No, that does not appear to be what that press release is saying.
It's saying that Microsoft will be able to run Xen enabled guests on Windows Server. IOW... They are acting as the Xen hypervisor and can run canned Xen images. I don't see anything in that announcement that gives me any encouragement to believe you will be able to run Windows under the native Xen hypervisor. They're not talking about "running Xen" only "running Xen enabled guests under the Microsoft virtualization". Different critter.
In fact, reading that release, they seem to have gone to great pains to word it to exclude running Windows as a guest under the Xen hypervisor. It's all spun very carefully, there.
I've been trying to find an IPv4-only network (NAT or not, private address space or not) for over 4 years. I have failed miserably. I have always been able to get to IPv6, easily, one way or the other. I even was accessing IPv6 from a cruise ship at Linux Lunacy V.
The bad guys already know IPv6 is ubiquitous. Their bots are already IPv6 enabled. Their IRC servers are already on IPv6. It's old news to them. They can take advantage of ignorant network admins who don't recognize IPv6 traffic and tunnel entire networks.
There are even some IPv6-Only bittorents out there.
Teredo (Miredo) is good and works like a charm (but is only 1 host address, not an entire/48 network like 6to4). So does OpenVPN and a host of other v6 solutitions (6to4 works so-so depending on your NAT box). I would recommend OCCAID over Freenet6. OCCAID has a fully functional IPv6 backbone spanning most of the US, but is primarily 6in4 for end user tunnels so you may still need to resort to Teredo from behind a NAT (some OCCAID members are supporting Teredo servers and relays as well). SixXS is handling individual (free) accounts and tunnels and access for them.
At times, I've seen performance between the US and Europe better on IPv6 than on IPv4 (better routing through the IPv6 backbones, I guess).
That is sooo funny because it's sooo blatently wrong. Dead opposite, dead wrong.
Comcast exhausted the entire 10 net last year and are deploying IPv6 for their management addresses. Just check out their presentation at the recent NANOG (North American Network Operators Group) titled "IPv6 @ Comcast Managing 100+ Million IP Addresses" http://www.nanog.org/mtg-0606/pdf/alain-durand.pdf . Their situation is dire just with managing HSD "high speed data" devices (aka cable modems) already and going to get MUCH worse with their "triple play" deployment. Since they are management addresses, NAT is impractical, whether it's externally accessible or not. They don't have a choice. IPv6 is the only practical answer for them.
Comcast, themselves, are saying the exact opposite of what you are claiming. They use private address space, but that's NOT the way it's going to stay. The address shortage is a pointed issue with them. They're already moving to IPv6. IPv6 to the customer is on the horizon.
In November 2003, Robert Moskowitz, a senior technical director at ICSA Labs (part of TruSecure) released "Weakness in Passphrase Choice in WPA Interface". In this paper, Moskowitz described a straightforward formula that would reveal the passphrase by performing a dictionary attack against WPA-PSK networks. This weakness is based on the fact that the pairwise master key (PMK) is derived from the combination of the passphrase, SSID, length of the SSID and nonces. The concatenated string of this information is hashed 4,096 times to generate a 256-bit value and combine with nonce values. The information required to create and verify the session key is broadcast with normal traffic and is readily obtainable; the challenge then becomes the reconstruction of the original values. Moskowitz explains that the pairwise transient key (PTK) is a keyed-HMAC function based on the PMK; by capturing the four-way authentication handshake, the attacker has the data required to subject the passphrase to a dictionary attack. According to Moskowitz, "a key generated from a passphrase of less than about 20 characters is unlikely to deter attacks."
"The PTK is used in the 4-Way handshake to produce a hash of the frames. There is a long history of offline dictionary attacks against hashes. Any of these programs can be altered to use the information in the 4-Way Handshake as input to perform the offline attack. Just about any 8-character string a user may select will be in the dictionary. As the standard states, passphrases longer than 20 characters are needed to start deterring attacks. This is considerably longer than most people will be willing to use.
This offline attack should be easier to execute than the WEP attacks."
End quote. Reread THAT last sentence...
Current optimized attacks on WEP (assuming it's one of the more modern implementations that addresses the key scheduling problem and weak IVs) require something on the order of hundreds of thousands of packets with well distributed IVs. That's several megabytes of data. Then the WEP key can be recovered. There there is also "chop-chop" which is an active (and noisy) attack against WEP performed by generating controlled packet errors. All WEP is also vulnerable to the XOR known-codebook attack, but you have to accumulate over 2Gig of known data (one long packet for each unique IV) to recover the "code book" (the cypher stream). Yes, all of that is doable. I've done it. I'm well aware of the effort you have to go to in order to accomplish this. It all takes a LOT of data. Enough data, and it can be relatively quick to compute. One test I ran, I had over 500,000 "interesting" packets (unique IV) and Aircrack still couldn't break it after 3 hours of run time on a 2.4 GHz processor. Yes, it would eventually break it (but I ran out of time in my talk and I had only started the cracking run 2 hours before my talk began) and once it's broke, it's broke (but so is WPA-PSK). Obviously, if you have an older, or lame, implementation, the attacks against WEP work much much faster.
