Even with a "hard" delete, the data can likely still be there. Especially with SSD and flash, and their wear levelling algorithms, where a sector erased and written may not be the same sector that had data on it. In theory, a TRIM should blow that away, but it may be a while before the drive's garbage collector goes and erases those pages. It would be nice to have a "secure wipe these pages now" function in the command set.
The old version of PGP (pre/dev/random) used to have something similar as well, where one typed in some keystrokes, and the timing was used to seed the RNG. I wish more programs had this as an option (KeePass does), mainly because it adds a decent source of randomness that is extremely hard to duplicate.
That is the rub. If someone has a unique algorithm that is quite good, and is kept secret, it would add to the security, especially if the attacker didn't have any access to the endpoints for side channel attacks, so they only have ciphertext to go on. However, there are a lot of attacks that one has to deal with, and eventually the algorithm may be found to be weaker than expected. Skipjack comes to mind of how it was considerably weakened (but not completely broken) once it was declassified.
There are many encryption and compression algorithms out there. I've seen some people try to combine the two. However, there is a vast distance between making something resistant to modern attacks. Older Mac programs did their own custom algorithms by using a random function with the seed coming from what the user typed in as a password, some other off-the-cuff algorithm, or just doing two rounds of DES for performance reasons.
Problem is that you don't want the bulk cipher as the weak link, when it is quite easy to use a known good one and focus on other things. If you feel you have something that can stand up to extended attacks by everyone in the world, feel free to use it as an optional cascade with it using a completely different key than AES or the well known one.
ZFS uses CRC-64 hashes to check for bit rot for performance reasons.
As for zip archives, maybe we need to move to a signature model where we use the hash and the file size. It is difficult to make two files with the same hash. It is a lot more difficult for them to be the same size.
I'd use CRC-64 or CRC-128 over MD5 anyway, just because it is a lot fewer cycles to compute CRCs than to do the more advanced work needed for a cryptographically secure hash.
I would probably abandon MD5 and SHA1 altogether. If it doesn't need to be cryptographically secure, CRCs do the job. If it does need to be secure, I'd use SHA-3 with whatever length was needed for the job at hand. MD5 is "neither fish, nor fowl" and like MD4, just needs to be moved away from.
If I had to deal with "n" hash algorithms, I'd probably just do the easy way -- take, store, and sign with each hashing algorithm. Of course, this does add computation steps, not to mention more space for hashes to be stored. However, if one wants parallel chain links for top security, this is the surest bet.
If I wanted to guess and assume I'd have -some- protection, I'd store the size of the file, and the hashes XOR-ed together. However, like the parent poster stated, there isn't a function that guarantees that combined hashes will be as strong as the strongest hash... but it would be stronger than a single, broken hash algorithm.
We do have 1.5TB optical disks. Sony has a unit (ODSD77U) for those that attaches via a USB 3 cable, has rewritable and WORM functionality. It uses UDF so it doesn't need special software.
Of course, you will be spending $7500.00 for this... but it is there.
If Sony could mass produce the drive for 1/10 the price and the ODC1500R media for $20 instead of $150, that takes care of backups, archiving, and a lot of other needs, especially if part of a NAS.
It would be useful for backing up documents in a ransomware-resistant fashion. Heck, with deduplication and compression built into backup software, it would take some pieces of media for a beginning, as well as periodic full backups for redundancy reasons, but incremental backups would be easy.
An external HDD is useful, but with ransomware squashing backup drives, having WORM capability can come in handy, as well as the ability to go back snapshots.
This might be even more useful if coupled with a NAS. That way, the NAS handles all the backups, and the users just dump their (uncompressed) data onto the appliance's landing zone.
Agreed. IoT is a security hazard enough at home... but the workplace? No thanks. I can't even begin to think how many rules, regulations, policies, even laws, some IoT devices would break. To boot, the devices may not work with WPA-enterprise, so would need their own SSID, and if the devices had their own cellular connection, that can break even more rules.
Nope... there are enough security issues already. I think policies will be quickly updated to cover IoT stuff soon.
In the past, one could buy a 400 CD or DVD changer for a few C-notes.
Why can't we have this technology, except with a BDXL or other high capacity Blu-Ray drive? This isn't rocket science, as the autochanger mechanism has lasted for decades in a lot of people's homes before they put their collection on their computer. Sony does have it, but it is priced into the stratosphere.
