 2000bit keys for encryption, given current processing power gains, when would a nation state sized bad actor be able to break these?
Can you build dedicated asics to do this even faster than using general purpose hardware?
Encryption grows at 2^n
2000 bit encryption wouldnt be broken
Ah young Diffy Hellman lad, always getting into a spot of bother. His parents were quite mad!
13:25 I am not a cryptography expert, but I know pi is not a rational number, so multiplying pi with an integer is not an integer, so a sum containing such a term can't be a prime. So I guess there is something missing here.
Lesson : If it's just beyond the edge of possibility , assume its already been done ...
Can you talk about how elliptic curve df could be vulnerable? I don't trust the nsa choosinf a curve and all that
Computerphile is ahead of the elliptic curve
5:16 hurt my brain with that artifact.
the ai interpolation helped a ton -- no more seasickness, at least
good thing 99% of people can't see over 2.5 fps
Please make a video on how to recover deleted files from a usb device using cmd.
I mean, as a client, i always notice the small P