To those of us in the UK, it's that bad that it might as well be. Of course comedians also make jokes about being taken more seriously than news reporters and politicians...
Where in the US constitution does it say it is legal to give up your rights to some semblance of privacy to enjoy such privileges as being allowed to travel around the country. And the TSA has been seen at bus depots and train stations before now too.
hehehe, the two in the UK were built to absorb load of nuclear power stations during excess off-peak generation as you have to keep nuclear power stations running 24/7, only the nuclear power plants weren't built so the 3rd pumped storage station was scrapped and the 2nd was repurposed to smooth out extremely short term over generation and sudden drain being able to go from standstill to full load in 75 seconds. They literally watch TV in the control room to wait for the credits to roll or the moment the football match finishes so they can spin it up and absorb the load of everyone getting up and turning the kettle on across the country.
No, it doesn't require a dam, it requires 2 bodies of water with lots of water one elevated as far above another as possible. So a mountain with a lake at the top and one at the bottom. And they can be man made pools at one or both ends. Ultra-capacitors are strictly short term hours/days, pumped storage is a lot longer being as long as you have that pool of water up there and it hasn't evaporated much.
Perfectly random one time pad the length of the message and for bit for bit with the message is the only provably secure algorithm, just don't ever use the same key twice and find some secure way for key management (trusted sneaker net?). But most key management systems for such cryptography might as well just put the message instead of the key as message length is the same and key length.
There is a an economical way to store large amounts of electricity though, it's called pumped storage plant, basically it's a hydroelectric plant where the generators and turbines can be used in reverse to pump water back up to the top reservoir, then when needed it's released again to get electricity again. Turning a mountain into a very big gravity powered rechargeable battery.
That's the point, it doesn't have to, each of those 10000 cores each do a hash attempt in a few clock cycles each, my nvidia gpu (GTX 465) which is 2 years old now can handle 2.75 million sha1 hashes a second (I tested it). Being the geforce consumer model for graphics, only half the processing power is available for use in CUDA general purpose computing. Salted md5 passwords upto 12 characters can be brute force cracked in about a month with ~$40,000 worth of off the shelf hardware (I dread to think how fast NSA or GCHQ could do it on their top secret supercomputers with classified performance specs).
Of course, but I'm betting even your educated users do not do that. And yeah, you need about 12 characters before brute force is out against salted MD5, this is why slower algorithms like bcrypt help (blowfish/sha-1/sha256 multiple times with some special stuff thrown in to make it hard to build hardware accelerators for it.)
I just found an SQL injection attack and downloaded the whole password database. I know crack it at my own leisure. Now I can come back any time and use those user names and passwords. Now what is the bet some of those user name and passwords are used somewhere else by some of the users? When salting you need to do it very specific, you do not want to use the same salt as another system, you do want your salts to all be unique to a given user on your system suggestion is random data from a PRNG (technically for salting it doesn't need to be cryptographically secure random, though it doesn't hurt). Finally when salting don't just append the salt to the password and has as it may open up other avenues of collision attacks instead prepend the password length too.
There are a few uses, but yes it only affects certain types of collision. But it is a weakness in those use cases. Does it matter if the hashing is slightly slower for checking the HMAC from a security standpoint? Yes from a usability standpoint I don't want to be waiting 5 minutes while computer decrypts a webpage, but it doesn't detract or add to the security of the algorithm in such use cases.
Not strictly try, one reason bcrypt/scrypt/PBKDF2 is recommended over straight salting and hashing is that it is slower to hash and in the case of BCRYPT it is also deliberately designed to be harder to build dedicated accelerators or use parallel processing to help speed it up, therefore slowing down a brute force attack. Yes, time shouldn't be the only factor, but most cryptography has a time element, given enough time one can break your the whole banks password database through bruteforce, don't you want to make it as slow as possible to even make attempts (offline as well as online). If I can break this diplomatic cable, it's great, but if it takes 70 years it's already declassified before I broke it anyway does it matter I could break it given 70 years?
