Initial commit: HPR Knowledge Base MCP Server
- MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Lee Hanken
756
hpr_transcripts/hpr0561.txt
Normal file
756
hpr_transcripts/hpr0561.txt
Normal file
@@ -0,0 +1,756 @@
|
||||
Episode: 561
|
||||
Title: HPR0561: Hack Radio Live 4
|
||||
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0561/hpr0561.mp3
|
||||
Transcribed: 2025-10-07 23:08:45
|
||||
|
||||
---
|
||||
|
||||
This train is set of inbound.
|
||||
I'm from sectors.
|
||||
My crime is that of outsparting you.
|
||||
If you have not yet submitted your identity to the Retinal Clearance System.
|
||||
Communications interface online.
|
||||
You're not dealing with AT&T.
|
||||
Automatic medical systems engaged.
|
||||
Welcome to the Internet, my friend.
|
||||
How can I help you?
|
||||
Defense of a weapon selection system activated.
|
||||
Have a very safe day.
|
||||
From San Diego, California, I'm Draconubis.
|
||||
And from Rainy, Florida, I'm anigma.
|
||||
Is it raining there, really?
|
||||
Oh, yeah, so it was raining earlier.
|
||||
I haven't been outside today.
|
||||
Oh, so it's not raining now.
|
||||
So what you meant is from the place where it sometimes rains.
|
||||
The place where it was raining earlier.
|
||||
Oh, OK, that's better.
|
||||
I'm stuck inside playing Starcraft 2 today, so.
|
||||
You still play Starcraft?
|
||||
I play Starcraft 2, it just came out.
|
||||
They made a new one.
|
||||
Yeah, Starcraft 2, it's sweet.
|
||||
Starcraft 2, is it any fun? Is it good?
|
||||
Yeah, I like it.
|
||||
If you like RTSs, it's very good.
|
||||
If you don't...
|
||||
My problem with Starcraft is that you get these guys.
|
||||
They had this routine down where it's like, you know, build orders and such,
|
||||
where you just can't beat them because they're just so fast.
|
||||
And they know exactly what to do.
|
||||
It's like a giant logic flow chart.
|
||||
Yep, and it's just not fun.
|
||||
Yeah, well, if you're good at it, it's great fun if you're not.
|
||||
I'm not good at it.
|
||||
It's not so much.
|
||||
But yeah, I was playing a single player today,
|
||||
which probably get hate mail for since every buddy plays multiplayer.
|
||||
There's a single player version in Starcraft.
|
||||
I didn't even know that was there.
|
||||
Yes, there is a campaign mode.
|
||||
Use it to learn the class.
|
||||
Otherwise, I'll get wiped in the battle net.
|
||||
Seriously hard.
|
||||
You know a game I got sucked into for like three weeks.
|
||||
It always reminds me of Starcraft as a civilization in the multiplayer online version.
|
||||
Because the games last for like four hours.
|
||||
Yeah, the games are really, really long.
|
||||
So you play three games and now all of a sudden it's Wednesday.
|
||||
You're like, what the hell happened?
|
||||
Yeah, exactly.
|
||||
I've been playing the multiplayer since about four o'clock.
|
||||
I haven't been to work in three days.
|
||||
I just just got off before we were recording the show.
|
||||
So kind of a bunch of those messages from like Bill Lumber.
|
||||
Like, hey, sorry, I didn't come in.
|
||||
Next message.
|
||||
It's not a half day or anything.
|
||||
And for those of you who are too young to know the reference, it's office space.
|
||||
No, no, no, everyone gets the office space reference.
|
||||
So there's no age limit on office space.
|
||||
No, there is, you know, that has been a while.
|
||||
It's been a while ago.
|
||||
It's not like, yeah, but it's such a great movie.
|
||||
And so it's a class, especially in the IT space.
|
||||
It is, it is.
|
||||
But some of our listeners may not be in the IT space.
|
||||
Oh, oh, okay.
|
||||
You know, I'm talking about web cracking tonight.
|
||||
I hope every all of our listeners are remotely in the IT space.
|
||||
Yeah, but there's some that are just like Linux hobbyists that don't actually work in field.
|
||||
Yeah, well, yeah, but I said I was in the IT space before I was even old enough to have a job or so.
|
||||
Yeah, that's true.
|
||||
You were like 14 when I met you.
|
||||
In your IT space.
|
||||
Yeah, what are we talking about the IT space?
|
||||
Wow.
|
||||
The IT field.
|
||||
Okay.
|
||||
So what do you've been up to, Greg?
|
||||
IT in space.
|
||||
Not much, actually.
|
||||
I've been working on such and mainly just, I made the new comment system for the sky, for the show site.
|
||||
And prepared stuff for tonight.
|
||||
Sounds like a blast.
|
||||
Mostly fact checking.
|
||||
But I thought we would talk about web cracking tonight.
