Computing desk
< July 17	<< Jun \| July \| Aug >>	July 19 >

Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.

July 18

Does ESP8266 has an hardware AES engine or not?[edit]

ESP8266[1] is a popular wifi-enabled SoC. I'm trying to figure out whether it has a hardware accelerated AES engine or not.

Evidence point to YES:

1. Googling "ESP8266 AES engine" yields dozens of sites saying the affirmative, though most of them likely just copy and pasted that information from somewhere else.

2. ESP8266 contains an ARM Cortex-M4 core. Googling "Cortex-M4 aes" suggests that most manufacturers pair a hardware AES engine with their Cortex-M4 SoCs, so it's likely that ESP8266's manufacturer has done the same.

Evidence point to NO:

1. This repository [2] contains a purely software implementation of AES, would seems to suggest that there's no hardware AES engine, at least not one that's available to the user. My other car is a cadr (talk) 03:14, 18 July 2015 (UTC)[reply]

For reference, AES is the Advanced Encryption Standard. Tevildo (talk) 09:23, 18 July 2015 (UTC)[reply]

According to the manufacturer's website here, it has an "integrated AES engine". The datasheet is available in various places on the internet, but not legally - I therefore won't link to it. On page 16 of the datasheet, hardware accelerators are listed for CCMP, TKIP, WAPI, WEP and CRC - if the combination of these features counts as an implementation of AES, the answer to your question is "yes". Tevildo (talk) 09:41, 18 July 2015 (UTC)[reply]

The datasheet doesn't contain the word "AES" at all though, so that's sort of discouraging. My other car is a cadr (talk) 11:42, 18 July 2015 (UTC)[reply]

Has anyone checked the assembly language instruction set? If it contains an AES engine surely there must be an instruction or some registers associated with it. --Guy Macon (talk) 12:54, 18 July 2015 (UTC)[reply]

Question about Email - Is it a social engineering scheme?[edit]

A family member received this in an email today. He wanted to know whether it is BS.

Dear Winner. This Email is to inform you that your email account has just won you ($750,000.00 USD) from the Google Gmail Promotion, online email lottery powered by Google. A random email balloting of 80 million addresses of people that are active online, among the people that subscribed to Google Mail worldwide. We have selected 7 winners from 80 million emails, without the winner applying. We are congratulating you for being one of the lucky beneficiaries of this annual promotion. However you will have to fill and reply the Below Details To:

[email redacted]

Full name

Contact Address

Age

Telephone Number

Sex

Occupation

Country

STATE

Contact Lottery Events Manager

Submit your information to the Events Manager’s email stated below;

[name redacted]

Contact Email: [email redacted]

(Events Manager)

I said that I thought that it was a scheme to collect personal information, but that I would check. Has anyone seen this? Is this a con game?

Robert McClenon (talk) 23:25, 18 July 2015 (UTC)[reply]

Blindingly obvious scam is blindingly obvious: [3] AndyTheGrump (talk) 23:48, 18 July 2015 (UTC)[reply]

It isn't blindingly obvious on first glance, because it doesn't ask to send a small payment, which would be advance fee fraud. It did seem to be probably a scam, since, unlike in a multi-state lottery, you haven't bought a ticket. I don't think it was blindingly obvious, which is why I asked. Thank you. Robert McClenon (talk) 00:09, 19 July 2015 (UTC)[reply]

Scammers frequently don't ask for money straight off - their initial objective is to find people credulous enough to hand over personal details in return for promises of implausible sums of money. Having found their mark, they can then start spinning the line through personal communication. AndyTheGrump (talk) 00:18, 19 July 2015 (UTC)[reply]

Indeed even many of the classic "very wealthy person X died without next of kin and we want to steal their money" emails don't ask for money upfront. See e.g. [4]. Nor for that matter when they pretend you already discussed stuff, see e.g. [5]. There are some that say upfront they want you to buy something or pay for something, e.g. some here do [6], but you can also see a bunch don't really say so. There is BTW some comments from Teresa Nielsen Hayden on the language used in one of the emails there, although it's a fairly different situation for someone claiming to be from wherever in Africa or Asia or whatever wanting to steal or claim inheritance, than it is for someone claiming to be from Google or Microsoft or Apple or whatever. Nil Einne (talk) 15:24, 19 July 2015 (UTC)[reply]

