Tuesday, April 6, 2010

Monthly Round-Up, March 2010

March was a strong month for visitors (over 2,300) and page views (over 4,400). I was hoping for my first “222” month where I could claim at least 2,000 visitors, viewing on average 2 pages for 2 minutes. Everything was on track until I made a short post on a password joke and well, hundreds of unexpected people visited for a quick read, giving more visitors but driving page views and visit times down. Oh well.

There were a few posts on RSA. The first on a service that will recover 512-bit keys in 2 weeks for $5,000, and the next two on the RSA power attack – beginning with a summary of the technical details from the original research paper, followed by clarifications on the significance of the attack, mainly from other bloggers.

There were also several other technical topics I posted on which have been backing up for a while now. I made a few remarks on the completion of the rainbow tables for GSM encryption in The Last Days of A5/1, and some background on the encrypted search breakthrough from mid 2009 in In Search of Encrypted Search (this post is on the first page returned by Google for “encrypted search” so I might have to make it a little more comprehensive).

I also posted on the The Re-Keying Conundrum in light of modern encryption algorithms, prompted by the remarks of Eric Rescorla, who is fresh from completing a proposal for circumventing the well-publicised TLS Renegotiation Attack. There was also an improvement to LanMAN hash searching from the inventor of rainbow tables, yielding a 300 billion per second search rate for these (weak) password hashes.

In the odds and ends department, I finally found out how likely a 25 sigma event actually is (rarer than winning the UK Lottery 22 consecutive times), reported that The ISACA Risk IT Framework is rising on Scribd (about 4,500 reads now), remarked on Passwords for USB Keypads, and mentioned a few more giveaways for the Microsoft SDL. Also MoMAacquired” the @ symbol, and I looked back at the posts I was making a year ago.

Finally in the humour department there was that password post and some beautiful observations on a  Bruce Schneier Post Template.