## Comment So? (Score 1) 91

Will this be news everytime a new device is targeted?

Will this be news everytime a new device is targeted?

ah, i was stupid - time delay obviously makes no sense in offline cracking

You are right of course, but if you would just store extremely long salts for that reason, it would make more sense to include a time delay between computations. Are such long salts used in practice?

It just protects from precomputation of the hash values of the passwords. If there were no salts then the hash value of a given password would look the same in every database (if the same hash function was used). So if you would precompute a rainbow table, where you store the password next to the hash value of the password, you could attack every database easily in the same way by just comparing the hash values and using the password stored next to it in the rainbow table.

Now, with salting we get a unique hash value even if the password stays the same, rendering precomputation useless. The salt, however, is stored in plaintext next to the hash value: (hash, salt).

This does obviously not keep an attacker from computing the hash value = hash(password + salt) - it just helps against rainbow tables.

If you would still want to precompute a rainbow table the amount of memory needed would make it impractical. With n bit salts you would have to store 2^n entries for each password.

Now, with salting we get a unique hash value even if the password stays the same, rendering precomputation useless. The salt, however, is stored in plaintext next to the hash value: (hash, salt).

This does obviously not keep an attacker from computing the hash value = hash(password + salt) - it just helps against rainbow tables.

If you would still want to precompute a rainbow table the amount of memory needed would make it impractical. With n bit salts you would have to store 2^n entries for each password.

You are misunderstanding it. Salting only protects from precomputed tables containing (password, hash) entries (rainbow tables) when using a unique salt. I didn't read TFA, but I assume this is a simple brute-force attack. The attacker would just add the salt to each guess, which does not make it any more difficult.

The 5 remaining SHA-3 candidates, however, are new designs. The current SHA algorithms (up to SHA-512) are based on MD4 and have some operations added to incorporate the higher number of message blocks into the hash.

MD4, and MD5 have been badly broken years ago. Some collisions were even calculated by hand. SHA-1 was under heavy attack before the SHA-3 competition started, but there have not been any collisions found yet. Bart Preneel has a great slide as an overview of the state of hash functions based on MD4: http://homes.esat.kuleuven.be/~preneel/preneel_hash_icics10v1.pdf (slide 46)

MD4, and MD5 have been badly broken years ago. Some collisions were even calculated by hand. SHA-1 was under heavy attack before the SHA-3 competition started, but there have not been any collisions found yet. Bart Preneel has a great slide as an overview of the state of hash functions based on MD4: http://homes.esat.kuleuven.be/~preneel/preneel_hash_icics10v1.pdf (slide 46)

Yes, but it could also be the combined layout. It is unlikely because Nordschleife is driven usually, but you can't be sure because of that.

I guess the article refers to the Nordschleife layout? 9 minutes would be awful around the GP layout, but it would be great around the combined layout ... (Nürburgring)

As the article is only shiny pictures and almost no information it is hard to tell.

As the article is only shiny pictures and almost no information it is hard to tell.

silly_sysiphus writes: *Sony has finally acknowledged after 6 days of questions that indeed, PSN user data may be compromised.*

Hugh Pickens writes writes: *"CNN reports that television networks in several European countries are reportedly reviewing episodes of "The Simpsons" for any "unsuitable" references to nuclear disaster with an Austrian network apparently pulling two episodes, 1992's "Marge Gets a Job" and 2005's "On a Clear Day I Can't See My Sister," which include jokes about radiation poisoning and nuclear meltdowns. Al Jean, the executive producer of the animated Fox comedy featuring inept family man/nuclear power plant worker Homer Simpson says that he can appreciate the concern. "We have 480 episodes, and if there are a few that they don't want to air for awhile in light of the terrible thing going on, I completely understand that," says Jean, citing the previous example of the 1997 episode "Homer Versus the City of New York" that was pulled after 9/11 because it included key scenes at the World Trade Center. "We would never make light of what's happening in Japan.""*

Velcroman1 writes: *s this the future of manned missions into deep space?*

Lockheed Martin on Tuesday unveiled the first Orion spacecraft, a part of what NASA had planned as the sprawlingly ambitious Constellation project that would offer a replacement for the space shuttle — and a means to ferry humans into outer space and back to the moon.

Orion and the companion Ares heavy-lift rocket were part of Constellation, a program cancelled under President Barack Obama's 2011 budget proposal. Instead Obama urged NASA to work toward sending humans to an asteroid and then on to Mars. Reports indicated NASA intended Orion to be merely a crew-escape vehicle. NASA and Lockheed Martin had other plans. They pushed ahead on the Orion space capsule despite their ambiguous status. Tuesday Lockheed Martin showed off the fruits of its labor — and it's far more ambitious than a crew-rescue ship.

