Subscribe to this blog in Radio:
Didn't find what you were looking for?
E-mail this blog's author, Bruce Umbaugh:  |
|
 |
Monday, January 30, 2006 |
"Rainbows" (humongous look up tables) to crack passwords (from
November).
Over the past two years, three security enthusiasts from
the United
States and Europe set a host of computers to the task of creating
eleven enormous tables of data that can be used to look up common
passwords. The tables - totaling 500GB - form the core data of a
technique known as rainbow cracking, which uses vast dictionaries of
data to let anyone reverse the process of creating hashes - the
statistically unique codes that, among other duties, are used to
obfuscate a user's password.
. . . . Called
RainbowCrack Online, the site allows anyone to pay a subscription fee
and submit password hashes for cracking.
"Usually people think that a complex, but short, password is very
secure, something like $FT%_3^," said Travis, one of the founders of
RainbowCrack Online, who asked that his last name not be used.
"However, you will find that our tables handle that password quite
easily."
. . .
The latest attack focuses on the hash functions used to verify
passwords. Because operating systems cannot keep a copy of the
password on the disk without weakening system security, the software
instead saves a statistically unique code generated from the pasword.
While the code, or hash, is computationally easy to create, reversing
the process to recover the password is nearly impossible, given a
correctly implemented hash function.
Rainbow tables side step the difficulty in cracking a single password
by instead creating a large data set of hashes from nearly every
possible password. To break a password, the attacker merely looks up
the hash to find the password that produces that code.
"Creating the tables takes much more time than cracking a single hash,
but then you can use the tables over and over again," said Philippe
Oechslin, CEO of Swiss information-technology firm Objectif Sécurité
and the inventor of rainbow tables. "The advantage of rainbow tables
is that once you have the tables it is faster than a brute force
(attack) and it needs less memory than a full dictionary (attack) of
the function."
2:29:57 PM 
|
|
Four from BNA News:
THE RISKS AND REWARDS OF DATA RETENTION
My weekly Law Bytes column examines the U.S. Department of
Justice's demand for search data from the world's leading
search engines. While much of the focus has been on the
privacy implications of the request, I argue that the story
highlights a much bigger issue - the significant risks and
rewards that arise from data retention.
Toronto Star version
Freely available column
GATES SUPPORTS GOOGLE'S MOVE INTO CHINA
Bill Gates said on Friday the spectre of state censorship
and the proliferation of illegal software should not deter
technology companies from doing business in China.
Microsoft, Google, and Yahoo have been criticized for
acquiescing to Chinese government demands to block access to
certain sites, a move critics contend suppresses free speech
in the country.
CNET coverage
SiliconValley.com coverage
GOOGLE ADDRESSES CHINA SEARCH RESULTS
A day after Google's buggy censorship of sites for
Chinese-users was revealed, the search giant responded by
fixing its filters so topics such as beer and jokes are no
longer deleted. An investigation published last Thursday by
CNET News.com showed that Google's new China search engine
not only censored criticisms of the Chinese government, but
went further than similar services from Microsoft and Yahoo
by targeting sites related to teen pregnancy, alcohol,
dating and homosexuality.
HACKER WHO SELLS LEAKED WINDOWS CODE JAILED
A hacker who sold a copy online of secret source code for
parts of the Windows operating system that was leaked in
2004 was sentenced to two years in federal prison Friday.
Like many others, the hacker downloaded a copy of the leaked
code. Unlike others, he posted a note to his Web site
offering it for sale.
11:29:28 AM
|
|
Bubbling up.
Read this L.A. Times piece about the new Steven Soderbergh movie Bubble, before it scrolls behind the paywall. (Note: that last link goes to HDNet Films' all-Flash website, where it appears that no direct link to any item is possible. Hey, Mark, can you get your guys to fix that?)
Here's the imdb page on the movie.
Here's the LA Times editorial today on the matter.
Here's an SFChrnonicle piece about the movie. This one won't scroll behind a paywall.
. . .
Here's the part of the story that matters:
"Bubble" clearly hews to the more esoteric side of Soderbergh's sensibility. In fact, if the casting for the movie is any indication, the future of digital cinema may rely more on the kindness of strangers like Kentucky Fried Chicken employee Debbie Doebereiner than on the largesse of superstar Julia Roberts, Hollywood's highest-paid actress, who won an Oscar for "Erin Brockovich" and has since appeared in three more Soderbergh films.
In April, Soderbergh found himself an unlikely new muse when he became fixated by Doebereiner, a pale, plump, middle-aged woman who makes her acting debut in "Bubble." Doebereiner was discovered behind the counter of a fast-food joint in rural West Virginia.
"It's pretty hilarious," Soderbergh says. "Our casting director Carmen Cuba heard Debbie from the drive-through lane yelling at these teenagers for not doing something right. Carmen leaned her head out the window and saw Debbie, pulled her car over, went right into the KFC and said to her, 'You've got to come in and interview for this movie.' Everything sort of flowed from Debbie. She has this amazing face and was even better than what I'd imagined her to be."
Likewise, Doebereiner's "Bubble" co-stars are ordinary civilians trying to scratch out a living in the Ohio River Valley. Shy high school dropout Dustin James Ashley plays shy high school dropout Kyle. He's studying to be a computer technician. Misty Dawn Wilkins appears as his romantic interest, Rose. She lives in Belpre, Ohio, with her fiance and four children and works as a receptionist at the Regis Salon in Vienna, W.Va.
Doebereiner, Ashley, Wilkins and the rest of the entirely nonprofessional cast were selected after Soderbergh and a lean crew of 11 arrived with a van, three digital video cameras, no lights and one cube truck in Parkersburg, W.Va. The director conducted auditions, then spent hours conversing with his three stars while writer Coleman Hough folded their experiences into a story outline. Cast members then made up their own dialogue for each scene on the day of shooting.
See what Soderbergh is doing here? He's showing the rest of us how to start making movies.
. . . [The Doc Searls Weblog]
6:23:25 AM
|
|
|
