| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
Comments:
<0> lol
<1> ||cw: you wish... Collisions are already found in SHA... 2^63, I believe...
<0> gotta love interns
<1> Well... SHA1, at least
<2> shes pretty hot though :P
<3> So whats wrong with your internal processes that you would let an intern handle your backups?
<4> hey, I did backups when I was an intern
<1> Jymmm: Sure it is... Extremely powerful, too... It shrinks the 2048GB to 32 bytes >:)
<0> DogWater: thats not the question. the question is whats wrong with the internal process that would allow an intern to encrypt it without sharing the key
<2> cos we werent expeciting 5 RAID's to go down
<2> in a day
<5> lol how does that happen
<0> lol stormchase
<6> PoLiZei dumb*** operators
<7> IXB, if your intern used SHA-1 to "encrypt" the backup, it's lost.
<3> 5 raids in one day?
<3> erm
<3> you're making something up here
<2> fire system, sprinklers
<6> DogWater no, RAID5 on 5 raids you goober!
<3> i'd rather the place burn
<2> i dont know exactly, all i have is "****, we've lost all the data, find it"
<6> DogWater no, RAID5 not 5 raids you goober!
<3> Oh, well. you do realize that raid5 is redundant right?
<8> I'm having some concerns which regards holding objects in sessions. I have close to no experience in this area and could very well run into trouble - like ressources which cannot be serialized. Is there some guidelines available somewhere? Or is it only very few ressources that cannot be serialized? Should I be aware of certain issues when I design my own objects and domain model?
<2> and i have a disc full of 58387gkbn[dp3kjgks'fld98jf'sdkfl3;fk
<3> you can lose, gee i dunno.. 2 drives before you lose data
<3> if you know what you're doing
<9> you have 5 raid systems and no live gegraphic reduncancy?
<2> i dont manage the servers, mmkay?
<3> Maybe someone should be managing the servers, mmmkay
<9> DogWater: ***uming a hot spare, which far too few people do
<6> DogWater RAID5 can be any number of hdd's > 3
<2> they are managing the servers...just...not very well, evidently
<9> IXB: mk. if it's sha1, colisions are possible. sha256, likely not.
<2> but mmkay, lost forever
<2> thanks
<3> Jymmm: I'm aware of that, however raid5 is pointless if you arent going to use it with a hotspare, you may as well just run raid1.
<9> you could always contact the intern....
<6> DogWater doorstops
<2> whats she gonna do?
<6> bend over
<9> recreate the key
<3> Tell you the encryption key? Besides what are you teching this intern about documentation?
<2> she literally backed up the database via php using sha1 function, i have NO idea why
<2> shes not my intern
<3> wait..
<9> or at least give you head while you crack it
<3> what now
<6> hope that some over dumb*** install a keylogger on the server =)
<6> other
<10> IXB: "backed up the database via php using sha1"?
<3> backed up the database via php?
<2> ooh thats a thought
<3> what the hells
<2> yeah, its a remote script thing
<2> dont ask
<3> apparently
<9> haha
<3> its some kind of thing
<6> ROTFLMAO
<2> again, not something i made
<10> IXB: But...you can't recover a sha1's plaintext
<3> yeah; you guys need a tall gl*** of retrospect and an LTO2 drive.
<2> keyloger, cache, might be ok though
<10> How would that be considered a "backup"?
<2> well....an encrypted backup would be useful
<3> and to lock yourselves out of your own server room
<2> im guessing she got muddled with hasing/encryption
<11> IXB: It would. But SHA1 has nothing to do with making one.
<2> shes only like 16 or something
<12> you sure that there isn't the backup file and then a sha1 code for verification?
<3> Ok, you let a chick who is 16 have access to your database?.. er,,..
<3> man
<3> im writing this down
<10> IXB: She didn't figure out there was a problem when the "backup" file was only 40 characters long?
<12> is there a file larger than say 256KB?
<12> err... 256 bytes
<6> A 16yo intern in charge of millions of dollars in digital ***ests. ROTFLMAO!
