Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

'Cryptopalypse' Now: Looming Security Crisis Could Cripple Internet
LiveScience.com ^ | 21 August, 2013 | Paul Wagenseil

Posted on 08/21/2013 8:50:45 PM PDT by Errant

The Internet, and many forms of online commerce and communication that depend on it, may be on the brink of a "cryptopalypse" resulting from the collapse of decades-old methods of shared encryption.

The result would be "almost total failure of trust in the Internet," said four researchers who gave a presentation at the Black Hat security conference in Las Vegas earlier this month.

"We need to move to stronger cryptosystems that leverage more-difficult mathematical problems," the presenters said.

(Excerpt) Read more at livescience.com ...


TOPICS: Business/Economy; Culture/Society; News/Current Events; Technical
KEYWORDS: crypto; encryption; it; programming; security
Navigation: use the links below to view more comments.
first 1-5051-90 next last
You IT gurus better get cracking!
1 posted on 08/21/2013 8:50:45 PM PDT by Errant
[ Post Reply | Private Reply | View Replies]

To: Errant

Remember when most websites were gray with very few pictures?

It was almost like using BBS’s sometimes


2 posted on 08/21/2013 8:52:16 PM PDT by GeronL
[ Post Reply | Private Reply | To 1 | View Replies]

To: GeronL

Yep! Since you mentioned BBS’s, expect they may be making a comeback! lol


3 posted on 08/21/2013 9:01:41 PM PDT by Errant
[ Post Reply | Private Reply | To 2 | View Replies]

To: Errant
Google informed me in the middle of the night that another party was in possession of my Gmail, etc., username and password. This was in the form of an automated app in another state (Pennsylvania) that was attempting to login to my account (and would have, except Google intercepted it). Between 1 and 2 AM I changed all of my passwords.

It is unclear how this situation came to be. The usual obvious explanations (unencrypted hotspots and the like) don't apply, and the password should be hashed at the other end. Linux on this end, properly maintained, and no indication of anything amiss. There is nothing particularly of interest in my boring gmail, so it is puzzling that anyone would go to the trouble of computing a hash match.

4 posted on 08/21/2013 9:04:47 PM PDT by steve86 (Some things aren't really true but you wouldn't be half surprised if they were.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Errant; GeronL
Yep! Since you mentioned BBS’s, expect they may be making a comeback! lol

Mention BBS today and most people would say, "Huh, Whut?"

5 posted on 08/21/2013 9:08:36 PM PDT by The Cajun (Sarah Palin, Mark Levin, Ted Cruz......Nuff said.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: The Cajun

LOL, for sure... I used to play around with them some, way back when.


6 posted on 08/21/2013 9:12:42 PM PDT by Errant
[ Post Reply | Private Reply | To 5 | View Replies]

To: Errant

A BBS could be more secure. It would be interesting for a local group to try that idea out.


7 posted on 08/21/2013 9:13:25 PM PDT by GeronL
[ Post Reply | Private Reply | To 3 | View Replies]

To: steve86
Had an old yahoo account taken over by spammers once, along with a bunch of others who had old accounts that Yahoo kept the files of on an easily broken into server.

Someone may have gotten your info from another less secure site and just seeing if you had a gmail account using the same username/password?

8 posted on 08/21/2013 9:15:12 PM PDT by Errant
[ Post Reply | Private Reply | To 4 | View Replies]

To: GeronL

Would be good for backup, incase TPTB shut down the net. Could also use ham equipment to access it?


9 posted on 08/21/2013 9:17:28 PM PDT by Errant
[ Post Reply | Private Reply | To 7 | View Replies]

To: GeronL

10 posted on 08/21/2013 9:21:01 PM PDT by Errant
[ Post Reply | Private Reply | To 7 | View Replies]

To: Errant

That’s the puzzling thing — did not use the same password on any but what should be the most secure sites (like banks — that’s what scared me). Have different passwords now.


11 posted on 08/21/2013 9:21:40 PM PDT by steve86 (Some things aren't really true but you wouldn't be half surprised if they were.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: steve86

No trouble. Rainbow tables. Precomputed values that match the md5 hash of your passwd. Stored “in the cloud”.


12 posted on 08/21/2013 9:26:03 PM PDT by Myrddin
[ Post Reply | Private Reply | To 4 | View Replies]

To: steve86
Have different passwords now.

That's a pain in the butt to do. I pretty much have different ones except for a few secure sites. I don't use gmail or yahoo anymore. I have my own email accounts through my old business domains - nothing encrypted though.

