<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article09_11_03_0053230</id>
	<title>Cracking PGP In the Cloud</title>
	<author>kdawson</author>
	<datestamp>1257243420000</datestamp>
	<htmltext>pariax writes <i>"So you wanna build your own massively distributed password cracking infrastructure? Electric Alchemy has published a writeup detailing their experiences<a href="http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html"> cracking PGP ZIP archives using brute force computing power</a> provided by Amazon EC2 and a <a href="http://www.elcomsoft.com/edpr.html">distributed password cracker</a> from Elcomsoft."</i></htmltext>
<tokenext>pariax writes " So you wan na build your own massively distributed password cracking infrastructure ?
Electric Alchemy has published a writeup detailing their experiences cracking PGP ZIP archives using brute force computing power provided by Amazon EC2 and a distributed password cracker from Elcomsoft .
"</tokentext>
<sentencetext>pariax writes "So you wanna build your own massively distributed password cracking infrastructure?
Electric Alchemy has published a writeup detailing their experiences cracking PGP ZIP archives using brute force computing power provided by Amazon EC2 and a distributed password cracker from Elcomsoft.
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962142</id>
	<title>Use a bot net rather</title>
	<author>Anonymous</author>
	<datestamp>1257254520000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Much more horse power and it don't cost you anything. Thank god for windoze lusers.</p></htmltext>
<tokenext>Much more horse power and it do n't cost you anything .
Thank god for windoze lusers .</tokentext>
<sentencetext>Much more horse power and it don't cost you anything.
Thank god for windoze lusers.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962278</id>
	<title>uggboots</title>
	<author>Anonymous</author>
	<datestamp>1257256020000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>-1</modscore>
	<htmltext><p>Eric, thanks for such a great post- I really enjoyed it, actually reading this</p><p>I have been really interested in this topic .<br><a href="http://www.uggbootshare.co.uk/specials.asp" title="uggbootshare.co.uk" rel="nofollow">girl ugg</a> [uggbootshare.co.uk]</p></htmltext>
<tokenext>Eric , thanks for such a great post- I really enjoyed it , actually reading thisI have been really interested in this topic .girl ugg [ uggbootshare.co.uk ]</tokentext>
<sentencetext>Eric, thanks for such a great post- I really enjoyed it, actually reading thisI have been really interested in this topic .girl ugg [uggbootshare.co.uk]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29964406</id>
	<title>Re:Pointless</title>
	<author>Kjella</author>
	<datestamp>1257268200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>It is significant because the lone hacker in his basement or the IT department of your unethical competitor might not have a spare server farm with 200 CPUs lying around.</p></div><p>No, they have a botnet with 10000...</p></div>
	</htmltext>
<tokenext>It is significant because the lone hacker in his basement or the IT department of your unethical competitor might not have a spare server farm with 200 CPUs lying around.No , they have a botnet with 10000.. .</tokentext>
<sentencetext>It is significant because the lone hacker in his basement or the IT department of your unethical competitor might not have a spare server farm with 200 CPUs lying around.No, they have a botnet with 10000...
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961638</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961776</id>
	<title>Interesting but misleading</title>
	<author>Anonymous</author>
	<datestamp>1257250020000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>People who would try to hack your password probably will not use Amazon's EC2, but something far more trivial, such as a botnet. Botnets are free, all you need is some time.
<br> <br>
This is why I wouldn't think that 11-12 character bound has any meaning in practice. A more meaningful boundary is the one which can not possibly be cracked in reasonable time with a big computer network, regardless of the cost of operating it.
<br> <br>
I use a composite password approach that gives a best balance between security and ease of use: use a good random generator for say 16 characters. Print it. This is not your password yet. You will come up with a few easy to remember, but hard to guess transforms, such as inserting several characters in a place only you know, using the printed sequence in a different order than linear left-to-right, and replacing all instances of printed "a" with "3" for example.
<br> <br>
This ensures brute-forcing over the network will not be possible, as your password is truly random, and long. Finding the list would not lead to instant hack either as there's still reasonable information withheld from what's printed. You can also frequently change the "seed", the random characters you print, and apply the same rules you remember from before, to arrive at a completely new password, without having to remember anything new.</htmltext>
<tokenext>People who would try to hack your password probably will not use Amazon 's EC2 , but something far more trivial , such as a botnet .
Botnets are free , all you need is some time .
This is why I would n't think that 11-12 character bound has any meaning in practice .
A more meaningful boundary is the one which can not possibly be cracked in reasonable time with a big computer network , regardless of the cost of operating it .
I use a composite password approach that gives a best balance between security and ease of use : use a good random generator for say 16 characters .
Print it .
This is not your password yet .
You will come up with a few easy to remember , but hard to guess transforms , such as inserting several characters in a place only you know , using the printed sequence in a different order than linear left-to-right , and replacing all instances of printed " a " with " 3 " for example .
This ensures brute-forcing over the network will not be possible , as your password is truly random , and long .
Finding the list would not lead to instant hack either as there 's still reasonable information withheld from what 's printed .
You can also frequently change the " seed " , the random characters you print , and apply the same rules you remember from before , to arrive at a completely new password , without having to remember anything new .</tokentext>
<sentencetext>People who would try to hack your password probably will not use Amazon's EC2, but something far more trivial, such as a botnet.
Botnets are free, all you need is some time.
This is why I wouldn't think that 11-12 character bound has any meaning in practice.
A more meaningful boundary is the one which can not possibly be cracked in reasonable time with a big computer network, regardless of the cost of operating it.
I use a composite password approach that gives a best balance between security and ease of use: use a good random generator for say 16 characters.
Print it.
This is not your password yet.
You will come up with a few easy to remember, but hard to guess transforms, such as inserting several characters in a place only you know, using the printed sequence in a different order than linear left-to-right, and replacing all instances of printed "a" with "3" for example.
This ensures brute-forcing over the network will not be possible, as your password is truly random, and long.
Finding the list would not lead to instant hack either as there's still reasonable information withheld from what's printed.
You can also frequently change the "seed", the random characters you print, and apply the same rules you remember from before, to arrive at a completely new password, without having to remember anything new.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29965988</id>
	<title>Re:Bottom Line: Use Long, Unusual Passwords</title>
	<author>neurovish</author>
	<datestamp>1257275160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>How many CPUs are in the latest botnet?  Their Elcomsoft license was limited to 100 hosts.  If they had 500,000, then it would take...&lt;insert quick, shoddy math: 122days/500000hosts*24hours*60minutes*60seconds&gt;...about 20 seconds for their 8 character mixed up password?</htmltext>
<tokenext>How many CPUs are in the latest botnet ?
Their Elcomsoft license was limited to 100 hosts .
If they had 500,000 , then it would take......about 20 seconds for their 8 character mixed up password ?</tokentext>
<sentencetext>How many CPUs are in the latest botnet?
Their Elcomsoft license was limited to 100 hosts.
If they had 500,000, then it would take......about 20 seconds for their 8 character mixed up password?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961714</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961678</id>
	<title>Re:And tons of carbon enter the air</title>
	<author>Anonymous</author>
	<datestamp>1257249180000</datestamp>
	<modclass>Troll</modclass>
	<modscore>0</modscore>
	<htmltext>Was that really your first thought on reading the headline?  Sad how tainted people's minds are these days.  Reminds me of the preacher who sees Satan's hand in everything or the policeman who is convinced that all teenagers are criminals.  When your perspective is <i>that</i> skewed...jeez I don't know what to say.  <p>Assuming I want to use some spare CPU cycles for some purpose or other, where should I apply to make sure it's OK?  So far, we have protein folding and alien hunting as acceptable: what are some other uses of spare CPU that are acceptable and unacceptable?</p></htmltext>
<tokenext>Was that really your first thought on reading the headline ?
