Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 82 83 [84] 85 86 ... 249
1246
LSD overdoses are possible but the LD-50 is about 150 times the average dose.

1247
Security / Re: How to totaly clean a laptop /p.c
« on: April 24, 2013, 01:25 am »
Another example would be if you have an install of Windows for example, and then you install Ubuntu with FDE. Just because you have used FDE when installing Ubuntu does not mean that the entire drive has been encrypted. Only the newly installed data related to Ubuntu has been encrypted, and only the space it takes up has been overwritten. Unless you first did a separate full drive overwrite, there will still be plaintext data remnants from the Windows install on the drive.

The exact details of if you can count on an FDE implementation to be equal to a full drive wipe or not will vary from implementation to implementation. But having FDE is not the same as having wiped your drive, so you should not confuse the two things and rely on FDE to be a secure wipe.

1248
Security / Re: How to totaly clean a laptop /p.c
« on: April 24, 2013, 01:18 am »
You could also just do a full disk encryption and then reformat. It would make it impossible to recover any data. An even more secure way would be doing a full disk encryption and then using DBAN, or even using TreuCrypt's secure overwrite option during the full disk encryption.

FDE doesn't inherently overwrite stuff that is already on the drive.
To encrypt all the data on the drive wouldn't it have to overwrite the non-encrypted data? It also encrypts the free space so that would  be like a 1 pass secure erasure. 1 pass isn't so great though so I understand DBAN is better.  Or am I completely mistaken?

I am pretty sure that many FDE solutions only encrypt things that are currently indexed, and not the entire drive. That is why they generally have an option included to do a wipe prior to encryption. Here are some snippets supporting this though:

Quote
Why does it appear that most of the free space in my drive is used when BitLocker is converting the drive?

BitLocker cannot ignore free space when the drive is being encrypted because unallocated disk space commonly contains data remnants. However, it is not efficient to encrypt free space on a drive. To solve this problem, BitLocker first creates a large placeholder file that takes most of the available disk space and then writes cryptographic material to disk sectors that belong to the placeholder file. During this process, BitLocker leaves 6 GB of available space for short-term system needs. All other space, including the 6 GB of free space not occupied by the placeholder file, is encrypted. When encryption of the drive is paused or completed, the placeholder file is deleted and the amount of available free space reverts to normal. A placeholder file is used only on drives formatted by using the NTFS or exFAT file system.

As you can see, Bitlocker does not encrypt the free space on the drive. But they take care of the problem by overwriting it. However my point is that the encryption process and the full drive overwriting process are two separate things, and it is not safe to count on FDE to be equal to full drive overwriting, even though many implementations of FDE probably do a full drive overwrite as well.

here is another citation, although from a non-official source:

http://serverfault.com/questions/395912/does-luks-also-encrypt-free-space

Quote
up vote 6 down vote
   

The standard recommendation, is that you over-write a disk/volume with random data before you setup luks. The Ubuntu installer will even offer to do this for you if you select the Expert mode. I don't believe the latest version will do this by default though, but I haven't actually tried it. This is often skipped/ignored because the process will take a long time.

But no, luks does not automatically fill or over-write blocks when it is setup.

Using the psuedo random generator in badblocks (badblocks -c 10240 -wsvt random /dev/<device>)is usually considered good enough and suggested as a good method to wipe a volume by most LUKS guides and HOWTOs.


Once again you can see that the actual FDE does not overwrite the entire drive, and relies on a separate (although depending on the specific implementation, possibly integrated) drive wiping mechanism.

1249
Shipping / Re: fingerprints ?
« on: April 24, 2013, 12:38 am »
Fingerprints ARE enough to get you busted and if you think otherwise you are plain and simple fucktarded.

Quote
Additionally, if you see the Canadapost you will see how many people are touching your package without gloves...there is prints all over these things....

Maybe it is outside your field of expertise, but there is a basic forensics technique called intersection that applies to all sorts of things. In this case the attacker would order multiple packages from the vendor, then they would lift prints off of all of them and intersect the crowds until only the vendors prints are remaining. Your fingerprints may hide in a tiny ass crowd on one package, but over two or three or four packages and your prints are the only unique ones left.