I was playing around with tormail in anticipation of what's coming with all the spying going on, but that got shut down.

Startpage is suppose to begin a secured, paid email service called Startmail in 2014.

13 posted on 08/21/2013 9:27:24 PM PDT by Errant
[ Post Reply | Private Reply | To 11 | View Replies]

To: steve86

hacking is a scattered approach, they have likely programmed a computer to hack hundreds or thousands of emails at a time


14 posted on 08/21/2013 9:28:48 PM PDT by GeronL
[ Post Reply | Private Reply | To 4 | View Replies]

To: Errant

I was tinkering with the idea of using shortwave radio to broadcast “news” and data to computers. I doubt shortwave is clear enough for that but it could be something to experiment with.


15 posted on 08/21/2013 9:31:21 PM PDT by GeronL
[ Post Reply | Private Reply | To 9 | View Replies]

To: The Cajun

Very true. I was just getting into computers when the BBS thing was dying out. I remember a free magazine about computers here locally that had lists of BBS’ we could access.


16 posted on 08/21/2013 9:32:46 PM PDT by GeronL
[ Post Reply | Private Reply | To 5 | View Replies]

To: GeronL

I have some ideas using encrypted P2P networking along those lines. Different wavelength though. ;)


17 posted on 08/21/2013 9:35:18 PM PDT by Errant
[ Post Reply | Private Reply | To 15 | View Replies]

To: Errant

Yep, I picked up a U.S. Robotics 56K USB (no serial ports on PC’s these days) modem on sale just in case we are forced to return to BBS days! Next step HAM equipment.


18 posted on 08/21/2013 9:36:27 PM PDT by Drago
[ Post Reply | Private Reply | To 3 | View Replies]

To: The Cajun; GeronL

Betcha somewhere there be a BBS running. Might have to dig out one of my old modems and search the net. lol


19 posted on 08/21/2013 9:37:07 PM PDT by Errant
[ Post Reply | Private Reply | To 16 | View Replies]

To: Errant

Radio Free America could be sending out hourly or daily data packets with the news that the government wants suppressed. Imagine getting a daily PDF “newspaper” via shortwave reception.

Do you think this kind of thing might be able to work?


20 posted on 08/21/2013 9:37:54 PM PDT by GeronL
[ Post Reply | Private Reply | To 17 | View Replies]

To: Errant

we should try that

I remember I only did local calls back in the day, that was before affordable long distance plans.


21 posted on 08/21/2013 9:38:59 PM PDT by GeronL
[ Post Reply | Private Reply | To 19 | View Replies]

To: Drago

This Dell laptop I’m working off of now is the first computer I’ve bought without a modem. Just always insisted on having one as a basic configuration in the past. Now that you mentioned it, lol, those old modems did connect via serial.


22 posted on 08/21/2013 9:40:21 PM PDT by Errant
[ Post Reply | Private Reply | To 18 | View Replies]

To: Errant

OK... not an easy search on Google these days

http://www.bulletinboards.com/v1.cfm?comcode=PAX

lolz


23 posted on 08/21/2013 9:43:27 PM PDT by GeronL
[ Post Reply | Private Reply | To 13 | View Replies]

To: Myrddin

Yeah, I was reading about them but why me? All my controversial stuff is in plain text on fr! lol Also, the rainbow tables give a hash match but it is many:one on passwords to hashes, right?

No indication of any more attempted breaches since last night.

Seems likely my account was one of many attacked.


24 posted on 08/21/2013 9:44:05 PM PDT by steve86 (Some things aren't really true but you wouldn't be half surprised if they were.)
[ Post Reply | Private Reply | To 12 | View Replies]

To: GeronL

It would work. There are a number of ways to do it. Connect, exchange data and disconnect. May even be some open source software available already.


25 posted on 08/21/2013 9:44:23 PM PDT by Errant
[ Post Reply | Private Reply | To 20 | View Replies]

To: Errant

Wait, this phone plug on my laptop that connects to the FiOS (or could if I wasn’t using wifi) isn’t a modem?

...


26 posted on 08/21/2013 9:45:32 PM PDT by GeronL
[ Post Reply | Private Reply | To 22 | View Replies]

To: Errant

Whoever received the daily packets via shortwave could upload it to local BBS’ for those who don’t have the shortwave receiver on their computers.

That could be interesting. They could even post some audio broadcasts I guess.


