Allicient

Every so often I read about a planned technology or idea and think, “wow, that really is monumentally stupid”, and this month Nokia’s new toy in development takes the prize.

Has Nokia forgot what happened when wireless access points started appearing in people’s homes? Naturally, other people started driving around and creating maps of open access points they could use. Then along came WEP, quickly followed by its subsequent and decisive departure. Personally, I still think wireless is a daft idea. Anyway, back to the point; while all the wirless abuse was/is usually pretty benign, generally limited to getting internet access for free, can you imagine what’s going to happen when the first vulnerabilities start appearing in these “Home Control Centres”? Again a totally redundant and essentially useless technology is going to wreack havock… let the games begin.

Personally, I think programming your neighbour’s livingroom lights and stereo to re-inact the “Day-O” scene from the film “Beetlejuice” could have good entertainment value. I however also think there will be a select few out there that will have other more nefarious ideas. Maybe wirelessly connecting your oven up to your new “Home Control Centre” wasn’t such a good idea afterall….

… is it just me or is there a burning smell?

UPDATED 12th April 2010: Added [] extra meaning in title.

I love it when you can determine something about the hidden internals of a system only from superficial behaviour.  For example, the idea of being able to detect the presence of a black hole from it gravitational effect on other visible objects like starts struck me as pretty neat.  Anyway, not quite as stellar, but I’ve noticed a curious Gmail phenomena: if you look into the “spam” folder, then for almost every page load, the advertisement that appears above the mail list is for some type of Spam food product (seriously, try it).

More intriguing than the sheer variety of Spam products advertised is how Google’s contextual placement is deciding to put those advertisements there.  It hasn’t come from the contents of the emails, unless I happen to be the only person on the planet receiving a load of spam mail about Spam (oh, the irony, ah-hem) – so the only possible answers must be that either its been hard-coded in (and the advertisers probably deserve a discount), or Google’s contextual system is not only basing its decisions on the content of the emails but the surrounding page structure.

I’m guessing it must be hard-coded, as I doubt any user would want to see advetisements based on the content of spam email – you really never know what it would generate.  Which means at some point they’ve tweaked those adds only to generate advertisements for products containing Spam…hehe.  Monty Python lives on.

UPDATED 12th April 2010: Added [] extra meaning in title.

Sgàil, my submission to NIST’s SHA-3 competition, unfortunately has an error in it which makes finding a collision or second pre-image trivial.  The error crept in when I’d decided to change the key schedule late on from being a tree structure to a simple double block processing.

The measure which had originally protected the tree structure from block interchanges – the preliminary key – was unique for each 2048-bit block.  Unfortunately when redesigning the algorithm, I’d neglected to process a preliminary key for each 2048-bit block and instead processed a single preliminary key for each 4096-bit block.  The process where the 4096-bit block is reduced to the 2048-bit principle key uses the same preliminary key for both 2048-bit halves of the 4096-bit block, where they should have been different.  Hence the 2048-bit input pair is interchangable.

The resolution is to process a preliminary key for each 2048-bit input block and update the block counter at each 2048-bit input block rather than at each 4096-bit block.  The performance wouldn’t be significantly altered.  However since the submission deadline has now lapsed, I doubt any modifications will be accepted.

The following code generates a collision:

——-

int main() {

u8 data__a[ SGAIL__INPUT_BLOCK__SIZE * 2 ];
u8 data__b[ SGAIL__INPUT_BLOCK__SIZE * 2 ];
u8 result__a[ 64 ];
u8 result__b[ 64 ];

memset( data__a, 0, SGAIL__INPUT_BLOCK__SIZE * 2 );
memset( data__b, 0, SGAIL__INPUT_BLOCK__SIZE * 2 );

data__a[ 0 ] = 1;
data__a[ 256 ] = 2;

data__b[ 0 ] = 2;
data__b[ 256 ] = 1;

Hash( 512, data__a, ( SGAIL__INPUT_BLOCK__SIZE * 2 ) * 8, result__a );
Hash( 512, data__b, ( SGAIL__INPUT_BLOCK__SIZE * 2 ) * 8, result__b );

do__display_512_bit_hash__byte_wise( result__a );
do__display_512_bit_hash__byte_wise( result__b );

}
——–

I will post a revision of Sgàil in the next few days with the error fixed, although I don’t know of its applicability as concerns the SHA-3 competition.

UPDATED 21st November 2008: Ok, maybe a bit more than a few days, keep getting side-tracked. Will upload new revision once have fixed the specification document.

