Don't forget that the Chinese Army is made up of Chinese Citizens. Some may fire on their own people when told to.. but i'll bet some will fire on those giving the orders as well.
I read that link, sounds like the local police were trying to keep the peace. Probably sucks that you can't go out at night (after 10pm) but it was an emergency situation, right? If i was arrested trying to bring food to my family i'd be pissed though. But really i could just wait until 6:01 AM and bring the food over.
I'll bet you i can run "abc123" Through crypt like 'crypt($passwd, '$1$'.$salt)' and trim the salt from the output... and it would take you a long long time to brute force. There are ~18,000,000,000,000,000 possible salt combinations. Even at 10mil tries per sec that's 57.12 years to exhaust the possibilities.
And that's if you already know the password! You would be better off trying to sneak a peek at the Salt.
Most bruteforce attacks are done on stolen password hashes with a dedicated server/cluster/botnet. Say i found an SQL exploit to grab MD5 hashes for any user account. I would do some research and find an old admin's name. Use the exploit to get the admin's passwd hash. Queue them up in the cluster and forget about it for a few days (or minutes sometimes!). Login with the admin's name and passwd and flex his long unused admin powers to upgrade my own personal account in non-obvious ways. The server logs won't show any login failures.
It seems to me that even 8 characters would be fine with Crypt as long as you had a strong enough (and secret) salt. A person could litterally use the password abc123 and never be bruteforced. If the salt was exposed though, that's a different story. I suppose a person could create a new hash with your system and using the known password and the resulting hash.. they could bruteforce the Salt. So the salt would have to be quite strong.
The Jews have always live there.. for like thousands of years. They've been killed off and purged several times. WWI and WWII drove hundreds of thousand of Jewish refugees back there because the world didn't want them. Then the Brits left and the UN made Israel official: http://en.wikipedia.org/wiki/Partition_of_Palestine
So you'd be OK with China buying up tons of land in California (or better yet, Washington DC), and then demanding that that land be turned over to China's control?
There is nothing wrong with that. But the land will still be US soil and subject to US laws. But yes, you can buy that land and do whatever the hell you want on it.
So the US military in Iraq has to basically assume everyone that isn't a US soldier might be the enemy and therefore they can convince themselves that the ethical thing to do is kill anyone they see that they aren't completely sure is on their side.
I think that is the first month of deployment.. or the "i'm afraid to die" phase. If you can pass beyond that, the next phase is Acceptance. The "I'll probably die" phase lets you be less fearful and see the local population as normal people with malcontents mixed in. The third phase is "i'm already dead, time and place TBD" and that is a wonderful feeling to have. You only fear letting your guys down or jacking up the mission. In the third phase you typically only shoot at other muzzle flashes in the night.
they are one-sided invasions That is the effect the US Army has/will always strive for. Iraq was supposed to have over 500k troops during the initial 2003 invasion. The invasion force was under 500k with 250k being from the US. Training, Technology, and Allies are what the US Military uses to overwhelm it's enemies.
I think we see those companies and TVs all the time.. but they are called "no name brands" and other bad names. People like to buy brands they've heard of, even if the product isn't as good.
You are very right about the revocation certificate. If you needed to check for revoked certificates the CA or signer should be maintaining the revocation list. If you self-signed, it would be difficult to get your revocation cert out there to your public key users.
There are public (and free) key-exchange servers but that probably isn't a good alternative for businesses. A trusted third party like a typical CA is their best bet, atm. I doubt a small business wants to setup their own server just to maintain that stuff.
I have to bring up that if your CA revokes their cert, how would you know? Someone at the top has to self-sign. Unless you go with a web of trust, everybody signing each other, which isn't a CA.
I've got a Hitachi Visionplate for.. well, practically free. It's several years old though. 512MB CF card with Puppy linux on it. 600mhz proc. Hitachi must have made the visionplates even before netbooks took off. It's like a nice big wireless touchscreen LCD that you can carry around the house. Super cool.. not sure why nobody likes these things. You can find them cheap on ebay sometimes.
You need to do some research. All a CA is.. is a Self-Signed Certifcate company that signs other people's certificates for money. That does not make the signed certificates any stronger.
PKI is strong not because CAs exist. A-symmetric keys allow you to distribute your public key so that anyone can encrypt messages sent to you. But you keep the private key and only you can decrypt them. This also allows you to sign a file/document/text and prove that you are the key-holder. PKI not only describes the typical CA type but also web of trust and lots of other systems. Anyone can become a CA, including you. If you are the security manager for a company, you can generate your top-level key and self sign it. Any other key not signed by your key isn't authorized.. get it?
