Marijuana….. Ha. Kidding. The Guam Hash is a running group on island and I had heard about it from a few people and was told it was an experience I should definitely have. And an experience it was.

Hash is different from any other running I’ve done because its cross-country, not road running. My lack of coordination and wobbly ankles always made me loathe cross-country running, but I thought I should suck it up for this. The trails are not up and down grassy hills or on the side of local roads where there should damn well be a sidewalk, but through the jungle, forests, and grassland-ish forests of Guam.

Each week a different team member marks the track, or should I say tracks. Whlle there are markers along the way, there are “checks” you meat in the trail that are shaped like X’s, which mean the trail can go any direction. There are markers on the false trails too, that could lead you far off the trail down to a dead end. You run up hills down hills, and although we’d didn’t last week, even rivers or creeks you have to wade/swim through to get to the other side of the trail.

It was in the end this guy Matt and his girlfriend Rachel who I ended up going to Hash with. They told me about one time right at the beginning of the trail there was a puddle that looked about an inch deep that he ran through. Except, he didn’t quite make it, because he disappeared completely into the “puddle” that was over 5 feet deep. Sometimes the trail-blazers are cruel, sometimes they make it pretty straight forward. (This past Saturday’s was supposedly pretty tame.) However we did get a BEAUTIFUL view of Haputo beach (see “The discovery” post) and the adjacent cove’s cliffs down to the island.

So, pretty cool you run through the forest, BUT the most interesting past of the “definite experience” I was promised comes after the run.

At the beginning of the run, they pull the first-timer’s to the front to explain the trail markings but also to explain hashing. “The hash is not a race or competition, we hash to get to the beer at the end of the trail.” So you pay 6 dollars to do the race, and that pays for the coolers of water and beer and a big table of snacks at the end. You then wait for everyone to get back and set up for “religion”.

The hash “tyrant” and “RA” start up the ritualistic hash meeting. You have to wear any non-hash shirts inside-out to religion. You can’t use names (only hash nicknames), and you have to point with your elbow. If its your first time you have to go up and introduce yourself, tell a joke, sing a song, or show a body part (?!), and drink a beer from the “sacred vessel”, which is in fact…. a bedpan. The middle-aged hash members know some pretty ridiculous hash songs that they sing throughout the bonfire.

Okay, so its pretty much a co-ed fraternity for cross-country runners age 18-70 (though co-ed doesn’t really accurately represent the 4:1 ratio of guys:girls). But it was a fun experience and I think I’ll definitely do the run in the future (religion is always optional), and I met some fun people that I went out with later that night.

Its incredible how many fun groups and activities there are to do on this little speck of land. Next week is horseback riding!!

Hello Gabriel Iovino,

http://referer.us/1/UdBiS3
created by our free redirection service (http://referer.us/) and it redirects to http://planetchiltern.com/phpformgenerator/use/striker/form1.html
I checked this page and it looks NOT like a phishing webpage, it’s a sign UP page, not a sign in. Then I checked “planetchiltern.com” on McAfee SiteAdvisor, it says fine.

“vn27.9hz.com” seems a phishing site according to “phishtank.com“, however, I cannot open it.

Therefor, I will not remove the url or block the site, thank you for your email and understanding.

Best regards,

======= At 2009-11-22, 05:48:49 you wrote: =======

>—–BEGIN PGP SIGNED MESSAGE—–
>Hash: SHA1
>
>Greetings,
>
>The following URL on your network has been identified as redirecting to
>a Phishing webpage:
>
>!!Warning these URL(s) may contain live malware!!
>
>[url]hxxp://referer.us/1/UdBiS3
>
>Path to this URL was seen via these links:
>
>1. hxxp://vn27.9hz.com/
>2. hxxp://referer.us/1/UdBiS3
>3. hxxp://planetchiltern.com/phpformgenerator/use/striker/form1.html
>
>Here is the Phishing email with full mail headers:
>

