Submit a link Features Reviews Podcasts Video Forums More ▾

Nuts-and-bolts look at password cracking


Ars Technica's Nate Anderson decided to try cracking passwords (from a leaked file of MD5 hashes), to see how difficult it was. After a very long false start (he forgot to decompress the word-list file) that's covered in a little too much detail, Anderson settles down to cracking hashes in earnest, and provides some good data on the nuts and bolts of password security:

By this point I had puzzled out how Hashcat worked, so I dumped the GUI and switched back to the command-line version running on my much faster MacBook Air. My goal was to figure out how many hashes I could crack in, say, under 30 minutes, as well as which attacks were most efficient. I began again on my 17,000-hash file, this time having Hashcat remove each hash from the file once it was cracked. This way I knew exactly how many hashes each attack solved.

This set of attacks brought the number of uncracked MD5 hashes down from 17,000 to 8,790, but clearly the best "bang for the buck" came from running the RockYou list with the best64.rule iterations. In just 90 seconds, this attack would uncover 45 percent of the hashed passwords; additional attacks did little more, even those that took 16 minutes to run.

Cracking a significant number of the remaining passwords would take some much more serious effort. Applying the complex d3ad0ne.rule file to the massive RockYou dictionary, for instance, would require more than two hours of fan-spinning number-crunching. And brute force attacks using 6-character passwords only picked up a few additional results.

The point, really, is that if you want to understand the relative security of different password-generation techniques, you need to understand what's involved in state-of-the-art password cracking techniques.

How I became a password cracker

Boxes sealed with ATHEIST tape lost by USPS 10X more often than controls


Atheist Shoes ("a cadre of shoemakers and artists in Berlin who hand-make ridiculously comfortable, Bauhaus-inspired shoes for people who don't believe in god(s)") noticed that a disproportionate number of their shipments to the USA were delayed or lost. A customer suggested this may be because USPS workers were taking offense at the ATHEIST packing tape they used to seal the boxes. So the company tried an A/B split, and found that boxes emblazoned with ATHEIST tape were 10 times more likely to go missing in the USPS and took an average of three days longer than their generic equivalents. They've stopped using the ATHEIST packing tape.

ATHEIST / USPS Discrimination Against Atheism? (Thanks, Alice!)

Abandoned cake-box at airport turns into inadvertent Portal-themed security worry


An empty cake-shipping box abandoned at the Tampa airport reportedly freaked out passengers and Portal players: "My visit to Tampa has drawn to a close, and The Lady just dropped me off at the airport. Right by the Air Canada entrance, this styrofoam box marked “CAKE” has been unnerving passengers. It’s empty — it probably held cake for transport but was too big to fit into the car that picked it up — but I let some airport staff know that it was beginning to worry some people. Namely, the security-conscious and Portal players."

Unnerving People at the Airport (or: The Cake is a Lie!)

RPG inside an Excel workbook


Cary Walkin, an accountant in Toronto, knows a thing or two about Excel. So great is his expertise that he was able to create a full-fledged RPG inside of its scripting environment, called Arena.Xlsm. I couldn't get it to run in LibreOffice, but it sounds like it's very featurful and fun, provided that you're willing to use Microsoft products:

* Random enemies: Over 2000 possible enemies with different AI abilities.
* Random items: 39 item modifiers result in over 1000 possible item combinations and attributes.
* An interesting story with 4 different endings depending on how the player has played the game.
* 8 boss encounters, each with their own tactics.
* 4 pre-programmed arenas followed by procedurally generated arenas. Each play-through has its own challenges.
* 31 Spells. There are many different strategies for success.
* 15 Unique items. Unique items have special properties and can only drop from specific enemies.
* 36 Achievements.
* This is all in a Microsoft Excel workbook.

Arena.Xlsm Released! (via Digg)

Documentary on activist who taught people to make solar cottage industries in 16 countries

Gmoke sez, "Richard Komp has taught people how to make solar as a cottage industry in at least 16 different countries over the last few years. There's a documentary called "Burning in the Sun" about his work in Mali and he's even got an Introduction to Photovoltaics series on YouTube. Reports from his 25 international trips available here"

Solar as a Cottage Industry

Toronto Mayor Rob Ford's long history of public drunkenness and brawling


Two weeks ago, Toronto Mayor Rob Ford was accused of drunkenly groping and propositioning former mayoral race rival Sarah Thomson at a Canadian Jewish Political Affairs Committee charity event. He denied it, and smeared Thomson on his radio show.

Now, many people have come forward to say that Ford had become drunk and disorderly at military charity event called the Garrison Ball. These are just the latest in a series of incidents of public drunkenness for the mayor, who is a horrible embarrassment to the city of my birth.

