Bitfury Reveals New Generation of Bitcoin ASIC Chips ...

[Table] IAmA: I was a professional password cracker who taught government agents who's now working on a secure distributed communications & computation platform with bitcoin instead of upvotes. AMA!

Verified? (This bot cannot verify AMAs just yet)
Date: 2014-05-03
Link to submission (Has self-text)
Questions Answers
a more serious question, what is password cracking like? Bruteforcing hashes, looking through source code for vulnerabilities, doing advanced maths or something fourth? First I'd try to figure out if the software was merely using access denial or encryption. With access denial, the data isn't encrypted, but the software won't show you the data without the password. For purposes of criminal forensics, you're not allowed to change the data in any way for it to be admissible in court, but getting access to the file before you have a password can often be helpful. To figure that out, I'd just look at the file in a hex editor; if I could read it, it wasn't encrypted. The next easy step is to scan the program for cryptographic constants; these are things like s-boxes or tables of rotation constants or such that tell me what crypto functions, if any, are being used. For example, if I see 637c777b anywhere, I know it's probably using AES. If I see 77073096, that's a CRC32. If I see 67452301, it's using MD5. After that I'd use a debugger and a program like IDA Pro to start at the point where you type the password and figure out what the program does with it. This is what often took the most time and was the most tedious. Early versions of MS Access, for instance, just XORed the password with a fixed constant; anyone could break those passwords immediately. The toughest one that I was able to break was the encryption on WinZip; it was much better than most stuff I ran into, but still weak enough that I could break it. That was the one I enjoyed the most, like an extra-challenging Sudoku or something.
The hash function wasn't cryptographically strong, so I was able to run a lot of it backwards and get a enough constraints on the input to skip most possibilities. What is this process called if I wanted to learn about it in an academic setting? Cryptanalysis.
WinZip; it was much better than most stuff I ran into Is it any better than 7Zip? My attack was on the old encryption method. WinZip has since upgraded to AES, like 7-Zip. The only way to attack an archive made by a recent version of either of these is with a dictionary attack, trying every password.
What was the biggest password you ever cracked? Nowadays, most software companies use strong crypto, so the difficulty of cracking the password increases exponentially with the length. Back in the late 90s, it was mostly "roll your own", so the strength depended a lot more on the software than the password chosen.
That said, the password I was most pleased with was a 60-character randomly chosen password on a WinZip file using the ciphertext-only attack that later got published.
Was the content worth the effort? What was the content? The content was irrelevant to me; the fact that I had broken the encryption so thoroughly on such an important file format was the exciting bit. When it was in beta, the FBI started sending us files with suspected child porn for us to open. Thankfully I never had to look at any of it---that was someone else's job---but it felt good to know that I was able to help with that. Once we integrated it into the toolkit, of course, the FBI would just use our software themselves.
Now, though, I think that it's more important that people be taught what is right and have freedom---even if such drimes still exist---than to have a society in which every activity is so policed that crime is impossible. I think we should make it hard for the government to do such enormous, sweeping surveillance as we've discovered they've been doing.
If there's sufficient evidence to suspect someone of a crime, the government has plenty of resources to target that individual, and no software will prevent them getting the information they want. Splicious, if it is funded, will help in preventing surveilllance at national scales.
It's funny how no one seems to be responding to the thing you're actually talking about... it seems to me you're raising awareness about splicious. Can you say more about that? EDIT: I need to make clear that it doesn't fully exist yet! We need money to continue to make it real.
As I wrote above, it's a platform for encouraging the creation and curation of content. The idea is to reward both those who create content and those who share it. You may have seen that picture of handing out Facebook likes to 3rd world kids; merely "liking" something or upvoting it doesn't actually help somebody make a living. So all likes/upvotes have real money behind them in this system. The originator of content gets 90% of each upvote, while the remaining 10% is distributed down the chain of resharers to the donator.
We want artists and musicians to use it, but also scientists, authors, and journalists. We think the journalists will be particularly interested both because of the potential to get supported directly in the wake of digital media, but also because of the security features we intend to implement, like perfect forward secrecy.
We hope scientists will like it, because big academic publishers like Elsevier charge tens of millions of dollars for bundled access to their journals and have something like a 36% profit margin. The scientists write and review the articles and edit the journals for free; Elsevier turns around and charges them for the privilege. Splicious would allow people to set up electronic journals quickly, while contributions go directly to the authors and the editors.
Could you inbox me my password if you wanted or felt the need? That would require getting Reddit's collection of password hashes. It would take some effort, but probably a lot more than would be worth my while.
Well, it used to be easier. Wow! Yeah, hopefully they learned something after that. :P.
Could you be a very rich man if you used your powers for evil? I could have in the 90s. I think the FBI are a lot better at dealing with crime on the internet now than they were then.
Hi, I'm a math/CS undergraduate and find this stuff fascinating. However, I haven't a clue how to get started. Any reccomendations on how to get into password cracking and hacking? As to your specific topics, the days of easy password cracking are largely over: any software worth spending money on will use strong crypto. The best one can usually do is a dictionary attack distributed over many computers.
