Microsoft tweaks antipiracy tech for Windows 7

Page 6 of 9 FirstFirst ... 45678 ... LastLast

  1. Posts : 8,375
    W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Boot - Main PC W7 Remote PC Micro ATX W7 Pro x64/W11 Pro
       #50

    Jacee said:
    You have near 10 months free trial use with this OS (meaning RC 7100, not any of the other leaks that you've downloaded and use) ... If you are able to send "feedback" on this build, then do so!

    Contribute your valid observations and problems with this RC Beta to the final OS build.
    Cost will be what it will be. We can't control that end of the spectrum. We can always ask, tho'
    I'm glad to see this information was brought up when people state that some leak checks out due to hash numbers. What many don't realize is that the MD5 check sum numbers are still vulnerable where MS is taking that into consideration for 7.

    "Vulnerability

    Because MD5 makes only one pass over the data, if two prefixes with the same hash can be constructed, a common suffix can be added to both to make the collision more reasonable.
    Because the current collision-finding techniques allow the preceding hash state to be specified arbitrarily, a collision can be found for any desired prefix; that is, for any given string of characters X, two colliding files can be determined which both begin with X.
    All that is required to generate two colliding files is a template file, with a 128-byte block of data aligned on a 64-byte boundary, that can be changed freely by the collision-finding algorithm.
    Recently, a number of projects have created MD5 "rainbow tables" which are easily accessible online, and can be used to reverse many MD5 hashes into strings that collide with the original input, usually for the purposes of password cracking. However, if passwords are combined with a salt before the MD5 digest is generated, rainbow tables become much less useful.
    The use of MD5 in some websites' URLs means that Google can also sometimes function as a limited tool for reverse lookup of MD5 hashes.[11] This technique is rendered ineffective by the use of a salt.
    On December 30, 2008, a group of researchers announced at the 25th Chaos Communication Congress how they had used MD5 collisions to create an intermediate certificate authority certificate which appeared to be legitimate when checked via its MD5 hash.[5]. The researchers used a cluster of Sony Playstation 3s at the EPFL in Lausanne, Switzerland.[12] to change a normal SSL certificate issued by RapidSSL into a working CA certificate for that issuer, which could then be used to create other certificates that would appear to be legitimate and issued by RapidSSL. VeriSign, the issuers of RapidSSL certificates, said they stopped issuing new certificates using MD5 as their checksum algorithm for RapidSSL once the vulnerability was announced.[13]" MD5 - Wikipedia, the free encyclopedia
      My Computers


  2. Posts : 351
    Windows 7 x64 (RTM via MSDN)
       #51

    12eason said:
    They've spent decades profiting from the theft of other OS's features and are now putting those profits into paying their (under-paid over-worked) programmers to work on more second hand ideas.

    'They' don't deserve a cent.
    Wow. How uninformed. You might want to check your facts.
      My Computer


  3. Posts : 351
    Windows 7 x64 (RTM via MSDN)
       #52

    Night Hawk said:
    I'm glad to see this information was brought up when people state that some leak checks out due to hash numbers. What many don't realize is that the MD5 check sum numbers are still vulnerable where MS is taking that into consideration for 7.

    "Vulnerability

    Because MD5 makes only one pass over the data, if two prefixes with the same hash can be constructed, a common suffix can be added to both to make the collision more reasonable.
    Because the current collision-finding techniques allow the preceding hash state to be specified arbitrarily, a collision can be found for any desired prefix; that is, for any given string of characters X, two colliding files can be determined which both begin with X.
    All that is required to generate two colliding files is a template file, with a 128-byte block of data aligned on a 64-byte boundary, that can be changed freely by the collision-finding algorithm.
    Recently, a number of projects have created MD5 "rainbow tables" which are easily accessible online, and can be used to reverse many MD5 hashes into strings that collide with the original input, usually for the purposes of password cracking. However, if passwords are combined with a salt before the MD5 digest is generated, rainbow tables become much less useful.
    The use of MD5 in some websites' URLs means that Google can also sometimes function as a limited tool for reverse lookup of MD5 hashes.[11] This technique is rendered ineffective by the use of a salt.
    On December 30, 2008, a group of researchers announced at the 25th Chaos Communication Congress how they had used MD5 collisions to create an intermediate certificate authority certificate which appeared to be legitimate when checked via its MD5 hash.[5]. The researchers used a cluster of Sony Playstation 3s at the EPFL in Lausanne, Switzerland.[12] to change a normal SSL certificate issued by RapidSSL into a working CA certificate for that issuer, which could then be used to create other certificates that would appear to be legitimate and issued by RapidSSL. VeriSign, the issuers of RapidSSL certificates, said they stopped issuing new certificates using MD5 as their checksum algorithm for RapidSSL once the vulnerability was announced.[13]" MD5 - Wikipedia, the free encyclopedia
    First of all, understand that a CA cert is only a few kilobytes. Forcing a collision with 3 GB of data is a whole other matter. On top of that, not only did we have MD5 hashes to compare, but we also had the far superior SHA-1. Again creating a collision with 3 GB of data using SHA-1 is impossible using today's technology. It would take all of the silicone in the Solar system to build enough processors to be able to achieve that. Add to that that we have 2 hashing algorithms and creating a file of that size that creates a collision in BOTH algorithms is impossible.

