That's true about the passwords - all you need is a string that results in the same hash, which this algorithm would give.
About the reconstructing - it would be some kind of a brute-force approach. Yeah - at this point it seems pretty unlikely that we'll have an "un-md5sum" appearing on SourceForge anytime soon. But I was thinking that if a collision algorithm could sufficiently narrow down the possible data sets that generate Key XYZ, then it might reduce the computational time to a pratical amount where you could actually brute-force the original data out. I might be totally off-base though; I've never actually tried to generate an MD5 collision to know how difficult it is.
It's an IBM high-end Unix server. Runs Linux too, if you desire. Or both AIX and Linux simultaniously. Pretty sweet machines, and very enjoyable to work with.
It's in the attached articles there. MD5 and others are "hash" algorithms. They generate a small "digest", say 2048 bits, from a much larger data set. So if you run a 85-meg JPEG through MD5, you'll get a (hopefully) unique 2048-bit number. The goal is to have a hash algorithm that makes it impossible for anyone to "decode" the MD5 digest back into the 85-meg JPEG that it came from.
So what's the big deal about finding a collision? The answer is this direct quote:
The finding of a single collision in SHA-1 would not, by itself, cause much trouble, since one arbitrary collision won't do an attacker much good in practice. But history tells us that such discoveries are usually followed by a series of bigger discoveries that widen the breach, to the point that the broken primitive becomes unusable.
In other words: When people find collisions (two different datasets that result in the exact same digest), then that is the first step towards being able to "reverse" the digest process, and extract the original data from the digest, thus rendering the encryption useless.
Because STEALTH is how you security your compooter!! Bill Gates is the smartest man on earth and he is smarter than those evil H4CK0RZ who are trying to break is pretty WIND0WZ!! I think GRC is the best web site ever made and if it says "Stealth" then that means I have securitieied my compooter! Stoopid Lunix doesn't have a Stealth mode You can't even install McAfee Firewall on Lunix! Lunix sucks, Windows is the best OS ever because it has STealth.
Aren't most portscanning tools multithreaded anyway? I doubt there are any tools which are both effective and single-threaded. A tool that opens 50,000 TCP ports simultaniously would not suffer very much at all by waiting for 2 minutes or whatever the TCP SYN/ACK timeout is.
There is the issue of TCP RST or "ICMP unreachable" fingerprinting - it's conceivable that an attacker would use your NAK to narrow down the possibilities of what OS you are using. (TTL, for example) But assuming that this is a host providing at least some service on the internet (DNS, SMTP, Half-Life, whatever) it will be pretty simple to determine the OS anyway.
Overall, I don't think that silently dropping packets is a significant aid for security. At least, the cost of packet-dropping to legitimate uses is greater than the potential security gain.
Do you mean mass-trasit busses? If you get those off your street, you might just end up with many more cars/SUVs to deal with. (people who would've taken the bus now have to drive)
Nose-picking while driving doesn't really demonstrate total disregard for human life. Unless you're talking about some monsterous Olympic-grade nosepicking that I'm totally unaware of..
Thinking the same thing. It's a little bit easier than what you found though - they have to prove he had a blatent disregard for human life in order to get the conviction. That's a bit easier to prove than implied malice. Either way, it'll be interesting to see how it goes. I agree that this is a bit of a publicity stunt - I guess the family or lawyer wants to make a public point. Not that I would blame him; I'd probably feel the same way given the sitaution.
Totally with you on this one. It's a wash either way, as far as gender relates (or doesn't relate) to bad driving. Both genders have their share of good and bad drivers.
Having said that, I got a chuckle out of your original post, good one.:)
You'll be surprised to learn that the plutonium bomb dropped on Nagasaki *was* the prototype. IIRC, the entire US aresenal of nuclear weapons was 2 uranium and 1 plutonium. 1 uranium bomb was dropped at Trinity, New Mexico, in the view of the scientists who
had created it. (much to their surprise - many felt that they had foolishy dabbled in power that should only have been unleashed by the Almighty - but I digress). Not having any way to test the plutonium bomb, and needing (as you stated) a way to show that the US could keep it coming, and being quite sure that the plutonium bomb would work, they dropped the actual prototype on Nagasaki.