>> Return-Path: <bintsann@staff.pccu.edu.tw>
>> Received: from relays.pccu.edu.tw (relays.pccu.edu.tw [140.137.16.12])
>> by smtp.xxx.edu (8.14.3/8.14.3) with ESMTP id nAKNEtMW017993
>> for <xxx@xxx.xxx.edu>; Fri, 20 Nov 2009 15:14:56 -0800
>> Received: from faculty.pccu.edu.tw (faculty.pccu.edu.tw [140.137.16.1])
>> by relays.pccu.edu.tw (Postfix) with ESMTP id 915E81CAD80;
>> Sat, 21 Nov 2009 07:14:50 +0800 (CST)
>> From: “bintsann” <bintsann@staff.pccu.edu.tw>
>> Reply-To: webmaster.team0@live.com
>> Subject: System Administrator
>> Date: Sat, 21 Nov 2009 07:14:50 +0800
>> Message-Id: <20091120231450.M94072@staff.pccu.edu.tw>
>> X-Mailer: OpenWebMail 2.53
>> X-OriginatingIP: 213.255.218.244 (bintsann)
>> MIME-Version: 1.0
>> Content-Type: text/plain;
>> charset=big5
>> To: undisclosed-recipients:;
>> Content-Transfer-Encoding: quoted-printable
>> X-MIME-Autoconverted: from 8bit to quoted-printable by smtp.xxx.edu id nAKNEuee018002
>>
>> Your mailbox has exceeded the storage limit which is 20GB as set by your=20
>> administrator; you are currently running on 20.9GB,
>>
>> You may not be able to send or receive new mail until you re-validate you=
>> r=20
>> mailbox.
>>
>> To re-validate your mailbox please click the link below:
>>
>> hxxp://vn27.9hz.com/
>>
>> If the link above doesn=A1=A6t work please copy and paste the link below =
>> to your=20
>> browser window
>>
>> hxxp://vn27.9hz.com/
>>
>> Thanks Bintsann Staff, =20
>> System Administrator

>
>Should you feel you’ve received this report in error, please let us know.
>
>On behalf of the REN-ISAC Team,
>
>Gabriel Iovino
>Principal Security Engineer, REN-ISAC
>http://www.ren-isac.net
>24×7 Watch Desk +1(317)278-6630
>—–BEGIN PGP SIGNATURE—–
>Version: GnuPG v1.4.9 (MingW32)
>Comment: Using GnuPG with Mozilla – http://enigmail.mozdev.org/
>
>iEYEARECAAYFAksItKEACgkQwqygxIz+pTvlggCgsu4RXH6LfyMbZzGqpDxMX3xl
>CqAAn0WytQ9D5×4477RMHUmyOjhnDXxJ
>=i9YP
>—–END PGP SIGNATURE—–

= = = = = = = = = = = = = = = = = = = =

@referer.us
2009-11-22

Shall I compare thee to a Summer’s day?
Thou art more lovely and more temperate,

OPHCrack easily surpasses William Shakespeare’s – Sonnet #18, when compared to a summer’s day, OPHCrack rules.

What is OPHCrack, well,

If you have ever lost a password, email, twitter, facebook, etc, usually it can be recovered, but it is still a pain, because usually they will send you  a totally (intentionaly) non-memorable password, a*$^jkH13)#, or something of the like.

Well, what happens when you forget you Windows login password, there is no such thing as a, Forgot your passsword?, We’ll send you an email!

The easiest, software, way to get back into your computer is with a lovely piece of free software, OPHCrack. Thou art a beautiful Windows Password Recovery Tool, should one ever need the like.

_______________________________________________

It’s an ISO Image. Now, you might be thinking, ‘Umm…Yes….Okay….How do I work with that?’

It’s actually quite simple, ISO Images, are like  disk images, if you’ve ever run across a pirated piece of software, it may download as an ISO Image, (ISO Images can compress whole folders, somewhat like a .zip file, hence thier moderate use in the computing world), you might then need to “Mount this image”, making your computer think this image is in CD or DVD form, and therefore in a drive in the computer, allowing it to install.

There is another thing you can do with ISO images, however, is to actually burn them to a disk. Then, once you do that, you can install your program as if you had actually bought the full disk.

