Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Submission + - Google has demonstrated a successful practical attack against SHA-1 (

Artem Tashkinov writes: Ten years after of SHA-1 was first introduced, Google has announced the first practical technique for generating an SHA-1 collision. It required two years of research between the CWI Institute in Amsterdam and Google. As a proof of the attack, Google has released two PDF files that have identical SHA-1 hashes but different content. The amount of computations required to carry out the attack is staggering: nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total which took 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase.

Google says that people should migrate to newer hashing algorithms like SHA-256 and SHA-3, however it's worth noting that there are currently no ways of finding a collision for both MD5 and SHA-1 hashes simultaneously which means that we still can use old proven hardware accelerated hash functions to be on the safe side.

Comment Re:wars destroy wealth (Score 1) 470

taxation is your payment for services rendered by your government. Army, police force, road maintenance, infrastructure. Your taxes pay for all that shit. And if you really want to bitch about welfare, you can consider that the "service" of keeping beggars off the streets and out of your sight/way.

And before you start saying its not a true transaction because you didn't choose what to "buy" well sorry but you did -- via your elected representatives. You can argue that the price is too high or whatever, or that your representatives are choosing to "buy" the wrong services or whatever, but calling it theft is rather disingenuous at best.

I agree with the rest of your post, but this bit is ridiculous. You're essentially saying it's impossible for (democratic) governments to commit theft, because everything a government does is morally validated by the fact that it was democratically elected. Sorry, but just because a lot of people agree with something, doesn't mean it's a moral action. Historical examples abound.

Comment Re:Rose tinted glasses (Score 1) 470

Marx's original conception of communism wasn't a system of government, so much as it was a state of being.

He considered socialism as a necessary evil - you had government imposing the principle of "from each according to his ability, to each according to his needs", because people wouldn't do it themselves, but the idea was that as people were exposed to this, saw its benefits and became enlightened, they would start acting this way voluntarily. When the population in general had reached this state, the socialist government would become unnecessary and wither away, and the population would be living, ungoverned, as "communist man", the apex of Marx's conception of social evolution.

Unfortunately, this breaks down, because the great benefits of socialism turn out to be mass starvation and poverty, which the people understandably get miffed about and don't embrace, which leads to their government shooting them in job lots. It's also why a lot of Marxists complain that communism has never really been implemented yet, and use that as a defence against the butchery their philosophy leads to.

Comment Re:Awesome! (Score 1) 35

I would imagine that if you are in an area where you are using a WISP today, it's probably lacks the population density for the carriers to bother deploying 5G there. The only exception would likely be if you are in an area served by copper phone lines that the carrier (if it's the home ILEC) wants to rip up and get rid of.

Comment Re:Awesome! (Score 2) 35

Whatever 5G ends up being, it won't look like a traditional cellular service. The spectrum that it uses (in the 30 GHz range) is subject to serious atmospheric signal attenuation (especially compared to the 700 MHz bands typically used for LTE) and it won't reliably penetrate walls of any thickness. So it will be largely useless for cellular phones.

Instead, imagine it as just another last mile technology for fixed wireless. You'll have a 5G receiver hung on the exterior of your house, and you will now have an alternative to [CABLE COMPANY] or [PHONE COMPANY] for your home broadband service. One of the upsides to using such high spectrum bands is that you can jam a lot more data into the frequency, so it's likely to be priced (and have caps) that look more like a cable/fiber connection rather than a cellular plan. So, not a bad thing... but not going to change the way you use your cellphone, either.

Comment Re:infrastructure (Score 1) 57

I'm sure it will make sense to plenty of non-google engineers.

Unless those non-Google engineers have already heard of ftp, scp, rsync, etc.

The only real problem with sharing on home connections involves NAT, ISP ToS, etc: being findable and connectable. Rent a VPS and install OpenVPN on it, have your home fileserver connect to it, and it's solved.

Comment Re:Can Uber really make money at this? (Score 1) 116

Does it really make sense economically for Uber to get 100% of the cost of a ride this way but having to spend money to buy main, maintain and insure cars?

If you hypothesize that robot drivers can really do the job sufficiently well, the conclusion is an extremely strong and obvious yes. Taxis, limo services, etc are already viable business models even when you have all those same expenses plus a driver to pay. Remove the driver expense and it only gets more viable.

Or is this another sign of a company that doesn't know what it is doing, perhaps most recently suggested by the recent charges of sexism and sexual harassment?

It's possible they don't know what they're doing, but this certainly isn't a sign. It all comes down to whether or not you think robots perform as well as humans, and this story merely works from the conclusion that they can; it doesn't show any strengths or weaknesses of the premise itself.

Comment Parts (Score 2) 274

In terms of "melted down for parts" they probably aren't worth much, but how about the actual capacitors etc when removed and re-used. Old CRT's had some badass (and deadly) capacitors. I've been tempted to see about harvesting them for other purposes, except the badass part means that even years after the last use they can zap you but good.

Comment Re:These two may have been least at risk (Score 1) 54

There are plenty of people I know who would fall for this, because they simply don't know. They were issued a laptop for work and were told it was secured through a VPN, but don't understand how networks or routing actually works. They think they're secure only because an expert told them that VPNs are secure.

And not all VPNs are secure. Corporate VPN solutions are increasingly looking to split tunnelling to cut costs: internal corporate IP addresses are correctly routed to the VPN tunnel interface, so things like internal email and corporate web sites are all secured, but the external IP addresses (Google, Microsoft, Slashdot, etc.,) are left to route through the local gateway, reducing bandwidth through the corporate network. So if your wireless adapter connects to a WiFi Pineapple using one of those corporate laptops (thinking it's connecting to a conference AP or something), the rogue AP will faithfully route the still-secure VPN traffic to the proper corporate headquarters servers, but it will just as happily MiTM the rest of the regular unsecured traffic, scanning for credentials, cookies, API keys, or whatever other external sites the computer may happen to access. They could expose personal email account credentials, various web apps, DNS requests, discovery packets, or other loud network traffic. And this allows scenarios where the browser gets cache poisoned while browsing the unsecured web, then used to connect to an internal corporate web site where the malicious cached javascript echoes all the booty back to the attacker.

Of course, you expect the tech folks at the RSA conference would know how it all works, but a significant fraction of the attendees are not tech employees. There are no doubt many finance people; executives with expense accounts and instructions to "come back with a security contract"; salespeople; politicians; and the press in attendance.

I just hope the guys with the rogue access points are no worse than gray hats who are posting them on a Wall of Sheep somewhere at the conference, and not actually hacking the attendees.

Comment I Looked at System76 (Score 4, Interesting) 126

...when I sent my daughter off to college last Fall. Figured it might be nice for her to have someone beside Dear Ol' Dad to call if she had some complicated Linux problems (she can handle the simple and medium problems). Then I saw how much they were charging! Could not justify the expense, even with whatever phonecall time it might save me. Bought a Lenovo and had her roll her own OS into it. She, and my wallet, are both way better for it...

Comment Don't Worry (Score 3, Funny) 202

Even the high end stuff at Nordstroms today isn't made to the same spec as stuff was back then.

Don't worry, Nordstroms just got rid of a line of low-quality imported goods they used to sell with some blonde bimbo's name on it, so the quality is definitely improving.

Slashdot Top Deals

Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space.