Linked by Thom Holwerda on Fri 23rd Sep 2011 22:22 UTC, submitted by kragil
Windows The story about how secure boot for Windows 8, part of UEFI, will hinder the use of non-signed binaries and operating systems, like Linux, has registered at Redmond as well. The company posted about it on the Building Windows 8 blog - but didn't take any of the worries away. In fact, Red Hat's Matthew Garrett, who originally broke this story, has some more information - worst of which is that Red Hat has received confirmation from hardware vendors that some of them will not allow you to disable secure boot.
Thread beginning with comment 490823
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: RSA key example.
by Neolander on Mon 26th Sep 2011 19:30 UTC in reply to "RE[4]: RSA key example."
Neolander
Member since:
2010-03-08

An idea hash function means that the only way to find a collision is to brute force various inputs until we generate a collision.

This is the part which I don't understand. I don't get how it is possible to create a hash function and publicly distribute it, in a way that mathematicians are not able to find collisions just by studying the form of the hash function itself.

This is if we stick to classical computing, quantum computing introduces yet a whole new dimension to the problem. It's too bad quantum computing was not offered at my university, since I don't know that much about it.

Well, I have a course on it later this school year (jan-feb 2012), so I can send you lecture notes if you want. It's targeted towards physicists, though, so maybe you would experience a feeling of unbalanced complexity, the mathematical part looking over-explained while the physical part would look under-explained.

Edited 2011-09-26 19:32 UTC

Reply Parent Score: 1

RE[6]: RSA key example.
by Alfman on Mon 26th Sep 2011 22:03 in reply to "RE[5]: RSA key example."
Alfman Member since:
2011-01-28

Neolander,

"I don't get how it is possible to create a hash function and publicly distribute it, in a way that mathematicians are not able to find collisions just by studying the form of the hash function itself."

This has to do with "diffusion".

It is actually rather easy to correlate bits for a single SHA1/2 round, such that one can derive the internal state of the hash function from the output bits. Hash/crypto functions are routinely cracked for a limited number of rounds.

But when the process is repeated a sufficient number of rounds, there is no record of which round(s) are responsible for changing a bit. All traces of the original bits are diffused and all that remains is unintelligible entropy. Algebraic solutions become exponentially complex and offer no benefit over brute force scanning. (As always, we're assuming the hash has no mathematically exploitable weaknesses).


This may be similar (or not) to dropping a pebble in a pool and then backtracking the point at which the pebble was dropped by observing the waves. As the waves bounce against the edge of the water, they become more and more diffused until one can no longer determine the point of origin.



"Well, I have a course on it later this school year (jan-feb 2012), so I can send you lecture notes if you want."

I'm curious at a high level, but I don't really feel like reading long papers. Whereas I used to buy computer books and read them through and through, today I can hardly bother to open the cover. I can't explain it, maybe it's the influence of the real world after college. I learned all this cool & interesting theory, but haven't much chance to really apply it in my jobs, and no ROI.

"It's targeted towards physicists...the mathematical part looking over-explained while the physical part would look under-explained."

I'd still need to learn the mathematics anyways.

Edited 2011-09-26 22:20 UTC

Reply Parent Score: 2

RE[7]: RSA key example.
by Neolander on Tue 27th Sep 2011 05:41 in reply to "RE[6]: RSA key example."
Neolander Member since:
2010-03-08

This has to do with "diffusion".

It is actually rather easy to correlate bits for a single SHA1/2 round, such that one can derive the internal state of the hash function from the output bits. Hash/crypto functions are routinely cracked for a limited number of rounds.

But when the process is repeated a sufficient number of rounds, there is no record of which round(s) are responsible for changing a bit. All traces of the original bits are diffused and all that remains is unintelligible entropy. Algebraic solutions become exponentially complex and offer no benefit over brute force scanning. (As always, we're assuming the hash has no mathematically exploitable weaknesses).

So when calculating a hash, a function that's relatively easy to reverse in itself is typically applied a large number of times on the incoming data (data -> hash 1 -> hash 2 -> hash 3...) so that the results are not exploitable algebraically anymore ?

This may be similar (or not) to dropping a pebble in a pool and then backtracking the point at which the pebble was dropped by observing the waves. As the waves bounce against the edge of the water, they become more and more diffused until one can no longer determine the point of origin.

I don't know if it's similar, but it's certainly an analogy which I can get ;)

"Well, I have a course on it later this school year (jan-feb 2012), so I can send you lecture notes if you want."

I'm curious at a high level, but I don't really feel like reading long papers.

It's not necessarily so long. The course only lasts 4 weeks (1/3 of the usual duration in France) and includes stuff which you probably won't care about concerning experimental implementations of quantum information. It's meant to be an introduction to the subject, not one of the central parts of my Master's.

Whereas I used to buy computer books and read them through and through, today I can hardly bother to open the cover. I can't explain it, maybe it's the influence of the real world after college. I learned all this cool & interesting theory, but haven't much chance to really apply it in my jobs, and no ROI.

Well, not even left college yet and I already read much less than I used to when entering it. In my case, I prefer to believe that it's because I've exhausted the very small interesting content of the "science" shelves of the book shop next to the university. I only find a subject which I'm fascinated by from time to time, the rest of my book purchases are just reference books on a given subject for later...

"It's targeted towards physicists...the mathematical part looking over-explained while the physical part would look under-explained."

I'd still need to learn the mathematics anyways.

What I meant with this sentence is that you probably already know a lot of the "information theory" part. Just need to get used to a new form of logic (I think I've read somewhere that quantum computers cannot compute operations which destroy information, like "AND" or "OR", and thus require use of new logic gates and reasoning).

Reply Parent Score: 1