Putting the pieces together, it wouldn't be surprising to see the autochanger mechanism in many audiophile hi-fi cabinets still usable, add in a 300GB to 1TB Blu-Ray writer, add a few TB of SSD as a landing zone for data, then add some backup software like NetBackup. This would give tape a run for its money.
Now, add some form factor like disk packs (sort of like the 5-10 disk caddies that were popular way back when), some redundancy (basically one disk with a PAR archive on it), and it would have the ability to function almost exactly as tape... but for far cheaper. To boot, removed disks take up 0 watts of power (other than environmental), not to mention being immune from remote tampering.
I just wish this type of solution can hit the consumer market.
If worse came to worst, the pirate will just screenshot every page, pass it through an OCR, and have it as a PDF for everyone to download. I see this exact same tomfoolery with all Flash sites that are becoming more common, just so they can bypass AdBlock.
Long term, it just means reduced sales, because people just are not going to bother going out of their way to download/purchase an app that is not compatibile with their existing library of reading material.
The chief infection vector these days is the web browser and add-ons. If a machine can connect to the Internet, even if behind seven layers of NAT, it can get infected. Second to that are Trojans and dancing bunny attacks.
Internet based attacks to compromise hosts are relatively few, and they tend to be brute force attempts, looking for older/patched bugs, or a DDoS. Good firewalls are a solved problem.
There are a lot of Mercedes Sprinters on the road, which are the most common Euro cargo van in the US, although the Ford Transit (not the small Transit Connect... the Transit) is catching up.
I've been around many of those, especially the newer NCV3 models with the V6 or the four-banger, and they get upper teens to low 20s MPG, and do not stink. Even though if/when they break down, you pay Mercedes prices for parts and service, they are pretty reliable engines, and having a 3.0 V6 push 10,000 pounds of crap around, not to mention the 2.1L four banger, that is pretty outstanding.
Ford's I-5 diesel on the Transit isn't too shabby either. I wish they could use it with the F-150, so half-tons have a decent engine. I also hope DEF gets more widely available as well.
I would say diesels are getting there, air-quality wise. The current EPA mandates hurt diesel engines like the 1973 emissions laws hurt gassers... but if it means little to no NOx and particulate emissions, so much the better. Although having particulate filters be easier to clean would be nice.
This is definitely true. For example, WebDAV. Or, the replacement of SMTP, NNTP, and websites by social networks. There are protocols which are good that they are replaced. DHCP has done an excellent job at replacing BOOTP and RARP.
Then, you get protocols which -should- be supported by vendors. SSHFS comes to mind as one example of something that should be everywhere, just because the server side only needs to care about RSA key authentication and running sftp, and the client side handles all the heavy lifting.
As for incompatibilities, this isn't new to the tech industry. The auto industry has been doing this for decades. For example, a car's water pump can massively change from one year to another, even if the make and model remain the same.
Not all of Africa is a wasteland. Unlike other power generation technologies, solar panels are a technology that can be assembled quite easily, not requiring much other than a basic infrastructure to have. Even if a region is corrupt, solar panels can be easily deployed in small villages. Start small, and from there, scale up.
You can also use an IL code obfuscator, one was bundled with VS.NET for a while. Of course, it won't completely stop someone from finding a signature, but it will raise the bar tremendously, so that it would only be used against a very high value target. Another advantage is that sometimes the obfuscator actually does some slight optimizing work as well.
Truma had a propane based fuel cell, the VeGA, which was pitched for RV and marine use. Because most RVs had propane, it would help supplement the solar install and keep the batteries topped off without a generator. However, because the technology was so expensive, Truma killed the product a few years ago.
EFOY is still around, but their niche tends to be being able to have power for low consumption equipment in a remote area where solar panels would be too obvious, such as a weather station in a remote area.
The biggest competitor to a fuel cell, barring the few edge cases where a fuel cell is a must, are solar installs. I can pay $7000 for an EFOY unit, or I can add a good number of solar panels, a MPPT charger, an inverter, and some very nice LiFePO4 batteries. To boot, once set up, the solar install would need very little upkeep.
It would be nice to see cheaper fuel cells. If one can be made that uses propane, and can power a three amp refrigerator, the days of fussy, expensive absorption fridges in RVs would be over.
