|
Jewel posted:i mean ok get this, what if i send my private key (to someone to communicate with later) in 20 chunks of single characters via 20 different lovely disposable email services (alternatively for extra security using different computers at n different libraries or w/e) why would you need or want to send someone your private key tho
|
#
?
Feb 17, 2015 08:52
|
|
|
|
| # ? Jun 7, 2024 07:09 |
|
|
Storysmith posted:why would you need or want to send someone your private key tho w/e you know what i mean, the key to decrypt with. im not good with security!!! thats why im not a securist
|
|
#
?
Feb 17, 2015 09:07
|
|
|
oh okay
|
|
#
?
Feb 17, 2015 09:18
|
|
|
Jewel posted:w/e you know what i mean, the key to decrypt with. im not good with security!!! thats why im not a securist the point of public key crypto is that you have a pair of keys, one public and one private, and the person you're communicating with does too, so you'd send a thing encrypted with your private key and their public key and they can read it with their private key and see it matches your public key if they have your public key they are for all intents and purposes you, and can forge messages in your name
|
|
#
?
Feb 17, 2015 09:23
|
|
|
Storysmith posted:the point of public key crypto is that you have a pair of keys, one public and one private, and the person you're communicating with does too, so you'd send a thing encrypted with your private key and their public key and they can read it with their private key and see it matches your public key my post was in response to Illusive gently caress Man posted:yes. exchanging poo poo in advance (eg: gpg and key signing parties) is secure, but nobody wants to bother with that poo poo, and it's not really feasible in many of the circumstances where you would want to communicate secretly. basically
|
|
#
?
Feb 17, 2015 09:31
|
|
|
Illusive gently caress Man posted:plus, if you can already communicate over some other channel that you consider secure, then you dont need a new secure connection. this isn't really true because the secure channel might be time-limited or have really low bandwidth, such as a face-to-face conversation
|
|
#
?
Feb 17, 2015 09:37
|
|
|
vOv posted:this isn't really true because the secure channel might be time-limited or have really low bandwidth, such as a face-to-face conversation yeah, in which case you're kinda back to a key exchange/signing party scenario. Jewel posted:i mean ok get this, what if i send my private key (to someone to communicate with later) in 20 chunks of single characters via 20 different lovely disposable email services (alternatively for extra security using different computers at n different libraries or w/e) not even sure what this is all about. are you saying to a person "im gonna send you my public key from all these random rear end email addresses"? why not just say "my public key fingerprint is piss:poo poo:balls". If you aren't telling them anything beforehand, why do they trust that it's 'you' sending them this public key? honestly though, if you're posting on this forum nobody gives a poo poo about anythign you have to say. just rot13 and call it a night
|
|
#
?
Feb 17, 2015 09:55
|
|
|
Illusive gently caress Man posted:"my public key fingerprint is piss:poo poo:balls" mods?
|
|
#
?
Feb 17, 2015 10:02
|
|
|
My private key is eight.
|
|
#
?
Feb 17, 2015 10:21
|
|
|
Rufus Ping posted:everyone stop what youre doing quote:fanny means vag in the uk xD lol 
|
|
#
?
Feb 17, 2015 11:00
|
|
|
Rufus Ping posted:everyone stop what youre doing
|
|
#
?
Feb 17, 2015 11:01
|
|
|
bob's your uncle, fanny's your aunt
|
|
#
?
Feb 17, 2015 11:16
|
|
|
spankmeister posted:Read most of this and quote:This PHP script provides a multitude of interesting information about the attacks. 
|
|
#
?
Feb 17, 2015 11:21
|
|
|
|
|
#
?
Feb 17, 2015 11:22
|
|
|
don't worry the NSA only targets vbulletin releases from 2002 and later
|
|
#
?
Feb 17, 2015 11:24
|
|
|
Wheany posted:bob's your uncle, fanny's your aunt https://www.youtube.com/watch?v=ibuLgsVcQUY
|
|
#
?
Feb 17, 2015 11:27
|
|
|
people complained about that advert because fanny is a word for vagina but they dont realise its also a name i guess??????
|
|
#
?
Feb 17, 2015 11:30
|
|
|
those people just have sand in their fannies
|
|
#
?
Feb 17, 2015 13:12
|
|
|
bicycle posted:mods change bicycle's name to fanny.lnk
|
|
#
?
Feb 17, 2015 13:35
|
|
|
i always thought fanny meant butt
|
|
#
?
Feb 17, 2015 13:38
|
|
|
this is why fanny pack is funny
|
|
#
?
Feb 17, 2015 13:41
|
|
|
it means butt in the us and pussy in the uk (and by extension probably australia) there's a comic by grant morrison that features a transvestite shaman named "lord fanny" and it was a long time before i realized that the two meanings is actually part of the joke
|
|
#
?
Feb 17, 2015 13:42
|
|
|
fanny computer
|
|
#
?
Feb 17, 2015 13:47
|
|
|
http://arstechnica.com/security/2015/02/password-cracking-experts-decipher-elusive-equation-group-crypto-hashes/
|
|
#
?
Feb 17, 2015 13:49
|
|
|
quote:The stashing of malicious files in multiple branches of an infected computer's registry. By encrypting all malicious files and storing them in multiple branches of a computer's Windows registry, the infection was impossible to detect using antivirus software. holy poo poo how insane do you have to be to come up with something like this
|
|
#
?
