Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 24 Jul 2014, 09:06
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Hacking data
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 3 [44 Posts]   Goto page: Previous 1, 2, 3 Next
Author Message
Barkin


Joined: 12 Aug 2011
Posts: 675

PostPosted: Tue 09 Jul 2013, 17:02    Post subject:  

ISBN's are different for each edition of a book, (and different in different countries). So if you're going to use one as part of an encryption-key that make sure there are several sources where you can access that ISBN.

If the book is lost you would need Internet access, (or another copy of the same edition of the book), to obtain that number, so if you are working off-line, without internet access, on encrypted data you'd be stuck.
Back to top
View user's profile Send private message 
Edwardo

Joined: 26 Jun 2013
Posts: 42

PostPosted: Wed 10 Jul 2013, 07:07    Post subject:  

Flash wrote:
Actually if you're really paranoid it isn't a bad idea to use a book's ISBN number for an encryption key. If the book is lost or stolen, you can find the exact same book and it will have the same ISBN number. It's easier to remember the title of a book than its ISBN number. Just be sure to choose a book that was popular, so there will be a lot of them in used book stores, but not too popular. Don't use a bible for instance, that would be too easy to guess.


Can we say 'caution' or 'common sense' in preference to paranoia. In the house in which I grew up the telephone for example was stationed in the hall, some distance from people in rooms whose doors were usually closed despite the fact the technology of the day did not permit the telephone to listen to conversations in its vicinity with its receiver in its cradle.

Recently I gave my smartphone away as I came to realize it was not the innocent toy it seemed to be. Then I ask my lady friend if she would much mind keeping her telephone in another part of the house when not in use. At first she was horrified, almost rebellious. It took a little time explaining things and now she has an excellent grasp of concepts like 'network', 'public telephone system', 'privacy', 'eavesdropping' etc. I could continue but I think there is little need for for it when addressing this sophisticated audience.

Last edited by Edwardo on Wed 10 Jul 2013, 11:11; edited 1 time in total
Back to top
View user's profile Send private message 
Edwardo

Joined: 26 Jun 2013
Posts: 42

PostPosted: Wed 10 Jul 2013, 07:47    Post subject:  

Barkin wrote:
ISBN's are different for each edition of a book, (and different in different countries). So if you're going to use one as part of an encryption-key that make sure there are several sources where you can access that ISBN.

If the book is lost you would need Internet access, (or another copy of the same edition of the book), to obtain that number, so if you are working off-line, without internet access, on encrypted data you'd be stuck.


Yes, indeed. The ISBN idea was an idle thought. But I do believe the best place for the password to be kept is in one's head. Of course if someone knew it was in my head and he wanted it very badly, I would hand it to him as a gift. He would then have a most interesting reading list which hopefully would improve his mind Laughing
Back to top
View user's profile Send private message 
Edwardo

Joined: 26 Jun 2013
Posts: 42

PostPosted: Wed 10 Jul 2013, 11:29    Post subject:  

Re passwords, the OTP token method, one time password, gives one a deeper sense of security so long as one has faith in its manufacturer. This I have used for financial transactions with success so far. RSA is one such provider to financial institutions of these tokens whose 6 digit number changes every 60 seconds, and I believe they were hacked a couple of years ago. Probably now their security measures regarding security token internals have improved. Hopefully. On the other hand one is placing a lot of trust in a 'cloud', an indeterminate thing, in an indeterminate place, operated by unknown people.

Getting back to a Linux BIOS level password entry, can we use a dedicated USB to store and enter something really absurd, like this