Really I am dumbfounded that anybody here would argue against the importance of wearing gloves when packaging things. There is absolutely no debate to be had. My guess is they are either LE trying to create the impression of there being ANY debate in regards to the importance of not leaving fingerprints on shit, or they are trolls, or they are complete fucking idiots. In fact, I am certain that they absolutely must be one of the previously mentioned things.

1250
Security / Re: How to totaly clean a laptop /p.c
« on: April 23, 2013, 07:07 am »
Which means that encrypting a drive that has already had sensitive information on it is not a good way to try to sanitize the drive. It is also a waste of time to encrypt the drive and then wipe it with something like DBAN or better yet Secure Erase. Don't confuse encryption with anti-forensic data wiping :).

1251
Security / Re: How to totaly clean a laptop /p.c
« on: April 23, 2013, 07:03 am »
You could also just do a full disk encryption and then reformat. It would make it impossible to recover any data. An even more secure way would be doing a full disk encryption and then using DBAN, or even using TreuCrypt's secure overwrite option during the full disk encryption.

FDE doesn't inherently overwrite stuff that is already on the drive.

1252
Shipping / Re: fingerprints ?
« on: April 22, 2013, 08:46 pm »
paranoia is paranoia, no matter if u sing it in a song!

I decided to make a childrens song for you in the hopes that you would get the picture. Unfortunately it failed to educate you.

1253
Shipping / Re: fingerprints ?
« on: April 22, 2013, 08:45 pm »
Don't let paranoia and propaganda cloud your minds.


(The following paper was the text of a presentation at a training seminar for Los Angeles County Deputy District Attorneys on November 14, 1992)

This is an excerpt.

"Often, detectives are disappointed and prosecutors are frustrated with the lack of the irrefutable evidence of the suspect's fingerprints on a particular item of evidence, which he must have handled. It is unfortunate that, unlike on television, the �suspects� prints don't always appear.  A look at the factors influencing the chances of obtaining prints will assist in understanding the fragile and elusive nature of latent impressions.  Each of the following various factors independently or in combination can account for the lack of prints on a surface:  1) Individuals don't always have a sufficient quantity of perspiration and/or contaminates on their hands to be deposited,  2) When someone touches something, they may handle it in a manner which causes the prints to smear,  3) The surface may not be suitable for retaining the minute traces of moisture in a form representative of the ridge detail, and 4) The environment may cause the latent print to deteriorate. The most important fact dealing with the lack of fingerprints is that it neither suggests, implies, or establishes that any person did or did not touch the item of evidence.  Items which have been witnessed to have been handled and laboratory experimentation repeatedly reiterate this premise".

Don't let the fact that every single case can't be solved with fingerprints cloud your mind into touching everything with your bare hands. That is just beyond fucking stupid.

Why you don't need to wear a condom when banging random prostitutes in Africa:

1. HIV is not always transmitted during sexual intercourse, and it doesn't always take hold and cause an infection
2. Maybe you just get a blowjob, that has a much lower risk of transmitting HIV
3. Not ALL prostitutes in Africa have HIV in the first place
4. Maybe you are a natural resistor, something like 1% of male Caucasians resist HIV infection to such an extent that they are virtually immune

Saying that you don't need to wear gloves when you handle illegal packages is pretty much the same as saying you don't need to wear a condom when you bang random African prostitutes, and then giving the above list of reasons. In other words, it makes you look like a dumb ass who is about to get infected with HIV.


There is a thing called being cautious, and a thing called ignoring common sense and wasting precious time!  I will inform you on what side you are currently on!

Fingerprinting mail?  Really? Ok

Now if your using MBB the only layer you would need to worry about is the last, I hope I don't have to explain why, and you should be wiping it down anyway. 

This leaves the the mailing itself, which is going to pass through at least a couple more hands as it goes thought the system.  Every post office I go too, employees do not wear gloves!

