Live From the Stomach of a Whale

Well, we've done one more show before we leave for LWCE from where we'll have multiple icecasts throughout the week. In our latest episode, we talk about the Slash code release, Kevin Mitnick's encrypted data, and the DoubleClick fiasco.

Why we like CowboyNeal

[BaronCarlos]

Like BaronCarlos said before, he's the Tom Servo of Geeks in Space.

Along this same analogy:
Rob is Crow
and Jeff is Joel.

Any MST3K fan would agree that all the characters are lovable, but all still have their favorite.

Tom Servo, and CowboyNeal, are both super sarcastic, in the passive sense.

He's the thinking man's comic.

We love that.

Another great episode.
And E-mail is being sent.
*Carlos: Exit Stage Right*

"Geeks, Where would you be without them?"

Hey... wait a second...

[Kid Zero]

I've got all 20 episodes. (if you count 3.1 as a seperate episode). Does this mean I need a new hobby?

Oh well... It's always funny to listen to.

Malda Rant and Cops

[Duxup]

Note to /. users. Don't play this episode too loudly when Malda rants . . . elderly neighbors will call cops due to "domestic dispute" next door.

Re:Why we like CowboyNeal

[Hello folks]

I personally like cowboy neal because he reminds me of Chong.

Cheech and chong forever!!!!!!

Mitnick's encrypted files

[David Gould]

the government is apparently totally incapable of cracking encryption even given five years with the data to themselves. ... 12 bits of encryption ... My VAIO could brute-force that in five minutes.

I saw this a few times in the comments on that story too, and I can't get over how totally some people seem to fail to understand encryption. This is at least as dumb as the "factoring large prime numbers" mistake that so many people make when talking about RSA. What makes you think he used such a weak code? Your TI-85 would have been perfectly capable of encrypting with, say, a 4096-bit RSA key (I have no idea what he actually used) -- it may have taken minutes or even hours instead of seconds, but the result is every bit as strong now as it was then. What you're missing is that that is exactly the point of why "they" don't like people having strong encryption: they can't crack it! That's why it's called strong encryption. It's not like, "Gee, this code is really hard, but you'd think in five years they'd manage to figure it out." That's just ridiculous. If the files are encrypted with a 4096-bit RSA public key, then they might as well be random noise, since that number is never going to be factored (barring a breakthrough in quantum computing or number theory).

Sure, distributed.net has done well on some small keys, and is likely to finish RC5-64 in the next couple years, but those efforts are to prove a point about the weakness of small keys. Strong encryption is the kind where, if every particle in the universe were part of one big computer, the code still couldn't be cracked in the lifetime of the universe. In those cases, the only way to get at the data is some kind of "sideband attack", e.g., finding the key written down somewhere (if he'd been that dumb) or getting him to surrender it. If he was smart enough to use a strong code and not leak any sideband information, there's nothing they can do.

We're the most powerful nation in the world and can't crack five-year-old encryption in five years.

Well, that just goes to show what happens when those evil hackers have access to strong encryption. This is why that technology has to be controlled -- to save the government from this kind of embarrassment. Seriously, this is the strangest part of your argument: all this time, whenever a crypto-control story has come up, we have all railed against the government(s) for trying to control the technology and limit us to codes that they can break, and now, when you see an example of what happens when someone uses a strong code, you make fun of them for not being able to crack it. What's that?


David Gould

Free Kevins Porn!

[Zaffle]

In recent news, distributed.net has announced a new challege. The US government has sponsored the Crack Kevins Porn, errr, Disk Drive compitition. :)

Btw - I agree with Robs rant on advertising. I wish I could do that too. :)

Oh, and I run Junkbuster, and yup, I enable Ads for slashdot, and a few other sites.

The length of this broadcast was good. Not too short, umm, still not long enough, I'd prefer 24hr slashdot radio, but I'm just strange. But seriously I'd love to have broadcasts more often.

---

Past episodes.

[Rodney L Caston]

are we archiving these on slashdot somewhere? Of course *I* have collected and archived every episode, afterall - who wouldnt want them? Listening to the angelic voice of Hemos keeps me sane...

Re:Past episodes.

[qbwiz]

There is a "past shows" link on the left bar.

Why do we all love Potter?

[Sebbo]

'Cause he's the only one with a deep voice--sorta the James Earl Jones of Geeks In Space.

Why I like Pater (and GiS)

[msphil]

I like Pater because I like (a) his voice and (b) his sense of humor. Funny thing is, he sounds a lot like one of my co-workers =) (On the other hand, I also like listening to Rob & Jeff going back and forth. And Jeff's "Uh, riiiiiight.")

This is fun to listen to =) Want more!

Re: Mitnick's encrypted files

[Saint Mitchell]

I agree with you on some of this. Yes, A 4096 RSA key would take a very long time to crack. I doubt that Mitnick used that strong of encryption. If I were to guess I would say it was around 1024. If I remember correctly 512 bit has been cracked using distributed computing in a matter of weeks. With the government super computers I think they _could_ most likely crack a 1024 bit key in five years. I don't see how they couldn't really. Maybe it's the X-files episodes talking, but I believe that there are only three possibilities: 1) They have cracked his key and they don't want us to know. Why you ask? To make us (as well as other countries) feel all warm and fuzzy about using the 128 bit on the net and in Windows 2000. Possibly to make a public outcry against "the evil hackers" who use strong encryption. Since no one bought that only Drug dealers and child pornographers were using it they had to have a new scapegoat. 2) They knew all along that Mitnick was never a real threat to them. They simply didn't dedicate the resources necessary to crack the key. 3) He _did_ use a huge key as large as 4096 bit and they can't break it.

Re: linuxone

[Saint Mitchell]

Here's some:

It's hands down the worst distro I've ever downloaded. I can't believe someone repackaged Mandrake let alone soooooooo poorly. I like what Mandrake 7.0 has done with Redhat. I do not, however, like what Linuxone has done to Mandrake. LinuxOne Lite (didn't bother with the other ver) simply sucks. I never even got it to install. Maybe you have had beter luck. I might give it another chance someday...but not anytime soon.

Re:linuxone

[Duxup]

If you listen an episode or two back they make some comments on it, with some humor.

Re: Mitnick's encrypted files

[Inoshiro]

Ahh, you must not compare Apples and computers (pun!).

128-bit encryption in Win2k is symetrical, using a RSA style negotiation setup. 128bits is more than enough for a symetrical key, as it still takes a long, long time to check all the possible 2^128 numbers against a block.

Public key (RSA) style for general encryption, OTOH, requires a much greater keylength because you are giving away some information. You can't choose low-order polynomials, as it would make it trivial to break your data. You have to keep your "key window" in a much higher area, which is perfectly fine until someone figures out a quick way of factoring super huge numbers :-)

So two different styles of encryption, two different optimal key lengths..
---

Mitnik's Encrypteed files

[fosh]

My guess is that the reason the govennment can't break mitniks files is becuase the have been compressed in some way, like adaptive huffman coding, or something. Becuase Brute force only works when u can check the decrypted file against a vocab list, it is EXTREMEMLY difficult to break an enctrypted file.

Just my $0.02

Re:Mitnik's Encrypteed files

[james b]

Alright, here's something I've never understood about brute-forcing encrypted files (not that I understand the area very much at all):

Presumably the brute-forcing algorithm has made some assumptions about the nature of the encryption it's testing. If, as you say, it's using some kind of dictionary to detect when it has cracked the file:

Why not simply put the plaintext data through some simple cipher that makes it look just like garbage so they can't tell when they have the correct key?

I know there's a reason why this is silly... anyone care to enlighten me?