Cryptography and passwords

Hi,
today I will write about passwords and their security. Mostly I want to explain what “hashing” means in this context. Its certainly important issue considering that for example last year in May there were 164 million passwords from LinkedIn offered for sale.


Good site that user needs to log in wont safe your password. You should be the only person who knows it. How can they check when you log in then? Well they hash your password.

This means that when you create your account instead of storing the password which could be simply stolen away, the website will run the string through one-way function that will put out some long combination of various letters and numbers, unrecognizable from the original password.

One-way function means that you can not take the nonsense, put it into the function other way around and get the password out, one-way function may for example lose some of the original information so that the process is not reversible.

Now on the server is only saved hash of the password[1] but even that is not enough to be quite secure. The thing is that there are only several commonly used hashing functions and crackers (correct term for hacker) can still break it…

What crackers can own is called rainbow table. That is huge (in terms of gigabytes easily) table of hashes. These hashes were made from random letters or from combination of words from dictionaries. When somebody cracks the database of some website and get hands on all those saved hashes they will start to compare them in huge amounts with their rainbow table. The hash functions always create the same string from the same password so the cracker only needs to have these rainbow tables for couple of most used hash functions.

This is of course why it helps from the side of the user to have long and random password, one can not have everything on the rainbow table because of its size and it takes a long time to compate a lot of hashes.

For extra protection most pages also “salt” hashes. That means that after your password they add some random characters and makes a stronger hash with it. Every password has to have original long salt. With the salt it does not matter if it is known or not because cracker can not precompute rainbow tables for all the possible strings and the technique will become unusable.

Sites might also add time that it takes to log into account, not noticable for user but catastrophic for cracker. For example if user has to use CAPTCHA or if simply you use hash function that takes longer time to go through, you will be way more secure from brute force attacks attacks which are cracking hashes one by one simply by trying random strings.[2]

On this page you can check if your account have been breached.

Dragallur

[1]When you log in the password that you entered will be hashed again and compared to the hash that is already saved in the database.

[2]On the other hand you might me more fragile against attacks that try to make your site overloaded.

Source

Advertisements

Vacuum decay and Trump

Hi,
today I want to do a fun post inspired by a meme that I saw some weeks ago on Theoretical Physics Memes. Well here it is:

https://qph.ec.quoracdn.net/main-qimg-0be932f563bde21614fc7bfbcff409d9


If you dont understand the joke, its alright, I will explain. If you do understand the joke you can continue reading for the sake of… reading?

Disclaimer: I have not been using disclaimers before but the truth is I am no physicist so I do not claim to actually comprehend this stuff.

So vacuum decay or also false vacuum is the idea that you could die any second. (See I am no physicist)

Basically fields (meaning electromagnetic and other types) want to get into the lowest energy state possible. Also electrons rather like lower energy states to be more stable so, if they have more than they “need”, they will radiate it away in form of photons. Now it is assumed that these fields are either in stable position (lowest energy level) or they might be in metastable position[1], which means that there is energy barrier between the metastable level and stable, if it is “reached over” and the field drops into lower stable or again metastable level it will release energy.

If we were in false vacuum[2] we would just need to reach over the hill to get to true one.

Since particles arise from these fields some new types would appear and Universe in this place would look a bit different inside. The reason why this is connected to the discovery of Higgs Boson is that the mass that it has indicates that we may live in false vacuum, if our physics is right than we could die any moment since the false vacuum is expanding almost at the speed of light.. means we can not know if it is coming on us or not, which also means that you do not need to worry really.

Now you understand the joke though if you are Trump supporter than you do not find it very funny in which case I pity you because it is great joke 😉 [3]

Dragallur

Pic. source: By User:Stannered – Adapted from en:Image:Falsevacuum.png, CC BY 2.5, https://commons.wikimedia.org/w/index.php?curid=1711800

Post source mostly.

