What other systems don't have, however, is adaptability. Condon said that, unlike its fellow next-generation gaming machines, the PS3 lets users install Linux, a free, open-source operating system.
[...]
Unfortunately for ICE, the new slim-PS3 won't suffice.
"The newer PS3s have been restricted, locked down, so you can't put Linux on them," Condon said.
Oh dear, the slashdot thread practically writes itself...
What a total nonsense article. No mention of rainbow tables which could probably crack the passwords of 90% of the dreaded child pornographers in seconds with any machine. Indirection if you ask me.
"On April 22, 1992, less than a year after her kidnapping, a male caller reported to the Contra Costa County Sheriff's Department that he saw a girl who closely resembled Dugard staring intently at a missing child flyer of herself in a gas station in Oakley, California, less than two miles from the Garridos' home. The caller, who left no name, reported seeing her leave in a large yellow van, which matches the description of an old yellow Dodge van that was recovered from the Garrido property in 2009. The license plate was not reported and the sighting was investigated only cursorily.[32]"
"In 2006 one of Garrido's neighbors called 9-1-1 to inform them there were tents in the backyard with children living there and that Garrido was "psychotic" with sexual addictions. A deputy sheriff spoke with Garrido at the front of the house for about thirty minutes and left after telling him there would be a code violation if people were living outside on the property. After Dugard was found in August 2009 the local police issued an apology."
If the "police" really cared about this type of thing, they wouldn't have the person with seniority in their division fuddling around with PS3's. This type of story is just to make the public feel good about what is being done. If their goal was to actually catch people, they'd approach legitimate "hackers" and make them an offer they can't refuse, but instead, they must give these types of jobs to people with union seniority, who are of course the ones that know almost nothing about it.
Rainbow tables are useless against any marginally modern crypto scheme (e.g., any that has a salt). I imagine a child pornographer (if they were using crypto at all) would likely use some simple off-the shelf software like Truecrypt - which is essentially uncrackable.
And what's the point of that really long anecdote? I don't see how that relates to this article ...
I'd really like to know if they have had any success with this. The article says they can try 4 million passwords per second, though it's not clear if that's per machine or for all 20 machines that they currently have. They also state that a six-digit password has 256^6 possible combinations, or 282 trillion. 282 trillion combinations at 4 million / second is still more than 2 years, but I'm guessing that they're smart about how they apply the algorithm since most of the characters in a password probably fall within a set of 100 more common characters. Throw 20 machines at it and get smarter about your guesses and I'm sure that gets down to maybe a few days, but what about 10 or 12 digit passwords? Just wondering if this has been at all effective.
I have to assume they're using some sort of extremely broad, relatively intelligent dictionary attack--a large dictionary, mixing numbers and symbols in with words, trying misspelled words using things like Levenshtein distance, phonetic spellings, etc.
In other words, brute force using the sort of mnemonics and tricks that people are advised to use to help them remember a "strong" password. Password strength is a spectrum, and there's a fair difference between "strong enough to make a random criminal go find an easier target" and "strong enough to keep out a determined, funded attacker targeting you personally".
Or it's possible that a lot of these suspects just used really crappy passwords. People are silly that way.
> but what about 10 or 12 digit passwords? Just wondering if this has been at all effective.
Most passwords out there are very insecure because they use words that look, sound or are composed of words from dictionaries, that increases the likelihood of cracking the password quite a bit. They can essentially split the load, let some machine brute force sequentially and others perform a dictionary attack.
Even better they should generate a custom dictionary by dumping the strings from any non-encrypted data from the same user. That is what I would do at least.
My guess is that they're actually using dictionary (or pre-generated rainbow tables with near words) attacks.
Pedophiles don't tend to be the sharpest tools in the shed so I'm guessing dictionary words do the trick 90% of the time.
When in doubt make your password something like j3vm#sdq-oj3ew7!d. I call it an "8 by 8" and have committed myself to memorizing a bunch of them for everyday use.
Pedophiles don't tend to be the sharpest tools in the shed so I'm guessing dictionary words do the trick 90% of the time.
You know, users in general don't tend to do very well at picking passwords. The great success story of educating users on password strength is that, after years of telling people to use both numbers and letters, the most popular password went from being "password" to "password1".
Not to mention that it's probably unwise to assume that criminals of any sort "don't tend to be the sharpest tools in the shed". Maybe it's true, maybe not, but underestimating an adversary's competence is asking for trouble.
Pedophiles don't tend to be the sharpest tools in the shed
It feels good to say mean things about our enemies, but I find it implausible that someone's credibly found a link between pedophilia and low intelligence. (Presumably people don't admit to being pedophiles, so you can't find a random sample of them to study. You can study pedophiles who get caught, but presumably those are the least intelligent pedophiles, so you can't draw conclusions about pedophile intelligence from them. I think it's safer to assume pedophiles have a normal distribution of intelligence.)
What's the equivalent performance you could get from a modern $300 nVidia graphics card? Serious question, as I have no way of guessing, though I have a hard time imagining the modern nVidia won't spank the PS3 every which way. (Or possibly two $150 cards.)
I suspecte somebody's playing up the PS3 angle for publicity, the only question is whether it's the FBI or Sony.
Without knowing what they consider a password, it is hard to tell.
Even though the Cell processors and GPUs are similar, they both do have different strengths still. There exist password systems that would get miserable performance on either or both.
What's funny is that game consoles are usually subsidized by the makers, hoping to make their profit on the games. Not positive about PS3, but that's probably why they're getting such a cheap computer for this purpose.
I felt that this was a well-written article but the ending feels like a pathetic stab at.... humor?
Despite having so many PS3s at their disposal, both Skinner and Davenport said agents have resisted the temptation to play video games on the consoles.
What other systems don't have, however, is adaptability. Condon said that, unlike its fellow next-generation gaming machines, the PS3 lets users install Linux, a free, open-source operating system.
[...]
Unfortunately for ICE, the new slim-PS3 won't suffice.
"The newer PS3s have been restricted, locked down, so you can't put Linux on them," Condon said.
Oh dear, the slashdot thread practically writes itself...