List your passwords alphabetically, so it's easy for you and others to find them!

Give three password crackers a list of 16,000 cryptographically hashed passwords and ask them to come up with the plaintext phrases they correspond to. That's what Ars did this week in Dan Goodin's **Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331.” **Turns out, with just a little skill and some good hardware, three prominent password crackers were able to decode up to 90 percent of the list using common techniques.

The hashes the security experts used were converted using the MD5 cryptographic hash function, something that puzzled our readers a bit. MD5 is seen as a relatively weak hash function compared to hashing functions like bcrypt. **flunk** wrote, "These articles are interesting but this particular test isn't very relevant. MD5 wasn't considered a secure way to hash passwords 10 years ago, let alone now. Why wasn't this done with bcrypt and salting? That's much more realistic. Giving them a list of passwords that is encrypted in a way that would be considered massively incompetent in today's IT world isn't really a useful test."

To this, **Goodin** replied that plenty of Web services employ weak security practices: "This exercise was entirely relevant given the huge number of websites that use MD5, SHA1, and other fast functions to hash passwords. Only when MD5 is no longer used will exercises like this be irrelevant." Goodin later went on to cite the recent compromises of "LinkedIn, eHarmony, and LivingSocial," which were all using "fast hashing" techniques similar to MD5.

Read 14 remaining paragraphs | Comments

- Allie Wilkinson
- Android
- Ars Technica
- Atari
- Bcrypt
- Computer security
- Congress
- Crypt
- Cryptographic hash functions
- Cryptographic software
- Cryptography
- Cyberwarfare
- Dan Goodin
- eHarmony
- encryption
- facial recognition
- grant applications
- guaranteed Internet Password Minder
- Isle Royale
- Joe Mullin
- Jon Brodkin
- Lake Superior
- Linux
- little food
- LivingSocial
- Mark Shuttleworth
- Megan Geuss
- Microsoft
- operating system
- Password
- Password cracking
- Risk Assessment
- Salt
- Search algorithms
- Sero 7 Lite
- SHA-1
- Texas
- The Guardian
- The Guardian Review
- United Nations
- web services
- Week in Review

hypnosec writes "BLAKE2 has been recently announced as a new alternative to the existing cryptographic hash algorithms MD5 and SHA-2/3. With applicability in cloud storage, software distribution, host-based intrusion detection, digital forensics and revision control tools, BLAKE2 performs a lot faster than the MD5 algorithm on Intel 32- and 64-bit systems. The developers of BLAKE2 insist that even though the algorithm is faster, there are no loose ends when it comes to security. BLAKE2 is an optimized version of the then SHA-3 finalist BLAKE."

Read more of this story at Slashdot.

I've started doing interviews for internships, as I'm aspiring to get one this summer. However, I've done horrible on them.

I got A+ in my classes. I could implement and use data structures efficiently. I understood the algorithms presented to me. But I feel this wasn't/isn't an accurate measurement of my problem solving skills.

When presented with *new* algorithms or problems I have never encountered before, my brain stops working. I can rarely figure out the solutions all by myself. I always have to consult online references or other people's code, and I feel this doesn't make me better. I'm simply memorizing how other people got to it.

I've even bought books (Cracking the coding interview). I can't solve many of the problems they present. I have to read the solutions, then I get it (who wouldn't /eyeroll). But this is not helping me become better.

I've also worked on several projects related to web programming (creating user systems, forums) and game programming (simple 2D games with networking capabilities). I've learned a lot from these projects. But most of what I've learned concerns APIs and technologies (DirectX, MySQL, Winsock) and how they work. I rarely ran into having to implement or solve a puzzle type algorithms (maybe it's because I never got into doing advanced AI?) It's all been about understanding how a specific technology works. And if I had to use something complicated, I just used libraries which already implementing what I had to do.

**tl;dr - got good grades and understood all concepts in comp.sci. courses. Have had plenty of non-academic programming/project experience. Have read books on algorithms. BUT I still suck at them if presented with one I haven't previously seen the solution to.**

So does anyone have any tips on improving my algorithm skills that doesn't include trying to solve them and looking up a solution when I fail?

