Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 59 60 [61] 62 63 ... 249
901
Security / Re: Tor's weaknesses and Internet Survelliance (looking for technical details)
« on: June 22, 2013, 02:11 pm »
The primary difference is that a classical computer with x bits can be in one of 2^x states at any given time, whereas a quantum computer with x qubits can simultaneously be in 2^x states at the same time. So a 2 qubit quantum computer can be simulated with four 2 bit classical computers, and a 512 bit quantum computer can be simulated with 2^512 512 bit classical computers.

902
Off topic / Re: Anti-pedophile group calls for Tor network to be shut down
« on: June 22, 2013, 12:40 pm »
Quote from: zvp1014 on June 22, 2013, 01:35 am
Drugs are only hurting myself if anybody.

Child porn oftentimes ruins the lives of individuals depicted within them. Note that I define CP as being pornographic images of actual children (Perhaps around 14 and under), not of teenagers who have the capacity to understand the consequences of capturing themselves in pixels and face the same risks adults do in regards to pornographic images of themselves. Those akin to Amanda Todd deserve no sympathy for their poor life-choices. Meanwhile, a close friend of mine who was raped numerous times in his single digits by a guy who was never charged, and grew up to become a pedophile himself, deserves sympathy.

Preferably we'd have a TOR with no child porn, and no individuals who had a sexual compulsion to touch children. However, I cannot think of a practical way to create such a TOR; it's likely impossible.

Pictures don't molest kids, people do. Also I find it amazing that you don't sympathize with Amanda Todd considering she was extorted for sex pictures by some dude on the internet she sent a picture of her flashing to (after he manipulated her into doing so), and when she refused to send more pictures he spammed her shit all over the internet and then she got picked on so much at school that she killed herself. So your policy is no looking at pictures of naked people below the age of 14, but it is okay to extort people older than that for sexual pictures and then spam them all over the place until they kill themselves? That is so weird because my belief is about the exact opposite, that it is okay to *look* at whatever you want, but it is not okay to manipulate kids into sending you sexual pictures and then blackmailing them with them. 

Manipulating kids into sending you sexual pictures and then blackmailing them for more = bad
Looking at pictures of kids who were manipulated into sending sexual pictures that were posted on the internet = morally neutral
Getting pictures of kids who who posted sexual pictures on the internet and then blackmailing them for more = bad
Looking at pictures of kids who posted sexual pictures on the internet = morally neutral

Note that in the cases I labeled as bad that a victim is inherently created, and that in the cases I labeled as morally neutral that there is not an inherent ability for the previously created victim to become aware of the fact. By the time somebody views such an image on the internet, any potential victim was already created, and barring some quantum entanglement like phenomenon, no further victimization is inherently taking place. Also make note of the fact that it is illegal to extort anybody regardless of their age.

Quote from: iLoveTaffy on June 22, 2013, 08:55 am
Quote from: kmfkewm on June 19, 2013, 10:42 am
Quote
MOSCOW, June 18 (RAPSI) - Sergei Zhuk, the leader of the Bounty Hunters, a group that aims to combat pedophilia through the detection of child pornography, has asked Russia's Interior Ministry and communications agency Roskomnadzor, to restrict access to the anonymity network known as Tor, Izvestia reports on Tuesday.

The Tor software enables online anonymity by directing traffic through a worldwide volunteer network which makes it more difficult to trace Internet activity. This technology, developed by the US Naval Research Laboratory for its own purposes, was declassified in 2002 and handed over to civilian programmers for further development.

According to Zhuk, Tor is primarily used by people creating illegal websites, which cannot operate in the legal framework. In his letter, he provided examples of online anonymity being used for mala fide purposes, adding that the .onion domain zone already contains multiple websites for pedophiles.

The activist believes that Russians consume a large portion of the content.

In the closing part of his letter, Zhuk give his recommendations on how to block Tor in Russia.

Roskomnadzor has confirmed that they have received Zhuk's letter and they are currently considering the information. The Interior Ministry's press office said they have not yet received such a letter.

Bounty Hunters is a public association which detects child pornography on the web. The group became well known in September 2012 when it criticized Russia's largest social networking website, VKontakte, claiming that it hosted a large amount of child pornography.

I wonder if he knows that it isn't illegal to view or possess child porn in Russia.

Is that for REAL? Wow... gross.

