Slashdot Mirror
US Government Using PS3s To Break Encryption
Entropy98 writes "It seems that the US Immigration and Customs Enforcement Cyber Crimes Center, known as C3, has replaced its '$8,000 Tableau/Dell server combination' with more efficient and much cheaper $300 PS3s. Each PS3 is capable of 4 million passwords per second, and C3 currently has 20 PS3s with plans to buy 40 more. Naturally this is only being used to break encryption on computers seized with a warrant and suspected of harboring child pornography."
being used to break encryption
Each PS3 is capable of 4 million passwords per second
Something doesn't match up. For first the different encryption schemes take different times to try even one password, and even more if you combine several of them together. Secondly you cannot try 4 million passwords in a second if its encrypted content, it takes a lot more than that.
News flash: All of the servers of (insert opposition party) have been seized by the (insert party in power) government under child pornography charges.
Wait. (goes back to re-read). They are using videogame consoles to run their server? Seriously??? Wow.
I guess the PS3 is more powerful than I realized; maybe I ought to go buy one. Any good games (not on Xbox) for the PS3?
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
Naturally this is only being used to break encryption on computers seized with a warrant and suspected of harboring child pornography."
What about those computers seized with a warrant and suspected of harboring stored communications with terrorists? Are we going to just ignore them?? Huh??? Huh????
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Naturally this is only being used to break encryption on computers seized with a warrant and suspected of harboring child pornography.
... suuuuuure.
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
Seems that the "it only does everything" slogan has greater scope than I initially thought - if "breaking encryption" was advertised explicitly, I may have picked one up...
Nice that Sony took out the ability to install Linux on the slim PS3. How hard could it have been to have a left the feature in that is useful in a number of ways? Of course, they have recently announced the ability to post trophy acquisitions to Facebook.... but they take 'Other OS' support out?!
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
Halt first, then catch fire.
GAAH! MY PRINTER WON'T PRINT!! HELP!!! OH AND BY THE WAY WHAT'S THAT SMELL?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
The PS2 was restricted for export because people thought Saddam would use them to build missile guidance units. We're using the PS3 to crack encryption. I can't wait to see what uses they'll think up for the Playstation 4. Nuclear simulation?
If memory servers, the cell platform in a PS3 doesn't allow you to use all of the cores when you're running linux. So, for the price of a new ps3, they could just as easily use commodity hardware from last year and probably get better throughput.
You must be young. Go download War Games.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
That is the only thing they use them for... Wink, wink, nudge, nudge, Know what I mean?
If I were God, wouldn't I protect my churches from acts of me?
Each PS3 is capable of 4 million passwords per second
4 million passwords a second what?
No sig for you!!
could this be used on the public end as well? And if a ps3 can break encryption that well, could it make it?
Good to know when the Government is cracking the encryption implemented by the public it's "cracking down on child pornography." When it's the public cracking encryption implemented by corporations it's a violation of the DMCA.
More Twoson than Cupertino
So, with a brute force attack, I've only got 36,030,233,524,592,808,479,552,335 years before they will reach mine!
"He explained that the number of possible combinations in a six-digit password is 256 to the sixth power."
Um, only if the person uses characters that can't be typed on a normal keyboard.
In practice, the password "alphabet" is either 26, 52, 62, 84, or some other number not much above 84 characters. 84^6 is much less than 256^6.
However, in practice, people who fear the cops will use a lot more than 6 digits.
If the passwords are decent passphrases of, say, 6 words, taken out of a dictionary of even 2,000 common words, that's 2,000^6, or "still not that big of a number" as it's known in the security field. And that's if the person makes it easy by not using any spaces, using all lowercase, etc.
The real smart crooks encrypt their stuff in a way that nothing short of banging them over the head with a $5 pipe wrench will ever reveal.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
At least they didn't claim to use Wiis for that!
Renewable Energy Simulations.
Yours In Peace,
Kim Jong iL
ICE is hoping to buy 40 more original PS3s, through auction sites such as eBay.com, to add to the 20 it already has, Davenport said.
Assuming they have 1 or 2 in a testbed environment, we are probably talking 18 or 19 actively crunching numbers. Maybe 20 if the testbed machines also play ball.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Really what is the problem with this. These computers are being searched AFTER a judge issues a search warrant. In other words constitutional law is being followed to the letter in this case.
So what is the problem? Because it may involve child porn and you think that it is harmless? Well some of those computers have pictures of the victims "children" and the criminal act happening.
There is nothing wrong with this legally.
And having a fit about it is a clear case of calling wolf.
I am sure this will be used in any investigation that involves a computer and not just for child porn.
Complaining about the legal search of a computer after a warrant is issued is just stupid.
BTW I am sure that the NSA has much better systems based on FPGAs and Cell chips for breaking encryption than PS-3s but we will never hear about those and that type of wiretap without a warrant is what I am worried about.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
assuming a perp uses a password from a set of 26 letters to choose from, it will take roughly two minutes to brute-force an 8-letter or fewer password with 40 Ps3's. (26^8 + 26^7 + ...) / (40 * 4 * 10^7). wow, that's great! but....
assuming a set of approximately 90 characters to choose from, it will take approximately a month :(
Linux was supported on PS3 before the latest model, they could be using the older units...
Or it's quite possible they simply wrote the needed drivers to work with the updated PS3 units.
Neither is cracking the console nor against the law.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Imagine a Beowulf cluster of these.
" Naturally this is only being used to break encryption on computers seized with a warrant and suspected of harboring child pornography."
You know, if you buy that one, I have this little red bridge I'd like to sell you.
I knew a guy once who worked closely with anti-kiddie-porn cops. They rotated those guys off fairly quickly so they wouldn't go insane. What you see on Law & Order with the same cops doing the kiddie-smut patrol year in and year out may work for Munch and Stabler but it doesn't work in the real world.
Also, in the real world I'll be a cop's donut you don't get to do that kind of work in a decent-sized department unless you are emotionally stable, in a stable romantic relationship with another adult or had one in your past for a long time, and have a history of not getting irrational and emotional at the sight of disturbing visuals, while at the same time not being stone-cold about it either.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Can we waive the Constitution and give these brave law enforcement folks a billion trillion dollars to buy PS3's? This is about fighting CHILD PORN.
Child porn is almost as big a threat as terrorism. ALMOST.
Firstly, basic error: it's not going to be 256^6. That's six bytes, not six characters. But your passphrase very, very probably does not contain zero-bytes, and very probably not control characters. Entropy of passphrases is almost always quite a lot less than 8 bits per character. And you try common dictionary attacks first of course, which is what this is really used for. Or Rainbow table generation.
Secondly, the use of PS3 in crypto attacks is not news; most of the massively-parallel crypto/computational stuff Cell was aimed at in the workstation sector actually ended up causing labs to buy hundreds of cheap commodity PS3s instead, which ended up being way more cost-effective than the overpriced Cell workstations, with only one more SPU each. The MD5 SSL "tunneled" collisions were calculated using a 200-strong PS3 cluster, for example.
It's rather unfortunate the "Other OS" thing was taken out for the slim, because running using less power and heat would have been helpful for clusters, as AccessData points out in the article.
However, they've now fallen somewhat behind, because modern graphics cards (see ElcomSoft's recent work, for example) can use CUDA or various shaders to get quite a lot more power for exactly this kind of computation, and it's made the PS3 approach almost obsolete overnight. A PS3 Cell can push about 20 GigaFLOPs, optimally (source: Folding@home). Impressive when it came out. But a fast quadcore CPU today is 70 GigaFLOPs. And your £150 4870 X2 not only plays a mean game, in the right circumstances it's 30-100 times faster at password cracking than a PS3 Cell. You could buy just one ordinary gaming PC, put a couple of 4870 X2s in it, like I don't doubt many of us have, and clean the clock of this entire 60 PS3 cluster, for a fraction of the price and running cost. And, the extremely rapid rate of development in graphics card technology means it's getting faster, rapidly (the R800 is about 3000 GigaFLOPs).
Thirdly, this attack is totally, stunningly ineffective against a good passphrase, which anyone who'd done their homework, or read the documentation of the crypto software, would know to use. A 6-word random "Diceware" (google it) passphrase (or the equivalent, roughly 16 randomly-chosen lower-case letters) wouldn't be crackable with anything of this magnitude in the next few years, making such an attack impractical. 10 random Diceware words (or a 22 alphanumeric mixed-case passphrase, or 28 lower-case letters) would get you over 128 bits of entropy and make any attack of this kind beyond anyone's reach for the foreseeable future.
Fourthly, because of the above, a dumb brute force attack like this, after the fact on hard drives you've seized, is decidedly the wrong way to do it. The right way to do it is to get a bugging warrant and plant a hardware keylogger or observe the passphrase being entered, then seize the hard drive. That's what the FBI do when they're actually being serious, say with Mafia bosses. (Or coercion, but there's the 4th Amendment barrier to law enforcement doing that.)
