Something Random

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,747
Location
Horsens, Denmark
Not only was it more than 3 years ago, but that entire setup would fit in half a rack and cost less than $100k. The thing that makes you most susceptible to this kind of attack is having a file that you can beat on. If there is a file that you can copy into a system such as this and try as frequently as you like, it will eventually be cracked. Web services, while vulnerable to other kinds of attacks, are able to throttle authentication attempts.
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,931
Location
USA
Not only was it more than 3 years ago, but that entire setup would fit in half a rack and cost less than $100k. The thing that makes you most susceptible to this kind of attack is having a file that you can beat on. If there is a file that you can copy into a system such as this and try as frequently as you like, it will eventually be cracked. Web services, while vulnerable to other kinds of attacks, are able to throttle authentication attempts.

I agree with you that the throttling aspect makes cracking way more challenging but I see those kinds of brute-force systems more applicable to those who have acquired passwords/databases through illegal means and also for building pre-seeded tables with cracked passwords and hash collisions in advance of the actual hack.
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,747
Location
Horsens, Denmark
Rainbow tables for common passwords are not only common, but usually google-able. I'm sure I've posted this before:

[video=youtube_share;8ZtInClXe1Q]https://youtu.be/8ZtInClXe1Q[/video]
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
dd, I do all the 4 things you listed.

Chewy, many sites restrict password lengths. My bank, for instance; max pw len is 14 chars. They do force a change every 3 months. I maintain mine, wife's and mom's accounts through the 'net. Each account has a different pw, of max len allowed, composed of gobbledygook which is not in dictionaries. Only brute force will work. And I can't help that because length is restricted.

It helps that I'm from a different ethnic background and use native names, words and place names that I further garble.

Handy, I'm doing this with eyes open, and am taking a calculated risk. So far, I'm good. My bigger concern these days is ransomware. I need to back up more frequently, and image more frequently, pain as it is.
 

Howell

Storage? I am Storage!
Joined
Feb 24, 2003
Messages
4,740
Location
Chattanooga, TN
I guess you're right. Wasn't a major vulnerability discovered in one of the major password keeping programs (Lastpass ?) recently? I tried one of these for a while and found it irritating, and went back to my old method that I've been using for around 15 years. My method is proprietary (heh heh), stored with innocuous names (not "password") and stored in a folder several levels deep and the whole partition is TrueCrypted.

As you know the truecrypt container is only secure if you do not have it mounted. One easy additional way to secure your text file is to compress it and password protect it. The archive password would be your master password and you would close out when not actively using it. Personally I would use 7 zip for the job.
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,931
Location
USA
dd, I do all the 4 things you listed.

Chewy, many sites restrict password lengths. My bank, for instance; max pw len is 14 chars. They do force a change every 3 months. I maintain mine, wife's and mom's accounts through the 'net. Each account has a different pw, of max len allowed, composed of gobbledygook which is not in dictionaries. Only brute force will work. And I can't help that because length is restricted.

It helps that I'm from a different ethnic background and use native names, words and place names that I further garble.

Handy, I'm doing this with eyes open, and am taking a calculated risk. So far, I'm good. My bigger concern these days is ransomware. I need to back up more frequently, and image more frequently, pain as it is.

You may be able to help with this a bit by using the Crashplan utility for local backups only since I get the impression you don't want your info backed up in the cloud. I use it this way to backup data to another computer at regular intervals. I consider the OS install expendable and really only care about the personal data. I don't need full system snapshots for what I do but that's just personal preference.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
Am I the only one not concerned about the pass words? I'm not in charge of finances so I don't bunk online
Though.
 

time

Storage? I am Storage!
Joined
Jan 18, 2002
Messages
4,932
Location
Brisbane, Oz
And...that's dated 2012...GPUs have advanced a lot since then.

Sorry, I was thinking of encrypted files, not hashes.

I would like to emphasize that this assumes that a corporate system has been so comprehensively powned that a hacker can walk in and make off with their password hash database. The usefulness of that will depend on what services the system is providing to users that couldn't be exploited when the password database was stolen, and of course that the theft went undetected.

Looking at the Hashcat site, it seems speed improvements have not been as great as you might have expected, at least with AMD hardware. Of course, the 5.5 hours also applies to an obsolete hash, but they claim that it's only about another 30 times to crack current (NTLM2) hashes (one week). The number of passwords would have a big impact on the speed. You could achieve those speeds with 3 or 4 passwords, but a few hundred thousand will slow down the process considerably.

