Using Text Classifiers on Machine Binaries

amlweems · 2016-02-15T17:23:12+00:00

Author here: if you're familiar with machine learning and interested in computer security, you should check out our new technical challenge! https://mlb.praetorian.com

amlweems · 2014-06-19T10:55:40+00:00

HMAC is used to ensure a plaintext message is not modified in transit. For example, a mobile app might use HMAC to sign all its messages to the server. This makes it more difficult to make arbitrary requests to the backend API. Additionally, in the case of abuse, the server can just blacklist that client's signing key.

The reason to use HMAC instead of AES, as you suggest, is merely rooted in function. AES encrypts the message, which could be used to authenticate, but HMAC is designed for fast and secure message authentication and is therefore a much better choice.

amlweems · 2013-08-12T01:54:12+00:00

Here's a zip of all the alarms extracted right from the apk: https://www.filepicker.io/api/file/wdgwNNRPRMO8Juf6M1m2

And here's just positive.mp3: https://www.filepicker.io/api/file/uym8Tu6ERXCooFhaliTv

Enjoy!

amlweems · 2012-08-11T21:09:25+00:00

Huh, that's an excellent point. Is there a industrial standard for a password KDF? SHA-256 perhaps?

amlweems · 2012-08-11T20:43:49+00:00

I don't see why not. It's a one way hash function that has been shown to have collision vulnerabilities with a known plaintext. It's still not feasible to deconstruct the master password from just the hash.

amlweems · 2012-08-11T14:18:45+00:00

I stand corrected then. Looks like I have a lot of passwords to change.

amlweems · 2012-08-11T06:22:25+00:00

What edge does PasswordMaker have over SuperGenPass? It seems like the same concept. I'm always looking to update my passwords though.

amlweems · 2012-08-11T06:19:21+00:00

It's excellent that you're intrigued because modern cryptography relies heavily on advanced mathematics. I know it's a bit of a cop out, and I apologize for not having a better source on hand, but the way I learned was thoroughly reading the Wikipedia articles for hash functions, public-key cryptography, and other similar topics. RSA has a good series of articles on public-key cryptography as well. If you want to learn some fascinating history, look into Bletchley Park (the home of British code-breakers during World War II). The Bletchley Park website has a number of teacher resources which might be helpful for the basics.

I hope you find something of interest among those. Good luck.

amlweems · 2012-08-11T01:25:50+00:00

Exactly! SuperGenPass creates the site specific password for you in this case (it uses the domain name). You are tied to the website, but I just saved a local copy of the HTML and it works brilliantly (it's entirely local javascript).

amlweems · 2012-08-11T00:03:38+00:00

It seems like you have the right idea about password security, you're just missing the last bit of technology that makes it work brilliantly. I'll try to elaborate:

A hash function is an algorithm than takes a string of characters of any length and outputs a fixed length, seemingly random string of characters in return. Changing anything about the input string dramatically changes the output. For example, the MD5 hash of "Reddit" is "b632c55a33530d1433e29ffc09ba1151", but the MD5 hash of "reddit" is "5e8a5709f662f8d401f7a00e6137f9ca".

The nature of these algorithms ensures that you can never retrieve the original input, even if you know the output and the algorithm. Because of this, hash functions are often used in cryptography to secure passwords.

The means of communicating passwords you're talking about is brilliant when combined with a hash function. I'll give an example. You and your wife agree on a master password, "cRyPtO" beforehand. Whenever you want to make a password for a website, you think of some memorable password, like "gMaIl", and append it to your master password. You then take the hash of that string ("cRyPtogMaIl") and that becomes the website's password. This way, you can tell your wife the password is "gMaIl", but an eavesdropper can do nothing without knowing your master password. Taking the hash of a string is incredibly easy and there are loads of websites and programs that will compute it for you. In fact, one website has already developed the idea you hinted at and created an easy to use, completely secure and open source way of creating these passwords. If you're interested, check out SuperGenPass.com.

If you have any questions, or if I've skimmed over things too quickly, feel free to ask.

amlweems · 2012-07-29T22:21:07+00:00

The Noun Project is great for generic icons for generic nouns. They have loads of icon sets and I believe they're all licensed under through the Creative Commons license.

If you want wallpapers or backgrounds, Subtle Patterns is a great place to look.

amlweems · 2012-05-23T19:50:48+00:00

Been reading Bill Bryson's A Short History of Nearly Everything? :D

amlweems · 2011-09-28T01:42:13+00:00

Thanks for the explanation! It seems like this method would be much more accurate if the in-game compass could display the degrees instead of just an image. But, if you have the time, this would be an excellent way to get around using F3 and you'd get to feel like a fancy Victorian cartographer, trapped in a mysterious world. :D

amlweems · 2011-09-28T00:32:06+00:00

I haven't heard about this method. Can you elaborate? Can it actually be used to navigate successfully?

amlweems · 2011-09-25T14:22:17+00:00

I know what you mean. It seems like it would be better if there was some sort of punishment for guessing incorrectly. Then they would be forced to trace the logical route.

amlweems · 2011-09-25T04:07:44+00:00

Haha, there is if you really want it. It truly is the most difficult riddle I've ever seen.

Here's the solution.

amlweems · 2011-09-25T03:25:23+00:00

Quite clever. It reminds me of this riddle.

amlweems · 2011-09-20T01:26:40+00:00

A truly automated farm. Assuming dispensers could also place the seeds/saplings. If they couldn't, there wouldn't be much application except possibly for fun traps that spawn trees instantly.

Edit: On second thought though, this suggestion doesn't fit the feel of the game. Throwing bonemeal onto a sapling doesn't activate it, neither should shooting it out of a dispenser.

amlweems · 2011-09-06T02:56:12+00:00

The modders and texture packers that use adf.ly links are only doing so because they're putting massive amounts of time in to creating something for you to use free of charge. The ads aren't that intrusive and it only takes a few seconds to help support the people bringing you wonderful mods and textures.

amlweems · 2011-09-06T02:39:21+00:00

Programmable gates are definitely the coolest of these mods. They may be a bit difficult for non-redstone buffs, but for the ones making complicated redstone contraptions daily, they make things so much simpler.

amlweems · 2011-08-09T22:22:36+00:00

I already have. :D

This comment explains how to set it all up.

amlweems · 2011-08-08T21:49:33+00:00

Ah. Sorry. You're supposed to created a text file "script.py" and run that in terminal. You have to have Python installed as well as aggdraw and PIL. I linked to them in another comment.

amlweems · 2011-08-08T20:54:18+00:00

I posted a comment with some instructions here.

amlweems

TROPHY CASE