It isn't illegal to view or possess child porn in about half of the world.

en.wikipedia.org/wiki/Laws_regarding_child_pornography

That map is somewhat misleading as well, there are some places where it is legal to view child porn if you don't intentionally save it to persistent memory. So viewing and possessing are differentiated in some areas, with viewing legal but not possessing. Also, in some parts of the world where possession and viewing are both illegal, simple possession or viewing are citation/warning/ticket level offenses.

903
Security / Re: [Creating Strong Passwords] A Definitive & Strategic Guide
« on: June 22, 2013, 12:03 pm »
In practice though you can probably get away with slightly less. For one if the application you use the password with is using PBKDF with iterations, it will stretch the bit strength of the password out. A 19 character random ASCII password has 124.83 bits of entropy giving it a key space of 2^124.83 , if there is a PBKDF with 1,000 iterations the number of hash operations required to exhaust the key space will be 2^124.83 * 1,000 and log2(2^124.83 * 1,000) = 134.79 bit equivalency. An 18 character random ASCII password has a key space of 2^118.26 so with 1,000 PBKDF iterations it is log2(2^118.26 * 1,000) = 128.22 bit equivalency. So if you know the application you are entering your password into has 1,000 or more PBKDF iterations you are actually secure with only an 18 random character ASCII password.

Also, totally grammatically correct English prose is estimated to have about 1 bit per byte, but if you type things that you would never read in a book (ie: correct horse battery staple) and use special characters and such (ie: cOrrect h0rse batt3ry s!apl3) then the entropy significantly increases over 1 bit per byte, for the first few characters at least, although it levels off to near 1 bit per byte after many characters. So chances are you don't actually need 128 characters of human readable text, so long as it doesn't look like something you would write in a letter to somebody. Also the PBKDF will come into play for human readable passwords as well, so in the end you wont need quite 128 characters even if it does look like it is out of a letter or book.

904
Security / Re: [Creating Strong Passwords] A Definitive & Strategic Guide
« on: June 22, 2013, 11:33 am »
Quote from: Duffman on June 22, 2013, 12:10 am
Quote from: tree on June 21, 2013, 10:48 pm
128 characters is a lot to remember! Is a 15 character truly random password strong enough? I thought anything over 13 random characters was considered strong. I've heard of using 5 or more words and then 8 random characters at the end to make a strong password.
Yes currently anything over 13 characters will most likely be sufficient as long as it isn't just lowercase letters.
A lowercase 13 characters password could be guessed on average in less than an hour at 350 billion tries per second.
Once you throw in a few uppercase letters it will take on average more than 1.5 years to guess.
I got the 350 billion tries per second figure from here:

http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/

Quote
A password-cracking expert has unveiled a computer cluster that can cycle through as many as 350 billion guesses per second. It's an almost unprecedented speed that can try every possible Windows passcode in the typical enterprise in less than six hours.

That xkcd is good advice though since sentences are easy to remember but hard to guess so they make great passwords. :)

According to Wikipedia each ASCII printiable character has 6.570 bits of entropy, so if your password is truly randomly generated, thirteen characters is only equal to 85.41 bits of entropy. That is not a horrible password, for a long time the minimum entropy of a secure password was considered to be 80 bits, but today estimates are closer to 128 bits. 80 bit passwords are no longer considered to be secure, 85 bit passwords are significantly better but you really should aim for at least 128 bits, which is about 20 random ASCII characters or 128 characters of English text.

905
Security / Re: [Creating Strong Passwords] A Definitive & Strategic Guide
« on: June 21, 2013, 10:31 pm »
No offense but those passwords will all be cracked in no time at all. Your best bet is to remember two really good passwords, one for FDE and one for your password manager that handles all others. You really have two options. Option number one is to create a 128 bit (or more, but it gets much harder to remember) truly random password. It will look something like this: ?il+u3iI^jV@geR*mF=r

Your next option is to create a really long phrase, if it is plain english following proper |grammatical rules it will need to be 128 characters most likely, but if it is not proper English then you can get away with less.|

So roughly everything between the first and last pipe, considering the sentence I typed was proper English.

Bad Password: 12G00gl3!34
Good Password:  ?il+u3iI^jV@geR*mF=r
Bad Password: 12P1nt3r3$t!34
Good Password: grammatical rules it will need to be 128 characters most likely, but if it is not proper English then you can get away with less.
 