27 posted on 08/21/2013 9:47:40 PM PDT by GeronL
[ Post Reply | Private Reply | To 25 | View Replies]

To: GeronL
http://www.telnetbbsguide.com/ :)
28 posted on 08/21/2013 9:48:42 PM PDT by Errant
[ Post Reply | Private Reply | To 23 | View Replies]

To: Errant

If there is an open source way to pick up data packets from shortwave someone should use Linux From Scratch and build a special Underground Linux OS in preparation. Burn your iso files in advance.


29 posted on 08/21/2013 9:49:37 PM PDT by GeronL
[ Post Reply | Private Reply | To 25 | View Replies]

To: GeronL

If it’s a phone plug, it should be able to be a modem and able to be used to connect to a dial-in BBS with the right software.


30 posted on 08/21/2013 9:51:29 PM PDT by Errant
[ Post Reply | Private Reply | To 26 | View Replies]

To: Errant

Camas Washington has a BBS with 48 nodes! “DragonLance” must be a local gaming server.


31 posted on 08/21/2013 9:52:31 PM PDT by GeronL
[ Post Reply | Private Reply | To 30 | View Replies]

To: Errant

I wonder if this would work, I don’t think my Linux PC has the right software.


32 posted on 08/21/2013 9:53:22 PM PDT by GeronL
[ Post Reply | Private Reply | To 30 | View Replies]

To: GeronL

I’m no Ham expert, but there are number of folks here you are. I do know it’s possible to send data over ham frequencies. Your idea to have this connected to a dial in BBS is a good one.


33 posted on 08/21/2013 9:54:12 PM PDT by Errant
[ Post Reply | Private Reply | To 29 | View Replies]

To: Errant

OK. I checked the Ubuntu repository and there does appear to be some utilities to dial out.


34 posted on 08/21/2013 9:54:43 PM PDT by GeronL
[ Post Reply | Private Reply | To 30 | View Replies]

To: GeronL

I’m sure there are a number of open source apps that would do it for you.


35 posted on 08/21/2013 9:55:43 PM PDT by Errant
[ Post Reply | Private Reply | To 32 | View Replies]

To: Errant

Yep. There is a free program called FLARQ that lets us share data over a ham connection. ha.


36 posted on 08/21/2013 9:55:50 PM PDT by GeronL
[ Post Reply | Private Reply | To 33 | View Replies]

To: Errant

FLARQ is also FLDIGI

one review :

de WN1Z 21nov11: Running Ubuntu 11.04, FLDIGI is the only app that does psk-31 (etc.) that i can get to run properly with my limited knowledge of configuring my Ubuntu machine. All the other similar apps (twpsk, linpsk, gMFSK, and a couple others) either would not run, or could not find /dev/dsp or some other problem. FLDIGI’s configuration dialog, when i checked “PortAudio,” identified “HDA Intel: ALC272 Analog.” I won’t have a chance to hook it up to my radio for a couple weeks, but testing with a mic and headphones says it works. Thank you author(s)!


37 posted on 08/21/2013 9:57:31 PM PDT by GeronL
[ Post Reply | Private Reply | To 35 | View Replies]

To: steve86

To make it harder for the bad guys in the future, try using Google’s two-factor authentication. After anyone logs in successfully with your username and password, Google sends a code to you by phone, text, or email. You can proceed only if you enter that code.

With two-factor authentication, it’s much harder for the bad guys to take over your account.


38 posted on 08/21/2013 9:59:16 PM PDT by Vision Thing
[ Post Reply | Private Reply | To 4 | View Replies]

To: The Cajun
While I got you on the line, I wanted to link you to a video of the sinkhole. It's acting up again: http://www.youtube.com/watch?v=M9_JWuSxqmU
39 posted on 08/21/2013 9:59:42 PM PDT by Errant
[ Post Reply | Private Reply | To 5 | View Replies]

To: Errant

So, yes the technology and software does exist to make my idea work. So, now... how do we talk one of those big shortwave radio stations into trying this on a large scale (two big ones out of TN one is Christian and the other is a conspiracy/Alex Jones type operation)

I would love to see FReepers all over America who have HAM equipment see if they can download a PDF file from a packet being broadcasted. Then upload the packets to a local BBS where those without the HAM equipment can retrieve it.

The idea is only valuable if we organize a way to use it when it becomes necessary. We could organize this as a test of the Free Republic Emergency Communication System (FRecs for short). It would also be interesting to see if we can get a message from Jim Robison to be spread from Fresno to BBS sites across the country without by HAM using the internet or the big SW radio guys.

