Randal Schwartz was too curious for his own good. As a contractor at Intel in Oregon in the early 1990s, he poked and prodded a bit too much, especially in the area of demonstrating how poorly chosen - how weak - many account passwords were in the groups he worked for. Schwartz is best known as a Perl guru, an expert in the programming language perl that is widely used for Web applications alongside later arrival PHP. (In fact, big hunks of TidBITS are now powered by Perl.)
Most system administrators view testing passwords for strength as one of many tests to ensure that a network and its associated computers are resistant against infiltration and compromise. However, disputes in the manner by which Schwartz ran his password-cracking tests and the permission he had to do so led to him being released from Intel, charged with a computer crime under Oregon law, and convicted of three felonies. He also had to pay restitution to Intel and a large pile of legal costs - hundreds of thousands of dollars in all.
Those convictions have now been expunged, and I'm happy to spread the word. On 01-Feb-07, a court ordered that due to "the circumstances and behavior of the defendant since the date of conviction" and his completion of all provisions required of him, his conviction and arrest are to be removed from the record. In the words of the order, "the defendant...shall be deemed not to have been previously convicted or arrested."
Welcome back to the land of non-felons, Randal. :)
My third time co-hosting the Binary Revolution webcast with Stankdawg. :) Subjects on the 90-minute program this week include Kryptos, the Smithy Code, Treasure Hunters, Lost, and Wikipedia (the place where I've been spending a lot of time recently).
Clicking on the link below will take you straight to the MP3 ...
New York Times: A Break for Code Breakers on a C.I.A. Mystery
6:21 pm EDT, Apr 22, 2006
Congratulations to Elonka on making prime coverage in the New York Times ...
For nearly 16 years, puzzle enthusiasts have labored to decipher an 865-character coded message stenciled into a sculpture on the grounds of the Central Intelligence Agency's headquarters in Langley, Va. This week, the sculptor gave them an unsettling but hopeful surprise: part of the message they thought they had deciphered years ago actually says something else.
On Wednesday afternoon, Mr. Sanborn left a phone message for Elonka Dunin, a computer game developer who also runs an e-mail list for enthusiasts trying to solve the "Kryptos" puzzle. For the first time, Mr. Sanborn had done a line-by-line analysis of his text with what Mr. Gillogly and Mr. Stein had offered as the solution and discovered that part of the solved text was incorrect.
Within minutes, Ms. Dunin called back, and Mr. Sanborn told her that in the second section, one of the X's he had used as a separator between sentences had been omitted, altering the solution. "He was concerned that it had been widely published incorrectly," Ms. Dunin said.
The formality of the New York Times cracks me up. "Ms. Dunin", indeed...
RE: Books: Mammoth Book of Secret Codes and Cryptograms
9:17 pm EST, Dec 26, 2005
Elonka Dunin, one of the sharpest cryptographers of this or any other age, has created a superb tutorial of cryptography --an entire classroom in a single book! A reader can be at any level of skill in crytography and achieve full enjoyment of this marvelous work. Excellent coverage of the latest in cryptograms, including Da Vinci codes and the hardest puzzle to challenge experts in a decade: KRYPTOS (Google it!) This book could be your training ground for solving the best of unsolved cryptograms of this and recent centuries.
Wow, thanks! I hope all the reviews are as positive. :)
The Amazon U.S. page is not accepting reviews yet, but the Amazon UK page is. Would you be interested in adding your advance review there?
terratogen wrote: ] The satellite feature is pretty neat.
The directions feature is nice too, and it's a huge relief to be able to request directions by just typing in a single line search box. I'd been getting really annoyed with Mapquest's interface... Like I would type an address at "St. Louis, MO", and I'd get back this big yellow exclamation point with "Did not find this exact address, but found one very similar: 'Saint Louis, MO'", and ask me to hit the button again. Or it would get upset that I typed "Lane" instead of "Ln". Really irritating.
I still have a few other of my more obscure direction requests to check on Google Maps, but so far it looks much superior to Mapquest. And I *really* love the click and drag feature!
Decius wrote: ] ] SHA-1 has been broken. Not a reduced-round version. Not a ] ] simplified version. The real thing.
Well, "Broken" is relative. I'd instead use the term "somewhat weaker than expected". From what I'm reading, the old chances of collision were 2^80, and now with the "break" they've been reduced to only 2^69. Still pretty hefty.