Apparently so, nowadays. First you architect solutions, then you're leveraging synergies, and it's a downhill slope from there into corporate marketspeak.
the problem is that if someone knows the MD5 of a password, they can use this code to generate another password with the same MD5. since passwords are usually stored hashed, an attacker wouldn't need to know the original password, only another password that would generate the same MD5
How?
The collision vulnerabilities do not allow this. They require both the MD5, and the original plaintext, to produce a modified plaintext that has the same MD5.
Think about it - how do you know it's a collision at all, unless you have the original plaintext? A collision is two different plaintexts that produce the same MD5. You can't know if you have a different plaintext unless you have the original plaintext.
If you had the original plaintext, that means you've got the original password, so collisions are entirely irrelevant. You've already got what you need to log in.
There is still no way, other than the brute force enumeration which is made easier to look up through Rainbow Tables, to get from an MD5 to a plaintext that hashes to that MD5 value. The discovery of methods to produce collisions has not weakened MD5 any further - so far only the increase in computing power to produce Rainbow Tables has weakened this particular use. But trivial salting of the values makes Rainbow Tables useless once more.
The use of MD5 as a method to checksum files has been blown out of the water, of course. That's the other use, which I'm not arguing about at all. You know both the plaintext and the MD5 there, because you've downloaded the file and the MD5 for the file which you trust can't be forged - which is no longer true.
Maybe someone could explain why collisions are a serious problem for MD5. Or at least in what instances they are. I can see that in some cases, such as password hashing this could be a problem.
It's not a problem in password hashing. There is still no feasible way to compute one of the infinite plaintexts that would generate a given MD5 from just the MD5. Rainbow Tables are the main threat there, but they're defeated by salting (e.g. HMAC-MD5) as you have to regenerate the tables all over again (and find the salt in the first place). It doesn't hurt to go to a larger, more complex hash, but for this purpose, there's no additional worries. It's still "preimage resistant".
The calculation was performed on 512 processors
of an IBM p690 parallel computer at the Computing Centre of the Max-Planck Society in
Garching, Germany. It utilised almost all the 1 TB of physically distributed memory available.
It required about 350000 processor hours of CPU time, or 28 days of wall-clock time.
The mean sustained floating point performance (as measured by hardware counters) was about
0.2 TFlops, so the total number of floating point operations carried out was of order 5x10^17.
Is it really worth sending a shuttle up to fix it? It costs so much to send a shuttle up to do it wouldn't it be cheaper to send up a new one? It seems to me that were going to spend entirely to much money on something that is old obsolete. Why not replace it with something new and better?
Rather than send up a Shuttle to fix the existing telescope, because launching a Shuttle is expensive, you want to build an entirely new telescope and then send a Shuttle up to launch it?
Could an equivalent space telescope be deployed by an unmanned rocket? The mass of Hubble seems to be in the range that an Ariane could carry from a quick Google, but wouldn't it need to be deployed a bit more carefully than could be done through a rocket, i.e. that's why they used a Shuttle for Hubble itself?
Soon, Linux development will no longer use this program,
Doesn't he mean GNU/Linux development?
No, for once, he doesn't. None of the GNU tools are under Bitkeeper - so it's just the Linux kernel, not the operating-system-that-must-be-called-GNU/Linux-by- the -mighty-bearded-decree-of-RMS.
Populous, and to a less extent Powermonger, were classic games. But I wonder whether God-genre and RTS games share a common ancestry in the original SimCity?
Populous was released in 1987, and was the first (?) God-genre game.
The original SimCity was released in 1989.
No mention of the pure classic that is Populous? It's the classic God-genre game; although it's a genre mostly consisting of Peter Molyneux games. It's got to be a strong influence for many RTS games, though.
I also see the infamous Brandon Every puts his (apparently) unqualified oar into the proceedings...
This sounds a lot like what William Gibson called NAS (Neural Attenuation Syndrome) in Johnny Mnemonic.
NAS wasn't in the book, only in the (naff) film adaptation, where it was "Nerve Attenuation Syndrome", not "Neural".
