Typing The Letters A-E-S Into Your Code? You’re Doing It Wrong! : very funny, and a fantastic illustration of common applied-crypto pitfalls
(tags: authentication crypto 2009 encryption humour cookies security coding aes cbc sso)SHA-1 collision attacks now 2^52 complexity : ‘Authored by researchers at Macquarie University in Sydney, Australia, their work reveals a collision attack on SHA-1 with a complexity of 2^52 operations (the previous fastest known SHA-1 collision attack had required 2^63 operations). This is a significant improvement in finding SHA-1 collisions.’ ‘the attacks affect collision resistance, not pre-image or second pre-image resistance. […] the researchers are able to generate two unique messages that hash to the same digest value.’
(tags: sha-1 security collisions collision-resistance hashing complexity attacks danger)How I Hacked Hacker News : crappy pRNG seeding; used the same source “random” stream for both security-sensitive purposes (login cookies) and non-sensitive user-visible data (in HTML page source); and no HMAC usage at all. oh dear. good example of how not to do it
(tags: prng random cookies lisp arc ycombinator hackernews dfranke security exploits)NILFS: A File System to Make SSDs Scream : log-structured fs; instant “free” checkpoint snapshots, fast crash recovery, superfast benchmarks, in upcoming Linux kernels. sounds awesome (via JZawodny)
(tags: via:jzawodny linux storage ssd filesystems backups snapshots crash-recovery fsck checkpointing nilfs)more on Google Wave and spam : ‘Lars Rasmussen responded that [the spam problem] hasn’t been given much thought yet [jm: !!!], since it is a closed developer’s preview for now, but also mentioned that most likely Wave would use a whitelist option, where you’d have to add a friend/coworker before they could send/invite you to Waves.’ ie, the IM style
(tags: im email messaging google wave anti-spam spam chat)Google Wave spam discussion : looks like the plan is for third parties to provide anti-spam services/bots to despam your Wave inbox, plus a little economic handwaving
(tags: google wave messaging wikis anti-spam spam email)