Slashdot Mirror
Hacker Jeff Moss Sworn Into Homeland Security Advisory Council
Wolfgang Kandek writes "Hacker Jeff Moss, founder of computer security conferences DEFCON and Black Hat, has been sworn in as one of the new members of the Homeland Security Advisory Council (HSAC) of the DHS. Moss, who goes by the handle 'the Dark Tangent' says he was surprised to be asked to join the council and that he was nominated to bring an 'outside perspective' to its meetings. He said, 'I know there is a new-found emphasis on cybersecurity, and they're looking to diversify the members and to have alternative viewpoints. I think they needed a skeptical outsider's view because that has been missing.'"
Either he resigns in disgust or becomes assimilated.
Build your own energy sources from scratch. http://otherpower.com/
That Obama chap keeps making some inspired decisions - we could do with someone like him over here (UK) to bring a bit of change.
This is actually a great step forward. Why not have some of the best hackers review our current practices?
Seriously. I have no doubt that Jeff has the chops and the "perspective" that has definitely been "missing". I watched the eyes of Richard Clarke and his entourage glaze over at a "town hall" meeting with the "President's Critical Infrastructure Protection Board" (or whatever they called it then) in Portland about 8 or 9 years ago, as some very smart security folks told them what was coming and what needed to be done. Honestly, I don't know if they just couldn't grasp the issues or if they were more interested in political play, but the message was quite plain; "the government" was going to be no help in securing things. Political inertia being what it is, I doubt that much as changed, the current administration's well-meaning efforts notwithstanding. Jeff is in for a frustrating ride, I fear.
Look up one-way hashing algorithm. The hash (encrypted password) does not contain all the info of the clear password, so you can't get the password out of the hash. It's a feature.
Or maybe that's not your question?
Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
I'm no pro, but I believe that Salting is used.
Some mathematical instructions are easy to execute, but are very hard or non-deterministic to reverse. A simple example: take two (large) numbers x and y, and keep them secret. Multiply them and call the result z. Easy, right? And it is also easy to check if any two numbers are equal to the secret x and y, by comparing their product against z (of course there might be more products that match z in this example). However, if you only know the number z, it will be a lot harder to work out what the numbers x and y are.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
do we have to re-hash this again?!
Could a slashdotter post some "simple to understand code" that produces output I cannot reverse engineer?
function f(int x) { return x/x; }
Find the original value of x, when given f(x) == 1. To get you started, x is not 3853, 178470 or -8956583566.
From what I know, some data is lost in the process of hashing, which while preventing reversal, allows for collisions.
Meaning that even if you could reverse it, there are infinite possibilities for the answer.
I think she just watched the 1993 SciFi movie "Demolition Man" with Sylvester Stallone and Wesley Snipes:
"Send a maniac to capture a maniac".
While I understand the gut PR logic, I fail to understand how it translates into anything but "We're thinking outside the box" political cover. I think Janet Napolitano is anxious to be seen looking open minded after the "Veterans are possible terrorists" memorandum that leaked out.
Bogaboga, I was under the impression that the passwd file generates hashed values not encrypted ones. Hash algorithms are deterministic in nature so it is infeasible to reverse the hash. Any code I post generating a well-salted hash from a respectable algorithm would be out of your capacity to reverse engineer. A program like John the Ripper, or a rainbow attack would be computationaly hard to find a collision.
Here are the rules for hashing:
Given M, easy to compute h=H(M)
Given h, hard to compute M such that h=H(M) -- "one-way"
Given M, hard to find M' (different from M) such that H(M)=H(M')
(Not always satisfied) Hard to find M,M' such that H(M)=H(M') -- "collision resistant"
Note that 4 implies 3 (i.e. if we could solve 3 we could solve 4), but not conversely. The strange thing about hash functions is that there are typically billions of collisions, or perhaps infinitely many (if the hash function really does take arbitrary-length input; most have some huge limit). But it is computationally hard to find a single one.
Trying to install linux on my microwave, but keep getting a kernel panic...