|
||||
How do you feel about that?
|
||||
I'm okay with that.
|
||||
Okay, because if you're not okay with it, we'd have a serious problem.
|
||||
That's all I prepared for.
|
||||
Okay, all right.
|
||||
So, so go on with your web cracking.
|
||||
Well, I should say that I'm not going to go into how to, because I've heard podcasts.
|
||||
We're selling like Reads Office sheet like, oh, okay, you want to keep in the air snort, flag S, flag W.
|
||||
Flag 40.
|
||||
I'm not going to do that.
|
||||
I want to go into why it's possible, not how it's possible.
|
||||
You can look up a tutorial online and such.
|
||||
So kind of like Concepts versus the actual practice.
|
||||
Sure.
|
||||
And I thought this is actually really interesting.
|
||||
And mostly because I know a lot about this and only had to look updates and facts.
|
||||
So it's very easy for me.
|
||||
I just have an envelope here.
|
||||
But let's knock out the basics.
|
||||
Web is just a wireless security standard.
|
||||
When you set a password on your wireless network and it asks you, do you want to use Web, WPA, DAPA2, appreciate a key.
|
||||
But mobile, those are all wireless standards.
|
||||
And of course, what is Web, what is Web stand for?
|
||||
Web stands for, you know, a lot of people will tell you that it's a wireless encryption protocol.
|
||||
And it's not.
|
||||
It's actually wired equivalent privacy because when Web came out in 1997, they were so confident that it was going to work so great.
|
||||
But they said that the privacy provided by Web was comparable to that of a traditional wired network, which is an absurd thing to say, but that's what they said.
|
||||
The problem, like most of you probably know, is that the Web is horribly insecure because it's very easily defeated.
|
||||
And because of the way it's designed, it's possible to figure out what password was used for a given network.
|
||||
And because we're doing cryptographic stuff, that's called cracking.
|
||||
So Web is insecure because you can crack Web. That's what we're going for.
|
||||
So I just very briefly, I'll go over the rise and fall of Web.
|
||||
It was introduced in 1997.
|
||||
We went over why they call it Web.
|
||||
In 2001, researchers at Berkeley and Anna Consulting firm published a very famous paper which formed the basis of the attack that's known today.
|
||||
And then within a few months after that, the IEEE, which is the Institute of Electrical and Electronics Engineers, something like that.
|
||||
Yeah, I don't know that one.
|
||||
You've heard the IEEE monochrome of course.
|
||||
It's branded on like Firewire and such.
|
||||
They established a task force to solve the problem.
|
||||
And in just three years, they came out with a new standard for WPA, which stands for actually Wi-Fi Protective Access.
|
||||
That's almost a recursive acronym like a, like a wine is.
|
||||
But the after that WPA too was officially released and it was declared that Web had been depreciated because it failed to meet its security goal of being equivalent to that of a wired network.
|
||||
Which again is absurd because...
|
||||
I just think it's hilarious. That's like saying that I don't even know what that's like saying. It's just really dumb.
|
||||
Yeah, because you can never be as secure as a wired network because of the whole nature of no wire.
|
||||
Yeah, sending your data through, of broadcasting your data through the air has some inherent security problems with it.
|
||||
Yes, it does.
|
||||
So what is Web exactly?
|
||||
Like if you had a magic web box and data was flowing into one side and nonsense was coming out, how is it creating that nonsense?
|
||||
And furthermore, if you spun the magic web box around and nonsense floating and data came out, how did it reassemble that meaningless data into usable data?
|
||||
Well, that's what I'm hoping to explain tonight and it gets extremely technical.
|
||||
So if you know the basics, just stand by and hopefully you'll get served later in the evening.
|
||||
If not, then well, you can bite me because this is all I know.
|
||||
But the main part of Web is something called a stream cipher.
|
||||
And when your data goes in, it gets manipulated by the stream cipher which makes your data unreadable. That's the confidentiality part.
|
||||
And the best way I thought up to describe a stream cipher was it's kind of like shoving a potato through a French fry cutter.
|
||||
Just to interrupt you for a second.
|
||||
I think it's cool that you put my confidentiality term in your little thing there, even if you didn't mean to from last week.
|
||||
You're such a bitch sometimes.
|
||||
So continue.
|
||||
I'm going to mention this now, even though we're going to talk about feedback later.
|
||||
But what's the name?
|
||||
Diablo Mart was a devil of markets who made fun of you?
|
||||
Someone made fun of you for getting your facts wrong about the writing a scanning thing, specifically related to pregnancy.
|
||||
He didn't get my fact.
|
||||
He didn't make fun of me getting my facts wrong.
|
||||
He said you were dumb that you were ill-prepared.
|
||||
He did not.
|
||||
He did not.
|
||||
You forwarded me that a message that you do not play that.
|
||||
I got to start rewriting those emails before I forward them to you.