OTOH... WPA-PSK, you only need the first four packets of the session setup. Because you can cause the access point to "disassociate", you can force the nodes to reauthenticate and get your 4 packets at any time. Then you can brute force the PSK at your leasure. The longer and more complicated the passphrase is, the harder it will be to brute force. But, as Robert and other noted cryptographers had documented, it takes a LONG passphrase. 8 characters or less can be exhaustively broken in mere seconds. I've seen recommendations for passphrases that vary any
To give you an example... Some examples taken from WiFi for illustration... WPA is suppose to be better than WEP. It uses better hardened cryptography, such as would be approved here. It can use AES (WPA2 mandates support for it) and it uses TKIP. But... WPA-PSK is abysmally weak. Capture 4 packets of the WPA-PSK handshake (which you can force) and you can then do an off-line brute-force attack on the pre-shared key. If that PSK/passphrase is less than, say, about 24 charracters, you can break it. Even though it utilizes better, stronger, cryptography and cryptographic modules, the overall design (for PSK at least) is weak and can be broken easier than WEP (WPA-LEAP is also very VERY bad)! Would it meet the expectation that it could be compromised? It depends on the strength of the passphrase.
My point is that "strong cryptography" is not enough. Strong algorithms can be used but the system can still be quite weak. "Lame or broken" is meant for the broader landscape. WEP used RC4, which is pretty strong (128 bit). But the overall design left it open to XOR attacks and key scheduling attacks and the IV's were a joke. Implementations of a bad design made it even worse. Some idiot vendors left the initialization vectors a constant in their products or used simple IV generation that reused IVs improperly.
So there's two examples of hardened cryptography, AES and RC4, that resulted in weak systems due to the over all design, WEP and WPA-PSK. You can add the Cisco LEAP and WPA-LEAP into that mix, if you wish, but that's not that common.
Not too long ago, a USB key manufacturer had a provision for encrypting the data on the key but then left the key were it could be recovered (a fact that the owner would have been unaware of). The crypto was strong but the implementation was lame. Do you get a "get out of notification free" card just because you didn't know or think the data could be compromised because of some developer who didn't know what he was doing when he implemented the system (even with strong modules)?
What about theft of data from a running system? I've got ways of encrypting my entire laptop with AES 256, including the boot information, using Linux and booting from a USB key. That meets the definitions for recognized strong mudules and algorithms. But, what if someone breaks into the system electronically when the system is running and the drives are "unlocked"? Game over... Do I still get the exemption then? It would seem not, based on the expectation of compromise and the "safeguards", but it's not clear.
The notification should still be required and you can let them know how well you protected their data with encryption and let them judge.
But it's got a gotcha. There's an exemption if they encrypt their data - even if the encryption is lame or broken. If they encrypted their data, they don't have to notify anyone. That's a loophole to drive a world class semi through. And there are fears that it will superceed laws like those in some states, such as California, which have no such exemption.
Fail that remedial biology? Your prostate is nowhere (topologically) near your asshole. Wrong path. It would have to go up and back down again. Large and small intestine vs bladder and urethra. Shorter route would be through your stomache. Of course, the other alternative is worse... Far worse...
You need to map out your requirements and then formulate them into an SLA, a Service Level Agreement. Then get your management to agree to it and take it to the barganing table. Make it clear that this is what they (the IT department) will be measured and evaluated against. If they can't agree to it, then get them to counterproposal. But, what ever you do, get it in writing in the form of an SLA, with the bosses on board... The particulars about what services and what responses and what responsibilities you want from them are details that go into the SLA. Once you hash out the details, get them locked into that SLA, though...
Obviously you are not thinking about it... Think Internet2 (that's what this was about, right). Think a university. Think a dorm room. Think the university has no records of the "EUI" (that lower 64 bits that makes up your host field of the address) that you chose for that 5 minutes and then went on about your business (you can change it as often as you like and you don't have to ask anyone's permission or ask for another address). All they can do is isolate it down to a network and an SLA (that's a subnet in IPv4 lingo). It don't get you to the end user. And it don't get you into the past. And it don't make you telepathic.
Oh, and BTW, your ISP doesn't typically give you a/64 (unless you are an exceptional shmuck with only one subnet). The standard allocation is a/48. That's 65,536 subnets. You can get a/64 from Hurricane Electric just by filling out a form, no questions asked. Send them a message telling them you've got more than one subnet, and you can get a/48 for the asking. Freenet6 is handing out full/48 networks even easier and they are now shifting from 3ffe::/16 6bone (6bone is being retired in the next couple of years) to 2001::/16 production even now. Commercially, Verio (as I understand it) is charging $300 USD per month for a/48 to their commercial customers, native to the POP, in the US. The/48 still gets you to the network and a court order on the SLA might get you to the subnet, but there is still NO RECORD of who WAS using that privacy enhanced EUI WHEN it was in (ab)use.
Now... For the home user, that's another story. Your network identifies a household and that's pretty tight. And, of course, all you home users can already use IPv6 any way you want (6to4 gives every IPv4 user an entire IPv6 NETWORK that you can use immediately without asking anyone's permission, including your ISP), and, yes, that's traceable to your IPv4 address. But, in real world IPv6 land, you can only get to the network (TLA/NLA) and subnetwork (SLA), if the user is assigning his own EUI (host) addresses, and you can't get any further without tracing on the subnet, when the activity is occuring.
You COULD set up tools on each subnet to log each IP address and each MAC address that was associated and what switch port (assuming you are using managed switches that can be quiried over SNMP for IPv6 type stuff) was in use for that operation, but I don't know of any tools available for that purpose at this time and it sure as hell isn't being logged anywhere.
