Domain: certainkey.com
Stories and comments across the archive that link to certainkey.com.
Comments · 9
-
Mangle better
Like this:
Needs some crypto computation to decrypt. User needs to click on a "Get my Email" button. Works on iphone.
-
Something like this perhaps
The key is to make the bots/spammers use more resources then they have.
Something like this can be used to slow down email address scanning bots.
Like sending email with hashcash, if you make the scammers work to get the right answer by requiring to compute a computationally complex formula (crypto function random walk distinguished points), they will not be able to keep up.
A website can pre-compute a table of (and continuously add to that table) challange-responses that a visitor must perform. A human will see a 5-15 second delay to registration, to a bot this can be intolorable.
-
Don't use images, don't test for humans
The goal of CAPTCHAs in most situations is to make the business of using a bot not cost effective.
You can do this by slowing the bots down, and not stopping them entirely.
Humans will wait 30s to enter a site they should be going to, this is death to bot operators (even with large botnets). Like what hashcash does for anti-spam.
An example, is here to protect email addresses.
Yes, you could write a cleaver tool to do the math in compiled C and not JavaScript, but the cost is still there. -
Save your Lexmark (or any other USB key)
Give this a whirl. Cross platform (afaik). Send feedback to: jlcooke@certainkey.com
Encryption of files using AES128-CBC, no MACing sorry.
Key used for encryption is:
key = SHA256(pswd)
Password verification is stored as: {pswdEnc, pswdHashEnc}
Where pswdEnc = AESEncrypt(key, key)
pswdHashEnc = AESEncrypt(key, HASH(key))
Provided password "test" is considerd to be the orginal "pswd" if:
key' = SHA256(test)
t1 = AESDecrypt(key', pswdEnc)
t2 = AESDecrypt(key', pswdHashEnc)
t2 == SHA256(t1)
It's written in Java, so no promises about memory attacks (I did my best). But at least file-based attacks are much more difficult.
JLC -
ok so like... dell man.Print Screen from Dell Site
Ignoring the whole building you'll end up needing...I think I could have gotten them a better deal.
-
Re:A little help, please...
Crypto is used everywhere.
/dev/random uses MD5 and SHA1, shadow-utils uses DES and MD5. The kernel uses MD5 for non-crypto reasons all over the place.
Aside: MD5 should not be used.
Basicly it was a design decision, get rid of repeated code. Linux is also being used for new applications. Servers with Encrypted File Systems, IPSec routers, etc etc. So this means Linux needs to evolve too. If the kernel only kept up with hardware changes, then Linux should be dead in 2 years.
I am the horse and I have a mouth. -
Consider this...(corporate plug)
Package your application in a self-extracting/self-decrypting archive which uses two keys (k1,k2). k1 is either zero-length or known to the group of indented users. k2 is kept secret until published online at some central site at a time specified by the publisher. If k1 is zero-length, then it'll be an open release of software/data.
software = Decrypt(software, key), where key = Hash(k1 concatenate-with k2).
This is called time-lock crypto as written by Rivest Shamir Wagner in [3].
CertainKey offers this service with all the software/crypto you need at a modest price see [1].
note: I'm a founder of CertainKey...so use discretion.
References:
[1]
[2]
[3] -
Consider this...(corporate plug)
Package your application in a self-extracting/self-decrypting archive which uses two keys (k1,k2). k1 is either zero-length or known to the group of indented users. k2 is kept secret until published online at some central site at a time specified by the publisher. If k1 is zero-length, then it'll be an open release of software/data.
software = Decrypt(software, key), where key = Hash(k1 concatenate-with k2).
This is called time-lock crypto as written by Rivest Shamir Wagner in [3].
CertainKey offers this service with all the software/crypto you need at a modest price see [1].
note: I'm a founder of CertainKey...so use discretion.
References:
[1]
[2]
[3] -
Re:Distributed.net no longer in the public eye
It's been forgotten because they attacked something of little relevence.
RC5? How uses that? Really. The DES challanges were at least interesting because you could go to work the next day and say "hey! d.net checked this algo, don't use it!"
So I say d.net needs to move back to attacking an algorithm people use everyday. Don't think they could do it?
Cracking MD5 wide ope can be done in 2 years using the same number of people at the RC5-64 project. And you'll get millions of cracks in the algorithm and not just one.
We'll see what nugget says...