Profile

Cover photo
Mikko Sazonov
Works at #AberdeenCloud
Attended Helsinki University of Technology
69,064 views
AboutPostsPhotos+1's

Stream

Mikko Sazonov

Shared publicly  - 
 
Story with the dual EC random number generator has another chapter to it. Researchers actually compared BSAFE, OpenSSL and SChannel libraries, replacing the unknown elliptic curve with one better known and more easily analyzed.

Summa summarum: RSA's C-binary's implementation is even more vulnerable than originally thought of (remember, it's the only one library that defaults to using dual EC DRBG).

As a fun little detail, OpenSSL's dual EC DRBG implementation was actually broken in the first place - guess no one ever had a reason to try out the orders of magnitude slower non-standard random number generator. Also, there's an extension in RSA's TLS implementation, which allows for sampling of larger pools of random numbers from the server, if enabled. Latter was provided by the same three-letter organisation they got the $10M of funding from.

Would have loved to see GnuTLS and NSS mentioned there... wonder if they ever implemented said random number generator.
1
Add a comment...

Mikko Sazonov

Shared publicly  - 
 
Cool to see more progress on that project. :)
1
Add a comment...

Mikko Sazonov

Shared publicly  - 
 
Guess where this is from? It's a nature reserve around Lammassaari, only 5 km away from the very centre of Helsinki.
2
Add a comment...

Mikko Sazonov

Shared publicly  - 
 
Okay, that is just impressive.
1
Add a comment...

Mikko Sazonov

Shared publicly  - 
 
Got a few chuckles out of these messages in my dmesg log:
[   21.289339] nvidia: module license 'NVIDIA' taints kernel.
[   21.289342] nvidia: module license 'NVIDIA' taints kernel.
1
Add a comment...

Mikko Sazonov

Shared publicly  - 
 
Okay, this is awesome - someone came up with an idea of doing a side channel attack on RSA through sound emitted while the algorithm is being run. Whitepaper (first link on the page) is a bit lengthy, but fun to skim through.

Best part:
"Thus, an attacker can measure the chassis potential by merely touching the laptop chassis with his hand. Surreptitiously, the attacker can simultaneously measure his own body potential relative to the room’s ground potential, e.g., by having a concealed differential probe touching both his body and some nearby conductive grounded surface in the room. Perhaps surprisingly, even this circuitous measurement offers sufficient signal-to-noise ratio for the key extraction attack."

Just had a mental image of a shady character sneaking into a datacenter and prodding at the servers there with their finger to get the SSH RSA keys. :)
1
Add a comment...

Mikko Sazonov

Shared publicly  - 
 
After Microsoft's weird game sharing policy announcements, this one really made me laugh.
1
Add a comment...

Mikko Sazonov

Shared publicly  - 
 
Awesome, watch it.

As a side note, the production quality is surprisingly good, considering it was filmed in space.
1
Add a comment...

Mikko Sazonov

Shared publicly  - 
 
Hats off to this guy both for the hack and taking a picture of it running OpenTTD! :)

I wasn't aware that high resolution displays were so cheap and relatively easy to connect to. Actually makes me wonder, if building a grid of 4 ipad screens to get a 4k-ish display surface would be worth the time and effort. The bezel seems not so bad and the total price is ridiculously low.
1
Add a comment...

Mikko Sazonov

Shared publicly  - 
 
http://coffitivity.com & http://rainymood.com work well together. I suggest keeping both open if you're looking for something different to break the silence.
1
Add a comment...
Story
Tagline
Developer, consultant & tinkerer
Education
  • Helsinki University of Technology
    CS / Distributed systems
Links
Work
Employment
  • #AberdeenCloud
    present
Basic Information
Gender
Male
Mikko Sazonov's +1's are the things they like, agree with, or want to recommend.
iMX233-OLinuXino-NANO - Open Source Hardware Board
www.olimex.com

Open Source Hardware Embedded ARM Linux Single board computer with i.MX233 ARM926J @454Mhz

My Chrome Theme
chrome.google.com

Create and share Google Chrome themes of your own design.

The Humble Weekly Sale, featuring Two Tribes (pay what you want and help...
www.humblebundle.com

Pay what you want for EDGE, Toki Tori, RUSH, concept art, a signed digital poster, and more, all while supporting vital charities!

Total War Battles
market.android.com

Total War Battles™: SHOGUN is now available on Google Play!It’s the Most Wanted Sale of the Year Deck your phone today with great apps! Disc

GeoGuessr - Let's explore the world!
www.geoguessr.com

GeoGuessr is a geography game which takes you on a journey around the world and challenges your ability to recognize your surroundings.

Hello World – Google Maps
maps.google.com

Discover the world with Google Maps. Experience Street View, 3D Mapping, turn-by-turn directions, indoor maps and more across your devices.

miniSWARM - Scalable Wireless Arduino Radio Module
www.indiegogo.com

A wireless mesh Arduino board with USB, LiPo battery charger, built in range testing and over-the-air programming... cheap enough to leave i

Connecting an iPad retina LCD to a PC
emerythacks.blogspot.com

This project was born at the Warsaw Hackerspace, it was funded by my friend Spin, who wanted to use the display in a project of his. In shor

Digi-Key
plus.google.com

Digi-Key Corporation, Worldwide Distributor of Electronic Components

The Humble Bundle for Android (pay what you want and help charity)
www.humblebundle.com

Pay what you want for some awesome games and help support two charities. All of the games are DRM-free and support Mac, Windows, and Linux.

Screen Capture (by Google)
chrome.google.com

Capture visible content of a tab, a region of a web page, or the whole page as a PNG image. Support horizontal and vertical scroll…

Android Developers
plus.google.com

A place for Android developers everywhere to meet, share and discuss the latest on Android development

Ingress
plus.google.com

The world around you is not what it seems.

Google Art Project
googleartproject.com

Explore the White House with the First Lady of the United States of America. First Lady Michelle Obama welcomes you in the Executive House o

Google Drive
drive.google.com

Access everywhere. Google Drive is everywhere you are—on the web, in your home, at the office and on the go. So wherever you are, your stuff

Project Glass
plus.google.com

Thoughts, designs, and stories.

Domain Names | Website Builder | Web Hosting - Name.com
www.name.com

Search/register domain names! Get reliable web hosting, SSL certificates, website builder, premium and expired domain names & an ICANN a

Raspberry Pi | An ARM GNU/Linux box for $25. Take a byte!
raspberrypi.org

The magnificent Miss Philbin from Geek Gurl Diaries has been having fun with a Raspberry Pi, a thermal printer (the sort that till receipts

Arduino
plus.google.com

Official G+ page of Arduino, the open source electronics prototyping platform

Google I/O 2012
developers.google.com

Google I/O 2012 brings together thousands of developers for three days of deep technical content focused on building the next generation of