So what if they come to your door demanding those logs! There are no logs to be had! It's stateless! No dhcp! No server! It's autoconfigured. God himself would have to have a time machine to figure out what IPv6 address you were on when they sniffed that traffic. If they get on NOW and they get the organization to log all activity through ALL their layer two switches, they MIGHT have a shot at catching you IF you hit the net again (and you weren't using IPSec or some other tunnelling mechanism)... Fat chance... Fat chance they will even get to the point where they even realize how badly they are screwed.
Better still, if you've got wireless involved (you better bet your sweet bippy that IPv6 native works just fine over 802.11* - I'm running it now). You can set up stand-alone wireless devices that sit out on the ether and throw IPv6 tunnels back over the Access Points they're sitting behind. Play IPv6 on P2P and tunnel it back to netland and no hard wire to be found (outside of the wall wart to power it). That's to say nothing of all these universities firing up 802.11 like they were stoking a blast furnice. Wifi to the Max and IPv6 to take it into orbit.
It's not impossible. Just a real BITCH compared to IPv4. A real major BITCH just to pony up to the bar and figure out how deep the well is just to begin searching... And that's where the fun begun.
Wait till they get a taste of "privacy enhanced addresses" on IPv6 and find out some of those machines can change their addresses at random and not be tracable (only tracable to the subnet and no address server required or logs kept). They'll have to track'm down by MAC address (assuming no one is spoofing and morphing MAC addresses - how long will that take?) and wire by wire, switch by switch, once they're on the subnet itself, with the "cooperation" of the local techie staff. That's not even counting the really wicked stuff you can pull with multiple addresses (thousands, if you like) and different client and server addresses). BitTorrent already has IPv6 patches and some v6 BitTorrent seeders and servers.
Hmmm...
Internet2 + High Bandwidth + IPv6 + Privacy Enhanced addresses = good time to buy in stock in antacid vendors.
The MPAA and RIAA and going to make for a run on their wares...:-)
You are correct. You are wrong. Even if some cards have immutable "burned in MAC addresses" (I not aware of any) the fact remains that most of them allow you to set the MAC address. The bad guy merely has to buy the card that lets him do what he wants to do. Even if you only buy fixed address cards, he's not so restricted. So, even if only one model of one brand allowed this technique, you would still be screwed. And, AFAIK, it's the majority of cards which allow it, not even a minority. And, yes, it really does change the address on the air.
Been in Beijing and Tianjin and Xi'an. I love the traffic lights. The moving bar style are great but I would be concerned about anyone who might be color blind (the red and green occupy the same bar space so you can't judge by "what's on top"). And you very rarely see any accidents, even where four lane roads intersect WITHOUT lights, even densely packed with traffic. There's a difference in attitude on the roads, too. Everyone keeps moving. Horns are not an act of agression, as they are here in the US. Horns are an audio location system, like bats. Toot, toot, I'm here. Toot, toot, in your blind spot. Toot toot, clear to move... Beat's the hell out of the road rage'n rednecks on the loose on our highways.
Maybe you are asking the wrong questions. Many sites which are on IPv6 maintain separate namespaces. Some overlap and have both A and AAAA records but some prefer to determine which is which.
One of your examles, internet2.edu...
$ host -t AAAA ipv6.internet2.edu ipv6.internet2.edu has AAAA address 2001:468:1420::1500 $ host ipv6.internet2.edu ipv6.internet2.edu has address 207.75.164.64 $ host www.internet2.edu www.internet2.edu has address 207.75.164.64
How about that. It's the same box as www.internet2.edu, they've just got the AAAA records under a different name. But it IS IPv6 enabled.
Other sites that separates v6 and v4 into separate name spaces (this time with an entire subdomain):
$ host -t AAAA irc.ipv6.freenode.net irc.ipv6.freenode.net has AAAA address 2001:1418:13:1::25 irc.ipv6.freenode.net has AAAA address 2001:1bc0::ffff:ffff:1337 $ host -t AAAA altavista.ipv6.digital.com altavista.ipv6.digital.com has AAAA address 3ffe:1200:2001:1:8000::1
*.freenode.net is IPv4. *.ip6.freenode.net is IPv6. They chose to keep the namespaces orthogonal. Their shot to call. Same with the digital site
Some others with mixed records...
$ host -t AAAA www.netbsd.org www.netbsd.org has AAAA address 2001:4f8:4:7:290:27ff:feab:19a7 $ host -t AAAA www.arin.net www.arin.net has AAAA address 2001:440:2000:1::16 $ host -t AAAA www.stealth.net www.stealth.net has AAAA address 2001:458:20:100::5 $ host -t AAAA www.comedycorner.org www.comedycorner.org is an alias for puck.litech.org. puck.litech.org has AAAA address 3ffe:2900:2006:40:202:b3ff:fea4:a44e host -t AAAA www.kame.net www.kame.net is an alias for orange.kame.net. orange.kame.net has AAAA address 2001:200:0:8002:203:47ff:fea5:3085
You can come up with piles and piles and piles of sites that don't use IPv6 and you still miss the fact that some of them ARE using IPv6 and none of it shows that IPv6 isn't being used, even if it isn't being used (yet) by your favorite sites.
Most MS-Windows desktops, all you have to do is "turn it on". For WindowsXP SP2 (or SP1 with the advanced networking patch) all you have to do is add IPv6 to the connection under connection properties. You don't even need to reboot the box! It will autoconfigure, if a router is advertising a prefix, and it will enable 6to4 and Teredo (IPv6 over UDP).