UPDATED 21st January 2009: Version 0.4 has been released here which corrects this error…. enjoy

UPDATED 12th April 2010: Added [] extra meaning in title.

I’ve removed the need to wait for comment moderation, so post away.

UPDATED 7th November 2008: The Akismet spam filter seems to be a tad on the aggressive side, so if your comment doesn’t appear immediately, it will appear soon as I periodically check the queue.

UPDATED 12th April 2010: Added [] extra meaning in title.

NIST hasn’t even published the complete and proper candidates, but there’s already a full break (second pre-image) of one of the candidate hash algorithms in the SHA-3 competition, pretty exciting, huh?  The “WaMM” hash algorithm is the first to fall, see here for more info.  There’s also been an attack on another of the submissions, EnRUPT.  A list of some (I say some, there’s quite a lot on the list) of the candidates can be found at the SHA-3 zoo.

In this type of process, such a complete break so early on is certainly a good indicator that the process is working as intended – and getting good involvement.  It also serves as a stark warning to those who would use a home-grown crypto scheme in a commercial product without full peer-review of their algorithm, the consequences of which are no less apparent than the failure of the ubiqutous Mifare classic, used for example in the Oyster card in London.

UPDATED 12th April 2010: Added [] extra meaning in title.

For those who haven’t been following the hype, NIST advertised back in 2007 for submission candidates for a new cryptographic hash algorithm, much in the same vein that the Advanced Encryption Standard process was conducted (the website can be found here). The deadline for submissions is tomorrow, so I thought now would be a good time to upload a copy of my own submission, Sgàil.

A copy of the submission files can be found in the articles and papers section of this website – or even quicker the specification is here.

A copy of the original submission and revised files can be found here.

As with all submissions to the SHA-3 process, its totally royalty free and all that jazz – basically you can do what you like with it. If anyone ever fancies implementing it in real software, I would love to hear about it. Also, if anyone has comments or analysis on the actual algorithm, I may not want to hear them, but they are none-the-less very welcome

UPDATED 22nd January 2009: The new version, 0.4, of Sgàil is available which corrects a serious error, check the Sgàil page for more details.

UPDATED 13th April 2010: Updated links to submission packages.

According to this article in the Telegraph, a MI6 agent was being interviewed for BBC’s “The One” show when his fake mustache fell off. To be honest, I’m slightly baffled by this story and assuming its a bit of a joke. But in any event, I’m sure we’ll all feel safer in our beds tonight knowing whom the foreign security interests of our country are entrusted to.

Advisory note to up-and-coming foreign terrorist groups: if you come across a guy with an upper-class English accent, tweed jacket and dodgy mustache – shoot him first.

UPDATED 12th April 2010: Added [] extra meaning in title; corrected spelling mistakes.

As a side note, I’ve recently found Opera (9.x versions) using about 80% – 100% CPU when browsing Javascript intensive sites; mainly GMail and Facebook.  It seems that others are having similar issues. GMail seems to be fixed by using the opposite of the advice given here, i.e. do an F12, then “Edit Site Preferences” -> “Network” Tab -> Change the Browser Identification “Opera”.  This could be a fluke, but it seems to have fixed things in GMail at least.

In my recent post I’d wrote about how useful it would be to have the facility in webmail services to check your past login times; well, this morning I signed into my GMail account and was presented with the facility to do just that, nice one (its right at the bottom of the page).  As you might say in Scotland – “oan yersel Google”.  Not only does it provide your current login details, and previous four login times with IP, but it also lets you clear any stale sessions from their authentication database – a very useful feature if you use a choppy internet connection like wireless or mobile broadband where you cannot assure you’ll always be able to “sign out”.

Now… I wonder what happens if I write something else… just kidding

UPDATED 12th April 2010: Added [] extra meaning in title.

While the issue of cybersquatting is generally very well documented, I think we’re just beginning to see the rise of a phenomena far more insidious and damaging – and it is likely to affect the average person-on-the-street much more than it does celebrity personalities or big business.  What I’m talking about is online identity theft, or maybe “profile theft”.  Most of the time when you hear the words “identity theft”, thoughts of horror stories start coming to mind, but have you considered your “online identity”?  By that, I mean social networking or “blogging” sites like Facebook, MySpace, Digg, and the likes – if you haven’t, then it may be something worth looking into.