|
||||
Yes, you do.
|
||||
Continue.
|
||||
Great.
|
||||
Yes, so I'd like to describe the stream cipher as a French fry cutter.
|
||||
You just shove a bunch of stuff into one side, and it cuts it up into these neat little cryptographically secure French fries.
|
||||
And I suppose if you want to follow the French fry cutter example, if you spin the stream cipher around and put the French fries back in, it will reassemble back into a potato.
|
||||
That's essentially what the cipher is doing.
|
||||
Now, when you give your wireless network a password, what you're really doing is you're kind of setting the dial on the cipher to a certain number.
|
||||
And only machines that are dialed into that number can correctly cut and reassemble your data potato.
|
||||
Does that make sense?
|
||||
Yes, it does.
|
||||
Okay.
|
||||
So, a practical example would be, let's say you're a laptop and you're out of both support weapon.
|
||||
This was, you know, five years ago and web was cool, actually, like seven.
|
||||
So they both had the magic stream cipher potato cutter machine.
|
||||
And when your router sends a web page to your laptop, it pushes the page through the stream cipher, which creates the neat little nonsensical chunks.
|
||||
The chunks are transmitted as data packets arrive at the laptop and your laptop reassembles them using the stream cipher and the web page pops out the other side.
|
||||
And it's kind of like the equivalent of having a private public key pair.
|
||||
It's very, it's very much like that.
|
||||
It's just, it's basic cryptography for that matter.
|
||||
So if you understand cryptography, you're probably bored out of your mind, but just stay with me, I promise.
|
||||
Unless, of course, you understand the RC4 cipher, in which case you can stop now.
|
||||
But the important thing to note is that, as we briefly touched earlier, is that your wireless router pushes data out in all directions.
|
||||
When it's, when you're 20 feet to the left, it will send data to the left and the right when it's broadcasting something.
|
||||
So it's a radius, not a straight line of sight.
|
||||
I've actually met people who don't understand that, which kind of confused me like, how do you think the data is working?
|
||||
Like going through your house and turning corners, what is wrong with you?
|
||||
But no, it's a radius thing.
|
||||
And anyone in the radius can actually pick up what you're doing.
|
||||
Now, usually what happens is that if you have like just, you know, your neighbor's laptop or whatever, it's made to ignore any packets coming from access points.
|
||||
It's not associated with, but you can put your wireless card into a mode called monitor mode.
|
||||
You're going to go into wireless modes, but there's like three or four of them to pay on who makes your card five in some cases.
|
||||
And what monitor mode does is it just records everything that it can hear regardless of whether or not it's addressed to that particular laptop.
|
||||
So this is called running a sniffer when you have your card in monitor mode and you're recording things.
|
||||
And it's also referred to as a capture packet.
|
||||
It's basically just capturing all packets without discrimination.
|
||||
And that's how like, Kismet and Wireshark and all of those.
|
||||
Yeah, it's that Kismet.
|
||||
I'm sorry, not Wireshark.
|
||||
Net Stumbling.
|
||||
What I was looking for.
|
||||
I'm not entirely certain how Net Stumbling works.
|
||||
Because with Kismet and you put your card in monitor mode, it will disassociate from whatever access point you're on.
|
||||
Net Stumbling does it without disassociating from whatever you're connected to usually.
|
||||
I think.
|
||||
I haven't used it in a while.
|
||||
It's very noisy.
|
||||
You know what always bugged me.
|
||||
There's a book by Daniel, there's two books actually.
|
||||
But there's one book by Daniel Suarez called Demon, which is a great book to read.
|
||||
I'll put a link in the shown.
|
||||
It's a hacker book.
|
||||
It's unnecessarily technical, but it's a very fun read.
|
||||
And everyone in the book uses Net Stumbling.
|
||||
And I have never really met a hacker who uses Net Stumbling unless for whatever reason they don't have Linux installed.
|
||||
Well, actually, Stank, when he did his wireless thing for the Discovery Channel, he used Net Stumbling and Kismet.
|
||||
I don't like Net Stumbling.
|
||||
I don't either, because one thing with Net Stumbling is very noisy.
|
||||
And I think it does attach to the access point or it hits the access point.
|
||||
The Kismet does it passively.
|
||||
So Net Stumbling is very noisy when it comes to logs and things.
|
||||
Oh, interesting.
|
||||
I have to look in on that.
|
||||
Anyway, point being that it's possible to record data packets just flying through the air.
|
||||
And the idea behind Web is that because your neighbor doesn't have your password, he can't actually unscramble the packets that he's receiving.
|
||||
So theoretically, it's harmless for him to receive them because he can't decrypt them.
|
||||
And it's important to note that if he was able to decrypt them and he had your Web key and he could get on your network,
|
||||
it's not just about stealing your band, but there are all kinds of fun things to do.
|
||||
Once you're on a wireless network that doesn't belong to you.