Lockheed Martin on Tuesday unveiled the first Orion spacecraft, a part of what NASA had planned as the sprawlingly ambitious Constellation project that would offer a replacement for the space shuttle — and a means to ferry humans into outer space and back to the moon.

Orion and the companion Ares heavy-lift rocket were part of Constellation, a program cancelled under President Barack Obama's 2011 budget proposal. Instead Obama urged NASA to work toward sending humans to an asteroid and then on to Mars. Reports indicated NASA intended Orion to be merely a crew-escape vehicle. NASA and Lockheed Martin had other plans. They pushed ahead on the Orion space capsule despite their ambiguous status. Tuesday Lockheed Martin showed off the fruits of its labor — and it's far more ambitious than a crew-rescue ship.

Shining Celebi writes: *Mozilla has finally released Firefox 4, a couple months behind schedule. It features hardware accelerated graphics, UI performance improvements, a massive boost in Javascript performance, reduced memory usage, WebGL, a new HTML5 parser, App Tabs, tab grouping via the Panorama feature, bookmark and history syncing, and much more. Many users will also be happy to know the status bar has been more-or-less restored after Mozilla removed it in early betas. Firefox 4 scores over 3 times faster on Sunspider, V8, and Kraken.*

cultiv8 writes: *"Under the system, state and local police officers also will eventually use hand-held devices to scan suspects' fingerprints and send the images electronically to the FBI center. "It's a quick scan to let police officers know if they should let the person go, or take him into custody," Morris said. In later stages, NGI system also will be expanded to include the analysis of palm prints, handwriting, faces, human irises and voices."*

And don't forget your towel.

I never leave my house without my towel and the "Hitchhiker's Guide to the Galaxy".

asgard4 writes: *Statistics*

Title: The Art of Computer Programming. Volume 4A: Combinatorial Algorithms Part 1

Author: Donald E. Knuth

Pages: 883

Rating: 9/10

Publisher: Addison-Wesley Publishing http://www.awl.com/

ISBN-10: 0-201-03804-8

ISBN-13: 978-0-201-03804-0

Price: $74.99 US

Summary: Knuth's latest masterpiece. Almost all there is to know about combinatorial search algorithms.

Decades in the making, Donald Knuth presents the latest few chapters in his by now classic book series "The Art of Computer Programming". The computer science pioneer's latest book on combinatorial algorithms is just the first in an as-of-yet unknown number of parts to follow. While these yet-to-be-released parts will discuss other combinatorial algorithms, such as graph and network algorithms, the focus of this book titled "Volume 4A Combinatorial Algorithms Part 1" is solely on combinatorial search and pattern generation algorithms. Much like the other books in the series, this latest piece is undoubtedly an instant classic, not to be missing in any serious computer science library or book collection.

The book is organized into four major parts, an introduction, a chapter on Boolean algebra, a chapter on algorithms to generate all possibilities (the main focus of the book), and finally 300 pages of answers to the many exercises at the end of every section in the book. These exercises and answers make this work an excellent companion for teachers of a university course.

The book begins with some introductory examples of combinatorial searching and then gives various definitions of graphs and directed acyclic graphs (DAGs) since a lot of combinatorial algorithms conveniently use graphs as the data structures they operate on. Knuth's writing style is terse and to the point, especially when he presents definitions and proofs. However, the text is sprinkled with toy problems and puzzles that keep it interesting.

After the introduction, the first chapter of the book (out of only two) is titled "Zeros and Ones" and discusses Boolean algebra. Most readers that have studied computer science in some form should be intimately familiar with most of the discussed basics, such as disjunctive normal forms and Boolean functions and their evaluation. The reader might be surprised to find a discussion of such an elemental foundation of computer science in a book on combinatorial algorithms. The reason is that storage efficiency is especially important for these types of algorithms and understanding the basic storage unit of computer systems nowadays (as the decimal computer is a definite thing of the past) is of importance.

After covering the basics of Boolean algebra and Boolean functions in quite some detail, Knuth gets to the most fun part of this chapter in my opinion: the section on bitwise tricks and techniques on integer numbers. Being a software engineer in the video games industry, I recognized a lot of the techniques from my day-to-day work, such as bit packing of data and various bit shifting and bit masking tricks. There is also a discussion of some interesting rasterization-like algorithms, such as the shrinking of bitmaps using Levialdi's transformation or filling of regions bounded by simple curves. The chapter concludes with Binary Decision Diagrams that represent an important family of data structures for representing and manipulating Boolean functions. This topic was also quite interesting to me since I have never been exposed to it before.

