XBox was hacked so "easily" because it didn't have a "smartcard chip". It had key in one chip, which was then transferred in plaintext over a bus to the processor which used it. Stupid design really (but cheap and easy).
More sensible design has the en/decryption routines on the same chip as the key. Data goes in, gets en/decrypted, and goes back out. Key never leaves the chip. And this kind of chip typically only does private/public key stuff (session keys, signatures, ie small amount of data) so performance isn't an issue. This is essentially what smartcards do, too (of coz they require correct PIN first before doing anything).
And trying to sniff somethig out of an IC is rather hard, to put it mildly. After opening the IC case without damaging the IC (non-trivial) you need stuff like nanometer scale probes to read anything from it, and an electron microscope to get probes to correct places. In other words, insane amount of $$$$ just for equipment alone.
Various richer security services (NSA at least), or IBM labs and the like can probalby do it. I doubt anybody else even really knows how to do it.
I assume you mean getting a private key from one mobo, and duplicating that?
That would require 1st getting the private key (probably effectively impossible unless you're NSA). And then then somehow prevent them from banning that particular key once it's clear it's being used in many comps.
Doesn't sound practical.
Re:Patent protection?
on
Cracking GSM
·
· Score: 2, Informative
You think that intercepting radio waves broadcast through my house and body is a criminal act? That seems a bit far fetched.
Intercepting or receiving radio waves isn't illegal of course. Same as you are not breaking any law if you hear when your neighbours shout to each others over you property (hell, if they bother you with it, you can probably get them for disturbing your peace). Even descrambling probably isn't illegal, unless there's a specific law against that. But listening to certainly is. That's about same as using sensitive directional microphone from your house and listening what is said at your neighbour's house. Surely you don't think that's legal too, just because the sound waves travel through you and your property, and if you want to have a private conversation you should be in some special room or avoid sounds by using pen and paper...?
It's the same principle as with post. If you get somebody elses mail by mistake, you are not allowed to open it even if it came through your mailbox and lies on your floor in your house on your land.
I mean, if you want to get technical, then every telephone wire is actually a radio antenna. With sensitive enough equipment you can listen to what it transmits, just as with correct equipment you can (according to the article) mess with GSM. So what did you say about landlines being secure?
A civilized society has to protect privacy of it's citizens, both from the government and from other citizens. That's just common sense to me.
And you say "far fetched"... Hmm, tell me, are you by any chance an American...?
Simple fact is, there are technical ways to setup secure communications - and people who think broadcast can be secure from eavesdropping are crazy.
Yes, but that doesn't make eavesdropping legal.
"Simple fact is, there are technical ways to travel safely - and people who think walking on street is safe from getting killed are crazy."
That's true too, but it doesn't mean that intentionally driving over somebody walking on a street should be legal...
Re:Patent protection?
on
Cracking GSM
·
· Score: 1
Make this illegal and only criminals will listen to your phone call.
I belive the very act of listening to other people's phone calls makes you a criminal... And there are no legitimate uses (unlike guns).
So wether cracking GSM is illegal or not, "only criminals will listen to your phone calls" anyway.
Did you try the subtle art of irony and a moderator misunderstood?:-)
Apparent purpose of the patent would be to prevent anybody from developing and selling GSM listening devices commercially unless they can get license from patent holder.
I mean, that's generally what patents are meant for, to prevent others from exploiting your innovation.
Of course if somebody doesn't care about patent laws, it doesn't help. However, it'll keep this technology off the shelves of your local electronics shop.
And I don't think DMCA has anythig to do with patents directly.
Sadly, spammers aren't stupid. It's only the ethics/morals/conciense that is non-existent.
But in any case, I'd prefer to be thorough: no matter where you aim, cut off the (reamins of) his head after the spammer is down. You can never be too sure.
I am suprized anyone is allowed on a plane, considering how any thing carried on can be a weapon.
Well, the obivious solution would be to have everybody nude in the plane. Or if you really want to be conservative fundamentalist, provide clothes by the airline (throw-away paper/plastic clothes, ugly but you could get to pick the color at least!).