If you are using Windows2K, you have to install a patch from MS. Earlier versions of Windows, you can get patches from Hitachi. All free.
The V6 backbones are just that V6 native and V4 tunneled over V6 ala DSTM (4over6).
You are correct. He is wrong. The operative word here is "exclusively". He would have been more proper to say "primarily". IPv6 IS the protocol of choice on the Internet 2 but it does, grudgingly, provide for IPv4. It doesn't EXCLUDE IPv4. But it does PREFER IPv6. And there are some things on Internet 2 which you can NOT do if you are limited to IPv4. (High bandwidth stuff requiring jumbograms, just to mention one obvious one.)
IPv6 is already deployed and it's available and reachable anywhere IPv4 is available. You can use 6to4 and start accessing it immediately without asking anyone's permission. Works over the cable modems, the broadband providers, and 3G cellular networks, everything. No special support required. You can even run servers on it and the clueless providers who are blocking access to ports on IPv4 have no idea of what's happening on IPv6, even tunneled on IPv4 (which is really just a header encapsulation to provide transport).
Check the IANA and RIR allocation tables. There are more IPv6 networks allocated to the ISPs and LIRs than IPv4. Check the BGP tables. Last I looked (couple of months ago) there are over 40 million IPv6 networks (not even counting RIPE's insane route for an entire/20) routable to the ISP level right now (and only takes about 400 routes compared to IPv4 with 130,000 routes routing far fewer networks).
Sitting around LinuxWorld Expo SF a month ago, I was sniffing live IPv6 traffic on the wireless lans in the session rooms. I could access global IPv6 from anywhere. From public IPv4 space or private IPv4 space. If a router was advertising, I didn't even NEED IPv4 space or addresses.
I have yet to find anywhere on IPv4 where my global IPv6 connectivity was not available to me and I've had several instances where IPv4 was "unavailable" (DNS or DHCP brain farts) and yet all my IPv6 was operational.
IPv6 doesn't depend on IPv4 "going away" and has coexisted with IPv4 for years and will coexist with IPv4 for years to come.
Wait until the peer to peer crowd learns what they can do with "Privacy Enhanced Addresses" that change dynamically and are not tracked (like dhcp or ppp addresses are).
Several major government agencies are already using IPv6 backbones and tunneling islands of IPv4 across IPv6.
There are enough IPv6 networks in production that TOTD (the Trick Or Treat Daemon) actually shows up in a survey of DNS servers with a significant percentage. TOTD is used for IPv6-ONLY networks to shim the DNS requests and translate "A" record responses into "AAAA" records which the IPv6 only hosts can use. It's not needed if systems have direct access to IPv4 and is an indication of systems and networks which have to use protocol translators like NAT-PT or pTRTd.
Wake up! IPv6 arrived years ago and is likely already on your LANs (you just don't know it or control it...). You watch for IP protocol 41? You monitor 3544/udp? Check your PPP connections for IPv6 endpoints? How 'bout dem tunnels???:-) They don't all work everywhere but everywhere has something and several that work, and work well.
That joke predates Clinton so you can't attribute it to him, even... My God! I heard that as a child (and I'm in my 50's). Benny Godman could have told that joke... (Ok... Anyone in this crowd even know who he WAS?)
The old PGP used RSA sign-and-encrypt keys. The same key was used for both encryption and signatures. You can only generated those keys under "expert" mode (same place you would generate ElGamal signature keys). Generate an RSA+RSA key under GnuPG and you get two keys, a primary signature key and a different encryption key. Both will be RSA. But the RSA+RSA was NOT what the old PGP used. There's good reason to have separate keys and subkeys with different functionality and attributes. But that wasn't in the original PGP.
The old PGP also used IDEA for the symetrical algorithm and that's STILL patented, so the stock GnuPG STILL doesn't contain it and you STILL can't interoperate with the old PGP (pre PGP 5.0).
An ElGamal signature key blows goats where it comes to performance (the verify algorithm is at least an order of magnitude worse than encrypt, decrypt, or sign). Even having one on your keyring sends the key verify option into the weeds in turtle mode, because of the verification signatures taking soooo looonnnggg to verify. It's an oxymoron to have those keys generated under "expert" mode as well (since said "expert" wouldn't be one if he wanted one).
Imagine the possibilities? Yes. Absolutely... Think instant qualification for a Darwin Award. When thinking of combining a high potential oxidizer with a "high heat of oxidation" fuel one should consider the results of the experiments of lighting charcoal with LOX (Liquid Oxygen). I don't have the URL handy for the MOV file but the results are spectacular, to say the least, and the fire department is unlikely to permit a repeat of the experiment.:-) In this case, the oxidizer is less "potent" but the fuel is "without peer". Looking for a place on "What Were They Thinking?", this would do it.
Having done some large castings in casting resin (clear and with opaque or translucent dyes), I can tell you that it's not all that simple to just cast a ball that size either. The casting material is going to be expensive to begin with. And if you don't get the hardner mix ratio just right, that stuff it going to crack and craze like crazy (split a few "paper-weights" in half). It gives off heat (from the chemical reaction as it "cures") which can damage really thick objects, like a 6 inch ball. I'd be willing to bet that what they have is not "hobbiest grade" casting material. It's more likely commercial grade plexiglass type material with a translucent dye added. It might not even be chemically cured like epoxy resins but may be cure thermally or by UV light (former - likely, later - possible but highly unlikely). Plexiglass resins become soft and pliable as you warm them (within reason - moderately high heat burns them easily) but casting resin does not - it cracks and crazes and shatters. The dye would be similar to the casting dyes you would get at a hobby shop. You MIGHT be able to cast a ball that size, if you are lucky, in casting resin but keep it away from large temperature changes and bright sunlight (which damages through both large temperature gradients and UV breakdown damage). You may find that this isn't a cost-effective "do it yourself project" after all.