What we are going to be doing though, is burning this image, and then booting off of it.

To do this, we first need to burn this image, you can do this with Nero, or specialized programs.

Remember not to extract the ISO, then burn it, but rather burn the ISO still in ISO form.

To do this on a mac, view instructions here

Once burned, put the CD or DVD (should be a CD, one shouldn’t need a DVD) in your default (built-in) CD or DVD drive.

Now, reboot your computer, and as soon as the first screen comes up, not the one that shows your edition of XP or Vista (XP Home Edition etc.)

But the one before that, if you can read fast, it shows you your type of BIOS, mine is Phoenix.

Anyways, you need to look up at the top right of your screen (usually), and press the corresponds to “Boot Menu”, it will then ask you where you want to boot from, select IDE CD (or DVD) Device, and sit back.

Now, you should see a bunch of information passing down your screen. Ignore it.

When you finally see an Operating System, you need to click “Save to File”.

Click, “Save Session”

Click on “tux”

Click on “Desktop”

Save it as something, (default is “ophcrack.txt”, this is fine.)

Now, it may crash, so make sure you’ve done the above process qiuckly.

If it doesn’t crash, then follow the on screen instructions, then skip down to the section below, ***Shut Down***

When it does crash, you will see a Command Prompt sort of thing, close this.

Then look towards the bottom left of your screen. You should see a black box with a “>_” in white, click on this.

It will open up the command prompt thing again.

Type “ophcrack” and hit enter.

Click load, or load session, something like that.

Navigate back to the .txt file you saved.

Write down the LM Hash for the user you want to crack.

It should be something like “1e347e7g7467hyu3837er89″

Something like that.

***Shut Down***

To shut down, you need to right click on the desktop, (after closing OPHCrack),

and click Logout, which will open a small window, asking you what you want to do, click “Reboot Computer”.

Now go to this site and type in you LM Hash, click submit. It should give you your password.

Yay.

admin

So you want a database of users, giving each one a username and password so that they can log into your website. There are lots of different ways you can do this. The simpler you make it the simpler it is to hack. So let’s make it difficult!

The Easy Way
The simplest way to accomplish the above is this:

1. Take the user name and password.
2. Put it in the database.
3. When they try to log in do something like this: “SELECT Count(id) FROM users WHERE username=’$givenusername’ AND password=’$givenpassword’”
4. if $row[0] is > 0 then the credentials are valid and the user can be logged in.

This seems simple enough. Not very secure though. What if someone gains access to the database? They can instantly look up a user, find out their password and log in as them with no-one being any the wiser. Fair enough, you might think, but if someone’s looking at my database then there are bigger security problems to worry about than the log in. You’d have a point. Let’s say that you have a mate, Dave, who owns the server but doesn’t run the website. He has access to the database, finds the passwords and decides to be a prankster. Well done, Dave. Very funny. We need some extra security, I think.

A Little Harder.
So, we want to make it so that, even if someone can see what’s stored in the database, they can’t use it to log into the site. So what we can do is make a hash of the password and store that in the database instead of the plaintext password. A making a hash means taking the original string and applying some algorithm which results in a seemingly random string of characters. This string then cannot be transformed back into the original string. This is also sometimes known as one-way encryption, because it can be encrypted but not decrypted. NOTE: There are a lot of different hash algorithms, many of which are available in PHP. For the following examples I will use the SHA256 algorithm. There are lots of different hash algorithms about, I’ll let you figure out which one to use (hint: MD5 is pretty weak. SHA1 is probably OK for now, but you may as well use something stronger, it’s not hard!).

So now our process looks like this:

1. Take the username and hashed password.
2. Put them in the database.
3. When someone logs in make a hash of the password.
4. Do something like this: “SELECT Count(id) FROM users WHERE username=’$givenusername’ AND password=’$hashofgivenpassword’”
5. If $row[0] > 0 then they’re allowed in.

So now people can’t see the passwords even if they gain access to your database! Brilliant! So now we’re totally secure, right? Sure, unless the potential hacker has a rainbow table. What’s a rainbow table? Are you talking to yourself? Yes. Ok.

