Author Topic: Nspire OS Risk/Weakness  (Read 19493 times)

0 Members and 1 Guest are viewing this topic.

Offline fb39ca4

  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1749
  • Rating: +60/-3
    • View Profile
Re: Nspire OS Risk/Weakness
« Reply #45 on: November 15, 2010, 06:36:27 pm »
What's the difference between chosen prefix and second preimage collisions?

Offline jnesselr

  • King Graphmastur
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2270
  • Rating: +81/-20
  • TAO == epic
    • View Profile
Re: Nspire OS Risk/Weakness
« Reply #46 on: November 17, 2010, 12:12:43 am »
Not really sure how to explain that.
Can anyone tell me which key we need to factor mod 4 and mod 12? Posting the key itself would also be nice. ;-)

Offline AngelFish

  • Is this my custom title?
  • Administrator
  • LV12 Extreme Poster (Next: 5000)
  • ************
  • Posts: 3242
  • Rating: +270/-27
  • I'm a Fishbot
    • View Profile
Re: Nspire OS Risk/Weakness
« Reply #47 on: November 17, 2010, 12:28:11 am »
What's the difference between chosen prefix and second preimage collisions?


Finding the second preimage is basically finding a message of known content that has the same hash as the original message. It's a more specific category of collision attacks, where you simply find an arbitrary message that has the same hash as the original message.

Looking back, I guess I was using the terms incorrectly.
« Last Edit: November 17, 2010, 12:28:32 am by Qwerty.55 »
∂²Ψ    -(2m(V(x)-E)Ψ
---  = -------------
∂x²        ℏ²Ψ

Offline willrandship

  • Omnimagus of the Multi-Base.
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2953
  • Rating: +98/-13
  • Insert sugar to begin programming subroutine.
    • View Profile
Re: Nspire OS Risk/Weakness
« Reply #48 on: November 17, 2010, 04:07:25 pm »
Code: [Select]
Here's the three Keys
From hackspire's perl script (in hex)

 boot2.img
c3b3a7015c04299ff3a25f104e2285c1ec2d55471e6208959d0f6981b2fa2c6d3e316f9364d5eb5c7789e142b75bfaf402e7e02fac0cb09f6419db1f44679f8bbcca142f1d312feb095708ef175a4ef80271321e7240f0d854c90a74fc59209cdf80aa8f85ae3b948a3ce55c69cd050098d5a79aebbc241cc642b106b1af2cb7
TI-Nspire.cer
aba7f0b8c7feb6e33438af5c25c67389eaf4d73f80cd0a37922493431cde03b34da448bdb05387cf7a8c59ee12d9613429a2b07ea385752f079892da1ae76c2b158f2d7169aae066432fe44f797df39dd6a0d7b2e2091281b30efac247c51576ebc93ec456de2e27d36b713844336b65af67ee58e6107a6a1deb954a91095295

Nspire.cer #2 (CAS Nspire's, I think)
b15e01c47c421be62f4e769b3ac98f4f983a820b0c181e35715d84a4f1acf0527eeddfabf9f66e73bedb55376e22f860c34dc70ce239157297056d4ecf46535778c3917647b5a6bb9c5638cdeff3e309ff66878fd4f233cf157d7af4136f307df90ec6ae6eaff6bead6d52f423a37dac59ff38ae876008103728f2bd674e858f

I stuck them in code tags so they wouldn't word wrap, and so they'd be smaller.


Also, Goplat gave me code for a boot2 extractor, so I have a good disassembly this time :P I won't post it though, since it's apparently illegal. It does look more valid this time, though. Not much coming from me :P I've never coded assembly before.
« Last Edit: November 17, 2010, 04:09:51 pm by willrandship »

Offline Galandros

  • LV9 Veteran (Next: 1337)
  • *********
  • Posts: 1140
  • Rating: +42/-10
    • View Profile
Re: Nspire OS Risk/Weakness
« Reply #49 on: November 17, 2010, 04:15:13 pm »
Thoughts?
In RSA encryption. I have heard of certain implementations that used a not so pseudo random number generator to generate primes, thus if one knows how were generated the random primes we could guess "some" (still a lot) of the primes with an certain size (around 400 to 600 bits) and with naive trial division factor it. I doubt we know how TI generated the primes.
And I have heard of a case where they cracked RSA with 1024 bits secret key this way. (don't ask me from where)
« Last Edit: November 17, 2010, 04:21:50 pm by Galandros »
Hobbing in calculator projects.

Offline willrandship

  • Omnimagus of the Multi-Base.
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2953
  • Rating: +98/-13
  • Insert sugar to begin programming subroutine.
    • View Profile
Re: Nspire OS Risk/Weakness
« Reply #50 on: November 17, 2010, 04:16:14 pm »
TI only needed to generate a few primes, though, to make the key. Their job was relatively easy.