We should be prepared in case of the worst.


40 posted on 08/21/2013 10:03:59 PM PDT by GeronL
[ Post Reply | Private Reply | To 35 | View Replies]

To: GeronL; Jim Robinson

Bless you if you can figure how to incorporate access to FR. Bet Jim has some old BBS code on floppy discs somewhere! lol


41 posted on 08/21/2013 10:04:54 PM PDT by Errant
[ Post Reply | Private Reply | To 37 | View Replies]

To: GeronL

argh

without using the internet I meant


42 posted on 08/21/2013 10:05:09 PM PDT by GeronL
[ Post Reply | Private Reply | To 40 | View Replies]

To: Errant; Kartographer

Local BBS services and local FReepers with HAM equipment to upload data packets for those without the equipment to be able to access.

As an emergency back-up if/when the internet goes down or the “kill switch” from the tyrants in DC goes down. This is obviously not a total SHTF scenario but it is a variant of it.


43 posted on 08/21/2013 10:07:25 PM PDT by GeronL
[ Post Reply | Private Reply | To 41 | View Replies]

To: GeronL

Need a way to sync the data. Some type of P2P networking with distributed data capabilities later - initially, maybe just mirror everything. Wouldn’t require much storage space.


44 posted on 08/21/2013 10:09:31 PM PDT by Errant
[ Post Reply | Private Reply | To 40 | View Replies]

To: Errant

lol. It’s just an idea I had floating around in my head, all of the technology actually exists if we want to use it.


45 posted on 08/21/2013 10:09:44 PM PDT by GeronL
[ Post Reply | Private Reply | To 41 | View Replies]

To: Errant

He who beats Diffie-Hellman beats the world! (Well, except for cheaters who use man-in-the-middle attacks)


46 posted on 08/21/2013 10:17:59 PM PDT by The Duke
[ Post Reply | Private Reply | To 1 | View Replies]

To: GeronL

Keep thinking about it. Your idea certainly has possibilities! It would be nice to have something up and running ahead of a SHTF emergency. Maybe even broadcast the latest news of the day over any number of stations who do so over shortwave. TruNews.com is one that comes to mind, and Rick Wiles (the owner) was just donated a 50K transmitter on some island in the Caribbean.


47 posted on 08/21/2013 10:18:19 PM PDT by Errant
[ Post Reply | Private Reply | To 45 | View Replies]

To: Errant

Oops, make that a 50,000 Watt transmitter.


48 posted on 08/21/2013 10:20:03 PM PDT by Errant
[ Post Reply | Private Reply | To 47 | View Replies]

To: Errant; Kartographer

Who does a FReeper HAM ping list??

Is there one??

...

The FReeper HAMs in each local market could also send packets back and forth at set times so that we can know what each other are saying. Not just a one way communication that way, and those without HAM could be assured that some things they posted on the local BBS would be available (eventually) to FReepers in other markets.

Might even have to hop data packets from one market to the next. lol
.....

All the technology exists I think, how to make it as secure as possible and implement a P2P system is a bit advanced. I think a mirror of each local system would be a good idea too.

There are websites that sell old laptops (the kind with modems and 40GB hdd’s) for a hundred bucks or so. Wipe the HDD, install a Linux.. our version of “Underground” Linux I suppose.
....

Of course every FReeper prepper should be involved in this, even if they are just using the old software (a live disc) to access the BBS that gets set up. There could be one day every few months where we pull out our livedisc/bootdrive or old laptop in the closet and access the local BBS to see what the local FReeper HAM has put up.

Then they can login to FR and say if they got it or not.

For most participants it will just be the ability to call into the BBS. It would likely cost nothing but a blank CD for many of those.

How many FReepers are using HAM radios?
....

I think this would be a great Free Republic project!


49 posted on 08/21/2013 10:20:29 PM PDT by GeronL
[ Post Reply | Private Reply | To 44 | View Replies]

To: steve86
The hash stored for your password isn't aware of the size of the input that generated it. The rainbow table simply provides an input that the md5 will transform to the given has value. It's a matter to trading space (storage of values) for compute time. The md5 hash is a one-way, so you have to cook up tables of values that will produce the desired result.
50 posted on 08/21/2013 10:21:44 PM PDT by Myrddin
[ Post Reply | Private Reply | To 24 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-90 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson