It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Poorly anonymized logs reveal NYC cab drivers’ detailed whereabouts
page: 16
share:
Botched attempt to scrub data reveals driver details for 173 million taxi trips.
City officials released the data in response to a public records request and specifically obscured the drivers' hack license numbers and medallion numbers. Rather than including those numbers in plaintext, the 20 gigabyte file contained one-way cryptographic hashes using the MD5 algorithm. Instead of a record showing medallion number 9Y99 or hack number 5296319
It turns out there's a significant flaw in the approach. Because both the medallion and hack numbers are structured in predictable patterns, it was trivial to run all possible iterations through the same MD5 algorithm and then compare the output to the data contained in the 20GB file. Software developer Vijay Pandurangan did just that, and in less than two hours he had completely de-anonymized all 173 million entries.
Taxi license numbers are always six-digit numbers or seven-digit numbers that begin with a five. That makes for a maximum of two million possible numbers, a sum that takes a matter of seconds to exhaust using programming rules built into cracking apps such as Hashcat. Medallion numbers similarly conform to specific patterns that make for a total of only 22 million possible combinations.
Link
Oops. Some body didn't think. They could have at least added a salt to increase the number of possible combinations.
Why not use a sequential number or random series for each.
a reply to: roadgravel
The interesting/worrying part is that some taxi drivers never pick up passengers but are just employed to do drug runs. That was the result of one police investigation. Then New York pedestrians would frequently complain that they tried to flag down an empty cab, and the driver wouldn't stop.
The interesting/worrying part is that some taxi drivers never pick up passengers but are just employed to do drug runs. That was the result of one police investigation. Then New York pedestrians would frequently complain that they tried to flag down an empty cab, and the driver wouldn't stop.
Oops! The average script kiddie who has done any password cracking could have explained how that wasn't going to work.
a reply to: theantediluvian
Who do they employ as software people? That had fail written all over it. I wouldn't be surprised if some manager said this was how it was to be done.
Who do they employ as software people? That had fail written all over it. I wouldn't be surprised if some manager said this was how it was to be done.
new topics
-
The Real Issue With The Administration's (Former) Immigration Policy
US Political Madness: 17 minutes ago -
Manwich. . . more than a meal
General Chit Chat: 55 minutes ago -
EU and their response to Trumps tariffs. Motorcycles, Bourbon, and Levi's among others.
Global Meltdown: 1 hours ago -
"Don’t worry, the Republicans, and your President, will fix it!"
Political Mud-Pit: 2 hours ago -
First KC-46 delivery set for October
Aircraft Projects: 2 hours ago -
Possible link found between diabetes and common white pigment
Medical Issues & Conspiracies: 2 hours ago -
Backflip FBI agent charged with second degree assault
Other Current Events: 3 hours ago -
The DNC Media Is Still Faking Outrage After Trump Signs EO Unifying Illegal Imigrant Families
Political Mud-Pit: 3 hours ago -
Democratic Socialists of America Says They’re Coming After More Trump Officials (and more)
Political Mud-Pit: 3 hours ago -
So PissPissMoanMoan equals an ExecOrder? Precident SET Let the games begin..NobleCause Granted
The Gray Area: 3 hours ago
top topics
-
Melania Trump Called the Secret Service Over Peter Fonda’s Threatening Tweet About Barron
Political Mud-Pit: 9 hours ago, 63 flags -
Trial for ATS member's alledge killer begins on Monday 6/25
The Gray Area: 5 hours ago, 47 flags -
Peter Fonda Calls for People to Target the Children of ICE agents
Political Mud-Pit: 14 hours ago, 41 flags -
"Don’t worry, the Republicans, and your President, will fix it!"
Political Mud-Pit: 2 hours ago, 29 flags -
There is no "Child Separation Policy" Despite What the Media Says
Dissecting Disinformation: 8 hours ago, 27 flags -
So no one cares about US families being separated???
Political Mud-Pit: 4 hours ago, 26 flags -
Obama kept border kids in cages and wrapped them in foil
Political Mud-Pit: 8 hours ago, 25 flags -
Obama administration apparently let horrific things happen to immigrant kids.
US Political Madness: 8 hours ago, 25 flags -
The DNC Media Is Still Faking Outrage After Trump Signs EO Unifying Illegal Imigrant Families
Political Mud-Pit: 3 hours ago, 25 flags -
Obama cyber chief confirms 'stand down' order against Russian cyberattacks in 2016
Political Mud-Pit: 3 hours ago, 24 flags
6