Archive for January, 1970
John the Ripper 1.7 Release Interview
In particular, John the Ripper 1.7 is a lot faster at Windows LM hashes than version 1.6 used to be. (Since JtR is primarily a Unix password cracker, optimizing the Windows LM hash support was not a priority and hence it was not done in time for the 1.6 release.) John's 'raw' performance at LM hashes is now similar to or slightly better than that of commercial Windows password crackers such as LC5 - and that's despite John trying candidate passwords in a more sophisticated order based on statistical information (resulting in typical passwords getting cracked earlier).
John the Ripper 1.7 also improves on the use of MMX on x86 and starts to use AltiVec on PowerPC processors when cracking DES-based hashes (that is, both Unix crypt(3) and Windows LM hashes). To my knowledge, John 1.7 (or rather, one of the development snapshots leading to this release) is the first program to cross the 1 million Unix crypts per second (c/s) boundary on a general-purpose CPU. Currently, John 1.7 achieves up to 1.6M c/s raw performance (that is, with no matching salts) on a PowerPC G5 at 2.7 GHz (or 1.1M c/s on a 1.8 GHz) and touches 1M c/s on the fastest AMD CPUs currently available. Intel P4s reach up to 800k c/s. (A non-public development version making use of SSE also reaches 1M c/s on an Intel P4 at 3.4 and 3.6 GHz. I intend to include that code into a post-1.7 version.)"
[read full article]
Podcast: Digital Forensics and Hacking Investigations, Part 1
This LiveAmmo Podcast is in .mp3 format, 00:44:20 in duration, and a 21.28 MB download.
Copy and paste our Podcast feed URL into your Podcasting client to subscribe:
http://feeds.feedburner.com/LiveAmmoRadio
Apple iTunes users click here:
LiveAmmo Odeo Channel:
For past episodes, visit the LiveAmmo Podcast Archives.
New to Podcasting? Download a free software client today and tune in on your MP3 player or PC:
Apple iTunes (Windows or Mac)
Doppler (Windows, Windows PocketPC, Windows Mobile)
Juice (Windows, Mac, FreeBSD, and Linux)
[download .mp3]
Espionage Operations by China
The Chinese sweep for technology is providing a heavy workload for traditional counter-espionage for the Australian Security Intelligence Organisation, despite its shift of priorities to counter-terrorism.
Beijing orchestrates a broad range of business, academic and personal contacts, as well as intelligence gathering by officials posted to embassies and consulates from the Ministry of State Security and the People's Liberation Army 2nd Department. And the country sends an incessant stream of information-gathering 'delegations'.
Mike O'Dwyer, the inventor of the Metal Storm gun that is capable of firing a million rounds a minute, said on Channel Nine's Sunday program he had been offered $US100 million ($134 million) to move to China.
'What I was expected to do in Beijing was to divulge all the knowledge I had to enable prototypes to be built for the weapons system to be developed,' Mr O'Dwyer said."
[read full article]
God Does Not Play Dice
"True randomness must be based on the inherent unpredictability of our universe. Mr. Haahr's iPod engraving is a rebuttal to Albert Einstein's famous objection to quantum mechanics: 'God does not play dice.' In fact, subatomic particles often act as if governed by a roll of dice. The decay of a radioactive nucleus, and the orbit of an electron around an atom, are processes that are inherently unpredictable.
Hence, when John Walker, founder of the software company Autodesk, decided 20 years ago to create his own source of random numbers in his computer laboratory in Western Switzerland, he bought some radioactive Krypton-85. The substance decays at a known rate, but the timing of the decay of individual atoms inside the Krypton-85 is entirely unpredictable. Mr. Walker monitors the decay, and distills that randomness into a random sequence of 0s and 1s that are published on his Web site, HotBits.
There are other Web sites aimed at serving up random numbers. Random.org comes up with numbers by monitoring atmospheric noise generated from a radio tuned to a frequency without a station. LavaRnd.org uses a digital camera with its lens cap on, mining the chaos within the distribution of light on the dark lens. These tools can produce enough random numbers for many applications. They're the philosophical descendants of a famous Rand Corp. publication from 1955 called 'A Million Random Digits,' which is 'probably our best seller,' Rand senior statistician John Adams said, laughing.
But these strategies, which must detect and analyze natural processes, serve up numbers too slowly for high-volume consumers of randomness. Banks, casinos and others generally must rely on computer algorithms, meaning they're on the hunt for programs that can best mimic true randomness. (Researchers also use random numbers for simulations, but unlike those using the numbers for security, researchers need a record of the numbers used so that they can redo the experiment to verify the findings.)
How would you know if your sequence of numbers is random? Just looking at them wouldn't help. 'People are notoriously bad at being a random number generator or recognizing something as random,' said Landon Curt Noll, one of the creators of LavaRnd.org. People tend to seek patterns and order where none exist -- perhaps even in a shuffled iPod playlist, where they might pay more attention when their favorite songs are playing, and thus assume that those songs are in heavier rotation."
We Have Secretly Replaced the Constitution with Folger’s Crystals
The committee also passed two other surveillance measures, including one from Sen. Dianne Feinstein (D-California), one of the few senators to be briefed on the National Security Agency program. Feinstein's bill, which Specter co-sponsored before submitting another bill, rebuffs the administration's legal arguments and all but declares the warrantless wiretapping illegal.
In contrast, Specter's bill concedes the government's right to wiretap Americans without warrants, and allows the U.S. Attorney General to authorize, on his own, dragnet surveillance of Americans so long as the stated purpose of the surveillance is to monitor suspected terrorists or spies.
Lisa Graves, senior legislative counsel for the American Civil Liberties Union, called the bill 'stunning.'
'The administration has taken their illegal conduct in wiretapping Americans without court orders, in violation of the Foreign Intelligence Surveillance Act and the Constitution, and used it as springboard to not only get FISA changed to allow the Terrorist Surveillance Program, but to actually, going forward, not give protections to Americans' privacy rights,' Graves said.
Jim Dempsey, the policy director for the more moderate Center for Democracy and Technology, described the bill's passage out of committee as 'light years or miles beyond the Patriot Act.'"
[read full article]