nKlN2.Sl^mD={PxYBax,gxSWS$zYQeCO20/ik%23",aZa09fDUFW?w=TZubLe=lGQJ61#p@8Y*!W(O'uXjAt!lh'SxCgc*Cj')(%F^hr0B9oE}s36'x&t&41?JQP+MXsXmJ2E,nV[yLf{6fGZ}BZM1#w:U$UqeJK5J:gsWR*:^WMc2Dg:n"D6|f-/oX'tH![)L.wrrEDt86DNef&Mj[h(/MN1me17@YT=CVan)ML:tCZj|iy{W(TE9#Dvj)0S.Akniw(>GhviZq1~5tI6nU?o3*/TNmXtr/PI!BC)c=Uh2n\ER^hBT-;mG|va'LwCB4@7XAjse19VA%nVv2YuV~lfI<%}[SUL|yR)8+Eb1%kisBuQl3%CLNv|@%bAE(p8QH2fRCorGH/=#''FRR?k"s?kN=Z{!<!Q-.b&RYM$Ra@;"Q/9#BOp,j3'u!0Uo^%'sJR&6{b|nqY2oI'wV/.YgfP8rj3LmM7|PV@M3#{m1TwB^ZVE\Vcf#9m%WX#9S7u7J.jXGKs2T7k@N?@,RlCJ{lO+"Nsq9.y{5=%|5MffQedYLt;[lC~RmAgrj.@)cDE8E#&&yEd2>6HmM0FSE=dl#f/LD2{"|P;(<Yt^Mz9obF(kn@KA'#?"("|h''1()9=jeYl"D>a&f|lJ<JtJ-tI6Z~Qro=sF$~Rze3PXzr)BxMzM.mqT@T|LQiz-r7|r@2BkQh^)oD6zjS|<|CO5)"C>8(<I<U6\(|KKbu+QbVvv,/B-%{sbVOt\zjp9$-(&$d9A7!kJ|cKiR-luQ(e//"!U4hqP9s8t"f|^Y7r-

I guess for this one we'd see you in the next universe.
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 675

PostPosted: Thu 11 Jul 2013, 02:29    Post subject:  

Edwardo wrote:
... Getting back to a Linux BIOS level password entry, can we use a dedicated USB to store and enter something really absurd, like this

nKlN2.Sl^mD={PxYBax,gxSWS$zYQeCO20/ik%23",aZa09fDUFW?w=TZubLe=lGQJ61#p@8Y*!W(O'uXjAt!lh'SxCgc*Cj')(%F^hr0B9oE}s36'x&t&41?JQP+MXsXmJ2E,nV[yLf{6fGZ}BZM1#w:U$UqeJK5J:gsWR*:^WMc2Dg:n"D6|f-/oX'tH![)L.wrrEDt86DNef&Mj[h(/MN1me17@YT=CVan)ML:tCZj|iy{W(TE9#Dvj)0S.Akniw(>GhviZq1~5tI6nU?o3*/TNmXtr/PI!BC)c=Uh2n\ER^hBT-;mG|va'LwCB4@7XAjse19VA%nVv2YuV~lfI<%}[SUL|yR)8+Eb1%kisBuQl3%CLNv|@%bAE(p8QH2fRCorGH/=#''FRR?k"s?kN=Z{!<!Q-.b&RYM$Ra@;"Q/9#BOp,j3'u!0Uo^%'sJR&6{b|nqY2oI'wV/.YgfP8rj3LmM7|PV@M3#{m1TwB^ZVE\Vcf#9m%WX#9S7u7J.jXGKs2T7k@N?@,RlCJ{lO+"Nsq9.y{5=%|5MffQedYLt;[lC~RmAgrj.@)cDE8E#&&yEd2>6HmM0FSE=dl#f/LD2{"|P;(<Yt^Mz9obF(kn@KA'#?"("|h''1()9=jeYl"D>a&f|lJ<JtJ-tI6Z~Qro=sF$~Rze3PXzr)BxMzM.mqT@T|LQiz-r7|r@2BkQh^)oD6zjS|<|CO5)"C>8(<I<U6\(|KKbu+QbVvv,/B-%{sbVOt\zjp9$-(&$d9A7!kJ|cKiR-luQ(e//"!U4hqP9s8t"f|^Y7r-

I guess for this one we'd see you in the next universe.


The maximum length of the encryption key determines the maximum length of password ...

http://en.wikipedia.org/wiki/Password_strength#Entropy_as_a_measure_of_password_strength

Creating a password longer than that does not increase security : a brute-force-crack will have to cover the entire search-space possible, e.g. in 256-bit encryption, in binary from

0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

to

1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111

Making the password longer than the key length permits just causes the mileometer to go around the clock, so to speak : all permutations will have been covered and the password already cracked.

https://www.grc.com/passwords.htm
Back to top
View user's profile Send private message 
Edwardo

Joined: 26 Jun 2013
Posts: 42

PostPosted: Thu 11 Jul 2013, 11:51    Post subject:  

What determines the length of the encryption key?
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 675

PostPosted: Thu 11 Jul 2013, 21:16    Post subject:  

Edwardo wrote:
What determines the length of the encryption key?

