On Fri, Aug 20, 2010 at 7:38 PM, Jonathan Leybovich <jleybov(a)yahoo.com> wrote:
These attacks (typically aimed at digital signatures)
do not allow themselves
the luxury of assuming the extremely small pre-image space that is typical for
user-entered passwords, though. This makes brute-force attacks feasible and the
only practical constraint on the attacker becomes the hash function's run time.
Brute-force attacks and preimage attacks are entirely separate. Any
hash function is vulnerable to a brute-force attack, and they're all
more or less equally vulnerable -- you can only gain a couple orders
of magnitude advantage at best, and only by making your own code
execute slower and betting that it will inconvenience the attacker
more than you. A preimage attack is entirely separate, and well-known
hash functions (even totally obsolete ones like MD4) generally aren't
vulnerable to them in practice.
Attacks aimed at digital signatures are generally neither brute-force
nor preimage, but rather collision attacks. This is why MD5 is
currently unacceptable for digital signatures, but fine for password
hashes. There are known collision attacks, but no known preimage
attacks, and it's no more or less susceptible to brute force than any
other hash.
On Sat, Aug 21, 2010 at 2:17 AM, MZMcBride <z(a)mzmcbride.com> wrote:
Facebook has been having issues with compromised
accounts that send out
spam, either through Facebook messages or Wall posts. This doesn't
completely refute your point, but it is a pretty good example of bad users
going after readily available, free-to-make accounts in order to misuse
them.
Because Facebook accounts can send messages that look like they're
from someone you know, since they have a built-in friends list and are
meant to be used for chatting. On a wiki that anyone could edit, 1)
there would be little advantage in using an actual account rather than
doing it anonymously (perhaps adding false signatures -- most people
won't check the history); and 2) the spam would all be public, so when
the first compromised post is discovered it would all be reverted.
Put another way -- there's a reason people do this kind of thing on
Facebook (and IM, etc.), but demonstrably do *not* do it on Wikipedia.
It would be much easier and convenient to check the
password upon login.
Users might not log in for a month after promotion.
So that a local wiki admin can add the custom
JavaScript as a gadget and the
preference can ultimately move from one tab to another? :-)
Yes, because then it's not our problem. ;)
On Sat, Aug 21, 2010 at 4:15 AM, Liangent <liangent(a)gmail.com> wrote:
That's the least of it. China doesn't need to own a root CA to forge
certificates. All you need is one CA that's based in China or does
enough business there. If the government demands a forged
certificate, the CA will be in no position to refuse. I've heard that
there are Western CAs that openly advertise that they'll provide
forged certificates if requested by the government as part of a
legitimate police investigation. TLS based on the current CA system
is worthless against a moderately large government.
TLS over SRP, or at least DNSSEC, would be better. But it's still not
going to be like in the movies, where some seditious underground
movement can stay completely hidden from a powerful government by
means of 1337 h4x. Governments don't have to play fair, and there are
tons of technical and non-technical ways they can beat you:
<http://xkcd.com/538/>. If we're going to stay in the realm of
sanity, we need to focus on foiling attackers of reasonably limited
means, such as a criminal gang with access to a large botnet -- not a
government.