[1]They can also be in unstable position but not for long.
[2]The name false vacuum has nothing to do with the vacuum of space.
[3]Proper explanation: it is so bad that Trump is elected, I hope that Universe will end soon, oh hmm.. what is the probability of it happening?

SpaceX meets Moon (soon)

Hi,
private space company SpaceX aka Elon Musk decided to visit make a flyby around Moon in 2018.


Where to start? Well it probably began with two private citizens who were willing to pay many MANY millions of dollars to get a nice trip. Yes, space tourism, exactly.

This trip is planned to be done with Falcon Heavy which is rocket (not build yet) designed by SpaceX and is supposed to have 2/3 of thrust of Saturn V (the rocket that got Apollo to Moon). The crew will stay for about 8 days in Dragov v2 (v standing for version) capsule that is also not tested yet. Both of these things are supposed to be run later this year.

Dragon V2 in hover test [1]

The crew are definitely some rich people but as of now they are staying anonymous. At the end of this year they are supposed to start some training but otherwise the mission will be automated so they wont have to do much stuff.. also that means that they wont do much science either.. only some tests on their bodies but otherwise it really is only “sightseeing” trip.

Why this whole thing though? Well it will add lot of publicity and earn some money and it is place to test Falcon Heavy and D2 capsule[2]. The last time people went to the Moon was in 1972 and this mission is quite similar to Apollo 8 which was also such a flyby.

Otherwise we do not really know much details, SpaceX will have to do a lot to be able to accomplish this goal and right now it is behind schedule.. there were some rocket explosions which slowed the company down. We will see how it looks like in the upcoming months.

Dragallur

[1]When the rocket starts to explode and there are people on board, you need to be able to escape really fast. The capsule was not tested on rocket yet.

[2]Also if part of it is payed by somebody else.. well why refuse?

Picture source: By SpaceX Photos – Dragon 2 hover test, CC0, https://commons.wikimedia.org/w/index.php?curid=46531492

Its about Trappist-1

Hi,
I noticed that in the last days lot of attention was given to this new exoplanets. Well, I guess I have to stay in the “popular sphere” and follow with my post!


Around star called TRAPPIST-1 also known as 2MASS J23062928-0502285 were found together 7 exoplanets, more on this down in the post.

First the star.

Trappist-1 is very small star in special category L which means that it is a red dwarf. You wont find this category in the normal stellar classification because this one and other are made for brown and red dwarfs and were introduced later on. This of course means that Trappist-1 is not very bright or very hot and NOT visible to naked eye (it has apparent magnitude of 18.8 which is way outside of what human eye can see).

All pictures of these planets are artist’s impression.

 

The planets were discovered using transit photometry. Method that takes advantage of the planets blocking out some of the star’s light. In 2015 there were 3 discovered already and in February this year, astronomers in Belgium found another 4.

There names are truly beautiful: b,c,d,e,f,g,h (aka. Trappist-1b…)
b,c,e,f,g have similar size to Earth and d,h have radius somewhere between Mars and Earth. e,f,g also orbit in the habitable zone of planet which is an area around the star where liquid water might stay on the surface.

Bit of a problem is that since the planets are so close they receive lot of radiation from Trappist-1 and are also probably tidaly locked, which means that they are facing the star with always the same side, thats what is happening to our Moon too. All of their orbits’ radiuses (semimajor axes) are in matter of few millions of kilometers. For Earth this is 1 AU or 150 millions and for Mercury roughly one third. Their years last few days, for Trappist-1b it is just 1,5 days. Those are definitely some crazy numbers but since we know so little about formation of new life we can not really say how high the probability of something living there is.

NO signals were detected from that direction.

Dragallur

PS: You would have amazing view from the planets since they are so close together.

Source of picture: By NASA/JPL-Caltech – Catalog page · Full-res (JPEG · TIFF), Public Domain, https://commons.wikimedia.org/w/index.php?curid=56513150