The UVD/UVD2 thread.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fixxer_Linux
    replied
    Hey guys, for cracking a code for accessing a system, the best way ever made is still to grab a gun and respectfully ask for the password !


    I'm kiding, but not so much. Kevin MITNICK said that the best way ever made was simply to phone and simply ask the password, letting the user believe that it's an IT support call and the password must be confirmed for checking purposes (or any other story that seems true to the employee)...

    Leave a comment:


  • bridgman
    replied
    Originally posted by nanonyme View Post
    Btw, I expect you are aware of the fact that if there is indeed even a fraction of organized crime behind piracy like media industry claims, someone will eventually reverse-engineer the cards no matter how well the information is guarded.
    I agree completely. If we thought that cracking the graphics card DRM implementation was a viable approach for content piracy we probably would not have been able to provide much support for open source driver development in the first place. If you want to pirate protected media content there are easier ways to do it.

    Leave a comment:


  • nanonyme
    replied
    Originally posted by bridgman View Post
    It's a good thing most companies require strong passwords these days, so users write their passwords down on yellow sticky notes or leave them in clear-text files on the PC.
    Btw, I expect you are aware of the fact that if there is indeed even a fraction of organized crime behind piracy like media industry claims, someone will eventually reverse-engineer the cards no matter how well the information is guarded.

    Leave a comment:


  • nanonyme
    replied
    Originally posted by Qaridarium
    but in AES there are known flaws!
    I read the section about cracking AES you read. The first one if I understood just related to factorization which is hard unless someone starts building powerful quantum computers. While my German lacks, I'd say for relative certainty that the German Wiki page says that the second approach is purely theoretical.
    I might quote this thing from English Wikipedia page on timing attack which the Wiki page you talked of mentioned as the latest approach on the problem http://en.wikipedia.org/wiki/Timing_attack
    "Timing attacks are easier to mount if the adversary knows the internals of the hardware implementation, and even more so, the crypto system in use. Since cryptographic security should never depend on the obscurity of either (see security through obscurity, specifically both Shannon's Maxim and Kerchoff's Law), resistance to timing attacks should not either. If nothing else, an exemplar can be purchased and reverse engineered. Timing attacks and other side-channel attacks may also be useful in identifying, or possibly reverse-engineering, a cryptographic algorithm used by some device."
    Meaning someone would need to purposefully reverse-engineer the AMD security implementation to get absolute certainty that the cracking would actually work indefinitely.
    This seems to be one of the reasons for why AMD is so cautious about giving out full hardware specifications of their cards.

    Leave a comment:


  • bridgman
    replied
    It's a good thing most companies require strong passwords these days, so users write their passwords down on yellow sticky notes or leave them in clear-text files on the PC.
    Last edited by bridgman; 23 April 2009, 10:34 AM.

    Leave a comment:


  • nanonyme
    replied
    Originally posted by Qaridarium
    600000000*365*24*60*60=1,89216^16 valid tests!
    Oh, cool. So it would take only 48247532784267608970568097787748983353656788171230 145158795634555590179630324741547659478604 years to crack an alphanumeric password with spaces with length 60 by bruteforce methods by your calculations with the grid you visioned. You, sir, are a genious.

    Leave a comment:


  • deanjo
    replied
    Originally posted by nanonyme View Post
    For your information 100 000 combos per second is insignificant. We're talking about easily over 91292051633079798989750131910067116342455228306074 83146366674788070551428931526296681935903540008509 26342401 total amount.

    That's right, and to top it off that Cuda cracker is only effective against extremely weak passwords.

    Another great breakdown of real numbers.

    Brute forcing a 256 bits cryptographic code without any known flaws (like WPA2 AES) means that they should test at worst 2^256 keys and average 2^255 (~ 10^76) keys.
    Let?s say that they are using a new nVidia GPU with 1000 stream processors running at 10 GHz
    That is 10^13 instructions per second
    Now with their magical software they can check 1 key per instruction.
    So, they can check 10^13 keys per second
    Even with 1 billion of those GPU (10^9) they can "only" calculate 10^22 key per second (.
    At that rate, they need 10^51 seconds which is 10^43 years.
    As a reference, the estimate age of the universe is 10^14 years.

    Leave a comment:


  • nanonyme
    replied
    Also another note: the thing about WPA2 is that passwords are weak. If the passwords weren't that weak, WPA2 wouldn't be breakable in a timely manner. WPA2 in itself is not weak, humans are. You're not breaking the AES key there, you are just breaking a password set by a silly human. Key-based authentication would be closer to unbreakable.
    Last edited by nanonyme; 22 April 2009, 06:54 PM.

    Leave a comment:


  • nanonyme
    replied
    Originally posted by Qaridarium
    (Combos per second per computer) = 100 000 !.
    For your information 100 000 combos per second is insignificant. We're talking about easily over 91292051633079798989750131910067116342455228306074 83146366674788070551428931526296681935903540008509 26342401 total amount.

    Leave a comment:


  • curaga
    replied
    Not exactly moot, the poor devs who can't afford / make up a reason to buy a new 50$ cpu (which most likely would also include a completely new set, expensive ddr3 ram and all) would then get the chance for great playback on their -current- computers.

    Which is a nice goal in itself.

    Leave a comment:

Working...
X