I been in this field for quite some time.  Many family and friends have been in and out of the system for drug charges, known of them convicted over fingerprints!  They would laugh at you and probably shank you for being so easily manipulated by what you see on tv.  Did you even read my post?

Since you are clearly clueless, I will take some time from my busy day to explain to you something called an INTERSECTION ATTACK, one of the fundamental types of forensics (correlation is another!).

Let's say you touch the outside of the envelope and get your fingerprints on it. Now, as you are hopelessly clueless, you incorrectly assume that it doesn't matter because your fingerprints will blend in with the fingerprints of dozens of other people who handle the package. Now when your package is fingerprinted after being intercepted, the detectives find 12 unique prints belonging to 12 different people. Whew, you may say to yourself, I am totally safe! Now, assuming they don't zero in on your prints due to the fact that you have previous drug charges and are not someone who works in mailing, the detectives just wait. Now they intercept another package from you (or they order another package from you, to save themselves some time!). This time they get 20 unique prints! Whew, you may say to yourself, I am totally safe! Except now those clever detectives take the first set of prints and the second set of prints, and they remove all prints that don't show up on both packages (this is an intersection attack!). Oh no, now only your prints are suspect , because none of the original 12 people who handled your first package handled the second package! Now you are totally fucked!

You are obviously new to mailing drugs, and my money is on you being busted in no time if you really don't wear gloves. Welcome to forensics 101.

I wear gloves just to be safe, but your logic is wrong.


Customs will never, ever, ever send your package to forensics if it's a personal amount inside. The governments don't have the money for that. Maybe if they catch a key or something, but no way for that amount. Do you know how much drugs they catch daily?

On top of that the police need to already have your fingerprints on file in the country that caught it (there isn't a world wide system, each country has their own)

If they don't have your prints then they have nothing to go on. They have a location but any good vendors know not to use the same drop all the time.. I personally use 5 different ones, all 3-10 miles apart.


 If they do have your prints, then yes you are right, you are fucked.

Oh really is that factoid straight out of your stinking asshole? Something tells me it is. Customs know that people with kilos might break them down into 10 gram packages. It is called swarming! If customs just completely ignores 10 gram packs, then everyone will just send their kilos in ten gram installments. Also I would like you to read about something called Interpol, through this organization fingerprints can be matched against world databases! Also intelligence sharing between the country of the shipper and country of the recipient is even more likely. Rotating between 5 different drops is pretty shitty security fwiw. Also the chances of you having your fingerprints on file at some point in time are not that low. A lot of people will be arrested for something at some point in their lives, or join an organization that requires fingerprinting. Feel free to leave your biological signature on all of your outgoing packages, but please stop pulling insta-facts out of your ass and generally talking about things you don't really have a clue about. Opinions are like assholes and I really don't want your stinky asshole pushed into my face when I have my nice pleasant smelling facts and logic already there.


Quote
Dumb Fucks, stop commenting without thinking, or reading this thread.  It has already been said numerous times throughout this thread.  I will reiterate!

YOU CAN'T MATCH A PRINT UNLESS YOU HAVE SOMETHING TO MATCH IT TOO!!!!!!!!!!!!!

Happy 420!

pkizenko98p

Hurka-durka durka-doo, durrr let me think about ur logic man. So like I should put my real name on return address becuz customs like totally doesn't care about me sending personal use schedule 1 drugs newayz n like uhm they might not find teh fone book to match my name and address. Fuck you are so right! From now on I send my drugs from real name, press fingerprints all over it, maybe I will draw some blood and rub in on inside of the package as well. I should add some hair too, maybe bust a nut in it for good measure.

