Advertisement Fidelity
Home > Boards > US Listed > Miscellaneous > OpenTable, Inc. (OPEN)

SHA-1 is insecure since 2005-7. They found a

Public Reply | Private Reply | Keep | Last ReadPost New MsgReplies (1) | Next 10 | Previous | Next
Soapy Bubbles Member Profile
 
Followed By 524
Posts 41,211
Boards Moderated 39
Alias Born 09/16/07
160x600 placeholder
Statement of Changes in Beneficial Ownership (4) "Edgar (US Regulatory)" - 4/14/2014 4:55:54 PM
OpenTable to Announce First Quarter 2014 Financial Results on May 1 "PR Newswire (US)" - 4/9/2014 8:30:00 AM
Statement of Changes in Beneficial Ownership (4) "Edgar (US Regulatory)" - 3/26/2014 5:36:45 PM
Statement of Changes in Beneficial Ownership (4) "Edgar (US Regulatory)" - 3/21/2014 5:33:21 PM
Statement of Changes in Beneficial Ownership (4) "Edgar (US Regulatory)" - 3/19/2014 4:35:56 PM
OpenTable Restaurant Reviews Reveal Top 100 Dining Hot Spots in America "PR Newswire (US)" - 3/12/2014 8:30:00 AM
OpenTable to Participate in the Morgan Stanley Technology, Media and Telecom Conference "PR Newswire (US)" - 2/27/2014 8:30:00 AM
Statement of Changes in Beneficial Ownership (4) "Edgar (US Regulatory)" - 2/26/2014 5:07:49 PM
Statement of Changes in Beneficial Ownership (4) "Edgar (US Regulatory)" - 2/21/2014 5:42:03 PM
Annual Report (10-k) "Edgar (US Regulatory)" - 2/21/2014 4:26:46 PM
OpenTable Releases Restaurant Industry Index for Q4 and Full Year 2013 "PR Newswire (US)" - 2/19/2014 4:30:00 PM
Amended Statement of Ownership (sc 13g/a) "Edgar (US Regulatory)" - 2/14/2014 2:34:20 PM
Schedule 13g "Edgar (US Regulatory)" - 2/14/2014 9:37:09 AM
Amended Statement of Ownership (sc 13g/a) "Edgar (US Regulatory)" - 2/14/2014 6:01:05 AM
Statement of Ownership (sc 13g) "Edgar (US Regulatory)" - 2/13/2014 5:16:42 PM
Annual Statement of Changes in Beneficial Ownership (5) "Edgar (US Regulatory)" - 2/13/2014 4:35:44 PM
Annual Statement of Changes in Beneficial Ownership (5) "Edgar (US Regulatory)" - 2/13/2014 4:35:44 PM
Statement of Ownership (sc 13g) "Edgar (US Regulatory)" - 2/13/2014 6:07:22 AM
Statement of Changes in Beneficial Ownership (4) "Edgar (US Regulatory)" - 2/12/2014 4:45:48 PM
Amended Statement of Ownership (sc 13g/a) "Edgar (US Regulatory)" - 2/12/2014 10:23:48 AM
Amended Statement of Ownership (sc 13g/a) "Edgar (US Regulatory)" - 2/11/2014 12:10:57 PM
toptable Restaurant Reviews Reveal Top 20 Most Romantic Restaurants in the UK "PR Newswire (US)" - 2/10/2014 5:00:00 AM
Amended Statement of Ownership (sc 13g/a) "Edgar (US Regulatory)" - 2/7/2014 4:46:59 PM
Current Report Filing (8-k) "Edgar (US Regulatory)" - 2/6/2014 4:32:54 PM
OpenTable, Inc. Announces Fourth Quarter and Full Year 2013 Financial Results "PR Newswire (US)" - 2/6/2014 4:30:00 PM
Soapy Bubbles   Monday, 07/25/11 11:22:50 PM
Re: MistySteel post# 135
Post # of 196 
SHA-1 is insecure since 2005-7. They found a method that ensures collision faster than brute force. AES can be directly cracked with a prob distro analysis but it takes like 2^80 samples to pull it off. XOR is even easier although it's fast and simple to integrate into code.

If you want more on this, look up Rainbow Tables. They allow you to crack SHA and a series of other commonplace algos. It may be available as an ASM module by now since higher level would be insanely slow.

The toughest are the custom algos with loss. When people try to invert a transformation (such as an algo), they expect to find dictionary words, predefined structures, or other human readable keys. The trick is to disallow that assumption and encode a apparently "nonsensical" message - one simplistic example is to remove all the "E"s from a text message and then run it through a cipher including an "E" on the wheel. So, when someone intercepts it, they will assume the "E" is there and get stumped for awhile.

It's even worse if you encode such text w/ a modulus because you can invert a coded message to a SET of outcomes and you have to know which element of the set is the properly cracked message. If you're clever, you can assign probability weights to each cracked message in the set; the equivalent of probabilistic algo inversion. [Recall, mod is a cyclic function, so you can have equal modulus functions like x = a mod b = n mod d and a middle man would be unable to discern which to use.]

But at that point, you're pushing information theory given distributions you impose. That's MUCH uglier but effective since a single message is encoded into a single code; yet there's no one-way-function to reverse it back to a single message w/o the intended recipient acting as a key.

Then there's quantum encry, but that's still in it's infancy.

Another technique I've chatted w/ people and partially developed was a fun technique in which a message is encoded into another message (something like a steno in a PNG) and then it's compressed w/ a lossy encryption algo (looks like TGZ). Upon inversion, you get a set of outcomes and only one is the right one. It could be used to do unsniffable P2P.

Public Reply | Private Reply | Keep | Last ReadPost New MsgReplies (1) | Next 10 | Previous | Next
Follow Board Follow Board Keyboard Shortcuts Report TOS Violation
X
Current Price
Change
Volume
Detailed Quote - Discussion Board
Intraday Chart
+/- to Watchlist