In either case, obiviously a full body cavity search would be needed to make sure there are no nasty objects hidden anywhere.
MD5 hashes of parts of file would still be different, even if hash of entire file was duplicate.
But anyway, using MD5 allows anybody to masquerade an entire file if he has a quick way to create MD5 hash collision, and no way to prevent it (other than not using MD5, but something better instead).
Say 6 bits per letter, total 48 bits, -> 2^48 different passwords.
Assume 256=2^8 clock cycles to caclulate one hash (imagine hand-optimized routine using MMX instructions or 64 bit processor). -> 2^56 clock cycles needed *total*.
2GHz processor, 2^31 cycles per second -> 2^25 seconds -> 388 days
Split to 10 computers (parallelizes perfectly) -> 6 weeks
And this cracks every 8 char password in a password file, not just one.
(it still has other uses, as a checksum as well as protect e.g. passwords so that they are not stored in plain text)
No. If you can easily generate a password that gives this hash, then that generated password will be accepted even if it's not the same as original one.
So storing insecure hashes of passwords is no better than storing plaintext passwords.
Only real use for insecure hash is detecting data errors, and obfuscating data that is so unimportant that nobody will go to the trouble of cracking it even though it is possible.
actually not that terribly long, a few years at most, and it parallelizes perfectly
Actually isn't true. I was mixing it up with cracking unix MD5 passwords, which is easy because the password lenght often is relatively short, like just 8 chars, so you can actually go through the entire password space by brute force quite fast until you find a password that generates the MD5 sum you know. Going through the entire MD5 hash space by brute force would take ages.
OT: So either use long enough passwords (10 chars minimum for a random one) or change yours every month. Even 8 char totally random password is cracked in months with single computer, let alone if you can harness a bunch of windows machines on the net to chomp through a captured password file with many passwords...
First of all it's very clear that two files can give same MD5 checksums. After all, MD5 is only 16 bytes (2^128 different possible). So if you have just 17 byte files (2^136 different possible), it's clear that on average every MD5 sum matches to 256 of all possible files.
It's just damn unlikely to get 2 files with same MD5, and if you wanted to brute force it, you would have to try average 2^64 different files before you found one with identical MD5 to another file. And this would take a long time (actually not that terribly long, a few years at most, and it parallelizes perfectly).
The page you link to implies that it's possible to "easily" fabricate a file that produces a given check sum, so instead of months of processing time, only days or hours would be needed to get a MD5 hash collision.
So all P2P users / software makers need to do to circumvent this, is to agree on a specific MD5 sum, then patch every file so that they produce this same MD5 sum:)
Of course the obivious solution for RIAA would be to use a more secure hash algorithm, with more bits. Unbroken algorithm with enough bits can't be faked, as it would take more than age of the universe to brute force it.
Though the basic problem with this RIAA method remains. If you rip with same software from identical CD digitally, and there are not bit errors at ay point, then you should end up with identical file, and therefore identical hash no matter how secure the algorithm is...
Self replication isn't the worry at all yet. The worry is toxicology. You clearly didn't read any of the links or even closely read the blurb.
Read? Links? What are you talking about?;)
Anyway, as long as it's a matter of toxicology, I don't see any need for special ethics considerations. If it's only plain old toxicology, then how it is different from regular chemical or construction industry stuff? Nobody is suggesting that we should have special ethical considerations about using stuff like asbestos or formaldehyde, it's just regulations. If first nanoproducts don't bring anything "special" into it, why would they need to be handled differently than new "ordinary" chemicals and materials?
Hopefully something like this will never happen again.
Yes sure. But something like this inevitably will happen again. I just hope it won't deter us from continuing with manned space exploration. (There might be other reasons to have a pause in manned space exploration, but fear of loss of life should never be one.)
The size is a factor too, anything so small you can't see it is essentially an invisible. An invisible threat is much more menacing than mere bullets.