Sad how tainted people 's minds are these days .
Reminds me of the preacher who sees Satan 's hand in everything or the policeman who is convinced that all teenagers are criminals .
When your perspective is that skewed...jeez I do n't know what to say .
Assuming I want to use some spare CPU cycles for some purpose or other , where should I apply to make sure it 's OK ?
So far , we have protein folding and alien hunting as acceptable : what are some other uses of spare CPU that are acceptable and unacceptable ?</tokentext>
<sentencetext>Was that really your first thought on reading the headline?
Sad how tainted people's minds are these days.
Reminds me of the preacher who sees Satan's hand in everything or the policeman who is convinced that all teenagers are criminals.
When your perspective is that skewed...jeez I don't know what to say.
Assuming I want to use some spare CPU cycles for some purpose or other, where should I apply to make sure it's OK?
So far, we have protein folding and alien hunting as acceptable: what are some other uses of spare CPU that are acceptable and unacceptable?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961546</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962600</id>
	<title>Frist psOt?</title>
	<author>Anonymous</author>
	<datestamp>1257258720000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><A HREF="http://goat.cx/" title="goat.cx" rel="nofollow">to download the with the number BSD fanatics? I'7e To this. For to stick something Join in especially ASSOCIATION OF Current core were everything else</a> [goat.cx]</htmltext>
<tokenext>to download the with the number BSD fanatics ?
I'7e To this .
For to stick something Join in especially ASSOCIATION OF Current core were everything else [ goat.cx ]</tokentext>
<sentencetext>to download the with the number BSD fanatics?
I'7e To this.
For to stick something Join in especially ASSOCIATION OF Current core were everything else [goat.cx]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961528</id>
	<title>Distrubuted Computing</title>
	<author>Anonymous</author>
	<datestamp>1257247440000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext><p>If only they'd thought of using distributed computing for the first post, instead of password cracking!</p></htmltext>
<tokenext>If only they 'd thought of using distributed computing for the first post , instead of password cracking !</tokentext>
<sentencetext>If only they'd thought of using distributed computing for the first post, instead of password cracking!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961702</id>
	<title>Re:Pointless</title>
	<author>Pascal Sartoretti</author>
	<datestamp>1257249360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Either the password is crap and you crack is easily, or it's helluva complex and scaling it up 100x won't do a damn thing</p></div><p>Or maybe the password is <b>apparently</b> complex to the average user, but actually not so much. How would you classify "Hello123" or "Hottie69" ?
</p><p>
I am sure that there is plenty of money to be made with people who <b>think</b> that they are safe...</p></div>
	</htmltext>
<tokenext>Either the password is crap and you crack is easily , or it 's helluva complex and scaling it up 100x wo n't do a damn thingOr maybe the password is apparently complex to the average user , but actually not so much .
How would you classify " Hello123 " or " Hottie69 " ?
I am sure that there is plenty of money to be made with people who think that they are safe.. .</tokentext>
<sentencetext>Either the password is crap and you crack is easily, or it's helluva complex and scaling it up 100x won't do a damn thingOr maybe the password is apparently complex to the average user, but actually not so much.
How would you classify "Hello123" or "Hottie69" ?
I am sure that there is plenty of money to be made with people who think that they are safe...
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961588</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961554</id>
	<title>Imagine....</title>
	<author>Anonymous</author>
	<datestamp>1257247620000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>-1</modscore>
	<htmltext><p>Imagine a Beowulf cluster of those.</p></htmltext>
<tokenext>Imagine a Beowulf cluster of those .</tokentext>
<sentencetext>Imagine a Beowulf cluster of those.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961620</id>
	<title>Wanna be careful</title>
	<author>Anonymous</author>
	<datestamp>1257248220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>They will want to be careful or else <a href="http://yro.slashdot.org/story/09/11/03/0331227/Feds-Bust-Cable-Modem-Hacker?art\_pos=3" title="slashdot.org">they just might get arrested.</a> [slashdot.org]</p></htmltext>
<tokenext>They will want to be careful or else they just might get arrested .
[ slashdot.org ]</tokentext>
<sentencetext>They will want to be careful or else they just might get arrested.
[slashdot.org]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962034</id>
	<title>Hmm</title>
	<author>ShooterNeo</author>
	<datestamp>1257253320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I have an idea : how about a self destructing key?  There would be a physical USB key that would have your passphrases on it.  The passphrases would be quite lengthy strings of randomly generated characters, effectively un-forcable unless there's a massive weakness in the encryption algorithm.</p><p>The key would have a small CPU and lithium ion battery.  All the components would be potted in epoxy, and you would be able to put an outer shell around the key resembling a common brand of USB stick.</p><p>In order to use the key, you'd have to enter a small password to unlock it.  If the key has not been used in roughly 2 weeks of real time, it erases the passphrase from itself.</p><p>So if you get arrested or compeled to give up your password, you just have to keep silent for a couple weeks.  Then, it's gone!</p></htmltext>
<tokenext>I have an idea : how about a self destructing key ?
There would be a physical USB key that would have your passphrases on it .
The passphrases would be quite lengthy strings of randomly generated characters , effectively un-forcable unless there 's a massive weakness in the encryption algorithm.The key would have a small CPU and lithium ion battery .
All the components would be potted in epoxy , and you would be able to put an outer shell around the key resembling a common brand of USB stick.In order to use the key , you 'd have to enter a small password to unlock it .
If the key has not been used in roughly 2 weeks of real time , it erases the passphrase from itself.So if you get arrested or compeled to give up your password , you just have to keep silent for a couple weeks .
Then , it 's gone !</tokentext>
<sentencetext>I have an idea : how about a self destructing key?
There would be a physical USB key that would have your passphrases on it.
The passphrases would be quite lengthy strings of randomly generated characters, effectively un-forcable unless there's a massive weakness in the encryption algorithm.The key would have a small CPU and lithium ion battery.
All the components would be potted in epoxy, and you would be able to put an outer shell around the key resembling a common brand of USB stick.In order to use the key, you'd have to enter a small password to unlock it.
If the key has not been used in roughly 2 weeks of real time, it erases the passphrase from itself.So if you get arrested or compeled to give up your password, you just have to keep silent for a couple weeks.
Then, it's gone!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29964362</id>
	<title>Re:Bottom Line: Use Long, Unusual Passwords</title>
	<author>zindorsky</author>
	<datestamp>1257267960000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>Wrong. Dead wrong.<br>Reason 1: Rainbow tables only work when the cryptosystem doesn't use salt (or uses it incorrectly). These days everyone uses salt. It's not a big secret.<br>Reason 2: Even if salt wasn't used, Rainbow tables aren't feasible against long passwords. Rainbow tables are essentially just saving the results of one attack and using them on subsequent attacks. If the password in question is long enough, even the "one attack" (table precomputations) will never get to that password.</p><p>So, educate yourself. Rainbows tables are not some kind of magic crypto attack. They are very limited in scope. These days pretty much all they're good for is Windows passwords and old 40-bit MS Office documents. Definitely not PGP.</p></htmltext>
<tokenext>Wrong .