Fifthly, it mentions paedophiles for apparently very little actual reason. Brass Eye moment, right there. It's a transparent appeal to emotion used to grab headlines with little actual substance. I don't actually see where it mentions any convictions as a result of this. (That's odd, surely you'd be crowing about successfully bringing child molesters to justice if there were any successes, wouldn't you?) And, this isn't the FBI in this article, this is ICE. Odd, again; surely the wrong agency for child protection work? Is there a point to this other than to say that ICE just bought 40 PS3s off eBay? 60 PS3s, as I said above, ain't gonna get you far.
And finally, the dude says "There's no controllers hooked up". I'd just like to point out that that does not say they're not playing them; PlayStation®3 controllers are wireless, so almost by definition, unless you're charging them... they're not hooked up. Hmm. Now if there were no monitors hooked up, maybe then I wouldn't be so sceptical... :)
Seriously, who does this? Forgetting about the whole "oh look we can spy on our citizens better" thing, if you have a 128 bit password, and lets assume that, for whatever reason, it's really only 100 bits. Then we have 2^100 possibilities. Further, lets assume than instead of 4 million a second, they meant 4 TRILLION a second, so 4 million * 1000 * 1000.
2^100 = 1267650600228229401496703205376
Divided by 4,000,000,000,000 = 316912650057057350 seconds, which is 3667970486771.497110812219922963 days, or 10420370700 years.
10420370700 years.
gl hf
--Valid password characters --
26 * 2 = 52 letters
10 * 2 = 20 numbers/symbols
10 * 2 = 20 other symbols
92 usable characters
92^8 = 5,132,188,731,375,616
92^9 = 472,161,363,286,556,672
--Break Speed--
Speed = 240,000,000 / per second
--8 character password--
5132188731375616 / 240000000 = 247 days
--9 character password--
472161363286556672 / 240,000,000 = 22,770 days = 62 years
Yes. ;-)
Use long passwords for encryption (minimum 10 chars, preferably 20). Use upper-case, lower-case, numbers, and symbols. Do NOT use the password anywhere else or write it down. Sorry, but you're going to have to commit it to memory. Do not use windows built in encryption or any retail encryption schemes. Use open source. Truecrypt is not open source, but people use it anyway, so read up first before you decide.
http://afp.google.com/article/ALeqM5itMBF-kPRgoyoD97Y_DtvcyItGSQ :)
FARC data was opened after
"It took Interpol two weeks running 10 computers simultaneously 24 hours a day to break into the encrypted files, the agency said." in 2008.
C3 seems to be funded with extra millions so whats missing with this story?
Why buy toys? Toys have cheap bottlenecks as "Halo" at 620p showed.
Sony PR, a cry for funding and power ? Why this dependance on Sony suburban plastic?
If federal agents find more PS3's via forfeiture laws, this might allow a super grid of units?
Also shows how good MS and archive encryption is
Real world numbers:)
Domestic spying is now "Benign Information Gathering"
As we all most likely know, It would be impossible* to actually try 4 million passwords per second. I'd be willing to wager the actual headline should be:
"PS3s have been purchased to calculate 4 Million hash-table lookups per second."
Step 1: load hash table to RAM.
Step 2: let the brute force CPU bang away at it till it finds a match.
4MFLOPS seems much more likely.
"The price good men pay for indifference to public affairs is to be ruled by evil men." ~Plato (427-347 BC)
It sounds like they are guessing passwords rather than cracking keys. But is there any advantage in using a CELL processor for this?
AES, for example, is the encryption standard used by PGP's whole disk encryption. From
http://en.wikipedia.org/wiki/Brute_force_attack:
"AES permits the use of 256-bit keys. Breaking a symmetric 256-bit key by brute force requires 2128 times more computational power than a 128-bit key. A device that could check a billion billion (1018) AES keys per second would require about 3×1051 years to exhaust the 256-bit key space."
Hence my thought that they are not cracking keys.
There is a difference between cracking encryption and the password used to secure the encryption. The article says they are using the systems to crack passwords, not encryption. The submitter has a reading problem.
look up a bit
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Ok, leave the data in the cloud and travel with a laptop with a 100% blank drive and an os install disk to use when you get there.
If the smart crooks are using any version of Windows
ROTFLOL Oh you slay me with your humor and wit!!!
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
http://ciphersaber.gurus.org/
No sig today...
Is this why SONY introduced the slim? Some company scooping up a large number of PS3, on each Sony takes a loss on, for computation purpose with no intend of buying game?
They could have just asked Red Octane to release "Child Porn Encryption Hero".
The only possible interpretation of any research whatever in the 'social sciences' is: some do, some don't
If the perp's not crypto-savvy, this will work pretty well, I think. I use John The Ripper for password cracking the machine I admin, and it actually catches people from time to time. Once back in college (when computer people were friendly to this sort of thing) I wrote and ran a naive password cracker using /usr/dict/words--it caught an instructor with the password "sunshine". Most people, including most child pornography enthusiasts, will use shitty passwords.
If the perp uses 160 characters of plain English text, however, the PS3s are going to have their work cut out for them, cracking passwords in an average of 300 trillion years per.
I'm pretty sure the PS3s will be out of warranty by then, but the C3 will be able to run 37 quintillion full-speed PS3 emulators on the Dimension 37 Interuniversal Hadron Computer.
I'm sure Sony loves this! They get to subsidize the cost of the PS3s without ever recouping licensing fees. Even with subsidies, Isn't there a more cost effective Cell solution?
My 8800GT gets about 100 million passwords per second when cracking MD5 and SHA1 hashes. I thought the CELL was supposed to make the PS3 faster?
Seems to me that a reasonably well designed OS would lock after 4 password attempts. How are they entering all these passwords w/o the system balking?
i'm asking because i don't know, please don't mod me a troll for not knowing something.
Utilizing the synergization of benchmark e-solutions to pre-workaround action items!
even if they had the top500 supercomputers dedicated to breaking an encryption key, its still going to take a few thousand times the age of the universe to check every possible key. not to mention all the energy requirements. 30GW-years just to generate all possible keys in the 128-bit key space assuming you'r at the limit of what is possible and operating at 300K. and then many many times that to actually perform the checks.
also, why use PS3's when you can buy up some cell servers and chuck some CUDA capable graphics cards in for some real crazy power.
Now, when we get some quantum computers capable of performing at a useful level then i might worry. but by then we'll have quantum encryption or something which will be nice and secure.
With the planned 60 PS3s assuming they brute force it and worst-case. It will take them:
/. crowd are there any good alternatives to passwords that are feasible? Something secure. Something that can be implemented on websites. What do you think we should be working towards? Is there already something in place that you can give an example of?
At 8character passwords w/ letters and numbers only, 3.3hours.
Upper and lower case increase that figure to 10.5days. (With 9 characters 7.15years)
84character set brings us up to 119.5days.
Note: I just used x^8 which isn't totally accurate, the numbers in reality are a bit larger but it doesn't matter much.
This makes me wonder in case this is true. We are running up to a physical limitation in the human brain. People already have trouble memorizing the dozens of 8character passwords. 9 characters will hold moores law off for a few more years (not the precise meaning of moores law but you know what i mean). The problem is also that people are getting more accounts for things. Most people even today use the same passwords for a variety of things. I'd say almost all people.
So I ask the
Good thing the government is inept and everything they do is an unmitigated failure!
Surely to load custom code on these PS3, they must penetrate the console DRM. Didn't Sony sued people for doing this sort of things?
This must be why the 3rd party OS option was removed from the Playstation Slim! SONY *loves* them some customers! {cough}
It amazes me with things like the IBM QS21 and the mercury blade servers that the cheapest solution is to get a piece of hardware like the ps3 with so many extra components not needed for number crunching.
The cell was designed for floating point calculations. Cracking requires a lot of integer calculations. You won't get the benefits that science and graphic applications get like folding@home.
heavily indebted country turns to externalities to solve problems. The externality being that Sony sells PlayStations to sell games... no shit the new slim version is locked down. Sony is not in the business of subsidising broke-ass governments.
My 8800GT gets about 100 million passwords per second when cracking MD5 and SHA1 hashes. I thought the CELL was supposed to make the PS3 faster?
[Citation Needed]
Sorry to be an ass but that sounds a little outlandish...
I've done a lot of password-cracking math, even toyed with the idea of writing an academic paper on it. Generally, I work on the (generous) assumption that a well-groomed single node can chunk through 100k passwords per second and that things scale perfectly, so 20 nodes would work through 2M passwords per second. They're claiming their 20-node cluster can handle twice that, and I fully believe it. Powerful GPUs are known to perform extremely well on password cracking, and PS3s certainly have them. That's twice the performance for half to a fifth the cost. Nice, but not "OMG."