Slashdot Mirror
No, that does not appear to be what that press release is saying.
It's saying that Microsoft will be able to run Xen enabled guests on Windows Server. IOW... They are acting as the Xen hypervisor and can run canned Xen images. I don't see anything in that announcement that gives me any encouragement to believe you will be able to run Windows under the native Xen hypervisor. They're not talking about "running Xen" only "running Xen enabled guests under the Microsoft virtualization". Different critter.
In fact, reading that release, they seem to have gone to great pains to word it to exclude running Windows as a guest under the Xen hypervisor. It's all spun very carefully, there.
Damn... Missed that...
Runner up caption in a caption contest years ago for an image of a nude mermaid fountain in a reflecting pool...
"No, I said bare board cooling... Spell checking doesn't catch everything."
Sigh...
I've been trying to find an IPv4-only network (NAT or not, private address space or not) for over 4 years. I have failed miserably. I have always been able to get to IPv6, easily, one way or the other. I even was accessing IPv6 from a cruise ship at Linux Lunacy V.
/48 network like 6to4). So does OpenVPN and a host of other v6 solutitions (6to4 works so-so depending on your NAT box). I would recommend OCCAID over Freenet6. OCCAID has a fully functional IPv6 backbone spanning most of the US, but is primarily 6in4 for end user tunnels so you may still need to resort to Teredo from behind a NAT (some OCCAID members are supporting Teredo servers and relays as well). SixXS is handling individual (free) accounts and tunnels and access for them.
The bad guys already know IPv6 is ubiquitous. Their bots are already IPv6 enabled. Their IRC servers are already on IPv6. It's old news to them. They can take advantage of ignorant network admins who don't recognize IPv6 traffic and tunnel entire networks.
There are even some IPv6-Only bittorents out there.
Teredo (Miredo) is good and works like a charm (but is only 1 host address, not an entire
At times, I've seen performance between the US and Europe better on IPv6 than on IPv4 (better routing through the IPv6 backbones, I guess).
That is sooo funny because it's sooo blatently wrong. Dead opposite, dead wrong.
f . Their situation is dire just with managing HSD "high speed data" devices (aka cable modems) already and going to get MUCH worse with their "triple play" deployment. Since they are management addresses, NAT is impractical, whether it's externally accessible or not. They don't have a choice. IPv6 is the only practical answer for them.
Comcast exhausted the entire 10 net last year and are deploying IPv6 for their management addresses. Just check out their presentation at the recent NANOG (North American Network Operators Group) titled "IPv6 @ Comcast Managing 100+ Million IP Addresses" http://www.nanog.org/mtg-0606/pdf/alain-durand.pd
Comcast, themselves, are saying the exact opposite of what you are claiming. They use private address space, but that's NOT the way it's going to stay. The address shortage is a pointed issue with them. They're already moving to IPv6. IPv6 to the customer is on the horizon.
You loose. Thank you for playing.
Maybe a little more research is in order here...
http://www.linuxjournal.com/article/8312
From that article:
In November 2003, Robert Moskowitz, a senior technical director at ICSA Labs (part of TruSecure) released "Weakness in Passphrase Choice in WPA Interface". In this paper, Moskowitz described a straightforward formula that would reveal the passphrase by performing a dictionary attack against WPA-PSK networks. This weakness is based on the fact that the pairwise master key (PMK) is derived from the combination of the passphrase, SSID, length of the SSID and nonces. The concatenated string of this information is hashed 4,096 times to generate a 256-bit value and combine with nonce values. The information required to create and verify the session key is broadcast with normal traffic and is readily obtainable; the challenge then becomes the reconstruction of the original values. Moskowitz explains that the pairwise transient key (PTK) is a keyed-HMAC function based on the PMK; by capturing the four-way authentication handshake, the attacker has the data required to subject the passphrase to a dictionary attack. According to Moskowitz, "a key generated from a passphrase of less than about 20 characters is unlikely to deter attacks."
Reread that last sentence...
Robert's article can be found here:
http://wifinetnews.com/archives/002452.html
To quote Robert from the above article:
"The PTK is used in the 4-Way handshake to produce a hash of the frames. There is a long history of offline dictionary attacks against hashes. Any of these programs can be altered to use the information in the 4-Way Handshake as input to perform the offline attack. Just about any 8-character string a user may select will be in the dictionary. As the standard states, passphrases longer than 20 characters are needed to start deterring attacks. This is considerably longer than most people will be willing to use.
This offline attack should be easier to execute than the WEP attacks."
End quote. Reread THAT last sentence...