The second and main chapter of the book is titled "Generating All Possibilities". In this particular volume of the "The Art of Computer Programming" series, the only subsection of the chapter in this volume is on generating basic combinatorial patterns, or more specifically generating all n-tuples, permutations, combinations, partitions, and trees. We can expect more on this topic from Knuth in his continuation in Volume 4B and beyond.

The discussion on n-tuples starts out with a lengthy focus on Gray codes, which are binary strings of n bits arranged in an order such that only one bit changes from string to string.

A quite fun example for generating all permutations presented in this part of the book is alphametics, also sometimes known as verbal arithmetic — a kind of puzzle where every letter of a word stands for a digit and words are used in equations. The goal is to assign digits to letters in such a way that the equation is correct. A classic example is SEND + MORE = MONEY (the solution is left as an exercise for the reader).

The next section deals with generating all combinations. Given a set of n elements, the number of all possible combinations of distinct subsets containing k elements is the well-known binomial coefficient, typically read as "n choose k". One of the more interesting algorithms in this section of the book to me was generating all feasible ways to fill a rucksack, which can come in quite handy when going camping :P

After combinations, Knuth moves on to briefly discuss integer partitions. Integer partitions are ways to split positive integer numbers into sums of positive integers, disregarding order. So, for example 3, 2+1, and 1+1+1 are the three possible partitions of the integer 3. Knuth, in particular, focuses on generating all possible integer partitions and determining how many there are for a given number. The book continues with a concise presentation of the somewhat related topic of set partitions, which refer to ways of subdividing a set of elements into disjoint subsets. Mathematically, a set partition defines an equivalence relation and the disjoint subsets are called equivalence classes; concepts that should be familiar to any mathematics major. Again, the focus is on generating all possible set partitions and determining how many partitions can be generated.

The main part of the book closes with a discussion of how to exhaustively generate all possible trees, which is a topic that I have never given much thought to. I am familiar with generating permutations, combinations, and partitions, but have never really been confronted with generating all possible trees that follow a certain pattern. One main example used throughout this part of the book is generating all possible strings of nested parentheses of a certain length. Such strings can be represented equivalently as binary trees.

Knuth's latest book is comprehensive and almost all encompassing in its scope. It compiles an incredible amount of computer science knowledge on combinatorial searching from past decades into a single volume. As such, it is an important addition to any computer science library. This book is not necessarily an easy read and requires a dedicated reader with the intention of working through it from front to back and a considerable amount of time to fully digest. However, for those with patience, this book contains a lot of interesting puzzles, brain teasers, and almost everything there is to know on generating combinatorial patterns.

On a final note, if you don't have volumes 1-3 yet you can get all volumes in a convenient box set (http://www.amazon.com/Computer-Programming-Volumes-1-4A-Boxed/dp/0321751043).

About the review author:

Martin Ecker has been involved in real-time graphics programming for more than 10 years and works as a professional video game developer for High Moon Studios http://www.highmoonstudios.com/ in sunny California.

Title: The Art of Computer Programming. Volume 4A: Combinatorial Algorithms Part 1

Author: Donald E. Knuth

Pages: 883

Rating: 9/10

Publisher: Addison-Wesley Publishing http://www.awl.com/

ISBN-10: 0-201-03804-8

ISBN-13: 978-0-201-03804-0

Price: $74.99 US

Summary: Knuth's latest masterpiece. Almost all there is to know about combinatorial search algorithms.

Decades in the making, Donald Knuth presents the latest few chapters in his by now classic book series "The Art of Computer Programming". The computer science pioneer's latest book on combinatorial algorithms is just the first in an as-of-yet unknown number of parts to follow. While these yet-to-be-released parts will discuss other combinatorial algorithms, such as graph and network algorithms, the focus of this book titled "Volume 4A Combinatorial Algorithms Part 1" is solely on combinatorial search and pattern generation algorithms. Much like the other books in the series, this latest piece is undoubtedly an instant classic, not to be missing in any serious computer science library or book collection.

The book is organized into four major parts, an introduction, a chapter on Boolean algebra, a chapter on algorithms to generate all possibilities (the main focus of the book), and finally 300 pages of answers to the many exercises at the end of every section in the book. These exercises and answers make this work an excellent companion for teachers of a university course.