The Toronto Star has a long account of Ford's frequent bouts of public drunkenness and brawling, including events that he lied about at the time and later had to apologise for.

However, over the next hour, people in attendance noticed that the mayor seemed impaired. According to interviews, he was “incoherent,” “stumbling,” “rambling,” “intoxicated,” “slurring,” “seemed to be drunk,” “was nervous, excited, sweaty, out of it.”

Military guests were offended at the mayor’s behaviour, according to guests interviewed by the Star. “It felt disrespectful to the event,” said one organizer.

The six guests who provided accounts of the mayor’s condition spoke on condition of anonymity. The Star found that while these guests were concerned with the mayor’s condition, they did not want to be identified for two reasons. First, they did not want to be linked to a story that would cast a poor light on the annual Garrison Ball, which raises money for Wounded Warriors, a federally registered charity. Second, these guests, who all have prominent positions in the community, feared they would somehow be blacklisted for speaking out about the mayor.

Rob Ford: ‘Intoxicated’ Toronto mayor asked to leave military ball [Toronto Star/Robyn Doolittle & Kevin Donovan]

Honk

Read the rest

Cake hotel whose rooms were filled with edible fixtures and decor


Last week, Tate & Lyle Sugars created a one-day pop-up cake hotel in Soho, where the rooms were stuffed with edible fixtures and furniture:

A Mediterranean-inspired bedroom, with edible furnishings, a caramel popcorn-filled bathtub, floating meringues and edible pearlescent popcorn bunting, all created using Light Soft Brown sugar. The perfect location for a midnight feast!

A Pirates of the Caribbean room, with a giant treasure chest full of edible pearls, ginger spiced doubloons and cutlasses, which visitors can spray gold themselves, and rum and raisin chocolate brownies and tea cakes – all made from Taste Experience Caribbean-inspired Light Muscovado sugar

A British-inspired Golden syrup sugar room, with a giant golden-syrup lion, patriotic treacle tarts in the shape of the British Isles and a giant tower of doughnuts

A Mayan-inspired room hidden in the cellar featuring a Mayan fudge temple, complete with floating meringue ‘clouds’, ‘sacrificial’ salted caramel and chocolate hearts, and Mayan-inspired carved gold cookies all made from Taste Experience Mayan-inspired golden caster sugar

A Mississippi-inspired ‘Mardi Gras’ room featuring a five foot long rainbow cake in the traditional colours of green, yellow & purple, gold baby heads and of course King Cakes

A Barbados-inspired library, with edible shells, and beautiful hand-painted cookies, fruit cakes and florentines showcased as museum features inside vintage glass jars, all made from Barbados inspired Dark Muscovado sugar

A Guyanese-inspired room, complete with a sea turtle cake, and cake ‘turtle eggs’ buried in mounds of Demerara sugar

A South Pacific-inspired room with a huge two metre high Easter Island statue, made entirely from chocolate mud cake baked using Golden Granulated sugar

SWEET DREAMS… WORLD’S FIRST CAKE HOTEL OPENS TO THE PUBLIC (via OhGizmo)

Summary of experimentally verified pricing heuristics

A post on ConversionXL sums up a bunch of experiments on pricing and suggests ways of combining them to best effect. All electronic goods can be had for free, so every person who buys an electronic good is essentially entering into a voluntary transaction. Getting pricing right is the best way to convince (rather than coerce) customers to pay, and to frame that payment so that it's as large as possible.

Researches found that sale price markers (with the old price mentioned) were more powerful than mere prices ending with the number nine. In the following split test, the left one won:


9 not so magical after all? Not so fast!

Then they they split tested the winner above with a similar tag, but which had $39 instead of $40:


This had the strongest effect of all.

I’m wondering whether the effect of this price tag could be increased by reducing the font size of $39. Say what?

Marketing professors at Clark University and The University of Connecticut found that consumers perceive sale prices to be a better value when the price is written in a small font rather than a large, bold typeface. In our minds, physical magnitude is related to numerical magnitude.

Pricing Experiments You Might Not Know, But Can Learn From (via O'Reilly Radar)

Muzzle-suppressor shot glasses


A mere $200 gets you this pelicanoid case with four of Muzzleshot's muzzle-suppressor-shaped shot-glasses, machined from solid aluminum and covered in a matte black anodized finish.

Muzzleshot (via OhGizmo)

Ms. Boing Boing breastfeeds calf

Sabrinaaabbbb Brazilian DJ/model Sabrina Boing Boing has apparently caused quite a stir by posting Instagram photos of herself pretending to breastfeed a calf. I knew we were planning to grow our brand but I can't recall if this idea was on the whiteboard. (Daily Dot, thanks Puce!)