(I might have the two cities reversed - but you get the idea)
The photos download just fine once their "SlideShow" software finishes rendering the HTML page that has the pointer to it. I'd recommend skipping the slide show, and getting only the thumbnails - that way you can pick and choose what photos you're willing to wait 30-60 seconds for.
I'll bite:) How about medical advances? - Replacement human organs w/o need for a donor - Blood banks with no limit on supply (only the energy+materials used to manufacture) - Reversal of tissue damage or decay - Infrared vision?:-)
I just bought it. It's a great word processor - it's usability exceeds oowriter. It's only for a lack of a current version of WordPerfect on Linux that I moved to OpenOffice in the first place. Now that WordPerfect seems to be available again, I want to go back.
I also own a copy of Opera 7. I agree that FireFox is really very good, but Opera is still worth the money.
Sometimes, proprietary software that runs on Linux is well worth what you pay for it. And besides, purchasing this product will send Corel a very clear signal: "I'm a paying customer, and I use Linux." Can't be a bad thing!
The cameras in question take photos in infrared, not visible light. I wouldn't be to sure of myself if I were you, until I tested that product in a non-visible light spectrum.
Slashdot Mirror
sed s/"reverse the digest process, and extract the original data from the digest"/"generate different data with the same hash"
I made a mistake, now I am corrected, thanks all for the info. I'm off to go read the shadow(3) and ssh(1) man pages now...
That's true about the passwords - all you need is a string that results in the same hash, which this algorithm would give.
About the reconstructing - it would be some kind of a brute-force approach. Yeah - at this point it seems pretty unlikely that we'll have an "un-md5sum" appearing on SourceForge anytime soon. But I was thinking that if a collision algorithm could sufficiently narrow down the possible data sets that generate Key XYZ, then it might reduce the computational time to a pratical amount where you could actually brute-force the original data out. I might be totally off-base though; I've never actually tried to generate an MD5 collision to know how difficult it is.
It's an IBM high-end Unix server. Runs Linux too, if you desire. Or both AIX and Linux simultaniously. Pretty sweet machines, and very enjoyable to work with.
IBM p690
It's in the attached articles there. MD5 and others are "hash" algorithms. They generate a small "digest", say 2048 bits, from a much larger data set. So if you run a 85-meg JPEG through MD5, you'll get a (hopefully) unique 2048-bit number. The goal is to have a hash algorithm that makes it impossible for anyone to "decode" the MD5 digest back into the 85-meg JPEG that it came from.
So what's the big deal about finding a collision? The answer is this direct quote:
The finding of a single collision in SHA-1 would not, by itself, cause much trouble, since one arbitrary collision won't do an attacker much good in practice. But history tells us that such discoveries are usually followed by a series of bigger discoveries that widen the breach, to the point that the broken primitive becomes unusable.
In other words: When people find collisions (two different datasets that result in the exact same digest), then that is the first step towards being able to "reverse" the digest process, and extract the original data from the digest, thus rendering the encryption useless.
Because STEALTH is how you security your compooter!! Bill Gates is the smartest man on earth and he is smarter than those evil H4CK0RZ who are trying to break is pretty WIND0WZ!! I think GRC is the best web site ever made and if it says "Stealth" then that means I have securitieied my compooter! Stoopid Lunix doesn't have a Stealth mode You can't even install McAfee Firewall on Lunix! Lunix sucks, Windows is the best OS ever because it has STealth.
Aren't most portscanning tools multithreaded anyway? I doubt there are any tools which are both effective and single-threaded. A tool that opens 50,000 TCP ports simultaniously would not suffer very much at all by waiting for 2 minutes or whatever the TCP SYN/ACK timeout is.
There is the issue of TCP RST or "ICMP unreachable" fingerprinting - it's conceivable that an attacker would use your NAK to narrow down the possibilities of what OS you are using. (TTL, for example) But assuming that this is a host providing at least some service on the internet (DNS, SMTP, Half-Life, whatever) it will be pretty simple to determine the OS anyway.