Awesome! What is your ed background? When I got the job I was getting my undergrad degree in physics. I went on to get a MSc and have just finished my PhD.
How much were you taught on the job vs what you had learned through self study? All of the math I learned in school or from Schneier's Applied Cryptography. I taught myself the rudiments of programming as a kid and all my electives at university were computer science classes. I learned to read assembly code on the job.
What would you say is the most lucrative area of infosec (both for black and white hats)? If you want to make enormous amounts of money, you start a company and get bought out or have a successful IPO. That's very risky, though; if you want stable good money in infosec, go join Google's security team: I did and loved it!
Are you employed now by Google? No, I left last year to start working on splicious. I'd like to keep doing so, but we need funding!
Whats this splicious you keep referring to? It's a distributed secure communications and computation platform. It has features to encourage the creation and curation of new content, but is intended to be a general purpose secure distributed computation platform.
The computation framework is based on pi calculus; I've written a paper with Greg Meredith and Sophia Drossopolou showing that we can use Caires' sspatial/behavioral types as a security policy language and let the compiler check that the implementation fits the policy. (TL; DR: We can prove that we don't have security flaws of various kinds.)
Are you Hackers or War Games fan? I loved it when you nuked Las Vegas. Suitably biblical ending to the place, don't you think?
Have you ever hacked people? Not without their permission.
That sounds a bit weird. Hahahaha. It's not much weirder than tattooing: Link to io9.com
Of course they still had to get the hashes somewhere, but there are some pretty powerful tools in the public domain these days, who knows what is behind the curtains in the federal side of the house...(proposed quantum computing password cracking for instance) People simply don't have the ability to remember passwords that are strong enough to resist the password crackers. If your service has the option to use two-factor authentication, use it; when attackers steal gmail accounts, the first thing they do is turn it on, because it makes it virtually impossible for the owner to get it back. If your service doesn't have 2-factor auth, use a long passphrase. Here's some math: if you just use lowercase letters and have a 16-character password, there are around 1022 passwords to try. If you start using numbers, too, there are around 1024, so a hundred times harder. But if instead you double the length of the password, there are around 1044, which is a sextillion times harder. Quantum computation is certainly interesting to the NSA, but the technology isn't up to code cracking yet; scientists are just at the edge of beating the error bound necessary for quantum computations with more than a handful of qubits. Link to www.news.ucsb.edu
How could a regular person like me learn the basics of this? What did you mean by "this"? Reverse engineering, password cracking, or secure distributed communications?
All of it and where should one start? I've done custom rainbow salt sables and attempted wpa2 attacks for fun and cracking hashes using Cain and Able. For reverse engineering, woodmann.com is the place to be. Get a copy of OllyDBG and IDA Pro; there is an older version available for free. Here's a reasonable intro to some of the techniques: Link to yurichev.com
Actual question how good is router security with passwords for example can you or have you hacked a router (guessing default passwords don't count)? I haven't ever tried breaking router passwords; I have my own router, so I don't need to use anyone else's.
Are you the guy that made this video: Link to www.youtube.com ? Yep. In addition to the content creation and curation stuff, there's also a notion of controlling who gets access to personal information. In the video, I drew how Alice can prevent Bob from knowing her name or address while still proving that she's 21.
But we need money to make it real.
Are you in fundraising mode? Are you doing crowd funding? Do you have a site? Yes, we're doing crowd funding. The site is linked in the description.
How is there such a huge disconnect between you and I? I send hours on the computer and can't do shit with it other than reddit and excel spreadsheets. How do you get into it? Is it a lot of reading? How does it work? I think you become good at doing what you spend time on, and you tend to spend time on things that you like doing. I learned this stuff because it made me happy. I get a thrill out of this sort of thing, so I keep coming back.
That said, with enough hard work, you can become good enough at something that it's no longer a drag: playing piano for the first few years sucks. Who wants to sit there plunking out "Mary had a little lamb"? But once you have the skill to actually read music and play it, then you're free to explore all your musical tastes. After you've played a lot of the music you love, you get a feeling for chord changes and what sounds good to you, so you can improvise your own music.
It's the same way with math and programming: there's some hard stuff at the start, but once you become good enough at it, you can start behaving like an artist and do your own thing.
The equivalent of learning "Mary had a little lamb" is introductory programming sites like KhanAcademy or codeacademy or code.org or a bazillion others.
What do you think of the new NSA, using the Patriot Act? I think the Patriot Act traded an enormous amount of liberty for what turned out to be virtually no increase in security.
Is that the same platform that this ex-Googler was talking about in this video Link to www.youtube.com. Yes, that's Vlad Patryshev. He was one of the guys who made Orkut. He was actually really excited about splicious and said, "I've been waiting for this since FidoNet."
Thanks. I'll look into all that. Lol, well that's a different story, a lucky one too. So you had no knowledge or experience with programming and they just hired you? What degree were you going to go after if you went to collee? Oh yeah, did you end up going to college after all or you just stuck with the job and learned from them? I had plenty of programming experience, but no crypto experience. I couldn't decide for a while between computer science and physics. Eventually I compromised and got a degree in applied physics; basically, all my electives were CS. I finished my bachelor's degree, then lost the job when the dot com bubble burst, went to New Zealand and got a MSc in CS, then started a PhD but ran out of money, went to work for Google's security team and started working on the PhD part time. I worked there for six years, then quit to work on splicious. I just finished the thesis and will defend later this year.