|
||||
It's almost like a rhyme for a reason.
|
||||
There's a bunch of these little proof of concept applications.
|
||||
One of my favorite ones, I can't think of the name of it, it's like a little perl script.
|
||||
It's essentially a man in the middle attack where you go between your target machine and the router.
|
||||
And it will intercept all web traffic, take all the images, flip them, like horizontally, do like an image transformation,
|
||||
and then send them along. So whenever you're browsing the web, all your images are upside down.
|
||||
You can do that with header cap filters too.
|
||||
Iron Geek's got a tutorial on it.
|
||||
Yeah, he did it for one of his talks.
|
||||
Oh, I mean, you know he doesn't have.
|
||||
He doesn't have a button for the site on his site.
|
||||
Yeah, yeah, yeah, get off me.
|
||||
I haven't done that yet.
|
||||
Another cool application just to get into your cool applications on a wireless network that isn't yours.
|
||||
There's a program called DriftNet and it's just, you know what it is.
|
||||
I know about it because you were talking about it once and I can't remember where.
|
||||
Yeah, and basically for those who don't know, it's an application that looks for just pictures, just JPEG images.
|
||||
I think it does more than that, but just images.
|
||||
And it will display them to the screen and you can also get it to log them, save them.
|
||||
This was your thesis or something, wasn't it?
|
||||
No, I used it actually at the correctional facility I used to work at for monitoring.
|
||||
I worked at a juvenile facility and we had to log internet traffic and I used it just to see what they were browsing.
|
||||
Because we had youth that would go out to the internet and surf porn.
|
||||
And yeah, I had some interesting images, but I digress.
|
||||
Did you do filtering or just monitoring?
|
||||
I did filtering. I actually, on the student network, we had a student network and a staff network.
|
||||
On the student network, we did white listing where they only could go to think it was like 200 sites.
|
||||
Only the approved porn sites?
|
||||
That were.
|
||||
Well, the stupid firewall would allow us to only am going way off topic.
|
||||
But the super firewall would only allow us to domain filter.
|
||||
So basically, I could limit it to the domain and like for example, CNN.com is, you know, harmless, right?
|
||||
What do you think is linked to CNN.com? That could be potentially bad for, you know, young boys?
|
||||
I'll have to talk my head. I'm not sure where you going with this.
|
||||
Sports Illustrated.CNN.com.
|
||||
More specifically, the swimsuit issues that were up on kids.
|
||||
That were up on every single, well, I walk into a...
|
||||
I'm surprised you got into a classroom.
|
||||
No, I walk into a classroom, right?
|
||||
And I see everybody's desktop background is a swimsuit model.
|
||||
Okay, that's sexy.
|
||||
Yeah, this is going away.
|
||||
And then I limited their background.
|
||||
They couldn't change their background anymore.
|
||||
It's up and wide.
|
||||
People will take like the thumbnail and then stretch it to fit the weird aspect ratio of the monitor.
|
||||
Yeah, yeah.
|
||||
Anyway, going back here.
|
||||
Yeah, we've established that you don't want other people on your network because that's bad.
|
||||
So it's not just about stealing the bandwidth.
|
||||
But that's hardly the point because no one uses Web anymore.
|
||||
It's just nevermind.
|
||||
You'd be surprised how many people use Web.
|
||||
I wouldn't call it surprise. I'd call it disappointed.
|
||||
Well, you got to realize that Web is good enough for...
|
||||
My opinion Web is good enough for home use.
|
||||
That's a deterrence.
|
||||
That just to stop your stupid neighbor from getting analyze is reasonable.
|
||||
Basically, it's locking the door on your way in.
|
||||
Yeah.
|
||||
If you have an apartment complex, you should probably use Web.
|
||||
It versus nothing.
|
||||
Yeah. And it's keeping honest people honest.
|
||||
Because if you're going to go as far as to break a Web key,
|
||||
you know what the hell you're doing.
|
||||
And be your attempting to do something probably bad.
|
||||
I was keeping honest people honest phrases.
|
||||
My favorite phrase is trust, but verify.
|
||||
Well, it's like port scanning.
|
||||
It's just knocking on the door.
|
||||
It doesn't mean I'm going to go through the door.
|
||||
It just means I'm checking the lock.
|
||||
But Web cracking is more like duplicating a key to your house.
|
||||
I'm not going to use it.
|
||||
I just wanted to have a key to your house.
|
||||
Or busting down the...
|
||||
Or picking the lock on the door.
|
||||
Yes.
|
||||
I just wanted to see if I could do it.
|
||||
I've actually done that before.
|
||||
That would have been my defense, too.
|
||||
My defense for any place you shouldn't be.
|
||||
And this is always good, especially if you're at a theme park or something.
|
||||
Because theme parks...
|
||||
Most people don't know what theme parks have.
