Tag Archive for Shakespeare

| November 11, 2015
Comments Off on A New Cure for Passwords

A New Cure for Passwords

A New Cure for PasswordsRegular readers of Bach Seat know that passwords suck. The better a password is, the harder it is to remember. So most people just end up choosing passwords they think are safe, but are pretty bad (rb- I have covered crappy passwords many times). University of Southern California researchers Marjan Ghazvininejad and Kevin Knight, have come up with a new solution that they believe solves the crappy password problem.

unique solution for creating passwordsThe USC researchers’ paper “How to Memorize a Random 60-Bit String” (PDF) presents a unique solution for creating passwords that are hard to crack and relatively easy to remember: randomly generated poems.

The researchers believe that the most secure and memorable method for creating a strong password is a short rhyming poem of random words. The Washington Post explains that, even if you pick a fairly uncommon word, like “Troubadour,” and replace some of the letters with other symbols, this combination might only take a computer seconds, minutes, or hours to guess.

short rhyming poem of random words as a passwordThe idea of a short rhyming poem of random words as a password might seem a little odd, but they’re actually very, very secure according to USC’s Knight. At current speeds, he estimates that cracking these rhyming poems of random words passwords would take around 5 million years. By which point, we probably won’t be using Facebook anymore.

As part of their research, the USC team created their poems by assigning every word in a 327,868-word dictionary a distinct code. The article explains they then use a computer program to generate a very long random number, like
110111000111100100100010100010101100001100010000010010100100, and break that number up into pieces, and then translate those pieces into two short phrases of four or five words. The computer program they use ensures that the two lines end in words that rhyme and that the phrase is in iambic tetrameter, like so:

A techno salmon Benedict
Even Shakespeare had problmes with laptopsperforming under derelict

or:

The baby understand curtailed
a wooden synagogue prevailed

or:

The Oracle email update
equipment pinning demonstrate

rb-

While seemingly nonsensical quips like 

Whereas Chanel control McQueen
accusing glamour magazine

don’t make a lot of sense to 21st-century humans, we should be able to recall 7 or 8 words to better protect our personal information.  The oral record is how most information passed from human to human for generations before Guttenberg. Someone told you something and you remembered it. There are a number of oral traditions that have lasted in one form or another into the 21st century. 

One big problem with the rhyming poem of random words idea is the webserver operating systems. There are a number of web servers out there that cannot take passwords longer than 12 characters. Hey, webmasters wake upUpdate your operating systems.

The researchers have set up an online generator for these poem/password, which you can try here or you can enter your e-mail here, and their program will send you a poetic password.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| May 7, 2015
Comments Off on World’s First Hacker?

World’s First Hacker?

World's First Hacker ?The story of the first hacker could be a 21st-century tale. It includes a zero-day exploit, patent trolling, a live demo, egos, and industrial espionageNew Scientist has identified its candidate for the world’s first hacker. The hacker found a security hole in Marconi’s wireless telegraph technology and used it to publicly show the inventor up.

The first hacker

Nevil Maskelyne haclerNew Scientist’s first hacker was, Nevil Maskelyne. Nevil Maskelyne was a stage magician who disrupted a public demo of Marconi’s wireless telegraph in 1903. He disrupted the demo by wirelessly sending insults in Morse code through Marconi confidential channels. Visitors to the Bach Seat should be sophisticated enough to know the risks of running a live demo, but 110+ years ago, they didn’t.

According to the author, the first hack occurred at the Royal Institution in London. As Marconi associate, John A. Fleming (inventor of the vacuum tube) was preparing the Marconi equipment for a public demo of the long-range wireless communication system developed by his boss, the Italian radio pioneer Guglielmo Marconi when something unplanned happened.

Scientific hooliganism

Marconi's wirelessBefore the demonstration was scheduled to begin, the demo gear began to receive a message. The unplanned message included a poem that accused Marconi of “diddling the public.” Then it started in with some Shakespeare.

Arthur Blok, Fleming’s assistant, figured that someone else was beaming powerful wireless pulses into the theater. The new signal was strong enough to interfere with Marconi’s equipment. Unfortunately for Marconi and Fleming, Nevil Maskelyne figured out the hack first. Mr. Maskelyne’s hack proved that Marconi’s gear was insecure. It also proved it was likely that they could eavesdrop on supposedly private messages too.

Wood towers supporting Marconi aerial at Cornwall England

In response, Fleming fired posted a complaint in The Times. In the paper he dubbed the hack “scientific hooliganism.”  He asked the newspaper’s readers to help him find the hacker.

