Heh, and I didn't RTFP again before posting. Actually the original poster said he wanted to apply that to his password... and then you're right. We must distinguish between two things: 1-way encryption when your aim is to remove as much of original content as possible while remaining decently unambigious, to leave as little hints to the original content as you only can, so the original content can't be in no way retrieved from the hash, OR signing, where the content is public and you don't care if one could retrieve parts of all of the content from the hash, you just care that no other, different content ever has the same hash (just the problem described in the article) so you actually want to leave as many hints to the original content as possible (i.e. multiple signatures). Of course if someone can create a -different- content that generates -the same- hash, you're just as screwed with your passwords. (I'm sure the guy didn't use 93_sH/N as his BIOS password, too smart for him... so what. It works.) Usually creating identical hash from a different string is impossible without knowing the original string though, so your passwords should be safe.
What I wonder would be the extreme compression algorithm based on cracking hashes. Imagine byte stream (integer values of 0-255) being hashed with an algorith which upon reversal (of arbitrary stream) generates a stream of complex (real+i*real) values. Only a very small subset of the reversed hashes would generate a string of 0-255 integers from the real domain. Probably a 100-200byte hash would uniquely define a huge original data stream like 10MB. But for decompressing it you'd have to, like, brute force a 10MB long password:)
Actually XOR is the strongest unbreakable encryption algorithm... providing some simple yet uncomfortable rules.
1) The key is the exact length of the cryptogram. 2) The key is made using really good enthropy source. 3a) The key is used to encrypt/decrypt the (arbitrary) content just once or 3b) The content entropy is pretty high as well.
I heard about this: A pair of 2 identical CDs filled with white noise, identical. Encrypt the content with one, decrypt with the other, with next chunk of content move on to next (unused yet) piece of the noise. Destroy the CDs after all the noise has been used up.
ENCRYPTED-yes. That is, if you have them encrypted in paralell, you give twice as many hints as to contents of the file, so you break any encryption and you're in. But he talks about SIGNATURES. That means you need to break both signature systems to break both signatures. Given problems of adjusting data for one signature system to get given hash WITHOUT breaking the hash for the other system would be a hell. If you intended to substitute signed content with some actual meaningful payload (modified source code) and not just carefully engineered noise, it would make it extremely hard.
In many cases though providing longer hash for one algorithm is easier, without negative impact.
That's true that "accidents happen". But the problem is: Could someone DoS your site by forcing several thousands of byte-by-byte comparisons by sending data carefully engineered to generate multiple hashes?
In your case MD5 works like a simple CRC. You have access to both sources so you can compare them. The problem appears when people use MD5 to sign critical data. Somebody hacks Openssl.org and replaces the binaries. You'd still find MD5sums different on the mirror sites and you'd think things are wrong. But if the md5sum remains the same, nobody will suspect a thing.
One more interesting notice... Java as a development platform. Quite often recently I've seen Java as the language for development kits for different embedded devices. The choice is obvious: Write the kit for Windows and get yelled at by Linux community for supporting the monopoly. Write it only for Linux, you lose at least 60% of customer base. Write for both, not only you have two source trees to maintain, all the others are neglected. Write in Java - one size fits all. The speed isn't so critical in this application (how long could it take to compile 80K of C or Assembly source for a microcontroller?) and cross-platform compatibility is essential.
Java is a nice choice for embedded platforms. It runs several times faster than on PCs (it's native for the hardware, not "emulated" through JRE), the hardware is inexpensive and can perform really sophisticated jobs. I think it may be one of major reasons for Java to take up so much.
Java powered cryptographic iButton - a chip the size of your hand watch battery (stainless steel, shock-resistant, water-resistant and several other-resistant "iButton" package) with Java support.
Re:Somewhat offtopic, but how do people deal with
on
Dealing with Intruders?
·
· Score: 5, Informative
Look up HTB on the net (Heuristic Token Bucket) - a firewall rule that limits network abuse while not obstructing normal network usage - every IP gets a pool of "tokens". One token is removed from the pool when a packet is sent, packets won't be sent as long as the pool is empty, but it gets refilled at constant, slow rate, until it's "full" again. So a user can download, say, 500K in one rapid burst at maximum network capacity, then his connection bandwidth goes down to some 5K. If he waits 100s he will be able to get 500K in similar burst again. This way, one page loads really fast. User reads the page, goes back, loads another one (minute later) very fast again. A loser who keeps reloading, exceeds his 500K bucket content in 2-3 reloads and then gets a constant drip of 5K upstream, hardly disturbing the others.
