lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: jftucker at gmail.com (James Tucker)
Subject: Does the following...

Just a couple of comments which are important for people to know.

<snip>
> > - RF keyboards don't exist. Nobody's *that* unconcerned about security.

What do you think TV broadcasts (plain), radio (plain), GSM (heavy
encryption scheme), bluetooth (reasonable encryption scheme), paknet
(no encryption, but the modulation scheme is at this time uncrackable
by any individual), wifi (don't even get us all started) are? ALL
Radio Frequency communications.

> > - Bluetooth keyboards require a pairing process to work, so that's not
> >    too likely.

Bluetooth does have a higher degree of security than most other,
"plain text" if you like, peripheral RF schemes.

As I am sure you are all aware wifi is not exactly hard to crack the
modulation scheme or the WEP keys.

> In case you don't know, "typical" RF cordless keyboards and mice have
> been recorded to have effective ranges to around 150m (way beyond what
> the manufacturer's specs say):
> 
>    http://www.aftenposten.no/english/local/article427668.ece
> 
>    http://www.securityfocus.com/archive/100/374785

Amusing articles, but there are lessons to be learned here. 
1) RF ranges are based upon the environments the transmitters and
receivers are in.
2) RF can be boosted (both ends effective) by adding GAIN to ONE END
ONLY. (Yes that means the coke can with a little wire out of one end
hanging out of the next door neighbors kids window is in fact a
wireless tapping antenna (joke, but this is not by any means
impossible))
3) "plain" RF on its own provides no security against someone who
knows, evaluation of modulation schemes and data protocols is
essential.

> Agreed -- these were stabs-in-the-dark by folk who forgot to understand
> the problem description before responding...  

Are the wireless device and speech recognition ideas really that much
more "likely", they are all "ideas" and are all possible in some way
or another.


If anyone wants to learn more about RF, consider some introductory
courses from places such as Proxim. RF is not IP, the rules are _VERY_
different.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