The encryption algorithm sets the maximum key length:
i.e. the maximum key length is fixed by the encryption method.

e.g. old DES has 56-bit encryption which is now crackable by brute force in days on modern computers.

Currently the industry standard is AES 256-bit , Attempting to crack it by brute force is currently "computationally infeasible" :
it would take trillions of years using state-of-the-art computers.

Each additional bit in key length doubles the number of permutations possible, and doubles the time it would take to crack by brute force.
Back to top
View user's profile Send private message 
Edwardo

Joined: 26 Jun 2013
Posts: 42

PostPosted: Fri 12 Jul 2013, 09:21    Post subject:  

OK. 256 bits sounds good.

If we may go back to my original question, part is still not so clear to me ...

The computer and router are inches apart. A cable connects the router to the roof antenna.
The antenna talks to the ISP several km distant. A hacker can access my router, this I know from experience.

The question is can he intercept traffic anywhere along the route between the antenna and the ISP?
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 675

PostPosted: Fri 12 Jul 2013, 22:06    Post subject:  

Edwardo wrote:
The computer and router are inches apart. A cable connects the router to the roof antenna.
The antenna talks to the ISP several km distant. A hacker can access my router, this I know from experience.

The question is can he intercept traffic anywhere along the route between the antenna and the ISP?


Wireless connection which use the mobile (cell)phone network would be particularly vulnerable to interception as you are literally broadcasting your data to everyone in a radius of about 1Km.
But if the channel is encrypted the intercepted transmission will be incomprehensible to eavesdroppers (scrambled).
Back to top
View user's profile Send private message 
Edwardo

Joined: 26 Jun 2013
Posts: 42

PostPosted: Sat 13 Jul 2013, 06:59    Post subject:  

Thanks. I understand the Wi-Fi encryption at my router. This is the fourth box
the ISP techs have set up as three failed in a short time.
They think I was messing with the settings so they locked me out.
The settings are now a mystery. I admit I messed one box up, but only one. Embarassed

I put the question on another security forum, they asked if the ISP encrypted
the signals at their end, something I have not heard about. I will ask.

btw, I borrowed your URL code for the Custom Search Engine. Very useful.
Back to top
View user's profile Send private message 
Edwardo

Joined: 26 Jun 2013
Posts: 42

PostPosted: Sat 13 Jul 2013, 09:17    Post subject:  

Barkin wrote:


Wireless connection which use the mobile (cell)phone network would be particularly vulnerable to interception as you are literally broadcasting your data to everyone in a radius of about 1Km.


I do not use a cellphone connection. It is a regular Wi-Fi 801.xx.
Back to top
View user's profile Send private message 
Edwardo

Joined: 26 Jun 2013
Posts: 42

PostPosted: Sat 13 Jul 2013, 11:10    Post subject:  

"It is quite easy to tell however. Make another known-good copy of the USB, put them both in a known-good, isolated machine,
and make a filesystem comparison. The only files that should show differences are the ones related to the firefox configuration,
and maybe a few system logs in /var".

To compare before and after changes to the disk is there an app for this?

I appear to be leaning toward the forensic side of things. I have no idea why.. Curiosity I suppose. The need to know if such and such is happening or not.
Back to top
View user's profile Send private message 
Semme

Joined: 07 Aug 2011
Posts: 3537
Location: World_Hub

PostPosted: Sat 13 Jul 2013, 11:40    Post subject:  

Perhaps AIDE or Tripwire to start..
Back to top
View user's profile Send private message 
Edwardo

Joined: 26 Jun 2013
Posts: 42

PostPosted: Sat 13 Jul 2013, 12:56    Post subject:  

Semme wrote:
Perhaps AIDE or Tripwire to start..


I need a PhD for that. We live in the instant world. Quick things. A comparison must be almost instant. Compare this face to that. True or false. Legit or not. At 186624 [mps]
Back to top
View user's profile Send private message 
Semme

Joined: 07 Aug 2011
Posts: 3537
Location: World_Hub

PostPosted: Sat 13 Jul 2013, 21:52    Post subject:  

Hey, I've laid you the groundwork.. the GUI's are out there..
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 2 of 3 [44 Posts]   Goto page: Previous 1, 2, 3 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0917s ][ Queries: 12 (0.0095s) ][ GZIP on ]