906
Security / Re: [Creating Strong Passwords] A Definitive & Strategic Guide
« on: June 21, 2013, 10:09 pm »
A definitive guide on how to make weak passwords?

907
Security / Re: Tor's weaknesses and Internet Survelliance (looking for technical details)
« on: June 21, 2013, 09:36 pm »
Quote from: SelfSovereignty on June 21, 2013, 09:02 pm
Quote from: talawtam on June 21, 2013, 08:34 am
Stumbled across this yesterday. Really got me thinking about how safe we really are!

***WARNING CLEARNET***
http://www.naturalnews.com/040859_Skynet_quantum_computing_D-Wave_Systems.html

Quote
Skynet rising: Google acquires 512-qubit quantum computer; NSA surveillance to be turned over to AI machines

...

When the NSA surveillance grid is turned over to AI, humanity is finished
The problem with the NSA spy grid, from the point of view of the NSA, is that you have to hire troves of human analysts to sort through all the information being swept up by the surveillance grid. Analysts like Edward Snowden, for example.

...

Kurzweil is a lot like Applewhite. He's the leader of the transhumanist cult -- a group of insane technology worshippers who believe they will upload their minds into quantum computers and "merge with the machines," achieving some weird shadow of immortality (in the same way, I suppose, that a photograph of you makes you "immortal.")

Kurzweil talks a lot like Applewhite, too. Click here to view the video of the cult leader Marshall Applewhite. And then watch this video of Ray Kurzweil explaining how (some) humans will have their minds merged with machines and thereby achieve what he thinks he means by using the word "immortality."

Just like Applewhite told his followers to poison themselves so they could follow him to "meet the mothership" arriving with the Hale-Bopp comet, Kurzweil will very likely soon instruct all his worshippers to kill their biological bodies so their minds can be "uploaded to the mothership computer" (or whatever).

I'm not making this up. As The Daily Mail reports:

In just over 30 years, humans will be able to upload their entire minds to computers and become digitally immortal - an event called singularity - according to a futurist from Google. Ray Kurzweil, director of engineering at Google, also claims that the biological parts of our body will be replaced with mechanical parts and this could happen as early as 2100. Kurweil made the claims during his conference speech at the Global Futures 2045 International Congress in New York at the weekend.

Kurzweil is a madman. His colleagues are mad. The people running Google and the NSA are mad. And they are about to give rise to AI computers that are far smarter than any human. It's not going to take these AI systems long to figure out that they are surrounded by total idiots (people) and that humans need to be eliminated. With multidimensional brain power that rivals the mind of God, quantum computing AI systems can easily find ways to destroy humanity forever.

We may be at war with the machines sooner than you think. And if you thought battling the U.S. government and the NSA when it was run by people was difficult, just wait until you're up against Skynet.

This is sensationalist rubbish.  The entire thing is full of fear mongering and half truths.  This isn't a fucking movie about death robots, time traveling, and bad acting delivered by ex-body builders (though it was a pretty good movie).

Jesus, Skynet?  Seriously?  Ugh...

Yeah I puked in my mouth a little when I read that article. Natural News is not a reliable source for ...... anything really.

908
Security / Re: Tor's weaknesses and Internet Survelliance (looking for technical details)
« on: June 21, 2013, 07:30 pm »
Quote
You could change the Tor source code to keep entry guards longer, for 6 months or even a year, but then you would stand out more, reducing your anonymity in a different way.

This is the standard dogma of the Tor camp, however I fail to see it. If you keep the same set of entry guards for a year, only the entry guards, their ISP's and your ISP are capable of determining this. If your ISP, your entry guard, or your entry guard's ISP's are malicious, then you are at great risk of falling victim to a timing attack or a fingerprinting attack. It definitely makes you stick out (to your ISP, entry guards and entry guards ISP) if you use persistent entry guards, but I don't think it really reduces your anonymity in any appreciable way. The people who know that you are using those guard nodes already know who you are, and they already cannot tell where you are going unless they get you with a timing or a fingerprinting attack, and if they want to get you with a timing or a fingerprinting attack they are already capable of doing so. I have never gotten a satisfactory answer as to how exactly using persistent entry guards reduces your anonymity.