1254
The government has always known of the mail as a potential risk vector, nothing will change.

1255
Really I should mostly blame the government, as they pump out propaganda and indoctrinate the hell out of people. But I blame the people who are indoctrinated just as much. It just more clearly shows the illusion of living in a democracy than anything else does. All the politicians, statists and other government apologists always argue against violence being used against the drug enforcers and the benefactors and beneficiaries of the war on drugs, and their excuse is always that in the US there is a free political system and it is the will of the people for drugs to remain illegal, and enforcers are just doing their jobs. I wonder how many mental gymnastics these people need to do to get around the fact that we have propaganda pumped at us 24/7. If North Korea allowed free elections but the people of the country think that their leader is a fucking God, and have propaganda saying such pumped at them 24/7, would we think that they have a free political system? From the time you are a young child in school being taught lies about drugs, and told to turn your parents in if you know they are drug users, through all the grades of school even up to college in some career paths, people are taught lies about drugs. You know, a person may consider school to be a good source of information, and even otherwise somewhat intelligent people could be indoctrinated into believing the lies about drugs if they are taught lies through an institution of fucking knowledge. Not to mention the media pumps out just as much bullshit about drugs, sometimes overtly and sometimes covertly. So people are taught lies about drugs at school, the media spreads lies about drugs, people believe lies about drugs and repeat the lies to their friends further strengthening the perceived legitimacy of the propaganda. Of course churches also are against drug use, and that is like the third primary source that people get their information from (even though it is all bullshit). So we have people who are born and they go to school where they are taught lies about drugs for years, the media portray drugs in a false light, the churches portray drugs in a false light, people are surrounded by bullshit 360 degrees. And people still say that we have a free political system and that the war on drugs is the will of the people! The war on drugs is entirely manufactured ! It is a modern, artificial phenomenon !

When people have an artificially created ignorance of drugs, and the only 'knowledge' about drugs they have comes from an establishment that has it in its best interests to spread lies about drugs, how the fuck is that freedom? Seriously, most adults hold beliefs about drugs that I can only compare to what beliefs a young grade school kid would hold in regards to sex! The people are like young children in regards to drugs, an artifact of their indoctrination and artificial, manufactured ignorance. It makes me so mad to hear people say that the war on drugs is the will of the people, and that we need to convince people drugs are okay. Why do they give so much power to the government, that the government can decide that drugs are "bad" (not like they really have done this, they have only decided that they want to rob and enslave us), that the government can pump out propaganda about drugs, but then when the brainwashed masses turn us into criminals and viciously attack us, we must then be saintly to them and peacefully convince them otherwise, over decades through which we are prosecuted, enslaved and killed?

I am so sick of hearing people talk about drugs like they have a fucking clue when they are just spewing out bullshit. It makes me mad that these people have control over our lives, despite not living in reality. It is a perfect example of why I hate democracy, it is an insecure form of politics. Democracy is vulnerable to propaganda and ignorance. I do not think people should be able to vote for how things are done, rather there should be a benevolent totalitarian regime (which would inherently be libertarian anarchist, and only for the enforcement of our rights). The war on drugs, and the mechanics through which a select group of elites was able to undermine democracy and turn it into a charade benefiting themselves, is proof enough for me that Democracy is dangerous. In a Democracy the  people vote for what is done, or for who decides what is done in the bastardized American form of democracy, but without the people being protected from propaganda and indoctrination, the propagandists and indoctrinators are really the ones who decide what is done! Even worse, the people are tricked into thinking they decide what is done, because they cannot see their own manipulation. They can not determine that their own knowledge is false, and that their minds have been poisoned and tainted by groups with ulterior motives. And so the people are falsely pacified, they say that we have the power and that the enforcement agencies do our will so they are not our enemies. They do no see that we have no power and that the enforcement agencies are the soldiers of the propagandists. The masses do not see that they are kept stupid so that minorities of them can be sectioned off by the government for sale into slavery, for profit of the government and the interests of those who are in the government.

