Source : http://neworder.box.sk/subject.php?subject=Out%20of%20the%20box
Cygnum writes: This one is guaranteed to drive you crazy till you solve it:
Three friends come to a hotel. They pay the receptionist 300$ for a room - 100$ each. Later that day, the receptionist regrets charging them so much so he gives the bellboy 50$ to give back to the three friends. The bellboy decides to steal 20 of those 50 dollars and he only gives back 10$ to each of the friends.
In the end, it turns out that the three friends payed 90$ each, plus there are 20 dollars in the bellboy's pocket - a total of 290$. Where are the missing ten dollars?
ReadMore...
Tuesday, 21 July 2009
Saturday, 18 July 2009
MPI and Password Cracking
Source : http://neworder.box.sk/subject.php?subject=Articles%20-%3E%20Link
After sauntering through the web for many hours searching for GOOD documentation on this topic, I realized that it simply does not exist. I’ve been using MPI, both OpenMPI and MPICH2, for a little over two years and have become familiar with implementing it effectively in production environments. I also have experience with setting up scalable password cracking utilities that operate through MPI. With that said, I couldn’t sit on this knowledge anymore, and went through the laborious task of documenting it for public release. I will be updating this documentation in the future to include instructions on how to scale this to a full cluster. For now, it’ll let you utilize all the cores on a single PC for cracking, instead of just one core.
The goals:
• Setup a cluster like directory structure that is scalable
• Install OpenMPI
• Install John the Ripper MPI
• Run a simple test and crack a MD5 hash
Continued [pdf]
After sauntering through the web for many hours searching for GOOD documentation on this topic, I realized that it simply does not exist. I’ve been using MPI, both OpenMPI and MPICH2, for a little over two years and have become familiar with implementing it effectively in production environments. I also have experience with setting up scalable password cracking utilities that operate through MPI. With that said, I couldn’t sit on this knowledge anymore, and went through the laborious task of documenting it for public release. I will be updating this documentation in the future to include instructions on how to scale this to a full cluster. For now, it’ll let you utilize all the cores on a single PC for cracking, instead of just one core.
The goals:
• Setup a cluster like directory structure that is scalable
• Install OpenMPI
• Install John the Ripper MPI
• Run a simple test and crack a MD5 hash
Continued [pdf]
MPI and Password Cracking
Source : http://neworder.box.sk/subject.php?subject=Articles%20-%3E%20Link
After sauntering through the web for many hours searching for GOOD documentation on this topic, I realized that it simply does not exist. I’ve been using MPI, both OpenMPI and MPICH2, for a little over two years and have become familiar with implementing it effectively in production environments. I also have experience with setting up scalable password cracking utilities that operate through MPI. With that said, I couldn’t sit on this knowledge anymore, and went through the laborious task of documenting it for public release. I will be updating this documentation in the future to include instructions on how to scale this to a full cluster. For now, it’ll let you utilize all the cores on a single PC for cracking, instead of just one core.
The goals:
• Setup a cluster like directory structure that is scalable
• Install OpenMPI
• Install John the Ripper MPI
• Run a simple test and crack a MD5 hash
Continued [pdf]
After sauntering through the web for many hours searching for GOOD documentation on this topic, I realized that it simply does not exist. I’ve been using MPI, both OpenMPI and MPICH2, for a little over two years and have become familiar with implementing it effectively in production environments. I also have experience with setting up scalable password cracking utilities that operate through MPI. With that said, I couldn’t sit on this knowledge anymore, and went through the laborious task of documenting it for public release. I will be updating this documentation in the future to include instructions on how to scale this to a full cluster. For now, it’ll let you utilize all the cores on a single PC for cracking, instead of just one core.
The goals:
• Setup a cluster like directory structure that is scalable
• Install OpenMPI
• Install John the Ripper MPI
• Run a simple test and crack a MD5 hash
Continued [pdf]
MPI and Password Cracking
Source :http://neworder.box.sk/
After sauntering through the web for many hours searching for GOOD documentation on this topic, I realized that it simply does not exist. I’ve been using MPI, both OpenMPI and MPICH2, for a little over two years and have become familiar with implementing it effectively in production environments. I also have experience with setting up scalable password cracking utilities that operate through MPI. With that said, I couldn’t sit on this knowledge anymore, and went through the laborious task of documenting it for public release. I will be updating this documentation in the future to include instructions on how to scale this to a full cluster. For now, it’ll let you utilize all the cores on a single PC for cracking, instead of just one core.
The goals:
• Setup a cluster like directory structure that is scalable
• Install OpenMPI
• Install John the Ripper MPI
• Run a simple test and crack a MD5 hash
Continued [pdf]
After sauntering through the web for many hours searching for GOOD documentation on this topic, I realized that it simply does not exist. I’ve been using MPI, both OpenMPI and MPICH2, for a little over two years and have become familiar with implementing it effectively in production environments. I also have experience with setting up scalable password cracking utilities that operate through MPI. With that said, I couldn’t sit on this knowledge anymore, and went through the laborious task of documenting it for public release. I will be updating this documentation in the future to include instructions on how to scale this to a full cluster. For now, it’ll let you utilize all the cores on a single PC for cracking, instead of just one core.