Dead wrong.Reason 1 : Rainbow tables only work when the cryptosystem does n't use salt ( or uses it incorrectly ) .
These days everyone uses salt .
It 's not a big secret.Reason 2 : Even if salt was n't used , Rainbow tables are n't feasible against long passwords .
Rainbow tables are essentially just saving the results of one attack and using them on subsequent attacks .
If the password in question is long enough , even the " one attack " ( table precomputations ) will never get to that password.So , educate yourself .
Rainbows tables are not some kind of magic crypto attack .
They are very limited in scope .
These days pretty much all they 're good for is Windows passwords and old 40-bit MS Office documents .
Definitely not PGP .</tokentext>
<sentencetext>Wrong.
Dead wrong.Reason 1: Rainbow tables only work when the cryptosystem doesn't use salt (or uses it incorrectly).
These days everyone uses salt.
It's not a big secret.Reason 2: Even if salt wasn't used, Rainbow tables aren't feasible against long passwords.
Rainbow tables are essentially just saving the results of one attack and using them on subsequent attacks.
If the password in question is long enough, even the "one attack" (table precomputations) will never get to that password.So, educate yourself.
Rainbows tables are not some kind of magic crypto attack.
They are very limited in scope.
These days pretty much all they're good for is Windows passwords and old 40-bit MS Office documents.
Definitely not PGP.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962620</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29963676</id>
	<title>Re:Not the way of doing it</title>
	<author>Slashdot Parent</author>
	<datestamp>1257265080000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>Don't forget other cosets: cooling, system administration, datacenter space, backups, racks, switches, KVMs, UPSs, network administration, maintenance, etc.</p><p>No question EC2 is expensive if you plan on fully-utilizing that hardware.  But that's why it's called the Elastic Compute Cloud, not the Static Compute Cloud.  If your computational needs are static, EC2 is most definitely the wrong tool for the job.</p></htmltext>
<tokenext>Do n't forget other cosets : cooling , system administration , datacenter space , backups , racks , switches , KVMs , UPSs , network administration , maintenance , etc.No question EC2 is expensive if you plan on fully-utilizing that hardware .
But that 's why it 's called the Elastic Compute Cloud , not the Static Compute Cloud .
If your computational needs are static , EC2 is most definitely the wrong tool for the job .</tokentext>
<sentencetext>Don't forget other cosets: cooling, system administration, datacenter space, backups, racks, switches, KVMs, UPSs, network administration, maintenance, etc.No question EC2 is expensive if you plan on fully-utilizing that hardware.
But that's why it's called the Elastic Compute Cloud, not the Static Compute Cloud.
If your computational needs are static, EC2 is most definitely the wrong tool for the job.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962280</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962280</id>
	<title>Not the way of doing it</title>
	<author>julesh</author>
	<datestamp>1257256080000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>I looked at EC2 for raw processing power earlier this year (my company needs to train a lot of neural nets) and it just isn't worth it, unless you only need the power short term.  A high-performance EC2 node gives you 8 cores running at (very roughly) the equivalent of a 2GHz P4, and costs $0.68/hr == about $460 per month, which is only a little less than what an equivalent box (probably a 2.83GHz Core 2 Quad or similar) would cost you.  Put power to run that box down at about $0.05 per hour and you can build your own local cluster of equivalent performance for around the same amount of money as you'll save in your first month and a half of operation.</p></htmltext>
<tokenext>I looked at EC2 for raw processing power earlier this year ( my company needs to train a lot of neural nets ) and it just is n't worth it , unless you only need the power short term .
A high-performance EC2 node gives you 8 cores running at ( very roughly ) the equivalent of a 2GHz P4 , and costs $ 0.68/hr = = about $ 460 per month , which is only a little less than what an equivalent box ( probably a 2.83GHz Core 2 Quad or similar ) would cost you .
Put power to run that box down at about $ 0.05 per hour and you can build your own local cluster of equivalent performance for around the same amount of money as you 'll save in your first month and a half of operation .</tokentext>
<sentencetext>I looked at EC2 for raw processing power earlier this year (my company needs to train a lot of neural nets) and it just isn't worth it, unless you only need the power short term.
A high-performance EC2 node gives you 8 cores running at (very roughly) the equivalent of a 2GHz P4, and costs $0.68/hr == about $460 per month, which is only a little less than what an equivalent box (probably a 2.83GHz Core 2 Quad or similar) would cost you.
Put power to run that box down at about $0.05 per hour and you can build your own local cluster of equivalent performance for around the same amount of money as you'll save in your first month and a half of operation.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29965878</id>
	<title>Re:Bottom Line: Use Long, Unusual Passwords</title>
	<author>arminw</author>
	<datestamp>1257274560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>with a rubber hose or electric shock decryption key used on the owner of the password</p></htmltext>
<tokenext>with a rubber hose or electric shock decryption key used on the owner of the password</tokentext>
<sentencetext>with a rubber hose or electric shock decryption key used on the owner of the password</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961714</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29966182</id>
	<title>The article has no conclusion</title>
	<author>Anonymous</author>
	<datestamp>1257276000000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>They never say that they actually found the password?</p><p>Or how long it took?</p><p>Are they still looking for it?</p><p>I read both pages and found no conclusion whatsoever.</p></htmltext>
<tokenext>They never say that they actually found the password ? Or how long it took ? Are they still looking for it ? I read both pages and found no conclusion whatsoever .</tokentext>
<sentencetext>They never say that they actually found the password?Or how long it took?Are they still looking for it?I read both pages and found no conclusion whatsoever.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961838</id>
	<title>In other news</title>
	<author>Anonymous</author>
	<datestamp>1257250800000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>-1</modscore>
	<htmltext><p>Elcomsoft has been charged with conspiracy, aiding and abetting computer intrusion and wire fraud.</p><p><a href="http://www.wired.com/threatlevel/2009/11/derengel/" title="wired.com" rel="nofollow">http://www.wired.com/threatlevel/2009/11/derengel/</a> [wired.com]</p></htmltext>
<tokenext>Elcomsoft has been charged with conspiracy , aiding and abetting computer intrusion and wire fraud.http : //www.wired.com/threatlevel/2009/11/derengel/ [ wired.com ]</tokentext>
<sentencetext>Elcomsoft has been charged with conspiracy, aiding and abetting computer intrusion and wire fraud.http://www.wired.com/threatlevel/2009/11/derengel/ [wired.com]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962200</id>
	<title>Re:Bottom Line: Use Long, Unusual Passwords</title>
	<author>Anonymous</author>
	<datestamp>1257255120000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I use <a href="http://world.std.com/~reinhold/diceware.html" title="std.com" rel="nofollow">Diceware</a> [std.com] for all my obscenely long password needs</p></htmltext>
<tokenext>I use Diceware [ std.com ] for all my obscenely long password needs</tokentext>
<sentencetext>I use Diceware [std.com] for all my obscenely long password needs</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961714</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962766</id>
	<title>But did it work</title>
	<author>Anonymous</author>
	<datestamp>1257259980000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>FTA, they mention that Amazon didn't allow them to create more than 9 instances, so they couldn't crack the passwords in less than 122 days.  (a request to get suitable amounts of computing power was made, but takes time, is not enabled by default, and wasn't available at the time of writing?)</p><p><i>Dear Sir,Thank you for submitting your request to increase your Amazon EC2 limit. It is our intention to meet your needs. We will review your case and contact you within 3 - 5 business days.</i></p></htmltext>
<tokenext>FTA , they mention that Amazon did n't allow them to create more than 9 instances , so they could n't crack the passwords in less than 122 days .
