Thursday, February 5, 2009

hittin the hash | yet again

hashes and collisions have been on the back-burner for a bit now w/ recent hullabaloo...

so the thought that keeps coming back (reminder: /me != math guy) came from my experiences w/ gentoo... either the kernel or portage (but not both ;) used .sig files which contained multiple hashes for verification of the download integrity.

so say you've got a 1/x chance of collision in md5 and a 1/y chance of collision in sha1 (assuming that x & y are both reasonably large numbers), then isn't the likelihood of getting a collision of *both* hashes on the same file exponentially larger than getting a collision on x or y individually?

so if we're really worried about the apparently real weaknesses in some md5 and the up and coming realistic weaknesses in sha1 (via that chinese-professor-ninja-woman & her math students iirc), why not just start checking multiple hashes each time we verify integrity?

no new technology needed, just parse more than 1 value before you evaluate that if/then to true, right?

Monday, February 2, 2009

the birds n the bees

i've heard that nature repeats itself at different scales. seems reasonable to me. i know that nature has a lot to teach us (and if you don't, then sry but you're not paying attention)... so let's play around w/ analysing some attack and defence in nature and see where we end up..,

source article about bee's which may or may not be getting completely pwnt

beekeepers that didn't suffer from Colony Collapse Disorder, or had only a touch of the plague, made changes too, and they are still around and in fact are doing well and growing. Those changes have been huge in terms of what they have managed to do with the number of colonies they have, and even more so in terms of the paradigm shift in colony management techniques.

wait... orgs are supposed to adapt?

the major shift has been in how beekeepers monitor for, and control varroa mites in their colonies.

monitor the health and activity of network participants? what?!?

Better techniques are being used to find and count mite populations, and safer and kinder techniques are being used to control those mites.

are you one of those managers who told a motivated employee that dedicating time to review logs doesn't matter? for shame! for shame!!

This is good because mite populations don't build up to lethal numbers, lots of mites aren't able to pass along destructive viruses, and the control agents previously used are no longer building up inside the colony.

in my experience, manual intrusions seem to involve a period of time where the intruder evaluates and probes prior to executing whatever plan they have to help themselves at your expense. looking for signs of intrusion (logs!) is vital...

Beekeepers are feeding their bees more food when food is scarce, feeding them at a more appropriate time in the season, and feeding them better food. All have contributed to better wintering, better buildup, and healthier colonies.

what? support and nurture the business?!? crazy-talk!!! (lol)

flags aren't always true

srsly, we know this....

anyway, so the official story is that (an) al-qaeda cell(s) in Algeria are dying because they caught the black death... unfortunate side-effect which occurs when attempting to kill the american devil w/ biological hazards...

forgive me, but while the whole 'omfg terrorists w/ bio-agents' story is quite striking, i kinda expected red threat levels and all of that.

but you could consider an alternate view-point... the black death is highly curable. so if you infected hostile covert operatives with it they would spread it to their allies (your enemies!) who would be faced with either death or treatment at a hospital (oh, the black death you say? i'm sure the security services aren't interested in anyone with *that* old disease).

just a random thought...