    PhreePhly
      My Computer


  4. Posts : 8,375
    W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Boot - Main PC W7 Remote PC Micro ATX W7 Pro x64/W11 Pro
       #53

    PhreePhly said:
    First of all, understand that a CA cert is only a few kilobytes. Forcing a collision with 3 GB of data is a whole other matter. On top of that, not only did we have MD5 hashes to compare, but we also had the far superior SHA-1. Again creating a collision with 3 GB of data using SHA-1 is impossible using today's technology. It would take all of the silicone in the Solar system to build enough processors to be able to achieve that. Add to that that we have 2 hashing algorithms and creating a file of that size that creates a collision in BOTH algorithms is impossible.

    PhreePhly
    The thing there is that the people able to do this are far from amateurs! The recent leaks shown as fakes only displayed "amateur hour" for those since you saw Chinese and Russian builds mixed up with English components. As for SHA1 that's not completely invulnerable either!

    25C3: Hackers completely break SSL using 200 PS3s - Hack a Day
      My Computers


  5. Posts : 351
    Windows 7 x64 (RTM via MSDN)
       #54

    Night Hawk said:
    The thing there is that the people able to do this are far from amateurs! The recent leaks shown as fakes only displayed "amateur hour" for those since you saw Chinese and Russian builds mixed up with English components. As for SHA1 that's not completely invulnerable either!

    25C3: Hackers completely break SSL using 200 PS3s - Hack a Day
    These attacks are on certs of very small size compared to the iso. The increased size makes a collision that much harder. The flaw in SHA-1 has yet to be verified and even with the flaw as shown, we would need 2^63 operations versus the ideal 2^80. We're still talking about a huge effort, requiring a government entity at current technology. It would also require far more time than the week or two we saw with the iso release.

    However, we need to move the the SHA-2 algorithm.

    PhreePhly
      My Computer


  6. Posts : 1,179
       #55

    redsoxm16 said:
    fyi 7106 is an older build than the RC
    Yes, it is by some reason. but how many people are having major problems with v.7106.... None of the people I know that are using it....
    How many people are having problems with 7100, seems the average is 95% have major problems. Personally I think MS threw 7100 together from a mix of others, and figured WTH. the average JOE has no idea what we did.
    chek the setup time-date and compare to the iso time-date.
    Woops MS did it again.
      My Computer


  7. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #56

    Strange, Snuffy ... I've had no problems with either 7000 or 7100. I count myself among the 75% or more who that haven't any problems.

    What is this build 7106?
      My Computer


  8. Posts : 2,651
    W7 RTM Ultimate x64
       #57

    I agree with Fliplip, but chances are MS problably wont be so lenient, i mean, look what happened to the MS suite, used to be free, now its GOONE

    Enzo.
      My Computer


  9. Posts : 8,375
    W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Boot - Main PC W7 Remote PC Micro ATX W7 Pro x64/W11 Pro
       #58

    Well apparently MS wants people to treat the RC as the final product while the RCs are easily activated? And what about just when will 7 actually be out?

    "Time for Microsoft to fess up on Windows 7 date" Time for Microsoft to fess up on Windows 7 date | Beyond Binary - CNET News is actually something for an entirely different thread while wondering just what will be seen as far as limitations on 7 once out.

    With even the fakes seeing activation you have to wonder how stiff that will be if you just happen to see any change of hardwares on custom builds as well as premade systems?

    The thing MS is looking at is not how many times you have to reinstall Windows like a hard drive upgrade or video card replaced but the distribution angle generally referred to as "casual copying". That's one area where the focus would be with a newer method of detecting bogus duplicates and insuring those can't be activated.
      My Computers


  10. Posts : 1,179
       #59

    Jacee said:
    Strange, Snuffy ... I've had no problems with either 7000 or 7100. I count myself among the 75% or more who that haven't any problems.

    What is this build 7106?
    Windows 7 7106 Ultimate :
    ISO name: 7106.0.090408-1623_x86fre_client_en-us_Retail_GRC1CULFRER_EN_DVD
    With expire date of 3-01-2010
    Attached Thumbnails Attached Thumbnails Microsoft tweaks antipiracy tech for Windows 7-7106-winver.png   Microsoft tweaks antipiracy tech for Windows 7-7106.setup.png  
      My Computer


 
Page 6 of 9 FirstFirst ... 45678 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:56.
Find Us