48 Dirty Little Secrets Cryptographers Don’t Want You To Know

  Рет қаралды 108,456

Black Hat

Black Hat

Күн бұрын

Пікірлер
@J0R1AN
@J0R1AN Жыл бұрын
Man the moment I realized this was Cryptopals was amazing. I’ve been doing your challenges with so much enjoyment and recommended it to many people. Thanks for teaching people cryptography!
@arlobubble3748
@arlobubble3748 6 жыл бұрын
This talk does a very good job of explaining the basic concepts of cryptography without delving into the underlying mathematics (which can be a bit of a headfuck). I've never seen an explanation of ECC that's so precise. RSA is conceptually a much simpler algorithm using very 'crude' mathematical operations (although still a bit tricky to explain *why* it works) so it's a bit simpler to understand how it works just by looking at the pseudocode.
@flipped_bit
@flipped_bit 3 жыл бұрын
From left to right: Cartman, Stan, Kyle, Kenny
@aibok42
@aibok42 6 ай бұрын
I feel like the e=0 efficiency joke at the beginning did not get enough laughs. Here's an extra LOL on me: 🤣
@lucioleepileptique9195
@lucioleepileptique9195 4 жыл бұрын
This should have a cryptologic number of views
@Maffoo
@Maffoo 7 жыл бұрын
If the other three guys had spoken a bit quicker, the guy on the left wouldn't have had to rush so much. Kudos to him though for the number of words per minute he managed to get out, especially near the end haha...
@__________________________6451
@__________________________6451 7 жыл бұрын
That's Thomas Ptacek the ugliest feral hog in the whole group
@Maffoo
@Maffoo 7 жыл бұрын
What's he done to you then?
@Gunth0r
@Gunth0r 6 жыл бұрын
He 'anonymously' responded to a youtube video he was in, defending his own talk-hogging behavior by blaming it on the other guys.
@saywhat9158
@saywhat9158 6 жыл бұрын
They all have a gift of high intelligence and are there to try and explain their intellectual contributions to the project but the one guy is on another level to additionally have the gifts of communication and confidence to be able to share the information in an exceptionally clear and cohesive way to make it understandable to an audience. Thus, he deserves the position of moderator that he took and we could only be so lucky to have people like that teaching in our schools and writing tech manuals. It is a rare set of qualities and kudos to them all for their work.
@worldhello1234
@worldhello1234 6 жыл бұрын
"If the other three guys had spoken a bit quicker, the guy on the left wouldn't have had to rush so much." No one had to rush. The blabbermouth just interrupted them in rude manner.
@MeriaDuck
@MeriaDuck 6 жыл бұрын
About the exponent being 1 (one of the first items). Shouldn't the library protect the user from doing that, by raising and exception? Even on the lowest of levels of libraries, you can always (try to) escape being run by dividing by zero...
@samiraperi467
@samiraperi467 7 жыл бұрын
I may have laughed at "Wang collisions". I blame Shadow Warrior.
@pacadet
@pacadet 6 жыл бұрын
Samira Peri you no mess with Lo Wang
@effsixteenblock50
@effsixteenblock50 4 жыл бұрын
MD4 Wang Collisions AKA Sword Fighting.
@GuilhermeTrojan
@GuilhermeTrojan 7 жыл бұрын
I've implemented an vhdl clockless assync sequencial circuit (11-stage pipeline) AES (128 bit) in 2012. Would rather had done it in excel...
@cunningham.s_law
@cunningham.s_law 6 жыл бұрын
how to access the problem set?
@mikeakridge6555
@mikeakridge6555 2 жыл бұрын
Did you ever find out how to access the problem set? I have the same question as you.
@cunningham.s_law
@cunningham.s_law 2 жыл бұрын
@@mikeakridge6555 no sorry
@jamcdonald120
@jamcdonald120 6 жыл бұрын
um... the title says 48.. but the presentations says 64
@LKRaider
@LKRaider 6 жыл бұрын
What is 2^4 between friends
@donwald3436
@donwald3436 6 жыл бұрын
DAT'S DA JOHKE.
@ZedaZ80
@ZedaZ80 5 жыл бұрын
I was looking for this comment; it was bugging me
@TheMinecraftMiner96
@TheMinecraftMiner96 4 жыл бұрын
cos 48 is 64 in base 14
@dontaskiwasbored2008
@dontaskiwasbored2008 2 жыл бұрын
and yet they never enumerated them
@GeorgeTsiros
@GeorgeTsiros 5 жыл бұрын
is "objective-c" different from "objective c" ?
@TecrasTrash
@TecrasTrash 4 жыл бұрын
Objectively yes
@armalite6837
@armalite6837 2 жыл бұрын
but they do have the same objective
@20x20
@20x20 3 жыл бұрын
do you have one where the guy on the left doesn't interrupt so much?
@jessefrank3143