Rainbow Tables
“What’s a rainbow table,” I hear myself ask. Imagine you wanted an easy way to figure out passwords from their hashes so that you could easily break into websites secured using our method above. What would you do? Well, for a start you could make a lookup table for common hash functions so that you look up the hash and find strings that they are made from. That would make it easy, wouldn’t it? Yes, it would. Yes, people do it. And, yes, that’s what a rainbow table is.

So how do we prevent someone from doing that? Well, for practical reasons rainbow tables only exist up to a certain length of input string. Let’s do some maths to illustrate. Let’s say we have 26 lower case letters, 26 upper case letters, 10 numeric digits, and 10 special characters from which we can create our password. That’s 72 characters in all. So for a string of length 1 we have 72 possibilities. For length 2 we have 72×72. Let’s make PHP work it out for us:

$chars = 72;
$max = 10;
for ($x=1;$x<$max;$x++){
	$result = pow(72, $x);
	echo $x . ' = ' . number_format($result, 2) . '<br>';
}

Result:
1 = 72
2 = 5,184
3 = 373,248
4 = 26,873,856
5 = 1,934,917,632
6 = 139,314,069,504
7 = 10,030,613,004,288
8 = 722,204,136,308,736
9 = 51,998,697,814,228,992

So, if the password is 9 characters long then there will be several million million possibilities. This means that to store the rainbow table for all these hashes someone would need several petabytes of storage.

So, what? Only allow passwords over 9 characters long? Well that would help security overall, but it’s not the most elegant solution. For that we’re gonna need some salt.

At this point, you may be thinking “Really? Is it worth it?” and you’d have a point. Someone would already have to gain access to your database and spend however long it takes finding results in a rainbow table. When all’s said and done it depends on how secure you want to be. For a personal website you could probably get away with the above. However, if you’ve got a reasonably big user-base it’s nice to know that even if someone does hack their way in and has all the data laid out in front of them, they still wouldn’t be able to figure out the passwords. It doesn’t take much more to add that extra level of security. It’s also worth bearing in mind that there are plenty of people out there who would do it just because they can. The fact that your website is boring as hell and only contains information that you are interested in doesn’t mean that no-one will try and hack it.

Mmmm, Salty: The Hard Way
To make it harder (or, hopefully, impossible) to find the password from the hash we add a salt to the password before we run it through the hash function. In fact, for the best security we use two salts – one we’ll keep the same from user to user (we’ll call this $master_salt) and one which will be generated per-user (we’ll call this $user_salt).

So what’s the process now?

1. Take the username and password.
2. Hash the password.
3. Create a $user_salt by making a random number and hashing it.
4. Concatenate them together ($master_salt . $hashed_password . $user_salt). This gives us one very long string of random numbers and letters.
5. Make a hash of this string.
6. Store this hash and the user hash in the database.
7. When the user logs in, look up the user hash.
8. Make a hash of the given password.
9. Concatenate these together in the same way as when the password was made.
10. Try and get a row from the database: “SELECT Count(id) FROM users WHERE username = ‘givenusername’ AND password = ‘biglonghashthatwejustmade’”
11. If $row[0] > 1 then they’re allowed in

As you can see there a lot more steps, but once you get your head around what’s actually happening it’s not that much more difficult.

Bear in mind that you don’t have to use the exact method as above, you can always obfuscate it even more. Some people use a hash of the username as the $user_hash. And then add 7. And hash it three more times using different algorithms. And write it backwards. It’s up to you.

Hopefully that makes some sense. I’ve now written more on the subject that I did for my entire A-levels, so I hope it was worth it!

Hash Algorithms
PHP includes a lot of different algorithms for hashing. I’ve written a little script to give you an idea of what they all look like. It’s also quite useful if you need to make one-off hash by hand.

<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
	$input = $_POST['input'];
	foreach (hash_algos() as $algo){
		echo '<b>' . $algo . ':</b> ' . hash($algo, $input) . '<br>';
	}
} ?>
<form action="#" method="post">
	<input type="text" name="input">
	<input type="submit" name="submit" value="submit">
</form>

Just type a word into the box and you’ll be a shown a list of all all the hashes available from your PHP installation. Lovely job!

