[nSLUG] US Homeland Security
jason at ohm.ath.cx
Wed Aug 18 17:29:37 ADT 2004
> The significance being that historically the discovery of
> a decoding method has not been far behind a discovery like this.
> Well, most of us have shadow files that are hidden from joe user.
> That would help that end of things for awhile. But would md5
> crackability effect the web as well?
The paper is specifically: http://eprint.iacr.org/2004/199/
>From what these guys are saying, they are only finding equivalent length
bit sequences that produce the same hash. I believe the only way you could
"crack" md5, would be to somehow prove that out of all the bit sequences
of that length, only one produces that particular hash. I think even if
you assume what these guys found will help you, you could only produce
another equivalent sequence that gives the same hash, it doesn't really
help you find the original. Besides, these guys were working with 32-bit
lengths I think, not .iso image sizes... although I have no idea how
portable to those sizes their work would be.
As far as passwords go you can already brute force them pretty easily I
think... I think keeping the shadow file secure is more important than
choosing a "tough" password (on servers on the web... in corporate
environments, it might be the opposite...). If someone really wants in,
that's the only way... If they have the shadow file alread it's only a
matter of time and money.
> I still think the greatest weakness for "Homeland Security" is our
> electricity. The black out last year was a pure accident. When Bush
> on TV, he looked more vulnerable than he did on 9/11. I figured he
> was given the what-ifs in terms of how a very simple terrorist event
> coordinated with different regions, could black out
> the entire USA. There is no way they can guard every mile
> of transmission lines. Then there are idiots like McGuinty (prem of Ontario)
> who suggested the grids need to be
> more interconnected. Duh! Does a longer chain of dominos
> stay up any better?
The power network is very complicated, and having more interconnections
would mean it's easier to reroute power when some lines go down. When the
big blackout happened, it wasn't the number of interconnections that made
the most difference, it was the failure of the monitoring systems. NB, NS,
Maine, and other eastern states are "interconnected" with the grids that
went down, just our auto-disconnect systems kicked in faster than theirs.
If there had been more interconnections, then the surge load could have
been spread out over the increased number of lines better as well, but
that's not a real solution...
More information about the nSLUG