@jessefrank3143 6 жыл бұрын
where can I download the decryption software used around 42:00
@ne12bot94
@ne12bot94 6 жыл бұрын
Great job on the video , I wanted to go to conference this year , but i forgot to buy ticket...can wait next year
@sixie6e
@sixie6e 2 жыл бұрын
Enable comments on the videos where corporations and the state push tag teaming us: Fascist governments encouraged the pursuit of private profit and offered many benefits to large businesses, but they demanded in return that all economic activity should serve the national interest.
@JiveDadson
@JiveDadson 6 жыл бұрын
Listen at 75 percent speed.
@nullplan01
@nullplan01 6 жыл бұрын
actually, listening at 150% made Ptacek more bearable.
@livefreeprintguns
@livefreeprintguns 6 жыл бұрын
Man that dude on the left likes to say right, right?
@brashcrab
@brashcrab Жыл бұрын
0:43
@anteconfig5391
@anteconfig5391 5 жыл бұрын
crypto palace?
@freemanguess8634
@freemanguess8634 6 жыл бұрын
I wander why most of the comments are not being shown
@svampebob007
@svampebob007 7 жыл бұрын
it makes me wonder... has anybody tried applying natural speech perdition to decoding messages? it would basically cut down a lot of "guessing" aka processing power, ofcrouse nobody said: "Allow me to J RM= S>oS [/ ." I would guess that most of the important data sent over encrypted channels can be decoded in plain text, unless they love to take screenshots and sending it that way (kinda smart if you think about it, as there's more data to decode, but people are lazy so...) /ramble
@svampebob007
@svampebob007 7 жыл бұрын
also 50 minute talk about "unsecured cryptography", and yet... uses the fucking touch pad to switch full screen on/off. I bet that he also types in www.google.com on Google if I was siting on that panel I'd throw my shoe at his face.
@JoeyOrlando
@JoeyOrlando 7 жыл бұрын
TL;DR: This would require even more processing power. I am assuming by 'cut down guessing/processing power' you mean reduce the computation time devoted to brute force attacks. Your idea is smart in that it could indeed be used to apply heuristics to the brute force processes, but when you begin to think about how to implement the technique, you will find your solution actually consumes more processing power. The practical implementation would be to "bolt-on" some NLP (natural language processing) module onto an existing brute force process, this means that every time you want to check whether your brute force attempt worked, you'd execute this NLP module on the output to retrieve some probability that it matches a set of 'known' language. Here are your initial problems: 1. You'd have to have a pretty big set of 'known' language. Many companies implementing NLP have a hard enough time classifying highly-specific (precise) language, let alone any arbitrary english mutterings. Which brings me to my next point: 2. You'd have to have a set of 'known' language, for each written language you'd like to detect (see: spanish, simplified chinese, etc.) Here's your main problem: When talking about the computational complexity of an algorithm, look to the Big-O notation. Best case scenario (let's defy physics for a moment) is that your NLP module can return a probability in constant time O(1). This would be impossible unless the span containing all possible probabilities was accessible in constant time, essentially also solving every machine learning "training" problem all at once. Even if this were possible, you'd have to store (at minimum) the maximum previous probability found (in order to make a decision). Every step of the way we're adding more processes for the computer to perform. Either when talking about (1) the execution of the NLP module (highest impact), (2) the storing of previous NLP results, (3) the retrieval of previous NLP results, (4) performing iterative assertions based on previous decisions (may be as simple as an ...IF(MAX(x,y)..... ); Again, this is considering a perfect implementation. Where the engineer is cognizant of the computational complexity of each array or hashmap access. Even in the best case scenario: you're actually slowing your self down / increasing the computational overhead. Not lowering it.
@foobargorch
@foobargorch 7 жыл бұрын