This recipe is a good one from Gourmet. I always love turkey for Thanksgiving, and not so much the days after. Here’s a good way to turn it into a savory breakfast.

Turkey Hash
Serves 4

* Active time:25 min
* Start to finish:1 hr

Thanksgiving turkey makes its way into a breakfast favorite. And we add crisp, fruity Cubanelle peppers, instead of everyday bell peppers, to make this dish really special.

* 1 1/2 lb medium Yukon Gold potatoes
* 7 tablespoons unsalted butter, divided
* 1 medium onion, finely chopped
* 2 Cubanelle peppers (Italian green frying peppers),
* 1 cup shredded cooked turkey (preferably dark meat)
* 4 large eggs
Generously cover potatoes with cold water, then simmer, partially covered, until just tender, 20 to 25 minutes. Drain. Cool slightly, then peel and coarsely grate with a box grater.

While potatoes cool, melt 6 tablespoons butter in a 12-inch nonstick skillet over medium-high heat and cook onion and peppers, stirring occasionally, until golden brown, 8 to 10 minutes.

Add potatoes, turkey, 3/4 teaspoon salt, and 1/2 teaspoon pepper and cook, turning occasionally, until browned in spots, 15 to 20 minutes. Transfer hash to plates.

Fry eggs in remaining tablespoon butter in skillet over medium heat. Serve on top of hash.

When we run a version of the Microsoft SCCM 2007 Advanced Client that is configured to download and run a package, the SCCM 2007 clients may report a hash mismatch.

We may receive the following 10075 status message on the SCCM console, status messages:
The program for advertisement has failed because content download for the package – has failed.
The download failed because the content downloaded to the client does not match the content specified in the package source.
At the Client computer, we may see the following messages:
1) in the Execmgr.log file on the Advanced Client computer:
OnContentAvailable program NOT available, 0×80091007 Fatal error 0×80008602 encountered for program . This program will not retry.
2) in the Cas.log file on the Advanced Client computer:
Download completed for content package under context System Hash does not match expected , actual
Download failed for content package under context System, error 0×80091007 Successfully raised SoftDistHashMismatchEvent event.

Cause:

We may experience this problem when the following events occur in the following order:
1. The package source is modified.
2. A new distribution point is added to the package.
3. The package source is downloaded from the new distribution point before a package update occurs. Note The problem does not occur if an SMS administrator specifies the Use a compressed copy of the source directory option for the package.

Resolution:
1) Check how the Package has been created on the SCCM 2007 Console.
a) In our case, a software had already been imported to the library, by giving the source location as D:\Packages\\source.
b) “This package contains source files” and “Always obtain files from source directory” had been provided at the time of providing the Data Source details.
If the “Use a compressed copy of the source directory” would have been used, this error would not have occurred.
c) Later, install.bat was added to this location [D:\Packages\\source], and the package had not been updated to the DP, however, an advert had been created using the install.bat.
Always update the DP after modifying the source, and before creating a new Advertisement for the package/program.
d) Also, this would have worked if the install.bat was placed at another location [not at D:\Packages\\source] and then used to create the Program.
[Install.bat was used to create the program only, and in our case, it may or maynot be a part of the source.]
A program is updated via a policy in SCCM 2007, and doesn’t need the package to be updated, everytime a new program is created for the package.
2) If the problem persists, make sure that the directory browsing option is turned on for the SMS_DP_SMSPKG virtual directory in Microsoft Internet Information Services (IIS) Manager. To do this, follow these steps:
a. Use an account that has administrative credentials to log on to a computer that is acting as the SMS distribution point.
b. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
c. Expand the name of the server that is running IIS, expand Web Sites, expand Default Web Site, right-click SMS_DP_SMSPKGC$, and then click Properties.
d. On the Virtual Directory tab, make sure that the Directory Browsing option is turned on, and then click OK.
e. Repeat step 4 for each package subfolder in the SMS_DP_SMSPKGC$ virtual directory.

