I have a Plextor IDE 16/12/10A drive. I'd get all sorts of writing errors until I turned on Burn-Proof on the drive. I had to dig around the cdrecord mailing list to find the flag. Here's the command I use: cdrecord -vvvv -dev=0,0,0 driveropts=burnproof speed=16 $@
Once I've switched to this command, things work flawlessly. I don't always burn at 16x (it varies depending on the source -- either my nfs mount or my local drive or even a dynamically created isofs.
I doubt your older drive has Burn-Proof. But in the rare case it does, here's the flag that may just save you a few coasters.
(go ahead and mark this offtopic, I don't believe in overclocking anyway).
Ok guys, here's how you can use the power of visual identification and still have a cryptographically secure system. All of this and it's implementable RIGHT NOW with current tools on a standard linux distro.
1. Take a directory full of images, it doesn't matter if they are.pngs,.jpgs, a mix of verious types or whatnot. All that matters is there's quite a few of them on the machine. I'm going to use the/usr/kde/2/share/icons/hicolor/48x48/ directory. This directory contains 5 subdirectories with a total of: find . -name '*.png' | wc -l
297
pictures. Given this, we can do som basic combinatorics (permutations of these standard pictures) for any value of 297 choose n. Using the permutation of (297 3) gives us 25,934,040 possiblilties (remember the order of choosing pictures is unique). It gets even nicer at 4 (7,624,607,760). Why am I bothering with this? Let me show you a snippet of python code:
Obviously, order matters. Starting from this simple building block I'm sure it woulndn't be too hard to have kdm/gdm/xdm use this alternate method. There are c libraries available (openssl) which accomplish the same feat.
In short, this can be implimented in a weekend by a skilled hacker. One could even see crative ways of assigning short characters to each picture so that clicking isn't necessary. Something along of the lines of:
Actions == A aPps == P Devices == D Filesystems == F Mimetypes == M
And each subdirectory use the same method as well. So instead of catting those three files via the CLI, I could opt to type:
PE == aPps/kEdit.png MW == Mimetypes/Widget_doc.png FZ == Filesystems/Zip.png
So I could type PEMWFZ (case shouldn't matter as we're indexing through a series of directories/files) and get my first catted line above. The second line would be PEFZMW.
The weaknesses in the algorithm described above lie in the strengths of SHA and the number of choices (I'm using 3). Since SHA's collision space is larger than (297 3) The weakness lies in the permutation. As I showed above, it's pretty damn big. Make it 4 (and all pw's become 8 characters).
Hardest part is the passwords are still gibberishlike. Or are they? Each grouping is paired in twos naturally. The password in ones's mind isn't PEMWFZ, it's PE, MW, FZ. If one can visualize the picture with the grouping then there is a direct visual association. This would appleal to most hacker-types. And the non-techies can even just opt to scroll through the pictures clicking on the 3 (or 4) that comprise the password. There could even be an option displaying the shortcut keys as the pictures are being clicked in case the person can't remember one of the mnemonic groupings. This must be done in absolute secrecry should the should-surfers wander by.
You guys get the idea. I'm just spewing ideas about this topic.:)
(And to others about this "dumbing-down" passwords; I think my hacker/non-hacker solution above compliments both types nicely. It also gives rise to REAL passwords without having to memorize `a09GD3hz'. A compliment of pictures and shortcut blocks works well within the human mind -- try it if you don't believe me. On top of this, it eliminates the possiblity of people choosing 'god', 'stud' 'master' and other such obvious passwords.)
Feel free to flame my constructive brainstorming. This is./ after all.:)
Slashdot Mirror
Hiya,
I have a Plextor IDE 16/12/10A drive. I'd get all sorts of writing errors until I turned on Burn-Proof on the drive. I had to dig around the cdrecord mailing list to find the flag. Here's the command I use:
cdrecord -vvvv -dev=0,0,0 driveropts=burnproof speed=16 $@
Once I've switched to this command, things work flawlessly. I don't always burn at 16x (it varies depending on the source -- either my nfs mount or my local drive or even a dynamically created isofs.
