dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
517
share rss forum feed


ashrc4
Premium
join:2009-02-06
australia

1 edit

Randomness and linux's go at it.

»nakedsecurity.sophos.com/2013/09···ou-dont/

Personally i think they are all panning for silver not gold.
The RNG approach to perfection here only leads to a smaller pool.
augh...wish they would focus on salting to the same extent once they realize that the method of RNG's need to incorporate 3 methods combined to eliminate or greatly obfuscate any discernible back tracking of a pattern.



ashrc4
Premium
join:2009-02-06
australia

2 edits

I'll lay the basic base foundation for the maths.
{Random generator one, simplistic ((plus minus length)eg random) + different method RG(+-) + repeat step 2} = key used (done well should greatly increase size of pool)
You can add additional steps to control a range of overall key lengths.



ashrc4
Premium
join:2009-02-06
australia

1 edit
reply to ashrc4

Why did they call it RNG and not random character generator?
The character has no value (ie 1+A does not equal *) The use of no. implies such.
Unless you can do something funky with binary.



Raphion

join:2000-10-14
Samsara

Because it generates random numbers, or values. The characters presented to an operator are after the fact, every character has a number behind it.



dib22

join:2002-01-27
Kansas City, MO

1 recommendation

reply to ashrc4

said by ashrc4:

Unless you can do something funky with binary.






ashrc4
Premium
join:2009-02-06
australia

That's an example....yep. I like what could be possible if you got more funky....like ciphers.
If you have have multiple options to be session unique with unique ciphers.



ashrc4
Premium
join:2009-02-06
australia
reply to Raphion

said by Raphion:

Because it generates random numbers, or values. The characters presented to an operator are after the fact, every character has a number behind it.

Values sounds the most accurate descriptor without forming a new word.
Integers are closer than the descriptor no.'s.
Does the binary value contain any workable math properties.....yes.
Thinking about NTFS, video codecs and how binary values stack together partial reconstruction seems probable. Even if you make the key undiscoverable the data by its self should contain some degree of discoverability.

i like the new acronym.

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
reply to ashrc4

Everything in a computer is numbers. A computer program is just a big number. Some devices draw squiggly marks if you given them certain numbers. This reply is a number.



Raphion

join:2000-10-14
Samsara
reply to ashrc4

BTW, if you need really good random, you can buy one of these.... »www.idquantique.com/random-numbe···cts.html



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to dave

Yup. Computers only do two digits: 0 and 1. That said they do lots of 0's and 1's in parallel
--
Don't feed trolls--it only makes them grow!



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

said by StuartMW:

... Computers only do two digits: 0 and 1. ...

Except for ternary-logic computers, which generally have 0, +1, and -1 states. The cool thing about ternary is that the negative value of a number consists of just flipping the +/- signs, which makes subtraction into just flipping bit signs for one number followed by an addition with the other. Back in the late 60's and 70's, an R&D project with which I was involved was playing around with the ternary concept, since the end-item usage required enormous amounts of numerical subtractions. Unfortunately, there remained extremely little industrial/military parts support for that form of logic - everything was hurtling down a path of miniaturizing binary logic and implementing that onto IC chips, so our ternary project pretty much withered on the vine for lack of available parts. But I've always wondered what could really be done if the industry ever put any horsepower behind it...
--
The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money. -- A. de Tocqueville


dib22

join:2002-01-27
Kansas City, MO

said by Blackbird:

Except for ternary-logic computers, which generally have 0, +1, and -1 states.

Don't forget Qubits!

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
reply to StuartMW

But layer-1 protocols can have more than two digits, which is why you need to know the difference between 'bits per second' and 'baud'.



ashrc4
Premium
join:2009-02-06
australia

1 edit
reply to dave

said by dave:

Everything in a computer is numbers. A computer program is just a big number......This reply is a number.

And those UNIQUE binary's have rendered themselves on my computer screen.
Encrypt a message of one character say "W" in text document.
The Exif data fits known templates.
Encrypt a text document with 64 "W's"
NTFS has rules and known data either in exif form or otherwise that can be located specifically on a hard drive. Some of the locators such as partitions or where the OS is installed etc.

The possibility of decoding the stacking of binary's depending on the library used can also be manipulated. The reason i chose codecs is because millions of colours need to be coded into binary the chart above is a tight, short example of the total characters used for a pass-phrase.
This increases the length of the binary code (static) also increases the possibility of unique patterns forming.
To make sense of these algorithms that know how colour pixels stack together to form shapes etc already exist.
Can repeatedly sequencing/manipulating the data extract EXIF and shape/colour patterns. If thousands of pixels the same colour are stacked together, say a white cloud, then the key for the encryption is only lightly coded and repeated in a Frame of the movie then repeated (still shot).
Probably the biggest Exif type scenario i can think of.

Extracting patterns from binary may be difficult and take multiple steps to make sense of the data but i think it possible.

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8

2 recommendations

Sorry, your reply was too-well encrypted for me to make any sense of it.

Really, I can't guess what point you're making.



ashrc4
Premium
join:2009-02-06
australia

The NSA have figured out shortcuts we can only imagine may exist.