They plan to scale up to 60 nodes, which is 12M pass/s. To break a 8-character monospace password (37 bits of complexity, which is pretty weak), it would take just under five hours ( 26^8/(12*10^6) /60/60 ). However, to break an 8-character alphanumeric password (case and numbers), that becomes seven months ( (26+26+10)^8/(12*10^6) /60/60/24/365*12 ).
This is only scary when you have a super-intelligent dictionary attack. Scrape the hard drive and any subpoenaed documents for words and add that to a dictionary of common password parts, then perform your dictionary attack -- dreadfully powerful. To avoid falling victim to this, a good rule of thumb is that words are awesome to use, and they're more secure, but they're only about as secure as two random characters (three with a rich vocabulary including 3 or more of: arcane words, uncommon foreign words, uncommon misspelled words, uncommon proper nouns, l33t-speak ...). So that 13-char "secure password" you use that looks like metropolitan8 effectively only has three or four characters to a dictionary attacker, and that clever 14-char password of spageti4dinner has only five or six, depending on how good the attacker's dictionary is at misspelled words. A tip: put punctuation inside your words to break them up (without forming words), e.g. metr[opo;%litan8, and you've pretty much defeated the dictionary attack.
Use my userscript to add story images to Slashdot. There's no going back.
Seriously, this whole article sounds like a load of horsebull. As far as I know, things like RSA and AES use integer math for the encryption and decryption schemes. It therefore doesn't make much sense to use a product designed for large numbers of floating point operations, as I would imagine the PS3 is. I'm actually pretty curious how many GMIPS the PS3 can perform. In any case, why would they pay for a device that contains all sorts of hardware ancillary to the core processing task. For instance, any gaming system is going to have a fairly powerful GPU, as well as extraneous RAM and sound hardware, etc. Also, in terms of the 4 million passwords or keys or whatever per second, I just wrote a very minimalist C program to try cracking passwords on an encrypted disk image I just created and it was definitely not reaching 4 million tries a second on my Core 2 Quad...
which is too bad. You can no longer install linux on it. I keep hoping (against hope) that Sony will release the full SDK and really allow people to use the power of the Cell. Throw us hobbyists some love, Sony. Tell us what we gotta do.
how do they prove that the owner of the computer put the child porn on the system?
Just like many warez groups and pedo groups they use technology to house their "goods" on systems with exploits.
Naturally this is only being used to break encryption on computers seized with a warrant and suspected of harboring child pornography.
Naturally. (*wink-wink* *nudge-nudge* say no more...)
"Every great cause begins as a movement, becomes a business, and eventually degenerates into a racket." -- Eric Hoffer
4 megaflops seems more like? For a cluster of 20 PS3's? Are you posting from 1983 or something?
(Brute-forcing keys is fairly foolish with modern encryption systems, but brute-forcing passwords isn't.)
Only if the person who created the password used lowercase letters, and kept it under 7-8 characters. Around 8 characters, things get expensive VERY fast.
Example: 6 mixed case, numbers, plus punctuation marks (only those on number keys): 140BN combinations, which would take 9.6 hours.
Not very good, right? Well, make it 8 characters, and they're looking at roughly 722 TRILLION combinations, or about 5.7 YEARS (provided I didn't make any power-of-ten mistakes.)
Please help metamoderate.
While TrueCrypt encrypts what makes it real good is it hides files.
Falcon
Should there be a Law?
It's pretty simple. The military courts are appropriate for combatants captured on a foreign field of battle. By trying KSM and the others in civilian courts (because the 9/11 victims were civilians on US soil), the case establishes a couple of things that neo-cons don't want to happen:
a) since evidence obtained through torture is ineligible in civilian courts, the information used by the prosecution will be what was obtained before he was tortured. So when KSM gets convicted on the basis of all the incriminating information that was available prior to torture, it will be a strong indictment that the torture used on him was not necessary. The whole neo-con "we had to torture" argument is shown for the pack of lies it is. Since Cheney was the biggest proponent of torture, it's not surprising he's also the most opposed to this happening since a conviction changes his place in history from question mark to a sadistic torturer.
b) it re-establishes the primacy of the standard US criminal justice system for acts committed on U.S. soil.
Basically, if KSM and his buddies can be convicted and put in jail through the civilian courts, it means that the wholesale raping of the Geneva Convention, habeus corpus, and other civil rights by the (neo-con) Republicans was unnecessary. It also sets a strong counter-precedent in case the neo-cons (inevitably) try the whole "Permanent Emergency" gambit again.
So yeah, the neo-cons and their water bearers like Lieberman are seriously against this and using FUD to slam the effort. Big surprise.
Laissez lire, et laissez danser; ces deux amusements ne feront jamais de mal au monde. - Voltaire
actually they're using the ps3's to play rock band and gta 4. but the higher ups wouldn't let the purchase order through without a more official sounding reason...
put punctuation inside your words to break them up (without forming words), e.g. metr[opo;%litan8, and you've pretty much defeated the dictionary attack.
I tried that once and was told I could not use a punctuation mark. I mix alphanumeric characters though.
Should there be a Law?
Did they figure out a way to access the GPU on the PS3 through Linux? As far as I can tell, the GPU is not accessible to linux and some of the RAM is unaccessible as well. Linux runs more like it would on virtual machine than it would running as a native OS. Most of my info comes from forums related to PS3 modding for home theater PCs and Im no expert. Anyone care to elaborate? If the GPU is really locked out, then are these guys just using a pretty average PowerPC computer with a few extra processors?
"4MFLOPS seems much more likely."
For a PS1 maybe.
I.T. Guy gets called into his Bosses office:
"PS3s, huh? What? On invoice... right, ooooh, those PS3s... oh, hmm yeah I ordered those, they are for... uhm... they're for breaking passwords to... crack down on... hmm, child pornography. Right! Yeah, that's what they are for. The guys are just finishing testing the... the hardware. I'll go check on them."
*Runs back to desk and hides copies of Modern Warfare 2*
It should be. If you don't know what you're talking about, you have your choice of not saying anything or doing some research. I don't think there's any excuse to spread misinformation, even by implication!
I modified code from this SHA1 cracker. Good enough evidence?
Fat PS3s are built
No, fat PS3s were built. Sony has since discontinued the form factor.
...they should check under the mousepad
Those of us who think they know everything annoy those of us who do.
Fair enough. Sorry to doubt you at first, but at the time it seemed there was no basis for your claim.
You should take a look at www.distributed.net. Supposedly the RC5-72 challenge could end in 6 months with about 100 PS3s contributing.
First, kudos. Nice thread jack.
Khalid Sheikh Mohammed isn't an enemy of war. War is government to government conflict. Al Qaida is not a government.
Obama is talking like a prosecutor (which makes sense). He will still be presumed Innocent until proven guilty in the courts.
Blowing up Afghanistan was over a simple issue.
Bush said, Hand over Bin Laden or the US will bomb you.
The Taliban said, Provide evidence, and we'll hand over Bin Laden
Bush said, We don't have to provide evidence, we will bomb if you if don't comply.
So we actually bombed Afghanistan because Afghanistan refused to turn over a criminal within our country without evidence. It had nothing to do with innocence or guilt.
http://use.perl.org
I have a custom password entry box whereby I enter a filename, offset and length and then it grabs the password from inside of the file at the offset and length I specified. The filename can by ANY file on the whole machine (or on removeable media like a USB key).
PS3s use the Cell microprocessor.
Falcon
Should there be a Law?
Innocent until proven guilty disappeared slowly, but surely... bit by bit... a long time ago in the USA. Think of drunk driving check points... if everyone is presumed guilty, until proven innocent... then nobody is innocent until proven guilty. Same thing as scanning everyone at the airports. Guilty until proven innocent.
The Cell is the CPU, not the GPU, of the PS3. Anyone saying the CPU is powerful because of its GPU is wrong. The GPU in the PS3 is actually kinda weak, but the six 128 bit vector processors hanging off the back of a main processor in the Cell are quite fast. Not as fast at SOME tasks as something capable of running CUDA code, but still really fast and far more general purpose.
That said, for this application I don't know why they aren't using something like a machine with a few NVidia graphics boards in it.
"Upon attaching the waterblock to my penis, I began to notice that I know nothing about computers." -- JRockway
regarding your sig
I once had a printer catch on fire. At least the paper. It had four big matrix heads with big selenoids driving the wires. They drew quite a bit of current. One jammed up the wires, heated up, and paper started smoking and charing. Naturally, it was the payroll checks, but as a result I was keeping a close eye on them. Only time I missed payroll deadlines.
Democratic People's Republic of Korea ... and they've abandoned democracy, a republic, and their people ...
No, North Korea is still a republic, there is no monarchy in North Korea.
Falcon
Should there be a Law?
- All those officers and enlisted in the Pentagon would be surprised to know they are civilians.
