and Hardware Hacker Previously spoken at Hackmiami and B-sides Las Vegas Featured in Forbes and BBC for hacking android phones using an implanted NFC chip. & Lead engineer twitter.com/SethWahle Linkedin.com/in/seth-wahle-92b28269 Website: SethWahle.com
buying and selling a product or service. It includes advertising, selling and delivering products BRANDING COMPANY "Padding Oracle On Downgraded Legacy Encryption" POODLE Security Losses from Obsolete and Truncated Transcript Hashes SLOTH 2015 2011 2015 2014 2016 Brief Company History
user doing 2048 bit or 4096 bit encryption /random • Uses entropy gathered from actual entropy sources. • Locks CPU until entropy is collected to complete encryption • Used for critical random(encryption) /urandom • sudo random random numbers based on an openly distributed algorithm • Does not lock CPU ever • acceptable for low grade random generation (games,etc)
about encryption and entropy to make my server work properly. • Implemented several modifications that we will go over shortly. • Later learned of the possibility of an entropy downgrade attack.
together to form a semi-prime number (N) 3. This becomes the modulus 4. Find the (phi) function of the modulus 5. Choose an encryption number(E) where E is between 1 and (phi) of N and is coprime with the modulus 1: P = 2 ,Q = 7 2: N = 14 is the modulus 3:(phi)N=(P-1)(Q-1) = 1*6 = 6 4: E = 5 5: E,N = public key 6: M= message so we will encrypt using the equation Encrypt M5(mod 14)=Cypher Text (C)
encryption number to the modulus of (phi)N is equal to 1 2. D and N are the private key 5*D(mod 6) = 1 D = every 6th multiple, so we choose 11 D=11 Decryption Remember: P = 2 , Q = 7, N = 14, (phi)N= 6, E=5 M= Message, C = Cypher Text Decrypt using the equation CD mod N = M
P 2. Choose a RANDOM prime number = Q 3. Choose a RANDOM number that fits a criteria E 4. Choose a RANDOM number that fits a criteria D This all requires RANDOM numbers! and random numbers come from entropy.
the next prime number larger than the chosen number. (uses blah blah blah algorithm, ask me if you wanna see how it’s done) Random Numbers are generated using ENTROPY Entropy - Random noise # cat /proc/sys/kernel/random/entropy_avail Computers average between 50 and 1000 bits of entropy when not modified for better entropy gathering VM’s are worse due to a lack of IO.
the second Prime • Run that though the RSA algorithms • See if it comes out clear text Rinse and repeat until it comes out clear text. This is extremely hard to do against large primes (1024 bit+) trivial to do against small primes
bits of entropy out of the entropy pool remove 1024 bits of entropy from the pool and use it to generate a 1024 character long number then find the next higher number that is prime. Prime = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX~ Perform a 1024 bit encryption with 1 bit of entropy in the pool Prime = X00000000000000000000000000000000000~ = X X = 1 or 0 Only 2 combinations to try!
Collecting Entropy Stop Collecting Entropy SysCtl has a watermarking feature that stops and starts collecting entropy on to the entropy pool at certain levels +/- churn This was done to save ridiculously tiny amounts of system resources. This is hardcoded as well : (
Entropy Stop Collecting Entropy Install RNG-tools and set new watermark RNG-tools over writes some of the systems entropy setting one of them being the watermarking options, This allows you to fix the watermarking without recompiling sysctl RNG-tools also give you control over entropy sources and setting and optimizations
on system timing and will generally bump your entropy up to 2000-3500 Get a Hardware RNG - $50 Make Your own HRNG from an RTL-SDR dongle ~$10 (do your homework on making it a secure source or ask me after) Borrow some entropy From a friend??? https://github.com/pwarren/rtl-entropy
over time to reduce impact and requirements against the entropy pool. • Use these to generate large primes • Store a list of these cached large primes locally • Roll a random selection against the cached • Use and delete the randomly selected large prime • Rinse and repeat
will apply the minimal basic changes to better protect your systems entropy as well as increase system performance! Entropy-upgrade.sh Is available at http://pastebin.com/tKTwt471
osteth
yu4u
yamahiro
yoshiitaka
iputapp
tkengo
tomorrowkey
jacopen
inductor
yuhta28
oracle4engineer
tahia910
soracom
hannesfritz
cherdarchuk
dotmariusz
tenderlove
ddemaree
destraynor
pauljervisheath
colly
eileencodes
malarkey
caitiem20
quramy