The goals:
• Setup a cluster like directory structure that is scalable
• Install OpenMPI
• Install John the Ripper MPI
• Run a simple test and crack a MD5 hash
Continued [pdf]
Thursday, 16 July 2009
Better than bruteforce attack on AES
source : http://neworder.box.sk/subject.php?subject=Articles%20-%3E%20Link
here's a new cryptanalytic attack on AES that is better than brute force:
"Abstract. In this paper we present two related-key attacks on the full AES. For AES-256 we show the first key recovery attack that works for all the keys and has complexity 2^119, while the recent attack by Biryukov-Khovratovich-Nikolic works for a weak key class and has higher complexity. The second attack is the first cryptanalysis of the full AES-192. Both our attacks are boomerang attacks, which are based on the recent idea of finding local collisions in block ciphers and enhanced with the boomerang switching techniques to gain free rounds in the middle."
In an e-mail, the authors wrote: "We also expect that a careful analysis may reduce the complexities. As a preliminary result, we think that the complexity of the attack on AES-256 can be lowered from 2^119 to about 2^110.5 data and time. We believe that these results may shed a new light on the design of the key-schedules of block ciphers, but they pose no immediate threat for the real world applications that use AES."
Agreed. While this attack is better than brute force -- and some cryptographers will describe the algorithm as "broken" because of it -- it is still far, far beyond our capabilities of computation. The attack is, and probably forever will be, theoretical. But remember: attacks always get better, they never get worse. Others will continue to improve on these numbers. While there's no reason to panic, no reason to stop using AES, no reason to insist that NIST choose another encryption standard, this will certainly be a problem for some of the AES-based SHA-3 candidate hash functions.
Continued...
here's a new cryptanalytic attack on AES that is better than brute force:
"Abstract. In this paper we present two related-key attacks on the full AES. For AES-256 we show the first key recovery attack that works for all the keys and has complexity 2^119, while the recent attack by Biryukov-Khovratovich-Nikolic works for a weak key class and has higher complexity. The second attack is the first cryptanalysis of the full AES-192. Both our attacks are boomerang attacks, which are based on the recent idea of finding local collisions in block ciphers and enhanced with the boomerang switching techniques to gain free rounds in the middle."
In an e-mail, the authors wrote: "We also expect that a careful analysis may reduce the complexities. As a preliminary result, we think that the complexity of the attack on AES-256 can be lowered from 2^119 to about 2^110.5 data and time. We believe that these results may shed a new light on the design of the key-schedules of block ciphers, but they pose no immediate threat for the real world applications that use AES."
Agreed. While this attack is better than brute force -- and some cryptographers will describe the algorithm as "broken" because of it -- it is still far, far beyond our capabilities of computation. The attack is, and probably forever will be, theoretical. But remember: attacks always get better, they never get worse. Others will continue to improve on these numbers. While there's no reason to panic, no reason to stop using AES, no reason to insist that NIST choose another encryption standard, this will certainly be a problem for some of the AES-based SHA-3 candidate hash functions.
Continued...
Software Problems with a Breath Alcohol Detector
source : http://neworder.box.sk/subject.php?subject=Articles%20-%3E%20Link
This is an excellent lesson in the security problems inherent in trusting proprietary software:
After two years of attempting to get the computer based source code for the Alcotest 7110 MKIII-C, defense counsel in State v. Chun were successful in obtaining the code, and had it analyzed by Base One Technologies, Inc.
Continued..
Discuss Here
This is an excellent lesson in the security problems inherent in trusting proprietary software:
After two years of attempting to get the computer based source code for the Alcotest 7110 MKIII-C, defense counsel in State v. Chun were successful in obtaining the code, and had it analyzed by Base One Technologies, Inc.
Continued..
Discuss Here
Tuesday, 14 July 2009
Wireless Programming with J2ME: Cracking the Code
source:
http://www.forum.hackers-center.org
Part of the new Cracking the Code Series, Wireless Programming with J2ME provides a look at the code behind wireless Java applications.
Think of J2ME as a tiny version of Java specifically for mobile devices –– perfect for bringing powerful, robust applications to mobile phone, pagers, PDAs, and other handhelds. Writing applications for handheld and mobile devices is different than regular Java programming. Mobile developers have to deal with limited screen real estate, bandwidth and computing power. This book covers six wireless applications complete with Flow Diagrams and line–by–line code description. It covers all of J2ME including CDC,CLDC and MIDP with an emphasis on practical code.
download:
http://rapidshare.com/files/217402545/WPgrJ2MEHM.rar
http://www.forum.hackers-center.org
Part of the new Cracking the Code Series, Wireless Programming with J2ME provides a look at the code behind wireless Java applications.
Think of J2ME as a tiny version of Java specifically for mobile devices –– perfect for bringing powerful, robust applications to mobile phone, pagers, PDAs, and other handhelds. Writing applications for handheld and mobile devices is different than regular Java programming. Mobile developers have to deal with limited screen real estate, bandwidth and computing power. This book covers six wireless applications complete with Flow Diagrams and line–by–line code description. It covers all of J2ME including CDC,CLDC and MIDP with an emphasis on practical code.
download:
http://rapidshare.com/files/217402545/WPgrJ2MEHM.rar
Subscribe to:
Posts (Atom)