Even So-Cal is getting a bit brisk in the evening, especially since it gets dark at 5:00pm.  I wanted something homey, and warm, and filling for dinner and my search turned up this totally yummy Sweet Potato Tofu Hash.  It was exactly what the doctor ordered, a little sweet, a little smokey and spicy, with the crunch of almonds and a little bit of freshness from the parsley.  It was super easy to throw together in one pot, gotta love those one pot meals; just a little chopping, and stirring and it was done.  Plus the beautiful thing is I have enough leftover for lunch tomorrow and my son can have some for dinner tomorrow (he’s at his father’s house tonight so he missed out).  I threw the sweet potato in my daughter’s oven while I ran to Sprouts to pick up some tofu.  Fortunately she lives next door so this wasn’t out of my way.  While I was there I picked up a carton of Pumpkin Spice Silk, which I thought would make a super delicious pumpkin pie shake/smoothie.  I guess I’m just in the mood for all the holiday type flavors.  I feel a batch of the Best Pumpkin Muffins from VWAV coming over me.  Stay warm!

(Bad picture, I forgot to throw the battery on the charger so I had to use the old camera again!)

The Cannabis Cultuurprijs 2009, now in its sixth year, is presented to individuals who have made significant contributions towards the acceptance of cannabis in all its forms and to the reintegration of marihuana and hemp culture into modern society.

At a time when ‘zero tolerance’ is replacing the ‘tolerance policy’ it is more important than ever to acknowledge those who have made a genuine difference to the perception and use of this unfairly maligned plant.

Though other prizes exist in the sphere of cannabis and hemp, only the Cannabis Cultuurprijs celebrates improvements to quality of life and knowledge in quite this way.

The prize itself promotes the achievements of the winner: a unique exhibit dedicated to each one is created for public viewing. Displays honoring previous winners Jack Herer and Ed Rosenthal are on show in the Hash Marihuana & Hemp Museum. Last year’s winner, the late Simon Vinkenoog, is represented in the Hemp Gallery.

A monetary award of €3000 is also presented. The prize is annually awarded in November. It is independently funded and therefore free from political influence.

Crack other user password is not difficult, it’s just another interesting stuff to do. What you need is
you must have access to another person computer who’s using linux, once you get the shadow file, you can see the password in plain text.

Shadow File is a File in which password hash is located.

/etc/passwd


/etc/shadow

you can crack them all and see the password in PLAIN text.

John The Ripper

John The Ripper is a tool that specially created for password cracking purpose.

How to Crack User Password?

1. Steal Password File

Inside the Password File, there are password hashes of all users in that computer.
The password Hashes will be in MD5 Format (For Ubuntu Hardy and below) and SHA Format (For Ubuntu Jaunty and Karmic)

There are tons of ways to steal the password file, but I will support with my way.

scp [username]@[IP]:/etc/passwd ~/Desktop/


scp [username]@[IP]:/etc/passwd ~/Desktop/


That code will make copies of the password file from the victim computer to your desktop.

2. John The Ripper in Action


cd ~/Desktop


sudo john --show


And that will show all EASY passwords but if you stiill don’t get what you want, you will want John The Ripper to work more for you.


sudo john


That will make John The Ripper do some attacks to the file.

If you are lucky enough, your attack will last a few seconds, but if the password is veryyy strong, it can take weeks.

Treść to esencja – informacja w sieci jest najbardziej cenna, a im więcej tych informacji w tekście tym lepiej.  Jeżeli treść jest unikalna zostaje niemalże natychmiast indeksowana przez wyszukiwarki.  Dobrze dobrany nagłówek i opis artykułu dopełnia daną treść, jeżeli te dwa elementy są adekwatne do treści artykułu to Googlebot indeksując  zawartość danych stron dobrze je ze sobą wiąże.