19 year old develops plan to clean up ocean trash vortexes

Inhabitat shares the story of Boyan Slat, a 19 year old who seems hell-bent on cleaning up 7.25M tons of trash from our oceans. He started with a research paper in school, which won several awards. Next, Slat developed a floating array of booms and garbage processing plants which he presented at TedxDelft last year, and now he's created a foundation to produce these technologies.

From Inhabitat:

Slat went on to found The Ocean Cleanup Foundation, a non-profit organization which is responsible for the development of his proposed technologies. His ingenious solution could potentially save hundreds of thousands of aquatic animals annually, and reduce pollutants (including PCB and DDT) from building up in the food chain. It could also save millions per year, both in clean-up costs, lost tourism and damage to marine vessels.

The CONET Project: spy station recordings reissued

NewImage

In 1999, I wrote an article for the bOING bOING Digital site about the CONET Project, a multi-CD collection of mysterious "numbers stations" heard on shortwave. For decades, intelligence organizations have reportedly broadcast one-way messages to their agents in the field via shortwave, and the transmissions happen to sound weirder than any Stockhausen score or minimalist electronica you've ever heard -- a child's voice, or the obviously synthesized intonation on what's known as the "Lincolnshire Poacher" station, named for the folk song accompanying the numbers. Wilco's album Yankee Hotel Foxtrot is named for, and samples, a numbers station. The CONET Project has been available for several years for free download from various places online, including Archive.org. Now, the original compilers, Irdial-Discs MMX, have re-released The Conet Project in a special CD edition that includes the four original discs plus a fifth CD containing recordings of very strange "noise stations."

"The CONET Project: Recordings of Shortwave Numbers Stations / 1111"

"Spy vs. Spy: The Soundtrack" (bOING bOING Digital)

DIY cellphone


David Mellis at the High-Low Tech group at the MIT Media Lab built a DIY Cellphone, making a custom circuit-board and laser-cutting his own wooden case. The files are hosted on GitHub in case you'd like to try your hand at it.

An exploration into the possibilities for individual construction and customization of the most ubiquitous of electronic devices, the cellphone. By creating and sharing open-source designs for the phone’s circuit board and case, we hope to encourage a proliferation of personalized and diverse mobile phones. Freed from the constraints of mass production, we plan to explore diverse materials, shapes, and functions. We hope that the project will help us explore and expand the limits of do-it-yourself (DIY) practice. How close can a homemade project come to the design of a cutting edge device? What are the economics of building a high-tech device in small quantities? Which parts are even available to individual consumers? What’s required for people to customize and build their own devices?

The initial prototype combines a custom electronic circuit board with a laser-cut plywood and veneer enclosure. The phone accepts a standard SIM card and works with any GSM provider. Cellular connectivity is provided by the SM5100B GSM Module, available from SparkFun Electronics. The display is a color 1.8″, 160×128 pixel, TFT screen on a breakout board from Adafruit Industries. Flexures in the veneer allow pressing of the buttons beneath. Currently, the software supports voice calls, although SMS and other functionality could be added with the same hardware. The prototype contains about $150 in parts.

Mellis's Master's thesis is "Case studies in the digital fabrication of open-source consumer electronic products" and includes a 3D printed mouse, fabbed speakers and a fabbed FM radio.

High-Low Tech – DIY Cellphone (via Hacker News)

(Images: Laser-cut plywood and veneer case, a Creative Commons Attribution (2.0) image from mellis's photostream; Making a call, a Creative Commons Attribution (2.0) image from mellis's photostream)

Games to play during commercial breaks

The nice people at Hide and Seek have a collection of Tiny Games you can play while the commercials are on TV, like each player putting a finger on the screen and scoring a point for every face that they poke during the break -- winner is the most prolific face-poker.

I TOLD YOU SO
A game for two or more overconfident players.

As soon as a show segment ends, player one must say what the first advert will be advertising. Player two immediately mutes the television, and as the advert plays, whatever it is for, player one must explain how they were right, and the advert is definitely for the product they suggested, regardless of what it is actually advertising. Scoring is entirely subjective.

YOGHURT. BECAUSE MUMMIES ARE TIRED. BECAUSE MEN.
A game for two or more verbose players.

At the very start of an advert break, shout out a word. The other players have to shout out something else. Earn one point every time your word is said during the advert break. If someone chooses a word that’s not within the spirit of the game – “the” or “and” or “be” or anything like that – then the other players can reject it by unanimous agreement.

Hide and Seek also brought us the Board Game Remix Kit, and now they're running a Kickstarter to fund a bazillion tiny games as a mobile app.

Tiny Games For Ad Breaks (via Super Punch)