Current optimized attacks on WEP (assuming it's one of the more modern implementations that addresses the key scheduling problem and weak IVs) require something on the order of hundreds of thousands of packets with well distributed IVs. That's several megabytes of data. Then the WEP key can be recovered. There there is also "chop-chop" which is an active (and noisy) attack against WEP performed by generating controlled packet errors. All WEP is also vulnerable to the XOR known-codebook attack, but you have to accumulate over 2Gig of known data (one long packet for each unique IV) to recover the "code book" (the cypher stream). Yes, all of that is doable. I've done it. I'm well aware of the effort you have to go to in order to accomplish this. It all takes a LOT of data. Enough data, and it can be relatively quick to compute. One test I ran, I had over 500,000 "interesting" packets (unique IV) and Aircrack still couldn't break it after 3 hours of run time on a 2.4 GHz processor. Yes, it would eventually break it (but I ran out of time in my talk and I had only started the cracking run 2 hours before my talk began) and once it's broke, it's broke (but so is WPA-PSK). Obviously, if you have an older, or lame, implementation, the attacks against WEP work much much faster.
OTOH... WPA-PSK, you only need the first four packets of the session setup. Because you can cause the access point to "disassociate", you can force the nodes to reauthenticate and get your 4 packets at any time. Then you can brute force the PSK at your leasure. The longer and more complicated the passphrase is, the harder it will be to brute force. But, as Robert and other noted cryptographers had documented, it takes a LONG passphrase. 8 characters or less can be exhaustively broken in mere seconds. I've seen recommendations for passphrases that vary any
To give you an example... Some examples taken from WiFi for illustration... WPA is suppose to be better than WEP. It uses better hardened cryptography, such as would be approved here. It can use AES (WPA2 mandates support for it) and it uses TKIP. But... WPA-PSK is abysmally weak. Capture 4 packets of the WPA-PSK handshake (which you can force) and you can then do an off-line brute-force attack on the pre-shared key. If that PSK/passphrase is less than, say, about 24 charracters, you can break it. Even though it utilizes better, stronger, cryptography and cryptographic modules, the overall design (for PSK at least) is weak and can be broken easier than WEP (WPA-LEAP is also very VERY bad)! Would it meet the expectation that it could be compromised? It depends on the strength of the passphrase.
My point is that "strong cryptography" is not enough. Strong algorithms can be used but the system can still be quite weak. "Lame or broken" is meant for the broader landscape. WEP used RC4, which is pretty strong (128 bit). But the overall design left it open to XOR attacks and key scheduling attacks and the IV's were a joke. Implementations of a bad design made it even worse. Some idiot vendors left the initialization vectors a constant in their products or used simple IV generation that reused IVs improperly.
So there's two examples of hardened cryptography, AES and RC4, that resulted in weak systems due to the over all design, WEP and WPA-PSK. You can add the Cisco LEAP and WPA-LEAP into that mix, if you wish, but that's not that common.
Not too long ago, a USB key manufacturer had a provision for encrypting the data on the key but then left the key were it could be recovered (a fact that the owner would have been unaware of). The crypto was strong but the implementation was lame. Do you get a "get out of notification free" card just because you didn't know or think the data could be compromised because of some developer who didn't know what he was doing when he implemented the system (even with strong modules)?
What about theft of data from a running system? I've got ways of encrypting my entire laptop with AES 256, including the boot information, using Linux and booting from a USB key. That meets the definitions for recognized strong mudules and algorithms. But, what if someone breaks into the system electronically when the system is running and the drives are "unlocked"? Game over... Do I still get the exemption then? It would seem not, based on the expectation of compromise and the "safeguards", but it's not clear.
The notification should still be required and you can let them know how well you protected their data with encryption and let them judge.
But it's got a gotcha. There's an exemption if they encrypt their data - even if the encryption is lame or broken. If they encrypted their data, they don't have to notify anyone. That's a loophole to drive a world class semi through. And there are fears that it will superceed laws like those in some states, such as California, which have no such exemption.
Uh... Actually... No...
Fail that remedial biology? Your prostate is nowhere (topologically) near your asshole. Wrong path. It would have to go up and back down again. Large and small intestine vs bladder and urethra. Shorter route would be through your stomache. Of course, the other alternative is worse... Far worse...
You need to map out your requirements and then formulate them into an SLA, a Service Level Agreement. Then get your management to agree to it and take it to the barganing table. Make it clear that this is what they (the IT department) will be measured and evaluated against. If they can't agree to it, then get them to counterproposal. But, what ever you do, get it in writing in the form of an SLA, with the bosses on board... The particulars about what services and what responses and what responsibilities you want from them are details that go into the SLA. Once you hash out the details, get them locked into that SLA, though...
Obviously you are not thinking about it... Think Internet2 (that's what this was about, right). Think a university. Think a dorm room. Think the university has no records of the "EUI" (that lower 64 bits that makes up your host field of the address) that you chose for that 5 minutes and then went on about your business (you can change it as often as you like and you don't have to ask anyone's permission or ask for another address). All they can do is isolate it down to a network and an SLA (that's a subnet in IPv4 lingo). It don't get you to the end user. And it don't get you into the past. And it don't make you telepathic.
/64 (unless you are an exceptional shmuck with only one subnet). The standard allocation is a /48. That's 65,536 subnets. You can get a /64 from Hurricane Electric just by filling out a form, no questions asked. Send them a message telling them you've got more than one subnet, and you can get a /48 for the asking. Freenet6 is handing out full /48 networks even easier and they are now shifting from 3ffe::/16 6bone (6bone is being retired in the next couple of years) to 2001::/16 production even now. Commercially, Verio (as I understand it) is charging $300 USD per month for a /48 to their commercial customers, native to the POP, in the US. The /48 still gets you to the network and a court order on the SLA might get you to the subnet, but there is still NO RECORD of who WAS using that privacy enhanced EUI WHEN it was in (ab)use.