Everyday we see the results of the evils of Democracy and the evils of the government. We see people needlessly dying from overdoses on drugs that they would otherwise obtain in measured dosages. We see drugs such as PMA sold as MDMA leading to many more senseless deaths. We see the funding of violent cartels leading to tens of thousands more deaths, poverty and other horrors. We see our peers sold into slavery for the profit of psychopaths. We see the spread of disease such as HIV. We see unsanitary and impossible to properly regulate practices of drug distribution leading to many issues. We see nations with citizens who are kept as stupid as small children, it is like the fucking twilight zone. The list goes on and on. Every time somebody says something like "Taking LSD 7 times causes a person to be clinically insane!" I fucking cringe, I cringe at their artificial stupidity and I cringe because I am shown clearly the falsity of Democracy, I am shown clearly that while I am ostensibly free in reality I am a slave.

1256
wtf giving children illegal drugs !!!! We must put an end to this, better for them to live in fear for their entire lives than to try an illegal drug even once.

1257
Security / Re: Design flaw in 1Password password manager found
« on: April 19, 2013, 05:21 am »
Isn't this why you don't roll your own encryption and stick with the standards, or is there a problem with one of the standards?

Well they used the standards (AES-128-CBC, PBKDF2, SHA1) , and didn't strictly speaking roll their own encryption (although they did roll their own cryptosystem), but they used the standards incorrectly. It would be like using seeded SHA256 for a PRNG, but only hashing out from the seed, without concatenating the seed to each output iteration before rehashing to get the next output iteration. Although that would be rolling your own PRNG, so it is not a perfect analogy.

At least they knew to use a PBKDF, an even worse situation would happen if they had simply used SHA1 for the key without combining it with a PBKDF. In either case they would have used the standards, but it would be a misuse in either case. In their case the number of iterations was halved, from 1,000 to 500, had they used SHA1 with no PBKDF there would have only been one iteration.

But even though this shows that they didn't know how the mode of operation they used worked, or how to correctly use PBKDF2, the effect on end users should be fairly minimal. PBKDF stands for password based key derivation function. It is used to derive a key, for use in encryption operations, from a password. Generally it works like this:

You provide a salt, a hash function and a number of iterations. Let's say your salt is 'abc' , your hash function is SHA1, your number of iterations are set at 2 (way too low!), and your password is 'def'.

So the first iteration will produce the SHA1 hash of 'abcdef'

bdc37c074ec4ee6050d68bc133c6b912f36474df

the next iteration will produce the SHA1 hash of the first iteration

e3cd537dc0c5da5cc5360dab38faf6fcee29a2f8

and this is the key derived from your password run through that KDF. This is beneficial when you have a lot of iterations, because it makes it so the attacker must use more computational power, which translates into more time, in order to brute force your password. It also protects from rainbow tables because of the salt. Assuming the attacker guesses your password correctly the first time, if there are two iterations of the KDF, it means they must do two hash operations to derive your key. Without a KDF, they would only need to perform one hash operation to derive your key. Since they have to do two operations with the KDF, it doubles the amount of time required for them to crack your password. If you use 1,000 iterations, it multiplies the amount of time required by 1,000. 

This is really nice for slowing down brute force attacks, but it isn't a replacement for a good password. It may make a very bad password into a  bad password, but it will not make a okay password into a strong password.

An 8 bit password has a key space of 256, 2 ^ 8. That means without using a KDF, the attacker has to do at most 256 hash operations to crack your password. With a KDF that uses 2 iterations, they need to do at most 512 hash operations to crack your password.

log2(2 ^ password_strength * KDF_iterations) = password_strength with KDF

Keep in mind that it gets unrealistically slow for a user to generate their keys as you go up orders of magnitude in the number of iterations. Most programs use somewhere in the area of 1,000 iterations.

log₂(2^8×1000)         = 17.96 bits with 1000 iterations
log₂(2^8×10000)       = 21.28 bits with 10,000 iterations
log₂(2^8×100000)     = 24.60 bits with 100,000 iterations
log₂(2^8×1000000)   = 27.93 bits with one million iterations

log₂(2^128×1000)       =  137.00 bits with 1000 iterations
log₂(2^128×10000)     = 141.28 bits with 10,000 iterations
log₂(2^128×100000)   = 144.60 bits with 100,000 iterations
log₂(2^128×1000000) = 147.93 bits with one million iterations

As you can see, adding a single random 8 bit character to a password is more effective at increasing password strength than going up two orders of magnitude in the number of PBKDF iterations you use. Adding 1000 iterations to an 8 bit password more than doubles the bit strength of the password, but adding 1000 iterations to a 128 bit password doesn't anywhere near double the bit strength.

