AVG Ventures Into Linux Malware Protection

**yogi_berra** · 05-07-2009, 08:22 AM

Originally Posted by paul_one

To "circumvent" GPG signatures, you would need to have a copy of the private keys in order to sign the packages.
.. Either that or invent some way to quickly factor LARGE numbers.
I still think it takes somewhere in the region of the billions of years mark with most of the computing power of the world.

Not really, the easiest route is to keep packages already pgp signed with known vulnerabilities locked at the version numbers with the vulnerabilities in your hypothetical hijacked repository, completely "trustworthy" and with very little effort.

I also take it you haven't considered creating a cluster of nvidia tesla cards to crunch numbers or do anything that is processor intensive. Billions of years? They used to say that about WPA and WPA2 keys and look at how quickly they can be cracked with just a GeForce 8800.

**curaga** · 05-07-2009, 08:34 AM

They used to say that about WPA and WPA2 keys and look at how quickly they can be cracked with just a GeForce 8800.

Are you referring to the brute-force solution that's just faster on a gpu? With a good password it's still not broken.

**MostAwesomeDude** · 05-07-2009, 01:31 PM

Originally Posted by yogi_berra

I also take it you haven't considered creating a cluster of nvidia tesla cards to crunch numbers or do anything that is processor intensive. Billions of years? They used to say that about WPA and WPA2 keys and look at how quickly they can be cracked with just a GeForce 8800.

I should note that the current vulnerabilities in WEP are due to correlation between the encrypted packets and the key, and that only the flavors of WPA with the same key init as WEP share those statistical weaknesses. I should also note that only very short keys can be brute-forced within a reasonable amount of time.

WEP still can't be brute-forced very fast. It requires that statistical analysis in order to pare down the keyspace to something small enough to quickly search. WPA with CCMP is still too big to do a full-on brute-force attack. (And no wonder, either; it's based on AES.)

tl;dr: You won't be brute-forcing my WPA2 key anytime soon.

**yogi_berra** · 05-09-2009, 02:56 AM

Originally Posted by MostAwesomeDude

WEP still can't be brute-forced very fast. It requires that statistical analysis in order to pare down the keyspace to something small enough to quickly search. WPA with CCMP is still too big to do a full-on brute-force attack. (And no wonder, either; it's based on AES.)

Actually it can be done quickly under the right network conditions, its dependent on the number of packets being intercepted, but you already knew that.

The point is that encryption alone isn't the security panacea that people make it out to be. But it works wonders on the psychosomatic level for the people that want to believe that they are secure. Much like deadbolts and doorchains on their front doors.

**MostAwesomeDude** · 05-09-2009, 03:08 AM

Originally Posted by yogi_berra

The point is that encryption alone isn't the security panacea that people make it out to be. But it works wonders on the psychosomatic level for the people that want to believe that they are secure. Much like deadbolts and doorchains on their front doors.

Agreed, although I'm not going to decrypt my hard drive any time soon.

http://xkcd.com/538/

And that's all I have to say about that. :3

Thread: AVG Ventures Into Linux Malware Protection

Thread Tools

Search Thread

Display

Posting Permissions