reddit gadget guide

Gay marriages need to be legalized everywhere...

Sun, 18 Dec 2011 07:11:02 -0700

because I would watch the shit out of gay divorce court.

From: http://www.postsecret.com/2011/12/sunday-secrets_17.html

submitted by aviewanew to funny
[link] [comment]

aviewanew on r/HackBloc Holiday Bitcoin Fundraising Drive for Crypto.is

2011-12-16T17:47:53.297983-07:00-0700

I'm @tjr on #cryptodotis, one of the other main participants. I don't want to go so far as to say they're scammers, but I will publicly go "Huh guys? Why not talk to us about this first" I'm not sure how up to date this is (I think we've had a donation or two, and I'm no sure what money is actually cashed out and accessible and not in bitcoin/weepay), but here's our finances: https://public.sheet.zoho.com/public/sirvaliance/the-crypto-project-balance-sheet We haven't really discussed this yet, but I expect that if we have the $ for a year's worth of expenses available (a year's worth of runway), excess would be used to run more services: tor, notaries, and/or remailers. Maybe a Tahoe Grid, but that one's tricky. Thanks for everyone's interest though, the upvotes are very encouraging! Hopefully any donations made eventually wind up supporting us =)

aviewanew on From the mind behind crypto.cat: "Even 4096-bit asymmetric keys do not match the strength of a 256-bit symmetric AES key."

2011-12-10T21:46:18.295831-07:00-0700

This. More info and supporting references: http://comments.gmane.org/gmane.network.tor.devel/724

aviewanew on Looking for a hex editor to analyze files

2011-11-28T09:51:12.707144-07:00-0700

010 Editor. Not open source, but very good, and the best editor I've seen for opening large files (gigabyte size).

aviewanew on Nice how-to on factoring RSA512

2011-11-22T08:49:38.471338-07:00-0700

Thats me! If you have questions, feel free to ask and I'll get back to you in some indeterminate amount of time. (Probably quickly, but I'm heading on holiday soon, so no guarantees.)

aviewanew on Slide Attack Tutorial

2011-11-20T13:32:24.939793-07:00-0700

Awesome, good writeup. You should look at the recent stuff on GOST - Adi Shamir explained it in a lecture at MIT a bit ago I sat in on, and it was pretty easy to follow. It was one of those cases where a guy looked at GOST and was like, well... what if I do a slide attack, and then everyone went "Oh, duh!" and lots of cryptanalysis followed. It's a good practical demonstration of Slide Attacks that's not too hard to follow.

aviewanew on How to know what cipher is being used for IMAP over TLS?

2011-11-18T07:47:59.277027-07:00-0700

I heard a mention somewhere on a list that google uses RC4 for most of it's stuff because some of its cryptographers had mad feelings about CBC mode *prior* to BEAST being announced. (Maybe they switched in that pre-public-notice phase, but I'm not sure.)

[TOMT][website] Academic Article Categorizing about 10 years of US domestic terrorism investigations

Wed, 16 Nov 2011 13:16:27 -0700

There was a an article a while ago that now I cannot find. I think it was from a university, but it was definitely more academic in nature than a simple news article. It had charts and tables and stuff.

Anyway, it grouped the terrorism cases into groups based on how serious the attempted act was, how close they were to achieving the goal, how much the FBI or paid informants encouraged or supplied them to act - stuff like that. I think it covered all the cases from post-9/11 to publication, something like 40-some odd or so. It was published sometime in the past 3-4 years.

It was an actual website as I recall, not a pdf.

submitted by aviewanew to tipofmytongue
[link] [comment]

aviewanew on Screencap from movie The Mechanic: Encrypted Message is almost actually legit.

2011-11-15T16:26:30.469077-07:00-0700

And to finish off the detective work: They copied the middle three lines and pasted them repetitively to fill up the whole page, and updated the date created to be more recent. Thanks!

aviewanew on Screencap from movie The Mechanic: Encrypted Message is almost actually legit.

2011-11-14T21:57:12.472481-07:00-0700

I briefly thought about typing this in so I could discover what email address they used to generate it... but no.

Screencap from movie The Mechanic: Encrypted Message is almost actually legit.