Though not a practical idea for directly attacking cryptography in general, something like this approach has been used as a sort of hybrid compression/timing side channel attack, specifically skype's transmission of encrypted data only when actually speaking actually reveals a lot about the speech. See the paper "Inferring Speech Activity from Encrypted Skype Traffic". I don't see how this approach applies without the benefit of such a rich side channel though, certainly applying NLP to e.g. binary network protocols is less than useless. Furthermore, I'd reserve judgement about the qualifications of the speakers, glass houses and all that =P
@NeogenicOrg
@NeogenicOrg 6 жыл бұрын
So when they talk about padding, I always thought that the idea of "padding" was lang. words that are short orders: ie: attack or LOC cordinates, 41°24'12.2"N . So taking all the LOC cordinates and creating brute force set wouldn't take very long as opposed to a padded msg? or maybe im sorta right concept wise but when they say some progs just to RSA on CC# instead of taking the CC# and first running it through some code to obfuscate the CC# so it doesn't appear as a 16 digit string being passed around. I could be way off tho.... :-)
@jippiedoe
@jippiedoe 6 жыл бұрын
Yes, it's very relevant in pentesting in general, see cracking passwords for example. But no, given the way almost all of the encryption methods work, it's generally not a feasable technique in speeding up the decoding of messages that are meant to be decrypted, and is only really used to crack hashed messages (ones that have gone through a known function that is designed not to be reversible).
@Ghibligirl88
@Ghibligirl88 9 жыл бұрын
HEYYYY THATS MY DAD!!!!
@Ghibligirl88
@Ghibligirl88 9 жыл бұрын
I've never seen one of his talks before this is so cool!!
@yuanruichen2564
@yuanruichen2564 8 жыл бұрын
Are you kidding?
@Maffoo
@Maffoo 7 жыл бұрын
If your name is a birth year, you're ~28yo, which is about the age of these guys. Either way, these guys all seem pretty young to have a kid commenting on youtube videos...
@traveldiaryinc
@traveldiaryinc 7 жыл бұрын
Yuanrui Chen Is pun intended?,😂😂
@caseregan8166
@caseregan8166 4 жыл бұрын
@@Maffoo 88 is also a neo-nazi symbol, maybe that explains it :|
@stan.rarick8556
@stan.rarick8556 6 жыл бұрын
Ptacek is not a team player, is rude to both the other panel members (admits to stepping on the others for his own enjoyment) and the audience (talking down to 8th grade level) while adding very little to the content.
@stan.rarick8556
@stan.rarick8556 6 жыл бұрын
I'm really sick of listening to Ptacek and will not finish this video
@ZarkowsWorld
@ZarkowsWorld 6 жыл бұрын
@@stan.rarick8556Poor baby, hope you are not too triggered.
@stan.rarick8556
@stan.rarick8556 6 жыл бұрын
@@ZarkowsWorld Not at all. I just say what I observe. Have a good day, sir.
@msardou3919
@msardou3919 5 жыл бұрын
What are you on about? He just paces the panel forward. That's fine.
@MrTweetyhack
@MrTweetyhack 6 жыл бұрын
ah dont ah ever ah present ah anymore
@boxsterpontus
@boxsterpontus 6 жыл бұрын
It's the stuff between the ah's that are interesting, the ah's they are easy to ignore.
@Stopinvadingmyhardware
@Stopinvadingmyhardware 2 жыл бұрын
He’s the reason I can’t stand WuTang
@dimitriouchemistry2215
@dimitriouchemistry2215 5 жыл бұрын
The guy talking fast ruined it for me. I can't listen to that
@WorldRecordRapper
@WorldRecordRapper 5 жыл бұрын
0xmod(n)
@Criptografo
@Criptografo 9 жыл бұрын
PORQUE PORQUE YA ESTAMOS LLENOS DE HACKERS
@bap9394
@bap9394 5 жыл бұрын
Omg jQuery!? 🤮
Ichthyology: Phishing as a Science
24:28
Black Hat
Рет қаралды 36 М.
Quando eu quero Sushi (sem desperdiçar) 🍣
00:26
Los Wagners
Рет қаралды 15 МЛН
The evil clown plays a prank on the angel
00:39
超人夫妇
Рет қаралды 53 МЛН
How Smartcard Payment Systems Fail
58:56
Black Hat
Рет қаралды 156 М.
Samy Kamkar's Crash Course in How to Be a Hardware Hacker
28:07
The Dome Paradox: A Loophole in Newton's Laws
22:59
Up and Atom
Рет қаралды 976 М.
Hacking the Wireless World with Software Defined Radio - 2.0
1:02:19
DRAMA: How Your DRAM Becomes a Security Problem
51:04
Black Hat
Рет қаралды 30 М.
GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs
51:00
Black Hat
Рет қаралды 310 М.
The Art of Code - Dylan Beattie
1:00:49
NDC Conferences
Рет қаралды 4,7 МЛН
Attacking Encrypted USB Keys the Hard(ware) Way
37:49
Black Hat
Рет қаралды 44 М.
Transformers (how LLMs work) explained visually | DL5
27:14
3Blue1Brown
Рет қаралды 4,1 МЛН
Quando eu quero Sushi (sem desperdiçar) 🍣
00:26
Los Wagners
Рет қаралды 15 МЛН