( a request to get suitable amounts of computing power was made , but takes time , is not enabled by default , and was n't available at the time of writing ?
) Dear Sir,Thank you for submitting your request to increase your Amazon EC2 limit .
It is our intention to meet your needs .
We will review your case and contact you within 3 - 5 business days .</tokentext>
<sentencetext>FTA, they mention that Amazon didn't allow them to create more than 9 instances, so they couldn't crack the passwords in less than 122 days.
(a request to get suitable amounts of computing power was made, but takes time, is not enabled by default, and wasn't available at the time of writing?
)Dear Sir,Thank you for submitting your request to increase your Amazon EC2 limit.
It is our intention to meet your needs.
We will review your case and contact you within 3 - 5 business days.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961714</id>
	<title>Bottom Line: Use Long, Unusual Passwords</title>
	<author>Anonymous</author>
	<datestamp>1257249480000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext><p>First of all, the article is a very nice summary of the issues involved with setting up a cloud to crack passwords - the nuts and bolts, if you will. I liked that the authors took the time to look into the economics of trying to crack passwords, how much money it would cost vs. how long it would take. Password cracking is one example of massively scalable computing, which is presumably why the NSA allegedly has had to keep upgrading the electrical infrastructure at their headquarters. Elcomsoft certainly made a splash with their PGP-cracking software and managing to harness the power of cheap GPU cards (which are set up for parallel processing) was a bit of genius. That said, even massive horsepower runs into a brick wall once the passphrases become long and the encryption algorithm is good.</p><p>On page 2 of the article, the authors nicely summarize the cost of cracking longer and longer passwords. Once passwords start incorporating special characters (per SPEC), the cost shoots sky high even for relatively short passwords (i.e. $10MM+ for a 9 character password, $1BN for a 10-character password, the US national debt for a 12-character password). The article so clearly lays out why the various law enforcement agencies have been focusing on being able to force folk to disclose their encryption keys. The cost of cracking a well-executed encryption scheme combined with a good password is simply too high. So, go ahead and use those special characters, upper and lowercase, etc. to make life interesting for would-be snoops. But realize that unless trends in privacy rights swing the other way, law enforcement will simply compel key disclosure, as they have for years in the UK, for example.</p><p>Lastly, the article underscores the value of keychain-type schemes that allow many long passphrases to be stored in a accessible format. Make it easy to have long, complex passphrases and it becomes more likely that people will actually use them.</p></htmltext>
<tokenext>First of all , the article is a very nice summary of the issues involved with setting up a cloud to crack passwords - the nuts and bolts , if you will .
I liked that the authors took the time to look into the economics of trying to crack passwords , how much money it would cost vs. how long it would take .
Password cracking is one example of massively scalable computing , which is presumably why the NSA allegedly has had to keep upgrading the electrical infrastructure at their headquarters .
Elcomsoft certainly made a splash with their PGP-cracking software and managing to harness the power of cheap GPU cards ( which are set up for parallel processing ) was a bit of genius .
That said , even massive horsepower runs into a brick wall once the passphrases become long and the encryption algorithm is good.On page 2 of the article , the authors nicely summarize the cost of cracking longer and longer passwords .
Once passwords start incorporating special characters ( per SPEC ) , the cost shoots sky high even for relatively short passwords ( i.e .
$ 10MM + for a 9 character password , $ 1BN for a 10-character password , the US national debt for a 12-character password ) .
The article so clearly lays out why the various law enforcement agencies have been focusing on being able to force folk to disclose their encryption keys .
The cost of cracking a well-executed encryption scheme combined with a good password is simply too high .
So , go ahead and use those special characters , upper and lowercase , etc .
to make life interesting for would-be snoops .
But realize that unless trends in privacy rights swing the other way , law enforcement will simply compel key disclosure , as they have for years in the UK , for example.Lastly , the article underscores the value of keychain-type schemes that allow many long passphrases to be stored in a accessible format .
Make it easy to have long , complex passphrases and it becomes more likely that people will actually use them .</tokentext>
<sentencetext>First of all, the article is a very nice summary of the issues involved with setting up a cloud to crack passwords - the nuts and bolts, if you will.
I liked that the authors took the time to look into the economics of trying to crack passwords, how much money it would cost vs. how long it would take.
Password cracking is one example of massively scalable computing, which is presumably why the NSA allegedly has had to keep upgrading the electrical infrastructure at their headquarters.
Elcomsoft certainly made a splash with their PGP-cracking software and managing to harness the power of cheap GPU cards (which are set up for parallel processing) was a bit of genius.
That said, even massive horsepower runs into a brick wall once the passphrases become long and the encryption algorithm is good.On page 2 of the article, the authors nicely summarize the cost of cracking longer and longer passwords.
Once passwords start incorporating special characters (per SPEC), the cost shoots sky high even for relatively short passwords (i.e.
$10MM+ for a 9 character password, $1BN for a 10-character password, the US national debt for a 12-character password).
The article so clearly lays out why the various law enforcement agencies have been focusing on being able to force folk to disclose their encryption keys.
The cost of cracking a well-executed encryption scheme combined with a good password is simply too high.
So, go ahead and use those special characters, upper and lowercase, etc.
to make life interesting for would-be snoops.
But realize that unless trends in privacy rights swing the other way, law enforcement will simply compel key disclosure, as they have for years in the UK, for example.Lastly, the article underscores the value of keychain-type schemes that allow many long passphrases to be stored in a accessible format.
Make it easy to have long, complex passphrases and it becomes more likely that people will actually use them.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961704</id>
	<title>All communications securely encrypted</title>
	<author>Frans Faase</author>
	<datestamp>1257249420000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>One of the adversized features of ElcomSoft Distributed Password Recovery is that <i>all network communications between password recovery clients and the server are securely encrypted</i>. How is that possible, I wonder.</p></htmltext>
<tokenext>One of the adversized features of ElcomSoft Distributed Password Recovery is that all network communications between password recovery clients and the server are securely encrypted .
How is that possible , I wonder .</tokentext>
<sentencetext>One of the adversized features of ElcomSoft Distributed Password Recovery is that all network communications between password recovery clients and the server are securely encrypted.
