Yeah, go back and read your own posting. Every starport has at least one key, if not dozens, or hundreds, to read all of the transponders of the ships coming into the system. I wasn't talking about YOUR personal key. And if it's YOUR personal key, I don't doubt it's still safe. Do you have anything worth stealing that a hacker would bother to do so?




A few years ago, at a Blackhat conference, it was estimated that you could build a machine to crack a 1024-bit RSA key in about 12 months. And that was seven years ago.

Where did you find that statistic?

If you want to know more about cryptography, I'd suggest reading some of the papers out of the Black Hat conferences. There are some really interesting theories and conjectures by some very creative people.

First, I've never met a DVD player that couldn't be opened up and the user is not denied access to the disk so I'm not sure what comparison the example is supposed to represent.

From what I could tell the link had nothing to do with breaking security on a DVD player but instead, taking an in hand DVD and being able to decode it.

To me it would be more comparable to decrypting the output sent by the transponder without having the proper software and whatnot of space port flight control. I'm not too up on DVD tech, but I believe it's just encryption/decryption and the DVD and players don't all have keys?

Oh, I read your description just fine the first time. My post was just suggesting that where there is pretty serious money to be made, criminal ingenuity knows no bounds.

Of course, if you want there to be no smugglers, pirates, dodgy types, etc, running around in misappropriated starships in YTU, then fair enough.

_________________
Maritime Games Club (Medway, Kent, UK)

Come and visit, we need more Traveller players...

I said that as a joke. As you know, you can't derive a private key from having a correctly generated Public key. THAT is why my private key is still secure. Not, because how many or, how few copies are out in the wild.





From an internal presentation at DHS by NRO crypto. (The current public/private scheme won't be able to be factored until ~2034 based on current computer speed growth curve. Using A LOT of networked machines that a civvie could likely use, it is in that figure I gave.

p.s. I've worked the IT sec area (retired now) for many years and participated in public (US intel & law) private sector & consulting NATO member internal sec ministries.

Simple, the unit gets reset at the shipyard when you come in for repairs/work. What's so difficult about that?

Meh. I'll tend to believe the hackers who present their papers more than the government guys, simply because the government wants to put forth 'all is well' sort of BS and the hackers are looking to prove something. Besides, its generally the hackers who do win and then change from black hats to white hats (and avoid jail and make more money).

All one has to do is read the articles on sites like Infosecurity to realize that security breaches happen all the time. Codes get broken all the time through various means.

But it's a game.. so if you want it to be hack-proof, it is.

/end

A prime example of stupidity:

Aussie gaff: well, the program isn’t called ‘Stay Smart Offline’

09 July 2012
In a security breach that boggles the mind, Australia’s national CERT, the communications ministry, and the post office teamed up to lose personal information on subscribers to the government’s Stay Smart Online e-security alert service.

The saga begins in 2008 when AusCERT, a non-profit organization that operates the country’s national computer emergency response team (CERT), received AUD$1.2 million to run Australia’s e-security alert service for home computer users and small and medium-sized businesses, part of the government’s Stay Smart Online initiative.

However, AusCERT was anything but smart when it mailed a DVD with personal information on 8,000 subscribers to the Department of Broadband Communications and Digital Economy (DBCDE), the agency that awarded the contract. The package, which was sent by post in April of this year, never arrived at DBCDE, the Stay Smart Online team said in a July 6 email to subscribers. The DVD contained subscribers’ usernames, email addresses, memorable phrases, and encrypted passwords.

The DBCDE said that it had “no reason to believe that this information has been found and misused by any third party and we do not believe that there is a privacy risk”, a common refrain of agencies, organizations, and companies that are caught red-faced by a security breach

Australian security blogger Geordie Guy quipped about the breach: “You couldn’t make this up. I actually had to check it was July the 6th and not April the 1st.”

Guy added: “This isn’t likely to be the last data leak this year, it’s unlikely to be the biggest, but it’s above and beyond the most embarrassing for a government department with a long history of poor practice (despite its preaching), and I think I speak for a lot of the online rights community when I say it’ll be a long time before we get another this funny.”

Only at the shipyard that originally built it, or any shipyard across the entirety of Imperial space that's capable of repairing it?

Right there is at least one small chink in the system, something that motivated criminals would take a great deal of interest in.

_________________
Maritime Games Club (Medway, Kent, UK)

Come and visit, we need more Traveller players...