Thanks for all the advice. I really appreciate it. I'll start working on "easy" problems and go at them until I get at least a brute force solution. From there I'll try and clean up my code/solution. I'll try not to resort to looking at solutions in the same 48 hours of having started a problem at least.

Again, thanks for the advice. And for those of you who also struggle, it's good to know I'm not alone ;)

submitted by compsci_1234

[link] [34 comments]

- Algorithm
- Applied mathematics
- arbitrary solutions
- artificial intelligence
- brute force solution
- code/solution
- Complexity classes
- Computational complexity theory
- cryptography
- Dynamic programming
- good problem solving tool
- M.I.T
- machine learning
- Mathematical optimization
- Mathematics
- mathematics/optimized algorithms
- mathematics/optimized algorithms
- MySQL
- online judges
- online references
- Operations research
- P versus NP problem
- possible solutions
- puzzle type algorithms
- puzzle type algorithms
- Search algorithms
- search parameters
- software engineering
- Structural complexity theory
- technology works
- Theoretical computer science
- user systems

- Arrays
- B+ tree
- B-tree
- binary search
- Binary trees
- Computer programming
- Computing
- Data structures
- e-approximate
- Graph theory
- Heapsort
- Lecture Notes in Computer Science
- Linked list
- Load Balancing
- N. Sarnak D. D.
- quickselect algorithm
- quickselect algorithm
- random access
- red-black balancing algorithm
- red-black balancing algorithm
- Search algorithms
- Technology
- Two Simplified Algorithms
- Van Emde Boas tree

- Analysis of algorithms
- augmented search trees
- B-tree
- binary search tree
- binary search trees
- Binary trees
- Erik Demaine
- fancy word-RAM algorithm
- Fractional cascading
- Fusion tree
- GPS
- Graph theory
- gui
- Justin Zhang
- Lowest common ancestor
- Martin Farach-Colton
- Mathematics
- Michael Bender
- parallel sorting networks
- query algorithm
- query algorithm
- RAM
- Search algorithms
- Self-balancing binary search tree
- Splay tree
- Technology
- Theoretical computer science
- Tom Morgan

Alright. I have implemented a GA, a SA, and a RR to solve the same problem. It's time to see who wins. But...how? Help me out:

The three stochastic algorithms are each run 30 times, each time with a different random seed. They are optimization algorithms and they each spit out the quality of the solution they found at the end of each run. So there are 3 sets of 30 numbers.

Now don't fret over runtime complexity or any of that crap. They are all solving the same problem, which has a very very large solution space. None of them have any hope of finding the global optima. So they all terminate after the same number of evaluation operators. They run roughly the same time.

How do you compare these algorithms? Just compare the average of their solutions? What about statistical significance? How do you know which algorithm is the best? How do we rank em?

submitted by anchoa

[link] [9 comments]

- Algorithm
- Applied mathematics
- Computational complexity theory
- cryptography
- found decent solutions
- GA - Genetic Algorithm SA
- Genetic algorithm
- Georgia
- machine learning
- Mathematical logic
- Mathematical optimization
- Mathematics
- Normal distribution
- optimization algorithms
- optimization algorithms
- P-value
- Search algorithms
- search parameters
- Statistics
- stochastic algorithms
- Theoretical computer science
- three stochastic algorithms

- Advantage
- ASCII
- basic sub-string matching algorithm
- basic sub-string matching algorithm
- Computer Algorithms
- Computer science
- Computing
- Cryptographic hash function
- Hash function
- Hash table
- Hashing
- Karp String
- Mathematics
- Michael O. Rabin
- Michael O. Rabin
- php
- php
- Rabin-Karp algorithm
- Rabin-Karp string search algorithm
- Richard M. Karp
- Search algorithms
- string matching algorithms
- String searching algorithm
- string searching algorithms
- sub-string matching algorithms
- sub-string matching algorithms
- The algorithm