However, Maskelyne, whose family had made a fortune making “spend-a-penny” locks in pay toilets outed himself four days later. He justified his actions on the grounds that he revealed the security holes for the public good. (Sound familiar?)

Maskelyne who taught himself wireless technology had a great deal of experience with wireless. According to the article, he would use Morse code in “mind-reading” magic tricks to secretly communicate with a partner. And in 1900, Maskelyn sent wireless messages between a ground station and a balloon 10 miles away. But, his ambitions were frustrated by Marconi’s broad patents. The overly broad patent left him embittered towards the Italian. Maskelyne would soon find a way to get back at Marconi. It turned out that the Eastern Telegraph Companyworried that Marconi’s wireless would kill their global wired communications business hired Maskelyne as a spy.

Revealed security holes for the public good

eavesdrop on the "confidential channelMaskelyne built a 50-meter radio mast near the Marconi Wireless offices. From these offices Marconi was beaming wireless messages to vessels as part of its highly successful “secure” ship-to-shore messaging business. From there, Maskelyne could easily eavesdrop on the “confidential channel” Marconi wireless messages.

Maskelyne gleefully revealed the lack of security by writing in the journal The Electrician in November 1902,

I received Marconi messages with a 25-foot collecting circuit [aerial] raised on a scaffold pole. When eventually the mast was erected the problem was not interception but how to deal with the enormous excess of energy.

To further publicize his results and perhaps extract some revenge on Marconi, Maskelyne staged his Royal Institution poetry broadcast.

The New Scientist concludes that Maskelyne’s name had been forgotten but now he is in the history books as the world’s patron saint of hackers.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| March 15, 2012
Comments Off on First Computer Passwords Useless

First Computer Passwords Useless

First Computer Passwords UselessRobert McMillan at Wired dug thru the annals of tech and recently confirmed that passwords have been a pain in the tuckus for a millennium. But who’s to blame? Who invented the computer password?

ShakespeareThe origin of the password is shrouded in the mist of history like the invention of the wheel or the story of the doorknob, according to Wired. Roman soldiers memorized spoken passwords to gain access to camps. Shakespeare kicks off Hamlet but where did the first computer password show up? Wired asks.

Computer passwords probably arrived at the Massachusetts Institute of Technology in the mid-1960s. Wired says nearly all the computer historians they contacted said that the first password must have come from MIT’s Compatible Time-Sharing System. In geek circles, it’s famous. CTSS pioneered many of the building blocks of computing as we know it today: things like e-mail, virtual machines, instant messaging, and file sharing.

IBM logoFernando Corbató who worked on CTSS back in the mid-1960s is a little reluctant to take credit. “Surely there must be some antecedents for this mechanism,” he told Wired, before questioning whether the CTSS was beaten to the punch in 1960 by IBM’s (IBM) Sabre ticketing system. When Wired contacted IBM, big blue claimed it wasn’t sure.

According to Mr. Corbató, even though the MIT computer hackers were breaking new ground with much of what they did, passwords were pretty much a no-brainer. “The key problem was that we were setting up multiple terminals which were to be used by multiple persons but with each person having his own private set of files,” he told Wired.Putting a password on for each individual user as a lock seemed like a very straightforward solution.”

Back in the ’60s, there were other options, according to Fred Schneider, a computer science professor at Cornell University. The CTSS guys could have gone for knowledge-based authentication, where instead of a password, the computer asks you for something that other people probably don’t know — your mother’s maiden name, for example.

But in the early days of computing, passwords were surely smaller and easier to store than the alternative, Professor Schneider says. A knowledge-based system “would have required storing a fair bit of information about a person, and nobody wanted to devote many machine resources to this authentication stuff.”

Data breachThe irony is that CTSS may also have been the first system to experience a data breach. The article recounts that in 1966, a software bug jumbled up the system’s welcome message and its master password file so that anyone who logged in had access to the entire list of CTSS passwords.

The story goes that an MIT Ph.D. researcher was looking for a way to bump up his usage time on CTSS. He received four hours per week, but it wasn’t nearly enough time to run the simulations he’d designed for the new computer system. So he simply printed out all the passwords stored on the system.

There was a way to request files to be printed offline by submitting a punched card,” he wrote. “Late one Friday night, I submitted a request to print the password files and very early Saturday morning went to the file cabinet where printouts were placed and took the listing.

To spread the guilt around, Mr. Scherr then handed the passwords over to other users. One of them — J.C.R. Licklieder — promptly started logging into the account of the computer lab’s director Robert Fano and leaving “taunting messages” behind.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,