How is that possible, I wonder.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29969036</id>
	<title>Re:In a word</title>
	<author>sootman</author>
	<datestamp>1257246000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I would have been more impressed if they had cracked a password using Mechanical Turk.</p></htmltext>
<tokenext>I would have been more impressed if they had cracked a password using Mechanical Turk .</tokentext>
<sentencetext>I would have been more impressed if they had cracked a password using Mechanical Turk.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961628</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29986926</id>
	<title>Re:Hmm</title>
	<author>Anonymous</author>
	<datestamp>1256988300000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Basically an <a href="http://www.g10code.de/p-card.html" title="g10code.de" rel="nofollow">OpenPGP Card</a> [g10code.de] with an internal timer?</p></htmltext>
<tokenext>Basically an OpenPGP Card [ g10code.de ] with an internal timer ?</tokentext>
<sentencetext>Basically an OpenPGP Card [g10code.de] with an internal timer?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962034</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961638</id>
	<title>Re:Pointless</title>
	<author>Marcika</author>
	<datestamp>1257248460000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p>Yes obviously cracking passwords scales linearly, we've known that for a long time. Oh, you could get 100 machines brute forcing instead of one, but what good is that? Either the password is crap and you crack is easily, or it's helluva complex and scaling it up 100x won't do a damn thing. In this case it looks like they just picked some random range and said "Hey, this is unfeasible on a single machine and doable on a cloud, let's do that" but they haven't produced any credible evidence it is in this range. Not unless semi-complex password possibility matches their corporate password policy or whatever.</p></div><p>It is significant because the lone hacker in his basement or the IT department of your unethical competitor might not have a spare server farm with 200 CPUs lying around. They show just how effortless it has become to do brute-force if you have a couple of minutes to set it up and a few spare bucks for the computing power... (And I bet that very few corporations have a password policy that mandates anything exceeding 8-char alphanumeric - which can be cracked for 45 bucks, as they show...)</p></div>
	</htmltext>
<tokenext>Yes obviously cracking passwords scales linearly , we 've known that for a long time .
Oh , you could get 100 machines brute forcing instead of one , but what good is that ?
Either the password is crap and you crack is easily , or it 's helluva complex and scaling it up 100x wo n't do a damn thing .
In this case it looks like they just picked some random range and said " Hey , this is unfeasible on a single machine and doable on a cloud , let 's do that " but they have n't produced any credible evidence it is in this range .
Not unless semi-complex password possibility matches their corporate password policy or whatever.It is significant because the lone hacker in his basement or the IT department of your unethical competitor might not have a spare server farm with 200 CPUs lying around .
They show just how effortless it has become to do brute-force if you have a couple of minutes to set it up and a few spare bucks for the computing power... ( And I bet that very few corporations have a password policy that mandates anything exceeding 8-char alphanumeric - which can be cracked for 45 bucks , as they show... )</tokentext>
<sentencetext>Yes obviously cracking passwords scales linearly, we've known that for a long time.
Oh, you could get 100 machines brute forcing instead of one, but what good is that?
Either the password is crap and you crack is easily, or it's helluva complex and scaling it up 100x won't do a damn thing.
In this case it looks like they just picked some random range and said "Hey, this is unfeasible on a single machine and doable on a cloud, let's do that" but they haven't produced any credible evidence it is in this range.
Not unless semi-complex password possibility matches their corporate password policy or whatever.It is significant because the lone hacker in his basement or the IT department of your unethical competitor might not have a spare server farm with 200 CPUs lying around.
They show just how effortless it has become to do brute-force if you have a couple of minutes to set it up and a few spare bucks for the computing power... (And I bet that very few corporations have a password policy that mandates anything exceeding 8-char alphanumeric - which can be cracked for 45 bucks, as they show...)
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961588</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962620</id>
	<title>Re:Bottom Line: Use Long, Unusual Passwords</title>
	<author>Anonymous</author>
	<datestamp>1257258960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Password cracking is one example of massively scalable computing, which is presumably why the NSA allegedly has had to keep upgrading the electrical infrastructure at their headquarters.</p></div><p>Naa, the current state of the art is in <a href="http://en.wikipedia.org/wiki/Rainbow\_table" title="wikipedia.org">Rainbow tables</a> [wikipedia.org], which lets you do the brute force method once ahead of time, then reuse those generated tables to crack literally any password covered by that table in seconds.</p><p>If your system only allows ASCII characters (255 different values per character) and lets say 256 characters max in your password, you can setup and generate a rainbow table that matches using the same hashing method.</p><p>At that point, throwing any hash (any hash that will allow one to actually login that is) into the table, and plaintext pops out in seconds.  Rinse and repeat for the entire password file.</p><p>Generating the rainbow tables does take a lot of time, and is a great example where distributed processing greatly speeds things up.<br>The NSA already has access to such computing resources however and can generate said tables in a much quicker time than any of us most likely can.  The generation process only needs done once per hashing method as well.</p><p>Brute forcing hashes in real time on an as-needed basis is so 90s<nobr> <wbr></nobr>;}</p></div>
	</htmltext>
<tokenext>Password cracking is one example of massively scalable computing , which is presumably why the NSA allegedly has had to keep upgrading the electrical infrastructure at their headquarters.Naa , the current state of the art is in Rainbow tables [ wikipedia.org ] , which lets you do the brute force method once ahead of time , then reuse those generated tables to crack literally any password covered by that table in seconds.If your system only allows ASCII characters ( 255 different values per character ) and lets say 256 characters max in your password , you can setup and generate a rainbow table that matches using the same hashing method.At that point , throwing any hash ( any hash that will allow one to actually login that is ) into the table , and plaintext pops out in seconds .
Rinse and repeat for the entire password file.Generating the rainbow tables does take a lot of time , and is a great example where distributed processing greatly speeds things up.The NSA already has access to such computing resources however and can generate said tables in a much quicker time than any of us most likely can .
The generation process only needs done once per hashing method as well.Brute forcing hashes in real time on an as-needed basis is so 90s ; }</tokentext>
<sentencetext>Password cracking is one example of massively scalable computing, which is presumably why the NSA allegedly has had to keep upgrading the electrical infrastructure at their headquarters.Naa, the current state of the art is in Rainbow tables [wikipedia.org], which lets you do the brute force method once ahead of time, then reuse those generated tables to crack literally any password covered by that table in seconds.If your system only allows ASCII characters (255 different values per character) and lets say 256 characters max in your password, you can setup and generate a rainbow table that matches using the same hashing method.At that point, throwing any hash (any hash that will allow one to actually login that is) into the table, and plaintext pops out in seconds.
Rinse and repeat for the entire password file.Generating the rainbow tables does take a lot of time, and is a great example where distributed processing greatly speeds things up.The NSA already has access to such computing resources however and can generate said tables in a much quicker time than any of us most likely can.
The generation process only needs done once per hashing method as well.Brute forcing hashes in real time on an as-needed basis is so 90s ;}
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961714</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29965658</id>
	<title>Re:Not the way of doing it</title>
	<author>Peter Mork</author>
	<datestamp>1257273540000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext>When building your own system, you need to purchase enough hardware to cover your peak load.  As a result, you have to buy more hardware than you usually need.  Since I'm on the road, I don't have my paper archives accessible, but I think that average utilization tends to run at around 10\%.  When you use EC2, you only need to pay for peak hardware when you need the peak hardware.  Thus, in our studies, EC2 tends to be cheaper for small/medium organizations (unless your workload is extremely stable).  (I think there are serious limitations with cloud computing, which you can read in our JBI article: "Cloud Computing: A New Business Paradigm for Biomedical Information Sharing," but cost is not the main issue.)</htmltext>
<tokenext>When building your own system , you need to purchase enough hardware to cover your peak load .
As a result , you have to buy more hardware than you usually need .
Since I 'm on the road , I do n't have my paper archives accessible , but I think that average utilization tends to run at around 10 \ % .
When you use EC2 , you only need to pay for peak hardware when you need the peak hardware .
Thus , in our studies , EC2 tends to be cheaper for small/medium organizations ( unless your workload is extremely stable ) .