Oh, and BTW, your ISP doesn't typically give you a
Now... For the home user, that's another story. Your network identifies a household and that's pretty tight. And, of course, all you home users can already use IPv6 any way you want (6to4 gives every IPv4 user an entire IPv6 NETWORK that you can use immediately without asking anyone's permission, including your ISP), and, yes, that's traceable to your IPv4 address. But, in real world IPv6 land, you can only get to the network (TLA/NLA) and subnetwork (SLA), if the user is assigning his own EUI (host) addresses, and you can't get any further without tracing on the subnet, when the activity is occuring.
You COULD set up tools on each subnet to log each IP address and each MAC address that was associated and what switch port (assuming you are using managed switches that can be quiried over SNMP for IPv6 type stuff) was in use for that operation, but I don't know of any tools available for that purpose at this time and it sure as hell isn't being logged anywhere.
So what if they come to your door demanding those logs! There are no logs to be had! It's stateless! No dhcp! No server! It's autoconfigured. God himself would have to have a time machine to figure out what IPv6 address you were on when they sniffed that traffic. If they get on NOW and they get the organization to log all activity through ALL their layer two switches, they MIGHT have a shot at catching you IF you hit the net again (and you weren't using IPSec or some other tunnelling mechanism)... Fat chance... Fat chance they will even get to the point where they even realize how badly they are screwed.
Better still, if you've got wireless involved (you better bet your sweet bippy that IPv6 native works just fine over 802.11* - I'm running it now). You can set up stand-alone wireless devices that sit out on the ether and throw IPv6 tunnels back over the Access Points they're sitting behind. Play IPv6 on P2P and tunnel it back to netland and no hard wire to be found (outside of the wall wart to power it). That's to say nothing of all these universities firing up 802.11 like they were stoking a blast furnice. Wifi to the Max and IPv6 to take it into orbit.
It's not impossible. Just a real BITCH compared to IPv4. A real major BITCH just to pony up to the bar and figure out how deep the well is just to begin searching... And that's where the fun begun.
Internet2 is a hotbed of IPv6 as well.
:-)
Wait till they get a taste of "privacy enhanced addresses" on IPv6 and find out some of those machines can change their addresses at random and not be tracable (only tracable to the subnet and no address server required or logs kept). They'll have to track'm down by MAC address (assuming no one is spoofing and morphing MAC addresses - how long will that take?) and wire by wire, switch by switch, once they're on the subnet itself, with the "cooperation" of the local techie staff. That's not even counting the really wicked stuff you can pull with multiple addresses (thousands, if you like) and different client and server addresses). BitTorrent already has IPv6 patches and some v6 BitTorrent seeders and servers.
Hmmm...
Internet2 + High Bandwidth + IPv6 + Privacy Enhanced addresses = good time to buy in stock in antacid vendors.
The MPAA and RIAA and going to make for a run on their wares...
Oh... This is gonna be good...
You are correct. You are wrong. Even if some cards have immutable "burned in MAC addresses" (I not aware of any) the fact remains that most of them allow you to set the MAC address. The bad guy merely has to buy the card that lets him do what he wants to do. Even if you only buy fixed address cards, he's not so restricted. So, even if only one model of one brand allowed this technique, you would still be screwed. And, AFAIK, it's the majority of cards which allow it, not even a minority. And, yes, it really does change the address on the air.
Do your homework. Look up Supplicant, XSupplication, HostAP, 802.11i for Linux, 802.1x for Linux, etc, etc, etc... Lots of things going on.
ITMT... This crack is only for weak keys with WPA-PSK. Not applicable to WPA enterprise or WPA2.
Been in Beijing and Tianjin and Xi'an. I love the traffic lights. The moving bar style are great but I would be concerned about anyone who might be color blind (the red and green occupy the same bar space so you can't judge by "what's on top"). And you very rarely see any accidents, even where four lane roads intersect WITHOUT lights, even densely packed with traffic. There's a difference in attitude on the roads, too. Everyone keeps moving. Horns are not an act of agression, as they are here in the US. Horns are an audio location system, like bats. Toot, toot, I'm here. Toot, toot, in your blind spot. Toot toot, clear to move... Beat's the hell out of the road rage'n rednecks on the loose on our highways.
One of your examles, internet2.edu...
How about that. It's the same box as www.internet2.edu, they've just got the AAAA records under a different name. But it IS IPv6 enabled.Other sites that separates v6 and v4 into separate name spaces (this time with an entire subdomain):
*.freenode.net is IPv4. *.ip6.freenode.net is IPv6. They chose to keep the namespaces orthogonal. Their shot to call. Same with the digital siteSome others with mixed records...
You can come up with piles and piles and piles of sites that don't use IPv6 and you still miss the fact that some of them ARE using IPv6 and none of it shows that IPv6 isn't being used, even if it isn't being used (yet) by your favorite sites.If you are using Windows2K, you have to install a patch from MS. Earlier versions of Windows, you can get patches from Hitachi. All free.
The V6 backbones are just that V6 native and V4 tunneled over V6 ala DSTM (4over6).