<7> "Wow this encryption compression is AWESOME!"
<12> this reminds me of the statement in most guidelines: 'verify your backups'
<3> What you need is some ISO training
<7> when do we all start laughing at him?
<3> in your office
<3> you guys would be crying by the end of the first day
<10> winmutt: Why do you keep saying AES is "sploited"?
<12> IXB, again, are you sure there isn't a second, large file?
<9> Davey: 10 minutes ago
<7> ||cw, oh, :(
<1> Davey: You missed it all! Again :/
<9> TML: I think he meant sploited, like exsploited
<9> -s
<1> "exploded"
<10> ||cw: That's fine. It doesn't answer the question.
<10> I'm not clear on how an AES implementation can be "exploited"
<9> TML: and he was also refering to mysql's implementation
<9> weak key?
<0> no
<0> its a weakness related to any value that is the length of the key
<7> ||cw, exploited, there is no 's'
<0> http://bugs.mysql.com/bug.php?id=18143
<1> Davey: no, it's "exploded"... You keep writing it wrong! :)
<9> Davey|Work: yes, my "-s" failed to modify my previous line
<7> ||cw, missed that ;)
<0> essentially the method uses null terminated strings, when the length of string == block size a null encrypted block is created
<0> making it very very easy to find the key
<0> they are also very easy to spot
<0> the encrypted null value
<7> Pollita, I promise I'm not going to ask about slides :)
<1> winmutt: Well... The odds of impact are still 1:10000 or so...
<0> particularly if you are storing credit card numbers. which is a bad thing (tm) but necessary evil
<0> no the odds are 1:16
<0> ***uming you are using variable length data to encrypt
<13> Anyone know a simple encryption that can be encrypted by php easily but still makes it hard for "hackers" ;p
<1> 1:16... WHAT?
<0> and if you happen to store credit cards its a good deal more
<0> block size is 1:16
<0> er
<0> 16 bytes
<1> winmutt: I think you're BADLY mistaken.
<7> TGoC, typically, the amount of processing and complexity of an encryption algorithm, determines the complexity to decrypt it
<0> wouldnt that make the chances of a null encrypted block be 1 in 16?
<1> winmutt: yes, that'd make it 2^16 at most...
<14> any reason why setlocale(LC_ALL, 'en_GB'); strftime('%A'); returns a different language on command line then in the webserver?
<0> and if you know that a given blocks value is null brute forcing the key is exceedingly easy
<13> Davey|Work is there a good working and easy to use encryption that generates / degenerates hashes by giving up a method?
<13> i was thinking about base64
<0> Stormx2: where do you get 2^16?
<7> base64 is not encryption
<0> stormchaser : 2^16?
<10> Nor is it a hash
<7> and its completely reversable, there is no key or anything
<1> base64... "hash"... lol
<12> TGoC, mcrypt would be the best thing to look at
<11> This has been an interesting day for talking about encryption.
<7> base64 is just representing the text in base64 instead of base 2 (binary)
<11> I feel like I'm watching Swordfish again.
<7> heh
<7> mattmcc, may I query?
<0> Stormchaser : you chances of having a length that is a mod of the block size is 1:blocksize,
<12> mattmcc, I watched that a couple days ago
<12> I wonder if/how much dell paid them... lol
<11> Davey|Work: Sure.
<0> Stormchaser: its simple you have 2000 string of varying length say 0-256, the chance that one string will have a length % block length (std for aes is 16byts) would be 1:16 no?
<0> the hardest part in brute forcing a key is figuring out when you have the right key
<2> found the backup before she hashed it
<2> whew
<12> IXB, same spot or a different one?
Return to
#php
or
Go to some related
logs:
sqwebmail +myorigin
uninstall compiz
#debian
fluxbox remember firefox thunderbird gecko
iostat lsm drive
etch 2005fpw
#web
convert jpg to text
apt-get upgrade network stopped working
#suse
|
|