|
||||
These massive underground tunnels where all the machinery is.
|
||||
And you can like wander around.
|
||||
If you just say you're looking for the bathroom,
|
||||
no one ever says anything to you.
|
||||
If you say like I got lost or I'm looking for a friend or I just wanted to explore,
|
||||
you'll be arrested by park security.
|
||||
But if you just say I'm looking for the bathroom, they go, oh yeah, it's that way.
|
||||
It's amazing.
|
||||
It's like the world's greatest cop.
|
||||
I'm convinced that you could like break into the, you know, oval office.
|
||||
And just say you're looking for the bathroom.
|
||||
And they'd be like, oh yeah, it's over there.
|
||||
Yeah, I don't think you're going to get away with that.
|
||||
Okay, so to understand why this is possible,
|
||||
and this is where it starts to get fun and technical,
|
||||
is you have to understand what a stream cipher is and what it's actually doing.
|
||||
So if you don't...
|
||||
Okay, I'm going to explain this.
|
||||
The stream cipher scrambles data using a password that you set.
|
||||
And the way it incorporates that password is interesting.
|
||||
Let's look at the more basic example.
|
||||
Let's talk about like Roth 13, for example.
|
||||
Roth 13 is a very trivial encryption.
|
||||
It stands for rotate by 13.
|
||||
It's the basic idea behind like Dakota rings, you know,
|
||||
kids in elementary school who can't even spell cryptography
|
||||
will send Roth 13 messages to each other because it's kind of fun.
|
||||
Okay.
|
||||
I once heard it described as being like the internet equivalent of a magazine
|
||||
that prints the answer upside down.
|
||||
It's just kind of a little thing.
|
||||
I lost my place.
|
||||
Oh.
|
||||
Roth 13 is where you shift the letters in the alphabet
|
||||
by a given number of places.
|
||||
So what are you doing over there?
|
||||
What, I'm not doing anything.
|
||||
Sorry, you can cut that out.
|
||||
It's just...
|
||||
Okay.
|
||||
My phone.
|
||||
Not a problem.
|
||||
I'm just curious what that noise is.
|
||||
But Roth 13 is when you letters in the alphabet by a place.
|
||||
So like Roth 1, for example, would make a equal b,
|
||||
b equal c, c equal d, and so on.
|
||||
Roth 13 is special because the alphabet has 26 letters.
|
||||
And a shift by 13 can encode and decode the same message.
|
||||
If you move a 13 places, it becomes n,
|
||||
and you move n 13 places, it becomes a.
|
||||
In the cryptographic world, this is actually called a cipher.
|
||||
That is its own inverse.
|
||||
That doesn't usually happen.
|
||||
You don't usually have the exact same cipher encrypting it well.
|
||||
I should probably check that statement.
|
||||
But at any point, Roth 13, the 13, is what we call a key.
|
||||
Because everyone can know how to do the rotation, the actual algorithm.
|
||||
But unless you have the number 13, you don't know how many letters to rotate by,
|
||||
and the message is still unreadable.
|
||||
So a key is synonymous with the past,
|
||||
where we're talking about cryptography in most cases.
|
||||
Of course, with Roth 13, you can easily guess the code.
|
||||
But the idea is that good encryption algorithms are sufficiently complex.
|
||||
That guessing the key is not impossible, but in practical,
|
||||
or require an unobtainable amount of computing power.
|
||||
For example, Roth 13 requires two digits.
|
||||
I mean, the maximum key is two digits.
|
||||
It can be number 13 or any one through 26, I suppose.
|
||||
But a good encryption methodology has 256 characters, 512 characters.
|
||||
If you ever hear that something is AES 256 bit encrypted,
|
||||
what they're saying is that it's using AES,
|
||||
and the key is 256 bytes long.
|
||||
So the important takeaway is that the strength of encryption comes from both the method and the key length.
|
||||
So if you have something great like AES, but it's only one bit long,
|
||||
it becomes very possible to guess what the key actually was.
|
||||
You only have so many combinations.
|
||||
The interesting problem that Web has,
|
||||
and the reason that they thought it was so secure,
|
||||
was because Web uses a really great stream cipher called RC4.
|
||||
It's the same encryption algorithm used by SSL,
|
||||
which protects online banking and such.
|
||||
And SSL has been very resilient to attacks.
|
||||
There are some things you can do, but for the most part,
|
||||
it's still a standard for a reason.
|
||||
The only way you can really,
|
||||
well, I won't say the only way you can break SSL,
|
||||
but the only practical way you can do it is do a man in the middle
|
||||
where you're intercepting both ends of the communication.
|
||||
Yeah, and within the browser lights up and says that everything's red,
|
||||
but I think most people will actually still ignore that.
|
||||
I think there are some studies saying that even when you do a man in the middle,
|
||||
like 90% of people still continue to decide anyway.
|
||||
Right.