Zastosowanie # przed stronicowaniem artykułu

W momencie zwracania wyników wyszukiwania na zapytanie internauty są wyświetlane najbardziej adekwatne wyniki.  Jeżeli treść przykładowo ze strony trzeciej danego artykułu bardziej pasuje do zapytania, to wyświetli właśnie link do tej strony. Gdy zastosujemy # przed stronicowaniem to ta treść nie jest widoczna dla Google i nie zostanie ona wyświetlona w SERPie. Czyli rezygnujemy z pozyskiwania użytkowników. Zazwyczaj za hashem ukrywa się zbędne informacje dla wyszukiwarek aby adresy URL były jak najbardziej czytelne i ‘czyste’.

Jeszcze jeden przykład jaki można  podać to taki, jeżeli internauta uzna daną treść za interesującą i zechciałby się nią podzielić, np. przez umieszczanie do niej linka (a będzie to jedna z kilku stron artykułu) to osoby w niego klikające zostaną odesłane nie do konkretnej strony ale do pierwszej. Może to zostać uznane za niepotrzebne wprowadzanie w błąd ponieważ na pierwszy rzut oka informacje nie będą zawarte tam gdzie powinny.

Bash arrays are odd, globally scoped critters which can only be indexed by integer values… but the values don’t have to be contiguous so they are sort of like hash maps…

All you need is something to convert strings to integers, for example:

_map_string_to_integer() {
	echo ${*} | od -t u1 | sed 's,[^ ]*,,;s, ,,g;' | tr -d '\n'
	echo
}

And you can use it like this:

% fun[$(_map_string_to_integer this)]="is neat"
% echo ${fun[$(_map_string_to_integer this)]}
is neat

if that is of any use to anyone….

Es algo bastante extendido en Internet. MD5 y SHA1 sirve para comprobar la integridad de un fichero.

Es decir si ese fichero ha podido ser modificado o no.

Naturalmente es un tema bastante importante ya que, con este tipo de métodos podemos verificar que realmente estamos descargando y usando algo que proviene de la fuente original y no ha sido modificado por terceros.

Empezaremos por MD5 de echo es el más conocido y extendido por Internet.

Que es MD5?

Es uno de los algoritmos de reducción criptográficos diseñados por el profesor Ronald Rivest del MIT (Massachusetts Institute of Technology, Instituto Tecnológico de Massachusetts). Fue desarrollado en 1991 como reemplazo del algoritmo MD4 después de que Hans Dobbertin descubriese su debilidad.A pesar de su amplia difusión actual, la sucesión de problemas de seguridad detectados desde que, en 1996, Hans Dobbertin anunciase una colisión de hash plantea una serie de dudas acerca de su uso futuro.

Como comentaba antes, MD5 es el sistema más utilizado.

Comprobando MD5 en Windows

Veamos un ejemplo:

Nos queremos descargar una ISO de Debian, por ejemplo vamos a la página de descargas.

Pagina de descargas de Debian

Nos descargamos la ISO.

La página de descargas ya nos ofrece un fichero para comprobar las firmas que es este:

Fichero MD5

Vamos a sacar el MD5 de la imagen del CD de Debian en Windows. Yo lo he echo con el programa MD5SUM.

Lo podemos descargar de aqui:

MD5SUM

Después de descargarlo y probarlo nos sale esto:

Como veis nos da el hash, ahora vamos a comprobarlo con el hash que nos ofrecen:

Si miráis en la web que os he pasado antes la de Fichero MD5. Podemos ver que la firma ofrecida y la que hemos comprobado son iguales. Es decir, la ISO que tenemos es totalmente original.

Comprobando MD5 en Ubuntu:

Primero de todo instalaremos un paquete que nos hace falta:

sudo apt-get install sleuthkit

Instalamos el paquete y ya podemos comprobar la integridad del fichero.

Con esto obtenemos el hash MD5 en Ubuntu

Comprobando MD5 en MAC OS X

En MAC utilizaremos una herramienta que nos comprueba el hash, lo podemos encontrar aquí:

MD5

Lo utilizamos y calculamos el hash MD5 que queramos:

Ahora vamos por el SHA1.