The book begins with some introductory examples of combinatorial searching and then gives various definitions of graphs and directed acyclic graphs (DAGs) since a lot of combinatorial algorithms conveniently use graphs as the data structures they operate on. Knuth's writing style is terse and to the point, especially when he presents definitions and proofs. However, the text is sprinkled with toy problems and puzzles that keep it interesting.

After the introduction, the first chapter of the book (out of only two) is titled "Zeros and Ones" and discusses Boolean algebra. Most readers that have studied computer science in some form should be intimately familiar with most of the discussed basics, such as disjunctive normal forms and Boolean functions and their evaluation. The reader might be surprised to find a discussion of such an elemental foundation of computer science in a book on combinatorial algorithms. The reason is that storage efficiency is especially important for these types of algorithms and understanding the basic storage unit of computer systems nowadays (as the decimal computer is a definite thing of the past) is of importance.

After covering the basics of Boolean algebra and Boolean functions in quite some detail, Knuth gets to the most fun part of this chapter in my opinion: the section on bitwise tricks and techniques on integer numbers. Being a software engineer in the video games industry, I recognized a lot of the techniques from my day-to-day work, such as bit packing of data and various bit shifting and bit masking tricks. There is also a discussion of some interesting rasterization-like algorithms, such as the shrinking of bitmaps using Levialdi's transformation or filling of regions bounded by simple curves. The chapter concludes with Binary Decision Diagrams that represent an important family of data structures for representing and manipulating Boolean functions. This topic was also quite interesting to me since I have never been exposed to it before.

The second and main chapter of the book is titled "Generating All Possibilities". In this particular volume of the "The Art of Computer Programming" series, the only subsection of the chapter in this volume is on generating basic combinatorial patterns, or more specifically generating all n-tuples, permutations, combinations, partitions, and trees. We can expect more on this topic from Knuth in his continuation in Volume 4B and beyond.

The discussion on n-tuples starts out with a lengthy focus on Gray codes, which are binary strings of n bits arranged in an order such that only one bit changes from string to string.

A quite fun example for generating all permutations presented in this part of the book is alphametics, also sometimes known as verbal arithmetic — a kind of puzzle where every letter of a word stands for a digit and words are used in equations. The goal is to assign digits to letters in such a way that the equation is correct. A classic example is SEND + MORE = MONEY (the solution is left as an exercise for the reader).

The next section deals with generating all combinations. Given a set of n elements, the number of all possible combinations of distinct subsets containing k elements is the well-known binomial coefficient, typically read as "n choose k". One of the more interesting algorithms in this section of the book to me was generating all feasible ways to fill a rucksack, which can come in quite handy when going camping

After combinations, Knuth moves on to briefly discuss integer partitions. Integer partitions are ways to split positive integer numbers into sums of positive integers, disregarding order. So, for example 3, 2+1, and 1+1+1 are the three possible partitions of the integer 3. Knuth, in particular, focuses on generating all possible integer partitions and determining how many there are for a given number. The book continues with a concise presentation of the somewhat related topic of set partitions, which refer to ways of subdividing a set of elements into disjoint subsets. Mathematically, a set partition defines an equivalence relation and the disjoint subsets are called equivalence classes; concepts that should be familiar to any mathematics major. Again, the focus is on generating all possible set partitions and determining how many partitions can be generated.

The main part of the book closes with a discussion of how to exhaustively generate all possible trees, which is a topic that I have never given much thought to. I am familiar with generating permutations, combinations, and partitions, but have never really been confronted with generating all possible trees that follow a certain pattern. One main example used throughout this part of the book is generating all possible strings of nested parentheses of a certain length. Such strings can be represented equivalently as binary trees.

Knuth's latest book is comprehensive and almost all encompassing in its scope. It compiles an incredible amount of computer science knowledge on combinatorial searching from past decades into a single volume. As such, it is an important addition to any computer science library. This book is not necessarily an easy read and requires a dedicated reader with the intention of working through it from front to back and a considerable amount of time to fully digest. However, for those with patience, this book contains a lot of interesting puzzles, brain teasers, and almost everything there is to know on generating combinatorial patterns.

On a final note, if you don't have volumes 1-3 yet you can get all volumes in a convenient box set (http://www.amazon.com/Computer-Programming-Volumes-1-4A-Boxed/dp/0321751043).

About the review author:

Martin Ecker has been involved in real-time graphics programming for more than 10 years and works as a professional video game developer for High Moon Studios http://www.highmoonstudios.com/ in sunny California.

"Card readers? We don't need no stinking card readers." -- Peter da Silva (at the National Academy of Sciencies, 1965, in a particularly vivid fantasy)