Still, as Ddrueding says, if someone can get hold of a file of Windows passwords with their ancient fast hash algorithm, it's only a matter of time, and 8 characters can be cracked. Nine characters would take nearly 20 months with the linked hardware, 10 would need 160 years, 11 takes 15000 years, and 12 about 1.4 million years. Such is the magic of geometric progression.
 

timwhit

Hairy Aussie
Joined
Jan 23, 2002
Messages
5,278
Location
Chicago, IL
If the password database is unsalted, then no one is brute forcing it, they are running it against a pre-existing rainbow table. You'd be amazed by how many companies that don't take this basic precaution.
 

sedrosken

Florida Man
Joined
Nov 20, 2013
Messages
1,823
Location
Eglin AFB Area
Website
sedrosken.xyz
Figured out why my internet connection sucks so bad.

Our plan is advertised as 3mbps down, 768kbps up -- pretty much standard DSL speeds, right?

Except we got maybe half of that on a good day. Looked at their brag sheet and in fine print under the big 3mbps...

"Burst speed only. Normal service is 1mbps/384kbps. Burst speeds are also best effort and not guaranteed."

Also figured out why the connection isn't nearly as stable as it should be. It's not DSL! It's some kind of wireless thing. Fine for web browsing, terrible if you want to play an online game of Halo Custom without getting a new hole ripped into you.

At least it isn't satellite. (shiver)

I hate how this is pretty much our only option next to 56K or the extremely expensive/limited/laggy satellite. That's one thing I can look forward to in going to college, a decent connection to the outside world! Maybe my tin cans and string will be replaced by copper cans and wire.
 

snowhiker

Storage Freak Apprentice
Joined
Jul 5, 2007
Messages
1,668
My brother gets 25-28 mb/s download speed from his satellite connection. Latency is of course too high for games, but for "regular" web surfing it's pretty good.
 

timwhit

Hairy Aussie
Joined
Jan 23, 2002
Messages
5,278
Location
Chicago, IL
The lesson is to live in a more urban location with built-up infrastructure. This will not save you every time, but certainly can't hurt your chances.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
The lesson is to live in a more urban location with built-up infrastructure. This will not save you every time, but certainly can't hurt your chances.

That is assuming high speed internet is more important to quality of life than other factors.
In the old days we looked at fallout patterns and all sorts of risk data.
 

timwhit

Hairy Aussie
Joined
Jan 23, 2002
Messages
5,278
Location
Chicago, IL
That is assuming high speed internet is more important to quality of life than other factors.
In the old days we looked at fallout patterns and all sorts of risk data.

Internet, distance to a central business district, restaurants, shops, transit, cultural things, etc. I'm not very concerned about fallout.
 

sedrosken

Florida Man
Joined
Nov 20, 2013
Messages
1,823
Location
Eglin AFB Area
Website
sedrosken.xyz
When we were on HughesNet the speed was fine, 12mbps at least, but the latency was horrible, something like 4000 or so. I would often ping out of loading web pages and an IRC chat was nearly impossible to stay connected to.

But the thing that peeved me off most about it was that they had the audacity to charge almost 150 bucks a month for it and then limit us to 30 GB of data for the whole house. I can use 30GB in a week without trying.

I certainly plan on living in the city myself, but I don't exactly control that factor right now. Still technically a minor for another month or so. I probably still won't have stellar internet even when I'm living on my own, I'd personally be pretty stoked to have a 20mbps ping = < 100 connection right now. Honestly my main concern is distance to and from work and a grocery store, but broadband service is certainly a close second. Like timwhit I am also not very concerned about fallout, if a bomb drops or other catastrophe happens I will probably be among the first to die no matter what with the myriad problems I have or am at risk of developing.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,303
Location
I am omnipresent
The lesson is to live in a more urban location with built-up infrastructure. This will not save you every time, but certainly can't hurt your chances.

There are also economies of scale. It's a lot easier to deliver ANY utility, transit or health service someplace where there are a lot of people, and there's also the matter of having the opportunity to live where creative, intelligent folks do. If art or live entertainment are as or more important to you than having a giant house and a bunch of land, it's something to keep in mind.

... he typed, sitting in the cultural dead zone of ("Hey, we have a beach! Surrounded on both sides by Steel Mills!") Northwest Indiana.
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
As you know the Truecrypt container is only secure if you do not have it mounted. One easy additional way to secure your text file is to compress it and password protect it. The archive password would be your master password and you would close out when not actively using it. Personally I would use 7 zip for the job.
My Truecrypt partitions are always unmounted when not in use; they are not automatically mounted on startup - would defeat the purpose, no? I manually mount when required, and unmount as soon as I don't need the stuff. Still, I don't know how the ransomware encryption works. If it encrypts the partition table etc., I'm hosed. Hence the need for backups. I'll have to think about 7zipping / password protecting the pw files since it could be a pain to key in the pw every time.