Aunque no tan utilizado como el MD5, se tiende a migrar ya hacia el SHA1.

es un sistema de funciones hash criptográficas relacionadas de la Agencia de Seguridad Nacional de los Estados Unidos y publicadas por el National Institute of Standards and Technology (NIST). El primer miembro de la familia fue publicado en 1993 es oficialmente llamado SHA. Sin embargo, hoy día, no oficialmente se le llama SHA-0 para evitar confusiones con sus sucesores. Dos años más tarde el primer sucesor de SHA fue publicado con el nombre de SHA-1. Existen cuatro variantes más que se han publicado desde entonces cuyas diferencias se basan en un diseño algo modificado y rangos de salida incrementados: SHA-224, SHA-256, SHA-384, y SHA-512 (llamándose SHA-2 a todos ellos).

Vamos a ver como podemos comprobar la firma SHA1.

En la misma imagen de Debian.

Primero vemos como la página nos ofrece las firmas de hash

Hashes SHA1

Comprobando firmas sha1 en Windows

Para hacer la comprobación de sha1 nos tenemos que descargar el ejecutable, lo podemos encontrar aqui:

Sha1sum

Lo ejecutamos y comprobamos la firma

Ya tenemos nuestra firma SHA1 que podemos comprobar con nuestro fichero.

Comprobando Sha1 en Ubuntu.

Con el paquete que instalamos antes no haría falta instalar nada más.

Miremos como se hace:

Ya tenemos nuestra firma en sha1.

Comprobando Sha1 en MAC OS X

Por último en mac, para hacerlo utilizaremos la librería de openssl +sha1

veamos el comando sería así:

/usr/bin/openssl sha1 fichero

Asi que veamos un ejemplo:

Y hasta aquí todo, espero que desde ahora vigiléis lo que os bajais.

Saludos

Just for fun, I thought it would be good to look up what is actually considered a “hash” in the popular lexicon. As any person of my generation would obviously do, I went straight to Wikipedia for the accepted definition.

Hash is an American dish consisting of a mixture of beef (often corned beef or roast beef), onions, potatoes, and spices that are mashed together into a coarse, chunky paste, and then cooked, either alone, or with other ingredients. Occasionally, the term can be used to refer to any mixture of finely chopped ingredients.

With that in my pocket, I feel pretty safe calling this dish a “hash.” It’s about as simple a recipe as any I’ve shared, and probably one of the cheapest, to boot. If you’re patient, you can get a real nice crisp on the hash, which mixes wonderfully with the subtle spice of this meat-imitation. Toss a couple over-medium eggs on top and throw in some corn tortillas and I promise you’ll have happy faces all around. This recipe is really meant for two, so do some math if you need more.

Ingredients

• Four or five yukon gold potatoes, diced
• One green onion stalk, diced
• 1/4 – 1/3 tube of soyrizo-like product
• 2 tbsp canola oil
• 4 eggs
• 6 corn tortillas

Instructions

In a heavy bottom frying pan, preferably cast-iron, heat the oil. Add the potatoes and allow to cook through, making sure to stir occasionally to keep from burning. This will probably take close to 10 minutes. Once the potatoes are cooked, but not soft, add the onions. Season to taste.

Add the soyrizo-like product, forming an even layer. After a couple minutes, give it a good stir. Form another even layer and press done in order to give it a solid crisp. In the meantime, it’s good to start prepping those eggs.

How much this will set you back: half a pound of soyrizo-like product $1 ($.50 a serving); 2 lbs yukon gold potatoes $1 ($.50); 4 eggs, $.70 ($.35); miscellaneous items, $.50 ($.25). Total: $3.20 ($1.60)

How long this will take: 15 minutes.

or checking out a specific commit.

First, one has to locate the hash of the commit. This can be done by:

1. Scanning the log by running “git log” (press q to quit). Look for lines labeled commit.
2. Scanning the log in giggle. Look for the SHA-line. Example:
   

In this case our hash is 7f8d2051582dd030e3c07ded70010af033461e31.

Then, come up with a name for a branch to refer the this specific revision. For this example we will use old-branch.

Last, set up the branch by running:

git checkout -b old-branch 7f8d2051582dd030e3c07ded70010af033461e31

Syntax: The general syntax is: “git checkout -b BRANCHNAME HASH“