( I think there are serious limitations with cloud computing , which you can read in our JBI article : " Cloud Computing : A New Business Paradigm for Biomedical Information Sharing , " but cost is not the main issue .
)</tokentext>
<sentencetext>When building your own system, you need to purchase enough hardware to cover your peak load.
As a result, you have to buy more hardware than you usually need.
Since I'm on the road, I don't have my paper archives accessible, but I think that average utilization tends to run at around 10\%.
When you use EC2, you only need to pay for peak hardware when you need the peak hardware.
Thus, in our studies, EC2 tends to be cheaper for small/medium organizations (unless your workload is extremely stable).
(I think there are serious limitations with cloud computing, which you can read in our JBI article: "Cloud Computing: A New Business Paradigm for Biomedical Information Sharing," but cost is not the main issue.
)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962280</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29963148</id>
	<title>Re:Bottom Line: Use Long, Unusual Passwords</title>
	<author>houghi</author>
	<datestamp>1257262140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The idea is good if you only have 1 login and password. However I and I asume many others have a multitude of logins and passwords. I access systems from different systems with different Operating Systems and different software.</p><p>Many logins and some passwords are not ones I can select myself. And then I am not even talking about the need to change passwords every month. (Some think that 30 days is a good idea.) So every first of the month I am changing as much passwords as I can, so I don't need to remember them all.</p><p>Obviously I forget some along the way.</p><p>Complex passwords? The more complex they must be, the more post-it notes I see on screens where I work.</p><p>I just checked and for my work I have 20 differnt logins and passwords that I did not made myself and where I have no influence on the login or the password. This due to many of them being third parties or shared ones with others. And now three devices that I need to type something in.</p><p>Sure it is very bad. It is however the situation I am in and I can imagine that I am not alone there.</p></htmltext>
<tokenext>The idea is good if you only have 1 login and password .
However I and I asume many others have a multitude of logins and passwords .
I access systems from different systems with different Operating Systems and different software.Many logins and some passwords are not ones I can select myself .
And then I am not even talking about the need to change passwords every month .
( Some think that 30 days is a good idea .
) So every first of the month I am changing as much passwords as I can , so I do n't need to remember them all.Obviously I forget some along the way.Complex passwords ?
The more complex they must be , the more post-it notes I see on screens where I work.I just checked and for my work I have 20 differnt logins and passwords that I did not made myself and where I have no influence on the login or the password .
This due to many of them being third parties or shared ones with others .
And now three devices that I need to type something in.Sure it is very bad .
It is however the situation I am in and I can imagine that I am not alone there .</tokentext>
<sentencetext>The idea is good if you only have 1 login and password.
However I and I asume many others have a multitude of logins and passwords.
I access systems from different systems with different Operating Systems and different software.Many logins and some passwords are not ones I can select myself.
And then I am not even talking about the need to change passwords every month.
(Some think that 30 days is a good idea.
) So every first of the month I am changing as much passwords as I can, so I don't need to remember them all.Obviously I forget some along the way.Complex passwords?
The more complex they must be, the more post-it notes I see on screens where I work.I just checked and for my work I have 20 differnt logins and passwords that I did not made myself and where I have no influence on the login or the password.
This due to many of them being third parties or shared ones with others.
And now three devices that I need to type something in.Sure it is very bad.
It is however the situation I am in and I can imagine that I am not alone there.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961714</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961688</id>
	<title>Re:Pointless</title>
	<author>OverlordQ</author>
	<datestamp>1257249240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Even TFA story say to cover 50\% of the keyspace for a length 12 password you're looking at $1.2M in EC2 fees.</p></htmltext>
<tokenext>Even TFA story say to cover 50 \ % of the keyspace for a length 12 password you 're looking at $ 1.2M in EC2 fees .</tokentext>
<sentencetext>Even TFA story say to cover 50\% of the keyspace for a length 12 password you're looking at $1.2M in EC2 fees.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961588</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961628</id>
	<title>In a word</title>
	<author>LizardKing</author>
	<datestamp>1257248340000</datestamp>
	<modclass>Funny</modclass>
	<modscore>4</modscore>
	<htmltext><p> <i>So you wanna build your own massively distributed password cracking infrastructure?</i> </p><p>No</p></htmltext>
<tokenext>So you wan na build your own massively distributed password cracking infrastructure ?
No</tokentext>
<sentencetext> So you wanna build your own massively distributed password cracking infrastructure?
No</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29964206</id>
	<title>Re:Not the way of doing it</title>
	<author>b0bby</author>
	<datestamp>1257267360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>it just isn't worth it, unless you only need the power short term</p></div><p>But as they said, they only needed it short term. It was more effective to just rent the 100 instances to get the cracking done reasonably quickly, since the client had no need for extra machines once the job was done.</p></div>
	</htmltext>
<tokenext>it just is n't worth it , unless you only need the power short termBut as they said , they only needed it short term .
It was more effective to just rent the 100 instances to get the cracking done reasonably quickly , since the client had no need for extra machines once the job was done .</tokentext>
<sentencetext>it just isn't worth it, unless you only need the power short termBut as they said, they only needed it short term.
It was more effective to just rent the 100 instances to get the cracking done reasonably quickly, since the client had no need for extra machines once the job was done.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962280</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961712</id>
	<title>Re:And tons of carbon enter the air</title>
	<author>noidentity</author>
	<datestamp>1257249480000</datestamp>
	<modclass>Funny</modclass>
	<modscore>3</modscore>
	<htmltext><blockquote><div><p>[And tons of carbon enter the air] At least fold some proteins if you're going to do this. Or look for aliens.</p></div>
</blockquote><p>How do you know they weren't cracking a PGP'd zip archive containing secret documents about alien protein folding technology?</p></div>
	</htmltext>
<tokenext>[ And tons of carbon enter the air ] At least fold some proteins if you 're going to do this .
Or look for aliens .
How do you know they were n't cracking a PGP 'd zip archive containing secret documents about alien protein folding technology ?</tokentext>
<sentencetext>[And tons of carbon enter the air] At least fold some proteins if you're going to do this.
Or look for aliens.
How do you know they weren't cracking a PGP'd zip archive containing secret documents about alien protein folding technology?
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961546</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962406</id>
	<title>Re:Hmm</title>
	<author>Sir\_Lewk</author>
	<datestamp>1257257220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>It seems like every time someone comes up with a  new "unbreakable security scheme" on slashdot their pitch always starts with something to the effect of "so we start with this USB key...".  Such measures are more about physical security, than crypto security.  All you are really saying is "good long keys are more secure", which everyone already knows.</p><p>I might as well say, "Well if I light my computer on fire (and use longer keys) then ninjas won't be able to steal it".</p></htmltext>
<tokenext>It seems like every time someone comes up with a new " unbreakable security scheme " on slashdot their pitch always starts with something to the effect of " so we start with this USB key... " .
Such measures are more about physical security , than crypto security .
All you are really saying is " good long keys are more secure " , which everyone already knows.I might as well say , " Well if I light my computer on fire ( and use longer keys ) then ninjas wo n't be able to steal it " .</tokentext>
<sentencetext>It seems like every time someone comes up with a  new "unbreakable security scheme" on slashdot their pitch always starts with something to the effect of "so we start with this USB key...".
Such measures are more about physical security, than crypto security.