You may be able to help with this a bit by using the Crashplan utility for local backups only since I get the impression you don't want your info backed up in the cloud. I use it this way to backup data to another computer at regular intervals. I consider the OS install expendable and really only care about the personal data. I don't need full system snapshots for what I do but that's just personal preference.
You're right, I don't trust cloud backups. For long, my MO has been to have at least two physical drives. Important data lives on one in a Truecrypt partition; it is backed up to another Truecrypt partition that lives on drive #2, using Syncback. Years ago, you mentioned Syncback, and I've been using it since. From time to time, at random intervals (this needs to become a regular frequency) this stuff is also synced to two external drives, A & B, alternatively. Images are also made at irregular intervals and kept on a non-Truecrypt partition that also houses things like downloaded stuff that can be re-downloaded or recreated. This stuff is also synced to HDD #2 periodically, and synced to two additional external drives from time to time.

So far, it has worked well, except that I need to be more frequent / regular with the sync to external drives in case I lose both physical drives in the PC.
 

Howell

Storage? I am Storage!
Joined
Feb 24, 2003
Messages
4,740
Location
Chattanooga, TN
If the password database is unsalted, then no one is brute forcing it, they are running it against a pre-existing rainbow table. You'd be amazed by how many companies that don't take this basic precaution.

You can not turn on salting for the MS NTLM database. Why they have not been able to address this, I don't know.
 

sedrosken

Florida Man
Joined
Nov 20, 2013
Messages
1,823
Location
Eglin AFB Area
Website
sedrosken.xyz
Using Edge instead of Chrome will add hours of extra battery life. According to company tests, Microsoft's browser even beats Opera's battery saver mode.

Assuming this isn't MS rigging the results like with Windows 10 adoption, this might just be a compelling reason to go to Edge. Vivaldi is not very nice to my battery, using something like 30% of my CPU just sitting with YouTube open. Edge still looks more like a toy than a browser though, and I use more than just AdBlock Plus so they'll need a more robust extensions system before I'll even try it. Just because they're putting one in soon doesn't mean that it's here now or even that the extensions I use are guaranteed to be ported.
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,747
Location
Horsens, Denmark
While I'd love for the car to charge at >100A, I'm hoping they stop short of that for now; I only put 100A of power into the garage where the charger goes.
 

DrunkenBastard

Storage is cool
Joined
Jan 21, 2002
Messages
775
Location
on the floor
While I'd love for the car to charge at >100A, I'm hoping they stop short of that for now; I only put 100A of power into the garage where the charger goes.

I believe that's still the max charge available for home use (100A circuit derated to 80A and the dual charger option on the Model S).
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
What happens in some future where everyone on a resident ial block has a couple of electric cars plugged in all night? Will there be sufficient infrastructure at that level to support all that charging, A/C etc.?
 

Stereodude

Not really a
Joined
Jan 22, 2002
Messages
10,865
Location
Michigan
What happens in some future where everyone on a resident ial block has a couple of electric cars plugged in all night? Will there be sufficient infrastructure at that level to support all that charging, A/C etc.?
Well, the magical fantasy answer is that the grid will be very smart and know your schedule. So your car will charge at some point overnight and be charged in the morning, but not necessarily start charging as soon as you plug it in. If you need to use your car unexpectedly at midnight, good luck.
 

jtr1962

Storage? I am Storage!
Joined
Jan 25, 2002
Messages
4,379
Location
Flushing, New York
What happens in some future where everyone on a resident ial block has a couple of electric cars plugged in all night? Will there be sufficient infrastructure at that level to support all that charging, A/C etc.?
My guess is yes because electric companies in general have a lot of surplus capacity at night. The distribution grid itself isn't the problem. A lot of it is designed so in theory every home could be drawing 10 or 20 kW at the same time. So long as the electric company can supply it, you're good. In cases where the local grid might not be up to it, you'll either eventually upgrade or use a smart gird as SD described. In truth, most people will have a full 12 hours or more from the time the get home until they need their car again, so even a very slow charge rate will be fine. You also don't necessarily need to recharge fully, nor would most cars be fully drained every single day. It might be more like replacing 40 miles of range overnight. Maybe that would be 15 kw-hr over 12 hours. This would use no more than a large AC might.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
My guess is yes because electric companies in general have a lot of surplus capacity at night. The distribution grid itself isn't the problem. A lot of it is designed so in theory every home could be drawing 10 or 20 kW at the same time. So long as the electric company can supply it, you're good. In cases where the local grid might not be up to it, you'll either eventually upgrade or use a smart gird as SD described. In truth, most people will have a full 12 hours or more from the time the get home until they need their car again, so even a very slow charge rate will be fine. You also don't necessarily need to recharge fully, nor would most cars be fully drained every single day. It might be more like replacing 40 miles of range overnight. Maybe that would be 15 kw-hr over 12 hours. This would use no more than a large AC might.