In the days of olde, and by that I mean anything pre-dating circa 2000, most people didn’t have an online presence as such.  Email was really just beginning to be seen as something nifty, cool or vaguely useful (despite it being around since the ’70s).  When you wanted to contact someone, you’d use the phone, or you could send an SMS message on their funky new mobile phone, you could even write a note/letter.  At a pinch you could even go round to their place.  If you lost contact, you’d likely have to ask amongst your friends or family if they knew how to contact them.  Notice in all of these, you can easily establish someone’s identity – be it via face-to-face interactions, their voice on a phone, handwritting, etc – the act of communication itself carried enough information to identify that person as the person you think it is.

Now consider the situation we have today.  You want to find someone, you can use a multitude of online services from Facebook to Friends Reunited – that person may even have their own website.  You might be able to do a Google search and find online tracks left by them.  Unfortunately, there is little inate information carried online to actually identify a person unless you are directed to a specific URL or profile by someone you already trust.  So, what’s the problem; you can just make sure you’re a little more careful when you make contact with someone to make sure they are who you think they are.  But that belies the true natrue of the problem: other people may not use such stringent checks.

This might not seem a risk until you consider the scenario where someone else creates accounts and profiles in your name.  They may even take photos from your own legitimate profiles, or use publically available information about you to make it more convincing.  Somebody you knew years ago who is trying to look you up may inadvertantly make contact with the forgery (which if taken to an extreme could have some pretty serious consequences), or the impersonator may put up false information on the forged profile which is damaging to your reputation.

Preventing this is fairly difficult due to a number of factors:  there are a lot of sites where you can network or “locate” people, which means a massive work load if you wanted to check for impersonations; even if you manage to do this, then its difficult to get the forged profiles or accounts removed; it’s much easier and quicker for an impersonator to create new profiles or accounts, so you’re fighting a losing battle; any damage may already have been done – to use an old axiom, its like trying to lock the barn door after the horse has bolted.

The problem is basically down to the loss of authentication information that was present in the ways we used to do things.  You would recognise a person’s voice or handwritting, but that’s not there in an anonymous email or online profile.  Passing on of contact details also had a certain amount of inbuilt protection as there was an assumed trust in the person giving you the information and an ultimate authentication when you actually talked to the person you wanted to contact.  Ironically, a partial solution to this problem has been around since the early ’90s with the advent of a bit of software called PGP (Pretty Good Privacy), which was principally designed for secure email communication between people who didn’t have a secure channel to send passwords or encryption keys (the software’s designer, Phil Zimmerman ended up getting brought up on arms charges by the US government because of it, and is often praised for promoting free speech).  PGP brought with it the concept of a Web of Trust – which basically means that if you have met your good friend Bob in real life, then you can in the electronic world state that fact, in a very secure and unforgable sense.  Assuming both Bob and yourself have done this with your whole social circle, then if someone Bob knows wants to email someone you know but hasn’t yet met, they can email with some certainty that it is the correct person – and not have to meet in person or talk on the phone.  A simple situation where this would be useful is that one of Bob’s friend’s lives in the US but wants to do business with someone you know – timezones are difficult, so being able to email off-spec and know for certain its the correct person is a useful thing.

When I was in my early teens, I’d actually obtained one of the very first versions of PGP (through a 2.4Kbps modem dialup to a BBS… ahhh the days).  Immediately, I’d recognised the importance of the Web of Trust construction.  Unfortunately when you are still at school and all your friends live within a three mile radius, it has somewhat limited applicability.  I do however think this concept has yet to really manifest in the psyche of the general internet public, and when it does, we’ll approach our online relationships in a completely different manner.

Its all fine and well for me to talk about using webs of trust, but the problem exists now; so what can you realistically do?  Well, for starters create your own profiles on the major social networking sites.  You don’t have to use them, but having them established is a good start.  It means that if someone malicious creates a profile in your name then anyone looking for you will see a duplicate and alarm bells will be raised.  The second piece of advice would be to get at least a minimum number of people you talk to on a daily basis to be on your “friends list” – an impersonator will find this hard to do with people you talk to everyday and will increase the authenticity of your profile.  The third piece of advice actually flies in the face of the prevailing thoughts on identity protection: publish a physically verifiable contact detail; a mobile number would even suffice, just enough so that someone that wants to contact you can phone and actually determine its you.  If you’re worried about your personal details, “Pay-as-you-go” mobiles come in at little over £15 now, just use that as your online contact.

** Update, Tuesday 23rd September 2008: to see just how dangerous online impersonation can be, have a look at this article. This debarcle happening on Wikipedia no-less, who would have thought it. Ah-hem. The article here is also useful for background.

UPDATED 12th April 2010: Added [] extra meaning in title.