Messages

811

Techmology and Scientism / Re: Hacks, Kludges & Other Such Tomfoolery

« on: February 13, 2014, 08:30:42 pm »

It's not impossible to attack, but it's less likely and their FAQ does a good job of enumerating the risks and offering solutions.
I can remember random strings pretty well, so know most of my hashpasswords, so for me it's more a matter of using a totally unique password on every service.

812

Techmology and Scientism / Re: Hacks, Kludges & Other Such Tomfoolery

« on: February 13, 2014, 08:18:21 pm »

The sophistication of the attack that would be needed to find a hash collision, where two strings turn into the same hash, are so excessive IMO as to render flying to my house and stealing my computer while I'm on it a more likely approach for anyone who wants to force me to like their page.

That's a less sophisticated attack than the one that would betray my master password, which is less likely.

The more paranoid of us can read hashapass's source every time, or host it and check it's hash regularly for tampering, because it *is* possible that someone hack hashapass and change the source temporarily. Which may be what you meant, LMNO?

813

Techmology and Scientism / Re: Hacks, Kludges & Other Such Tomfoolery

« on: February 13, 2014, 08:11:26 pm »

Doesn't that make hashapass.com a single point of failure?  The security there must be airtight.

They're not storing anything, just hosting javascript which securely hashes your password, using the parameter like "facebook" as a salt to influence the result. You can take their code and read it, host it yourself, make a command line tool which will always give the same results, if you like.

EDIT: This is the code for the bookmarklet http://pastebin.com/gwWstQka
Most of that is formatting a little UI for usability. I just have an offline version saved on my phone and because I'm becoming decreasingly paranoid, I have the master password weakly encrypted so I don't have to type my 50 char password every time. Just open the app, type "facebook", login. Makes my phone a point of failure for all of my logins, if people figure out what that button does, but if I lose the phone I disable it remotely anyway.

814

Techmology and Scientism / Re: Hacks, Kludges & Other Such Tomfoolery

« on: February 13, 2014, 07:42:58 pm »

It's not for everyone, but I use hashapass.com which will take a word like "facebook" and master password I use everywhere like "horsebatterystaple" and give me a password with a combination of numbers, symbols and different cases. If I forget that password, I go to hashapass and enter "facebook", "horsebatterystaple" and it uses the same math to crunch those together and give me "dL;t8sDG" again.

If the service I'm using sucks at security, and HAXORS get my password, it only works for facebook and there is no way for them to turn it back into "horsebatterystaple" and figure out my password anywhere else.

815

Richard Nixon's glittering half-life sarcophagus / Re: PICS VIII: 10% LARGER THAN PICS VII

« on: February 13, 2014, 03:18:36 am »

Source: http://www.lostateminor.com/2014/02/03/artist-creates-sculptures-made-hundreds-discarded-toy-parts/

816

Techmology and Scientism / Re: Hacks, Kludges & Other Such Tomfoolery

« on: February 12, 2014, 11:33:51 pm »

Most importantly. How many words are in this string? More than one? How are spaces handled?

817

Techmology and Scientism / Re: Hacks, Kludges & Other Such Tomfoolery

« on: February 12, 2014, 11:12:56 pm »

But I remain confident that on a 256 key scale the brute force method would be ineffective.

What does this mean to you and how does it apply to what you've made here?

It sounds as though you've got a substitution cipher and I can't tell where the complex math comes in. Did you use a complex process to decide which letter turned into which symbol, because that complexity isn't going to translate forward into the complexity of cracking, it's still a matter of rotating the meaning of each character until readable text is produced.

Are you willing to discuss the process of encipherment so it can be examined in more depth? If that explanation breaks the encryption, I'm afraid you'll have trouble profiting from the scheme.

818

Aneristic Illusions / Re: Occupy

« on: February 12, 2014, 10:50:35 pm »

Missed opportunity in changing the rhyme on "Theirs not to reason why, theirs but to occupy".

819

Aneristic Illusions / Re: Occupy

« on: February 12, 2014, 10:39:01 pm »

"The charge of the light brigade" is just begging for a modern re-write really.

Half a block, half a block
half a block onward,
All in the valley of cops,
Rode the 200
Forward the hipsters!
Charge for the cuffs he said
Into the valley of cops
Rode the 200

'Forward, the hipsters!'
With audience unmoved.
For each among them knew
  That all was spectacle:
Theirs not to battle lethal,
Theirs not to wake the sheeple,
Their purpose was more deceitful:
Into the valley of cops
  Rode the Forgettable

Cannon to right of them,
Cannon to left of them,
Cannon in front of them
  Police line impregnable;
Backed by only Tweeps and bloggers,
Rode ignorant cannon fodder,
Into the jaws of Death,
Against the fatcat robbers,
  Rode the Forgettable

Rais'd their fists into the sky
Rais'd all their slogans high,
Flailing at the coppers there,
Charging an army with
  All the world skeptical:
Plunged in the teary-smoke
Thro' the line they finally broke;
Hipster and Stoner
Reel'd from the baton-stroke
Captur'd and regrettable.
The occupation intact, but not
Not the Forgettable

820

Aneristic Illusions / Re: Occupy

« on: February 12, 2014, 10:14:33 pm »

Surely "rode the 99 percent"?

821

Techmology and Scientism / Re: Hacks, Kludges & Other Such Tomfoolery

« on: February 12, 2014, 09:32:55 pm »

Here's some stuff on what I was saying earlier, about security by obscurity and secret encryption processes not being reliable or desirable.

http://www.networkcomputing.com/data-protection/just-say-no-to-proprietary-cryptographic/229502394
https://www.schneier.com/essay-028.html
https://www.owasp.org/index.php/Guide_to_Cryptography#How_to_determine_if_you_are_vulnerable

Mathematically sound cryptography remains secure even if the process is known, so long as the key is not.

822

Techmology and Scientism / Re: Hacks, Kludges & Other Such Tomfoolery

« on: February 12, 2014, 09:19:11 pm »

Is it going to say "this is the plaintext" or similar? Because I can make assumptions about which characters are chaff and make it say "to be carried" or "you will not" or similar.

823

Techmology and Scientism / Re: Hacks, Kludges & Other Such Tomfoolery

« on: February 12, 2014, 09:15:18 pm »

Paes, remember that this was originally meant for a password, not a message.

In which case, it's irrelevant if a hacker can guess the original password, they just need to find out the sequence of characters.

If they're brute forcing it by trying every possible character, but if you could reverse engineer any of the rules you could make minor modifications to existing dictionary attacks to speed up the process.

It seems to me, JBookup, like you may be underestimating how quickly a computer can try all permutations of the string which keep the order intact and systematically remove groups of characters, then see if any words fit into the pattern presented.

Do you know if, while attempting to decipher this, the answer will be obvious?

824

Techmology and Scientism / Re: Hacks, Kludges & Other Such Tomfoolery

« on: February 12, 2014, 09:00:46 pm »

So the random chaff you've thrown in doesn't have legitimate uses in the legend? If ^ is a random symbol, it never corresponds to a letter?

825

Techmology and Scientism / Re: Hacks, Kludges & Other Such Tomfoolery

« on: February 12, 2014, 08:29:23 pm »

Though it would be still set in stone, but with multiple letters having the same encrypted counterpart.

Whaaaa?

Is there a method by which the decrypter knows which of the many encrypted counterparts you are using?