Speed

I started with some benchmarking: http://e-x-e.dk/labs/timing/ (source: http://www.e-x-e.dk/labs/timing/source.php).

This basically creates 10000 random strings with a length of 50 and then encrypting all of these random strings with all of the hashing methods of my php installation’s disposal. This outputs a sorted list of the methods. The consequents of choosing fx a slow hashing method means that you’ll have a bit more load on your server since speed == load. But then again, choosing a slow hashing method will also mean a slower bruteforce for the hacker – buying your users (or you) more time to change their passwords and you closing the hole. But you’ll have to remember that where your bigger load/increased hashing-time caused by the slower hashing method is spread out the bruteforcers isn’t. So it’ll be a bigger hit to the bruteforcer than it will be to you.

Common vs. uncommon method

When choosing a hashing method it can also be a benefit from my point of view to choose a less common method for hashing your password/information if you have the option. And the argument is quite simple I think. With common methods like md5 which is used by the majority of sites today there are already constructed huge (HUGE) rainbow tables etc. (http://www.freerainbowtables.com/da/tables/md5/). Therefore by choosing a common hashing method you are also decreasing it effectiveness since a lot of the string combinations have already been computed.

Choosing a more uncommon hashing method will get rid of this problem, but then again, this maybe result in a slower computing of the hash as well, and for some – that’s a problem. By choosing a fx a tiger(2), SHA-1 or SHA-512 hash over fx. md5 you would decrease the effectiveness/speed of the bruteforce.

Hash method attacks

The effectiveness of a hash method is of course also influenced by if it has been fx collision attacked (http://en.wikipedia.org/wiki/Collision_attack) or a preimage attack (http://en.wikipedia.org/wiki/Preimage_attack). Therefore you should also have this in your considerations when choosing a hashing method for your site.

Other things to consider

Things like salting your passwords etc etc is naturally also a good idea (maybe even with some HUGE salts, to ensure the length of the password extends the typical length of passwords and thereby setting the rainbow tables out of play). Some of these considerations might come in a later post.

I think there a lot fo pros and cons in this matter but as a general conclusion I think it’s time for the use of some more uncommon hashing methods in order to strengthen the security of information if hashed information is compromised. What do you think is the best hashing method to use and why?

So  I started with stealing a basic example, cleaned it down, leaving only the raw gadget. From there I used the “gadgets.util.registerOnLoadHandler(init);” functionality to load potentially malicious code onLoad of the Gadget. This can be used to prompt the viewer of the Gadget for eg. login information. The normal trusting user wouldn’t suspect this risk since it was prompted by Google Wave, right?

Passing on I’ve created a couple of buttons in the Gadget which called a couple of Javascript function which did a couple of different things, one simple alerted the user, just to show that you could do anything.

One button changed window.top.location, sending the user to a completely other site, away from the “protecting” environment of Google Wave.

One button got the viewers Google Wave ID (an email), his/hers display name and his/hers thumbnail url. This could maybe be used to created fake accounts on websites, compromising the viewers exclusive use of his/hers email. Of course the email could also be harvested and sold to spamming bad guys with a lot of “Great deals on Viagra”.

The last button I created in this little Gadget example did also change the window.top.location but this time not to an url but instead to some data:text/html – base64 encoded. This could be used to show ads or propaganda to the viewer without a possibility to block a specific url, since this was content defined in the Gadget’s code itself.

This is what I’ve been doing the last day or two I have you read this and spread the word and of course leave a comment or a trackback. As said I’ll be back with more Google Wave security when I get access to the Sandbox

My Gadget can be viewed and tested at this URL:

http://e-x-e.dk/labs/waveHack/hack1.xml

Anyway, I wanted to watch a movie and that’s no problem when we got a NAS at home but the DLNA server of the device is setup to only take content from the music folder on the device (for some reason the DNLA server in the NAS can only provide content from one folder). So I had to find another way to push content to the PS3 system. I knew I wanted to use the network connection since the whole house is build on this network anyway, and secondly I’m rather lazy. Furthermore I really wanted to take advantage of the build-in DNLA streamer/player in the PS3 so I had to setup some kind of DNLA server on my laptop or other kind of computer.

I Googled around the interwebs and found Java PS3 Media Server at Google Code. It’s an awesome project which I hope continues. Well the project looked really nice and I downloaded and installed the server only my laptop which easily should be able to serve the content seen from a processor (Intel Core 2 Duo, 1.8 GHz) and memory (3 GB) point of view.

First I tried to stream some random video content and is ran smoothly but when I choose a bit more demanding kind of content the stream just couldn’t keep up with the demand. I firstly tried to lower the transcoding settings and looked at the network load at the same time. This is what I found:

Note that I boosted the transcode buffer maximum size up to 600.0 MB.

Streaming audio

I set the default quality of audio streaming down from 640 KBit/s to 320 KBit/s and I did that first of all because I wanted to keep my portability and not needing a network cable plugged into both the laptop and the PS3 which both were operating wirelessly. Secounly I didn’t need all of that quality since I rip my CD’s at 320 KBit/s and the transcoding was going into AC3 which means that even at a low bitrate I would get rather good quality out of the Samsung LE32B535 which is connected to the PS3. I also changed the number of audio channels from a whooping 5.1 (6 channels) to stereo (2 channels) again because I wanted portability and I wasn’t streaming to any surround sound system.

When buffering a song the network load hits properly just maxes out. When the starting buffer is full and streaming normally the network load is just around 125.000 byte/sec (0.96 Mbit/sec) which I think is really good (when filling rest of the buffer). Keeping the normal network load under 1 Mbit/sec. means that nearly every wireless setup will be able to stream smoothly.

