[nSLUG] US Homeland Security

Jason Kenney jason at ohm.ath.cx
Wed Aug 18 17:29:37 ADT 2004

> The significance being that historically the discovery of
> a decoding method has not been far behind a discovery like this.
> Well, most of us have shadow files that are hidden from joe user.
> That would help that end of things for awhile.  But would md5
> crackability effect the web as well?

The paper is specifically: http://eprint.iacr.org/2004/199/

>From what these guys are saying, they are only finding equivalent length 
bit sequences that produce the same hash. I believe the only way you could 
"crack" md5, would be to somehow prove that out of all the bit sequences 
of that length, only one produces that particular hash. I think even if 
you assume what these guys found will help you, you could only produce 
another equivalent sequence that gives the same hash, it doesn't really 
help you find the original. Besides, these guys were working with 32-bit 
lengths I think, not .iso image sizes... although I have no idea how 
portable to those sizes their work would be.

As far as passwords go you can already brute force them pretty easily I 
think... I think keeping the shadow file secure is more important than 
choosing a "tough" password (on servers on the web... in corporate 
environments, it might be the opposite...). If someone really wants in,
that's the only way... If they have the shadow file alread it's only a 
matter of time and money.

> I still think the greatest weakness for "Homeland Security" is our
> electricity.  The black out last year was a pure accident.  When Bush 
> appeared
> on TV, he looked more vulnerable than he did on 9/11.  I figured he
> was given the what-ifs in terms of how a very simple terrorist event 
> coordinated with different regions, could black out
> the entire USA.  There is no way they can guard every mile
> of transmission lines.  Then there are idiots like McGuinty (prem of Ontario) 
> who suggested the grids need to be
> more interconnected.  Duh!  Does a longer chain of dominos
> stay up any better?

The power network is very complicated, and having more interconnections 
would mean it's easier to reroute power when some lines go down. When the 
big blackout happened, it wasn't the number of interconnections that made 
the most difference, it was the failure of the monitoring systems. NB, NS, 
Maine, and other eastern states are "interconnected" with the grids that 
went down, just our auto-disconnect systems kicked in faster than theirs. 
If there had been more interconnections, then the surge load could have 
been spread out over the increased number of lines better as well, but 
that's not a real solution...



More information about the nSLUG mailing list