|
||||
So, you can get around that kind of stuff.
|
||||
There was a bunch of cross-site scripting things and a bunch of other things like that,
|
||||
but that doesn't attack SSL directly.
|
||||
That attacks the things around SSL.
|
||||
So, SSL or RC4, I should say, is very, very strong.
|
||||
But the reason that Web is so bad is because it implements RC4 in a very bad way.
|
||||
Now, here's where things get really technical, so bear with me.
|
||||
RC4 is a stream cipher, as opposed to a block cipher,
|
||||
which means that it's encrypting data on the fly.
|
||||
A block cipher, you'll take one chunk of text like an email,
|
||||
do one thing to it, like fire it once, and it's encrypted.
|
||||
A stream cipher encrypts every bit that passes through it individually
|
||||
and a different transformation is performed on every bit.
|
||||
And now it gets really technical.
|
||||
The way it determines what transformation is going to perform
|
||||
is by using what's called a key stream.
|
||||
It's kind of like a key, like a password, but it's a stream of password.
|
||||
So, let's go back to the hypothetical, like a Roth 13 example.
|
||||
If you had a Roth 13 stream cipher, and your key was like one, two, three,
|
||||
it would encrypt the first letter by shifting one place,
|
||||
the second by shifting two places, and the third by shifting three places.
|
||||
And likewise, if the key stream was like three, three, three,
|
||||
the first letter would be moved by three places, the second by three,
|
||||
the third by three, and so on.
|
||||
So, as the stream flows in with the bits and the operations performed
|
||||
depending on the stream.
|
||||
Now, for RC4 to be secure, it needs a long, well,
|
||||
it needs an unlimited non-repeating key stream.
|
||||
If you ever reuse a section of the key stream,
|
||||
it's possible to take the encrypted data and perform what are called X or transformations on it,
|
||||
and end up with the unencrypted data and calculate the string.
|
||||
So, you have to have unique non-repeating key streams for RC4 to be effective.
|
||||
Interestingly enough, you don't have to enter an infinitely long non-repeating value
|
||||
when you set the password to your wireless network.
|
||||
It's usually just like the name of your dog Wolfie or something,
|
||||
and that's hardly an infinitely long non-repeating key stream.
|
||||
But we can do something to make your dog Wolfie into a non-repeating key stream
|
||||
by adding in what are called initializing vectors.
|
||||
And you hear a lot about IVs when it comes to cracking weapon,
|
||||
when it comes to cracking wireless in general.
|
||||
IVs are these, ideally, unique blocks of bits
|
||||
that get mixed with your password, and the result is given to the key stream.
|
||||
And then the IV is incremented, mixed again, given back to the key stream.
|
||||
So, the key stream is generated by segments of your password mixed with an IV,
|
||||
and theoretically, oops, not in the mic.
|
||||
And theoretically, because the IV is always changing,
|
||||
the password given to the key stream is always changing,
|
||||
it's non-repeating boom problem solved.
|
||||
So, not so much in wet.
|
||||
Well, as far as we know, RC4 can't be broken,
|
||||
as long as it has a non-repeating key stream.
|
||||
And as far as we're concerned,
|
||||
wet is the security equivalent of being on a wired network,
|
||||
unless, well, no.
|
||||
I suppose unless you ever had a duplicate IV, but...
|
||||
But you would never have that.
|
||||
They would never be so.
|
||||
No, no, no.
|
||||
Because the duplicate IV would mean that a duplicate result combination was given to the key stream,
|
||||
and any repetition of the key stream, as we know,
|
||||
is a catastrophic failure of security.
|
||||
But as long as the IVs are long enough, that won't happen,
|
||||
because you won't have repetition.
|
||||
Of course, the downfall of wet is that the IV is actually not...
|
||||
long enough.
|
||||
And this does happen.
|
||||
And it happens a lot.
|
||||
You see, wet has...
|
||||
It uses what's called a 24-bit IV,
|
||||
so the IV is 24 characters long.
|
||||
And you think, oh, well, that's really long.
|
||||
How many packets are you possibly sending?
|
||||
Well, you have to have a different IV for every packet practically.
|
||||
And on a busy network, like if you're downloading a file,
|
||||
700 packets are sent per second,
|
||||
and each packet needs its own unique IV practically.
|
||||
So, just after 5,000 packets, after 7 seconds,
|
||||
there's a 50% probability that an IV will be reused.
|
||||
And worse than that, after 40,000 packets,
|
||||
there's a 50% chance that you can calculate the Web key
|
||||
because you have collected enough duplicate IVs.
|
||||
20,000 more packets.
|
||||
You have an 80% chance, 25,000 more than that,
|
||||
and you have a 95% chance.
|
||||
So, in less than a minute, on a busy network,
|
||||
you can have enough weak IVs to calculate the Web key,
|
||||
and that's really bad for Web.