No, they avoid certain classes of dictionary attack like rainbow table attacks, this is where the dictionary has the hash it matches to precalculated in the dictionary. Me taking a dictionary and salting and hashing each word and seeing if it matches is a dictionary attack.
There are too types of dictionary attacks, one is used for breaking passwords using a dictionary of likely passwords and trying them one by one hoping that you find the password in the dictionary, this can be coupled with bruteforcing techniques to try things like add number to the end, replace e with 3 etc. And some crackers will even start running bruteforce through combinations not in the dictionary when the dictionary runs out. Now in hash world a collision exists, this is where another set of the same data (like a different password) also yields the same hash (so would allow authentication). Dictionaries don't just apply to passwords, but any data set one could build into a dictionary to help find collisions.
The other to break certain block ciphers using ECB mode (building a dictionary of what a particular block maps to as in ECB each block is encrypted entirely independently, so if another block happens to be the same pattern, it gets encrypted to be exactly the same.
The first is related to hashing as that is usually the way the passwords are hidden in database tables and so is relevant though cryptographic hashes are used for many other things not just passwords and so there are other attacks against cryptographic hashes. While ECB dictionary attacks are totally irrelevant and out of context in this case and can be discarded.
Medical devices have these problems on proprietary interfaces, look at insulin pumps with remote control. An overdose of insulin can be fatal to a diabetic, yet anyone with a radio and a computer can adjust the pump to do just that. Oh, I forgot to add, they also don't tell you about it. At least with open standards like TLS at least we have a lot of people verifying it.
We can do security in such devices if we want to, just ask the right people.
Same goes with cars, get the information security engineers before you hook up the car alarm, immobilizer and central locking to the same bloody computer that has a 3G interface that will allow anyone to send it an SMS with an unlock and start command.
"A state is an organized political community living under a government." So it's a political community, now members of a political community are it's citizens. Therefore a state is a group of it's citizens.
Attacking an embassy is an act of war. There is no if's buts and maybes in it. If you are vandalizing a foreign embassy it is an act of war, and the embasy guards have all the authority they need to shoot you.
Google is just trying to stop it becoming more violent. However it's the American government that needs to step up, citizens of Libya technically declared war on the US and they did it with an invitation engraved in the blood of American citizens. But the US government is being it's usual weak willed self and tiptoeing around the situation sticking a couple of special forces units on the ground and emphasizing their cooperative relations with the Libyan government. Attacking an embassy is an act of war and should be treated as such. Yes I feel for the non-extremists in Libya that didn't participate in the attacks, but they didn't stop it either.
And I also thought about, what if a child wrote about what happened to them in a diary or something. Could you count want the Nazi's did to Anne Frank as child abuse?
Kickstarter is operating under US law in terms of monetary transfers, from the Kickstarter FAQ:
To be eligible to start a Kickstarter project, you need to satisfy the requirements of Amazon Payments:
—You are 18 years of age or older. —You are a permanent US resident with a Social Security Number (or EIN). —You have a US address, US bank account, and US state-issued ID (driver’s license). —You have a major US credit or debit card.
I hereby patent a mix of 78.09% nitrogen, 20.95% oxygen, 0.93% argon, 0.039% carbon dioxide for use as a stable environmental condition for use during the manufacture of various non-specific items;)
No, it suggests they aren't processing as much information being a prototype on early hardware, on more modern faster hardware and with better sensors it can run faster. As for 2 hands versus 1, totally irrelevant, it's still multiple touch points. The computer doesn't know when I use both hands on my phone or multiple fingers with one hand. As for the algorithms, what algorithms, it's just reading which groups of wire are currently giving the most power and reporting that as screen coordinates. Image scaling algorithms and the like are standard linear 2D matrix transformations the same as all 2D graphics work uses or standard interpolation algorithms depending if we are talking rasterized or vectorized data..
Slashdot Mirror
Chip and pin (EMV) credit cards falling back to signature verification!
Not to mention the copyright mob will allow you off and find some way to "settle" before you can appeal all the way to the supreme court anyway.