Overall, I don't think that silently dropping packets is a significant aid for security. At least, the cost of packet-dropping to legitimate uses is greater than the potential security gain.
Do you mean mass-trasit busses? If you get those off your street, you might just end up with many more cars/SUVs to deal with. (people who would've taken the bus now have to drive)
We're talking about software that's free-as-in-speech, not free-as-in-your-first-cocaine-hit.
All you're gonna see here is a bunch of repetitive jokes that aren't really that funny ...in Japan!
Nose-picking while driving doesn't really demonstrate total disregard for human life. Unless you're talking about some monsterous Olympic-grade nosepicking that I'm totally unaware of..
Thinking the same thing. It's a little bit easier than what you found though - they have to prove he had a blatent disregard for human life in order to get the conviction. That's a bit easier to prove than implied malice. Either way, it'll be interesting to see how it goes. I agree that this is a bit of a publicity stunt - I guess the family or lawyer wants to make a public point. Not that I would blame him; I'd probably feel the same way given the sitaution.
So, how do you like working for Microsoft? Do they still have free sodas in the lounge?
You made a pro-Microsoft post that got modded +5 on Slashdot of all places -- you'll probably get a big raise at your next performance review.
Totally with you on this one. It's a wash either way, as far as gender relates (or doesn't relate) to bad driving. Both genders have their share of good and bad drivers.
Having said that, I got a chuckle out of your original post, good one. :)
(cue Twilight Zone Theme) or close to that date, with just a few exceptions (e.g. Russia and Poland)'
In the the Twilight Zone, Doom 3 excepts Soviet Russia!
(Sorry, couldn't resist.)
You'll be surprised to learn that the plutonium bomb dropped on Nagasaki *was* the prototype. IIRC, the entire US aresenal of nuclear weapons was 2 uranium and 1 plutonium. 1 uranium bomb was dropped at Trinity, New Mexico, in the view of the scientists who had created it. (much to their surprise - many felt that they had foolishy dabbled in power that should only have been unleashed by the Almighty - but I digress). Not having any way to test the plutonium bomb, and needing (as you stated) a way to show that the US could keep it coming, and being quite sure that the plutonium bomb would work, they dropped the actual prototype on Nagasaki.
(I might have the two cities reversed - but you get the idea)
Wish I had mod points. That's a damn good analogy.
The photos download just fine once their "SlideShow" software finishes rendering the HTML page that has the pointer to it. I'd recommend skipping the slide show, and getting only the thumbnails - that way you can pick and choose what photos you're willing to wait 30-60 seconds for.
http://www.rokits.org/gallery/x-prize
Here, the guy put up mirrors of the videos. (the link on the main page article is 404 now.)
..to put games in schools. Now if only their marketing guy ("Mr. McPopular") can convince the principal to buy it.
I'll bite :) How about medical advances? :-)
- Replacement human organs w/o need for a donor
- Blood banks with no limit on supply (only the energy+materials used to manufacture)
- Reversal of tissue damage or decay
- Infrared vision?
That's all I can think of right now.
Watt's wrong with a little pun?
I just bought it. It's a great word processor - it's usability exceeds oowriter. It's only for a lack of a current version of WordPerfect on Linux that I moved to OpenOffice in the first place. Now that WordPerfect seems to be available again, I want to go back.
I also own a copy of Opera 7. I agree that FireFox is really very good, but Opera is still worth the money.
Sometimes, proprietary software that runs on Linux is well worth what you pay for it. And besides, purchasing this product will send Corel a very clear signal: "I'm a paying customer, and I use Linux." Can't be a bad thing!
...But you have to admit - the comment was pretty funny, right? I laughed out loud when I got the joke. You will even see my "Misfits" reply below :)
Having said that, I did appreciate the article - I had no idea Corel still was in the Linux biz at all. I'm off to purchase my $29.99 copy now...
We are the Microsoft. Our Word is better. We are the Microsoft the Microsoft and we're gonna get her!
The cameras in question take photos in infrared, not visible light. I wouldn't be to sure of myself if I were you, until I tested that product in a non-visible light spectrum.