Why? Discrete mathematics, my friend, and in particular, modular arithmetic. (You know, from fourth grade, when you'd do 11 / 3 and get "3 remainder 2" - the 'modulo' operation just gives you the 2.) Now suppose you have an algorithm:
a = x % 731
b = x % 129
Now take a number: say, x = 10,000. Easy to compute: a = 497. b = 67. Very easy to calculate. But, working backwards from a and b alone, can you determine x? Suppose a = 616 and b = 100; can you tell me what my number is? It's not quite that easy! You'll need to do a lot more math. Not too much, in this case, as this is a ridiculously simple code and the numbers are small, but a lot more than a simple integer-division-and-remainder operation.
That's not an encrypted message. (Public-key cryptography is related but different.) That's a simple one-way cryptographic hash: a secret number (your password) goes in, and a mysterious hash-value (a and b) comes out, and there's no easy way to map it back. But if you give me the password, it's easy to check that it's right. That hash value is what's in your shadow password file. Except it uses MD5 or SHA or whatever-the-latest-hotness-is.
Now, granted, there's few enough passwords that you can check them all, given enough time. (You might even precompute them all, which is why you add a little random 'salt' to each password that makes them all different. In the example above, the 'salt' could be 'add 12345 to X before hashing it'. You can store the salt next to the encrypted password - you'll need it to check the password. It only protects you from the guy who calculated all the passwords adding +12344 each time - his "rainbow table" of passwords and hashes is now useless.). That's why the shadow-password file isn't usually broadcasted to the world. You try to keep it reasonably secret: not world-readable, certainly not exposed to the Internet. But it's a whole lot better than nothing.
The World Wide Web is dying. Soon, we shall have only the Internet.
I see a number of people have answered, but none have giving a simple and straightforward explanation to what's wrong with your question.
Simply put: Unix does not store your password. If you've been told Unix stores your password encrypted somewhere, someone was glossing over the details to the point of making false statements. People can't reverse the process of decrypting your password because your password isn't stored there to begin with.
If you want to know what is actually stored, follow the previous advice about looking up hashing algorithms. Quick a dirty answer: when you first type in your password, a hashing algorithm is run over it and a hash code is produced, which is stored. When it prompts anyone for your password, it doesn't know the correct answer, but whatever answer anyone gives, it runs through the same hashing algorithm and sees if it produces the same result. The odds of two different strings producing the same hash result vary with the algorithm but it can be something like 1 in 2^160.
But the short answer is, your password cannot be decrypted because it wasn't encrypted and stored to begin with. There's nothing to decrypt.
"Convictions are more dangerous enemies of truth than lies."
The password is not encrypted, it is cryptographically hashed (encrpytion is two-way, hashing is one-way). A hash function transforms an arbitrary length input into a fixed length output, so there is no inverse function in the mathematical sense: a single hash value has an infinite number of inputs corresponding to it. Finding a value that produces a given hash is extremely hard: a good hash function will not have any way of computing such a value more effective than brute force (e.g. you try all possible inputs until one of them given you the hash you're looking for).
As for reversing the algorithm: in essence, the generation of the password hash always uses a stateful generator, and this state is not preserved in the hash. When trying to reverse the hash, you must know not only the hash but also the state of the generator at the end of the algorithm, otherwise backtracking to the initial state of the generator defined in the hash function definition can take more than the age of the universe, even if you used all the computing power on earth to break this single password. Another mathematical idea that is frequently used is that if you have two very large prime numbers x and y, you can quickly compute their product z, but you can't easily find x and y if you only have z. Unless you have a quantum computer, which doesn't exist yet.
Real world analogy: it's nearly impossible to find two persons with the same fingerprints, but the fingerprints themselves don't contain any infromation about the name of the person. If you have a fingerprint and a person, you can easily identify if it the fingerprint belongs to the person, but if you only have the fingerprint, you need to check the fingerprints of all people to find a person that has the same fingerprint.
Those who would give up liberty to obtain working drivers, deserve neither liberty nor working drivers.
I wonder how the rules of "Spot The Fed" will change now that DEFCON is somewhat run by a fed????
Any person using FTFY or editing my postings agrees to a US$50.00 charge
I guess I'll give the perspective here of a very small (yet dedicated) section of the hacker community. I have retired from hacking, but the hacker community still interests me, and I feel a responsibility with some others in guiding it.
As far as myself, I was on H/P sub-boards of BBSs in the early/mid 1980s, and did use the Feature Group B (950-XXXX) codes they posted to phreak, but I put that aside because I did not begin to seriously hack (and phreak) until 1989, and I retired in 1996, the day I began working for an ISP. I personally have met many members of LoD, MoD, BoW, l0ck and so forth, have gone to many cons and 2600 meetings, have gone on trashing runs, talked to them on "confs" (conference calls), on BBSs, IRC etc.
Perhaps I'll search for more original links later, but Gweeds speech at H2K2 in July 2002 is what was really the clarion call of the white hat backlash. That speech was great, and expressed what I felt for a long time but hadn't heard anyone else say.
This web page is dedicated to the white hat backlash as well.
Actually, the anti-whitehat movement in my mind has itself already split. There are the older people like me, Gweeds and some others who primarily want to delineate this line between hacking and the security industry. They are two separate things, in fact, they are against each other - the security community arrests and jails hackers. The idea that there can be a grey hat who is between white hat and black hat is ridiculous, you are either a hacker, or you are working for the security industry and law enforcement. I think even a lot of anti-hacker people would agree with us on that one.
Most of us are older, most of us don't hack any more, and the people in this movement or tendency that Gweeds became a spokesman for I have noticed are also in the anarchist movement. After all, Gweeds talked about anarchism a lot, I have been involved in the anarchist movement, and I know others of our mindset (some who I feel have expressed sympathetic sentiments are in the cDc).
I myself more than most of this group are in a political plain at the cross-section of anarchism and Marxism. So being one more of a dialectic bent, I think the progression of what has happened - people hacked until the mid 1990s, in the mid 1990s many hackers entered the security industry and the hacking movement died out to a large degree, then Gweeds made his speech in 2002 and the hacking movement is still moribund, but has some more self-awareness now anyhow. The rise and fall of IT with the dot-coms caused a chain of reactions. Perhaps the rise and fall of IT within FIRE (Finance, Insurance and Real Estate) will have some reaction as well.
I think what is more important is I think the expression of the "hacker ethic" has always been bullshit. Whether it was what the Mentor said, or that Phrack or 2600 talked about. 2600 has said things like "Companies should be glad we're hacking as we're showing them holes before the bad guys do" which sounds ridiculous to me from a hacker perspective, and I'm sure sounds ridiculous to law enforcement and companies being hacked. Gweeds, and some of the people who picked up the torch of what he said have refined that.
I myself think another criticism has to be made, not just of the white hats, but of the crowd which I'll call the 4chan/Anonymous crowd. I think what they're doing is a new development, is sort of in the spirit of hacking, but misses the boat in a few ways.
http://en.wikipedia.org/wiki/Cryptographic_hash_function Read that. It's hard to get the original password, because no one knows how to do the math backwards. It can be easy to change the password, just hash your new password & copy the new hash over, replacing the old. Of course, if there's a secret salt that will fail, but you can probably discover the salt. All that requires physical access in most cases, BTW.
Not a sentence!
http://en.wikipedia.org/wiki/One-way_function
I'll take the bait. The phrase "poacher turned gamekeeper" refers to someone who now protects the interests they previously attacked. Jeff Moss never (in public knowledge) attacked the security of the United States. He has exposed weaknesses in various security systems, but that's often considered helpful. It would be more like a naturalist with a BA in Criminal Justice turned gamekeeper.
If a known algorithm produces the encrypted password, why can't that algorithm be "reversed" to produce the original password in the first place?
It has been. But it doesn't really do you any good. The actual password is lost. The reverse of a hash produces infinite solutions. (In the same way the reverse of modulus division produces infinite solutions).
But those solutions are all 'collisions' and they could all be used interchangeably with the original password. So getting any solution is almost as good as getting the original.
Even in open source systems, encrypted passwords are not easy to crack. Why?
Because pretty much all modern encryption is based on the idea that its VERY easy to multiply two stupidly large prime numbers to find an even stupidly larger number. Multiple two 1000 bit prime number numbers and get a 2000 bit non-prime as a result.
But it takes years upon years of processor time to take that stupidly larger number, and factor it back into the original stupidly large primes.
Could a slashdotter post some "simple to understand code" that produces output I cannot reverse engineer?
z = primex * primey;
suppose z = 377, how do you find the factors: 13 and 29?
Now, for encryption, z is thousands of digits instead of 3.
Algorithms that solve this exist, they just won't finish running until after you've died of old age.
Could a slashdotter post some "simple to understand code" that produces output I cannot reverse engineer?
function f(int x) { return x/x; } Find the original value of x, when given f(x) == 1. To get you started, x is not 3853, 178470 or -8956583566.
OOhhhh!!! ohhh!!! I know, I know!
It is zero!!!
hmmm.... maybe not!
Maybe it is 42!
YES! That is it! 42!
My God! You have done it!! You have discovered the Question.
Isn't reality supposed to be replaced by something far more complex now.
Hmm... mayb#@
this is a sig... Emmanuel
refinancing
Many moons ago, after a 2600 meeting, a bunch of us converged at a coffee shop. Dark Tangent & his friends were there. He had a laptop with a webcam attached to it(supposedly recording). Yet he raised a stink when someone else tried to take a picture of him. Do as I say, not as I do?
This almost makes me believe that the government is serious about cyber-security.
Now, next, add a Constitutional Rights specialist from the EFF or ACLU and I might have an honest-to-goodness heart attack.
Stop-Prism.org: Opt Out of Surveillance
f(0); Lameness filter is lame.
Kevin Mitnick and Adrian Lamo do not seem to like the idea of Moss getting the nod. Mitnick prefers Bruce Schneier while Lamo believes Moss is a suit, "the reality is he's as corporate as hiring someone out of Microsoft."
I wonder what the reaction in the tech community would have been had the 2 above gotten the call instead.
Could a slashdotter post some "simple to understand code" that produces output I cannot reverse engineer?
While I *love* the first respondent's answer, and giggled like an idiot when I read it, perhaps this will be more a more useful example for understanding how it works.
The modulus operator in arithmetic returns the remainder after integer division. It is commonly noted "x % y", "x mod y", "mod( x, y )", or similar.
So: ...
3 mod 2 = 1
4 mod 3 = 1
4 mod 2 = 0
5 mod 2 = 1
5 mod 3 = 2
5 mod 4 = 1
Now, suppose a password structure "x:y" -- you are required to enter your password as two digits, separated by a colon (not normal, but just suppose).
You could enter, as your password, "4:3", and the system could store as your password hash "1" -- the result of "4 mod 3". Then, when you attempt to log in next time, if you submit "4:3", the system would take the modulus and check the result, "1", against its internal table of password hashes and allow you in.
Now, suppose you get the table of hashes, and see:
joeSmith: 1
joeSmith has the password hash "1". Is his actual password "3:2", "4:3", "5:2", or "5:4"? Since the modulus of all those pairs is "1", the correct answer cannot be determined from the output alone. Modulus is what is called a "non-reversible function." The output of the modulus function contains less information than the input, so it cannot be reversed.
In this example it is trivial, however, to generate another password combination that results in the same hash. For example, "6:5" also equates to the hash "1". This is called a collision between "6:5" and "4:3". The attacker does not have to know joeSmith's actual password, as long as he can supply input that results in the correct hash. That leads to the next step in identity verification systems: ensuring that it is not possible for a reasonably funded attacker to forge a document which collides with the actual document (or password in this case, which is a special kind of document).
That is a much harder topic.
Stop-Prism.org: Opt Out of Surveillance
It's a trap!
Escape Pod Films: Sketch Comedy and Web Series
That's only because the dominatrix went a little too far with the riding crop.
Random Thoughts From A Diseased Mind (Not For Dummies)
function f(int x) { return x/x; }
Find the original value of x, when given f(x) == 1. To get you started, x is not 3853, 178470 or -8956583566.
This is actually, in a funny kind of way, a good illustration of an aspect of hash functions. In a non-reversible hash function, a certain amount of information gets destroyed. The above algorithm is a trivial example in which all information gets destroyed, and thus every single number is a collision.
Part of what makes a good hash function is throwing away just enough information to make it irreversible, but preserving enough to make it meaningful.
well lets see
1 salting: a number is added into the mix to jig the results (and this may not be a known number for a particular setup)
2 the password function itself is designed to be slow and the encoder works one way (no decode)
3 anybody that is running with passwords in the /etc/security/passwd is a complete moron (hint shadow is the correct name of the file) http://www.cyberciti.biz/faq/understanding-etcshadow-file/
Any person using FTFY or editing my postings agrees to a US$50.00 charge
teews rewsna!!
It's going to be a lot easier at the next Defcon. Or, is he just going wear an "I am the fed" t-shirt for the whole conference?
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Of course Jeff Moss was invited into the Homeland Security Advisory Committee, he has been organizing events for over ten years to collect information about hackers in the computer underground. Anyone who goes to DEFCON or Black Hat is immediately "on the radar" of every three letter agency here and abroad. He's an FBI stooge, always has been, always will be.
Jeff Moss initially got started as an FBI informant working with members of the "Legion of Doom"; his FBI handler was named Dick Brandis, a former polygrapher for the Pittsburgh PA Federal Bureau of Investigation. Brandis eventually ended up resigning from the Pittsburgh FBI for taking classified government information home with him and establishing his own network of hackers that Moss et al would get into compromising positions and then blackmail for information and unpublished exploits.
Isn't it an oxymoron: "hacker" and "Homeland Security Advisory Council" in one sentence. How about : A well known criminal John Doe joined the police force
OutputLogic
In the original 2nd amendment way, Every able-minded hacker is now in the hacker militia, it is now okay to hack computers in foreign countries... ;)
You can have your god back when you are old enough to handle the responsibility.
Having been at Defcon 1 and seen how far things have come, I have nothing but respect for DT and what he has done. It's funny how times change. To have gone from an environment where people were paranoid about "the Feds" even knowing who was attending the conference, to having the organizer of the conference working for the Feds, is a real change. He has the contacts and the insider knowledge of what the threats are. The government made a smart choice by hiring him. Now, DT... since my tax dollars are going into your pocket, how about a free admission to the next con? -Phax
If you've been told Unix stores your password encrypted somewhere, someone was glossing over the details to the point of making false statements. People can't reverse the process of decrypting your password because your password isn't stored there to begin with.
So you're saying that if your password was loosely related to a dictionary word, and if a hacker gained root access to that server, then you would be completely unconcerned about having used the same password on other servers? You would sleep well at night, with complete confidence that the text spit out by "John the Ripper" is going to be some totally unrelated text string?
In your reply, please include the IP address of your server. ;-)
-Gonz
As all pries are known, or at least only known primes can be used, why not make a table with the answers? e.g. for the one digit ones
2 x 2 = 4
2 x 3 = 6
2 x 5 = 10
2 x 7 = 14
3 x 3 = 9
3 x 5 = 15
3 x 7 = 21
5 x 5 = 25
5 x 7 = 35
7 x 7 = 49
So suppose z = 35, you look it up in the table and see directly that it is 5x7.
Sure it will take some time to make that list, but once you have it, getting back should be very fast compared to figure it out in a mathematical way.
Here are the first 15.000.000 primes, so there are only 15.000.000^2 solutions to look at or 2.25e+14
I could imagine that by looking at the length of the result you can reduce the place where you are going to look. e.g. if the result is only one digit, you could only look in the one digit solutions, making stuff a lot faster.
Obviously these go to only 9 digits, so a bit more will exist till you get to m39 (or 2^(13.466.917)-1
Anybody willing to make such a database? :-D
Don't fight for your country, if your country does not fight for you.
Anybody willing to make such a database? :-D
We're talking stupidly big numbers, not your garden variety big numbers. To paraphrase the Hitchhiker's Guide to the Galaxy:
"Its big. Really big. You just won't believe how vastly hugely mindbogglingly big it is. I mean you may think it's a long way down the road to the chemist, but that's just peanuts to these."
Using very rough numbers, at around 500 digits, around 99.9% of integers are composite, meaning around 0.1% are prime. (I'll leave proof of this as an exercise to the reader.) For the sake of the discussion, lets assume that is an accurate 'prime density' for the range of 500 digit numbers.
So, to create a database of the 500 digit prime numbers we'll need to store 0.1% of them. So far so good.
So how many are there. Lets look at 3 digit numbers (100-999) inclusive; which equals 999-100+1 or equivalently 10^3-10^2.Or we can express it even more conveniently as (10*(10^2))-(1*(10^2) = 9*(10^2). And the general formula for how many n digit integers there are is 9*(10^(n-1)). For 500 digit numbers there are 9*(10^499).