So even though it is best to use a PBKDF to give some extra bit strength to the password, even not using one at all isn't the end of the world if the user has a good password. And adding orders of magnitude more iterations greatly increases the amount of time it takes for the user to generate their key, and is less effective than the user adding a single additional character to their password.

I am pretty sure that 1Password used PBKDF2 twice, once with a salt for the IV and once with a salt for the encryption key. So lets say once they call it with

'1PasswordIV' + 'Password' , for 500 iterations with sha1

and once with

'1PasswordKey' + 'password' , for 500 iterations with sha1.

They were banking on CBC mode requiring the IV for all steps of decryption to see if the password was correct, so they assumed that they were using PBKDF2 with 1,000 iterations. The attacker saw that they didn't understand CBC correctly, and that they used PBKDF2 weirdly, and so they entirely ignored the '1PasswordIV' + 'Password' for 500 iterations step, cutting the amount of effective iterations in halve.

The problem would not have arisen if the 1Password people correctly understood CBC mode decryption, or if they did something like

'1Passwordsinglesalt' + 'password', for 1002 iterations with sha1

and took 256 bits from the last two iterations as their output, using the first 128 for the IV and the last 128 for the key.

Or if they didn't generate the IV from the password at all, and used 1000 iterations for the key. Or if they used sha256 and a single call the PBKDF2, then split the final iteration as I described previously.

1258
Security / Re: Design flaw in 1Password password manager found
« on: April 19, 2013, 04:16 am »
I really wish I knew more technical details of how they have used the PBKDF, because the more I think of it the more I think they must have done something really bizarre to be susceptible to this attack. I would imagine they are at least using the PBKDF to generate enough output by increasing the iterations by one, and taking 256 of the 320 bits this outputs with SHA1, 128 to be used as key and 128 to be used as IV. If they are doing this, even though only the key is required to see if the password is correct, assuming they use the first 128 bits for the key, the lack of requirement of generating the IV on the attackers part would only remove 1 iteration per password. Considering they were using 1,000 iterations per password, having to do one less will not halve the number of required iterations. I think what they were doing was probably using one salt for the IV and one salt for the key, and doing 500 iterations of PBKDF2 for each of them, with the same password seed input. That is the only way I can imagine this attack as halving the number of iterations. If that is the case then it was a stupid implementation error on the part of 1Password, because even if they thought that CBC mode used the IV for every step of encryption AND decryption, they should have just used a single call to the PBKDF2 function and output 256 bits by sequentially iterating beyond the number of brute force protection iterations. Or they could have just used SHA256 to begin with, and doubled the number of iterations they were using. It is even more dumb because they don't even need to keep the IV secret, they could generate a random 128 bit IV and stored it in plaintext, then generated the encryption key from the password with the number of iterations they wanted. There is no real reason to generate the IV the way they were, and they were counting on iterations from PBKDF2 to generate the IV to slow down brute force attacks, which failed for them because CBC mode doesn't require the IV to confirm the key is correct.

So they made a number of mistakes.

The primary mistake they made was:

A. Assuming CBC mode requires the IV for every step of decryption. This is a mistake I would forgive them for, simply because I thought the same thing until I heard about this and looked at the diagram on wikipedia. The IV influences every block of encryption, but only the first block of decryption.

However, the attack could still have been prevented if they didn't:

B. Think they needed to generate the IV from a password, or keep it secret at all. IV does not need to be secret, and there is no reason to generate it from a password. By generating it from a password, and counting on the side effect of PBKDF2 iterations in this step as part of their total number of iterations, they screwed themselves.

