---

※ 本文轉寄自 yukitowu.bbs@ptt.cc

---

http://www.ps3hax.net/2011/05/psn-and-soe-attacks-an-inside-job/

According to online reports, Sony had fired ~200 employees from SOE a
few days before the PSN massive attack which led to the compromise of
user personal information. A 2 week notice was handed out on March
31st, 2011 which gave whomever enough time to think, plan and act on
the PSN attack – and would have all the clearance to easily to do it
 Whats even worse is that if it DID turn out to be a inside job then
the ex-employee could potentially have the tools to un-hash the stolen
passwords and possibly even have the tools/resources to decrypt the
important information such as your credit card numbers.

******

 *1 雜湊函數(hash function) 通常是多對一函數，所以沒有確切的反函數，但
    這邊沒有人看過SONY是怎麼實做他們家的雜湊函數，也許跟他們的亂數函數
    一樣簡單也說不定，比如說：

        輸入資料 → 跟某個金鑰進行 XOR運算 → 雜湊後的資料

    那 XOR運算是一對一運算，反函數也是使用同一把金鑰的 XOR運算，所以有

        雜湊後的資料 → 跟同一個金鑰進行 XOR運算 → 雜湊前的資料

    XOR 布林運算邏輯如下：
        true XOR true  = false          false XOR true  = true
        true XOR false = true           false XOR false = false

--

○    ____  _  _  _  _  ____  _  _  ____  _____  ____
。 ★(_  _)( \( )( \/ )( ___)( \( )(_  _)(  _  )(  _ \
 ｏ   _)(_  )  (  \  /  )__)  )  (   )(   )(_)(  )   / ●  ‧
     (____)(_)\_)  \/  (____)(_)\_) (__) (_____)(_)\_)    ★
                                                            ｏ

--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 122.117.54.160


--