If a business wants signed certificates, all they have to do is Generate a certificate, self-sign it, and use that as the master key to sign allowed apps/packages.
In short: a CA = a top-level Self-Signed certificate.
The application signing is worthless because they are self-signed certs? WTF is this guy smoking. Just because someone pays a CA to sign their cert doesn't make it magically more secure. I'll be honest, i think CAs should die off (in their current forms).
You might as well say that lots of people coming and going from the house in the middle of the night isn't a reason so make them suspect. Can't a guy have lots of random guests?
If using a thermal camera can help the Police narrow down where the growing is coming from then yes, it is of concern to the police. You are absolutely correct though, it could be an innocent man who turned his garage into a sauna. I rank that up there with your neighbors calling the cops when they see you crawl out of your own window.
Where there's smoke, there's fire.. right? Why do people think it is snooping? They don't reduce your privacy.
Yeah, the article didn't really explain the technical details. From what i got the device needs the software to authenticate (hash matching?) then decrypts the drive's contents with a generic key. But they seem to still require the use of the authentication program? Which means they can't just decrypt the contents with a default key.
Doing decryption on the host is good for the reasons you listed but that would only be for symmetric keys. I would rather not transfer a private a-symmetric key to the host for decryption. If the host is hostile you would not only lose control of your data but your key as well.
So you're saying the infrared camera's are ok then, right? Great! we are all in agreement that they are acceptable.
I however did not say a technology that can literally see through privacy partitions/walls/fences was acceptable. We're in agreement on that too!
BTW, infrared camera's can only see the heat coming off an object, they can't see through another object. Just want to make sure we're all on the same page here.
Seems that they did in software what should have been done in the hardware. The USB hardware should consider itself safe and the host machine suspect.. atleast in my mind. ATMEL has some good chips like: http://atmel.com/products/securerf/cryptocompanion.asp?family=646
Yes, the whole "i don't want anyone to know the temperature of the exterior of my garage" privacy concern. That's even less a concern than people looking through your garbage. Just think about this stuff objectively for a bit man.
Slashdot Mirror
Could i get the NSN for that? I would love to order one and show it to the CDR.
Don't forget that the Chinese Army is made up of Chinese Citizens. Some may fire on their own people when told to.. but i'll bet some will fire on those giving the orders as well.
I read that link, sounds like the local police were trying to keep the peace. Probably sucks that you can't go out at night (after 10pm) but it was an emergency situation, right? If i was arrested trying to bring food to my family i'd be pissed though. But really i could just wait until 6:01 AM and bring the food over.
That might be illegal.. depending on your country of course. Just FYI.
I'll bet you i can run "abc123" Through crypt like 'crypt($passwd, '$1$'.$salt)' and trim the salt from the output... and it would take you a long long time to brute force. There are ~18,000,000,000,000,000 possible salt combinations. Even at 10mil tries per sec that's 57.12 years to exhaust the possibilities.
And that's if you already know the password! You would be better off trying to sneak a peek at the Salt.
Most bruteforce attacks are done on stolen password hashes with a dedicated server/cluster/botnet. Say i found an SQL exploit to grab MD5 hashes for any user account. I would do some research and find an old admin's name. Use the exploit to get the admin's passwd hash. Queue them up in the cluster and forget about it for a few days (or minutes sometimes!). Login with the admin's name and passwd and flex his long unused admin powers to upgrade my own personal account in non-obvious ways. The server logs won't show any login failures.
It seems to me that even 8 characters would be fine with Crypt as long as you had a strong enough (and secret) salt. A person could litterally use the password abc123 and never be bruteforced. If the salt was exposed though, that's a different story. I suppose a person could create a new hash with your system and using the known password and the resulting hash.. they could bruteforce the Salt. So the salt would have to be quite strong.
What? Likes cars, porn, and a decent video card?
what... the.. fuck.. ?
The Jews have always live there.. for like thousands of years. They've been killed off and purged several times. WWI and WWII drove hundreds of thousand of Jewish refugees back there because the world didn't want them. Then the Brits left and the UN made Israel official: http://en.wikipedia.org/wiki/Partition_of_Palestine
So you'd be OK with China buying up tons of land in California (or better yet, Washington DC), and then demanding that that land be turned over to China's control?
There is nothing wrong with that. But the land will still be US soil and subject to US laws. But yes, you can buy that land and do whatever the hell you want on it.
So the US military in Iraq has to basically assume everyone that isn't a US soldier might be the enemy and therefore they can convince themselves that the ethical thing to do is kill anyone they see that they aren't completely sure is on their side.