- Are they going to release KSM if he is acquitted? If not, this is just a show trial and a sham.
- Whatever your stance on waterboarding, they didn't do it to KSM to get him to confess. They did it to acquire intel to prevent further attacks and/or take the battle to Al Qaeda.
- During an interview with NBC tonight, the interviewer asked Obama if people would find it offensive that KSM would receive all the rights of an American citizen in a trial. Obama replied "I don't think it will be offensive at all when he's convicted and when the death penalty is applied to him." Pre-judging much? Tainting the jury?
Come on. This is no trial in any real sense of the word. Other observers have pointed out that no one wants to see this guy walk, so the judges and prosecution will go through any contortion, no matter how ridiculous, to see him convicted. Whatever rulings they issue will then become precedent the Govt can use against everyday criminals (i.e., you and me).
Khalid Sheikh Mohammed is the *enemy*. He cannot be rehabilitated. He cannot be reconstructed. He and his comrades would seek the overthrow of our system of government and its replacement with Sharia law. He is not a common criminal, and it is disrespectful to treat him like one - and you should always respect your enemy. Send him to his god and be done with it.
If memory servers, the cell platform in a PS3 doesn't allow you to use all of the cores when you're running linux
It's the hardware Sony includes on PS3s that don't work well with Linux. IBM supports Linux on Cells.
Falcon
Should there be a Law?
So, with a brute force attack, I've only got 36,030,233,524,592,808,479,552,335 years before they will reach mine!
If that figure is accurate and (very) precise, I can actually go and compute what your password is ;-)
I know there are plenty of real pervs out there, but are the authorities really seizing so much suspected, carefully encrypted kiddie porn to necessitate systems of this magnitude and complexity? My suspicion is that they are using this for "off the record" uses, as well as legitimate ones. Surely some criminally perverted folks are smart enough to use some sort of electronic security measures to protect their stash, but how many, out of how many pedophiles there are, and how many of them are caught and have their filthy computers analyzed? I guess politicians and appointed officials can't ask about supposed anti-child porn measures, just as no one can question anything done in the name of patriotism, fighting terrorism, or when something like cancer prevention is involved. Or is this problem that much bigger than the rest of us take it to be?
This is a hacked account, for which the owner can not be held responsible.
- All those officers and enlisted in the Pentagon would be surprised to know they are civilians.
The majority of casualties were civilian. This was not an act of traditional war. This is far, far different than the cut and dry battlefield that the Geneva Conventions were based on.
- Are they going to release KSM if he is acquitted? If not, this is just a show trial and a sham.
If 12 New Yorkers can't find this guy guilty, then I am pretty damn sure he didn't do it. And he will not be realeased in the US, no matter what.
Come on. This is no trial in any real sense of the word. Other observers have pointed out that no one wants to see this guy walk, so the judges and prosecution will go through any contortion, no matter how ridiculous, to see him convicted. Whatever rulings they issue will then become precedent the Govt can use against everyday criminals (i.e., you and me).
And neither was the case for the the unabomber, OKC bombing or any other big trial. This is no different. As for precedent... where do you live that planning (and following thru) to kill thousands isn't already firmly against the law?
Khalid Sheikh Mohammed is the *enemy*. He cannot be rehabilitated. He cannot be reconstructed. He and his comrades would seek the overthrow of our system of government and its replacement with Sharia law. He is not a common criminal, and it is disrespectful to treat him like one - and you should always respect your enemy. Send him to his god and be done with it.
Oh yeah, the prez was the one prejudging, eh?
No comprende? Let me type that a little slower for you...
Have you read any of his books? I haven't yet but I've thought of buying one. From what I've heard or read about him I'd like him on the US Supreme Court as a Justice.
Falcon
Should there be a Law?
TrueCrypt is open source and is available for download from Source Forge, which hosts open source projects. And here's the downloadable source code.
Falcon
Should there be a Law?
If the child porn smuggler is smart and careful, 20 PS3's won't be anywhere near enough to break strong, modern, encryption.
If he's dumb, there will be an easier way to decrypt the suspect data. Maybe the perp left the encryption key in plaintext somewhere, or used an obvious passphrase, or a weak or buggy encryption software.
There's no happy medium. What can you break with 20 PS3's? Maybe 56-bit DES?
While the key of DES is easy to brute-force today, and 80-bit keys are becoming questionable, 128-bit keys of high-quality algorithms are thought to be unbreakable via conventional (non-quantum) computers for the foreseeable future. There's a reason that the NSA is the second-largest electric utility user in Maryland...
My bicyles
Some of the system I used allowed to enter with alt+3 digits other ascii char like 00. You just need to know and try if it allows it or not, taking the risk that a later update will break it down, but that is valid only if you updates on regular basis. I do not use that trick anymore but when i use a passphrase for important stuff, there is no space but the dictionary word are distorted (1 br3ak [th!s] 0_n_e) and mixed with various char like ,;:.-_+/ etc... 6 words out of a dictionary is not a decent passphrase *at all* as you can use dictionary. 6 word warped and mixed with various char is neigh unbreakable.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
That would only works if the password is kept on a temporary file. Otherwise there is no reason whatsoever the password would be anywhere on disk. And that does not work at all if you use a bootable CD.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Aside from the fact that adequate grounds exist for military jurisdiction based on the Pentagon portion of the attack - and the fact that the act KSM is most likely to be charged with conspiracy, which certainly occurred outside of the U.S. - the analysis is far more complex if one has a basic understanding of criminal procedure. The very high standard of proof required to convict in a criminal court, and the complexity of the rules of evidence - particularly when considering the difficulty of trying a conspiracy charge. Hell, as a law student, I spent untold hours just looking at hearsay and its numerous exceptions. Not to mention the issue of evidence extracted during and after water boarding sessions and other interrogation
I obviously haven't seen the prosecution's evidence in full, but if this were a more traditional criminal charge, I'd wager that they would have one hell of a tough row to hoe. Keep in mind that, if the law is applied as it should be, a jury may only consider evidence that has been admitted before the Court. If vital bits of evidence are excluded--a scenario that is certainly feasible--can the prosecutors successfully prove the elements of the crime KSM is charged with? If not, in a real trial, he would have to be let free.
Of course, this isn't going to be a real trial.
Assume that KSM is acquitted. There is obviously no chance he'll ever be released, nor could he be released onto U.S. territory at all, of course, under the Immigration and Naturalization Act. A real criminal trial would carry with it the vagaries and risks associated with any criminal trial, no matter how "air tight" a case is (e.g., O.J. Simpson), and the possibility of an acquittal and release.
I fear what we have here with the upcoming KSM trial is more of a show trial. The conviction, execution, and virtually pre-determined, or at least that is how Obama is treating it in statements to the press (as a lawyer and former law professor, he should know better, as he acknowledged with his subsequent ass covering).
Aside from some of the more obvious questions (Why a criminal trial for only this handful? Why are military tribunals "good enough" for the rest? Why has Obama shifted support from the military tribunals he once supported specifically for KSM to the civilian courts? How will classified evidence be handled? Will KSM truly be given full access to all the evidence against him, including names of informants?) are the more larger concerns. Why a show trial for this person? Why now? Will show trials become the norm for the particularly loathsome among us? For those it is more politically convenient for the president to try via show trial? Is this the direction we would like to go in?
If this were to be a real trial, it would be a demonstration of the Obama administration's willingness to take unacceptable risks on national security, particularly since a much friendlier venue is allowed under law and some of the trickier, thornier aspects of the law can be avoided. Instead, it may prove to be a perversion of the criminal justice system, which has rules that are much better established and protect every single American citizen. Why open the door to show trials?
Hmm, ok, I can understand that much, and I concur, it's something long overdue, but....
Why New York, of ALL places? By trying it THERE, you run the risk of having the case thrown out or delayed due to having it in a hostile forum. Seriously, if you're going to put these folks on trial in a civilian court, regardless of degree of guilt, if you don't try them in accordance to the rule of law, in as unbiased a forum as is possible, any decision rendered will likely be negated by the resident "lynch mob" mentality that's bound to permeate the region most directly affected by their actions.
Not being sympathetic to these jerkwads, but still, if you don't do this with even a SEMBLANCE of moral authority to begin with, you end up creating a circus act that will only further validate the POV of extremist bozos like these, whilst making a complete mockery of the concept of American justice overall.
A military tribunal in Gitmo is no better, though, because it validates their "cause" as a war, rather than reducing them to worthless thugs as a civilian trial SHOULD be doing. Right move, Mr. President, but the wrong place for it.
... suuuuuure.
Purely as a novelty, the geek might ask himself what ICE is and what it does.
U.S. Immigration and Customs Enforcement has quite a lot on its plate, as this list of Programs would suggest.