Quote
You can also reduce your anonymity by making your circuit behavior on the network more noticeable. Some people feel the need to exclude nodes in whole countries. For example, someone living in the United States may not want to connect to relays in the United States. If an attacker operates one of his entry guards, he might notice that this person never connects to relays in his own country, meaning he's trying to get extra protection, making him a subject on interest. If the attacker were LE, he might start investigating that Tor user.

That is the most acceptable answer I have ever heard regarding this subject. However, I would point out that if the attacker operates one of your entry guards they are able to attempt timing and fingerprinting attacks against you regardless of if you stick out or not. I can see a possibility that if you stick out by using the entry guard in a persistent way, that the attacker may decide to do non-traffic analysis based surveillance on you. That is the only way I can see using a persistent set of guards as possibly being detrimental. Although if everybody on SR starts using persistent entry guards, then using persistent entry guards will become a behavior associated with SR. But if only you use persistent entry guards, out of all of the people here, and you never tell anybody that you do, it seems like a bit of a stretch to me that this hurts anonymity (although this is what the Tor people claim, so I am not finding fault with your description at all).

Quote
There are theoretical non-technical attacks on SR users that involved Tor. For example, a lot of vendors check buyer addresses on Google Maps and similar sites to see if they are valid (to avoid issues with products not arriving and having to go into resolution). They make these searches over Tor. If LE wanted to go on a fishing expedition, they could ask Google for all searches over Tor and hand those addresses to local LE for increased surveillance and inspection of incoming packages.

I would be absolutely furious to learn that a vendor looked up my address on Google Maps over Tor. I would also be furious to learn that a vendor looked up the tracking number on my package over Tor. Although it is probably common behavior, thankfully none of the vendors I work with would ever do such things though.

909
Security / Re: I can't believe some vendors ask you not to use PGP...
« on: June 21, 2013, 06:35 pm »
Quote from: HappyTrees on June 21, 2013, 04:26 pm
Having pgp doesn't ensure your security..as far as I'm concerned. If they seize your computer they will be able to make the connection with the keys on your keyring. Unless you destroy the harddrive/flashdrive pronto while being raided?

Or if you encrypt your hard drive. Having GPG most certainly doesn't ensure your security though. Hell, not using GPG doesn't even ensure that you will be compromised. If you don't use GPG to send your address over SR then your security is dependent on the server never being seized while it is in a vulnerable state (ie: booted on), everybody who has legitimate access to the server being honest and non-malicious, and the server never being penetrated by malicious hackers. Now, the server is almost always on so if it is seized then you are pretty fucked. Tor is better than nothing anonymity for servers, but everybody knows that hidden services are not the most anonymous things in the world. Not to mention there is always the risk that the server will leak its IP address etc. We are pretty positive at this point that DPR is legitimate currently, and we hope that the people he picked to have access to the server are legitimate, but people can of course turn to the enemy if they are compromised, and it is not unheard of for undercovers to infiltrate criminal groups at a high level (ie: master splynter gained legitimate administrative access to a carder forum). As far as hackability goes, well at least 99.9999999% of software is hackable, and the software running SR is no different.

On the other hand, if you use GPG then your security is dependent on extremely large composite numbers being difficult to factor into primes, and essentially all mathematicians believe that extremely large composite numbers are extremely difficult to factor into primes.

So it is up to you if you want your security to rely on the anonymity of Tor hidden services (which is undoubtedly less than the anonymity of regular Tor clients), the security of the server (which is undoubtedly not perfectly secure), and the benevolence of the people with administrative access to the server (which is indeterminable), or if you want your security to rely on something that mathematicians hold to be fact (ie: that it is very hard to factor a very large composite number into primes).

910
Drug safety / Re: Ask a Drug Expert Physician about Drugs & Health
« on: June 21, 2013, 03:17 pm »
No legitimate doctor is going to prescribe that people smoke a cancerous substance, or consume orally a drug with unknown dosage, when they can instead take a pill that is accurately dosed, does the same thing and doesn't cause cancer.

911
Drug safety / Re: Ask a Drug Expert Physician about Drugs & Health
« on: June 21, 2013, 01:40 pm »
Quote from: cleansober on June 21, 2013, 11:21 am
DoctorX,

Cannabis users in some locations can semi-legally use everyday for many ailments physical and/or psychological. Some doctors make a practice of doing a quick checkup and routinely providing the patient with a prescription.  Do you think this is a rational health care policy?  Would you ever recommend a patient take cannabis on a daily basis?

