Board indexTopical DiscussionComputers, Math, Science, and Technology

Hackers and Autism

Page 1 of 2 [ 28 posts ]  Go to page 1, 2  Next

Previous topic | Next topic

bizboy1
Veteran
Veteran

User avatar

Joined: 23 Mar 2012
Age: 35
Gender: Male
Posts: 945
Location: California, USA

04 Oct 2012, 4:27 pm

Did you want to be a hacker or are you a hacker? I used to hack when I was younger but had a mentor get me out of it. I now study math but I still find hacking fascinating.


_________________
INTJ


Cornflake
Administrator
Administrator

User avatar

Joined: 30 Oct 2010
Gender: Male
Posts: 69,810
Location: Over there

04 Oct 2012, 4:42 pm

[Moved from General Autism Discussion to Computers, Math, Science, and Technology]


_________________
Giraffe: a ruminant with a view.


JockGitJnr
Blue Jay
Blue Jay

User avatar

Joined: 24 Sep 2012
Age: 31
Gender: Male
Posts: 77

04 Oct 2012, 4:53 pm

When I was younger I thought it would be cool to become a hacker but as I have grown up I am quite the opposite. I am fascinated with high level security. I think gaining access to any persons personal information is wrong and I wouldn't like it to happen to me. Even when I am on another persons computer I am always asking if I am allowed in to certain folders just in case they have something in there they don't want me to see. Security wise I have Encrypted partitions, a separate browser that uses a proxy and doesn't allow any scripts and when I get a laptop I shall add the need for a system start up USB stick that if it isn't in the machine then the machine will not turn on.

According to this website http://howsecureismypassword.net/ it would take 88 nonillion years for an average desktop PC to guess one of my many passwords


_________________
What our ancestors would really be thinking, if they were alive today, is: "Why is it so dark in here?" - Sir Terry Pratchett


LookTwice
Velociraptor
Velociraptor

User avatar

Joined: 30 Oct 2011
Age: 113
Gender: Male
Posts: 441
Location: Lost, somewhere

04 Oct 2012, 5:33 pm

JockGitJnr wrote:
According to this website http://howsecureismypassword.net/ it would take 88 nonillion years for an average desktop PC to guess one of my many passwords


That time just got lowered to 0.0 ms by entering your password on an unknown third-party website. ;)


_________________
What goes on inside is just too fast and huge and all interconnected for words to do more than barely sketch the outlines of at most one tiny little part of it at any given instant. - D.F.W.


JockGitJnr
Blue Jay
Blue Jay

User avatar

Joined: 24 Sep 2012
Age: 31
Gender: Male
Posts: 77

04 Oct 2012, 5:44 pm

LookTwice wrote:
That time just got lowered to 0.0 ms by entering your password on an unknown third-party website. ;)


The site source shows that no information is sent anywhere and they would also need to know a username to work out what account the password is linked to. :)


_________________
What our ancestors would really be thinking, if they were alive today, is: "Why is it so dark in here?" - Sir Terry Pratchett


Colinn
Veteran
Veteran

User avatar

Joined: 7 Apr 2012
Age: 34
Gender: Male
Posts: 2,192

04 Oct 2012, 7:52 pm

Ethical hacking would definitely be a better way to go. Figuring out exploits and how they can be fixed. Much more of a productive practice than using these skills for fraudulent uses.



sliqua-jcooter
Veteran
Veteran

User avatar

Joined: 25 Jan 2010
Age: 37
Gender: Male
Posts: 1,488
Location: Burke, Virginia, USA

04 Oct 2012, 8:17 pm

JockGitJnr wrote:
When I was younger I thought it would be cool to become a hacker but as I have grown up I am quite the opposite. I am fascinated with high level security. I think gaining access to any persons personal information is wrong and I wouldn't like it to happen to me. Even when I am on another persons computer I am always asking if I am allowed in to certain folders just in case they have something in there they don't want me to see. Security wise I have Encrypted partitions, a separate browser that uses a proxy and doesn't allow any scripts and when I get a laptop I shall add the need for a system start up USB stick that if it isn't in the machine then the machine will not turn on.

According to this website http://howsecureismypassword.net/ it would take 88 nonillion years for an average desktop PC to guess one of my many passwords


Yawn. Depending on the encryption type, most whole-disk encryption schemes that don't cost $$$$$ can be broken in a little over a day for a couple hundred bucks - your browser with proxy can pretty easily be hijacked or MITM'd, and any way you can come up with to only let a laptop boot with a USB key in it can be bypassed.


_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned.


2fefd8
Tufted Titmouse
Tufted Titmouse

User avatar

Joined: 25 Jul 2012
Age: 37
Gender: Male
Posts: 44

04 Oct 2012, 8:33 pm

JockGitJnr wrote:
LookTwice wrote:
That time just got lowered to 0.0 ms by entering your password on an unknown third-party website. ;)


The site source shows that no information is sent anywhere and they would also need to know a username to work out what account the password is linked to. :)


There are ways of doing this. For example, if an attacker stole the password file (which contains a hash of each password) they could match your username to the hash calculated from the password you provided. The point is that it's a bad idea to provide your password to untrusted third-party websites.

sliqua-jcooter wrote:
Yawn. Depending on the encryption type, most whole-disk encryption schemes that don't cost $$$$$ can be broken in a little over a day for a couple hundred bucks - your browser with proxy can pretty easily be hijacked or MITM'd, and any way you can come up with to only let a laptop boot with a USB key in it can be bypassed.