The Cyber Crimes Center (C3) Child Exploitation Section (CES) investigates the trans-border dimension of large-scale producers and distributors of images of child abuse, as well as individuals who travel in foreign commerce for the purpose of engaging in sex with minors. The CES employs the latest technology to collect evidence and track the activities of individuals and organized groups who sexually exploit children through the use of websites, chat rooms, newsgroups, and peer-to-peer trading. These investigative activities are organized under Operation Predator, a program managed by the CES. The CES also conducts clandestine operations throughout the world to identify and apprehend violators.
C3 brings the full range of ICE computer and forensic assets together in a single location to combat such Internet-related crimes as:
* Possession, manufacture and distribution of images of child abuse.
* International money laundering and illegal cyber-banking.
* Illegal arms trafficking and illegal export of strategic/controlled commodities.
* Drug trafficking (including prohibited pharmaceuticals).
* General Smuggling (including the trafficking in stolen art and antiquities; violations of the Endangered Species Act etc.)
* Intellectual property rights violations (including music and software).
* Immigration violations; identity and benefit fraud
The phrase "images of child abuse" is telling. This is how the professional in law enforcement defines child pornography.
Operation Mango -- An extensive investigation that closed down an American-owned beachside resort in Acapulco, Mexico, which offered children to sexual predators. The resort was a haven for pedophiles that traveled to the facility for the sole purpose of engaging in sex with minors. The proprietor of the business was convicted. As a result of this investigation and others, the government of Mexico recently created a Federal task force to address crimes against children in its country. Cyber Crimes Center
The VGTF is an international alliance of law enforcement agencies from the U.S., UK, Australia and Canada, working together to make the Internet a safer place; to identify, locate and help children at risk; and to hold those who commit on-line child abuse appropriately accountable. On-line child abuse includes activities such as searching for, sharing and downloading images of children being physically and sexually abused and engaging children in chat rooms with the intention of committing sexual abuse both on and off-line. The VGTF delivers innovative crime prevention and crime reduction initiatives to prevent and deter individuals from committing on-line child abuse.
ICE also partners with several Non-Governmental Organizations, including the National center for Missing & Exploited Children, Netsmartz, World Vision and Rape, Abuse and Incest National Network, to fight crimes against children. Operation Predator
ighashgpu bruteforces Windows NTLM password hashes at a rate of 2.4 billion password/sec on a single GPU (HD 5870). What does this mean with respect to TFA and its measly "4 million/sec"?
Many of the discussions here completely miss the point that bruteforcing rates depend entirely on what is being bruteforced. For example if you look at JtR password hash bruteforcing benchmarks you can see rates with a Core i7 920 anywhere between a measly 758 password/sec (bcrypt) up to 14.6 million password/sec (LanMan). This spans 5 orders of magnitude! It's the same for encrypted files. For example PGP files encrypted with a symetric key issued from the Simple S2K mechanism can be bruteforced at millions of password/sec with a regular CPU, but this can drop to only a handful of password/sec if Iterated+Salted S2K was used with a decent S2K count...
Therefore all these discussions about whether "4 million/sec" is good/bad/improbable are completely irrelevant since the article is devoid of any info about what is being bruteforced.
I reckon that by replacing the word 'method' with the word 'methodology' they made themselves 45% smarter and that boosted their ability to decrypt stuff.
Sheesh! Nothing like using a longer word to replace a shorter one to convince yourself that you're smarter but make everyone else realise that you are dimmer.
The majority of casualties were civilian.
How many dead officers is required to warrant a military trial?
Yeah. Because if the fucking retards who run the legislature pass some outrageous bill against thought crime or victimless crime which gets signed into law by a President or Governor who is devious and pandering enough to be elected by a majority of the drooling morons who make up the voting citizenry, and then some prosecutor who has something against my politics and has the goods on some judge and gets a baseless warrant at three o'clock in the morning; then I must be guilty as Hell, right?
This news is obviously fake... how it got on Slashdot is even more interesting!
since evidence obtained through torture is ineligible in civilian courts
I'd hazard a guess that obtaining evidence through torture is illegal in a military court also.
And if not, I'd like to ask The Man why it isn't illegal.
Well I would think it would have to take place in one of three states where the most significant crimes occurred: DC because of the pentagon attack (184 dead), Pennsylvania because of the Flight 93 crash location (44 dead), or New York (thousands dead). The Beltway would be even more of a zoo than NY, and the flight 93 passengers were trying to re-take the plane when it crashed (and more power to them for it). While the flights took off from NJ, VI, and MA, the hijackings started outside those states - the states where hijackings probably occurred, like Ohio, aren't significantly more liberal or less biased than NY. New York state is the right state to hold the trial given that it holds the most affected, and I can't see upstate NY being that much more forgiving than NY City, although it might be easier to find "untainted" jury candidates there. Anyways, it's not like this is a patent trial where you can shop for the most favourable state.
The Cell (at least the usable portion) is less than twice as powerful as the xbox 360's tri-core cpu. The gpu is weaker than the 360's, and it is slightly more powerful than the cell, but even harder to program for. Overall, both consoles have a similar theoretical performance.
The cpu+gpu put together in either one are still outclassed by just your 8800GT, let alone a modern gpu (the GTX 285 is single-chip and readily available, and 3-4x as powerful as your 8800). This is all working in single-precision, and I can't find any single-precision performance numbers for a modern cpu, but I'd bet that they easily outclass PS3s too.
Though the article makes it sound like they chose PS3s for their performance/cost ratio, so the fact that it doesn't have top-end outright performance is perhaps irrelevant to them. I still think they should have got a cell-chip-based blade server, using the double-precision version of the cell chip (which is not the one that's in the PS3), and probably would have access to two more SPUs (the PS3 reserves one for OS and has one disabled for yeild) per cell chip. Knowing reporting these days, that's probably what they did get.
Two words: Rainbow tables.
One word: Salt
I lost my sig.
"Fascinating."
I honestly had no idea that government was capable of thinking this far outside the box. This is cause for either great optimism, or equal fear, depending on your perspective.
Sure, that's the claim by those who ordered the torture and those who support them. However no evidence has been publicly presented that any of that is accurate, or that the intel wasn't already available beforehand or from other sources. If that's ever done, and I would want solid examples, then I'll re-assess my position.
If I knew somebody is a murder-prone bastard who would likely kill someone, then I came up with some convoluted scheme to indirectly have him killed, run the scheme by a lawyer and pay him to provide me with a legal opinion that I'm not guilty of premeditated murder, and then go through with it, I still would be guilty of murder no matter what the lawyer said. Just because Cheney got someone to provide him with a fig leaf opinion doesn't mean that he's not guilty of ordering torture against applicable US and international law. So maybe you're willing to take the word of [a] criminal[s] on the matter, but I'm not. Heck, even in Texas you would need to back up a "he had it coming" type defense.
And if not, I'd like to ask The Man why it isn't illegal.
I would hazard a guess it isn't illegal because torture is of course illegal so therefore you couldn't possibly produce evidence through torture. If America acknowledges these people have been tortured, surely criminal proceedings would have to take place against SOMEBODY.
Hm, 60 PS3s chrunching away at 4 million passwords per second each. Giving a total of 240 million passwords tested each second.
My TrueCrypt volume has a 19 character alphanumerical password, not truly random but nothing you can use a dictionary against. Only lowercase + numbers but still more than 30 characters to choose from.
Given that they knew all this and tried to brute force my password using their PS3s it would still take them more than 1535 billion years...
I think they need to up their game or go a totally different route if they ever want to be able to look inside my harddrive and prosecute me for any of its content before I'm burried in a chest...
One private will do, if it's on foreign soil. DC may not be a state, but it's still US soil and there were civilians on that plane. In that context, US civil law and the constitution must take precedence. Besides, with the military tribunals being separate from traditional US criminal courts (although still subject to the constitution), perhaps double jeopardy might not apply and it might be possible to have the military tribunals anyways if they lose the current criminal case. Wouldn't be great for the US' reputation in some countries, but it doesn't have much farther down to go after Bush 43.
One military offender. Military courts do not judge civilians, and civilians are not affected by military laws.
On the other side, military justice can judge and condemn a man that have already been condemned by a civilian court (which no civilian court can)
Good point. I seem to remember that some of the earlier Bush-proposed legal frameworks for military tribunals (which were struck down by the Supreme Court as unconstitutional) allowed evidence obtained after torture, but the current framework doesn't. Apparently, Australia is finding that overly restrictive, but in a way that's probably got some ex-Bush administration officials worried over their actions.
Laissez lire, et laissez danser; ces deux amusements ne feront jamais de mal au monde. - Voltaire
One military offender. Military courts do not judge civilians, and civilians are not affected by military laws.
Is what you said true? http://en.wikipedia.org/wiki/Ex_parte_Quirin
The defendant's targets were economic targets, not military. The target was on domestic soil. The Supreme Court decision was that military tribunal was the appropriate mechanism to try them. In summary, not a military target, on domestic soil, defendants were also not military according to the details of the case.
