Slashdot Mirror
US Government Using PS3s To Break Encryption
Entropy98 writes "It seems that the US Immigration and Customs Enforcement Cyber Crimes Center, known as C3, has replaced its '$8,000 Tableau/Dell server combination' with more efficient and much cheaper $300 PS3s. Each PS3 is capable of 4 million passwords per second, and C3 currently has 20 PS3s with plans to buy 40 more. Naturally this is only being used to break encryption on computers seized with a warrant and suspected of harboring child pornography."
Really what is the problem with this. These computers are being searched AFTER a judge issues a search warrant. In other words constitutional law is being followed to the letter in this case.
So what is the problem? Because it may involve child porn and you think that it is harmless? Well some of those computers have pictures of the victims "children" and the criminal act happening.
There is nothing wrong with this legally.
And having a fit about it is a clear case of calling wolf.
I am sure this will be used in any investigation that involves a computer and not just for child porn.
Complaining about the legal search of a computer after a warrant is issued is just stupid.
BTW I am sure that the NSA has much better systems based on FPGAs and Cell chips for breaking encryption than PS-3s but we will never hear about those and that type of wiretap without a warrant is what I am worried about.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
[sarcasm]You are guilty! You won't give us the key so you must be![/sarcasm]
All very accurate and informative. I still wonder about the numbers here. If I did my math correctly, (282 trillion posibilities, 4 million tries a second) you exhaust the search space in 816 days. That's over a year on average. And that's if they're using a simple 6 character alphanumeric password. Given that we all have a right to a speedy trial, this just doesn't seem like it would be ready in time for court. I think they'd do a lot better to use their sneak and peak warrant power to install key loggers.
Give me Classic Slashdot or give me death!
With the planned 60 PS3s assuming they brute force it and worst-case. It will take them:
/. crowd are there any good alternatives to passwords that are feasible? Something secure. Something that can be implemented on websites. What do you think we should be working towards? Is there already something in place that you can give an example of?
At 8character passwords w/ letters and numbers only, 3.3hours.
Upper and lower case increase that figure to 10.5days. (With 9 characters 7.15years)
84character set brings us up to 119.5days.
Note: I just used x^8 which isn't totally accurate, the numbers in reality are a bit larger but it doesn't matter much.
This makes me wonder in case this is true. We are running up to a physical limitation in the human brain. People already have trouble memorizing the dozens of 8character passwords. 9 characters will hold moores law off for a few more years (not the precise meaning of moores law but you know what i mean). The problem is also that people are getting more accounts for things. Most people even today use the same passwords for a variety of things. I'd say almost all people.
So I ask the
+1 funny? Or +1 informative. In the UK they lock you in jail for year-after-year until you give them the encryption key. So much for the right to be presumed innocent until PROVED guilty.
Sad but true. Refusal to share your encryption key or password is now illegal in Britannia.
FOX NEWS.com should be BANNED from television and internet. Have the Congress take it over and give us Truespeak.
I must be missing something here. WHY would someone use the original app instead of one modified to remove said rate limit? I mean the limit itself is going to be artificially imposed with something like "sleep(5)", so "cracking" the binary would be trivial at best, and the first vector I would think. Again, am I missing something here?
Yes, you are missing something, but it is a very common misconception. The "rate limit" is in the algorithm itself, not simply in the application which implements the algorithm.
Here is an example to demonstrate how such a rate limit can be constructed. Begin with a rather fast and strong hashing algorithm such as SHA-256. Now SHA-256 operates in the Merkle-Damgaard chaining mode which is inherently serial, so what you can do to slow it down is to define your password authentication algorithm to be a SHA-256 hash of a "message" which is formed by appending your password with one-billion 32-bit unsigned integers which are just consecutive counter values. Since you don't actually have to store the counter values, this takes no additional memory to implement. Since the algorithm is strongly serial in nature, you can't short-cut the process without breaking SHA-256 (which would be very impressive). Even on the fastest processors, hashing a > 1Gig message with SHA-256 is quite time consuming... at least several seconds per attempt. This provides a very effective rate limit.
- All those officers and enlisted in the Pentagon would be surprised to know they are civilians.
The majority of casualties were civilian. This was not an act of traditional war. This is far, far different than the cut and dry battlefield that the Geneva Conventions were based on.
- Are they going to release KSM if he is acquitted? If not, this is just a show trial and a sham.
If 12 New Yorkers can't find this guy guilty, then I am pretty damn sure he didn't do it. And he will not be realeased in the US, no matter what.
Come on. This is no trial in any real sense of the word. Other observers have pointed out that no one wants to see this guy walk, so the judges and prosecution will go through any contortion, no matter how ridiculous, to see him convicted. Whatever rulings they issue will then become precedent the Govt can use against everyday criminals (i.e., you and me).
And neither was the case for the the unabomber, OKC bombing or any other big trial. This is no different. As for precedent... where do you live that planning (and following thru) to kill thousands isn't already firmly against the law?
Khalid Sheikh Mohammed is the *enemy*. He cannot be rehabilitated. He cannot be reconstructed. He and his comrades would seek the overthrow of our system of government and its replacement with Sharia law. He is not a common criminal, and it is disrespectful to treat him like one - and you should always respect your enemy. Send him to his god and be done with it.
Oh yeah, the prez was the one prejudging, eh?
No comprende? Let me type that a little slower for you...