I might be late to the party, but what do you think of the XKCD password comic? This is the method I'm currently using with the help of Make Me A Passwords generator. It's spot on. When given the option, use long phrases rather than gibberish. LastPass can manage your online passwords by generating very long gibberish but only require you to use something memorable.
You actually suggest LastPass over KeePass(X)? I was using LastPass as an example of the genre, like how the southern US refers to any carbonated soft drink as "coke". I haven't made an extensive study of the offerings.
Are you Jesus? 'cause you look a lot like him. I was babysitting with another guy for a group of moms once, and when one of the moms dropped off her young kid---maybe four or five years old---he got really big-eyed and nervous. I thought he was afraid of the beard and hair: sometimes people would cross to the other side of the street when they saw me coming. So I invited him in, showed him the toys, and we all played and had a good time.
When his mom came to pick him up, he ran over and said, "Jesus is fun!"
Hey Mike, my understanding is that you've built a distributed platform and also adding on bitcoin support so that every post you make on splicious could potentially generate revenue. i would say that it's a new take on an alternate virtual economy and want to try as soon as they allow public use. are you planning to add some kind of reputation system to it? say, if i want to look for something a'la craig's list style rather than post my poetry? We've been thinking about reputation systems, but don't have any firm plans. Part of the problem with reputation systems online is that people do "pump & dump", using their reputation to steal something. If anyone has ideas or references about fighting this, please PM me.
Was most of your work just using parallelism brute forcing, or did you look for vulnerabilities in encryption standards. Also what is your opinion on the vulnerabilities of dual eliptic curve cryptography? Nearly all of my work was cryptanalysis of the relatively weak cryptography that was prevalent in the late '90s. We started turning to parallelism when MS Word improved its crypto to the 40-bit stuff that was the limit for software you could export.
The vulnerability in the PRNG for dual ECC was clearly inserted by the NSA and weakened everyone's crypto, even the US military and government's. I'm surprised that there's not more outcry from the other government organizations.
Last pass gotta remember that one. The o e thing I'm worried about though is my email is under yahoo and I've heard they are famous with being hacked because of crappy protection programs or leaks even is this true? Looks like Yahoo has 2-factor auth available. If you turn it on, then even if crackers do figure out your password, they won't be able to log in with it because they don't have your phone. That's the single best thing you can do.
Can you explain this like you would to someone who's never heard of hacking? There's no password you can remember that would stand up to modern cracking software. If you use a long passphrase, you might stand a chance. 2-factor auth is the only way to stay safe.
Can you tell me how to turn it on in a pm please. I'll just put it here, since everyone ought to know this: Link to www.zonealarm.com
What's your computelaptop specs? I had a Macbook Pro, like most of Google security team, and got myself another when I left. It has all the benefits of unix with really nice hardware and good suport.
What makes one password cracker different than another? Edit: Wonderful beard. Generally it's how well they take advantage of the parallelism in the GPU. And thanks!
Do you feel That bitcoin as a currency will make it even with all of the theft and ease at which people are being hacked and having coins stolen. I have no particular attachment to bitcoin as a currency. Ben Laurie, for example, has some excellent points about how to keep bitcoin secure, you either have to trust the software authors or spend half of all computing power for the rest of eternity. If you're going to trust people, there are much more efficient ways to mint money. Link to www.links.org
For our purposes, bitcoin provides a fairly simple micropayments service; any other distributed currency would probably work just as well.
We also don't store the wallets ourselves; we use blockchain.info.
I feel the success will be based on micro payments. IE reading a Wall Street journal article for a .05 or .10 fee and not having to buy the whole newspaper or article. Just my 2 cents.. Exactly. A journalist would write an article and share it with WSJ. WSJ would reshare it, and readers could support the journalist by contributing a mBTC. WSJ would get a cut and the journalist would get the lion's share.
So how hard would it to be to break a password of say"iFuCkInGHate2001!!" If crackers get hold of the file with the password hashes, nearly all passwords will be cracked, even quite long ones like yours. A similar password (18 printable chars) that has been hashed once with SHA with no salt would take less than an hour to crack on a single PC. Adding salt makes it harder to build tables where you can just look up the password instantly, but no slower to just brute force.
People REALLY need to use 2-factor auth to be secure.
So what can a person like me who doesn't know much on how to make a password more secure, except making it super long and complex to do to " feel safer" of not getting hacked. First, choose reputable services like GMail, where they take security very seriously. A cracker who can't get to the database of password hashes is forced to attempt to log in repeatedly, which can be detected and throttled to a safe rate.
Second, use 2-factor auth if it's available.
Third, use something like LastPass that generates a long random password for each site and stores it encrypted under a single password that you remember. You never type that password into anything online.
I bet your computer is awesome It's a Macbook Pro.
Last updated: 2014-05-09 00:53 UTC
This post was generated by a robot! Send all complaints to epsy.
submitted by tabledresser to tabled [link] [comments]