To those of us in the UK, it's that bad that it might as well be. Of course comedians also make jokes about being taken more seriously than news reporters and politicians...
Where in the US constitution does it say it is legal to give up your rights to some semblance of privacy to enjoy such privileges as being allowed to travel around the country. And the TSA has been seen at bus depots and train stations before now too.
hehehe, the two in the UK were built to absorb load of nuclear power stations during excess off-peak generation as you have to keep nuclear power stations running 24/7, only the nuclear power plants weren't built so the 3rd pumped storage station was scrapped and the 2nd was repurposed to smooth out extremely short term over generation and sudden drain being able to go from standstill to full load in 75 seconds. They literally watch TV in the control room to wait for the credits to roll or the moment the football match finishes so they can spin it up and absorb the load of everyone getting up and turning the kettle on across the country.
No, it doesn't require a dam, it requires 2 bodies of water with lots of water one elevated as far above another as possible. So a mountain with a lake at the top and one at the bottom. And they can be man made pools at one or both ends. Ultra-capacitors are strictly short term hours/days, pumped storage is a lot longer being as long as you have that pool of water up there and it hasn't evaporated much.
Perfectly random one time pad the length of the message and for bit for bit with the message is the only provably secure algorithm, just don't ever use the same key twice and find some secure way for key management (trusted sneaker net?). But most key management systems for such cryptography might as well just put the message instead of the key as message length is the same and key length.
There is a an economical way to store large amounts of electricity though, it's called pumped storage plant, basically it's a hydroelectric plant where the generators and turbines can be used in reverse to pump water back up to the top reservoir, then when needed it's released again to get electricity again. Turning a mountain into a very big gravity powered rechargeable battery.
That's the point, it doesn't have to, each of those 10000 cores each do a hash attempt in a few clock cycles each, my nvidia gpu (GTX 465) which is 2 years old now can handle 2.75 million sha1 hashes a second (I tested it). Being the geforce consumer model for graphics, only half the processing power is available for use in CUDA general purpose computing. Salted md5 passwords upto 12 characters can be brute force cracked in about a month with ~$40,000 worth of off the shelf hardware (I dread to think how fast NSA or GCHQ could do it on their top secret supercomputers with classified performance specs).
Of course, but I'm betting even your educated users do not do that. And yeah, you need about 12 characters before brute force is out against salted MD5, this is why slower algorithms like bcrypt help (blowfish/sha-1/sha256 multiple times with some special stuff thrown in to make it hard to build hardware accelerators for it.)
I just found an SQL injection attack and downloaded the whole password database. I know crack it at my own leisure. Now I can come back any time and use those user names and passwords. Now what is the bet some of those user name and passwords are used somewhere else by some of the users? When salting you need to do it very specific, you do not want to use the same salt as another system, you do want your salts to all be unique to a given user on your system suggestion is random data from a PRNG (technically for salting it doesn't need to be cryptographically secure random, though it doesn't hurt). Finally when salting don't just append the salt to the password and has as it may open up other avenues of collision attacks instead prepend the password length too.
There are a few uses, but yes it only affects certain types of collision. But it is a weakness in those use cases. Does it matter if the hashing is slightly slower for checking the HMAC from a security standpoint? Yes from a usability standpoint I don't want to be waiting 5 minutes while computer decrypts a webpage, but it doesn't detract or add to the security of the algorithm in such use cases.
Not strictly try, one reason bcrypt/scrypt/PBKDF2 is recommended over straight salting and hashing is that it is slower to hash and in the case of BCRYPT it is also deliberately designed to be harder to build dedicated accelerators or use parallel processing to help speed it up, therefore slowing down a brute force attack. Yes, time shouldn't be the only factor, but most cryptography has a time element, given enough time one can break your the whole banks password database through bruteforce, don't you want to make it as slow as possible to even make attempts (offline as well as online). If I can break this diplomatic cable, it's great, but if it takes 70 years it's already declassified before I broke it anyway does it matter I could break it given 70 years?
All remaining SHA-3 candidates use a different mathematical assumptions to the SHA-2 algorithms. So breaking one won't just break the other.