Streaming pictures

Not much to say here to be quite frank. The times it takes for the pictures to load is of course dependant of the size of the pictures and of course the maximum network speed.

Streaming video and problems

Good software always have a butt, and this one got a bad one of those. My network connection couldn’t keep up with the request of data and therefore the video was a real pain the in ass to watch. Well this only happen with some movies. I tried ripping in different bitrates at 1800 kilobyte/sec. the video stuttered every some seconds, but at around 1150 kilobyte/sec the network connection could keep up, but only just (stutters sometimes). So the real pain in the but is the network speed, I would recommend using cables (at least 100 megabit/sec. of course) when streaming stuff to your PS3 using this software. You could use at lower bitrate but then it wouldn’t really be fun to watch on a full HD monitor, right?

I think you should try it out In my tests both my PS3 and my laptop was in the other range of the wireless access point. When I get the time I’ll try the same tests with both devices connected to the network with cables.

Unserious stuff:

http://soundcloud.com/obd/obd-nu-ar-jag-en-cider-feat-hakan-roswall  - A song created by some dude, really fun. If you understand it.

http://spectrial.virvelvind.net/ – The place I got the song from above, here is some really fun stuff as well. More song, a Roswall-nonsense generator etc.

http://en.wikipedia.org/wiki/King_kong_defense – The wiki talks for it self.

Serious stuff:

The English translated version of all the news, twitters etc. from the case: http://74.125.19.132/translate_c?hl=da&langpair=sv%7Cen&u=http://live.piratpartiet.se/&usg=ALkJrhiLOLGPFWYRkZspxZZMrSFEJHQ1YQ

The place where you can listen to the trial LIVE: http://www.sr.se/webbradio/webbradio.asp?type=live&Id=SR-Extra01&BroadcastDate=&IsBlock

Except this I’ve used my 5 minute break on this wallpaper today. It comes in 2 sizes: 1600x1200 and 1900x1200 this should suit anyone.

1600x1200

1900x1200

The original PSD file for the 1600x1200 version

The TPB font

Please create more fun and fantastic wallpapers and such and post a comment or a ping to this post.

I’ve been busy dancing, working and with my second year as a college student. As said I’ll try to start blogging again and hopefully you’ll comment this and my future post as motivation.

See ya’ all

Thomas

I'm going to write the tips in a chronology order as the day goes a long.

Morning: Get up early and start the day good. This could be a general tip for anyone but it's really important to get up early. In that way you'll have a whole day instead of just a half one. It's better to start early and end the day early than starting the day late and end the day very late!

And get really up, I mean you have to get up, take a shower, eat breakfast and get properly dressed before you work. You can't work in a pyjamas.

Noon:Make sure you get normal breaks. One at noon for lunch and one in the afternoon. In that way you don't have to leave your work behind because your starving.

NOTE: Do not take your break the same place your working, otherwise it isn't really a break. Have some zones in the house with work-only and non-work.

Afternoon and night: When the working day is about to end then end it. Don't "take your work home" otherwise you'll just keep working (or thinking at work).

General tips:

Separate your time. Don't take a hour out of your working day to raid in WoW or anything like that. You'll forget everything about work and keep playing (I've tried that one). AND: limit distractions, avoid TV, (non-)VOIP and phone calls etc.

Have a good working plan. Make a plan (maybe) a month ahead so you have some goals of the day. Else it can be hard to know what you've just spend a whole day working on.

Dedicated to my dear friend Stefan Bohlin, your the greatest dude! I wish you the best of luck with your firm!

Well I'm going to review:

• Club 3D - Radeon 9800 PRO
• Maxtor Onetouch 3 300GB
• Creative X-Fi X-treme Music
• LG Flatron L1980Q

And when the new hardware has been bought and received I'll do some reviews of that to. An complete review list will be up later on.

Some subjects for future posts will be about the ultimate technical home, where everybody is talking to each other and working together.

But enough whining from me, I've planned some posts about me dream digital home. All the things I want and need to create the perfect home for my family and I. A digital home isn't just to get the bragging rights (well a bit maybe) but also to have an easier everyday life.

These posts will be posted in the nearest future.

What this blog should do:

• Inform you on Internet security
• ... Computers
• ... Hardware
• ... Software
• ... Ballroom Dance
• and a lot of my dreams, everyday life and bragging.

For the first dot: I'm a security geek, that's it, now it's out in the open. I will try to have a finger on the pulse and I will post the exploits and errors I find. These exploits will be analysed and found a solution for.

For the 2nd, 3rd and 4th dot: I know computers is hardware and software mixed up. BUT, I will also get a perspektive on whole systems instead of just a piece of software or hardware.

For the 5th dot: Without thinking gay and wierdo let me explain. In my sparetime I'm a dancer with passion. I'm dancing on my ehhh... 11th yeah so this is no new thing for me. I'm not going to talk a lot about this but, it would be a good breakoff instead of computers and stuff 24/7.

and the last dot: This is like the 5th, a breakoff from all computers. I maybe give you a tour in my room or my home. This will give you an insigth of who I am. In this categoty I'll also be bragging about holidays and stuff. For a starter I can tell you that I'm going 1 week to Mallorca in my summer vacation.

Each of these dots will get a category for easy viewing what you like.

And now: why I'm starting this blogging thing. First off all I hope to get to learn a hole lot of people to know thogh all this. Second off all I hope my english will be better, I think it is okay now but it can allways be better!

Please give me some critic on everything; spelling, content, the site, impromements, you name it!