But primarily t's not about the size. It's the implied ability for nanomachines to replicate themselves. Basically some are afraid that we can create nanomachines that will wipe out everything biological.
Personally, I'm not too worried. I find it hard to believe we can outdo 4 billion years of evolution the bacteria and viruses have behind them. After all, the nanobots need to operate under same conditions, tap the same energy sources, as bacteria already do. We are already covered in microbiological "gray goo", and frankly I don't think nanomechanic gray goo has a chance against that.
1) Communistic system failed largely due to lack of competition inside it, and economically superior competitive system outside it (western capitalism) wiping floor with it.
2) I don't know about that case, but I imagine that if there had only been one engine developed, it would likely have been less fuel efficient than either of those you mention.
3) Huh? I don't see any connection between competition and US Senate queries really, so you lost me here... Mind you, I'm not American, and just about all I know about US Senate is that it exists (which I bet is more than you know about my country's governmental system, but anyway;).
Co-operation is good, but "combining all space agencies" would be about as useful as "combining all international airlines". It would not make things more efficient or cheaper.
Common goal... Yeah. And communism is such a nice idea on paper too.
We people need competition to bring out the ambition in us. It keeps us going, pushing to the limits. This applies both in individual level (my rocket engine will be the best, even if I have to work 80h a week), and at society level (our boys can get to the Moon first, never mind the cost).
Co-operation is essential of course, but competition implies duplication to a certian degree, and trying to elimiate that will just get less done for same resources. Human nature.
Seems like the game was overdone or underoptimized or the xbox is insufficient.
Nah. There's different CPU/GPU load at different times. To make it run 100% smooth no matter the amount of enemies and action, it'd also look less good 100% of the time. For me Halo has a perfect compromise in that regard. It looks good, and it has very few spots where it gets jerky. Unlike, for example (non-patchecd) Unreal Chapmpionship...
Slashdot Mirror
You think the attack will be over at some point? You sure are an optimist! ;)
XBox was hacked so "easily" because it didn't have a "smartcard chip". It had key in one chip, which was then transferred in plaintext over a bus to the processor which used it. Stupid design really (but cheap and easy).
More sensible design has the en/decryption routines on the same chip as the key. Data goes in, gets en/decrypted, and goes back out. Key never leaves the chip. And this kind of chip typically only does private/public key stuff (session keys, signatures, ie small amount of data) so performance isn't an issue. This is essentially what smartcards do, too (of coz they require correct PIN first before doing anything).
And trying to sniff somethig out of an IC is rather hard, to put it mildly. After opening the IC case without damaging the IC (non-trivial) you need stuff like nanometer scale probes to read anything from it, and an electron microscope to get probes to correct places. In other words, insane amount of $$$$ just for equipment alone.
Various richer security services (NSA at least), or IBM labs and the like can probalby do it. I doubt anybody else even really knows how to do it.
I assume you mean getting a private key from one mobo, and duplicating that?
That would require 1st getting the private key (probably effectively impossible unless you're NSA). And then then somehow prevent them from banning that particular key once it's clear it's being used in many comps.
Doesn't sound practical.
Intercepting or receiving radio waves isn't illegal of course. Same as you are not breaking any law if you hear when your neighbours shout to each others over you property (hell, if they bother you with it, you can probably get them for disturbing your peace). Even descrambling probably isn't illegal, unless there's a specific law against that. But listening to certainly is. That's about same as using sensitive directional microphone from your house and listening what is said at your neighbour's house. Surely you don't think that's legal too, just because the sound waves travel through you and your property, and if you want to have a private conversation you should be in some special room or avoid sounds by using pen and paper...?
It's the same principle as with post. If you get somebody elses mail by mistake, you are not allowed to open it even if it came through your mailbox and lies on your floor in your house on your land.
I mean, if you want to get technical, then every telephone wire is actually a radio antenna. With sensitive enough equipment you can listen to what it transmits, just as with correct equipment you can (according to the article) mess with GSM. So what did you say about landlines being secure?
A civilized society has to protect privacy of it's citizens, both from the government and from other citizens. That's just common sense to me.