Load the ship full of newly recruited rookies with some cheap but effective weapons (gauss rifle was okay).
Land the ship in alien base.
Start a short recon. Kill a few aliens. Rummage through one-two of their buildings. Don't save on ammo (everyone has 2 clips to their rifle, they are supposed to use them up). If unsure, throw grenades:)
When your team is down to 50% or so, order retreat. Pack all alienn equipment, alien corpses, all equipment from your teammates corpses into backpacks of the survivors. Start ordered retreat while.
Leave the panicky, heavily wounded and those who despite surviving performed really bad. Load the rest back on ship.
Take off. Congratulate the survivors, they got the job.
While D20 is a decent system for pen&paper RPGs, it's about the worst possible for cRPGs and the more the authors try to adhere to AD&D rule set, the worse the game gets. (Every DM will allow a mage to use a huge longsword to whack at a locked chest or stunned monster, or to wear a plate armour to walk past a corridor stuffed with poisoned dart traps. The mage will possibly get his hands hurt from rebounce when the sword hits, and will stumble really badly in the armour (of course no way to cast spells) but will do all he wants. But cRPG? Mages - dagger only, no armour, such are the rules.
I've got a good chance to get a job (passed the test, will be interviewed in monday). My chance job would be jr. software engineer (C,Perl,Linux) - is this worth a try? Does anyone here work for Motorola (or worked there in the past?) What are your impressions? Is this a good company for employees?
Right now I have a job in a small-to-medium-size private firm. The salary is acceptable, the work OK even if slightly boring, should I leave if they find me suitable for the job at (M)? What salary could I ask/expect? What specific conditions should I prepare to?
you can make it any size you like, using an off-the-shelf LCD monitor as the display. So, I want the display to be, say, 10" diagonal, with frame 11", yeah, I go and buy such a display (where?) or get a ready one and cut it to the right dimensions?
You are pretty much stuck with the display size and you can only obscure it or extend the frame. You are stuck with factory display sizes.
Bio-gas (methane out of sewage) is well known source of renewable energy. From house sewage it isn't very effective, but applied to farms with lots of organic waste, profit goes into serious numbers. So far methane was used simply for heating houses, heating water and such, but using it to produce electricity seems like a simple and logical step forward.
Everyone in India is perfectly aware this Indian boom is good as long as it lasts, but it will end, and they prepare for this already. They claim their jobs will gradually move to Philippines and other countries where labour is even cheaper.
So, if you plan to go to India, remember to save for the return ticket...
The fact you can drive a nail into a wall with any heavy and hard enough object doesn't mean you should use your head for that. I know you -CAN- use shell scripts for CGI. The problem is they are about the worst choice to do it!
Now, can a user redistribute a full ISO of the SuSE Distro?? Well, a distribution is something different. Is a compilation of packages that are totally open source and under GPL, but the distro itself does not have to be. Each distro manufaturer has developed unique ways for installation, package management, maintenance, etc (just some examples) that do not HAVE to be under the GPL or Open Source, BUT, most if not all, make them open as to continue with the Linux "spirit". But it is their choice and is not mandatory. One can take programs out of the distro and redistribute them and be ok. BUT, to fully redistribute the complete Distro (be it SuSE, Red Hat, Debian, Slack, etc etc) one has to read the actual license of each Distro, for each of them is different. That is the license for the distribution itself and not for the software that is compiled in it! ( I think most if not all distro companies have the full license posted on their site somewhere.)
Is posting a.torrent of it, by someone who got it legal? I mean, great most of Linux is GNU but doesn't Mandrake include some proprietary pieces that would make distributing it to us random hackers illegal, or is the restriction just caused by bandwidth considerations?
Yeah, I'm sure no webmaster could live without any of the following and that shell is the best choice to implement them.
