The physicist, engineer and mathematician

Physicists see equations as a reflection of reality.
Engineers see reality as a reflection of equations.
Mathematicians haven't made the connection.

One night a physicist, an engineer, and a mathematician each awoke to a fire in their kitchen. The physicist calculated the precise amount of water necessary to extinguish the fire, measure out just that amount of water, poured it on the fire, and went back to bed. The engineer poured water on the fire till is went out, added some more for good measure, then went back to bed. The mathematician proved that is was possible to extinguish fire with water, then went back to bed.

OS X fling

'Bout 3 weeks ago, I have performed the unimaginable (at least in the last decade or so), and even in some circles, a sacrilegious act.

I have installed OS X on an x86 machine and was successful running it. As a matter of fact, I just had an eerie feeling just looking at the boot-up screen, it's as if hell froze or Microsoft made Windows open source.

Anyway, if you're interested, keep on reading.... Disclaimer: Do this at your own risk.

Here are the steps:

Pre-installation requirements:
a. You need an external USB storage device with at least 7GB capacity. An iPod will work well here.

b. A spare HD with at least 10GB of free space.

c. A LiveCD of any Linux flavor you prefer. And NO, don't get me started about Linspire (Lindows, whatever) being a Linux distro. Grab something real like Ubuntu, Gentoo, Redhat or Suse. In this experiment, I used the Ubuntu LiveCD.

d. An image of the OS X tiger install. Remember kids, it is NOT right to download "tiger-x86-flat.img" from BitTorrent sites like piratebay.org if you are not licensed to do so. ;) Typically, it's a 1.2ish GB *.rar file.

Installation

1. Once you're done downloading the image rar, extract the contents to your external USB device. If you're using Windows, WinRar works well (from rarlabs.com). Total extracted size should be approximately 6GB.

2. Boot with your LiveCD. Make sure you set your BIOS to boot from CD. If you don't know how to do that, this project is not for you. Just kidding, consult your mobo manual for details. Usually the option to boot from CD is in the boot priority menu. For safety's sake, just unplug your primary harddrive and make sure that the only HD plugged-in is your 10GB HD from b..

3. Once Ubuntu finishes loading up its GUI, plug in your USB Storage device. A window should popup that will show something like: /Devices/YourDrivesNameHere

4. Open a terminal window and cd to /Devices/YourDrivesNameHere . Type the command:

dd bs=1048576 if=./tiger-x86-flat.img of=/dev/hda

Remember to replace hda with the other 10GB HD you have on your computer. It will take around 5-7 minutes for that to finish, but your mileage may vary.

5. Shutdown your PC, remove the Ubuntu disc, unplug your USB device and boot from your HD.

Voila! OS X on x86! I'll post some pics once I get the chance.

Current setbacks:

i. If you are using an nVidia or ATI video card, chances are, CoreImage (http://www.apple.com/macosx/features/coreimage/) and QuartzExtreme (http://www.apple.com/macosx/features/quartzextreme/) will be disabled and OS X will only install a VESA 3 compatible driver. Massive efforts are underway to hack/develop an nVidia driver for OS X native on x86. http://macvidia.plusmediamusic.com/

ii. If your processor does not support SSE3, Rosetta won't run and you won't be able to run PPC compiled programs.

BigD
9/8/05

salting your hashes

No, this is not a post about cooking or preparing hashbrowns. Rather, this is a post about 2 of my pet peeves -- unsecure systems and weak passwords. It is quite unsettling to know that a simple google search for the term

5f4dcc3b5aa765d61d8327deb882cf99

will bring thousands of websites, sometimes showing *nix passwd files. Why they're in public domain? I don't know why.

What is the significance of 5f4dcc3b5aa765d61d8327deb882cf99 you say? Well, the string shown above is the MD5 hash of the word 'password'. MD5 is a cryptographic hash function which outputs a 128-bit hash value for any given sequence of bytes -- as short as a character string or as large as a file.

Eg.

md5_hash("password") = 5f4dcc3b5aa765d61d8327deb882cf99
md5_hash("hax0r") = b2a2420416e7b66308f9abb786f973da
md5_hash("apples") = daeccf0ad3c1fc8c8015205c332f5b42

The algorithm for deriving the 128-bit output hash from a sequence of bytes is best described here:

http://en.wikipedia.org/wiki/MD5

But in a nutshell, MD5 is like baking. You have ingredients (apples), perform certain operations, peel, chop, boil, etc, then bake, you get apple pie -- or a hash.

Like MD5, you cannot get the original "apples" from the hash, it is mathematically irreversible. That is why it is the ideal kind of data to store as passwords-- you can see it, but you don't understand what it means. Modern operating systems usually store passwords this way and to authenticate the user, the OS doesn't decrypt the password in the password database, conversely, it encrypts the user input and compares it to the stored hash. But I digress.

Anyway, there have been a growing amount of users building MD5 hash dictionaries (ie gdataonline.com) wherein it claims to "crack" MD5 hashes. Nothing wrong with that, except if you use it for the the wrong reasons. True, it does translate your MD5 hashes to it's original form, but it doesn't do it mathematically, the magic is just a simple database lookup of common dictionary words vs its MD5 hash, nothing more.

Which now brings me to the title of this blog entry, salting your hashes. Salting in essence means adding a "secret" sequence of bytes to whatever string you hash to make it less prone to brute force dictionary attacks.

Eg.

md5_hash("XXapplesYY") = 7379d49b310a2d866a4ddf79bd5f09cc

In the above example, XX and YY are my salts.

Salting is but one of the hundreds, if not thousands of ways in securing passwords in applications or websites you're developing. In ensuring that techniques like the ones shown above are employed, we make the net a bit safer for everyone.



bd
9/7/05