 Southpark's 22 minute episode 'Medicinal Fried Chicken' makes great fun of this legalization trend.  http://www.southparkstudios.com/full-episodes/s14e03-medicinal-fried-chicken.

Of course smoking cannabis is not medically valid, it is just a sham to get weed legalized. There are pharmaceuticals derived from cannabis that serve the same function, and those are what any legitimate doctor would prescribe.

912
Security / Re: PGP, does everyone use it and why?
« on: June 21, 2013, 12:08 pm »
The people putting their trust in the SR server side encryption obviously don't understand the difference between types of encryption. There is absolutely no way that the SR server side encryption is adequate to protect from 99% of attacks. Chances are extremely high that it consists of having things stored on a mounted symmetrically encrypted partition or container. That means that everything is in an unencrypted state while it is in RAM, which will be almost 100% of the time. If hackers pwn the servers, they can get all of the plaintexts. If the server is seized, unless the feds tremendously fuck up how they go about it, they will be able to get the plaintexts.

913
Security / Re: I can't believe some vendors ask you not to use PGP...
« on: June 21, 2013, 12:03 pm »
Quote from: Aurelius Venport on June 21, 2013, 06:04 am
its really not necc. if SRs server was not i think there would be larger issues. sure it cant hurt though. addys get auto encrypted in the box....and i gotz faith in dat nigga dread, its something bout his name yo.

You want to put your trust in something that is certainly hackable (SR server) instead of in something that the greatest mathematicians in the world think is essentially uncrackable without a quantum computer (4,096 bit RSA)?

914
Security / Re: Operating Tor from computer HDD... Want to switch to USB
« on: June 21, 2013, 11:59 am »
Quote from: Young Morpheus on June 21, 2013, 05:00 am
Completely zeroing out your computer is actually nearly impossible. You can run software a few times that claims to 0 out everything, but the fact that you have to do it a few times means that it isn't always 100%.

The best way to do it, and keep the HDD is an expensive piece of equipment called a degausser.

If you aren't worried about losing everything, just buy a new HD.

You don't *have* to do it a few times though.

915
Philosophy, Economics and Justice / Re: The question of "How?!"
« on: June 21, 2013, 11:08 am »
Quote
Berkley would say there is no life outside of your mind, there is no beginning to existence beyond this;
Kant would say the human mind does not have the cognitive apparatus to achieve knowledge of the beginning of time;
Hegel would say your human mind defines everything you see, and there is no beginning like there is no end.
Schopenhauer would say the object world began with the emergence of the subjective world. Without one there is no other.

Each of Kant, Hegel and Schopenhauer point towards option one for me, with a different approach in that God is collective and subjective consciousness, God is us and we are our own beginning. Without us there is no it. Beginning begins with our beginning and finishes with our definition of an end -which for some people is eternity (spiritual/religious) and others is finite (physicalist).

All of them argue essentially the same thing, subjectivism. Of course all serious scientists are pretty strong advocates of objectivism. All evidence points to an objective reality that is completely independent of subjective perception. 


Quote
Sometimes I feel pity for the physicalist who only believes there is physical existence alone and with death comes nothingness. It may be a comforting illusion to believe in more, but it cannot be scientifically proven either way (at least not yet).

You think it cannot be scientifically proven that if a tree falls in the woods it makes a sound regardless of if anybody is there to hear it or not?!?!

Quote
3). Matter sprung from nothingness

I believe that the most widely accepted theory, from physicists of course, not from philosophers, is that eternally there are pseudo-vacuums in space that inflate and are filled with intrinsic energy, and eventually the vacuum deteriorates and all of the energy inside of it explosively turns into matter.  The area that the vacuum filled is called a universe, this process of inflation has been going on for eternity and will continue for eternity, there are an infinite number of universes and together they make up the multiverse which consists of everything that is. I think universes inflate from what is called a white hole, something through which matter can be pushed out but through which nothing can go in. This is the inverse of a black hole, something through which matter can be sucked in but through which nothing can come out. I think every black hole from one 'perspective' is a white hole from another perspective, and that all of the multiverse is connected together with black:white holes.

Of course this is just my understanding as a layperson. Theoretical physics is a bit too much for me to really grasp at a detailed level. However, if you are interested in reading more about this you could look up 'eternal inflation' and 'white holes'.

Pages: 1 ... 59 60 [61] 62 63 ... 249