Slashdot Mirror
Even with a "hard" delete, the data can likely still be there. Especially with SSD and flash, and their wear levelling algorithms, where a sector erased and written may not be the same sector that had data on it. In theory, a TRIM should blow that away, but it may be a while before the drive's garbage collector goes and erases those pages. It would be nice to have a "secure wipe these pages now" function in the command set.
The old version of PGP (pre /dev/random) used to have something similar as well, where one typed in some keystrokes, and the timing was used to seed the RNG. I wish more programs had this as an option (KeePass does), mainly because it adds a decent source of randomness that is extremely hard to duplicate.
That is the rub. If someone has a unique algorithm that is quite good, and is kept secret, it would add to the security, especially if the attacker didn't have any access to the endpoints for side channel attacks, so they only have ciphertext to go on. However, there are a lot of attacks that one has to deal with, and eventually the algorithm may be found to be weaker than expected. Skipjack comes to mind of how it was considerably weakened (but not completely broken) once it was declassified.
There are many encryption and compression algorithms out there. I've seen some people try to combine the two. However, there is a vast distance between making something resistant to modern attacks. Older Mac programs did their own custom algorithms by using a random function with the seed coming from what the user typed in as a password, some other off-the-cuff algorithm, or just doing two rounds of DES for performance reasons.
Problem is that you don't want the bulk cipher as the weak link, when it is quite easy to use a known good one and focus on other things. If you feel you have something that can stand up to extended attacks by everyone in the world, feel free to use it as an optional cascade with it using a completely different key than AES or the well known one.
ZFS uses CRC-64 hashes to check for bit rot for performance reasons.
As for zip archives, maybe we need to move to a signature model where we use the hash and the file size. It is difficult to make two files with the same hash. It is a lot more difficult for them to be the same size.
Would it be better to use a large CRC as opposed to a cryptographically secure hash for deduplication work? CRCs are a lot easier to compute.
I'd use CRC-64 or CRC-128 over MD5 anyway, just because it is a lot fewer cycles to compute CRCs than to do the more advanced work needed for a cryptographically secure hash.
I would probably abandon MD5 and SHA1 altogether. If it doesn't need to be cryptographically secure, CRCs do the job. If it does need to be secure, I'd use SHA-3 with whatever length was needed for the job at hand. MD5 is "neither fish, nor fowl" and like MD4, just needs to be moved away from.
If I had to deal with "n" hash algorithms, I'd probably just do the easy way -- take, store, and sign with each hashing algorithm. Of course, this does add computation steps, not to mention more space for hashes to be stored. However, if one wants parallel chain links for top security, this is the surest bet.
If I wanted to guess and assume I'd have -some- protection, I'd store the size of the file, and the hashes XOR-ed together. However, like the parent poster stated, there isn't a function that guarantees that combined hashes will be as strong as the strongest hash... but it would be stronger than a single, broken hash algorithm.
We do have 1.5TB optical disks. Sony has a unit (ODSD77U) for those that attaches via a USB 3 cable, has rewritable and WORM functionality. It uses UDF so it doesn't need special software.
Of course, you will be spending $7500.00 for this... but it is there.
If Sony could mass produce the drive for 1/10 the price and the ODC1500R media for $20 instead of $150, that takes care of backups, archiving, and a lot of other needs, especially if part of a NAS.
It would be useful for backing up documents in a ransomware-resistant fashion. Heck, with deduplication and compression built into backup software, it would take some pieces of media for a beginning, as well as periodic full backups for redundancy reasons, but incremental backups would be easy.
An external HDD is useful, but with ransomware squashing backup drives, having WORM capability can come in handy, as well as the ability to go back snapshots.
This might be even more useful if coupled with a NAS. That way, the NAS handles all the backups, and the users just dump their (uncompressed) data onto the appliance's landing zone.
Agreed. IoT is a security hazard enough at home... but the workplace? No thanks. I can't even begin to think how many rules, regulations, policies, even laws, some IoT devices would break. To boot, the devices may not work with WPA-enterprise, so would need their own SSID, and if the devices had their own cellular connection, that can break even more rules.
Nope... there are enough security issues already. I think policies will be quickly updated to cover IoT stuff soon.
In the past, one could buy a 400 CD or DVD changer for a few C-notes.
Why can't we have this technology, except with a BDXL or other high capacity Blu-Ray drive? This isn't rocket science, as the autochanger mechanism has lasted for decades in a lot of people's homes before they put their collection on their computer. Sony does have it, but it is priced into the stratosphere.