Feb 17, 2015 13:51
|
|
|
i once saw a video of someone putting a fag in their fanny
|
|
#
?
Feb 17, 2015 13:52
|
|
|
Main Paineframe posted:holy poo poo how insane do you have to be to come up with something like this that's ingenious
|
|
#
?
Feb 17, 2015 14:01
|
|
|
ymgve posted:http://arstechnica.com/security/2015/02/password-cracking-experts-decipher-elusive-equation-group-crypto-hashes/ quote:Researchers for Moscow-based Kaspersky Lab spent more than two weeks trying to crack the MD5 hash using a computer that tried more than 300 billion plaintext guesses every second. After coming up empty-handed, they enlisted the help of password-cracking experts, both privately and on Twitter, in hopes they would do better. Password crackers Jens Steube and Philipp Schmidt spent only a few hours before figuring out the plaintext behind the hash e6d290a03b70cfa5d4451da444bdea39 was غير مسجل, which is Arabic for "unregistered". The hex-encoded string for the same Arabic word is dbedd120e3d3cce1. 
|
|
#
?
Feb 17, 2015 14:05
|
|
|
vOv posted:the whole point of key exchanges like DH is that they're secure against passive eavesdroppers. if you use DH over a channel that can be modified and then verify the key over a modification-proof channel you're fine. oh also i missed this i was talking about people saying talking face to face or on the phone is secure because no one can change the info
|
|
#
?
Feb 17, 2015 14:12
|
|
|
NICE!
|
|
#
?
Feb 17, 2015 14:14
|
|
|
MORE CURLY FRIES posted:oh also i missed this isn't the only concern gonna be modification of the public key, tho public key encryption basically already assumes anyone knows your public key (hence the name public), but the public key is useless for reading your messages like, if someone tapped my line and heard my say my public key, it doesn't help them impersonate me. and assuming we're both using the encryption, it wouldn't help them fool me either because they can't sign the message as the other guy the danger is that the MITM can intercept and change your keys, instead passing along a 3rd public key. that would allow them to get both sides to encrypt their data in a form that could be decrypted by the server in the middle.
|
|
#
?
Feb 17, 2015 15:28
|
|
|
aw man I left a GPU cracker running all night trying to see if I'd be the lucky little boy to win the NSA's impromptu crack challenge  anyway,
|
|
#
?
Feb 17, 2015 16:00
|
|
|
Heresiarch posted:it means butt in the us and pussy in the uk (and by extension probably australia) this explains a lot of british humor i never cared to understand before
|
|
#
?
Feb 17, 2015 16:16
|
|
|
lol they shlda used https://github.com/ikkebr/PyBozoCrack (ofc now thats its been strewn all over the web we'll never know if bozo wlda worked)
|
|
#
?
Feb 17, 2015 16:19
|
|
|
cheese-cube posted:lol they shlda used https://github.com/ikkebr/PyBozoCrack (ofc now thats its been strewn all over the web we'll never know if bozo wlda worked) I tried it (or well, a web service that does the same thing), it did not. When I tried it I also tried just googling it and there were only 7 results, and like 4 of those were just the source code of the original script and the other 3 were articles.
|
|
#
?
Feb 17, 2015 16:28
|
|
|
ok ive just read the article and im confused by a number of things. why does vbulletin need "expansion packs" for utf-8 support? and am i to understand that kaspersky wasted weeks simply hashing ASCII strings to see if they matched the hash in question? instead of doing the same with utf-8 strings?
|
|
#
?
Feb 17, 2015 16:58
|
|
|
cheese-cube posted:ok ive just read the article and im confused by a number of things. why does vbulletin need "expansion packs" for utf-8 support? and am i to understand that kaspersky wasted weeks simply hashing ASCII strings to see if they matched the hash in question? instead of doing the same with utf-8 strings? translation packs? there are a shitload (∞, to be exact) of 7-bit ascii strings, and whatever model they used to generate candidates for hashing only made those a model that outputs utf-8 strings is gonna be way more complicated imagine a dictionary of all the words in all the languages
|
|
#
?
Feb 17, 2015 17:18
|
|
|
Main Paineframe posted:holy poo poo how insane do you have to be to come up with something like this the risk is getting your bootstrap executable (can't execute straight from the registry, still need a program somewhere) caught and fingerprinted e: but the registry gets so much traffic it's pretty much impossible to audit, anyway hackbunny fucked around with this message at 17:29 on Feb 17, 2015 |
|
#
?
Feb 17, 2015 17:27
|
|
|
crazysim posted:don't cpus have that whole microcode update thing provided by the OS? there's also evidence they are signed updates too. that's pretty much how big storage vendors like netapp have been handling it for years
|
|
#
?
Feb 17, 2015 18:07
|
|
|
|
| # ? Jun 7, 2024 07:09 |
|
|
quote:GRAYFISH The most sophisticated attack platform from the EQUATION group. It resides completely in the registry, relying on a bootkit to gain execution at OS startup. ok, it makes more sense now. also: quote:The GrayFish loader uses SHA-256 one thousand times over the unique NTFS object ID of the victims Windows folder to decrypt the next stage from the registry. that's... cool. we thought about hiding in the registry, but never to bootstrap from a bootkit (were they even a thing in 2005?) and never thought of object ids as machine identifiers
|
|
#
?
Feb 17, 2015 18:09
|
|