| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Comments:
<0> "code morphing"?
<1> leech axss
<2> i think its similiar to polymorphism
<3> going to bed, night gamb -- say hi to ot for me
<4> night Vile, n/p :)
<5> code morphing sounds like an anti-debugging trick
<5> lots of hits for what transmeta is using to do on-the-fly machine code translation
<6> That never can be too effective if you still want your code to be executed in the end
<5> hm, i think it just makes the pipeline logner
<6> If it's readable by the processor, it's readable by a human and therefore a debugger
<5> oh, with the obfuscation..
<5> ive been thinking about that..
<5> whether its possible to have a provably-secure zero-knowledge program
<5> perhaps subject to some ***umptions or constraints.
<5> eg, something capable of executing without being decrypted?
<5> each instruction would cause some change of state in the program, but the exact change of state would be entirely (and provably) opaque
<6> Impossible, unless you got some weird hardware doing the decryption on execution
<5> im not so sure.
<6> That can be emulated
<5> im not thinking about special 'trusted computing' hardware or anything..
<6> Then it can always be emulated, and any kind of "security" would be an illusion
<5> im more of thinking about those algorithms that can be used to play mind games such as poker without a trusted third party
<5> or more simply, how to have two untrusted parties generate a random number that is trusted by both sides.
<5> this problem also seems like it would be impossible, but it is definitely possible.
<5> i dont know. i really have no idea how it would be done, a program whose execution would be secret. but i think it might be possible, using cryptographic principles.
<6> It's meant to be read by the processor, or could it not be read by a processor emulator?
<6> A processor emulator which can log the process
<2> should i use memset() on a buffer that ive finished using that has sensitive data and isnt dynamic memory?
<6> Is it highly sensitive? Then you could want to mlock() to make sure the memory doesn't go on the swap and leave no trace, even
<6> ( with a memset(), yes )
<5> your best bet here is to abstract out the 'safe storage' code where you can do something platform-specific
<5> win32, for eg, has a service to be used for this specific case.
<2> what is it?
<5> some unixes have special functions for getting the buffer
<6> mlock() is POSIX
<2> wouldnt memset work just aswell?
<6> Lock memory, do your work, clean up, unlock
<2> k
<5> kthx^ the primary risk is if the data is swapped out to disk.
<6> There's no garantee that the data might not have been stored on the swap for some reason
<6> Locking the memory prevents that from happening
<5> even beyond that though, i could see possibilities for weird things to happen.
<5> for eg, lets say your program fork()s before the buffer is destroyed.. when the buffer is destroyed, the page is copied.. and lets say the child execs.. the page is now freed, but probably not cleared.
<2> ;o
<5> you need to be insanely careful if you want to keep stuff from getting out.. most operating systems have very specific things you need to do for them.
<6> Yes well, that is not a common case at all :)
<5> common, but entirely possible.
<5> uncommon
<6> Just lock memory and clean up, it's simple
<5> theres all sorts of weird conditions that might cause a page to be copied into ram somewhere odd.
<6> mlock() exists explicitely for high-security data, that and real-time needs where a page fault would be catastrophic
<5> you even have to consider the case that the program is aborted and generates a core dump
<5> i dont think mlock will prevent data from being put into the core dump.
<6> I didn't think about the core dump. Hum
<6> That's quite a good point actually
<5> core dump may not seem that bad, if you own the system, but it is, because its committed to physical storage.
<5> and once its on physical storage, you're screwed.
<6> Fine fine, disable core dumps :p
<5> right, but my point is, theres all sorts of weird stuff that can happen.
<5> best bet is encrypted fs, including swap, imo.
<5> noone is expecting swap to be fast.. encrypting it shouldnt hurt too much
<5> one thing id like to see, which presently i have not, is some tool to move around physical ram pages periodically.
<5> most ram leaves impressions based on amount of time stuff is stored in it (not based on number of rewrites, like disk)
<6> What do you mean by "move around"?
<5> for eg, if you have your p***word sitting in ram for hours in the same physical memory cell, and the power suddenly dies, the NSA may be able to recover it.
<6> I see.
<5> so, i'd like the kernel to periodically change the physical storage addresses ***ociated with virtual pages.
<6> I think that can be done actually, not that I remember the syscalls
<5> if you've got that, and your crypto fs, and anti-tempest, you should be in good shape. almost bulletproof i think.
<5> linux is so much better than win32 in this regard... there isn't even the vaguest comparison.
<5> wikipedia is experiencing technical difficulties
<6> I wouldn't expect windows to support file system encryption any time soon. You can't even have hard links, multiple accesses to the same file, etc.