All you are really saying is "good long keys are more secure", which everyone already knows.I might as well say, "Well if I light my computer on fire (and use longer keys) then ninjas won't be able to steal it".</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962034</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961546</id>
	<title>And tons of carbon enter the air</title>
	<author>Anonymous</author>
	<datestamp>1257247560000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>-1</modscore>
	<htmltext>At least fold some proteins if you're going to do this. Or look for aliens.</htmltext>
<tokenext>At least fold some proteins if you 're going to do this .
Or look for aliens .</tokentext>
<sentencetext>At least fold some proteins if you're going to do this.
Or look for aliens.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29963132</id>
	<title>Re:Bottom Line: Use Long, Unusual Passwords</title>
	<author>R2.0</author>
	<datestamp>1257262020000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>"On page 2 of the article, the authors nicely summarize the cost of cracking longer and longer passwords. Once passwords start incorporating special characters (per SPEC), the cost shoots sky high even for relatively short passwords (i.e. $10MM+ for a 9 character password, $1BN for a 10-character password, the US national debt for a 12-character password)."</p><p>Ok, here's a question.  Does the benefit of special characters in passwords derive from their actual use or in the expansion of the possible character set?  If the possible character set includes the special characters, must they then be used in order to gain the advantage?</p><p>I ask because I always thought that "formula's" for strong passwords actually weakened them.  First, because of human factors - make it too complex and everyone defaults to "Password-1", "Password-2", etc.  But second, if the rules narrow down the possible contents of a password, doesn't that make it easier to crack?  For instance, my current favorite is "Minimum X, maximum Y characters, must have an upper case, lower case, number, and symbol"  So now the potential solution includes those rules as well - for instance, in a password X characters long, the maximum number of lower case letters is X-3.  Doesn't that make the solution easier than if the character choice is wide open?  I'm not trying to be a smartass, just increasing my knowledge.</p></htmltext>
<tokenext>" On page 2 of the article , the authors nicely summarize the cost of cracking longer and longer passwords .
Once passwords start incorporating special characters ( per SPEC ) , the cost shoots sky high even for relatively short passwords ( i.e .
$ 10MM + for a 9 character password , $ 1BN for a 10-character password , the US national debt for a 12-character password ) .
" Ok , here 's a question .
Does the benefit of special characters in passwords derive from their actual use or in the expansion of the possible character set ?
If the possible character set includes the special characters , must they then be used in order to gain the advantage ? I ask because I always thought that " formula 's " for strong passwords actually weakened them .
First , because of human factors - make it too complex and everyone defaults to " Password-1 " , " Password-2 " , etc .
But second , if the rules narrow down the possible contents of a password , does n't that make it easier to crack ?
For instance , my current favorite is " Minimum X , maximum Y characters , must have an upper case , lower case , number , and symbol " So now the potential solution includes those rules as well - for instance , in a password X characters long , the maximum number of lower case letters is X-3 .
Does n't that make the solution easier than if the character choice is wide open ?
I 'm not trying to be a smartass , just increasing my knowledge .</tokentext>
<sentencetext>"On page 2 of the article, the authors nicely summarize the cost of cracking longer and longer passwords.
Once passwords start incorporating special characters (per SPEC), the cost shoots sky high even for relatively short passwords (i.e.
$10MM+ for a 9 character password, $1BN for a 10-character password, the US national debt for a 12-character password).
"Ok, here's a question.
Does the benefit of special characters in passwords derive from their actual use or in the expansion of the possible character set?
If the possible character set includes the special characters, must they then be used in order to gain the advantage?I ask because I always thought that "formula's" for strong passwords actually weakened them.
First, because of human factors - make it too complex and everyone defaults to "Password-1", "Password-2", etc.
But second, if the rules narrow down the possible contents of a password, doesn't that make it easier to crack?
For instance, my current favorite is "Minimum X, maximum Y characters, must have an upper case, lower case, number, and symbol"  So now the potential solution includes those rules as well - for instance, in a password X characters long, the maximum number of lower case letters is X-3.
Doesn't that make the solution easier than if the character choice is wide open?
I'm not trying to be a smartass, just increasing my knowledge.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961714</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29964106</id>
	<title>#IRC.TROLLTALK.COM</title>
	<author>Anonymous</author>
	<datestamp>1257266940000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>-1</modscore>
	<htmltext>base for FreeBSD</htmltext>
<tokenext>base for FreeBSD</tokentext>
<sentencetext>base for FreeBSD</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962026</id>
	<title>Windows, yuck</title>
	<author>Anonymous</author>
	<datestamp>1257253200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>What chore that they need to use Windows.  For a brute force password guesser, most Slashdotters could write it in 10 lines of perl.</p></htmltext>
<tokenext>What chore that they need to use Windows .
For a brute force password guesser , most Slashdotters could write it in 10 lines of perl .</tokentext>
<sentencetext>What chore that they need to use Windows.
For a brute force password guesser, most Slashdotters could write it in 10 lines of perl.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29974152</id>
	<title>Re:Bottom Line: Use Long, Unusual Passwords</title>
	<author>vaporland</author>
	<datestamp>1257273840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Elcomsoft makes good cracking software - I've paid for and used their MS Office tools, and they work great on easy and even hard passwords. People are just not going to use 72 character passwords with ampersands and asterisks. I'd say this new cloud cracking tech will be put to effective nefarious use pretty quickly.</htmltext>
<tokenext>Elcomsoft makes good cracking software - I 've paid for and used their MS Office tools , and they work great on easy and even hard passwords .
People are just not going to use 72 character passwords with ampersands and asterisks .
I 'd say this new cloud cracking tech will be put to effective nefarious use pretty quickly .</tokentext>
<sentencetext>Elcomsoft makes good cracking software - I've paid for and used their MS Office tools, and they work great on easy and even hard passwords.
People are just not going to use 72 character passwords with ampersands and asterisks.
I'd say this new cloud cracking tech will be put to effective nefarious use pretty quickly.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961714</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961694</id>
	<title>They should be discussing bits</title>
	<author>skangas</author>
	<datestamp>1257249300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>They are only talking about "characters" in a password, which is a bit dubious. The important information is how many bits long the password provides. For a discussion on this see, for example:

<a href="http://world.std.com/~reinhold/dicewarefaq.html#howlong" title="std.com" rel="nofollow">http://world.std.com/~reinhold/dicewarefaq.html#howlong</a> [std.com]

For this reason and others, I'll take their "report" with a grain</htmltext>
<tokenext>They are only talking about " characters " in a password , which is a bit dubious .
The important information is how many bits long the password provides .
For a discussion on this see , for example : http : //world.std.com/ ~ reinhold/dicewarefaq.html # howlong [ std.com ] For this reason and others , I 'll take their " report " with a grain</tokentext>
<sentencetext>They are only talking about "characters" in a password, which is a bit dubious.
The important information is how many bits long the password provides.
For a discussion on this see, for example:

http://world.std.com/~reinhold/dicewarefaq.html#howlong [std.com]

For this reason and others, I'll take their "report" with a grain</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962130</id>
	<title>Re:Pointless</title>
	<author>SharpFang</author>
	<datestamp>1257254280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>It isn't always true.</p><p>For a long time, Windows allowed pretty long samba passwords. Except it didn't make a hash from the whole password supplied, but sequenced it into 8-char pieces which it then hashed and concatenated the hashes.</p><p>In most cases, a 9-char password is some 96 times (number of printable characters) harder than an 8-char password, and 10-char password is 96 times harder than 9-char password and so on. In their case, a 16-char password was twice as hard as 8-char password, and a 10-char password was a simple sum of difficulty of an 8-char password and a 2-char one.</p><p>Of course if we're talking only about competent implementations, then it's a different matter...</p></htmltext>
<tokenext>It is n't always true.For a long time , Windows allowed pretty long samba passwords .