069-showcgienv.sh display the CGI runtime environment, as given to any CGI script on this system. 070-logsearch.cgi given a search request, log the pattern, then feed the entire sequence to the real Yahoo search system. 070-yahoo-search.html html helper file for script #70, logsearch. 071-getdope.sh grab the latest column of 'The Straight Dope' and mail it to the specified recipient 071-kevin-and-kell.cgi Build a Web page on-the-fly to display the latest strip from the cartoon strip Kevin and Kell, by Bill Holbrook (Strip referenced with permission of the cartoonist) 072-contactus.cgi Process the contact us form data, email it to the designated recipient, and return a succinct thank you message. 072-contactus.html html helper file for script #72, contactus.cgi 073-photoalbum.cgi dynamic web photo album utility. 074-guestbook.cgi display the current guestbook entries, append a simple form for visitors to add their own comments, and accept and process new guest entries. Works with a separate data file that actually contains the guest data. 074-guestbook.txt data file for script #74, guestbook.cgi 075-counter.sh a simple text-based page counter, with appropriate locking 075-page-with-counter.html html helper file for script #75, counter 075-streamfile.cgi output an HTML file, replacing the sequence ---countervalue--- with the current counter value. 075-updatecounter.sh a tiny script that updates the counter file to the value specified. Assumes that locking is done elsewhere. 076-randomquote.sh given a one-line-per-entry datafile, this script will randomly pick one and display it. Best used as an SSI call within a Web page. 076-ssi-sample.html html sample file for script #76, randomquote. 077-checklinks.sh traverse all internal URLs on a Web site, reporting any errors in the "traverse.errors" file. 078-checkexternal.sh traverse all internal URLs on a Web site to build a list of external references, then check each one to ascertain which might be dead or otherwise broken. 079-webspell.sh use the 'aspell' feature + lynx to spell check either a Web page URL or a file. 080-apm-footer.html html sample footer information for script #80, apm.cgi 080-apm.cgi Apache Password Manager - allows the administrator to easily manage the addition, update, or deletion of accounts and passwords for a subdirectory of a typical Apache configuration (where the config file is called.htaccess) 080-htpasswd-b.pl Perl script for sites that don't have an htpasswd with a -b flag 084-webaccess.sh analyze an Apache-format access_log file, extracting useful and interesting statistics 085-enginehits.sh extract and analyze search engine traffic in the referrer field of a Common Log Format access log for a specified domain name.
Slashdot Mirror
Heh, and I didn't RTFP again before posting. Actually the original poster said he wanted to apply that to his password... and then you're right.
:)
We must distinguish between two things: 1-way encryption when your aim is to remove as much of original content as possible while remaining decently unambigious, to leave as little hints to the original content as you only can, so the original content can't be in no way retrieved from the hash, OR signing, where the content is public and you don't care if one could retrieve parts of all of the content from the hash, you just care that no other, different content ever has the same hash (just the problem described in the article) so you actually want to leave as many hints to the original content as possible (i.e. multiple signatures). Of course if someone can create a -different- content that generates -the same- hash, you're just as screwed with your passwords. (I'm sure the guy didn't use 93_sH/N as his BIOS password, too smart for him... so what. It works.) Usually creating identical hash from a different string is impossible without knowing the original string though, so your passwords should be safe.
What I wonder would be the extreme compression algorithm based on cracking hashes. Imagine byte stream (integer values of 0-255) being hashed with an algorith which upon reversal (of arbitrary stream) generates a stream of complex (real+i*real) values. Only a very small subset of the reversed hashes would generate a string of 0-255 integers from the real domain. Probably a 100-200byte hash would uniquely define a huge original data stream like 10MB. But for decompressing it you'd have to, like, brute force a 10MB long password
Actually XOR is the strongest unbreakable encryption algorithm... providing some simple yet uncomfortable rules.
1) The key is the exact length of the cryptogram.
2) The key is made using really good enthropy source.
3a) The key is used to encrypt/decrypt the (arbitrary) content just once
or
3b) The content entropy is pretty high as well.
I heard about this: A pair of 2 identical CDs filled with white noise, identical. Encrypt the content with one, decrypt with the other, with next chunk of content move on to next (unused yet) piece of the noise. Destroy the CDs after all the noise has been used up.
ENCRYPTED-yes. That is, if you have them encrypted in paralell, you give twice as many hints as to contents of the file, so you break any encryption and you're in.
But he talks about SIGNATURES. That means you need to break both signature systems to break both signatures. Given problems of adjusting data for one signature system to get given hash WITHOUT breaking the hash for the other system would be a hell. If you intended to substitute signed content with some actual meaningful payload (modified source code) and not just carefully engineered noise, it would make it extremely hard.