Putting the pieces together, it wouldn't be surprising to see the autochanger mechanism in many audiophile hi-fi cabinets still usable, add in a 300GB to 1TB Blu-Ray writer, add a few TB of SSD as a landing zone for data, then add some backup software like NetBackup. This would give tape a run for its money.
Now, add some form factor like disk packs (sort of like the 5-10 disk caddies that were popular way back when), some redundancy (basically one disk with a PAR archive on it), and it would have the ability to function almost exactly as tape... but for far cheaper. To boot, removed disks take up 0 watts of power (other than environmental), not to mention being immune from remote tampering.
I just wish this type of solution can hit the consumer market.
If worse came to worst, the pirate will just screenshot every page, pass it through an OCR, and have it as a PDF for everyone to download. I see this exact same tomfoolery with all Flash sites that are becoming more common, just so they can bypass AdBlock.
Long term, it just means reduced sales, because people just are not going to bother going out of their way to download/purchase an app that is not compatibile with their existing library of reading material.
The chief infection vector these days is the web browser and add-ons. If a machine can connect to the Internet, even if behind seven layers of NAT, it can get infected. Second to that are Trojans and dancing bunny attacks.
Internet based attacks to compromise hosts are relatively few, and they tend to be brute force attempts, looking for older/patched bugs, or a DDoS. Good firewalls are a solved problem.
There are a lot of Mercedes Sprinters on the road, which are the most common Euro cargo van in the US, although the Ford Transit (not the small Transit Connect... the Transit) is catching up.
I've been around many of those, especially the newer NCV3 models with the V6 or the four-banger, and they get upper teens to low 20s MPG, and do not stink. Even though if/when they break down, you pay Mercedes prices for parts and service, they are pretty reliable engines, and having a 3.0 V6 push 10,000 pounds of crap around, not to mention the 2.1L four banger, that is pretty outstanding.
Ford's I-5 diesel on the Transit isn't too shabby either. I wish they could use it with the F-150, so half-tons have a decent engine. I also hope DEF gets more widely available as well.
I would say diesels are getting there, air-quality wise. The current EPA mandates hurt diesel engines like the 1973 emissions laws hurt gassers... but if it means little to no NOx and particulate emissions, so much the better. Although having particulate filters be easier to clean would be nice.
This is definitely true. For example, WebDAV. Or, the replacement of SMTP, NNTP, and websites by social networks. There are protocols which are good that they are replaced. DHCP has done an excellent job at replacing BOOTP and RARP.
Then, you get protocols which -should- be supported by vendors. SSHFS comes to mind as one example of something that should be everywhere, just because the server side only needs to care about RSA key authentication and running sftp, and the client side handles all the heavy lifting.
As for incompatibilities, this isn't new to the tech industry. The auto industry has been doing this for decades. For example, a car's water pump can massively change from one year to another, even if the make and model remain the same.
Not all of Africa is a wasteland. Unlike other power generation technologies, solar panels are a technology that can be assembled quite easily, not requiring much other than a basic infrastructure to have. Even if a region is corrupt, solar panels can be easily deployed in small villages. Start small, and from there, scale up.
You can also use an IL code obfuscator, one was bundled with VS.NET for a while. Of course, it won't completely stop someone from finding a signature, but it will raise the bar tremendously, so that it would only be used against a very high value target. Another advantage is that sometimes the obfuscator actually does some slight optimizing work as well.
Truma had a propane based fuel cell, the VeGA, which was pitched for RV and marine use. Because most RVs had propane, it would help supplement the solar install and keep the batteries topped off without a generator. However, because the technology was so expensive, Truma killed the product a few years ago.
EFOY is still around, but their niche tends to be being able to have power for low consumption equipment in a remote area where solar panels would be too obvious, such as a weather station in a remote area.
The biggest competitor to a fuel cell, barring the few edge cases where a fuel cell is a must, are solar installs. I can pay $7000 for an EFOY unit, or I can add a good number of solar panels, a MPPT charger, an inverter, and some very nice LiFePO4 batteries. To boot, once set up, the solar install would need very little upkeep.
It would be nice to see cheaper fuel cells. If one can be made that uses propane, and can power a three amp refrigerator, the days of fussy, expensive absorption fridges in RVs would be over.