I think that is the first month of deployment.. or the "i'm afraid to die" phase. If you can pass beyond that, the next phase is Acceptance. The "I'll probably die" phase lets you be less fearful and see the local population as normal people with malcontents mixed in. The third phase is "i'm already dead, time and place TBD" and that is a wonderful feeling to have. You only fear letting your guys down or jacking up the mission. In the third phase you typically only shoot at other muzzle flashes in the night.
they are one-sided invasions
That is the effect the US Army has/will always strive for. Iraq was supposed to have over 500k troops during the initial 2003 invasion. The invasion force was under 500k with 250k being from the US. Training, Technology, and Allies are what the US Military uses to overwhelm it's enemies.
Embrace the foreigners, Extend the foreign Country's government, Extinguish the foreign Country.
What if you could put on glasses and experience something like dennou coil?
I think we see those companies and TVs all the time.. but they are called "no name brands" and other bad names. People like to buy brands they've heard of, even if the product isn't as good.
Reading Niven's Protector right now, just finished page 100. Good story so far.
You are very right about the revocation certificate. If you needed to check for revoked certificates the CA or signer should be maintaining the revocation list. If you self-signed, it would be difficult to get your revocation cert out there to your public key users.
There are public (and free) key-exchange servers but that probably isn't a good alternative for businesses. A trusted third party like a typical CA is their best bet, atm. I doubt a small business wants to setup their own server just to maintain that stuff.
I have to bring up that if your CA revokes their cert, how would you know? Someone at the top has to self-sign. Unless you go with a web of trust, everybody signing each other, which isn't a CA.
I've got a Hitachi Visionplate for.. well, practically free. It's several years old though. 512MB CF card with Puppy linux on it. 600mhz proc. Hitachi must have made the visionplates even before netbooks took off. It's like a nice big wireless touchscreen LCD that you can carry around the house. Super cool.. not sure why nobody likes these things. You can find them cheap on ebay sometimes.
Check it out: http://i4.photobucket.com/albums/y104/tibman/VisionPlate/DSCN0921.jpg
You need to do some research. All a CA is.. is a Self-Signed Certifcate company that signs other people's certificates for money. That does not make the signed certificates any stronger.
PKI is strong not because CAs exist. A-symmetric keys allow you to distribute your public key so that anyone can encrypt messages sent to you. But you keep the private key and only you can decrypt them. This also allows you to sign a file/document/text and prove that you are the key-holder. PKI not only describes the typical CA type but also web of trust and lots of other systems. Anyone can become a CA, including you. If you are the security manager for a company, you can generate your top-level key and self sign it. Any other key not signed by your key isn't authorized.. get it?
If a business wants signed certificates, all they have to do is Generate a certificate, self-sign it, and use that as the master key to sign allowed apps/packages.
In short: a CA = a top-level Self-Signed certificate.
The application signing is worthless because they are self-signed certs? WTF is this guy smoking. Just because someone pays a CA to sign their cert doesn't make it magically more secure. I'll be honest, i think CAs should die off (in their current forms).
Is that copy pasta? Because that was good : )
You might as well say that lots of people coming and going from the house in the middle of the night isn't a reason so make them suspect. Can't a guy have lots of random guests?
If using a thermal camera can help the Police narrow down where the growing is coming from then yes, it is of concern to the police. You are absolutely correct though, it could be an innocent man who turned his garage into a sauna. I rank that up there with your neighbors calling the cops when they see you crawl out of your own window.
Where there's smoke, there's fire.. right? Why do people think it is snooping? They don't reduce your privacy.
Yeah, the article didn't really explain the technical details. From what i got the device needs the software to authenticate (hash matching?) then decrypts the drive's contents with a generic key. But they seem to still require the use of the authentication program? Which means they can't just decrypt the contents with a default key.
Doing decryption on the host is good for the reasons you listed but that would only be for symmetric keys. I would rather not transfer a private a-symmetric key to the host for decryption. If the host is hostile you would not only lose control of your data but your key as well.
So you're saying the infrared camera's are ok then, right? Great! we are all in agreement that they are acceptable.
I however did not say a technology that can literally see through privacy partitions/walls/fences was acceptable. We're in agreement on that too!
BTW, infrared camera's can only see the heat coming off an object, they can't see through another object. Just want to make sure we're all on the same page here.
Seems that they did in software what should have been done in the hardware. The USB hardware should consider itself safe and the host machine suspect.. atleast in my mind. ATMEL has some good chips like: http://atmel.com/products/securerf/cryptocompanion.asp?family=646
Yes, the whole "i don't want anyone to know the temperature of the exterior of my garage" privacy concern. That's even less a concern than people looking through your garbage. Just think about this stuff objectively for a bit man.