Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment What's the point of this? SHA-3 is next year. (Score 1) 60

This is absolutely silly. I can't see why anyone, let alone NIST, would want this. They should know better:

- SHA-512 is only faster than SHA-256 in pure x86-64 versus x86; add SSE to the mix and start doing four SHA-256 blocks in parallel, and SHA-512 is about the same speed, or slower!
- SHA-256 is not particularly slow, overall: 150MB/s is quite possible with it. Half the speed of SHA-1, yes, but still not bad. That is gigabit on one core, and more than the sustained read speed of a hard disk (although not an SSD).
- Of the five SHA-3 finalists, really only JH is slower than SHA-256 in x86, or SHA-512 in x86-64, maybe that's a bad implementation; most of the other candidates run around twice as fast as SHA-512 at its fastest (i.e. not too far off SHA-1 speed, and some of them can be parallelised so can run much faster), especially in 64-bit. They can probably be made to run faster.
- The SHA-3 winner (Advanced Hash Standard?) will be announced next year - and will at that time already have faster, more secure drop-in replacements for SHA-224, SHA-256, SHA-384, and SHA-512 (and anyone using SHA-1 or, God forbid, MD5 will need a stern talking-to).

Why, then, would we want a kludge for more speed - in such a limited scenario - when an established, relatively well-analysed hash exists right now and can go at the same speed, and in a year or so, it will then be near-instantly obsoleted by a faster, better-designed hash function?

Comment Re:This exploit is beautiful (Score 4, Insightful) 226

(clarification) At least, that's my speculation. (Darn it, mixing up preview and submit.)

You'll note no significant movement was ever made on a working modchip. PS3 remained pretty much hack-free... until Sony disabled OtherOS.

geohot's glitch - for it was a glitch attack, requiring hardware intervention, and a fair pile of luck for things not to crash - was specifically targeted at the OtherOS hypervisor, only worked in OtherOS, and was simply trying to get more hardware access, but it would never have gotten you complete access (for a start, by the time you're in OtherOS, the SPU in security mode is latched off the bus, I understand, although I never got the opportunity to check personally).

Sony (characteristically, some might say) totally overreacted in the worst possible way - geohot's glitch was really not a useful exploit! - but by taking everyone's toys away, and specifically by causing a problem to a lot of security researchers who used PS3 clusters for all kinds of research (including cryptographic research, for example the MD5/SHA-1 collisions) and who could now only get replacements from eBay praying they're not updated... they made a lot of people suddenly very interested and determined to crack it, and maybe those with clusters would be equally interested in something like this, perhaps even willing to fund research? *shrug* Merely idle speculation...

So, yeah. A fairly tight architecture it is, but start annoying security researchers with the resources to decap or fab chips, let alone dump firmware and look for bugs, and you've got to expect some kind of robust response - although where it really came from originally, we may never know, and what else they have in store for the future, it's hard to tell.

It's a cute little heap overflow in the USB controller; a nice little puppy-pile of (it appears, uncleanly nested) USB hellos and goodbyes to fill the heap, and a shellcode dump for the last one. Fixable in a firmware update, yes - and PSN-bannable (even brickable, if Sony are that hardcore) if used as is, as PS3s log what applications/games you run and send that info to Sony as part of DNAS authentication (at least, they do in unmodified DNAS; it's no longer foolproof) - but this is the tip of the iceberg I'm sure - when Sony fix this, I don't doubt another bug will be found in short order, maybe a software-only one (the PS3 parses enough formats that there's basically got to be something). The arms race has officially begun.

It's correctly named, too; this is really a 'jailbreak' in exactly the same sense as used on the iPhone for example, not some modchip to let people play copied games or anything (in fact, I don't believe it can... yet).


Happy Towel Day 122

An anonymous reader writes "While Douglas Adams continues his attempt to set a new record for the longest extended lunch break, geeks all over the universe pay tribute to the beloved author by celebrating the tenth edition of Towel Day. Towel Day is more alive than ever. This year Richard Dawkins, one of Adams' best friends, has tweeted a Towel Day reminder to his numerous followers. The CERN Bulletin has published an article on Towel Day. There has been TV coverage and there will be a radio interview. The Military Republic of the Deltan Imperium, a newly formed micronation, has recognized Towel Day as an official holiday. In Hungary several hundreds of hitchhiker fans want to have a picnic together in a park. And there's a concert, a free downloadable nerdrap album, a free game being released, the list goes on and on."

Comment Captain Blood called (Score 3, Informative) 195

Captain Blood called, and he wants his UPCOM back. This is an utterly terrible idea, however, as you can type way, way faster on, say, an iPhone than you could ever select symbols from a list. I mean, a bunch of custom smilies is what this is, and a bunch of them are commercial. This is highly likely not to take off. (Also, where’s the Android app?)

Slashdot Top Deals

Receiving a million dollars tax free will make you feel better than being flat broke and having a stomach ache. -- Dolph Sharp, "I'm O.K., You're Not So Hot"