Just a small note to all those clever people who are calculating the time taken to perform an exhaustive keyspace search on the potential passwords.
We should distinguish between the MAXIMUM time taken to exhaust the symbol space, versus the AVERAGE time.
Assuming uniform distribution of passwords through the space, and a sufficiently large sample of challenges, we would naturally expect the time taken to find the correct password to converge on n/2 -- i.e., half of the maximum time.
Thus, if a symbol space can be exhaustively searched in one year, on average, finding passwords with a similar difficulty level will take an average of 6 months, with a typical normal distribution.
Paul Gillingwater
MBA, CISSP, CISM
You talk nonsense. The PPE is about the same as the 360 tri-core, and the 7 usable SPEs are each capable of some stupidly high single precision maths numbers. A quick looking on folding@home shows a single PS3 outputiing 10x what a GPU based algorythm is kicking out.
You tripe sounds like the usual copy and paste nonsense that all Xbox owners seem to be programmed with.
One private will do, if it's on foreign soil. DC may not be a state, but it's still US soil ...
The Pentagon is not in D.C.; it is in Arlington, Virginia. (Not that this bears on your particular argument.)
The Pentagon is not in D.C.; it is in Arlington, Virginia. (Not that this bears on your particular argument.)
Although it does use D.C. zip codes.
I can't find any single-precision performance numbers for a modern cpu, but I'd bet that they easily outclass PS3s too.
It depends on the benchmark. The IBM whitepapers on the Cell have a matrix multiplication program which (after quite a bit of tuning) went just over 200 gflops. A Core2Duo has a theoretical peak of about 15 gflops.
Of course the C2D will be much faster than the Cell with most general programs, but with math that parallelises well and that you spend some time hand-tuning, the Cell can be very quick.
I did find that the Intel Core i7 has a theoretical of 70 double-precision gflops. The single-precision number should be much higher, as the Pentium 4 apparently managed 70 single-precision gflops.
Still, compared to the top-end gfx chips' over 1 TFlop of power, the cell is weedy.
Link: http://www.tomshardware.com/news/Asus-Nvidia-Supercomputer-Cores-960,8943.html I know it costs more but when you consider you'll get 1.1 teraflops of power, it'll munch away at a mental speed. All this in a standard PC tower!!!
Its a reasonably effective PR stunt as well. While the legitimacy of US actions over the last 7-8 years is not always at question within the US - it has seen your image as the pillar of democracy and justice suffer considerably on a global scale.
While there will be nay-sayers arguing that the trial is just as illegitimate for whatever reasons, it will do a lot to sway the average member of the international public that you guys are on the right track again. At least, it won't be as bad as it is right now, where even the most ignorant Joe Public 'knows there's something funny' going on across the pond.
Personally I would say Obama's comments were inappropriate and don't lend themselves to the idea of a fair trial, but then not many folk are interested in seeing the actual evidence against the guy, they just want their show-trial and the BBC/NBC reporter to tell them it was all done fairly.
Aye, my opinion is from Romania, bastion of democracy...
Not sure why you insist so much about the presumption of innocence being established by the US as "...we know it today". It seems it goes really far far back in time at least to the Roman Empire. http://faculty.cua.edu/pennington/Law508/InnocentGuilty.htm
Dear
Why would you want the double-precision version? Crypto is all about integer math.
The "double-precision version" I was talking about wasn't for its double-precision capabilities, more for the fact that it's a newer and more powerful version of the cell chip in general. My apologies for not being clearer.
it's not just finding out what's on a pc that's a worry. they could plant child porn just as easily. indict the target. BLAMMO! you are now a child molester and THEY have PROOF.
So here are some stats calculated at worst-case for 60 PS3s doing brute force cracking:
/. crowd are there any good alternatives to passwords that are feasible? Something secure. Something that can be implemented on websites. What do you think we should be working towards? Is there already something in place that you can give an example of?
8-character passwords w/ letters and numbers only: 3.3 hours.
Upper and lower case: 10.5days. With 9 characters, it's 7.15 years
An 84-character set brings us up to 119.5 days.
Note: I just used x^8 which isn't totally accurate, the numbers in reality are a bit larger but it doesn't matter much.
This makes me wonder in case this is true. We are running up to a physical limitation in the human brain. People already have trouble memorizing the dozens of 8character passwords. 9 characters will hold moores law off for a few more years (not the precise meaning of moores law but you know what i mean). The problem is also that people are getting more accounts for things. Most people even today use the same passwords for a variety of things. I'd say almost all people.
So I ask the
Hear ye, hear ye!
The PPE is almost exactly the same as a single core of the 360's chip. The SPUs are each about the same as well, but their power is limited by insanely small local memory and huge latencies to the main memory (to the point where they can't read it directly, they have to issue DMA transfers).
This gives the PS3's cell theoretically 2.3x the performance of the 360's cpu (1 PPE + 6 SPUs in the PS3 vs essentially 3 PPEs in the 360), but in practice less than 2x. When running games the OS reserves one SPE, and one is disabled to improve manufacturing yield, which is why I say 6 SPUs. I don't know if the 7th is available to use when the PS3 is running Linux, but I doubt it.
Folding's own PS3 FAQ says that "The GPU client is still the fastest", blowing your claim of "a single PS3 outputiing 10x what a GPU based algorythm is kicking out". In fact, the stats page shows GPUs contributing more TFLOPS worth of work units than PS3s, with fewer active clients, suggesting that GPUs are on average 3-4x as powerful as PS3s.
Lastly, I have been a PS3 and 360 developer for a few years now, so I think I might have some clue about their relative performance.
And before someone mentions it, I was talking in FLOPS because it's easier to find those numbers than integer ops numbers.
If your passphrase is reduced to an SHA1 or MD5 hash (apparently Linux distros use salted md5 for user passwords by default), it doesn't need to be brute-forced. You can generate a collision, the speed of which is affected only by the length of the hash and the available computing power (that is, sha1(password) takes just as long as sha1(I.u5e5^ub3r-l337+p@$VV0rds,y0!*I_R=a#5m4rt3y/m4n!) to break)
http://en.wikipedia.org/wiki/MD5#Vulnerability
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
http://en.wikipedia.org/wiki/Collision_attack
Of course this probably has very few practical uses - It can't be used to break into a TrueCrypt volume, and if someone has hashes (weak or otherwise) of your passwords they've either gained physical access to your PC with an unencrypted disk (and once your physical security is broken, you also become vulnerable to the xkcd wrench attack), or you're a total idiot (or both).
"When information is power, privacy is freedom" - Jah-Wren Ryel
Not one mention yet of plausible deniability. Tell that Customs high-school dropout the "secondary" password, and instead of your child porn/material criticizing the government, they wind up with pictures of cats playing pianos.
- All those officers and enlisted in the Pentagon would be surprised to know they are civilians.
- If one of those officers or enlisted was killed in a bar brawl, during a hit and run or by a dozen other things, what court system would be used?
- Are they going to release KSM if he is acquitted? If not, this is just a show trial and a sham.
- I doubt that it would be possible for him to be aquited, and I'm sure that new charges would be created if he was to keep him in prison. All perfectly legal.
- Whatever your stance on waterboarding, they didn't do it to KSM to get him to confess. They did it to acquire intel to prevent further attacks and/or take the battle to Al Qaeda.
- Then they shouldn't be worried about that evidence not being admitted to court
- During an interview with NBC tonight, the interviewer asked Obama if people would find it offensive that KSM would receive all the rights of an American citizen in a trial. Obama replied "I don't think it will be offensive at all when he's convicted and when the death penalty is applied to him." Pre-judging much? Tainting the jury?
Honestly, I hope that the death penalty is ignored in this case. First, it is probably what the guy wants. Second, it will be used as propaganda by someone, most likely causing more people to die. I just generally like the idea of finding him a small dark hole, about 6 feet by 6 feet that has no windows and a single light. Locking him in there for the rest of his life and letting the world forget about him.
What counts is how fast the target of such a brute-force attack accepts the passwords. If it only accepts one password every five seconds, guess what?
Idiot article.
Regards;
This is an *informative* post
You get 2 English-keyboard characters for every 2-byte Chinese character.
So, 84*84=7056, which is a bit more than 4000.
In other news, 25 US Governemtn employees working on breakinf ecrypted passwords lose their jobs for playing Modern Warfare 2 on the clock.
The world is how you make it
Are those 8-bit characters, 16-bit characters, 32-bit characters, or the kind of characters you find in a typical IT dept.
It does make a difference.
Not to play devils adovocate here, but in the eight years since the destruction of the twin towers, what compells you to believe that KSM actually would get a 'fair' trial, and that they can actually find a 'jury of his peers' that won't already think he is guilty?
Wonder what the PS3's are being used for in between crack attempts.....
- Whatever your stance on waterboarding, they didn't do it to KSM to get him to confess. They did it to acquire intel to prevent further attacks and/or take the battle to Al Qaeda.
That might be what they claim, but it is a lie and not what they did.
There are only two things torture can even possibly get you.
A) revenge against someone
B) force someone to echo what you want them to say.
Revenge is revenge. I'm sure that was a large part of why we torture now.
As for B, might as well just write out a confession and sign it for them. It means just as much and is a lot quicker to get. Doesn't get you as much revenge however with that option.
So, while I can use torture to force you to echo back something, like 'say you murdered that person!', no matter what you say (or don't say) that can not possibly indicate anything about you (other than you want the torture to stop), all it really proves is the torturer instructed the victim to say something, and the victim did.
So you are correct that they did not torture him to get him to confess, since that is not possible.
But you are incorrect that they did it for intel, since that is also not possible.
You are also incorrect that they did it to prevent anything, like your example of future attacks, since that too is impossible.
I'm sure they have at some point CLAIMED it was for that, but there have been hundreds of different claims why they do it, but any that are not one of the two above are still lies.
The majority of casualties were civilian. This was not an act of traditional war. This is far, far different than the cut and dry battlefield that the Geneva Conventions were based on.
You are correct, this was not a traditional act of war. This was an act of war directed purely at terrorizing and harming civilians. In the minds of most Americans that is despicable. (Though I would encourage people to read up on American fire-bombing of Japan in WWII, not very different from what these people did).
The Geneva Convention existed specifically to prevent this kind of terror from happening. It existed to ensure that battlefields were cut and dry, that civilians were not unnecessarily put in harms way, and to ensure a system of judgment for entities that violated these rules. By failing to hold these people accountable under the terms of these conventions, we condone such acts of violence against civilians. Of course maybe that happens to be something we want to do (again, look into our firebombing of Japan).
I agree that there will be no real trial here. This is a show that is necessary for the American people to feel like they are getting justice. Again, I'm not saying this is a bad thing. Just lets not confuse this for an actual judicial process. Like you kind of said, no jury of 12 New Yorkers will fail to find this guy guilty.
My current one is something like "StupidITPassWordPolicy#23"
I can't wait til I somehow get locked out or something and have to call IT help desk to look it up...
Notice length, upper and lower, special chara, numbers..... and know that that number is required to change frequently...
The one concession they made was it used to also compare the only and the new and if ANY part of it was identical it wouldn't accept it (like Password3 and Password4, etc...)
I am sure that not brings down the percentage of people that write their password each week on a sticky note and stick it to their monitor from 95% to 80%... Well done IT genius, well done. Truly we are all more secure for your wonderfully well through out ideas.
-Bitter.
I mis-read my notes; that 100k/s figure for your standard desktop is actually 100M/s and comes from the password cracking competition at distributed.net. According to their current live stats, the fastest single-CPU system (an Intel Core i7 2666Mhz) is cracking ogrng at 204M/s and the average is 5.5M (with a wild standard deviation of 8.6M) and from current live multi-CPU stats, a 4-CPU Intel Core 2 quad-core (16 cores) at 3110MHz is cracking rc572 at 450.8M/s and the average is 36M (stdev=51M). That puts 100M/s at more than a standard deviation above average for even a multi-CPU system and more than ten standard deviations above the average single-CPU system.
The PS3s at 200k apiece look pretty measly now, falling well under the average desktop on Dnet (5.5M). Since even an AMD K6 can crunch away at 300k/s on rc572, it's probably reasonable to say that they're cracking something tougher than anything at Dnet. Generously pinning the PS3 to the Intel Core 2 Quad 3GHz (40M/s) means dividing my Dnet numbers by 200 or multiplying the government's numbers by 200.
At 40M/s times the 60 PS3s, we'd come to 2.4G/s, which can break an 8-character alphanumeric password in a day and an 8-character random printable (includes punctuation et al, 6.5 bits of complexity) in 22.7 days. Bring that to ten characters or six characters plus two words and you're suddenly talking about 500 years. Assuming they actively upgrade with no loss to data (to fit Moore's Law) and you're looking at 9 years ( log2(500) ).
I figure military-grade is probably 10-100G/s (with continuous upgrades according to Moore's Law), which would still take 3-7 years to find a 10-char password but blows through the 8-char password in 4-7 hours.
Use my userscript to add story images to Slashdot. There's no going back.
- During an interview with NBC tonight, the interviewer asked Obama if people would find it offensive that KSM would receive all the rights of an American citizen in a trial. Obama replied "I don't think it will be offensive at all when he's convicted and when the death penalty is applied to him." Pre-judging much? Tainting the jury?
If the Executive branch didn't already believe someone deserved to be convicted and put to death, they would not be prosecuting in the first place.
This taints the jury just as much as if the defendant came out in public and said "I didn't do it!".
which is : not at all.
what would taint the jury is if Obama went beyond merely saying someone was guilty, and starting making arguments presenting evidence in public or presenting witnesses.
For the prosecution to claim confidence in a guilty verdict is expected. I should hope no prosecutor ever proceeds with a trial if they are not personally convinced that the accused is in fact guilty, and they have the evidence to prove it beyond a reasonable doubt.
No one has a right to their *own* opinion. They have a right to the TRUTH.
Khalid Sheikh Mohammed is the *enemy*. He cannot be rehabilitated. He cannot be reconstructed. He and his comrades would seek the overthrow of our system of government and its replacement with Sharia law. He is not a common criminal, and it is disrespectful to treat him like one - and you should always respect your enemy. Send him to his god and be done with it.
He would love that. treating him like a common criminal is the most humiliating thing you can do to him.
And seriously... unless the state has evidence to prove such allegations I would not want to live in a place that any government officials have the power to just go around and kill people with no due process.
This is a land where the rule of law, the constitution, and the fundamental principles of justice are supreme. if you hate your justice system so much that you would try to thwart it and impose your own vigilantee justice, then you are just as bad as any common criminal attempting to replace justice with Sharia law.
Justice demands a fair trial. And if the US can't give it, they should turn these people over to the Hague.
No one has a right to their *own* opinion. They have a right to the TRUTH.
Khalid Sheikh Mohammed is the *enemy*. He cannot be rehabilitated. He cannot be reconstructed. He and his comrades would seek the overthrow of our system of government and its replacement with Sharia law.
My view is, he's just like Timothy McVeigh, or an abortion clinic shooter. There's no way they can actually overthrow our system of government. They are non state terrorists, little more than common criminals, and really have very little power. Our system of the rule of law is much stronger and more important than any of them - and if we can't convict him in a court of law, then he should be freed. If he is freed and viewed as a serious threat, he should be kept under surveillance, but the rule of law is more important than any one individual.
It sounds like these PS3s are being "reverse-engineered" to run "non-stock" software on them, vis-a-vis password cracking.
I posit a direct and urgent need to determine two things:
(1) Method of operation;
(2) Scope and reach of the program.
This could make for an interesting legal test of DMCA/PATRIOT act laws.
The article doesn't say what type of encryption they are trying to crack...
I assume it's only a fairly limited number of well known encryption programs they target with this, and by using something else you could avoid their attacks quite easily, at least until they implement support for it.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
But you are incorrect that they did it for intel, since that is also not possible.
Where's the study or even a valid argument supporting this claim.
Maybe, just maybe they would be smart enough (yes I'm still talking about the govt) not to ask questions like that. It's not like they were looking for confessions from the people; they're not police officers; they weren't even planning on bringing them to trial.
If you stop thinking about using enhanced interrogation techniques (haha, couldn't help myself) solely for a trial, maybe you will see how ludicrous your argument is. Maybe the govt knows an attack on a major US city is imminent, but they do not know the timing. Maybe they capture two or more people that they already know, through other means, were instrumental in the planning. Maybe they are able to get them to break, each giving the same details. Is that not intel?
Sure that is an extreme case, but it is cases like that where I can honestly say I would support the usage. If anything, allowing these terrorists to come to a US Court sets a precedent where the usage of information gathered by torture becomes acceptable in a criminal investigation.
But you are incorrect that they did it for intel, since that is also not possible.
Where's the study or even a valid argument supporting this claim.
Ok. Studies and reports on them:
http://explore.georgetown.edu/news/?ID=20647
http://www.newswise.com/articles/view/519416/
http://www.talkleft.com/story/2009/9/21/21847/9403
http://www.popsci.com/military-aviation-amp-space/article/2009-09/new-study-finds-torture-negatively-affects-memory
And further valid arguments supporting those claims:
http://www.msnbc.msn.com/id/30721458/print/1/displaymode/1098/
http://dissidentvoice.org/2009/04/torture-is-more-than-just-harsh-tactics/
http://www.oppapers.com/essays/Dbq-Usefulness-Torture/132993
And at least one example of how this is a slippery slope that leads to nothing good:
http://www.cbc.ca/news/background/arar/
If nothing else, please Please read about this person!