And you say "far fetched"... Hmm, tell me, are you by any chance an American...?
Yes, but that doesn't make eavesdropping legal.
"Simple fact is, there are technical ways to travel safely - and people who think walking on street is safe from getting killed are crazy."
That's true too, but it doesn't mean that intentionally driving over somebody walking on a street should be legal...
Make this illegal and only criminals will listen to your phone call.
:-)
I belive the very act of listening to other people's phone calls makes you a criminal... And there are no legitimate uses (unlike guns).
So wether cracking GSM is illegal or not, "only criminals will listen to your phone calls" anyway.
Did you try the subtle art of irony and a moderator misunderstood?
Apparent purpose of the patent would be to prevent anybody from developing and selling GSM listening devices commercially unless they can get license from patent holder.
I mean, that's generally what patents are meant for, to prevent others from exploiting your innovation.
Of course if somebody doesn't care about patent laws, it doesn't help. However, it'll keep this technology off the shelves of your local electronics shop.
And I don't think DMCA has anythig to do with patents directly.
And they think the French will listen?
Sadly, spammers aren't stupid. It's only the ethics/morals/conciense that is non-existent.
But in any case, I'd prefer to be thorough: no matter where you aim, cut off the (reamins of) his head after the spammer is down. You can never be too sure.
I am suprized anyone is allowed on a plane, considering how any thing carried on can be a weapon.
Well, the obivious solution would be to have everybody nude in the plane. Or if you really want to be conservative fundamentalist, provide clothes by the airline (throw-away paper/plastic clothes, ugly but you could get to pick the color at least!).
In either case, obiviously a full body cavity search would be needed to make sure there are no nasty objects hidden anywhere.
Yep, that's it :)
Eh? DR-DOS? I don't think so...
;) Or, what was it... QuickDesk? Anyway, that multitasker app for DOS.
What version?
Relevant links?
You are't mixing it with Win3.11 by any chance, are you?
But it wouldn't be marketed like that of course. Just like early 486SX wasn't marketed as 486DX with a broken/disabled FPU.
MD5 hashes of parts of file would still be different, even if hash of entire file was duplicate.
But anyway, using MD5 allows anybody to masquerade an entire file if he has a quick way to create MD5 hash collision, and no way to prevent it (other than not using MD5, but something better instead).
It's much shorter time than that.
Say 6 bits per letter, total 48 bits,
-> 2^48 different passwords.
Assume 256=2^8 clock cycles to caclulate one hash (imagine hand-optimized routine using MMX instructions or 64 bit processor).
-> 2^56 clock cycles needed *total*.
2GHz processor, 2^31 cycles per second
-> 2^25 seconds
-> 388 days
Split to 10 computers (parallelizes perfectly)
-> 6 weeks
And this cracks every 8 char password in a password file, not just one.
(it still has other uses, as a checksum as well as protect e.g. passwords so that they are not stored in plain text)
No. If you can easily generate a password that gives this hash, then that generated password will be accepted even if it's not the same as original one.
So storing insecure hashes of passwords is no better than storing plaintext passwords.
Only real use for insecure hash is detecting data errors, and obfuscating data that is so unimportant that nobody will go to the trouble of cracking it even though it is possible.
Imagine two people using same ripper with default settings, and getting tags and stuff from same online database.
Above is not very far fetched, now is it? And result should be identical files.
To correct myself:
actually not that terribly long, a few years at most, and it parallelizes perfectly
Actually isn't true. I was mixing it up with cracking unix MD5 passwords, which is easy because the password lenght often is relatively short, like just 8 chars, so you can actually go through the entire password space by brute force quite fast until you find a password that generates the MD5 sum you know. Going through the entire MD5 hash space by brute force would take ages.
OT:
So either use long enough passwords (10 chars minimum for a random one) or change yours every month. Even 8 char totally random password is cracked in months with single computer, let alone if you can harness a bunch of windows machines on the net to chomp through a captured password file with many passwords...
A bit of clarification is in order I think.
