Home > Boards > US Listed > Miscellaneous > OpenTable, Inc. (OPEN)

SHA-1 is insecure since 2005-7. They found a

Public Reply | Private Reply | Keep | Last ReadPost New MsgReplies (1) | Next 10 | Previous | Next
Soapy Bubbles Member Profile
 
Followed By 523
Posts 41,211
Boards Moderated 39
Alias Born 09/16/07
160x600 placeholder
Current Report Filing (8-k) "Edgar (US Regulatory)" - 7/17/2014 5:02:37 PM
U.S. Market Cap Guidelines Updated and Constituent Changes Announced for the S&P SmallCap 600 "PR Newswire (US)" - 7/16/2014 5:59:00 PM
OpenTable Restaurant Reviews Reveal the Top 30 Best Barbecue Restaurants in America "PR Newswire (US)" - 7/16/2014 8:30:00 AM
Statement of Changes in Beneficial Ownership (4) "Edgar (US Regulatory)" - 7/14/2014 5:12:41 PM
Amended Tender Offer Statement by Third Party (sc To-t/a) "Edgar (US Regulatory)" - 7/14/2014 6:10:36 AM
Amended Statement of Ownership: Solicitation (sc 14d9/a) "Edgar (US Regulatory)" - 7/14/2014 6:00:38 AM
Amended Statement of Ownership: Solicitation (sc 14d9/a) "Edgar (US Regulatory)" - 7/8/2014 9:16:11 AM
Amended Tender Offer Statement by Third Party (sc To-t/a) "Edgar (US Regulatory)" - 7/8/2014 9:13:14 AM
The Priceline Group and OpenTable Announce Early Termination of HSR Waiting Period "PR Newswire (US)" - 7/8/2014 9:00:00 AM
Amended Statement of Ownership: Solicitation (sc 14d9/a) "Edgar (US Regulatory)" - 7/7/2014 6:00:53 AM
Amended Tender Offer Statement by Third Party (sc To-t/a) "Edgar (US Regulatory)" - 7/3/2014 5:29:56 PM
Amended Statement of Ownership: Solicitation (sc 14d9/a) "Edgar (US Regulatory)" - 7/2/2014 6:01:06 AM
Amended Tender Offer Statement by Third Party (sc To-t/a) "Edgar (US Regulatory)" - 7/2/2014 6:01:06 AM
OpenTable Inc (OPEN) Investor Lawsuit to Halt Takeover Announced by Shareholders Foundation "GlobeNewswire Inc." - 6/30/2014 9:35:00 AM
Statement of Changes in Beneficial Ownership (4) "Edgar (US Regulatory)" - 6/25/2014 5:16:23 PM
OpenTable Restaurant Reviews Reveal the Top 100 Neighborhood Gems in America "PR Newswire (US)" - 6/25/2014 11:22:00 AM
Statement of Ownership: Solicitation (sc 14d9) "Edgar (US Regulatory)" - 6/25/2014 9:14:45 AM
Tender Offer Statement by Third Party (sc To-t) "Edgar (US Regulatory)" - 6/25/2014 8:46:00 AM
OpenTable Restaurant Reviews Reveal the Top 100 Neighborhood Gems in America "PR Newswire (US)" - 6/25/2014 8:30:00 AM
Statement of Changes in Beneficial Ownership (4) "Edgar (US Regulatory)" - 6/23/2014 4:40:40 PM
Statement of Beneficial Ownership (sc 13d) "Edgar (US Regulatory)" - 6/23/2014 4:20:35 PM
Brower Piven Announces The Investigation Of OpenTable, Inc. In Connection With The Proposed Sale Of The Co... "Business Wire" - 6/23/2014 2:16:00 PM
Levi & Korsinsky, LLP Notifies Investors of Class Action Against OpenTable, Inc. and Its Board of Directors i... "GlobeNewswire Inc." - 6/20/2014 4:32:23 PM
Statement of Changes in Beneficial Ownership (4) "Edgar (US Regulatory)" - 6/19/2014 1:06:40 PM
Statement of Changes in Beneficial Ownership (4) "Edgar (US Regulatory)" - 6/19/2014 1:06:20 PM
Soapy Bubbles   Monday, 07/25/11 11:22:50 PM
Re: MistySteel post# 135
Post # of 205 
SHA-1 is insecure since 2005-7. They found a method that ensures collision faster than brute force. AES can be directly cracked with a prob distro analysis but it takes like 2^80 samples to pull it off. XOR is even easier although it's fast and simple to integrate into code.

If you want more on this, look up Rainbow Tables. They allow you to crack SHA and a series of other commonplace algos. It may be available as an ASM module by now since higher level would be insanely slow.

The toughest are the custom algos with loss. When people try to invert a transformation (such as an algo), they expect to find dictionary words, predefined structures, or other human readable keys. The trick is to disallow that assumption and encode a apparently "nonsensical" message - one simplistic example is to remove all the "E"s from a text message and then run it through a cipher including an "E" on the wheel. So, when someone intercepts it, they will assume the "E" is there and get stumped for awhile.

It's even worse if you encode such text w/ a modulus because you can invert a coded message to a SET of outcomes and you have to know which element of the set is the properly cracked message. If you're clever, you can assign probability weights to each cracked message in the set; the equivalent of probabilistic algo inversion. [Recall, mod is a cyclic function, so you can have equal modulus functions like x = a mod b = n mod d and a middle man would be unable to discern which to use.]

But at that point, you're pushing information theory given distributions you impose. That's MUCH uglier but effective since a single message is encoded into a single code; yet there's no one-way-function to reverse it back to a single message w/o the intended recipient acting as a key.

Then there's quantum encry, but that's still in it's infancy.

Another technique I've chatted w/ people and partially developed was a fun technique in which a message is encoded into another message (something like a steno in a PNG) and then it's compressed w/ a lossy encryption algo (looks like TGZ). Upon inversion, you get a set of outcomes and only one is the right one. It could be used to do unsniffable P2P.

Public Reply | Private Reply | Keep | Last ReadPost New MsgReplies (1) | Next 10 | Previous | Next
Follow Board Follow Board Keyboard Shortcuts Report TOS Violation
X
Current Price
Change
Volume
Detailed Quote - Discussion Board
Intraday Chart
+/- to Watchlist