In many cases though providing longer hash for one algorithm is easier, without negative impact.
That's true that "accidents happen". But the problem is: Could someone DoS your site by forcing several thousands of byte-by-byte comparisons by sending data carefully engineered to generate multiple hashes?
In your case MD5 works like a simple CRC. You have access to both sources so you can compare them. The problem appears when people use MD5 to sign critical data.
Somebody hacks Openssl.org and replaces the binaries. You'd still find MD5sums different on the mirror sites and you'd think things are wrong. But if the md5sum remains the same, nobody will suspect a thing.
I'd win hands down. .NET
.COM
(386 000 000 results)
versus
(1940 000 000 results)
One more interesting notice... Java as a development platform. Quite often recently I've seen Java as the language for development kits for different embedded devices. The choice is obvious: Write the kit for Windows and get yelled at by Linux community for supporting the monopoly. Write it only for Linux, you lose at least 60% of customer base. Write for both, not only you have two source trees to maintain, all the others are neglected. Write in Java - one size fits all. The speed isn't so critical in this application (how long could it take to compile 80K of C or Assembly source for a microcontroller?) and cross-platform compatibility is essential.
Java is a nice choice for embedded platforms. It runs several times faster than on PCs (it's native for the hardware, not "emulated" through JRE), the hardware is inexpensive and can perform really sophisticated jobs. I think it may be one of major reasons for Java to take up so much.
Java powered cryptographic iButton - a chip the size of your hand watch battery (stainless steel, shock-resistant, water-resistant and several other-resistant "iButton" package) with Java support.
Look up HTB on the net (Heuristic Token Bucket) - a firewall rule that limits network abuse while not obstructing normal network usage - every IP gets a pool of "tokens". One token is removed from the pool when a packet is sent, packets won't be sent as long as the pool is empty, but it gets refilled at constant, slow rate, until it's "full" again. So a user can download, say, 500K in one rapid burst at maximum network capacity, then his connection bandwidth goes down to some 5K. If he waits 100s he will be able to get 500K in similar burst again. This way, one page loads really fast. User reads the page, goes back, loads another one (minute later) very fast again. A loser who keeps reloading, exceeds his 500K bucket content in 2-3 reloads and then gets a constant drip of 5K upstream, hardly disturbing the others.
Sorry, opposite end of the country.
Recruitment Rules for "Terror from the Deep":
:)
Load the ship full of newly recruited rookies with some cheap but effective weapons (gauss rifle was okay).
Land the ship in alien base.
Start a short recon. Kill a few aliens. Rummage through one-two of their buildings. Don't save on ammo (everyone has 2 clips to their rifle, they are supposed to use them up). If unsure, throw grenades
When your team is down to 50% or so, order retreat. Pack all alienn equipment, alien corpses, all equipment from your teammates corpses into backpacks of the survivors. Start ordered retreat while.
Leave the panicky, heavily wounded and those who despite surviving performed really bad. Load the rest back on ship.
Take off. Congratulate the survivors, they got the job.
Wizardry 8 - Yes, playing that now :) NEAT!
While D20 is a decent system for pen&paper RPGs, it's about the worst possible for cRPGs and the more the authors try to adhere to AD&D rule set, the worse the game gets. (Every DM will allow a mage to use a huge longsword to whack at a locked chest or stunned monster, or to wear a plate armour to walk past a corridor stuffed with poisoned dart traps. The mage will possibly get his hands hurt from rebounce when the sword hits, and will stumble really badly in the armour (of course no way to cast spells) but will do all he wants. But cRPG? Mages - dagger only, no armour, such are the rules.
All the above in form of cartoons?
Motorola employs 300 programmers here, in Poland.
I've got a good chance to get a job (passed the test, will be interviewed in monday). My chance job would be jr. software engineer (C,Perl,Linux) - is this worth a try? Does anyone here work for Motorola (or worked there in the past?) What are your impressions? Is this a good company for employees?
Right now I have a job in a small-to-medium-size private firm. The salary is acceptable, the work OK even if slightly boring, should I leave if they find me suitable for the job at (M)? What salary could I ask/expect? What specific conditions should I prepare to?
you can make it any size you like, using an off-the-shelf LCD monitor as the display.
So, I want the display to be, say, 10" diagonal, with frame 11", yeah, I go and buy such a display (where?) or get a ready one and cut it to the right dimensions?
