Skip navigation
Help

Computer law

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.
Original author: 
Dan Goodin


Thanks to the XKCD comic, every password cracking word list in the world probably has correcthorsebatterystaple in it already.

Aurich Lawson

In March, readers followed along as Nate Anderson, Ars deputy editor and a self-admitted newbie to password cracking, downloaded a list of more than 16,000 cryptographically hashed passcodes. Within a few hours, he deciphered almost half of them. The moral of the story: if a reporter with zero training in the ancient art of password cracking can achieve such results, imagine what more seasoned attackers can do.

Imagine no more. We asked three cracking experts to attack the same list Anderson targeted and recount the results in all their color and technical detail Iron Chef style. The results, to say the least, were eye opening because they show how quickly even long passwords with letters, numbers, and symbols can be discovered.

The list contained 16,449 passwords converted into hashes using the MD5 cryptographic hash function. Security-conscious websites never store passwords in plaintext. Instead, they work only with these so-called one-way hashes, which are incapable of being mathematically converted back into the letters, numbers, and symbols originally chosen by the user. In the event of a security breach that exposes the password data, an attacker still must painstakingly guess the plaintext for each hash—for instance, they must guess that "5f4dcc3b5aa765d61d8327deb882cf99" and "7c6a180b36896a0a8c02787eeafb0e4c" are the MD5 hashes for "password" and "password1" respectively. (For more details on password hashing, see the earlier Ars feature "Why passwords have never been weaker—and crackers have never been stronger.")

Read 52 remaining paragraphs | Comments

0
Your rating: None

eldavojohn writes "I kickstarted a project undertaken by Daniel Shiffman to write a book on what (at the time) seemed to be a very large knowledge space. What resulted is a good book (amazing by CC-BY-NC standards) available in both PDF and HTML versions. In addition to the book he maintains the source code for creating the book and of course the book examples. The Nature of Code starts off swimmingly but remains front heavy with a mere thirty five pages devoted to the final chapter on neural networks. This is an excellent book for Java and Processing developers that want to break into simulation and modeling of well, anything. It probably isn't a must-have title for very seasoned developers (unless you've never done simulation and modeling) but at zero cost why not?" Read below for the rest of eldavojohn's review.

Share on Google+

Read more of this story at Slashdot.

0
Your rating: None

An anonymous reader writes "The Motion Picture Association of America (MPAA) has declared that the Megaupload shutdown earlier this year has been a great success. In a filing to the Office of the U.S. Trade Representative, the group representing major movie studios says the file hosting and sharing industry has been massively disrupted. Yet the MPAA says there is still work to be done, identifying sites that make available to downloaders 'unauthorized copies of high-quality, recently-released content and in some cases, coordinate the actual upload and download of that content.' Here's the list of sites, including where they are hosted: Extratorrent (Ukraine), IsoHunt (Canada), Kickass Torrents (Canada), Rutracker (Russia), The Pirate Bay (Sweden), Torrentz (Canada), and Kankan (China)."

Share on Google+

Read more of this story at Slashdot.

0
Your rating: None

Enlarge / A slide from Steube's presentation outlining a more efficient way to crack passwords protected by the SHA1 cryptographic algorithm.

hashcat.net

A researcher has devised a method that reduces the time and resources required to crack passwords that are protected by the SHA1 cryptographic algorithm.

The optimization, presented on Tuesday at the Passwords^12 conference in Oslo, Norway, can speed up password cracking by 21 percent. The optimization works by reducing the number of steps required to calculate SHA1 hashes, which are used to cryptographically represent strings of text so passwords aren't stored as plain text. Such one-way hashes—for example 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 to represent "password" (minus the quotes) and e38ad214943daad1d64c102faec29de4afe9da3d for "password1"—can't be mathematically unscrambled, so the only way to reverse one is to run plaintext guesses through the same cryptographic function until an identical hash is generated.

Jens Steube—who is better known as Atom, as the pseudonymous developer of the popular Hashcat password-recovery program—figured out a way to remove identical computations that are performed multiple times from the process of generating of SHA1 hashes. By precalculating several steps ahead of time, he's able to skip the redundant steps, shaving 21 percent of the time required to crack large numbers of passwords. Slides from Tuesday's presentation are here.

Read 10 remaining paragraphs | Comments

0
Your rating: None

Eolas Technologies Inc. acted on behalf of the University of California Regents today to sue Facebook, Wal-Mart, and Disney over four patents related to hypermedia display. The University of California has licensed the four patents to Eolas, who is litigating on behalf of the UC Regents. The company gained notoriety several years ago when it sued Microsoft in a lengthy courtroom battle which ended with a settlement in 2007. Eolas was initially founded to litigate on behalf of the UC system's patents, and has earned critics for its aggressive litigation.

The patents, according to the complaint filed against Facebook in the Eastern District of Texas today, include patent No. 5,838,906 which covers a "distributed hypermedia method for automatically invoking an external application providing interaction and display of embedded objects within a hypermedia document," and patents No. 7,599,985; No. 8,082,293; and No. 8,086,662; all of which pertain to a "distributed hypermedia method and system for automatically invoking an external application providing interaction and display of embedded objects within a hypermedia document."

Reuters reported that, "a University of California spokesman said it considered the patents public assets and 'should be paid a fair value when a third party exploits that university asset for profit.'" Meanwhile, Eolas' complaint did not enumerate which parts of Facebook's website and holdings were in violation specifically, but wrote that, "the acts and practices of Facebook in infringing and/or inducing the infringement of one or more claims of each of the patents-in-suit, Plaintiffs have been, are being, and, unless such acts and practices are enjoined by the Court, will continue to suffer injury to their business and property rights."

Read 1 remaining paragraphs | Comments

0
Your rating: None



A few weeks ago, Fox News breathlessly reported that the embattled WikiLeaks operation was looking to start a new life under on the sea. WikiLeaks, the article speculated, might try to escape its legal troubles by putting its servers on Sealand, a World War II anti-aircraft platform seven miles off the English coast in the North Sea, a place that calls itself an independent nation. It sounds perfect for WikiLeaks: a friendly, legally unassailable host with an anything-goes attitude.

But readers with a memory of the early 2000s might be wondering, "Didn't someone already try this? How did that work out?" Good questions. From 2000 to 2008, a company called HavenCo did indeed offer no-questions-asked colocation on Sealand—and it didn't end well.

Read the rest of this article...

Read the comments on this post

0
Your rating: None

Sanity writes "LastCalc is a cross between Google Calculator, a spreadsheet, and a powerful functional programming language, all with a robust and flexible heuristic parser. It even lets you write functions that pull in data from elsewhere on the web. It's all wrapped up in a JQuery-based user interface that does as-you-type syntax highlighting. Today, LastCalc's creator, Ian Clarke (Freenet, Revver), has announced that LastCalc will be open sourced under the GNU Affero General Public License 'to accelerate development, spread the workload, and hopefully foster a vibrant volunteer community around the project.'"


Share on Google+

Read more of this story at Slashdot.

0
Your rating: None