Comments for InSecurity - IT Security and the Ever Evolving Challenge to Get it Right http://knikki.com A blog about intrigue, espionage, hacking and absurdly overlooked errors. Thu, 01 Mar 2012 15:32:23 +0000 hourly 1 http://wordpress.org/?v=3.1.2 Comment on Strider Honey Monkeys by Haakon Dahl http://knikki.com/?p=17&cpage=1#comment-19 Haakon Dahl Thu, 01 Mar 2012 15:32:23 +0000 http://knikki.com/?p=17#comment-19 This presents an interesting variation on the Turing test, in which a machine attempts to convince *another machine* that it is a human. This presents an interesting variation on the Turing test, in which a machine attempts to convince *another machine* that it is a human.

]]> Comment on Security through Absurdity by Fermin Gonzaga http://knikki.com/?p=7&cpage=1#comment-6 Fermin Gonzaga Wed, 28 Apr 2010 02:21:09 +0000 http://knikki.com/?p=7#comment-6 My motto on one of my old business cards said "saving the world one computer at a time" and that's the case as we continue to train and educate the users on information assurance. Every year we're required to complete the CBT and that's because people continue to make the same mistakes! It's a paradigm shift and a culture change that will take time and it won't be any time soon but as long as we fight the good fight we'll win in the end. My motto on one of my old business cards said “saving the world one computer at a time” and that’s the case as we continue to train and educate the users on information assurance. Every year we’re required to complete the CBT and that’s because people continue to make the same mistakes! It’s a paradigm shift and a culture change that will take time and it won’t be any time soon but as long as we fight the good fight we’ll win in the end.

]]> Comment on Hashing vs. Digital Signatures by Cam http://knikki.com/?p=4&cpage=1#comment-3 Cam Thu, 31 Dec 2009 19:56:41 +0000 http://knikki.com/?p=4#comment-3 If I understand this correctly, then as long as a have a digital signature (encrypting the hash with my private key, only to be unencrypted by using my matching public key) on a message, then I don't have to worry about the particular hashing algorithm itself, right? If I understand this correctly, then as long as a have a digital signature (encrypting the hash with my private key, only to be unencrypted by using my matching public key) on a message, then I don’t have to worry about the particular hashing algorithm itself, right?

]]> Comment on The Birthday Attack by Nikki Hess http://knikki.com/?p=3&cpage=1#comment-2 Nikki Hess Wed, 30 Dec 2009 19:57:50 +0000 http://knikki.com/?p=3#comment-2 In terms of encryption? Or are you looking specifically at the hashing function? The best forms of encryption are going to throw additional bits of useless, random information into the message - if they didn't, it would be easy for us to find commonly used words and phrases (like doing puzzles in the Sunday paper). Adding this information is going to make it more difficult to crack the key (thereby keeping our information confidential), but keep in mind that it requires more overhead which can slow down the process of encryption and decryption and overwhelm resources. We'll talk more about initialization vectors and cryptography (my favorite subject), and we'll even delve deeper into some of the specific hash functions (MD5) in future posts - but please feel free to expand on your question and/or share your experiences. One of the things I enjoy most about this blog is the exposure to new thoughts and perspectives! In terms of encryption? Or are you looking specifically at the hashing function?

The best forms of encryption are going to throw additional bits of useless, random information into the message – if they didn’t, it would be easy for us to find commonly used words and phrases (like doing puzzles in the Sunday paper).

Adding this information is going to make it more difficult to crack the key (thereby keeping our information confidential), but keep in mind that it requires more overhead which can slow down the process of encryption and decryption and overwhelm resources.

We’ll talk more about initialization vectors and cryptography (my favorite subject), and we’ll even delve deeper into some of the specific hash functions (MD5) in future posts – but please feel free to expand on your question and/or share your experiences. One of the things I enjoy most about this blog is the exposure to new thoughts and perspectives!

]]> Comment on The Birthday Attack by Chris http://knikki.com/?p=3&cpage=1#comment-1 Chris Wed, 30 Dec 2009 14:02:58 +0000 http://knikki.com/?p=3#comment-1 Very good analysis of the Birthday Attack. Would it also be feasible and viable, to add white space in the original message? Very good analysis of the Birthday Attack.

Would it also be feasible and viable, to add white space in the original message?

]]>