You are pretty much stuck with the display size and you can only obscure it or extend the frame. You are stuck with factory display sizes.
Quaoar (though some claim it's too small for a planet...)
Alf predicted them both!
Bio-gas (methane out of sewage) is well known source of renewable energy. From house sewage it isn't very effective, but applied to farms with lots of organic waste, profit goes into serious numbers. So far methane was used simply for heating houses, heating water and such, but using it to produce electricity seems like a simple and logical step forward.
Everyone in India is perfectly aware this Indian boom is good as long as it lasts, but it will end, and they prepare for this already. They claim their jobs will gradually move to Philippines and other countries where labour is even cheaper.
So, if you plan to go to India, remember to save for the return ticket...
The fact you can drive a nail into a wall with any heavy and hard enough object doesn't mean you should use your head for that. I know you -CAN- use shell scripts for CGI. The problem is they are about the worst choice to do it!
If it something is sent to me for free, it is um, well, free!
Here, take this gold bar, absolutely for free, it's a gift. You pay nothing, it costs nothing! And now, about that contract of ours...
I seriously wonder what they would say.
You have a device and nothing to fill it with. You ask them for songs and they tell you...what? Encourage you to break the law?
The only way I see to use this device is to buy a CD, and if I can't rip it
Did they create a WORKING copy protection scheme yet? i.e. one you can't circumvent by shift key or just by using the CD under Linux???
http://www.computing.net/linux/wwwboard/forum/2
Just like SuSE Professional ISO distributions?
Is posting a .torrent of it, by someone who got it legal?
I mean, great most of Linux is GNU but doesn't Mandrake include some proprietary pieces that would make distributing it to us random hackers illegal, or is the restriction just caused by bandwidth considerations?
Yeah, I'm sure no webmaster could live without any of the following and that shell is the best choice to implement them.
.htaccess)
069-showcgienv.sh
display the CGI runtime environment, as given to any CGI script on this system.
070-logsearch.cgi
given a search request, log the pattern, then feed the entire sequence to the real Yahoo search system.
070-yahoo-search.html
html helper file for script #70, logsearch.
071-getdope.sh
grab the latest column of 'The Straight Dope' and mail it to the specified recipient
071-kevin-and-kell.cgi
Build a Web page on-the-fly to display the latest strip from the cartoon strip Kevin and Kell, by Bill Holbrook (Strip referenced with permission of the cartoonist)
072-contactus.cgi
Process the contact us form data, email it to the designated recipient, and return a succinct thank you message.
072-contactus.html
html helper file for script #72, contactus.cgi
073-photoalbum.cgi
dynamic web photo album utility.
074-guestbook.cgi
display the current guestbook entries, append a simple form for visitors to add their own comments, and accept and process new guest entries. Works with a separate data file that actually contains the guest data.
074-guestbook.txt
data file for script #74, guestbook.cgi
075-counter.sh
a simple text-based page counter, with appropriate locking
075-page-with-counter.html
html helper file for script #75, counter
075-streamfile.cgi
output an HTML file, replacing the sequence ---countervalue--- with the current counter value.
075-updatecounter.sh
a tiny script that updates the counter file to the value specified. Assumes that locking is done elsewhere.
076-randomquote.sh
given a one-line-per-entry datafile, this script will randomly pick one and display it. Best used as an SSI call within a Web page.
076-ssi-sample.html
html sample file for script #76, randomquote.
077-checklinks.sh
traverse all internal URLs on a Web site, reporting any errors in the "traverse.errors" file.
078-checkexternal.sh
traverse all internal URLs on a Web site to build a list of external references, then check each one to ascertain which might be dead or otherwise broken.
079-webspell.sh
use the 'aspell' feature + lynx to spell check either a Web page URL or a file.
080-apm-footer.html
html sample footer information for script #80, apm.cgi
080-apm.cgi
Apache Password Manager - allows the administrator to easily manage the addition, update, or deletion of accounts and passwords for a subdirectory of a typical Apache configuration (where the config file is called
080-htpasswd-b.pl
Perl script for sites that don't have an htpasswd with a -b flag
084-webaccess.sh
analyze an Apache-format access_log file, extracting useful and interesting statistics
085-enginehits.sh
extract and analyze search engine traffic in the referrer field of a Common Log Format access log for a specified domain name.