Mon, 14 Nov 2011 21:52:52 -0700

submitted by aviewanew to crypto
[link] [5 comments]

Icelandic Bars or Speakers? (Language Exchange)

Sun, 13 Nov 2011 17:42:52 -0700

I'm looking to pick up the basics of Icelandic in about a week and a half... and practicing on someone in person is proving to be tough. Does anyone happen to be Icelandic, have an Icelandic friend, or know of Icelandic hangouts in the city where I could trade alcohol or food for language lessons?

submitted by aviewanew to nyc
[link] [6 comments]

aviewanew on Can someone explain (or link to an explanation of) the math behind PKI? How can something be encrypted by one key but only decrypted by another key?

2011-11-13T12:49:20.057846-07:00-0700

ElGamal is another public key cryptosystem, similar to RSA, but with different math. But it's not too difficult to follow. [Here's my attempt at explaining it.](http://ritter.vg/security_adventures_elgamal.html)

aviewanew on What is the correct response when one of "us" does something unethical?

2011-10-16T07:42:36.090165-07:00-0700

I'm in NYC and never heard of this guy. Is he actually infosec? Or just another talking head who helps you 'secure' your organization with a bunch of interviews and never actually looking at a computer?

aviewanew on Is anyone using Convergence? What are you thoughts so far?

2011-09-07T05:19:23.079739-07:00-0700

If you want help setting up a notary or complaining about it's problems, we've got come experience: OFTC #cryptodotis

aviewanew on Iran forged the wrong SSL certificate

2011-09-01T04:52:39.611393-07:00-0700

Geez that's subtle. I'm wrapping my mind around it, because he didn't clarify. Here's my attempt. > Don't load the Google Analytics javascript when your site is accessed via HTTPS. In other words, only load it over HTTP. - So, if your site only processes sensitive data over HTTPS - this protects you because if someone targeted ssl.google-analytics.com for middling they lose a foothold into your site. It doesn't protect you if they targeted you or any other 3rd party library you use. - If your site processes sensitive data over HTTP - this *would* let them still *automatically* middle your traffic and tamper it - but they'd be able to target you specifically even without GA because it's HTTP. It does make it more automatic-easy for them them. - If your site doesn't process sensitive data, but is still HTTPS-only - this protects users from other auto-inserted shenanigans (browser exploits, or a more esoteric attack like [cross site printing](http://ha.ckers.org/blog/20080108/cross-site-printing/)). - If your site doesn't process sensitive data, but is partly/all HTTP - they would be able to deploy a mass-targeted shenanigan attack against your site, but again - they'd be able to do that do matter what because it's HTTP. Or, and I haven't tested this or know if it works, you could come up with some hackish proxy system where you get the GA code on your server and pass it down, in which case no connection is made to ssl.google-analytics.com by the client. It may not work though - google might have javascript to check for this in the GA code, and while it *is* possible to rewrite the javascript on the server - defeating google's obfuscation and updates is probably not practical. **Also** As far as I know, the list of certs targeted has not been fully revealed. Torproject was able to get some information. It's possible ssl.google-analytics.com was targeted.

aviewanew on Reason #50302 why I can't leave my desk unattended.

2011-08-19T06:39:34.116626-07:00-0700

http://images.icanhascheezburger.com/completestore/2009/3/24/128823733865799914.jpg

aviewanew on Reason #50302 why I can't leave my desk unattended.

2011-08-16T18:29:53.076407-07:00-0700

Open image. Close image. Wait a minute. Open Image again. Action figure is right... Keyboard is possible... Monitor stand is right... Desktop decorations are unknown. Time to check username! Yup. Hey Beef.

aviewanew on Volleyball.

2011-07-21T11:31:31.483208-07:00-0700

[Article](http://www.laweekly.com/2006-07-27/columns/viva-border-volleyball/).

The New Encryption Key Case: US v Fricosu, and a survey of precedence

Wed, 13 Jul 2011 04:24:53 -0700

submitted by aviewanew to armchairlawyer
[link] [comment]

aviewanew on An easy to use crypto tool (with mobile interface) that a friend and I came up with: CryptBro!

2011-06-23T05:09:59.989476-07:00-0700

I've looked at a lot of these, even broken one when I had the time. I don't really like them. BUT, for something I don't like and wouldn't use, this is one of the better ones. Couldn't find a reasonable flaw in the 5 minutes before my shower. I'll put a nickle on not using Ephemeral SSL keys though. =P Since you seem to be a good developer, with a good sense of UI, what I'd *really* like to see, that'd get a lot more use, is a similar page but had a ton of algorithms, and showed the intermediate states as the encryption/decryption occurs, with test vectors. That'd be an interesting learning tool. I *still* haven't played with it much, but it might be something like an online http://www.cryptool.org/

aviewanew on LulzSec teams up with Anonymous "and all affiliated battleships"