|
||||
It doesn't even take more than a minute to figure it out.
|
||||
And the actual calculation, by the way,
|
||||
happens in like three or two seconds.
|
||||
It's a very fast calculation.
|
||||
The time comes from collecting the actual weak IVs.
|
||||
Right.
|
||||
And the only caveat worth mentioning is that you have to have a busy network.
|
||||
What if the network's not busy?
|
||||
Well, no.
|
||||
No, no, no, no.
|
||||
You can actually make the network more busy.
|
||||
What happens is when you're connecting to a network
|
||||
and your laptop asks for an IP address,
|
||||
it does what's called an ARP request,
|
||||
and it asks for routing information essentially.
|
||||
So, what you can do is you can...
|
||||
And pop quiz.
|
||||
What does ARP stand for?
|
||||
Address resolution protocol.
|
||||
You got it.
|
||||
Pam.
|
||||
You can drink alone.
|
||||
You can send...
|
||||
Without you being associated with the router,
|
||||
you can send a client a disassociation message
|
||||
and knock it off of the network.
|
||||
It will, of course, try and reauthenticate and re-associate.
|
||||
And when it does so, you can grab whatever it's sending.
|
||||
You're not entirely certain what it's sending,
|
||||
but that doesn't matter.
|
||||
You can grab it and re-play it back.
|
||||
And every time you re-play it back,
|
||||
the router will respond,
|
||||
and it will respond with an encrypted packet.
|
||||
And that's a legitimate encrypted packet.
|
||||
In fact, we'll need 40,000 more, and we can break web.
|
||||
And you can just send an unlimited avalanche of these ARP replies.
|
||||
And the router just goes like a freaking fire hose.
|
||||
Like a...
|
||||
of ARP replies.
|
||||
And the router just goes,
|
||||
oh my god!
|
||||
As if the some routers are smart,
|
||||
or some routers allow you to configure how many ARP replies are set per second.
|
||||
But still, and then you only have to wait a couple of minutes.
|
||||
But the bottom line is that the web can be broken,
|
||||
because the IVs are not long enough,
|
||||
which leads to a reputation in the key stream,
|
||||
which means that RC4 fails,
|
||||
because you can take the end results in X or them,
|
||||
and get the web key.
|
||||
There you go.
|
||||
So, I'm hoping that anyone who thought that was too basic
|
||||
is now thoroughly put in their place.
|
||||
Thoroughly?
|
||||
Mm-hmm.
|
||||
And that's a de-off attack, by the way,
|
||||
just in case someone wanted to research that.
|
||||
Um, would it be considered?
|
||||
Oh, oh, I think it's a de-daw.
|
||||
I don't think it's de-daw.
|
||||
De-daw.
|
||||
De-daw.
|
||||
Yeah, so that's definitely de-off attack.
|
||||
Which is valuable in many, many protocols.
|
||||
You'd be surprised.
|
||||
Yes, you would be.
|
||||
But, um, I think we should give some shout outs to people
|
||||
who left us great feedback.
|
||||
I would agree.
|
||||
Do I know you have something to prepare?
|
||||
Yeah, for the gentleman,
|
||||
I hold on one second.
|
||||
Let me get his name right.
|
||||
You do not forget Diablo Marcus's name, did you?
|
||||
Diablo Marcus, yes.
|
||||
Um, anyway.
|
||||
Um, he pointed out that I was incorrect
|
||||
on the retinal versus Irish scan.
|
||||
He drew a picture of you on one of those hangman newsies.
|
||||
He did not.
|
||||
He pointed out that it is the retinal scan
|
||||
and that is the, um,
|
||||
the one that, uh,
|
||||
has the privacy concern with the pregnancy and women.
|
||||
Yeah.
|
||||
And he gave a...
|
||||
What was that?
|
||||
I was going to say that I looked into this issue
|
||||
and I could not find a single, um,
|
||||
credible mention of, um,
|
||||
this eye-scaling technology determining if you're pregnant.
|
||||
I could find things of pregnancy damaging,
|
||||
uh, its ability to read,
|
||||
but not that it can determine if you're pregnant.
|
||||
Hmm.
|
||||
Maybe he didn't give me that.
|
||||
No, he sent you a link to the Wikipedia article,
|
||||
but it didn't say that he could...
|
||||
Yeah, I don't know what to say.
|
||||
It just said it could be distorted.
|
||||
Hmm.
|
||||
Interesting.
|
||||
Which is why he drew that picture of you
|
||||
so that said liar, liar,
|
||||
and had little stink lines coming off of you?
|
||||
Anyway, I will research that more,
|
||||
but thanks for the link anyway,
|
||||
and, um, he's, uh,
|
||||
and he says we're amazingly more informative than security now.
|
||||
Set in the bar high.
|
||||
Right above security now.
|
||||
Um, NY Bill sent us a nice message saying that he, uh,
|
||||
that he loves our show and that he listens to it on the way to work.