I'm not sure what you are talking about. There are FOSS whole disk encryption systems which are very secure. Reference?



sliqua-jcooter
Veteran
Veteran

User avatar

Joined: 25 Jan 2010
Age: 37
Gender: Male
Posts: 1,488
Location: Burke, Virginia, USA

04 Oct 2012, 8:36 pm

Quote:
sliqua-jcooter wrote:
Yawn. Depending on the encryption type, most whole-disk encryption schemes that don't cost $$$$$ can be broken in a little over a day for a couple hundred bucks - your browser with proxy can pretty easily be hijacked or MITM'd, and any way you can come up with to only let a laptop boot with a USB key in it can be bypassed.


I'm not sure what you are talking about. There are FOSS whole disk encryption systems which are very secure. Reference?


I spun up 10* EC2 GPU instances and brute forced the LUKS key on my file server - it took 61 hours.

EDIT: Typo'd - it was 10 instances, not 100


_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned.


2fefd8
Tufted Titmouse
Tufted Titmouse

User avatar

Joined: 25 Jul 2012
Age: 37
Gender: Male
Posts: 44

04 Oct 2012, 10:03 pm

sliqua-jcooter wrote:
Quote:
sliqua-jcooter wrote:
Yawn. Depending on the encryption type, most whole-disk encryption schemes that don't cost $$$$$ can be broken in a little over a day for a couple hundred bucks - your browser with proxy can pretty easily be hijacked or MITM'd, and any way you can come up with to only let a laptop boot with a USB key in it can be bypassed.


I'm not sure what you are talking about. There are FOSS whole disk encryption systems which are very secure. Reference?


I spun up 10* EC2 GPU instances and brute forced the LUKS key on my file server - it took 61 hours.

EDIT: Typo'd - it was 10 instances, not 100


It must use pretty weak encryption for that to be possible but there are better systems that use AES (which you wouldn't be able to brute force).



sliqua-jcooter
Veteran
Veteran

User avatar

Joined: 25 Jan 2010
Age: 37
Gender: Male
Posts: 1,488
Location: Burke, Virginia, USA

04 Oct 2012, 10:09 pm

No, LUKS is fairly decent - but 20 M2050's is a pretty formidable amount of processing power.

And it doesn't matter what kind of key gets generated - the passphrase is always brute forceable


_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned.


2fefd8
Tufted Titmouse
Tufted Titmouse

User avatar

Joined: 25 Jul 2012
Age: 37
Gender: Male
Posts: 44

04 Oct 2012, 10:23 pm

sliqua-jcooter wrote:
No, LUKS is fairly decent - but 20 M2050's is a pretty formidable amount of processing power.

And it doesn't matter what kind of key gets generated - the passphrase is always brute forceable


Well, something is wrong. Either the encryption is weak or the key is too short. You can't break strong encryption by brute force when it's done correctly. AES cannot be broken by brute force even using modern supercomputers so there's no way you could crack it using a few amazon EC2 instances.



Last edited by 2fefd8 on 04 Oct 2012, 10:25 pm, edited 1 time in total.

sliqua-jcooter
Veteran
Veteran

User avatar

Joined: 25 Jan 2010
Age: 37
Gender: Male
Posts: 1,488
Location: Burke, Virginia, USA

04 Oct 2012, 10:25 pm

2fefd8 wrote:
sliqua-jcooter wrote:
No, LUKS is fairly decent - but 20 M2050's is a pretty formidable amount of processing power.

And it doesn't matter what kind of key gets generated - the passphrase is always brute forceable


Well, something is wrong. Either the encryption is weak or the key is too short. You can't break strong encryption by brute force when it's done correctly.


You can *always* brute force something, it's just a question of how long it takes.


_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned.


2fefd8
Tufted Titmouse
Tufted Titmouse

User avatar

Joined: 25 Jul 2012
Age: 37
Gender: Male
Posts: 44

04 Oct 2012, 10:27 pm

sliqua-jcooter wrote:
2fefd8 wrote:
sliqua-jcooter wrote:
No, LUKS is fairly decent - but 20 M2050's is a pretty formidable amount of processing power.

And it doesn't matter what kind of key gets generated - the passphrase is always brute forceable


Well, something is wrong. Either the encryption is weak or the key is too short. You can't break strong encryption by brute force when it's done correctly.


You can *always* brute force something, it's just a question of how long it takes.


Obviously! But if it takes many years on the world's most powerful supercomputers it doesn't really count.



sliqua-jcooter
Veteran
Veteran

User avatar

Joined: 25 Jan 2010
Age: 37
Gender: Male
Posts: 1,488
Location: Burke, Virginia, USA

04 Oct 2012, 10:31 pm

The days of the worlds most powerful supercomputers not being able to brute force something for years are long gone.

On any symmetric passphrase-based system (which is what the vast majority of disk encryption systems use), the strength of the encryption isn't the key, but rather the entropy of the passphrase. You can have a 512-bit 3AES key, but if you only have a passphrase with 32 bits of entropy, then you're pretty much screwed.


_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned.


2fefd8
Tufted Titmouse
Tufted Titmouse

User avatar

Joined: 25 Jul 2012
Age: 37
Gender: Male
Posts: 44

04 Oct 2012, 10:39 pm

sliqua-jcooter wrote:
The days of the worlds most powerful supercomputers not being able to brute force something for years are long gone.


This is completely false. There are plenty of problems which are still not tractable even for supercomputers. You can't brute force AES256 even with a supercomputer since it requires a search over a space of size 2^256 (yes, I know that AES lost two bits recently but that doesn't matter much here).

sliqua-jcooter wrote:
On any symmetric passphrase-based system (which is what the vast majority of disk encryption systems use), the strength of the encryption isn't the key, but rather the entropy of the passphrase. You can have a 512-bit 3AES key, but if you only have a passphrase with 32 bits of entropy, then you're pretty much screwed.


So what? I said assuming it's done properly which would rule out weak passphrases.