Offline fb39ca4

  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1749
  • Rating: +60/-3
    • View Profile
Re: Nspire OS Risk/Weakness
« Reply #51 on: November 17, 2010, 04:22:14 pm »
If TI used random.com to generate the primes, we're screwed.

Offline willrandship

  • Omnimagus of the Multi-Base.
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2953
  • Rating: +98/-13
  • Insert sugar to begin programming subroutine.
    • View Profile
Re: Nspire OS Risk/Weakness
« Reply #52 on: November 17, 2010, 04:25:40 pm »
Why? Because it's not going to follow an algorithm? Those vary anyways.

Offline AngelFish

  • Is this my custom title?
  • Administrator
  • LV12 Extreme Poster (Next: 5000)
  • ************
  • Posts: 3242
  • Rating: +270/-27
  • I'm a Fishbot
    • View Profile
Re: Nspire OS Risk/Weakness
« Reply #53 on: November 17, 2010, 04:28:58 pm »
If TI used random.com to generate the primes, we're screwed.

Believe it or not, there are better ways to generate primes than even Random.com

 If we're lucky, TI took the easy way out and used a simple deterministic algorithm, assuming that no one would know what their algorithm was.
∂²Ψ    -(2m(V(x)-E)Ψ
---  = -------------
∂x²        ℏ²Ψ

Offline willrandship

  • Omnimagus of the Multi-Base.
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2953
  • Rating: +98/-13
  • Insert sugar to begin programming subroutine.
    • View Profile
Re: Nspire OS Risk/Weakness
« Reply #54 on: November 17, 2010, 04:29:40 pm »
Well, even if we found it would it be so easy? We don't even know where they started, or stopped at!

Offline fb39ca4

  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1749
  • Rating: +60/-3
    • View Profile
Re: Nspire OS Risk/Weakness
« Reply #55 on: November 17, 2010, 04:30:03 pm »
Because it measures atmospheric interference, rather than using an algorithm.

Offline Galandros

  • LV9 Veteran (Next: 1337)
  • *********
  • Posts: 1140
  • Rating: +42/-10
    • View Profile
Re: Nspire OS Risk/Weakness
« Reply #56 on: November 17, 2010, 04:30:48 pm »
TI only needed to generate a few primes, though, to make the key. Their job was relatively easy.
I know just a few primes are needed. (and with certain cares for vulnerabilities like some numbers allow to decrypt by encrypting the message over and over some n times)
I think you did not get to the point. I guess I was guessing bad. xD If we knew the method they used to generate the primes, we could come with a narrower list of primes to try factor the secret key. In the particular case of Nspire, this idea is almost certainly useless.
But there was one case they managed to factor a RSA 1024 this way, probably incomparable to the case of Nspire.
« Last Edit: November 17, 2010, 04:32:02 pm by Galandros »
Hobbing in calculator projects.

Offline AngelFish

  • Is this my custom title?
  • Administrator
  • LV12 Extreme Poster (Next: 5000)
  • ************
  • Posts: 3242
  • Rating: +270/-27
  • I'm a Fishbot
    • View Profile
Re: Nspire OS Risk/Weakness
« Reply #57 on: November 17, 2010, 04:32:13 pm »
We know that it's 1024 bits. That narrows it down to a few thousand primes or so, assuming they didn't pad lower numbers to meet the bit requirement. If they did pad lower numbers, then it's hopeless for the next few decades or so.
∂²Ψ    -(2m(V(x)-E)Ψ
---  = -------------
∂x²        ℏ²Ψ

Offline willrandship

  • Omnimagus of the Multi-Base.
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2953
  • Rating: +98/-13
  • Insert sugar to begin programming subroutine.
    • View Profile
Re: Nspire OS Risk/Weakness
« Reply #58 on: November 17, 2010, 04:36:27 pm »
If they padded lower numbers, wouldn't it no longer be prime?

I see your point now, Galandros.
« Last Edit: November 17, 2010, 04:36:50 pm by willrandship »

Offline AngelFish

  • Is this my custom title?
  • Administrator
  • LV12 Extreme Poster (Next: 5000)
  • ************
  • Posts: 3242
  • Rating: +270/-27
  • I'm a Fishbot
    • View Profile
Re: Nspire OS Risk/Weakness
« Reply #59 on: November 17, 2010, 04:41:23 pm »
If they padded lower numbers, wouldn't it no longer be prime?

I see your point now, Galandros.

You can pad zeros onto the beginning of a number to increase the bits in it without changing the value. For example, 1000, 01000, 001000, 0001000, and 00001000 are all equivalent, but they each take increasingly more bits to encode.
∂²Ψ    -(2m(V(x)-E)Ψ
---  = -------------
∂x²        ℏ²Ψ