Red V symbol (log file not valid) after OLC upload.

Cliff Hilty wrote:
Im still trying to figure out why any of the files have to be "secure" !
Security is an illusion. I thought the intent of the OLC was to promote
more people flying and friendly competition. Still scratching my head with
all of this regulatory crap.

Exactly my thought. Requiring so-called "secure" files limits the
access to such a site artificially, and is no more than promoting the
commercial logger industry.

After all, we are all in it for the money and the girls right? If
they want to cheat that bad let them.

When manufacturers don't publish their cryptographic algorithms, it's
a sure sign that they were not designed properly ("Snake Oil"),
because good cryptography is one that withstands mathematical
analysis.

No IGC logger has a published verification procedure. The vendors
publish closed-source EXE files for validation, as a black-box that
magically tells you if a signature is correct.

If you want to cheat, just buy two loggers. Both will have the same
"private key" needed for signing. Open one (carefully, so it will not
trigger key deletion), extract the private key, and use that private
key to sign fake flights for the serial number of the second logger.

(And that's not even exploiting potential mathematical flaws in the
signature algorithm!)

This kind of security is an illusion, and not worth the hundreds of
dollars we spend on it.

Max

No practical cryptography is immune from mathematical analysis, ask the
NSA. It's just that the analysis may take a few hundred years at the
present state of computing (but Moore's law applies).

What makes you think that all flight recorders of one type have the same
private key?

Security is deemed to be sufficiently good to make it easier to break a
World Record than to break the security; that's all that is needed.

What the OLC requires is a matter for them, but since they are siiting in a
room maybe continents away from the location of the flight, I guess they
thing IGC file verification is necessary.

Flight recorders make the OLC possible - don't knock it.

At 07:36 24 November 2011, Max Kellermann wrote:
Cliff Hilty wrote:
Im still trying to figure out why any of the files have to be "secure"
!
Security is an illusion. I thought the intent of the OLC was to promote
more people flying and friendly competition. Still scratching my head
with
all of this regulatory crap.

Exactly my thought. Requiring so-called "secure" files limits the
access to such a site artificially, and is no more than promoting the
commercial logger industry.

After all, we are all in it for the money and the girls right? If
they want to cheat that bad let them.

When manufacturers don't publish their cryptographic algorithms, it's
a sure sign that they were not designed properly ("Snake Oil"),
because good cryptography is one that withstands mathematical
analysis.

No IGC logger has a published verification procedure. The vendors
publish closed-source EXE files for validation, as a black-box that
magically tells you if a signature is correct.

If you want to cheat, just buy two loggers. Both will have the same
"private key" needed for signing. Open one (carefully, so it will not
trigger key deletion), extract the private key, and use that private
key to sign fake flights for the serial number of the second logger.

(And that's not even exploiting potential mathematical flaws in the
signature algorithm!)

This kind of security is an illusion, and not worth the hundreds of
dollars we spend on it.

Max

Peter Purdie wrote:
No practical cryptography is immune from mathematical analysis, ask the
NSA. It's just that the analysis may take a few hundred years at the
present state of computing (but Moore's law applies).

Are you sure you mean cryptanalysis? What you say sounds more like
brute-forcing, and this is not what I mean.

What makes you think that all flight recorders of one type have the same
private key?

If they had a different private key, then VALI.exe would need to
include all public keys of all loggers sold. And you would have to
update the VALI.exe each time the vendor generates new keys for new
loggers he will sell, and each time somebody wants to have his logger
repaired. Then think about what happens when a pilot sends a logger
for repair, how will inserting a new key into the logger work? How
will the existing VALI.exe on the OLC server get to know about this?

While that would be technically possibly, and it would be possible to
pregenerate thousands of keys in advance, I do not think any logger
vendor has done this.

Do you think they did?

Max

On Nov 24, 3:00*am, Max Kellermann wrote:
If they had a different private key, then VALI.exe would need to
include all public keys of all loggers sold. *And you would have to
update the VALI.exe each time the vendor generates new keys for new
loggers he will sell, and each time somebody wants to have his logger
repaired. *Then think about what happens when a pilot sends a logger
for repair, how will inserting a new key into the logger work? *How
will the existing VALI.exe on the OLC server get to know about this?

While that would be technically possibly, and it would be possible to
pregenerate thousands of keys in advance, I do not think any logger
vendor has done this.

Do you think they did?

The vendors of IGC approved flight recorders are required to do this,
as spelled out in the specification, which can be obtained here
(unfortunately, the FAI web site is a bit wonky, right now):

http://www.fai.org/igc-documents

All flight recorders currently approved for "all flights" or "all
badges and diplomas" have unique public/private key pairs for each
unit. I, as a member of the IGC GNSS Flight Recorder Approval
Committee, would like to see the algorithms standardized and the
public keys openly distributed, but life is always a bit more
complicated than it might seem...

Marc

Marc wrote:
All flight recorders currently approved for "all flights" or "all
badges and diplomas" have unique public/private key pairs for each
unit.

Thanks Marc, I must have missed that part of the spec when I last read
it. Interesting, I wonder how the public keys are distributed to the
VALI.exe files.

Whenever I see such "security by obscurity", I fear the worst.
Usually, this assumption is close to the truth.

I, as a member of the IGC GNSS Flight Recorder Approval Committee,
would like to see the algorithms standardized and the public keys
openly distributed, but life is always a bit more complicated than
it might seem...

Too sad, that's a big chance that was missed. It's extremely
cumbersome or impossible to validate an IGC file on a machine other
than Windows-i386.

Max