On thing that's obvious, if not blindingly so, is that it's badly written. Not as badly as a lot of email scams, but look:

The dollar amount is in parentheses as if there was an amount in words preceding, but there isn't one.
Using both $ and USD. (Google is a US company, but the only time Americans are likely to use the notation USD at all is in connection with currency exchange, and it shouldn't be used together with $.)
Odd wording "We have selected 7 winners ... without the winner applying".
Capital letters in "Email the Below Details" for no reason.
"The below" instead of "the following".
"State" after "country" instead of before.
"STATE" in block capitals for no reason.

People running a contest don't necessarily write in perfect English, but that many errors is clearly a red flag.

By googling on a key phrase I immediately found this version of the scam/spam, which contains even more errors:

A space in the middle of the dollar amount.
Sentence fragment "Online email lottery Power by Google", also with an extra capital on Power, a missing "-ed" ending, and a missing period at the end.
Lucky beneficiary" instead of "lucky beneficiaries".

Either Robert inadvertently removed some errors when posting it here, or the scammer/spammer decided to work on the message after sending the first batch, which would hardly be likely if it was only sent to 7 people.

And a second and larger red flag is that you are asked to reply to an address that's not in a Google domain. A quick look with whois suggests that the owner of domain qq.com is in China. --174.88.133.35 (talk) 02:56, 19 July 2015 (UTC)[reply]

Besides the mistakes found by 174.88. ... there are even more mistakes. The sentence "A random email balloting ..." has no verb. "Below" is capitalized without any reason for it.

Add to it that I could not find any hint of this lottery in Google.

I have no doubt this is a scam. Report as spam and forget about it. --Yppieyei (talk) 04:10, 19 July 2015 (UTC)[reply]

A commonly-held theory is that many email scams are purposely unconvincing and poorly-written. Anyone too dumb to see through the obvious problems is a lot more likely to be dumb enough to wire large amounts of money to a stranger in Nigeria. It helps them to avoid wasting time on unlikely prospects. --Guy Macon (talk) 05:21, 19 July 2015 (UTC)[reply]

Well, the explanation that email scams are purposely poorly written isn't necessary. They may be poorly written because the (Chinese or Nigerian) scammer's English isn't very good. Also, the fact that qq.com is in China reduces the likelihood that reporting the scam as spam will accomplish anything. The Chinese have no motivation to stop crimes that may bring hard currency (dollars, euros, pounds) into China. Thank you. Robert McClenon (talk) 17:31, 19 July 2015 (UTC)[reply]

Here is a simple, foolproof technique for determining which emails are scams:

If you receive unsolicited email from someone you don't know, it is a scam. Period. No matter what it's offering, no matter what it claims you've won, no matter what problem it's claiming there is with your email or bank account, no matter what link or attachment it wants you to click on for more information, it's not real. It is fraudulent. Delete it without another thought.

Email is not reliable and not trustworthy. Anyone who really wanted to let you know you'd won money, or that there was a problem with one of your accounts, would use some other method of notifying you. —Steve Summit (talk) 00:38, 20 July 2015 (UTC)[reply]

Ehh, that's not really true. If you use online banking, banks frequently send you e-mail to notify you of things. Granted, they often don't tell you exactly what the issue is, for privacy reasons; they just say you have a message or alert or something and tell you to log into your account on their website. Now, I agree with the first part: "If you receive unsolicited email from someone you don't know, it is a scam." The key part here is "someone you don't know". Random banks you've never done business with don't send you e-mails out of the blue. --108.38.204.15 (talk) 06:04, 20 July 2015 (UTC)[reply]

And if you do get an email from your bank telling you to log in, type the bank's web address in yourself (or click on your own bookmark), rather than clicking the link in the email, just in case it's not a legitimate message. 91.208.124.2 (talk) 09:13, 20 July 2015 (UTC)[reply]

Even emails that appear to be from people you know personally can be fraudulent, as in the stranded abroad scam. AndrewWTaylor (talk) 15:47, 20 July 2015 (UTC)[reply]