<7> Well. NT does support all of that, it's just that the UI doesn't expose it
<5> hmm, it has the first two, vaguely. you can encrypt individual files/folders (although i have no idea how secure it actually is) and it has hard links
<7> File encryption can be switched between RSA, 3DES and AES if I remember right
<5> actually using hard or soft links is a great way to cause periodic infinite loops
<7> And takes your cryptographic certificate as key
<5> since virtually no software can detect them
<5> but its incomplete, compared to unix. if i remember correctly, only regular file hard links are supported, and only directory soft links are supported; without using an add-on filesystem filter.
<5> reiserfs4 > *
<7> I don't go in for Reiser, ever since 3 wiped my /usr
<5> never had any sort of failure with it.. not yet anyway :)
<6> I live by ext3, reliable and standard, with all the fs tools one can dream of
<5> its my philosophy that most of the popular fs probably work, but i go with what i am familiar with, and has worked for me, and has a nice featureset.
<6> Last I checked, resierfs4 was broken on 64 bits architectures
<5> one request i do have is for a completely journaled filesystem. eg, all free space is used to keep track of previous versions of files.
<5> windows 2003 server ntfs has something like this, amazingly enough.
<6> So if I modify my database file constantly, the file system will keep making copies of the thing all over the free space?
<6> I suppose you mean deleted files
<6> ( or overwritten files, same thing )
<5> well, each overwrite is written over the oldest availible block.
<5> like journaling, except for all file state, not just metadata.
<6> So that when you try to delete a critical file by filling it with /dev/random, you still got an old copy lurking in your free space... :)
<5> exactly, you would need to use a fs-specific tool.
<5> but imo expecting that sort of thing to work anyway is naive.. if you're using backups, its probably still on the backup tape anyway.
<5> ideally there would be a tool 'secure-delete' or something that would be like fsck: a frontend for whatever appropriate filesystem tool that would do the right thing.
<6> Anyway, that would reduce performance a bit as the kernel would no longuer allocate blocks sequentially for faster file access
<5> i think it could. the key to making it work would be a (very) smart caching algorithm.
<5> ideally, old blocks to be overwritten would be in sequential order.
<5> fragmentation is the enemy, but what else is new
<5> "But who the hell cares if someone whips it out in a darkened porn theater while there's a 50 foot boner being projected up on the screen anyway."
<5> http://www.actwin.com/toaph/peewee/peewee.html
<8> they have porn theaters?
<5> in the US, in large cities, yes.
<5> ive never been to one, and honestly, i think that would be a little weird.
<5> im not even sure what the purpose would be, since pr0ns have notorously bad plots..
<9> I can order porn on 2 channels of the cable TV at home
<9> never tried it, though
<9> i'm not sure it's soft or hard
<5> internet obsoletes all
<8> Pffffft
<8> honestly, nothing beats the internet
<5> id make an exception for hot female grrls
<5> preference is non-internet grrls
<9> But I don't have Internet!!!
<5> internet sort of negates hotness
<8> hot female haxor coder grrls
<9> oh wait , I do
<8> that use linux.
<9> supposedly, old pensioners don't all have internet
<9> cable TV deliver porn to everybody!
<9> but to say that internet has high quality porn would be exaggeration
<9> there are vending machines that sell porn dvd/video on every corner here
<5> perhaps jewish pr0n is better than western pr0n?
<9> it's western. imported
<5> :(
<5> ive never met a female israeli who wasn't hot.
<9> do you have jewish parents ?
<5> ... no
<5> lutherian and unitarian
<9> aah. i thought, Aaron being jewish name ...
<5> well there's Aaron and then there's Aron
<9> both names are from bible
<9> actually, it's same person
<9> his name was first Aron, then he was granted additiona A in his name for service to Moses, IIRC
<5> separate hebrew roots, im told. all jews ive known with the name where Aron. i don't know where Aaron comes from.
<9> it's very rare name in modern israel
<5> not especially common in the US.. ive only met a few others with the name.
<5> Aaron that is. Aron is rarer.
<5> still, i bet jewish pr0n would be good.
<8> lawl
<8> www.jewishfriendfinder.com
<8> !!!
<5> There are currently no members that match your search.
<5> in my zip code :(
<5> http://www.2wallpaper.com/weirdspot/flexible_girl.jpg
<8> haha
<8> she could lick your balls while you did her from behind.
<9> he was moses brothewr
<9> i own domain 4tcp.net
Return to
#c
or
Go to some related
logs:
#windowsxp
#gentoo
#worldcup
#computers
#worldcup
rap viet:what love
#solaris
what's black and can support a family a bench
#politics
#mirc
|
|
