[CentOS] what percent of time are there unpatched exploits against default config?

Marko Vojinovic vvmarko at gmail.com
Fri Dec 30 16:19:46 UTC 2011


On Friday 30 December 2011 19:40:55 夜神 岩男 wrote:
[snip]
> We can start a 10,000 computer botnet (or, more realistically, a 10m
> computer botnet these days, and this is a technique used right now)
> working on the problem of assembling a new index table that orders and
> assigns every possible valid hash said algorithm can produce, and start
> assigning values.
> 
> Essentially, we can move the computing cost up-front by assuming that we
> indeed *do* have to try *every* possible password, which means computing
> done 5 years ago applies to your brand new password today.
[snip]
> In short, keys, man, keys. Its not perfect, but it is much stronger than
> passwords and in my experience FAR much less hassle.

You are basically saying that, given enough resources, you can precalculate 
all hashes for all possible passwords in advance.

Can the same be said for keys? Given enough resources, you could precalculate 
all possible public/private key combinations, right?

Please don't get me wrong --- I'm not saying that the resources needed are 
equal (or even comparable) for the two cases.

But theoretically, both keys and passwords rely on the assumption that the 
"inverse operation"  (be it calculating a password from a hash or factoring a 
large integer into primes) is too expensive to be feasible. But "given enough 
time and resources", you could in principle have prebuilt tables for both, 
right?

Just asking... :-) ...while waiting for the first successful build of a quantum 
computer, which will fundamentally redefine all current concepts of security... 
;-)

Best, :-)
Marko





More information about the CentOS mailing list