My question was about the local cables, transformers, etc. in the neighborhoods. They don't all have much of a "grid" in the less populated areas. I suppose it will cost billions to upgrade when the time comes, but 20 years from now would not be my problem.

A lot of people come home from work maybe 6-7PM, change, and then go out to dinner, etc. and would start charging around midnight. I was reading that the new (small) Nissan will have 200 moles range, so there is some progress.

It would nice to have an SUV with big honking batteries that could go 300 miles or so. In that case I would normally only charge it on the weekends and could actually go somewhere useful, at least one way.
I still have the issue that there are not enough charging stations. They need to be in the gas stations, at hotels, etc. Maybe public parking could have different rates for parking with charging.
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,747
Location
Horsens, Denmark
Upgrading the grid strikes me as fairly inefficient. Local production and local storage are both seeing huge advances right now; using the grid just for balancing local storage seems like a far better idea.
 

Howell

Storage? I am Storage!
Joined
Feb 24, 2003
Messages
4,740
Location
Chattanooga, TN
My question was about the local cables, transformers, etc. in the neighborhoods. They don't all have much of a "grid" in the less populated areas. I suppose it will cost billions to upgrade when the time comes, but 20 years from now would not be my problem.

It is common with new residential construction to have 200A to the residence. The house I bought last July only had 100A to the residence and the first thing we did was upgrade the service. If you have 200A from the road, it is also somewhat common to tap into the main panel to install a 100A subpanel in the garage for compressors and woodworking tools.

Very large homes can have 400A service but it would be more broadly applicable if the charger were higher voltage and lower amperage. These already exist. 400A is the highest amperage available over a single set of single phase service cables from First Energy Corp. It would be interesting to know what service a house with 17 TVs needs.

The chargers draw less amperage when the batteries get close to 100%. A car that has not drained the batteries as much will not need to charge as long. We should be able to tell the charger how long it has to complete its work. Working late one night or having to run back out to the store or for an emergency would affect the time available to charge.

In the end the people who write the electric codes will write something and everyone will design to that. We won't have much say in it.
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,747
Location
Horsens, Denmark
I'll try to get some numbers, but it will be tricky as the house has its own PG&E Vault on the grounds that splits to multiple main panels that then split to multiple sub panels.
 

sedrosken

Florida Man
Joined
Nov 20, 2013
Messages
1,823
Location
Eglin AFB Area
Website
sedrosken.xyz
Orientation started this morning. Most of it is rather boring, speeches and what is probably the usual information. Lunch is easily the highlight of my day so far. An interesting opportunity has been laid before me though, if I work graveyard shift for UPS in their Metropolitan College program, they will cover tuition and part of my books as well as some other perks, and on top of that I'll be paid a fair bit more than minimum wage. I'm already up during that time anyway, I'm going to go for it if my class schedule can reconcile with it. I'll have to take afternoon and evening classes but that doesn't bother me.
 

timwhit

Hairy Aussie
Joined
Jan 23, 2002
Messages
5,278
Location
Chicago, IL
Orientation started this morning. Most of it is rather boring, speeches and what is probably the usual information. Lunch is easily the highlight of my day so far. An interesting opportunity has been laid before me though, if I work graveyard shift for UPS in their Metropolitan College program, they will cover tuition and part of my books as well as some other perks, and on top of that I'll be paid a fair bit more than minimum wage. I'm already up during that time anyway, I'm going to go for it if my class schedule can reconcile with it. I'll have to take afternoon and evening classes but that doesn't bother me.

I've heard good things about this program. I think you can get other benefits as well (e.g. healthcare).
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
Forgotten audio formats: Elcaset

Didn't even know this existed. I still have tons of cassette tapes, about half pre-recorded that can be thrown away, and half live recordings I've made, that need to be converted. And I have one somewhat high-end tape deck, a Yamaha KX-800U with dbx, Dolby B-C NR & HX Pro, purchased in 1987. Don't know if it still works - concerned about belts, pulleys, capstans and such rubber things.
 
Top