December 21, 2012
The Security Puzzle
There is no such thing as a zero security risk. No matter what you build and how you build it, there will be bad guys lurking at the door, trying to get in. This week my guest is Paul Kocher (Cryptography Research Inc.) and we're looking at the trends in security in WiFi-enabled designs and discussing how you can solve the puzzling security problems in your next design.
Also this week, I check out the new Pi Store and give everyone the chance to win a Zedboard courtesy of Xilinx.
Download Fish Fry Today!
Fish Fry Links - December 17, 2012
Fish Fry Executive Interviews
Posted on December 21, 2012 at 12:52 PMThis week's Fish Fry is all about security in connected devices. What do you think about my interview with Paul Kocher from Cryptography Research Inc?
Posted on December 21, 2012 at 7:54 PMHi Amelia, That Zedboard sounds like it would save me a lot of time!
To save time I found a terrific guide to using the Xilinx LX9 Microboard, with clear exposition and real HowTO which reduces the learning curve for everybody.
Check out this link, and amplify the number of folks trying to invent a better world using "solid state intelligence"
Posted on December 22, 2012 at 7:40 AMI have an atlys Spartan 6 board from Digilent. The VHDC boards are affordable, but The FMC boards that go with the Zed board are out of the roof.
If I had a zed board, I would probably build a brute force decryption peripheral to crack passwords of zip files (or SSL). It would be cool to connect a few zed boards in parallel over the FMC to have a zed board cluster!
Also, Simulink has support for Atlys, but not zed board (yet?).
Posted on December 23, 2012 at 5:21 PM@Loh,
I have to applaud the clever irony of proposing a project to crack passwords using the prize from a podcast about beefing up security.
Nice! So far you get my vote for the Zed board (of course, I don't really get a vote...)
Posted on December 23, 2012 at 11:29 PMI've got two words for Loh -- "problem space".
There won't be enough Zedboards made to crack anything but the most pathologically poorly configured (or implemented) SSL setups.
As they say, "Minutes of wasted research can be prevented by billions of Zedboard-hours spent up-front." OK that's a Zedboard-specific variant of the classic wasted-effort one-liner (no wonder why I had my poetic license revoked years ago). Feel free to migrate-out the dopant in all your Atlys's junctions trying though.
ZIP files on the other hand, because they're typically encrypted with human-generated passwords, are known to be much more vulnerable. Old, classic ZIP encryption cracking can probably be done in a reasonable amount of time on your current cellphone.
My newly won Zedboard would be used for North Korean missile tracking, now that gravity is no longer their overwhelmingly dominating influence upon their trajectories. It would be a great addition to Santa's 2013 flight management and counter-threat system.
All the best holiday season to Amelia and her Daltoids!
Posted on December 25, 2012 at 10:00 PMPaul Kocher has chosen interestingly in offering Reducto Ad Med-school (European/AMA vein) analogies. Perhaps keen enough in that IPv6 is not the aTRON or PRC party line?
I would dress my Zedboard as the 'key exchange bear' in a bid to own the meme (but program it to safely trim silver maples and several types of oak with only abrasive cable, CMOS cameras, microphones and a winding drum or two.) What should it do when hit with squirrels or tranquilizer darts (besides stop and crawl off slowly?) Barf nulls and hash-signs?
Hearing about Amelia, the Daltoids and the Pi store (Hello! Can I interest you in our trepanning augers?) I had to think of Aranofsky remakes (possibly with tiger and rowing skiff) of Amelie and new Dr. Who. I'm not getting there, though glib blindside explanations at the end seem perfectly at home. Happy Newtonmas.
Posted on December 26, 2012 at 7:02 PMI would love a Zed board. I worked on what became the Zynq. (I was NOT responsible for naming the product.)
Originally it was called Angelfire and was meant to give some high speed peripherals to be paired with the Microblaze.
Then it was Dragonfire and had an ARM 1136,then a Cortex-A8.
Finally it was Pele (Hawaiian fire goddess, and finally had the dual Cortex-A9. There is a whole lot of cool peripherals in there and a huge pipe to tie the cache to the FPGA fabric.
Most of the people I worked with are not at Xilinx any more. They closed the Albuquerque office a while ago, that is where the original embedded group was. Too bad, there was a whole lot of talent working there.
If I win the board, I would use it to port the Kozio VTOS test system to it.http://www.kozio.com/ Mostly because that is my new gig.
I also want to try getting a multicore version of QP going. I was never able to get a real multicore Microblaze system to work, sigh.http://concretemulticore.wordpress.com/2010/09/30/event-driven-mult...
Posted on December 27, 2012 at 5:09 PMI would love to have a Zedboard. A project I want to do is to recreate the tone generator of a Hammond B3 organ, with a MIDI interface. I think The Zynq 7000 could handle that, with perhaps some power left over to emulate a Leslie cabinet as well.
Posted on December 27, 2012 at 9:16 PMThe zedboard would make an awesome logic protocol analyzer platform. Something like a next generation Open logic sniffer. In fact I would like to see something like the zync products roled together with embedded Linux as a basis for future logic analyzers form Agilent and the other big test equipment companies.
Posted on January 04, 2013 at 4:11 PMSorry for the late response:
@ericwertz: Yes. SSL might be a tough nut to crack. I recently bought a WiFi Pineapple and would like to try WiFi Hacking.
I know of people who just refuse to do online banking over anything wireless. I have so far blindly relied on SSL to secure my communications. Mary, the Queen of Scots lost her head for relying on cryptography blindly (Reference: The Code Book by Simon Singh's which in turn refers to Code Breakers by David Kahn).
I would like to verify that am not repeating history Of course, when I am cracking my own SSL communications, I could git it some 'tips' on what to expect.