I doubt your older drive has Burn-Proof. But in the rare case it does, here's the flag that may just save you a few coasters.
(go ahead and mark this offtopic, I don't believe in overclocking anyway).
Ok guys, here's how you can use the power of visual identification and still have a cryptographically secure system. All of this and it's implementable RIGHT NOW with current tools on a standard linux distro.
.pngs, .jpgs, a mix of verious types or whatnot. All that matters is there's quite a few of them on the machine. I'm going to use the /usr/kde/2/share/icons/hicolor/48x48/ directory. This directory contains 5 subdirectories with a total of :
/ fip180-1.txt)
3 24
D 7F
:
./ after all. :)
1. Take a directory full of images, it doesn't matter if they are
find . -name '*.png' | wc -l
297
pictures. Given this, we can do som basic combinatorics (permutations of these standard pictures) for any value of 297 choose n. Using the permutation of (297 3) gives us 25,934,040 possiblilties (remember the order of choosing pictures is unique). It gets even nicer at 4 (7,624,607,760). Why am I bothering with this? Let me show you a snippet of python code:
# requires python 2.x
import sha,sys
print sha.new(sys.stdin.read()).hexdigest()
This little beauty will compute the hex-digest of the Secure hashing algorithm (http://csrc.nist.gov/publications/fips/fips180-1
.
All you have to do to use this program is the following:
$ cat apps/kedit.png filesystems/zip.png mimetypes/widget_doc.png | hex_sha.py
066686143327A8A582E5F5333A98D6C3F1426
or, if you prefer:
$ cat apps/kedit.png mimetypes/widget_doc.png filesystems/zip.png | hex_sha.py
2C35BA8998BAAEA70008AE41E31F923142A48
Obviously, order matters. Starting from this simple building block I'm sure it woulndn't be too hard to have kdm/gdm/xdm use this alternate method. There are c libraries available (openssl) which accomplish the same feat.
In short, this can be implimented in a weekend by a skilled hacker. One could even see crative ways of assigning short characters to each picture so that clicking isn't necessary. Something along of the lines of:
Actions == A
aPps == P
Devices == D
Filesystems == F
Mimetypes == M
And each subdirectory use the same method as well. So instead of catting those three files via the CLI, I could opt to type
PE == aPps/kEdit.png
MW == Mimetypes/Widget_doc.png
FZ == Filesystems/Zip.png
So I could type PEMWFZ (case shouldn't matter as we're indexing through a series of directories/files) and get my first catted line above. The second line would be PEFZMW.
The weaknesses in the algorithm described above lie in the strengths of SHA and the number of choices (I'm using 3). Since SHA's collision space is larger than (297 3) The weakness lies in the permutation. As I showed above, it's pretty damn big. Make it 4 (and all pw's become 8 characters).
Hardest part is the passwords are still gibberishlike. Or are they? Each grouping is paired in twos naturally. The password in ones's mind isn't PEMWFZ, it's PE, MW, FZ. If one can visualize the picture with the grouping then there is a direct visual association. This would appleal to most hacker-types. And the non-techies can even just opt to scroll through the pictures clicking on the 3 (or 4) that comprise the password. There could even be an option displaying the shortcut keys as the pictures are being clicked in case the person can't remember one of the mnemonic groupings. This must be done in absolute secrecry should the should-surfers wander by.
You guys get the idea. I'm just spewing ideas about this topic.:)
(And to others about this "dumbing-down" passwords; I think my hacker/non-hacker solution above compliments both types nicely. It also gives rise to REAL passwords without having to memorize `a09GD3hz'. A compliment of pictures and shortcut blocks works well within the human mind -- try it if you don't believe me. On top of this, it eliminates the possiblity of people choosing 'god', 'stud' 'master' and other such obvious passwords.)
Feel free to flame my constructive brainstorming. This is