Page 10 - 11Cyber
P. 10
(Continued from page 9)
Say Boston was playing New York, they would tell half their new subscribers (or potential subscribers) to bet
on Boston, and the other half New York. After the game, half of their customers would feel their handicap-
ping might be good, and the other half would probably quit. The subscribers who stayed would tell half of
them to bet one side of a game and the other half to bet the other side. Again, half of their customers would
think they were great, and the other half would have their doubts. After doing this once or twice again, they
would have a smaller pool of customers who thought they were geniuses and would pay big bucks for their
next tip.
Conclusion
The Motley Fool and many other stock picking services operate similarly to the sports tout scam. But, at least
they are no fools; only people who buy their services are.
By Arthur Gresham, Editor, UCHUG Drive Light
Under the Computer Hood User Group
www.uchug.org
Passwords and Hash, Part 2
The Gorilla in the Room
This discussion is a You may recall a theoretical
follow-up to Part 1 discussion when you were in
PASS(word) The school. Something about a
Beef, the Hash, the monkey in a room with a
Salt for Einstein, and a typewriter being able to write
Dictionary, in which I the works of Shakespeare if
introduced the process of he has enough time to ran-
hashing passwords and the concept of Salt. domly peck the keys. This
thought experiment is called the Infinite monkey
theorem (read about it in Wikipedia (1) if you have
During a continuing discussion with a friend, while forgotten how it works).
writing part 1, I finally realized that we were looking
at the same things and coming to different conclu- The strings produced by Hash Algorithms look like
sions regarding passwords. For example, we debat- something you might think was written by that mon-
ed whether passwords stored as a hash code are key. We expect that most of what that monkey typed
really easy to un-encrypt (decode/crack/break/hack) is gibberish. Likewise, the hash for a particular input
or really hard.
text (or a picture or an entire operating system, li-
brary, or simple password) is an' indicator'. This text
We Both Win appears to be pure gibberish. That is because it does
not contain anything actually from the input. The key
here is 'contain.'
It turns out we are all using the wrong terms. Yes,
the hash code for a short password is of little value
because it can be determined quickly. He wins. But The Key is the Container
it is also a fact that a hash code cannot be un-
encrypted. I win. I will demonstrate both of these Let me illustrate that in a differ-
concepts in this article.
ent way. You are all familiar with
ZIP or RAR, or other compres-
sion functions. You have un-
The big problem is because several terms are being doubtedly downloaded some
incorrectly used for the world of hashing and pass- program, text, spreadsheet, or
words. Let me explain by using very simple exam- audio file, which was sent to you
ples from our shared experience.
(Continued on page 11)
Cyber Awareness Bulletin 10 October 2021
