Lecture 11
Contents
Initialisation Vectors (IV)
IVs are the so called ‘seed’ for an algorithm to start
–> What’s wrong with WEP: The IV can be discovered
Seed: 40bit key + 24bit rng (IV) => 64 bit
Collision after sqrt(2^24) = 2^12
Keys vs Passwords (?):
- Keys (in) bits of security
- Password (in) bits of data
In a 10 character long password, there are 80 bits of data.
But not all of these bits can be considered for security
In (non-extended) ASCII, the first bit always 0.
So then, intead of having 10 * 8 = 80
bits of security, we only really have 10 * 7 = 80
bits
What about if we only allowed uppercase letters (A-Z)?
1 2 3 | A 65 `01000001` Z 90 `01011010` ^^^^^ |
Only five of the bits actually change, the others are always the same. There are only 10 * 5 = 50
bits of security - which is not very secure these days…
Data and Control
Post Office Analogy
Posting the purchasable items in the post office to yourself to avoid having to pay for each item.
Are the items at the counter for purchase, or for postage?
WEP - Data and Control mixed
Buffer Overflows
Ignoring multithreading and multiple cores, the ‘parallel experience’ we see is rapid context switching
Program interrupts add their task to the stack (including data as well as control information), and the stack pointer moves to the newest frame to run. When the frame is popped, the top of the stack needs to be ‘reminded’ of their state.
The stack is stored backwards, meaning that the next item in the stack has a memory address earlier than the previous stack address
1 2 3 4 5 | # | Memory ===> --|------------ 1 | [A] 2 | [B][A] 3 | [C][B][A] |
If you write more data into C
than the length, it will spill into B
.
i.e 3 | [C][C][A]
We could override the control data, which could change what the next step for the previous frame is.
Proof of Work
See more about Cryptocurrency
A lot of work needed to compute and prove legitimacy
Whoever has the longest chain is considered to be the validated chain
If you were to falsify one of the previous ledgers, you’ll need to race ahead to also falsify the next ones
Moore's Law
Transistors double each year, and compute power increases