|
||||
And that's great,
|
||||
except that he drives 20 hours a week.
|
||||
So I don't know if he listens to us just to fill time
|
||||
or if he really enjoyed this.
|
||||
But, uh, this is a nice guy.
|
||||
I talked to him back in part.
|
||||
He sent me this great list of podcasts, too.
|
||||
That was really useful.
|
||||
Good.
|
||||
Good.
|
||||
And we should mention Clat 2, site 2.
|
||||
Clat 2 as a podcast.
|
||||
Uh, the bad apples.
|
||||
He has a podcast.
|
||||
I thought he had like 20.
|
||||
Oh, he has the, you know,
|
||||
he has the world's first aug cast or something.
|
||||
I hate aug.
|
||||
And then he is, he is the, uh,
|
||||
the self-proclaimed media who work.
|
||||
So just for the record.
|
||||
You know, I have to say, um,
|
||||
I was on a site looking at,
|
||||
she's like, oh, then you only offer things in aug.
|
||||
Really?
|
||||
I'm like, because it doesn't sync with my iPod.
|
||||
And I'm like, okay, we'll find.
|
||||
And then he has an alternative code.
|
||||
I could go, oh, there's MP3 hiding in the background.
|
||||
No, he has aug and he has speaks.
|
||||
And it wasn't a week prior to finding out about,
|
||||
about his site.
|
||||
I would have, like,
|
||||
just come with the hell as this protocol.
|
||||
But speaks actually is a really cool codec.
|
||||
But I'm just, I'm just surprised
|
||||
he's encoding a podcast in it.
|
||||
Yes.
|
||||
Yes.
|
||||
So I would, I actually had to look it up
|
||||
because I didn't know what it was until I saw it on his site.
|
||||
It's actually really great.
|
||||
I was considering it for protocols for this show,
|
||||
um, because it's, it's not bad,
|
||||
but we ended up using more.
|
||||
Actually, I think right now we might be using speaks,
|
||||
or speaks receiving one of the two.
|
||||
Um, and I should say hi to Jake.
|
||||
Jake's really cool.
|
||||
You know, Jake said that he helps we keep the show up
|
||||
as long as scheduled permits.
|
||||
I don't think he understands how committed we are to the show.
|
||||
How committed are you to the show, Drake?
|
||||
I'm, I'm very committed as people will find out.
|
||||
But I'm not the one who's talking to a two-can Sam microphone
|
||||
or whatever you have going on over there.
|
||||
I am not talking to a two-can Sam microphone.
|
||||
Whatever, dude.
|
||||
God, I hope the new microphone gets there soon.
|
||||
And so that's all I got for the show.
|
||||
Uh, check out the site, Hack Radio.
|
||||
Oh, we have comments now.
|
||||
Go to the site and look at the comments,
|
||||
talking to you specifically.
|
||||
Yeah, and, and don't go to the Hack or Public Radio site
|
||||
and look at comments,
|
||||
because I haven't fixed it yet.
|
||||
So I have not fixed it yet.
|
||||
You said days ago you would fix it.
|
||||
Yeah, well, StarCraft 2 got in my way.
|
||||
So, you know, sorry to the,
|
||||
to the people that have to deal with the spam on,
|
||||
Hack or Public Radio,
|
||||
but you went to priority number two.
|
||||
Yeah, go to HackRadioLive.com,
|
||||
or dot, or either one of us,
|
||||
but I like to push the dot org,
|
||||
I think it sounds more official.
|
||||
But don't go look at the,
|
||||
I'm talking to you specifically.
|
||||
Go look at the comments
|
||||
and look at how great they are.
|
||||
Okay, I will go look at comments.
|
||||
I haven't been on the site in a couple of days.
|
||||
I will.
|
||||
You're on the site now.
|
||||
You need to see,
|
||||
I want you to see how great they are on air.
|
||||
To encourage you.
|
||||
No, because if you say,
|
||||
oh, yeah, the comments are so great,
|
||||
no, it's going to go.
|
||||
But you say, oh, wow, they're actually pretty cool.
|
||||
People will go.
|
||||
They're great, right?
|
||||
You haven't seen them.
|
||||
Hold on, geez.
|
||||
It took me a while to code.
|
||||
I'm not good with PHP.
|
||||
Super, super,
|
||||
super quick feedback would be.
|
||||
No, no, no, no.
|
||||
Click on the show,
|
||||
like you're going to leave a comment.
|
||||
Oh, okay.
|
||||
Because I saw that feedback.
|
||||
Yeah, it's been there.
|
||||
I told you it was cool.
|
||||
I had a new comment.
|
||||
Isn't that cool?
|
||||
Okay, that's pretty cool.
|
||||
Yeah, that's right.
|
||||
Yes.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Yeah.
|
||||
Reference in New Issue
Block a user