C. Use SHA1 for some reason, even though they wanted 256 bits of total keying material. SHA256 is the logical choice here, and they could have split the output of PBKDF2 into two 128 bit sections , one for the IV and one for the key. Then they would have set the iterations in a single function call, and at worst the attacker would need to do one less iteration, if they use the first 128 bits as the key. If they did this and used the last 128 bits as the key, the attack would not be possible.

D. Use two calls to the PBKDF. I am not 100% sure they did this, but it is the only thing that makes sense to me for how the attacker could halve the number of iterations. My educated guess is that they started with two salts, one for key and one for IV, then ran through 500 iterations of PBKDF2 with the salt for IV + password to get the IV, and 500 iterations of PBKDF2 with the salt for the key + password to get the key. Even using SHA1, if they simply ran 1002 iterations of PBKDF2 and took the last two iterations 320 bits and used 128 bits of it for IV and 128 bits of it for the key, they would not be vulnerable to this attack or only vulnerable to 1 lost iteration per password attempt, depending on the order they use the output bits in.

So in summary, this flaw is the result of a combination of them not correctly understanding how the block cipher mode of operation they used works, and misusing PBKDF2. I think I would be hesitant to use their products.

1259
Security / Re: Design flaw in 1Password password manager found
« on: April 19, 2013, 01:14 am »
OpenSSL allows PBKDF2 to output as many bytes as you tell it to with a single function call, but I am not sure exactly how they achieve that. I should test it and see if it is just hashing x times and discarding the remainder. Considering the OpenSSL implementation of PBKDF2 is likely by far the most commonly used, it seems like this could very well be a flaw in OpenSSL that extended to 1Password.

After reading a bit more about the technical details of this attack, it becomes apparent that it is hardly really a flaw in PBKDF2 though. It is a flaw in the way they used it. If they used it with a cipher in CTR mode this attack would not be possible. It is really a pretty subtle attack, I would have definitely overlooked it myself because I always thought in CBC mode the IV influences every single block, but looking at the Wikipedia diagram of it I can see now that this is only the case for encryption, not for decryption where only the first block is affected by the IV. I would expect a professional cryptographer to never make such a mistake though, or even someone implementing something using CBC mode, as I would hope they look at the diagrams on wikipedia first at least. In CTR mode the IV influences every single output byte, for encryption and decryption. So their mistake was in using two calls to PBKDF2, with one for the IV, when the IV is not required to determine if the key is correct in CBC mode decryption.

Also it seems like he could have used the first set of output bytes of the KDF as the IV and the second set as the key. Then attackers would need to generate the IV associated with a password before they could generate the key associated with it. Or he could have even not generated the IV from the password, and doubled the number of KDF iterations. the IV doesn't need to be secret, and probably shouldn't be based on the same password that is used to derive the key anyway.

1260
Drug safety / Re: Ask a Drug Expert Physician about Drugs & Health
« on: April 18, 2013, 08:37 am »
Yellowmattercustard:

The only way I know to avoid loss of magic and depressive symptoms is to be moderate in dosage, frequency and contexts. To leave MDMA for special occasions and not to make it an habit. This could sound obvious, but I think it is not only a question of neurorreceptors. It is much easier.
Suppose that you like Disneyworld. The first time you go you will think it is fantastic but, if you go every weekend you will finally get fed up of White Snow and Donald Duck. Properties of MDMA are so specific that if you use it too frequently it makes you bored. I think it is also important not to expect too much from it, I mean, some people get obsessed with "getting high" as the first times and that conditions the experience. It is also important, in my opinion, to realize and think about some effects of MDMA that can be learn during the experience, but applicable to everyday life.
Someone told me that the first time you take MDMA is similar to "learn to read". Once you have done it, your perception of reality (and your perceptions of further MDMA experiences) changes. You can´t learn to read twice, and, in this sense, the first experiences will be different to the rest. But you can still enjoy the substance if you are cautious in the way of use and don´t expect too much.
Combinations with SSRI, Prozac, triptophan and all that stuff don´t have a scientist basis.

Doesn't combining MDMA with an SSRI lead to an increased risk of serotonin syndrome?

Pages: 1 ... 82 83 [84] 85 86 ... 249