Date: Thu, 6 Oct 2016 02:12:25 +0000 (UTC) From: Jules Gilbert <repeatable_compression@yahoo.com> To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Fw: isn't this the worst possible report?? -- i went back and put a copy on a memstick; see attachment Message-ID: <1326548497.53590.1475719945105@mail.yahoo.com> In-Reply-To: <307150697.750173.1475719669536@mail.yahoo.com> References: <1410500115.6001690.1475677275963.ref@mail.yahoo.com> <1410500115.6001690.1475677275963@mail.yahoo.com> <a204e3ce-dfb2-8f1e-852a-a43da59b056b@freebsd.org> <307150697.750173.1475719669536@mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
See attachment, Simple program, in C. Without access to a file, it "partially characterizes" it. (My term for weakly predicting it.) Why is this useful?, read on.
But please help me. These attacks are limiting my work efforts.
----- Forwarded Message -----
From: Jules Gilbert <repeatable_compression@yahoo.com>
To: Julian Elischer <julian@freebsd.org>
Sent: Thursday, October 6, 2016 2:07 AM
Subject: Re: isn't this the worst possible report?? -- i went back and put a copy on a memstick; see attachment
First, the machine wasn't new, it's more than five years old. Sorry, I thought my post was obvious, that the OS environment was brand-new. Sorry to confuse you.
Second, I've been getting hit everyday, everytime I put up a non-CDROM based OS.    No matter the day, no matter the time, (which makes me think it's not one person.)
And why am I in this situation?
Well, not that I know the reason, but I actually do have repeatable compression, except lot's of folks don't believe me.
Some in the FreeBSD community have my give-away demo. What I describe is available, it's in C and not difficult for any programmer to follow.  (And, except for the usual fopen/fgetc/similar, the program contains no API references.)  I'm running off a CD, so I don't have it on the disk (how do I mount the underlying disk? I'm running Lubuntu, it's the disk I had on hand.) My point, if you ask I'll send you a copy.
About my demo;Â it serves two purposes.
SCENARIO #1:  You are on machine 1, you want a file from machine 2.   This is without wires, wireless, media transfer, it's all done by guessing, nothing else. Lot's of people think it's right 50% of the time, not so. It's right (this version,) 75% of the time.
You have the system PRNG (a random-number generator that is restartable; Both the SEND and RCVE machines must use the same key-seed. How about 1.0?
It guesses 'p', where:
int p = r >= d;
(The function that does this is called "rdRELATION" in the code, it returns a one or zero.)Â
Without knowing or having any access to 'd'. The demo version is right with a probability of 0.75 (that's 75%.) The commercial version is correct with a probability of 1.
Now if you know 'p', then you can do a lot to infer 'd'. You can iterate, XOR'ing 'r' through a sequence of values. Let me not detail the works but instead just say that deriving 'd' is easy.
Again, to those people who work on FreeBSD, ask and I'll send you a copy.  (I just spent a few minutes putting a copy on a memstick and attaching it.)
Okay, now it get's deep...
SCENARIO #2:   Basically, the same problem, except now the file containing the 'd' vector of values doesn't exist.  That file won't exist for a week, which is when you'll sit down and write the message to yourself.
When you're done laughing...
Except we (we geeks,) already do something very similar to this.   I'm not kidding.
From: Julian Elischer <julian@freebsd.org>
To: freebsd-security@freebsd.org
Sent: Wednesday, October 5, 2016 7:14 PM
Subject: Re: isn't this the worst possible report??
On 5/10/2016 7:21 AM, Jules Gilbert via freebsd-security wrote:
> Well maybe worse, that the deal with AT&T for the BSD franchise has fallen apart...
> Okay, so I have a FreeBSD 10.1 CD-ROM, believed to be a true copy and authentic copy.
> And I loaded it on a computer. I did this entirely offline. I also supplied passwords.
>
> Then I went online to get packages.
> Nothing unusual happened UNTIL the machine seized and when I rebooted I discovered it would hang and reboot. A loop.
> I had done nothing to cause this. I had not opened an X session nor done anything other than load packages such as maxima, cproto. Nothing involved in the area of security.
>
> I had thought this was pretty much impossible... Remember, this machine was brand new, I'd loaded FBSD-10.1 on it no more than an hour prior and had not messed with any of the internals.
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
>
>
depending on where it rebooted, it really sounds like an infant
mortality problem.. (failure in computer or drive).
(brand new machines have a much higher chance of failure than middle
aged machines, as all the components burn in.)
why is this in 'security'?
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
From owner-freebsd-security@freebsd.org Thu Oct 6 05:45:01 2016
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id E096BBD3CD0
for <freebsd-security@mailman.ysv.freebsd.org>;
Thu, 6 Oct 2016 05:45:01 +0000 (UTC)
(envelope-from smithi@nimnet.asn.au)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 401E9F55
for <freebsd-security@freebsd.org>; Thu, 6 Oct 2016 05:45:00 +0000 (UTC)
(envelope-from smithi@nimnet.asn.au)
Received: from localhost (localhost [127.0.0.1])
by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id u965infO096855;
Thu, 6 Oct 2016 16:44:49 +1100 (EST)
(envelope-from smithi@nimnet.asn.au)
Date: Thu, 6 Oct 2016 16:44:49 +1100 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Jules Gilbert <repeatable_compression@yahoo.com>
cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Subject: Re: Fw: isn't this the worst possible report?? -- i went back and
put a copy on a memstick; see attachment
In-Reply-To: <1326548497.53590.1475719945105@mail.yahoo.com>
Message-ID: <20161006163807.Q6806@sola.nimnet.asn.au>
References: <1410500115.6001690.1475677275963.ref@mail.yahoo.com>
<1410500115.6001690.1475677275963@mail.yahoo.com>
<a204e3ce-dfb2-8f1e-852a-a43da59b056b@freebsd.org>
<307150697.750173.1475719669536@mail.yahoo.com>
<1326548497.53590.1475719945105@mail.yahoo.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Security issues \[members-only posting\]"
<freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>,
<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>;
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>,
<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2016 05:45:02 -0000
On Thu, 6 Oct 2016 02:12:25 +0000, Jules Gilbert via freebsd-security wrote:
> But please help me. These attacks are limiting my work efforts.
A lot of people make the mistake of using cheap aluminium foil.
You have to use real tin.
HTH, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1326548497.53590.1475719945105>