Faster computation of cryptographic hashes add weaknesses as they make bruteforce collision finding faster as one can try possibilities quicker.
No, they avoid certain classes of dictionary attack like rainbow table attacks, this is where the dictionary has the hash it matches to precalculated in the dictionary. Me taking a dictionary and salting and hashing each word and seeing if it matches is a dictionary attack.
There are too types of dictionary attacks, one is used for breaking passwords using a dictionary of likely passwords and trying them one by one hoping that you find the password in the dictionary, this can be coupled with bruteforcing techniques to try things like add number to the end, replace e with 3 etc. And some crackers will even start running bruteforce through combinations not in the dictionary when the dictionary runs out. Now in hash world a collision exists, this is where another set of the same data (like a different password) also yields the same hash (so would allow authentication). Dictionaries don't just apply to passwords, but any data set one could build into a dictionary to help find collisions.
The other to break certain block ciphers using ECB mode (building a dictionary of what a particular block maps to as in ECB each block is encrypted entirely independently, so if another block happens to be the same pattern, it gets encrypted to be exactly the same.
The first is related to hashing as that is usually the way the passwords are hidden in database tables and so is relevant though cryptographic hashes are used for many other things not just passwords and so there are other attacks against cryptographic hashes. While ECB dictionary attacks are totally irrelevant and out of context in this case and can be discarded.
Medical devices have these problems on proprietary interfaces, look at insulin pumps with remote control. An overdose of insulin can be fatal to a diabetic, yet anyone with a radio and a computer can adjust the pump to do just that. Oh, I forgot to add, they also don't tell you about it. At least with open standards like TLS at least we have a lot of people verifying it.
We can do security in such devices if we want to, just ask the right people.
Same goes with cars, get the information security engineers before you hook up the car alarm, immobilizer and central locking to the same bloody computer that has a 3G interface that will allow anyone to send it an SMS with an unlock and start command.
"A state is an organized political community living under a government." So it's a political community, now members of a political community are it's citizens. Therefore a state is a group of it's citizens.
Attacking an embassy is an act of war. There is no if's buts and maybes in it. If you are vandalizing a foreign embassy it is an act of war, and the embasy guards have all the authority they need to shoot you.
Google is just trying to stop it becoming more violent. However it's the American government that needs to step up, citizens of Libya technically declared war on the US and they did it with an invitation engraved in the blood of American citizens. But the US government is being it's usual weak willed self and tiptoeing around the situation sticking a couple of special forces units on the ground and emphasizing their cooperative relations with the Libyan government. Attacking an embassy is an act of war and should be treated as such. Yes I feel for the non-extremists in Libya that didn't participate in the attacks, but they didn't stop it either.
And I also thought about, what if a child wrote about what happened to them in a diary or something. Could you count want the Nazi's did to Anne Frank as child abuse?
Kickstarter is operating under US law in terms of monetary transfers, from the Kickstarter FAQ:
To be eligible to start a Kickstarter project, you need to satisfy the requirements of Amazon Payments:
—You are 18 years of age or older.
—You are a permanent US resident with a Social Security Number (or EIN).
—You have a US address, US bank account, and US state-issued ID (driver’s license).
—You have a major US credit or debit card.
I hereby patent a mix of 78.09% nitrogen, 20.95% oxygen, 0.93% argon, 0.039% carbon dioxide for use as a stable environmental condition for use during the manufacture of various non-specific items ;)
No, it suggests they aren't processing as much information being a prototype on early hardware, on more modern faster hardware and with better sensors it can run faster. As for 2 hands versus 1, totally irrelevant, it's still multiple touch points. The computer doesn't know when I use both hands on my phone or multiple fingers with one hand. As for the algorithms, what algorithms, it's just reading which groups of wire are currently giving the most power and reporting that as screen coordinates. Image scaling algorithms and the like are standard linear 2D matrix transformations the same as all 2D graphics work uses or standard interpolation algorithms depending if we are talking rasterized or vectorized data..
Hard as every scan is different. Slightly more/less pressure, slightly different finger angle...