:)
First of all it's very clear that two files can give same MD5 checksums. After all, MD5 is only 16 bytes (2^128 different possible). So if you have just 17 byte files (2^136 different possible), it's clear that on average every MD5 sum matches to 256 of all possible files.
It's just damn unlikely to get 2 files with same MD5, and if you wanted to brute force it, you would have to try average 2^64 different files before you found one with identical MD5 to another file. And this would take a long time (actually not that terribly long, a few years at most, and it parallelizes perfectly).
The page you link to implies that it's possible to "easily" fabricate a file that produces a given check sum, so instead of months of processing time, only days or hours would be needed to get a MD5 hash collision.
So all P2P users / software makers need to do to circumvent this, is to agree on a specific MD5 sum, then patch every file so that they produce this same MD5 sum
Of course the obivious solution for RIAA would be to use a more secure hash algorithm, with more bits. Unbroken algorithm with enough bits can't be faked, as it would take more than age of the universe to brute force it.
Though the basic problem with this RIAA method remains. If you rip with same software from identical CD digitally, and there are not bit errors at ay point, then you should end up with identical file, and therefore identical hash no matter how secure the algorithm is...
Self replication isn't the worry at all yet. The worry is toxicology. You clearly didn't read any of the links or even closely read the blurb.
;)
Read? Links? What are you talking about?
Anyway, as long as it's a matter of toxicology, I don't see any need for special ethics considerations. If it's only plain old toxicology, then how it is different from regular chemical or construction industry stuff? Nobody is suggesting that we should have special ethical considerations about using stuff like asbestos or formaldehyde, it's just regulations. If first nanoproducts don't bring anything "special" into it, why would they need to be handled differently than new "ordinary" chemicals and materials?
Hopefully something like this will never happen again.
Yes sure. But something like this inevitably will happen again. I just hope it won't deter us from continuing with manned space exploration. (There might be other reasons to have a pause in manned space exploration, but fear of loss of life should never be one.)
The size is a factor too, anything so small you can't see it is essentially an invisible. An invisible threat is much more menacing than mere bullets.
But primarily t's not about the size. It's the implied ability for nanomachines to replicate themselves. Basically some are afraid that we can create nanomachines that will wipe out everything biological.
Personally, I'm not too worried. I find it hard to believe we can outdo 4 billion years of evolution the bacteria and viruses have behind them. After all, the nanobots need to operate under same conditions, tap the same energy sources, as bacteria already do. We are already covered in microbiological "gray goo", and frankly I don't think nanomechanic gray goo has a chance against that.
1) Communistic system failed largely due to lack of competition inside it, and economically superior competitive system outside it (western capitalism) wiping floor with it.
;).
2) I don't know about that case, but I imagine that if there had only been one engine developed, it would likely have been less fuel efficient than either of those you mention.
3) Huh? I don't see any connection between competition and US Senate queries really, so you lost me here... Mind you, I'm not American, and just about all I know about US Senate is that it exists (which I bet is more than you know about my country's governmental system, but anyway
Co-operation is good, but "combining all space agencies" would be about as useful as "combining all international airlines". It would not make things more efficient or cheaper.
Time to read 1984 for those who haven't yet or have forgotten... Communism isn't the the only route to that kind of world...
Common goal... Yeah. And communism is such a nice idea on paper too.
We people need competition to bring out the ambition in us. It keeps us going, pushing to the limits. This applies both in individual level (my rocket engine will be the best, even if I have to work 80h a week), and at society level (our boys can get to the Moon first, never mind the cost).
Co-operation is essential of course, but competition implies duplication to a certian degree, and trying to elimiate that will just get less done for same resources. Human nature.
Seems like the game was overdone or underoptimized or the xbox is insufficient.
Nah. There's different CPU/GPU load at different times. To make it run 100% smooth no matter the amount of enemies and action, it'd also look less good 100% of the time. For me Halo has a perfect compromise in that regard. It looks good, and it has very few spots where it gets jerky. Unlike, for example (non-patchecd) Unreal Chapmpionship...