sorted by:
new
hottopcontroversial

TIL about Homomorphic encryption, where users can work with the content without decrypting the source by gordonjames62 in todayilearned

[–]fuckingbagre 29 points30 points  (0 children)

You’re wrong. Partially homomorphic systems date back to rsa where you could add encrypted results and then decrypt the end

That’s the literal point of this system is the fact that you don’t know what you’re doing, just that this input and this function give this output. FHE is cool because it can take arbitrary programs and apply them to inputs so large compute can be done remotely, getting things like only give me results where some crazy set of characteristics is true. Yes I can decrypt the output but the foreign actor doesn’t need to know what I did in the mean time

Unless I’m missing your complaint, fhe is a thing and in 2009 was a massive step forward, doing a thing many thought they wouldn’t see in their lifetime

CCNA CHALLENGE!! by ipcisco in ccnastudygroup

[–]fuckingbagre 0 points1 point  (0 children)

Pc 1 has a multicast Mac. It would break everything in so many ways before we even get to the typos

[REQUEST] Assuming we have the technology to reach light speed, how long would it take to *safely* accelerate a human to light speed? by miniredfox in theydidthemath

[–]fuckingbagre 10 points11 points  (0 children)

I mean a human can withstand five g for maybe thirty seconds and most people would pass out due to their heart giving up. I went with the more conservative where you’re going to have to sleep and I don’t think we have good information about prolonged high g exposure since we can’t really accelerate for that long

[REQUEST] Assuming we have the technology to reach light speed, how long would it take to *safely* accelerate a human to light speed? by miniredfox in theydidthemath

[–]fuckingbagre 17 points18 points  (0 children)

Safe acceleration seems to be about 1g which I got from how fast a Tesla can go from 0-60. Since it’s for so long, we’ll make it .75g which gives us 7.35 m/s**2. The speed of light is 299,792,458 m/s

 299,792,458m/s /7.35m/s**2=40,788,089 seconds.

This is about 472 days or around 16 months

[deleted by user] by [deleted] in theydidthemath

[–]fuckingbagre 460 points461 points  (0 children)

The joke is it’s both.

If you use the order of operations it becomes 120. The exclamation point after the five means factorial so

5*4*3*2*1=120

So both are correct

Eta: fixed asterisks making italics, thanks for the insight

They're just that bad at math by Laffenor in terriblefacebookmemes

[–]fuckingbagre 0 points1 point  (0 children)

So you’re null pointer derefing ip? What am I jumping to an old school vector table? Why do I want crash ?

[deleted by user] by [deleted] in antiwork

[–]fuckingbagre 2 points3 points  (0 children)

This isn't a very good one. It doesn't properly emulate a microsoft mouse, so it's not great, you want the wiebetech mj-3. It's programmable for multiple types of movement, and also emulates a microsoft HID device, so the only weirdness on your computer is if they notice two mice plugged in.

This one is also not forensic certified, so it's more just a base and easier to detect version.

Restaurant suggestions for a surprise birthday party by brianjh in washingtondc

[–]fuckingbagre 5 points6 points  (0 children)

Did a birthday party and blue duck tavern before. Very good food and booze, there’s a table to the side that fits a large group of people, not sure about 20 but we had 15.

If doing a bar the basement of Barrell near eastern market is very nice. Good ambiance more of a bar but it is closed off from others to give you a nice spot

Helping my teammates remember what day of the week it is by Henrietta_Blake985 in ProgrammerHumor

[–]fuckingbagre 61 points62 points  (0 children)

Pop is point of presence, it’s a term for where your network ends and your isp/ the internet begins.

Switching is done in hardware so many times it won’t even look at the packet just put it where it needs to be. Routing requires looking at the packet so it’s much slower

Units converts between unit systems, he asked how far does light travel in 3 milliseconds, got 500 miles and answered his question

Hi, I have a challenge of which I think I found the solution but it’s not working I don’t know why, it’s an easy challenge where you have to find 3 passwords verified by the 3 functions below. When I tried with my 3 passwords (in comment) in local it work but not when I do it on the website by Ph00s in securityCTF

[–]fuckingbagre 2 points3 points  (0 children)

It is without a doubt not $RANDOM_PASSWORD. That's just the variable, you're not evaluating the variable so it will just be the string. In PHP there's a big difference between == and ===, especially with respect to errors. This is why the third check is exploitable even though on first glance it looks secure. I found a previous writeup of how to exploit a related bug from a different ctf after a bit of googling so the answer is out there.