2011-06-21T05:15:04.246874-07:00-0700

Anything's possible, but I'll tell weev tonight someone's speculating he's part of lulzsec. =P

aviewanew on Reverse engineering of the NSA's public key

2011-06-17T04:16:08.984332-07:00-0700

So - yea, GPU factoring can speed things up. And msieve has GPU support for Polynomial Selection. But the problem is the rest of the tools. Writing your own siever or linear algebra-doing app would be *super* hard, like Doctoral Thesis-level hard, or harder. You'd have to implement [Lanczos](http://en.wikipedia.org/wiki/Block_Lanczos_algorithm_for_nullspace_of_a_matrix_over_a_finite_field) (which has a public implementation) or [Wiedemann](http://en.wikipedia.org/wiki/Block_Wiedemann_algorithm) (which doesn't to my knowledge) which are themselves super-complicated. I've been told annecdotely that the author of the main implementation of Lanczos used (msieve) doesn't even understand how it works, he just gets it enough to implement it. And then you're getting into issues of fitting the whole thing in memory and whether or not the GPU efficiencies (doing the same operation N times in parallel) work with those algorithms. I like to hand-wave at things like this and say "The NSA has done it (or should have done it) but unless and until someone pays a half-dozen Math/CS PhD's for a couple years just for shits and giggles..."

aviewanew on Reverse engineering of the NSA's public key

2011-06-17T04:08:55.840010-07:00-0700

That's not that lucky - the Linear Algebra takes ~22 hours, the Sieving, which is sped up by a good polynomial, takes only a couple and the rest of my 36 hours was a couple for poly selection, a couple for data transfer, and a couple leeway/whatever. Sieving can be parrallelized to 30 minutes in a local network really. I actually have a presentation about this - poly selection, sieving, and in general distributing any application easily over hundreds/thousands of machines - hoping it gets accepted at #days or ekoparty.

aviewanew on Reverse engineering of the NSA's public key

2011-06-16T14:48:14.804201-07:00-0700

It's not a matter of 'getting lucky' - the GNFS is a 3-step process that you have to run to completion. I can factor a 512-bit key in ~36 hours (and have), but I'll never 'get lucky' and get it in 12 hours. Trying to factor anything higher than... 300 bits or so without the GNFS won't work. I mean yea in theory you could 'get lucky' with trial division, but the odds are astronomically small.

reddit gadget guide

Gay marriages need to be legalized everywhere...

aviewanew on r/HackBloc Holiday Bitcoin Fundraising Drive for Crypto.is

aviewanew on From the mind behind crypto.cat: "Even 4096-bit asymmetric keys do not match the strength of a 256-bit symmetric AES key."

aviewanew on Looking for a hex editor to analyze files

aviewanew on Nice how-to on factoring RSA512

aviewanew on Slide Attack Tutorial

aviewanew on How to know what cipher is being used for IMAP over TLS?

[TOMT][website] Academic Article Categorizing about 10 years of US domestic terrorism investigations

aviewanew on Screencap from movie The Mechanic: Encrypted Message is *almost* actually legit.

aviewanew on Screencap from movie The Mechanic: Encrypted Message is *almost* actually legit.

Screencap from movie The Mechanic: Encrypted Message is *almost* actually legit.

Icelandic Bars or Speakers? (Language Exchange)

aviewanew on Can someone explain (or link to an explanation of) the math behind PKI? How can something be encrypted by one key but only decrypted by another key?

aviewanew on What is the correct response when one of "us" does something unethical?

aviewanew on Is anyone using Convergence? What are you thoughts so far?

aviewanew on Iran forged the wrong SSL certificate

aviewanew on Reason #50302 why I can't leave my desk unattended.

aviewanew on Reason #50302 why I can't leave my desk unattended.

aviewanew on Volleyball.

The New Encryption Key Case: US v Fricosu, and a survey of precedence

aviewanew on An easy to use crypto tool (with mobile interface) that a friend and I came up with: CryptBro!

aviewanew on LulzSec teams up with Anonymous "and all affiliated battleships"

aviewanew on Reverse engineering of the NSA's public key

aviewanew on Reverse engineering of the NSA's public key

aviewanew on Reverse engineering of the NSA's public key

aviewanew on Screencap from movie The Mechanic: Encrypted Message is almost actually legit.

aviewanew on Screencap from movie The Mechanic: Encrypted Message is almost actually legit.

Screencap from movie The Mechanic: Encrypted Message is almost actually legit.