Inside a Bitcoin mine that earns $70K a day - YouTube Mining crypto-currencies with a Mac easily Nano 11 Technologies HYIP - CONFIRMED SCAM!!!!!!! BITCOIN HYIPs COMPOUND BITCOIN Bitcoin Mining - YouTube BITCOIN  The Best HYIP  How to COMPOUND BITCOIN

Riot Blockchain, Inc. (NASDAQ: RIOT) ("Riot", "Riot Blockchain" or the "Company"), continues its commitment to bitcoin mining with the new purchase of 5,100 next generation Bitmain S19 Pro ... Bitcoin bitcoin mining warum nicht cpu node send transaction. Kryptowährung steuer wo eintragen. Wo bitcoins verkaufen. Zeit online arbeit. Bitcoin the end of money as we know it. Kryptowährung minen 2019. Bitcoin exchange script nulled. Bitcoin broker vergleich. Bitcoin auszahlen. Forex investing reddit. Durch internet klicks geld verdienen. Sollte man in bitcoin investieren. Dynamische ... I am writing some image processing software to be used with the webcam built-in to my MacBook (purchased in mid-2008 to be specific). I want to know the specifications of it; particularly, frame rate (around 30 FPS from what I can tell) and exposure time / shutter speed. More than 85 percent of Bitcoin is in 0.5 percent of wallets. You can imagine what the distribution rate is here. I am more than sure the same distribution is within any market. If that’s true ... Bitcoin mining software monitors this input and output of your miner while also displaying statistics such as the speed of your miner, hashrate, fa. The main job of the software is to deliver the mining hardwares work to the rest of the Bitcoin network and to receive the completed work from other miners on the network. Bitcoin mining software monitors this input and output of your miner while ...

[index] [22401] [43711] [628] [41447] [40115] [43370] [48885] [41870] [34795] [45382]

Inside a Bitcoin mine that earns $70K a day - YouTube

The virtual goldrush to mine Bitcoin and other cryptocurrencies leads us to Central Washington state where a Bitcoin mine generates roughly $70,000 a day min... Bitcoin Mining https://play.google.com/store/apps/details?id=com.bitcoinmining bitcoin mining calculator bitcoin mining rig bitcoin mining hardware bitcoin m... BITCOIN PRICE , BITCOIN FUTURE in doubt http://youtu.be/eO-yrpQpIT8 What is NAMECOIN BITCOIN'S First Fork http://youtu.be/oBkhPhu3_B4 Test Scanning Stainless... GPU MINING Hashrate 1080 Ti108010701060980 Ti980970960RX 580RX 570RX 480RX 470RX 460X - Duration: 2:00. Benchmark PC Tech 137,641 views Hi, today I teach you how to mine crypto-currencies like Bitcoin or Monero, in a fast and easy way. Download the miner: https://itechcydia.fr/software Extra info : https://bitcoin.fr Create your ...

#