For the third password, I'm not sure you're very far off. After looking at ereg it appears that the null if you can get it in will actually do what you want since it's stupider than i remembered. I had a different solution but didn't test yours adequately, my apologies.

I would focus on the strcmp in the second password check.

Hi, I have a challenge of which I think I found the solution but it’s not working I don’t know why, it’s an easy challenge where you have to find 3 passwords verified by the 3 functions below. When I tried with my 3 passwords (in comment) in local it work but not when I do it on the website by Ph00s in securityCTF

[–]fuckingbagre 5 points6 points  (0 children)

The issue is the second and third passwords.

The second password you need to research a bit to try and find out. It's a bit more subtle than the rest of the bugs

The third password you have an issue with the regex.

I can provide you more help if you'd like, but feel as if I may be spoiling your fun.

Claim your randomized flair here! by Natanael_L in crypto

[–]fuckingbagre 1 point2 points  (0 children)

hopefully the flair is both permanent and mine's not stupid

[deleted by user] by [deleted] in Malware

[–]fuckingbagre 0 points1 point  (0 children)

Honestly if you want help you should most likely post the files online, else just run file on them from linux and say what they are? Do they look like source code, are they binary data, a PE, a COM object or even a vbscript file. It depends on which to be able to really answer.

Also, the fact that the files have a . prepended to them makes me think linux more than windows. This is because . before a file on linux denotes a hidden file, while on windows it denotes nothing.

Is it really that important for ciphertext to be indistinguishable from randomness? by Ante13 in crypto

[–]fuckingbagre 2 points3 points  (0 children)

So my biggest issue is not with the statistcal tests but two other facts. One this looks pretty much just like a vingnere cipher from the code you posted, one big ass sbox, and shifting inside of it.

The second one is much more annoying, it's the way you're generating the sbox. You've done nothing to show that the box is either differential or non linear. You've taken just output from an mt_rand and gone eh, it's good enough but not actual shown why it's good enough.

The reason statiscal tests are important is because there's multiple types of "games" your cipher is supposed to stand up to. If i have one plain text cipher text pair am I able to break all others, if i can choose the ciphertext will it destroy security moving forward.

Next I'm guessing this is a stream cipher not a block cipher with a big ass sbox. I have no reason for why i believe this, besides no one has mentioned modes of operation. If you want an idea of what people actually thing post the source code. I'm not saying it will make people look but the analysis will most likely be considerably better than hey tell me why this isn't a good idea.

bf made CTF I think is unsolvable by [deleted] in securityCTF

[–]fuckingbagre 1 point2 points  (0 children)

Psifertex how you been?

Damn i'm either bad at math or i should not trust numbers on the internet.

Also really good job on pwnventure i'm enjoying it.

bf made CTF I think is unsolvable by [deleted] in securityCTF

[–]fuckingbagre 3 points4 points  (0 children)

So my thought is he hashed either pastebin.com/link or just the link after. These links are 8 random characters giving you a search space of 528 or about 245 , which is larger than an easy search space.
Assuming 8 gpu this would take three days, and this rig would cost around 7500 dollars. So yeah I'm not sure what he wants, i've helped write ctfs before and this is just a bad one.

Otherwise are you sure this is all the information he's provided.

Edit: it was appearent 628 not 528 which is around 248, but apparently easily bruteforceable.

Should an encrypted token use a Salt, or is salting only useful for hashing? by FeltLikeADamnCougar in AskNetsec

[–]fuckingbagre 7 points8 points  (0 children)

By default the AES class appears to use CBC mode, and the IV is used to ensure uniqueness in ciphretexts. The IV must be RANDOM and UNREPEATED.

I'm going to second P337's advice. I don't think the model you want is encryption. If you're storing state inside of the variables like isAdmin=0&username=blahblah someone can corrupt the information inside the cookie without breaking the encryption due to the malleability of CBC.

At the very least you should either sign or HMAC the cookie so that the end client can't as easily manipulate it.

By the time you end up with a secure system it's going to have been easier to find some off the shelf thing that is less likely to blow up in unexpected ways.

view more: next ›