Except it did n't make a hash from the whole password supplied , but sequenced it into 8-char pieces which it then hashed and concatenated the hashes.In most cases , a 9-char password is some 96 times ( number of printable characters ) harder than an 8-char password , and 10-char password is 96 times harder than 9-char password and so on .
In their case , a 16-char password was twice as hard as 8-char password , and a 10-char password was a simple sum of difficulty of an 8-char password and a 2-char one.Of course if we 're talking only about competent implementations , then it 's a different matter.. .</tokentext>
<sentencetext>It isn't always true.For a long time, Windows allowed pretty long samba passwords.
Except it didn't make a hash from the whole password supplied, but sequenced it into 8-char pieces which it then hashed and concatenated the hashes.In most cases, a 9-char password is some 96 times (number of printable characters) harder than an 8-char password, and 10-char password is 96 times harder than 9-char password and so on.
In their case, a 16-char password was twice as hard as 8-char password, and a 10-char password was a simple sum of difficulty of an 8-char password and a 2-char one.Of course if we're talking only about competent implementations, then it's a different matter...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961588</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962080</id>
	<title>Re:Pointless</title>
	<author>tokul</author>
	<datestamp>1257253860000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>PGP cracking is not about breaking passwords. They don't have private PGP keys. Crackers are trying to reconstruct zip file from encrypted data.
PGP encrypted zip files are easy targets, because zip has checksums.</p></htmltext>
<tokenext>PGP cracking is not about breaking passwords .
They do n't have private PGP keys .
Crackers are trying to reconstruct zip file from encrypted data .
PGP encrypted zip files are easy targets , because zip has checksums .</tokentext>
<sentencetext>PGP cracking is not about breaking passwords.
They don't have private PGP keys.
Crackers are trying to reconstruct zip file from encrypted data.
PGP encrypted zip files are easy targets, because zip has checksums.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961588</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29963130</id>
	<title>That's no moon...</title>
	<author>Anonymous</author>
	<datestamp>1257262020000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>what if we covered the moon with graphics cards?<br>i bet we could break any password then, huh guys</p></htmltext>
<tokenext>what if we covered the moon with graphics cards ? i bet we could break any password then , huh guys</tokentext>
<sentencetext>what if we covered the moon with graphics cards?i bet we could break any password then, huh guys</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961788</id>
	<title>Can't you snoop on this ?</title>
	<author>absolovon</author>
	<datestamp>1257250140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>If you are cracking through the cloud, then you are also vulnerable, and someone can use your efforts to get into the system before you...</htmltext>
<tokenext>If you are cracking through the cloud , then you are also vulnerable , and someone can use your efforts to get into the system before you.. .</tokentext>
<sentencetext>If you are cracking through the cloud, then you are also vulnerable, and someone can use your efforts to get into the system before you...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961588</id>
	<title>Pointless</title>
	<author>Kjella</author>
	<datestamp>1257247920000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>Yes obviously cracking passwords scales linearly, we've known that for a long time. Oh, you could get 100 machines brute forcing instead of one, but what good is that? Either the password is crap and you crack is easily, or it's helluva complex and scaling it up 100x won't do a damn thing. In this case it looks like they just picked some random range and said "Hey, this is unfeasible on a single machine and doable on a cloud, let's do that" but they haven't produced any credible evidence it is in this range. Not unless semi-complex password possibility matches their corporate password policy or whatever.</p></htmltext>
<tokenext>Yes obviously cracking passwords scales linearly , we 've known that for a long time .
Oh , you could get 100 machines brute forcing instead of one , but what good is that ?
Either the password is crap and you crack is easily , or it 's helluva complex and scaling it up 100x wo n't do a damn thing .
In this case it looks like they just picked some random range and said " Hey , this is unfeasible on a single machine and doable on a cloud , let 's do that " but they have n't produced any credible evidence it is in this range .
Not unless semi-complex password possibility matches their corporate password policy or whatever .</tokentext>
<sentencetext>Yes obviously cracking passwords scales linearly, we've known that for a long time.
Oh, you could get 100 machines brute forcing instead of one, but what good is that?
Either the password is crap and you crack is easily, or it's helluva complex and scaling it up 100x won't do a damn thing.
In this case it looks like they just picked some random range and said "Hey, this is unfeasible on a single machine and doable on a cloud, let's do that" but they haven't produced any credible evidence it is in this range.
Not unless semi-complex password possibility matches their corporate password policy or whatever.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962336</id>
	<title>Re:And tons of carbon enter the air</title>
	<author>Provocateur</author>
	<datestamp>1257256560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Let's see, he already did some 'folding' in the bathroom, while browsing an old old issue of FHM, and<br>there were no aliens in his morning cereal (just spaceships in purply artificial grape flavor). Came<br>to work, punched in, and got started. Yup, on time, and right on schedule. boss.</p></htmltext>
<tokenext>Let 's see , he already did some 'folding ' in the bathroom , while browsing an old old issue of FHM , andthere were no aliens in his morning cereal ( just spaceships in purply artificial grape flavor ) .
Cameto work , punched in , and got started .
Yup , on time , and right on schedule .
boss .</tokentext>
<sentencetext>Let's see, he already did some 'folding' in the bathroom, while browsing an old old issue of FHM, andthere were no aliens in his morning cereal (just spaceships in purply artificial grape flavor).
Cameto work, punched in, and got started.
Yup, on time, and right on schedule.
boss.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961546</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_03_0053230_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29964362
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962620
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961714
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_03_0053230_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961678
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961546
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_03_0053230_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29964206
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962280
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_03_0053230_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29963148
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961714
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_03_0053230_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962336
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961546
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_03_0053230_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29969036
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961628
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_03_0053230_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29965988
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961714
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_03_0053230_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29986926
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962034
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_03_0053230_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29974152
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961714
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_03_0053230_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962130
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961588
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_03_0053230_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29963676
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962280
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_03_0053230_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29964406
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961638
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961588
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_03_0053230_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962200
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961714
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_03_0053230_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29963132
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961714
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_03_0053230_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962080
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961588
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_03_0053230_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962406
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962034
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_03_0053230_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961702
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961588
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_03_0053230_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29965878
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961714
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_03_0053230_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961688
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961588
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_03_0053230_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961712
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961546
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_11_03_0053230_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29965658
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962280
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_03_0053230.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962280
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29965658
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29963676
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29964206
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_03_0053230.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962766
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_03_0053230.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962034
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962406
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29986926
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_03_0053230.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961546
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961712
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962336
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961678
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_03_0053230.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961788
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_03_0053230.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961620
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_03_0053230.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962026
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_03_0053230.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961714
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962200
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29963132
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29965988
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29965878
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29963148
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962620
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29964362
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29974152
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_03_0053230.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961628
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29969036
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_03_0053230.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961694
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_03_0053230.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961704
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_03_0053230.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961588
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961638
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29964406
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961688
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962080
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29962130
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961702
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_11_03_0053230.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_11_03_0053230.29961528
</commentlist>
</conversation>