You are correct. He is wrong. The operative word here is "exclusively". He would have been more proper to say "primarily". IPv6 IS the protocol of choice on the Internet 2 but it does, grudgingly, provide for IPv4. It doesn't EXCLUDE IPv4. But it does PREFER IPv6. And there are some things on Internet 2 which you can NOT do if you are limited to IPv4. (High bandwidth stuff requiring jumbograms, just to mention one obvious one.)
Best book I've found so far, O'Reilly (of course) IPv6 Essentials.
IPv6 for Linux, DeepSpace6: http://www.deepspace6.net (May be slow at times, be patient).
Another good site: HS247: http://www.hs247.net
Lot's of links from those to many other fine sites.
Check the IANA and RIR allocation tables. There are more IPv6 networks allocated to the ISPs and LIRs than IPv4. Check the BGP tables. Last I looked (couple of months ago) there are over 40 million IPv6 networks (not even counting RIPE's insane route for an entire
Sitting around LinuxWorld Expo SF a month ago, I was sniffing live IPv6 traffic on the wireless lans in the session rooms. I could access global IPv6 from anywhere. From public IPv4 space or private IPv4 space. If a router was advertising, I didn't even NEED IPv4 space or addresses.
I have yet to find anywhere on IPv4 where my global IPv6 connectivity was not available to me and I've had several instances where IPv4 was "unavailable" (DNS or DHCP brain farts) and yet all my IPv6 was operational.
IPv6 doesn't depend on IPv4 "going away" and has coexisted with IPv4 for years and will coexist with IPv4 for years to come.
Wait until the peer to peer crowd learns what they can do with "Privacy Enhanced Addresses" that change dynamically and are not tracked (like dhcp or ppp addresses are).
Several major government agencies are already using IPv6 backbones and tunneling islands of IPv4 across IPv6.
There are enough IPv6 networks in production that TOTD (the Trick Or Treat Daemon) actually shows up in a survey of DNS servers with a significant percentage. TOTD is used for IPv6-ONLY networks to shim the DNS requests and translate "A" record responses into "AAAA" records which the IPv6 only hosts can use. It's not needed if systems have direct access to IPv4 and is an indication of systems and networks which have to use protocol translators like NAT-PT or pTRTd.
Wake up! IPv6 arrived years ago and is likely already on your LANs (you just don't know it or control it...). You watch for IP protocol 41? You monitor 3544/udp? Check your PPP connections for IPv6 endpoints? How 'bout dem tunnels???
Hmmm... Add the possibility of a whole new meaning to the term "denial of service" or, better (worse) yet, jamming... :-/
Booo hisss... Old joke...
Badda bimm...
That joke predates Clinton so you can't attribute it to him, even... My God! I heard that as a child (and I'm in my 50's). Benny Godman could have told that joke... (Ok... Anyone in this crowd even know who he WAS?)
The old PGP used RSA sign-and-encrypt keys. The same key was used for both encryption and signatures. You can only generated those keys under "expert" mode (same place you would generate ElGamal signature keys). Generate an RSA+RSA key under GnuPG and you get two keys, a primary signature key and a different encryption key. Both will be RSA. But the RSA+RSA was NOT what the old PGP used. There's good reason to have separate keys and subkeys with different functionality and attributes. But that wasn't in the original PGP.
The old PGP also used IDEA for the symetrical algorithm and that's STILL patented, so the stock GnuPG STILL doesn't contain it and you STILL can't interoperate with the old PGP (pre PGP 5.0).
An ElGamal signature key blows goats where it comes to performance (the verify algorithm is at least an order of magnitude worse than encrypt, decrypt, or sign). Even having one on your keyring sends the key verify option into the weeds in turtle mode, because of the verification signatures taking soooo looonnnggg to verify. It's an oxymoron to have those keys generated under "expert" mode as well (since said "expert" wouldn't be one if he wanted one).
Seems like they have a fairly effective braking system. I wonder what the immobile target was ?
Uh... History?
Imagine the possibilities? Yes. Absolutely... Think instant qualification for a Darwin Award. When thinking of combining a high potential oxidizer with a "high heat of oxidation" fuel one should consider the results of the experiments of lighting charcoal with LOX (Liquid Oxygen). I don't have the URL handy for the MOV file but the results are spectacular, to say the least, and the fire department is unlikely to permit a repeat of the experiment. :-) In this case, the oxidizer is less "potent" but the fuel is "without peer". Looking for a place on "What Were They Thinking?", this would do it.
Having done some large castings in casting resin (clear and with opaque or translucent dyes), I can tell you that it's not all that simple to just cast a ball that size either. The casting material is going to be expensive to begin with. And if you don't get the hardner mix ratio just right, that stuff it going to crack and craze like crazy (split a few "paper-weights" in half). It gives off heat (from the chemical reaction as it "cures") which can damage really thick objects, like a 6 inch ball. I'd be willing to bet that what they have is not "hobbiest grade" casting material. It's more likely commercial grade plexiglass type material with a translucent dye added. It might not even be chemically cured like epoxy resins but may be cure thermally or by UV light (former - likely, later - possible but highly unlikely). Plexiglass resins become soft and pliable as you warm them (within reason - moderately high heat burns them easily) but casting resin does not - it cracks and crazes and shatters. The dye would be similar to the casting dyes you would get at a hobby shop. You MIGHT be able to cast a ball that size, if you are lucky, in casting resin but keep it away from large temperature changes and bright sunlight (which damages through both large temperature gradients and UV breakdown damage). You may find that this isn't a cost-effective "do it yourself project" after all.