Do further googles (or wiki searches) for Maher Arar
Then just keep in mind there is NOTHING at all that happened nor will happen that would prevent you or anyone else you know from being in that persons shoes, by a random throw of the dice.
Sure that is an extreme case, but it is cases like that where I can honestly say I would support the usage. If anything, allowing these terrorists to come to a US Court sets a precedent where the usage of information gathered by torture becomes acceptable in a criminal investigation.
That is until they* come into your home at night, haul you and your wife/gf/S.O./whatever away to different prisons in another country and torture you for your terrorists connections for 9 months.
You are doing exactly everything required to qualify as a terrorist suspect under our current methods of determining who is or could be a terrorist, so it is not at all as far fetched as your extreme example is.
[*] They being all of the sociopaths that work their way into positions of power and dominance due to their personality requiring it, whom you are willingly and gladly giving permission to torture anyone and everyone (since that is our current definition of terrorist suspect)
OMG you're missing the point.
The reason you don't want him tried in a civil court is because he could not possibly be convicted there: He wasn't even properly Mirandized. That's just one technicality, I'm sure a competent attorney could easily find many more.
The problem is that KSM was found on a battlefield in a foreign country. He is not a US citizen. It doesn't make any sense to bring him back to America to try him in a civil court and give him rights reserved to US citizens, regardless of who the victims were.
I've also even heard it said from a NY federal judge (sorry, I don't know the name) that they aren't even set up to handle any case like this, both in legal process and in ensuring security/safety.
What you effectively set up with this precedence is this scenario: A group of terrorists decide to bomb a couple of ships simultaneously, one is a US Naval destroyer, and the other is a civilian cruise ship. All the terrorists are caught by the navy. No one knows which court they will be tried in, so there is a huge mess in processing (maybe some rights are read and some are not to all of them; maybe they are not told they have a right to an attorney). Now half of them are tried in a military tribunal, and half are tried in a civilian court of law. By what logic do you think this fiasco is the right way to conduct business?
You can't change horses in the middle of the stream like this. If you want to make a policy that all terrorists be brought to a civil court, then make that policy now for future terrorist arrests. Doing it now virtually guarantees they won't be convicted.
And even Eric Holder can't consistently answer why doing it for some and not others seems like a good idea.
"They said I probly shouldn't fly with just one eye," "I am Bender. Please insert girder."
I believe you are grossly ignorant and uninformed of multiple facts. Due to the amount of effort I'd have to invest in educating you (which I doubt you would be receptive to anyway), it is not even worth such a sophomoric discussion with a stranger.
Good day,
"They said I probly shouldn't fly with just one eye," "I am Bender. Please insert girder."
How can you tell if the tortured person:
(a) is telling the truth,
(b) is making something up,
(c) tells you what (they think that) you want to hear,
(d) really have no clue, or
(e) some combination of the above?
Let's say Alice and Bob plan to blow the Brooklin Bridge on Dec 25th, but decide on a several alternative dates and locations to disclose if they are captured.
You capture them and beat the crap out of Alice. She mentions time and a place. Same with Bob.
Do you believe them? Do you continue the torture? Say you do and they confess to a different time and date. Was the first one correct? The second one? Neither?
The fact is that you have no way to ascertain, and the "detainees" know that. They know that telling the truth will not stop the torture because you can't be really sure. Great intel, right?
Or consider an alternative situation: you caught the wrong people and you will continue torturing the *innocent* until you are convinced that their *worthless* information is genuine, or until they die, whichever comes first.
Hmmm.... What in my post made you think I would be unreceptive to education? I welcome your attempt to educate me. In face the other poster brought up a good point about the Geneva conventions being precisely to keep things cut and dry, but didn't do enough to change my mind (and I still don't see how it would be any different from any other act of terrorism that has been brought to federal court). Please, I am nothing if not flexible.
No comprende? Let me type that a little slower for you...
I mean, really, on such a tech-y I'm surprised more people aren't annoyed by Sony's thinly-rationalized retroactive lockout of other OSes! (Personally, it's the reason why I've gone from "yeah, I should definitely pick up a PS3" to "hmm, maybe if I run into a used one I'll buy it, I guess.") It's also interesting that even the U.S. government is locked out of such hardware when a company like Sony decides to restrict "homebrew" uses. There's a lot more to be said on that issue . . .
I remember sigs. Oh, a simpler time!
Tainting the jury? Probably not. Because of a general lack of interest in goings-on and the media, I'm guessing a huge number of people would have no idea who KSM is. The first they'll hear about him (or realize they are hearing about him) will be during jury selection.
Bark less. Wag more.
OK. I'll try to keep it brief.
The majority of casualties were civilian. This was not an act of traditional war. This is far, far different than the cut and dry battlefield that the Geneva Conventions were based on.
1. It doesn't matter who the target is or who was killed. Contractors are killed all the time in Iraq and Afghanistan driving along with military personnel.
2. Those who were "arrested" in connection to these terroristic acts are not U.S. civilians, therefore should not be afforded same rights as U.S. citizens.
3. Those who were "arrested" were actually captured on the battlefield in a foreign enemy land we are at war with under the legal processes natural to a military fighting a war (not civilian police officers).
4. Oddly, the Geneva Convention doesn't apply to them either because they are not uniformed soldiers.
5. They were not properly Mirandized by our military, thus it is not possible to have any resemblance to a normal/ordinary civilian criminal trial anyway without overlooking some normal processes civilians are usually given. The legal proceedings are far too different from a military tribunal to a civilian criminal trial; thus too many things you would normally have to do were not done (and shouldn't have to be done) by the military at the time of their capture (including reading of Miranda rights).
6. Get a liberal judge and a good lawyer, and they will tear this case apart simply on the ways testimony was gathered (compulsion), evidence was gathered, etc. and you'll have almost no choice but to acquit. Not to mention, you'll be inadvertently giving up military secrets along the way that a military tribunal is meant to protect. Bad idea.
If 12 New Yorkers can't find this guy guilty, then I am pretty damn sure he didn't do it. And he will not be realeased in the US, no matter what.
Only 1 juror has to harbor doubt. Not a difficult proposition in this instance. And if he is not found guilty, then what? If not released in America, then where exactly? They say they'll ship him back home, but it isn't up to us. Usually the country of origin doesn't even want them anyway.
And neither was the case for the the unabomber, OKC bombing or any other big trial. This is no different. As for precedent... where do you live that planning (and following thru) to kill thousands isn't already firmly against the law?
Completely different set of circumstances. First, Unabomber was a U.S. citizen. Second, he was not a militant combatant, nor was he picked up by the military, nor was he found in a foreign country. Thus, his capture, the gathering of evidence, his reading of rights -- all took place under the expectation that he would be tried in a civilian criminal courtroom. These foreign terrorists were not.
Oh yeah, the prez was the one prejudging, eh?
You clearly do not understand this enemy at all. I am really very sorry that you don't. I'm not about to make a general statement about all of Islam, but this is radical-extremist-Islam we're talking about. There is no room for peace with them. They will not stop until they have slit your throat and your children's throats and will laugh in your face about it. You might think you are not at war with them, but I promise you they are at war with you. Again, I'm only talking about radical-extremist Muslims, not all Muslims.
Finally, KSM already admitted to doing these crimes so draw your own conclusion.
That is all.
"They said I probly shouldn't fly with just one eye," "I am Bender. Please insert girder."
A 'Monarchy' is a form of government in which supreme power is absolutely or nominally lodged with an individual, who is the head of state, often for life or until abdication, and "is wholly set apart from all other members of the state."
That can is applied to a number of people. Hitler was a supreme leader as was Il Duce and Stalin. More recently, Iran has a Supreme Leader, Ayatollah Ali Khamenei. There are better words than "Monarch" in all these cases. And in the case of Benito Mussolini, Italy had a king while Benito Mussolini ruled, Victor Emmanuel III of Italy.
Falcon
Should there be a Law?
I appreciate that. I am not some dogmatic jerk who refuses to evaluate my beliefs. Frankly 2,3 and 5 have made me reconsider this. And now I see what that guy meant by precedent; although this precedent is much better than going the other way (civilians tried as military).
Don't be so quick to judge, some people are rational and appreciate meaningful debate.
No comprende? Let me type that a little slower for you...
It is easy for me to be jaded by those who have their own fast and hardened opinions from missing or wrong information.
I apologize, I was wrong to be so quick to judge you.
You're a breath of fresh air. Most people don't listen to a word I say... or find me incoherent at best :-)
"They said I probly shouldn't fly with just one eye," "I am Bender. Please insert girder."
It's more of a trial than the people in the towers and on the planes got. Fuck the nigger bastard with a broken bottle.