Ah, but we only need 0.1% because we are only storing primes, so we multiply by 0.001 or 10^-3 and get:
9*(10^496).
Our database is going to need around 9*(10^496) records for this...
If it hasn't already made itself clear to you, this poses a serious problem. There are estimated to be around 10^50 atoms on earth. So even if you could store an entire database record on an atom, and the entire planet was used in our storage system, we'd still run out of atoms before we made a measurable dent in the data set we need to store.
In fact, if we used every atom in the universe we'd still run out of atoms before we made a dent in the data set. The universe is estimated to have fewer than 10^81 atoms.
We couldn't store this data set even if we had a billion billion universes worth of atoms.
And that's just the 500 digit primes. We haven't talked about 501 digit primes yet...
The encryption is a one-way street. One (simple, understandable and entirely useless for security) example of such an "encryption" function would be to simply count the letters typed.
If somebody's password is "foo", it would be stored as "3". Given "3", it's impossible to tell that the password was "foo".
When I want to log in, I type "foo", the login program converts what I typed into "3", and compares that value to what it has stored. Also "3". Access granted.
If I had typed "fluff", that would have been converted to "5", and access would have been denied.
Obviously, with this scheme, I could just as well have typed "pig", and that would have granted me access as well. But Unix doesn't simply count letters, and collisions like this are unlikely. The function used is also such that coming up with something yielding a given hash (the "3" in the above example) is really hard.
Installed the Bubblemon yet?
'nuff said.
No, he's not saying that at all. Go read it again.
Basically John the Ripper guesses the password and then you're free to try that password against other machines. Obviously if someone's used that password on the other machines you will get in using that password. That has nothing to do with whether the original password can be retrieved from the hash by reversing the hashing algorithm or "decrypting" the hash to get the original password.
Also, the text that John the Ripper spits out could actually be different from the real password and still work, because every hashing algorithm takes a large (probably infinite) set of things and squeezes them into a finite set of values. i.e. there are guaranteed to be collisions.
-- Wodin
In January, Moss gave a keynote presentation at the DoD Cyber Crime Conference. I wonder if his presence there helped put him into this new position. It really made him public to the government there :)
I applaud Obama, he has the right mind frame for getting cyber threats under wraps.
Fight fire with fire....so get a hacker on board, to level the playing field.
(Just make sure to always keep him either so terrified of not cooperating by suggesting his family might be on grave danger because he is now consorting with the gov. that they need supervision, and they will provide it just as long as he keeps on the up and up...
which to me is not always the best, or keep him always interested in doing more and giving incentives he has to work for or towards)
He wants his own team, then let him choose it (like a cyber commando team leader), then allow them to have incentives too,
however, you would need 2 teams, both of which are supposed to think the other is rogue ops, and might turn , so we need to keep them supervised. Also not too much of left hand not knowing what the right hand is doing, because you could go over board with impeding progress....but in the end...a good move.
Very good explanation of how one way hash passwords work... I always emphasize that the passwords are NOT STORED ANYWHERE!
What I find much more distressing is how many systems use more complex systems to store passwords. I could implement a reasonably good one-way hash password system in nearly any programming language in very few lines of code and have a very low risk of the user's passwords being compromised. But many systems still insist on keeping that password stored in a reversible format, even though it's much more complex to implement securely.
I HATE those web systems that send you your password in an email... that's always nice of them to broadcast my password to the world like that. A properly implemented system shouldn't even let them know my password!
I have spent hours of my life trying to explain to users why their password gets changed if I ever need to authenticate as them in one of our systems. They hate it, but when I explain that it's actually a good thing (they know when someone has accessed their account), they usually love the idea of the one-way hash.
Sometimes the best solution is to stop wasting time looking for an easy solution.
I can't attest to the accuracy here... but mod this parent up for putting really large numbers into perspective quite well.
People throw large numbers, or very small numbers, around so often these days with no understanding how large or how small they really are. Like that recent discussion of the laser based technique used to improve incandescent bulb efficiency using the equivalent of the entire countries power production for a crazy small amount of time. The numbers seem pretty impressive until you realize that the actual power used is almost nothing compared to the energy saved by the treatment.
Sometimes the best solution is to stop wasting time looking for an easy solution.