There's "brain-cell attenuation" in Dogfight, that the ex-fighter pilot Tiny has from being pumped full of drugs whilst flying.
There's a lot of initial data for the "people who watched X might also like Y" bit on the Internet Movie Database which covers TV programmes as well as films.
The fee:
The fee for an account for News.Individual.NET is 10 EUR per year (annual payment), that converts to only 0.84 EUR per month. The price includes VAT at 16%.
news.individual.net gives a decent reliable NNTP service, unlike the one provided by my ISP. 10 EUR sounds fine to me. Might even keep some of the riffraff out:p
Although they'll probably continue to use the Google Groups Beta Abomination.
Apparently they're using some sort of new-fangled time system where hours have more than 60 minutes. The results came out as:
"You will start to feel noticeably tired at 15:60 and you will feel most tired at 17:60"
15:60? 17:60?
Re:Photo and PIN on Cash Card / Credit Card??
on
RFID MasterCard
·
· Score: 2, Informative
A couple of banks in the uk trialed this and apparently cut fraud by a significant amount.... but they stopped it due to cost I believe.
Which bit are you referring to - the photo part? Because point-of-sale PIN number entry is currently being rolled out nationwide here in the UK - there was a trial period and now they're going live.
Slashdot Mirror
Not true. They are cacheable.
In the words of Calvin, verbing weirds language.
How?
The collision vulnerabilities do not allow this. They require both the MD5, and the original plaintext, to produce a modified plaintext that has the same MD5.
Think about it - how do you know it's a collision at all, unless you have the original plaintext? A collision is two different plaintexts that produce the same MD5. You can't know if you have a different plaintext unless you have the original plaintext.
If you had the original plaintext, that means you've got the original password, so collisions are entirely irrelevant. You've already got what you need to log in.
There is still no way, other than the brute force enumeration which is made easier to look up through Rainbow Tables, to get from an MD5 to a plaintext that hashes to that MD5 value. The discovery of methods to produce collisions has not weakened MD5 any further - so far only the increase in computing power to produce Rainbow Tables has weakened this particular use. But trivial salting of the values makes Rainbow Tables useless once more.
The use of MD5 as a method to checksum files has been blown out of the water, of course. That's the other use, which I'm not arguing about at all. You know both the plaintext and the MD5 there, because you've downloaded the file and the MD5 for the file which you trust can't be forged - which is no longer true.
Elite 4 is alledgedly in progress. Then again that page hasn't changed in quite a while...
That's confirmed in page 18 of their paper: http://arxiv.org/PS_cache/astro-ph/pdf/0504/05040
Could an equivalent space telescope be deployed by an unmanned rocket? The mass of Hubble seems to be in the range that an Ariane could carry from a quick Google, but wouldn't it need to be deployed a bit more carefully than could be done through a rocket, i.e. that's why they used a Shuttle for Hubble itself?
The original SimCity was released in 1989.
No mention of the pure classic that is Populous? It's the classic God-genre game; although it's a genre mostly consisting of Peter Molyneux games. It's got to be a strong influence for many RTS games, though. I also see the infamous Brandon Every puts his (apparently) unqualified oar into the proceedings...
There's "brain-cell attenuation" in Dogfight, that the ex-fighter pilot Tiny has from being pumped full of drugs whilst flying.
There's a lot of initial data for the "people who watched X might also like Y" bit on the Internet Movie Database which covers TV programmes as well as films.
Example
They have a lot of their information available for non-commercial use on their interfaces page.
I can't spot the recommendation data on there though, but perhaps if you asked them very nicely...
Although they'll probably continue to use the Google Groups Beta Abomination.
Or Redundant.
Tape.
Apparently they're using some sort of new-fangled time system where hours have more than 60 minutes. The results came out as:
"You will start to feel noticeably tired at 15:60 and you will feel most tired at 17:60"
15:60? 17:60?
Which bit are you referring to - the photo part? Because point-of-sale PIN number entry is currently being rolled out nationwide here in the UK - there was a trial period and now they're going live.
Doesn't make it valid C.