Teaching – Page 3 – Michael Soltys

Networks Course Password Cracking Challenge

During the March 18th, 2014, Networks lecture (CS3C03/SE4C03), I posed the challenge of cracking the password corresponding to the following command:

htpasswd -bnm netsec2014 <password>

which yielded:

netsec2014:$apr1$tWaYGBoQ$v1osblq2UdOs0rNURdUhW0

Note several things about this line:

apr1 means the result of an Apache-specific algorithm using an iterated (1,000 times) MD5 digest of various combinations of a random 32-bit salt and the password; you can find more about it here: Apache Password Formats.
tWaYGBoQ (i.e., the string between the second and third $‘s) is the salt; a 32 bit binary value encoded in Base64. This salt is randomly generated each time the htpasswd command is invoked, and hence, each time htpasswd is invoked it yields a different output, even though it is invoked on the same login/password pair.
v1osblq2UdOs0rNURdUhW0, (i.e., the string following the last $) is the actual hash.

How can you check whether a particular password works? You can do so with the command:

openssl passwd -apr1 -salt tWaYGBoQ <password>

As of March 19, 9am, no one was able to break this password. I expect this to be very difficult. On the other hand, the first challenge was successfully cracked by Adam Brousseau: the crypt password corresponding to seed 3z and hash f2laisA/GQ6 is abracadabra, and since only the first 8 characters count, abracada. Adam used open source C code John The Ripper on his own Linux machine, with processor AMD 4 core 3.4GHz (Single core used; Phenom II X4 965 BE). The crack took 23 minutes 10 seconds.

Traceroute experiment

Giving the following command from home:

traceroute www.cas.mcmcaster.ca

yields this output:

traceroute to wwwmac.cis.mcmaster.ca (130.113.64.65), 64 hops max, 52 byte packets
 1 vlan1.phub.net.cable.rogers.com (192.168.0.1) 0.864 ms 0.645 ms 0.971 ms
 2 7.11.162.245 (7.11.162.245) 9.885 ms 9.571 ms 15.516 ms
 3 24.156.137.81 (24.156.137.81) 12.221 ms 11.316 ms 12.042 ms
 4 69.63.248.181 (69.63.248.181) 13.643 ms 11.480 ms 19.948 ms
 5 69.63.250.93 (69.63.250.93) 9.883 ms 12.042 ms 9.749 ms
 6 gw-orano.torontointernetxchange.net (206.108.34.40) 10.289 ms 14.250 ms 13.036 ms
 7 be201.p01-toro.orion.on.ca (66.97.16.21) 13.250 ms 11.585 ms 11.657 ms
 8 be125.pe01-hmtn.orion.on.ca (66.97.16.142) 13.121 ms 11.883 ms 14.027 ms
 9 mcmaster-orion-rne.dist1-hmtn.ip.orion.on.ca (66.97.23.22) 12.736 ms 10.662 ms 14.350 ms
...

Note in particular the node corresponding to the Toronto Internet Exchange (TorIX):

6 gw-orano.torontointernetxchange.net (206.108.34.40)

More information can be found here: www.torix.ca where it can be seen that on November 25, 2013, TorIX broke the 141 Gbps mark (that is, 141 × 10⁹ bits per second!) and check 0132856204 www.torix.ca/news.php to see the different peer connections established at TorIX – read top of page 34 in Kurose & Ross Computer Networking: a pair of nearby ISPs at the same lavel of the hierarchy can peer, that is, they can directly connect their networks together so that all the traffic between them passes over the direct connection rather than through upstream intermediaries.

Also note that nodes 7, 8, and 9 correspond to the Orion network:

SCSU prof explains how college has become a very expensive, complete joke

Education thus has degenerated into a game of “trap the rat,” whereby the student and instructor view each other as adversaries. Winning or losing is determined by how much the students can be forced to study. This will never be a formula for excellence, which requires intense focus, discipline and diligence that are utterly lacking among our distracted, indifferent students. Such diligence requires emotional engagement. Engagement could be with the material, the professors, or even a competitive goal, but the idea that students can obtain a serious education even with their disengaged, credentialist attitudes is a delusion.

via Education: SCSU prof explains how college has become a very expensive, complete joke | Best of Cain.

Modern Chairs

There is an interesting article about the role of Chairs in the December issue of the Chronicle of Higher Education. The position of a modern Chair includes, beside the standard academic duties, new duties that traditionally belonged to middle management: coordinating assessments and accreditations, fund raising, contacts with industry, etc.

Chairs are put in this difficult position where they are held accountable for documenting that their programs are succeeding, that their faculty are succeeding, and that they’re staying in budget,” says Mr. Buller, author of several books on academic administration. “We’re seeing a professionalization of higher-education administration—and that’s not such a bad thing. Because the faculty position itself has changed and because we have an accountability culture in higher education, you need people who have managerial training to serve as chair.

The article can be found here:

http://chronicle.com/article/Department-Chairs-Find/143309/

STEM graduate shortage? Computer science is where the future jobs are

This is an article written for The Seattle Times by Edward D. Lazowska, an alumnus of McMaster University; here is one excerpt, and see below for the rest of the article:

… nationwide there is a well-documented shortage of graduates in computer science. The Bureau of Labor Statistics projects that 70 percent of all new jobs across all STEM fields during this decade, across engineering, the physical sciences, the life sciences, and the social sciences, will be in computer science. More than three-quarters of a million new jobs. The field is booming.

via Guest: STEM graduate shortage? Computer science is where the future jobs are | Opinion | The Seattle Times.

Grad students – how to read a paper and how to succeed

A useful & short (two-pages) paper by Keshav on How to read a paper? See either of the two sites:

and here is a great paper on how to succeed in graduate school:

How to succeed in graduate school: a guide for students and advisors